Values for content-security-policy-report-only:
script-src https: blob: 'unsafe-inline' 'unsafe-eval' 'self';base-uri 'self';report-uri https://reporting-api.gannettinnovation.com;report-to default 264
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.awin1.com https://lantern.roeyecdn.com https://tagmanager.google.com https://cdn.trustcommander.net https://www.dwin1.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.doubleclick.net https://www.axa-video.de *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com https://platform.commandersact.com https://connect.facebook.net https://*.aklamio.com data.axa.de snap.licdn.com blob: https://ct.pinterest.com https://s.pinimg.com https://acdn.adnxs.com https://ib.adnxs.com ; ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://googletagmanager.com https://www.googletagmanager.com ;frame-src https://www.awin1.com app.vwo.com *.visualwebsiteoptimizer.com https://entry.axa-de.intraxa/ https://entry.axa.de https://www.axa-video.de https://www.axa.de https://inte.axa.de https://*.doubleclick.net https://cdn.trustcommander.net https://www.dwin1.com https://connect.facebook.net https://www.facebook.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://googletagmanager.com https://insight.adsrvr.org 'self' https://www.googletagmanager.com;base-uri 'self';object-src 'none';img-src 'self' data: https://ad.doubleclick.net https://*.ads.linkedin.com data.axa.de *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://track.adform.net https://ad.doubleclick.net https://www.facebook.com https://bat.bing.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.google https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.financeads.net https://www.aklamio.com/ https://ct.pinterest.com https://ib.adnxs.com;form-action 'self';default-src 'self' https://assets.faircado.com https://static.preply.com https://fonts.gstatic.com/ blob: data:;connect-src 'self' data.axa.de https://api.vid-adblocker.com https://ad.doubleclick.net/ https://*.google.de https://www.facebook.com/ https://*.ads.linkedin.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com ad.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googleanalytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.com https://privacy.trustcommander.net https://privacy.commander1.net https://privacy.commander1.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://*.axa.de https://cloud.service.aerzteversicherung.de https://mcdyr4395tgnrcnr8bt5wsrgh-11.pub.sfmc-content.com https://*.aklamio.com https://www.googleadservices.com https://ct.pinterest.com https://ib.adnxs.com https://acdn.adnxs.com https://google.com;;report-uri /site/axa-de/cspReportOnly 211
frame-ancestors 'self'; report-uri /csp_logger?path=/ 104
101
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: *.mpsimg.com *.bdimg.xyz; font-src 'self' data: *.svcasino.art; 95
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 88
frame-ancestors 'self' 64
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://sc-static.net https://tr.snapchat.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://cfvod.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js https://www.clarity.ms https://www.googleadservices.com blob: https://vjs.zencdn.net/5.0/video.min.js https://analytics.tiktok.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://sc-static.net https://tr.snapchat.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://vjs.zencdn.net/5.0/video-js.min.css https://analytics.tiktok.com; frame-ancestors 'self' 60
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 58
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 46
default-src 'self'; script-src 'self' *.salesforce.com 'report-sample'; style-src *.force.com 'unsafe-inline' 'self' *.salesforce.com *.visualforce.com:*; img-src *.force.com slack-mil-dev.com slack-imgs-mil-dev.com *.slack.com 'self' blob: *.slack-imgs.com slack-imgs-gov.com *.slack-edge.mil *.salesforce-experience.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com *.slack-edge-gov.com *.salesforce.com *.twimg.com *.my-salesforce.com slack-imgs-gov-dev.com *.slack-edge.com slack-imgs.mil *.cloudinary.com data:; media-src 'self' *.salesforce.com; frame-src *.force.com *.quip.com *.arkoselabs.com 'self' *.youtube-nocookie.com *.youtube.co.uk *.cybersource.com *.youtube.com.br *.youtube.es *.salesforce-experience.com *.salesforceliveagent.com *.adis.ws *.sfdcfc.net *.youtube.ca *.youtube.ie *.cloudinary.com *.vidyard.com *.vimeo.com *.youtube.jp bcove.video *.youtube.fr *.forceusercontent.com *.brightcove.net *.youtube.com *.wistia.net *.salesforce.com *.youtube.nl *.youtube.pl; font-src *.force.com 'self' *.salesforce.com blob: data:; connect-src 'self' *.amazonaws.com *.salesforce.com api.salesforce.com wss://*.api.salesforce.com *.api.salesforce.com wss://api.salesforce.com wss://*.slack.com; report-to sfdc-csp-ep; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=login 34
frame-src 'self' servedbyadbutler.com *.authorize.net *.paypal.com *.google.com www.book2look.com; img-src 'self' images.booksense.com data: https://www.googletagmanager.com https://www.paypalobjects.com https://withfriends.co; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://danjg53usxhfc.cloudfront.net code.jquery.com cdn.mxpnl.com https://www.paypal.com *.gstatic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.book2look.com https://www.google.com; style-src * 'report-sample' 'unsafe-inline'; base-uri 'self'; report-uri https://o4507465725640704.ingest.us.sentry.io/api/4510783202066432/security/?sentry_key=ea4d6ac5ddc8cc5a46f75f8ac24a565d 33
report-uri /report-csp-violation 31
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: ; img-src  https: data: blob: ; media-src https: blob: ; worker-src https: blob: ; report-uri https://www.netflix.com/log/www/csp/1; 26
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-recaptcha/_/js/k=boq-recaptcha.RecaptchaChallengePageUi.en_US.ZnIrFty9v0g.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/fine-allowlist 25
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.1ABLmSKnxbE.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 24
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 24
default-src 'self' 23
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 23
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://esky.report-uri.com/r/t/csp/enforce 22
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' auth.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikibooks.org en.wikinews.org en.wikiquote.org en.wikisource.org en.wikiversity.org en.wikivoyage.org en.wiktionary.org www.mediawiki.org api.wikimedia.org commons.wikimedia.org foundation.wikimedia.org incubator.wikimedia.org species.wikimedia.org wikimania.wikimedia.org www.wikidata.org www.wikifunctions.org auth.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 20
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.cloudflare.com https://*.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src https://www.youtube.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com bid.g.doubleclick.net https://www.google.com/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com www.google.com https://www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ https://www.googletagmanager.com/ https://*.usercentrics.eu https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com *.googleapis.com https://www.google.com https://bat.bing.com/ https://www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://kaffekapslen.dk/ https://kaffekapslen.media https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://*.usercentrics.eu https://connect.facebook.net/ https://firebasestorage.googleapis.com https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com data: 'self' 'unsafe-inline'; script-src *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://maps.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.jsdelivr.net https://kaffekapslen.media/ https://app.usercentrics.eu/ https://connect.facebook.net/ https://*.usercentrics.eu https://bat.bing.com/ https://www.clarity.ms/ *.avada.io *.shopify.com https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.cloudflare.com https://*.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com https://www.google.com payments-eu.amazon.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://www.facebook.com eu.playground.klarnaevt.com https://www.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://googleads.g.doubleclick.net https://bat.bing.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://*.usercentrics.eu https://pagead2.googlesyndication.com/ https://graphql.usercentrics.eu/graphql https://monitor.kaffekapslen.com/ https://google.com/pay https://region1.google-analytics.com https://www.google.bg/ https://capig.kaffekapslen.dk/ https://kaffekapslen.media https://get.geojs.io *.avada.io https://ss.kaffek.dk/ https://ss.kaffek.at/ https://ss.kaffek.be/ https://ss.kaffek.bg/ https://ss.kaffek.ch/ https://ss.kaffek.co.uk/ https://ss.kaffek.cz/ https://ss.kaffek.de/ https://ss.kaffek.es/ https://ss.kaffek.fi/ https://ss.kaffek.fr/ https://ss.kaffek.gr/ https://ss.kaffek.hu/ https://ss.kaffek.ie/ https://ss.kaffek.it/ https://ss.kaffek.nl/ https://ss.kaffek.no/ https://ss.kaffek.pl/ https://ss.kaffek.pt/ https://ss.kaffek.ro/ https://ss.kaffek.se/ https://ss.kaffek.sk/ https://stats.g.doubleclick.net https://scripts.clarity.ms https://e.clarity.ms https://a.clarity.ms/collect https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://capig.kaffekapslen.dk https://o.clarity.ms https://demo-3.conversionsapigateway.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 20
script-src 'unsafe-inline' 'unsafe-eval' *.alicdn.com *.aliyun.com *.alyasset.com *.alcasset.com *.alipay.com log.mmstat.com ynuf.aliapp.org *.alipayobjects.com local.alipcsec.com:6691 appx appx-t2 oem-img.wanwang.xin; style-src 'unsafe-inline' *.alicdn.com *.aliyun.com *.alipay.com *.alipayobjects.com oem-img.wanwang.xin; font-src data: *.alicdn.com *.aliyun.com *.alipayobjects.com; frame-src *.aliyun.com *.alicdn.com *.aliyuncs.com *.alipay.com *.taobao.com *.alibabacloud.com *.1688.com xstore.insights.1688.com; report-uri //www.aliyun.com/api/log/csp-report 19
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 18
default-src 'self';base-uri 'none';frame-ancestors 'self';frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com;style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com;script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com;media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com;object-src 'none';connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing;font-src www.audible.com m.media-amazon.com;img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com 17
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report 16
base-uri 'none'; default-src 'none'; child-src https://*.hsforms.com; connect-src 'self' https://dev.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.pingdom.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.linkedin.com https://hubspot-forms-static-embed.s3.amazonaws.com https://erq6bffukxp.exactdn.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://script.hotjar.com data:; form-action 'self'; frame-src 'self' https://www.googletagmanager.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play.hubspotvideo.complay-eu1.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://www.google.com; img-src 'self' https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://pagead2.googlesyndication.com https://dev.visualwebsiteoptimizer.com https://secure.gravatar.com https://erq6bffukxp.exactdn.com https://cdn-cookieyes.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotuserconten40.net https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://*.hsforms.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://*.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat data:; media-src data:; object-src 'none'; manifest-src 'self'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://cdn-cookieyes.com https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotuserconten40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://static.hotjar.com https://script.hotjar.com 'nonce-94d090fd53'; style-src 'self' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotuserconten40.net https://cdn2.hubspot.net https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; report-uri https://o4507730090524672.ingest.de.sentry.io/api/4508726281961552/security/?sentry_key=9f324e38f992d94cbac1384ae1d83c69; upgrade-insecure-requests 15
object-src *.agriaffaires.pro *.machineryzone.pro *.agriaffaires.com *.machineryzone.fr *.machineryzone.com *.truckscorner.fr *.mbcore.io; frame-ancestors 'self' *.agriaffaires.pro *.machineryzone.pro *.agriaffaires.com *.machineryzone.fr *.machineryzone.com *.truckscorner.fr *.mbcore.io; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 15
report-uri /report-csp-violation; upgrade-insecure-requests 12
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://clients2.google.com/gr/gr_full_2.0.6.js https://clients2.google.com/gr/gr_sync.js https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_US.3kiJZkzMCgg.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 12
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https: blob:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com; frame-src 'self' https://www.youtube.com https://www.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 12
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 11
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 11
default-src 'self'; script-src 'self' acdn.adnxs.com analytics.tiktok.com bat.bing.com bat.bing.net cdn.cookielaw.org cdn.resonate.com ct.pinterest.com i.geistm.com js.hcaptcha.com lantern.roeyecdn.com pixel.byspotify.com pixels.spotify.com script.crazyegg.com s.pinimg.com tr.snapchat.com tr6.snapchat.com sc-static.net static.kyc.red unpkg.com/react-scan/ vuoriclothing.com www.googleadservices.com www.awin1.com www.dwin1.com www.youtube.com *.abtasty.com *.afterpay.com *.agentio.com *.amazon-adsystem.com *.attentivemobile.com *.attn.tv *.bglobale.com *.contentsquare.net *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.forter.com *.global-e.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.liadm.com *.lytics.io *.kargo.com *.klaviyo.com *.klarna.com *.kustomerapp.com *.medallia.com *.newrelic.com *.online-metrix.net *.powr.io *.rise-ai.com *.shopify.com *.signifyd.com *.yotpo.com 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' maxcdn.bootstrapcdn.com *.abtasty.com *.bglobale.com *.global-e.com *.googleapis.com *.klaviyo.com *.klarnacdn.net *.lytics.io *.medallia.com *.yotpo.com 'unsafe-inline'; img-src 'self' bat.bing.com bat.bing.net cdn.cookielaw.org cdn.kustomerhostedcontent.com cdnjs.cloudflare.com i.geistm.com ib.adnxs.com lantern.roeyecdn.com lantern.roeye.com s.pinimg.com s3.amazonaws.com tr.snapchat.com tr6.snapchat.com segment.prod.bidr.io verifi.podscribe.com vuoriclothing.com *.afterpay.com *.abtasty.com *.attentivemobile.com *.bfldr.com *.bglobale.com *.contentstack.io *.contentsquare.io *.contentsquare.net *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.global-e.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.com.au *.google.at *.google.be *.google.ca *.google.dk *.google.fi *.google.fr *.google.de *.google.com.hk *.google.ie *.google.it *.google.co.jp *.google.com.mx *.google.nl *.google.no *.google.pt *.google.com.sg *.google.es *.google.se *.google.ch *.google.ae *.google.co.uk *.google.co.in *.liadm.com *.lytics.io *.medallia.com *.online-metrix.net *.powrcdn.com *.rise-ai.com *.shopify.com *.signifyd.com *.s3.amazonaws.com *.yotpo.com *.ytimg.com data: blob:; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.klaviyo.com *.klarnacdn.net *.kustomerapp.com *.medallia.com *.shopify.com data:; connect-src 'self' analytics.tiktok.com analytics-ipv6.tiktokw.us ara.paa-reporting-advertising.amazon bat.bing.com bat.bing.net cdn.cookielaw.org ct.pinterest.com ds.reson8.com google.com i.geistm.com ib.adnxs.com ipv4.podscribe.com pixel.byspotify.com pixels.spotify.com s3.amazonaws.com tr.snapchat.com tr6.snapchat.com static.kyc.red vuori.api.kustomerapp.com www.googleadservices.com www.awin1.com www.dwin1.com www.cloudflare.com/cdn-cgi/trace *.abtasty.com *.afterpay.com *.agentio.com *.algolia.io *.algolianet.com *.algolia.net *.amazon-adsystem.com *.attn.tv *.attentivemobile.com *.bglobale.com *.boldmetrics.io *.contentstack.com *.contentstack.io *.contentsquare.io *.crazyegg.com *.contentsquare.net *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.forter.com *.global-e.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.au *.google.at *.google.be *.google.ca *.google.dk *.google.fi *.google.fr *.google.de *.google.com.hk *.google.ie *.google.it *.google.co.jp *.google.com.mx *.google.nl *.google.no *.google.pt *.google.com.sg *.google.es *.google.se *.google.ch *.google.ae *.google.co.uk *.google.co.in *.hotjar.io *.hotjar.com *.kargo.com *.klaviyo.com *.klarna.com *.klarnaevt.com *.kustomerapp.com *.liadm.com *.medallia.com *.myshopify.com *.nosto.com *.newrelic.com *.nr-data.net *.onetrust.com *.online-metrix.net *.powr.io *.rise-ai.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.eu-north-1.amazonaws.com *.s3.ap-south-1.amazonaws.com *.s3.ap-south-2.amazonaws.com *.shopify.com *.signifyd.com *.vaultdcr.com *.yotpo.com apple.com *.apple.com; media-src 'self' *.bfldr.com *.medallia.com *.s3.amazonaws.com data blob:; frame-src 'self' app.netlify.com ct.pinterest.com tr.snapchat.com tr6.snapchat.com www.youtube.com *.abtasty.com *.attn.tv *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googletagmanager.com *.klarnaevt.com *.medallia.com *.online-metrix.net *.powr.io *.rise-ai.com *.signifyd.com *.vuoriclothing.com; worker-src 'self' *.signifyd.com blob:; frame-ancestors 'self' app.contentstack.com; object-src 'none'; base-uri 'self' *.kampyle.com; report-uri /api/csp-report; 11
font-src cash-f.squarecdn.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com *.sanity.io cdn.flbx.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com *.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.doofinder.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.adyen.com *.photoslurp.com *.clarity.ms *.apicdn.sanity.io *.api.sanity.io *.getflowbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 11
default-src https: data: 'unsafe-inline' 'unsafe-eval' 11
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com *.weltpixel.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com *.gstatic.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com network-eu-a.bazaarvoice.com assets-v2.yieldify.com *.cookiepro.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com https://www.googletagmanager.com tagmanager.google.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com https://api.unifaun.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com maps.google.com https://www.gstatic.com/recaptcha static.r66net.net https://unbxd.s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com tagmanager.google.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com www.lindt-spruengli.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io * *.adyen.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com https://www.google-analytics.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com https://sgtm.lindt.se sgtm.lindt.se sgtm.lindt.dk sgtm.lindt.cz sgtm.lindt.de sgtm.lindt.es sgtm.lindt.fr sgtm.lindt.it sgtm.lindt.hu sgtm.lindt.co.uk sgtm.lindt.com.nl sgtm.lindt.pl sgtm.lindt.at geolocation.onetrust.com sgtm.lindt.sk sgtm.lindt.fi 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 11
report-uri https://reporting.go-mpulse.net/report/FDSGP-LEB9B-T8Y2A-5V5ED-9WX2T 10
default-src * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src 'self' blob: *; font-src * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 10
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googletagmanager.com; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com https://www.vimeo.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; block-all-mixed-content 10
default-src 'self'; 10
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.google.com.pa *.sportline.com.pa *.sportline.com.co *.magentosite.cloud 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.apptrian.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.compassmerchantsolutions.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.hotjar.com *.xtento.com *.tiktok.com *.sportline.com.pa *.pangle-ads.com *.adobedtm.com *.googletagmanager.com *.google.com *.google-analytics.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.googletagmanager.com *.google.com *.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.compassmerchantsolutions.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ telemetrics.klaviyo.com *.sistecredito.com/* *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com static-tracking.klaviyo.com fast.a.klaviyo.com a.klaviyo.com *.hotjar.com metrics.hotjar.io wss://ws.hotjar.com content.hotjar.io *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.pangle-ads.com assets.adobedtm.com *.adobedtm.com api.mercadopago.com *.google-analytics.com *.paypal.com tm.filter:* maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 10
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.LdrNOspQNhc.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.akstat.io p11.techlab-cdn.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net c.go-mpulse.net s.go-mpulse.net *.algolianet.com us5azow6i2-dsn.algolia.net xfoi9ebbhr-dsn.algolia.net secure.adnxs.com bat.bing.com bat.bing.net d.btttag.com pearson3283191z.btttag.com pearson.blueconic.net pearson.sb.blueconic.net api.company-target.com s.company-target.com tag-logger.demandbase.com tag.demandbase.com googleads.g.doubleclick.net ad.doubleclick.net td.doubleclick.net *.fls.doubleclick.net connect.facebook.net analytics.formassembly.com pearson.tfaforms.net ade.googlesyndication.com fonts.gstatic.com pagead2.googlesyndication.com fonts.googleapis.com region1.google-analytics.com static.hotjar.com utt.impactcdn.com cdn.jsdelivr.net app.launchdarkly.com px.ads.linkedin.com snap.licdn.com i.liadm.com cdn.cookielaw.org bam.nr-data.net js-agent.newrelic.com geolocation.onetrust.com privacyportal-de.onetrust.com *.pearson.com pearson.com cdn.pdst.fm a.quora.com q.quora.com tag.rmp.rakuten.com alb.reddit.com pixel-config.reddit.com www.redditstatic.com pi.pardot.com sc-static.sc-static.net tr.snapchat.com tr6.snapchat.com pixels.spotify.com analytics-ipv6.tiktokw.us analytics.tiktok.com insight.adsrvr.org js.adsrvr.org static.ads-twitter.com analytics.twitter.com t.t.co pearson.esaas.inmoment.eu pearson.mcxplatform.de *.visualwebsiteoptimizer.com img.youtube.com pearson--projects.sandbox.my.site.com; frame-ancestors 'none'; 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://googleads.g.doubleclick.net https://s.pinimg.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://unpkg.com https://www.googletagmanager.com https://js.hsforms.net https://js-eu1.hs-scripts.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hubspot.com https://js.hs-banner.com https://js.hsadspixel.net https://cdn.engage.teamviewer.com https://apps.mypurecloud.de https://directsearch.velux.tech https://*.velux.com https://*.velux.co.uk https://*.velux.de https://*.velux.fr https://*.velux.dk https://*.velux.nl https://*.velux.be https://*.velux.no https://*.velux.se https://*.velux.pl https://*.velux.ch https://*.velux.hu https://*.velux.cz https://*.velux.hr https://*.velux.ro https://*.velux.it https://*.velux.es https://*.velux.pt https://*.velux.ie https://*.velux.ca https://*.velux.com.au https://*.velux.co.nz https://*.velux.co.jp https://*.velux.ba https://*.velux.bg https://*.velux.ee https://*.velux.lt https://*.velux.lv https://*.velux.rs https://*.velux.si https://*.velux.sk https://*.velux.com.tr https://*.velux.ua https://*.velux.lat https://*.veluxusa.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://directsearch.velux.tech https://cdn.chatvisor.com; img-src 'self' data: blob: https://learnupon.s3.eu-west-1.amazonaws.com https://ad.doubleclick.net https://adservice.google.com https://analytics.twitter.com https://bat.bing.com https://bat.bing.net https://contenthub.velux.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://t.co https://track.hubspot.com https://forms-na1.hsforms.com https://perf-na1.hsforms.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://track-eu1.hubspot.com https://www.facebook.com https://www.google.com https://www.google.hu https://www.google.fr https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.dk https://www.google.no https://www.google.se https://www.google.pl https://www.google.ch https://www.google.it https://www.google.es https://www.google.pt https://www.google.ie https://www.google.ca https://www.google.com.au https://www.google.co.nz https://www.google.co.jp https://www.google.ba https://www.google.bg https://www.google.ee https://www.google.lt https://www.google.lv https://www.google.rs https://www.google.si https://www.google.sk https://www.google.com.tr https://www.google.com.ua https://*.velux.com https://*.velux.co.uk https://*.velux.de https://*.velux.fr https://*.velux.dk https://*.velux.nl https://*.velux.be https://*.velux.no https://*.velux.se https://*.velux.pl https://*.velux.ch https://*.velux.hu https://*.velux.cz https://*.velux.hr https://*.velux.ro https://*.velux.it https://*.velux.es https://*.velux.pt https://*.velux.ie https://*.velux.ca https://*.velux.com.au https://*.velux.co.nz https://*.velux.co.jp https://*.velux.ba https://*.velux.bg https://*.velux.ee https://*.velux.lt https://*.velux.lv https://*.velux.rs https://*.velux.si https://*.velux.sk https://*.velux.com.tr https://*.velux.ua https://*.velux.lat https://*.veluxusa.com; connect-src 'self' data: https://js.monitor.azure.com https://northeurope-2.in.applicationinsights.azure.com https://bat.bing.com https://bat.bing.net https://consentcdn.cookiebot.com https://ct.pinterest.com https://px.ads.linkedin.com https://www.google.com https://www.googleadservices.com https://www.facebook.com https://pagead2.googlesyndication.com https://api-cdn.mypurecloud.de https://engage.teamviewer.com https://cdn.engage.teamviewer.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://api.hubapi.com https://sgtm.velux.at https://exp-api.velux.at https://directsearch.velux.tech https://*.algolia.net https://*.algolianet.com https://*.velux.com https://*.velux.co.uk https://*.velux.de https://*.velux.fr https://*.velux.dk https://*.velux.nl https://*.velux.be https://*.velux.no https://*.velux.se https://*.velux.pl https://*.velux.ch https://*.velux.hu https://*.velux.cz https://*.velux.hr https://*.velux.ro https://*.velux.it https://*.velux.es https://*.velux.pt https://*.velux.ie https://*.velux.ca https://*.velux.com.au https://*.velux.co.nz https://*.velux.co.jp https://*.velux.ba https://*.velux.bg https://*.velux.ee https://*.velux.lt https://*.velux.lv https://*.velux.rs https://*.velux.si https://*.velux.sk https://*.velux.com.tr https://*.velux.ua https://*.velux.lat https://*.veluxusa.com; frame-src 'self' blob: https://consentcdn.cookiebot.com https://fast.wistia.net https://leadmanagement.velux.co.uk https://td.doubleclick.net https://weshare.23video.com https://www.googletagmanager.com https://ct.pinterest.com https://engage.teamviewer.com https://apps.mypurecloud.de https://*.velux.com; font-src 'self' data: https://fonts.gstatic.com https://directsearch.velux.tech https://cdn.chatvisor.com https://velux-transform.pages.dev https://*.velux.com; media-src 'self' blob: https://contenthub.velux.com https://*.velux.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /api/velux/cspreport/submit; 9
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 9
default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; script-src 'none' 'report-sample'; connect-src 'none'; form-action 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.threatview.app/report; report-to threatview 9
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 8
frame-ancestors 'self' https://*.yahooinc.com; object-src 'none'; script-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=yahooinc; 8
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; 8
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 8
default-src 'self';     script-src 'self' https: 'unsafe-inline' 'unsafe-eval';     style-src 'self' https: 'unsafe-inline';     img-src 'self' data: https:;     font-src 'self' data: https:;     connect-src 'self' https:;     frame-ancestors 'self';     object-src 'none';     base-uri 'self';     upgrade-insecure-requests; 8
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.multisafepay.com https://pay.google.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com flagpedia.net *.multisafepay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net app.youshouldask.ai interface.mailcampaigns.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com maps.googleapis.com *.multisafepay.com https://pay.google.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com ka-p.fontawesome.com app.youshouldask.ai static.cloudflareinsights.com interface.mailcampaigns.nl static.usizy.es app.aiden.cx 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu app.youshouldask.ai 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com www.gstatic.com maps.googleapis.com *.multisafepay.com *.cloudflare.com *.twitter.com *.twimg.com ka-p.fontawesome.com app.youshouldask.ai usizy.com app.aiden.cx 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 8
report-to sprd-report-only; frame-ancestors 'none'; report-uri https://csp.spreadshirts.net/csp/reportOnly; 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 8
upgrade-insecure-requests; 8
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 7
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 7
script-src 'self' 7
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ntdsgswbsc:55:0 7
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.nosto.com *.nos.to *.klarna.com js.mollie.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com https://www.google.com https://www.gstatic.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.nosto.com *.nos.to *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://20a27546-5165-4716-8e1c-c91dee6f68ae.sansec.watch/; report-to report-endpoint; 7
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://clients2.google.com/gr/gr_full_2.0.6.js https://clients2.google.com/gr/gr_sync.js https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_US.MKPbljs2VNQ.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 7
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 7
default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com helpimg.s3.amazonaws.com use.fontawesome.com use.typekit.net https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-eu-west-1.s3.eu-west-1.amazonaws.com deepfake-content-read-production-eu-west-1.s3.eu-west-1.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net https://cdn.pendo.io/agent/static/365392a9-6608-44ef-443b-572eef771b95/pendo.js ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.googleapis.com fonts.gstatic.com helpimg.s3.amazonaws.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ p.typekit.net pendo-static-6167502888239104.storage.googleapis.com s3.amazonaws.com/helpimg/ use.fontawesome.com use.typekit.net www.java.com/ga/css/print.css www.java.com/ga/css/screen.css ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 7
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.b2b-nfinity.com *.adobe.com *.bunny.net *.bootstrapcdn.com *.googletagmanager.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.twitter.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com *.b2b-nfinity.com *.googleapis.com *.magentocommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: * *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.linkedin.com t.co *.b2b-nfinity.com *.googleapis.com *.magentocommerce.com *.clarity.ms *.googletagmanager.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.b2b-nfinity.com *.googleapis.com *.magentocommerce.com *.facebook.net *.licdn.com *.ads-twitter.com *.ads-x.com *.clarity.ms *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.b2b-nfinity.com *.magentocommerce.com *.google.com *.googletagmanager.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zopim.com *.zopim.io *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.b2b-nfinity.com *.googleapis.com *.gstatic.com *.magentocommerce.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.cloudflare.com *.twitter.com *.ads-twitter.com *.ads-x.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.cookielaw.org *.bs-distribution.com acc-shop.bs-distribution.com *.onetrust.com *.b2b-nfinity.com *.googleapis.com *.adobe.com *.gstatic.com *.magentocommerce.com *.linkedin.com *.clarity.ms *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.awin1.com https://lantern.roeyecdn.com https://tagmanager.google.com https://cdn.trustcommander.net https://www.dwin1.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.doubleclick.net https://www.axa-video.de https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.google.com https://platform.commandersact.com https://connect.facebook.net https://*.aklamio.com blob: https://ct.pinterest.com https://s.pinimg.com https://acdn.adnxs.com https://ib.adnxs.com https://snap.licdn.com https://data.dbv.de ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://googletagmanager.com https://www.googletagmanager.com ;base-uri 'self'; object-src 'none'; default-src 'self' blob: data: https://fonts.gstatic.com/; form-action 'self'; frame-src https://www.awin1.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://entry.axa-de.intraxa/ https://entry.axa.de https://www.axa-video.de https://www.axa.de https://inte.axa.de https://*.doubleclick.net https://cdn.trustcommander.net https://www.dwin1.com https://connect.facebook.net https://www.facebook.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://googletagmanager.com https://insight.adsrvr.org 'self' https://www.googletagmanager.com https://data.dbv.de https://www.youtube.com; img-src 'self' data: https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com https://track.adform.net https://ad.doubleclick.net https://www.facebook.com https://bat.bing.com https://*.google.com https://www.google.de https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net *.doubleclick.net https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.financeads.net https://www.aklamio.com/ https://ct.pinterest.com https://ib.adnxs.com https://*.ads.linkedin.com https://data.dbv.de; connect-src 'self' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googlesyndication.com https://*.google.com https://*.google.de https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.doubleclick.net https://bat.bing.com https://privacy.trustcommander.net https://privacy.commander1.net https://privacy.commander1.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://*.dbv.de https://cloud.service.aerzteversicherung.de https://mcdyr4395tgnrcnr8bt5wsrgh-11.pub.sfmc-content.com https://*.aklamio.com https://www.googleadservices.com https://ct.pinterest.com https://ib.adnxs.com https://acdn.adnxs.com https://www.facebook.com https://*.ads.linkedin.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com;;report-uri /site/dbv-de/cspReportOnly 7
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; report-uri /csp-report; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ivi.ru *.ivi.ru ivi.tv *.ivi.tv turkdizi.com *.turkdizi.com turk.ivi.tv s3.pub.ivi.ru *.dfs.ivi.ru google.com *.google.com gstatic.com *.gstatic.com googletagmanager.com *.googletagmanager.com *.googleapis.com googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net cm.g.doubleclick.net *.googleadservices.com www.googlecommerce.com yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.st *.yandex.st yastat.net *.yastat.net yastatic.net *.yastatic.net yandex.com *.yandex.com yandexcloud.net *.yandexcloud.net yandex.by *.yandex.by yandex.kz *.yandex.kz impression.appmetrica.yandex.com mail.ru *.mail.ru tns-counter.ru *.tns-counter.ru doubleverify.com *.doubleverify.com s0.2mdn.net adriver.ru *.adriver.ru statad.ru *.statad.ru targetads.io *.targetads.io flocktory.com *.flocktory.com getshop.tv *.getshop.tv *.clarity.ms *.hotjar.com adfox.ru *.adfox.ru adsafeprotected.com *.adsafeprotected.com 5visions.com *.5visions.com adjust.com *.adjust.com ozon.ru *.ozon.ru bridgertb.tech *.bridgertb.tech serving-sys.ru *.serving-sys.ru cmediahub.ru *.cmediahub.ru weborama-tech.ru *.weborama-tech.ru digitaltarget.ru *.digitaltarget.ru mhverifier.ru *.mhverifier.ru adlooxtracking.ru *.adlooxtracking.ru adlooxtracking.com *.adlooxtracking.com telecid.ru *.telecid.ru tele2.ru *.tele2.ru telecomid.ru *.telecomid.ru teletarget.ru *.teletarget.ru cdnvideo.ru *.cdnvideo.ru beeline.ru *.beeline.ru moe.video *.moe.video otm-r.com *.otm-r.com punchmedia.ru *.punchmedia.ru skwstat.ru *.skwstat.ru stbid.ru *.stbid.ru videonow.ru *.videonow.ru utraff.com *.utraff.com acint.net *.acint.net betweendigital.com *.betweendigital.com betweendigital.ads.com lentainform.com *.lentainform.com code.moviead55.ru moviead55.ru cs-0.moevideo.biz moevideo.biz buzzoola.com *.buzzoola.com uma.media *.uma.media appsflyer.com *.appsflyer.com instreamvideo.ru *.instreamvideo.ru mobilebanner.ru *.mobilebanner.ru admetrica.ru *.admetrica.ru prodmp.ru *.prodmp.ru sync.adspend.space reichelcormier.bid *.reichelcormier.bid secure.adnxs.com adnxs.com ohmy.bid *.ohmy.bid ssl.hurra.com hurra.com bidvol.com *.bidvol.com adstreamer.ru *.adstreamer.ru adkernel.com *.adkernel.com sync.dmp.otm-r.com republer.com sync.republer.com sync.viadata.store viadata.store sync.viavideo.digital viavideo.digital wi-fi.ru *.wi-fi.ru tms.dmp.wi-fi.ru track.rutarget.ru rutarget.ru impressions.onelink.me onelink.me px170.mediahills.ru mediahills.ru mts.ru *.mts.ru sa.rtb.mts.ru digital-alliance.tech *.digital-alliance.tech admon.pro *.admon.pro adhight.net *.adhight.net getads.ru *.getads.ru vk.com *.vk.com connect.facebook.net facebook.com *.facebook.com *.skcrtxr.com api.mindbox.ru simbad.pro taglitics.com creatives.afp.ai cdn.al-adtech.com cdn.jsdelivr.net *.criteo.com image.sendsay.ru snap.licdn.com dap.digitalgov.gov bat.bing.com www.artfut.com cdn.cookielaw.org static.ads-twitter.com s.pinimg.com cdn-cookieyes.com cdn.taboola.com www.redditstatic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ivi.ru *.ivi.ru ivi.tv *.ivi.tv turkdizi.com *.turkdizi.com turk.ivi.tv s3.pub.ivi.ru *.dfs.ivi.ru google.com *.google.com gstatic.com *.gstatic.com googletagmanager.com *.googletagmanager.com *.googleapis.com googlesyndication.com *.googlesyndication.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net cm.g.doubleclick.net *.googleadservices.com www.googlecommerce.com yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.st *.yandex.st yastat.net *.yastat.net yastatic.net *.yastatic.net yandex.com *.yandex.com yandexcloud.net *.yandexcloud.net yandex.by *.yandex.by yandex.kz *.yandex.kz impression.appmetrica.yandex.com mail.ru *.mail.ru tns-counter.ru *.tns-counter.ru doubleverify.com *.doubleverify.com s0.2mdn.net adriver.ru *.adriver.ru statad.ru *.statad.ru targetads.io *.targetads.io flocktory.com *.flocktory.com getshop.tv *.getshop.tv *.clarity.ms *.hotjar.com adfox.ru *.adfox.ru adsafeprotected.com *.adsafeprotected.com 5visions.com *.5visions.com adjust.com *.adjust.com ozon.ru *.ozon.ru bridgertb.tech *.bridgertb.tech serving-sys.ru *.serving-sys.ru cmediahub.ru *.cmediahub.ru weborama-tech.ru *.weborama-tech.ru digitaltarget.ru *.digitaltarget.ru mhverifier.ru *.mhverifier.ru adlooxtracking.ru *.adlooxtracking.ru adlooxtracking.com *.adlooxtracking.com telecid.ru *.telecid.ru tele2.ru *.tele2.ru telecomid.ru *.telecomid.ru teletarget.ru *.teletarget.ru cdnvideo.ru *.cdnvideo.ru beeline.ru *.beeline.ru moe.video *.moe.video otm-r.com *.otm-r.com punchmedia.ru *.punchmedia.ru skwstat.ru *.skwstat.ru stbid.ru *.stbid.ru videonow.ru *.videonow.ru utraff.com *.utraff.com acint.net *.acint.net betweendigital.com *.betweendigital.com betweendigital.ads.com lentainform.com *.lentainform.com code.moviead55.ru moviead55.ru cs-0.moevideo.biz moevideo.biz buzzoola.com *.buzzoola.com uma.media *.uma.media appsflyer.com *.appsflyer.com instreamvideo.ru *.instreamvideo.ru mobilebanner.ru *.mobilebanner.ru admetrica.ru *.admetrica.ru prodmp.ru *.prodmp.ru sync.adspend.space reichelcormier.bid *.reichelcormier.bid secure.adnxs.com adnxs.com ohmy.bid *.ohmy.bid ssl.hurra.com hurra.com bidvol.com *.bidvol.com adstreamer.ru *.adstreamer.ru adkernel.com *.adkernel.com sync.dmp.otm-r.com republer.com sync.republer.com sync.viadata.store viadata.store sync.viavideo.digital viavideo.digital wi-fi.ru *.wi-fi.ru tms.dmp.wi-fi.ru track.rutarget.ru rutarget.ru impressions.onelink.me onelink.me px170.mediahills.ru mediahills.ru mts.ru *.mts.ru sa.rtb.mts.ru digital-alliance.tech *.digital-alliance.tech admon.pro *.admon.pro adhight.net *.adhight.net getads.ru *.getads.ru vk.com *.vk.com connect.facebook.net facebook.com *.facebook.com *.skcrtxr.com api.mindbox.ru simbad.pro taglitics.com creatives.afp.ai cdn.al-adtech.com cdn.jsdelivr.net *.criteo.com image.sendsay.ru snap.licdn.com dap.digitalgov.gov bat.bing.com www.artfut.com cdn.cookielaw.org static.ads-twitter.com s.pinimg.com cdn-cookieyes.com cdn.taboola.com www.redditstatic.com *.ahrefs.com *.alicdn.com *.tiktok.com *.amazonaws.com *.cloudflare.com cdn.amplitude.com cdn.segment.com cdn.branch.io app.usercentrics.eu app.termly.io cdn.walkme.com s.go-mpulse.net cdn.moengage.com cdn.omniconvert.com siteimproveanalytics.com edge.fullstory.com cdn.rutarget.ru sb.scorecardresearch.com secure.quantserve.com c.amazon-adsystem.com cdn.mxpnl.com cdn.userway.org kp.apiget.ru static.pro-bm7.ru rus.glbbars.com api.cpatext.ru widgets.101apis.com images.uc.cn cdn.browsiprod.com unpkg.zhimg.com s.yimg.jp 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-cdn.dynatrace.com https://cdn.cookielaw.org https://widget.usersnap.com https://cdn.calibermind.com https://static.hotjar.com https://www.googletagmanager.com https://cdn.b0e8.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cdnjs.cloudflare.com; img-src 'self' data: https://cdn.dm.dynatrace.com https://cdn.hub.central.dynatrace.com https://dt-cdn.net https://cdn.cookielaw.org https://mkt-cdn.dynatrace.com; font-src 'self' data:; connect-src 'self' https://bf25977vwq.bf.dynatrace.com https://ixfd-api.bc0a.com https://cdn.cookielaw.org https://e.calibermind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://unpkg.com https://www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net; frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn; object-src 'none'; base-uri 'self'; form-action 'self' 6
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.uicdn.com *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es *.ui-portal.de *.doubleclick.net *.primis.tech *.sekindo.com *.amazon-adsystem.com www.googletagmanager.com *.googlesyndication.com *.adtrafficquality.google *.googleapis.com *.script.ac *.2mdn.net; style-src 'self' 'unsafe-inline' *.uicdn.com *.primis.tech *.sekindo.com *.googleapis.com *.mail.com *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es; font-src 'self' *.uicdn.com *.gstatic.com *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es; img-src 'self' data: blob: *.uicdn.com *.mail.com *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es *.ui-portal.de *.google.de *.google.com *.doubleclick.net *.primis.tech *.sekindo.com *.intentiq.com *.adtrafficquality.google *.taboola.com *.criteo.com *.criteo.net united-infos.net *.adition.com *.googletagmanager.com *.googlesyndication.com *.quantserve.com *.bidswitch.net *.adsrvr.org *.loopme.me *.casalemedia.com *.3lift.com *.rubiconproject.com *.yahoo.com *.tremorhub.com *.media.net *.lijit.com *.stickyadstv.com *.smartadserver.com *.adform.net *.sharethrough.com *.1rx.io *.kueezrtb.com *.ingage.tech *.a-mo.net *.yieldmo.com *.inmobi.com *.ottadvisors.com *.fwmrm.net *.adnxs.com domself.de *.ads.linkedin.com *.a-mx.com *.pubmatic.com *.unrulymedia.com *.openx.net *.visx.net *.360yield.com *.amazon-adsystem.com *.opera.com *.outbrain.com *.turn.com *.ctnsnet.com *.admanmedia.com *.temu.com; connect-src 'self' data: *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es *.ui-portal.de *.gstatic.com *.google-analytics.com *.analytics.google.com *.criteo.com *.criteo.net *.taboola.com *.id5-sync.com id5-sync.com *.eu-1-id5-sync.com *.adsrvr.org *.primis.tech *.sekindo.com *.doubleclick.net *.googlesyndication.com *.amazon-adsystem.com *.adtrafficquality.google *.crwdcntrl.net *.intentiq.com *.uicdn.com *.adition.com *.rlcdn.com united-infos.net *.pubmatic.com *.openx.net *.sharethrough.com *.rubiconproject.com *.primis-tech.org *.dnacdn.net dnacdn.net *.casalemedia.com *.adnxs-simple.com *.smartadserver.com; frame-src 'self' *.gmx.com *.gmx.co.uk *.gmx.fr *.gmx.es *.doubleclick.net www.googletagmanager.com *.googlesyndication.com *.adtrafficquality.google *.google.com *.primis.tech *.sekindo.com *.pubmatic.com *.openx.net *.yellowblue.io *.googleapis.com; media-src 'self' blob: *.primis.tech *.sekindo.com; frame-ancestors *.mail.com; object-src 'none'; block-all-mixed-content 6
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 6
frame-ancestors 'self'; 6
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 6
default-src 'self' f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io *.akamaized.net clientassets.sightera.com.s3.amazonaws.com https://d263mgllkjh2k2.cloudfront.net http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net cognito-identity.us-east-1.amazonaws.com cognito-identity.us-west-1.amazonaws.com https://s3.amazonaws.com/beast.branding.sightera.com https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.branding.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/business.sightera.com/ https://s3.amazonaws.com/sound.sightera.com/ sqs.us-east-1.amazonaws.com sqs.us-west-1.amazonaws.com wirewax.s3.eu-west-1.amazonaws.com *.amplitude.com vimeo.bynder.com bat.bing-int.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io https://d1ripsxh7es2qp.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net media.gettyimages.com d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net dv7a7fjpjy29e.cloudfront.net cdn.cookielaw.org browser-intake-datadoghq.com ad.doubleclick.net *.g.doubleclick.net *.elfsight.com fp.service.expressplay.com pr.service.expressplay.com wv.service.expressplay.com www.facebook.com api.figma.com *.firebaseio.com tracking-api.g2.com *.getsmartling.com *.google.ae *.google.com *.google.ca *.google.ch *.google.es *.google.fr *.google.ge *.google.iq *.google.is *.google.it *.google.pl *.google.se *.google.si *.google.rs *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.com.ar *.google.com.au *.google.com.br *.google.com.mx *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.uk *.google.de *.analytics.google.com *.google-analytics.com www.googleadservices.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com api.greenhouse.io *.hivestreaming.com 117151225.intellimizeio.com *.intellimize.co *.kollective.app *.kollective.app:31015 *.kollectivecd.com leatherback-dot-vimeo-prod.appspot.com snap.licdn.com px.ads.linkedin.com linkedin.com *.litix.io *.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com js-agent.newrelic.com t.paypal.com https://data.pendo.io *.pndsn.com privacyportal.onetrust.com privacyportal-cdn.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com *.statscollector.ap.sd-rtn.com *.ap.sd-rtn.com *.sd-rtn.com o209747.ingest.us.sentry.io sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net telemetry.transcend.io transcend-cdn.com https://drm.vhx.com/v2/fairplay/cert collector.vhx.tv *.cloud.vimeo.com interactive.create.vimeo.com *.vimeo.com vimeo.com *.vimeo.work https://*.vimeocdn.com cdn.widerfunnel.com appds8093.blob.core.windows.net *.wirewax.com *.wirewax.tv *.zdassets.com vimeosupport.zendesk.com *.zoom.us zoom.us ws.zoominfo.com api.box.com public.boxcloud.com https://api.picox.bendingspoons.com https://orion.bendingspoons.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net dv7a7fjpjy29e.cloudfront.net fonts.gstatic.com *.cdn.magisto.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net f.vimeocdn.com edge-assets.wirewax.com cdn01.boxcdn.net; frame-src *; img-src * blob: data:; media-src 'self' blob: data: *.akamaized.net https://d263mgllkjh2k2.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.gvt1.com *.cdn.magisto.com *.eu.cloud.vimeo.com live-api.cloud.vimeo.com player.vimeo.com *.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.branding.sightera.com/ https://storage.googleapis.com/vimeo-create-prod-files/ http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net https://storage.googleapis.com/vimeo-prod-upload-create-us-east1/ https://storage.googleapis.com/vimeo-prod-upload-create-europe-west1/ https://storage.googleapis.com/vimeo-storage-dev-upload-create-us-east1/ https://storage.googleapis.com/vimeo-storage-dev-upload-create-europe-west1/ https://captions.vimeo.com https://captions-eu.vimeo.com; object-src 'self' *.vimeocdn.com *.akamaized.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: https://s0.2mdn.net/instream/video/ *.6sc.co wirewax.s3.eu-west-1.amazonaws.com app.link bat.bing-int.com bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com www.datadoghq-browser-agent.com *.g.doubleclick.net www.dropbox.com static.elfsight.com *.elfsightcdn.com connect.facebook.net *.firebaseio.com tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com maps.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com www.googletagservices.com cdn.intellimize.co *.kollective.app snap.licdn.com src.litix.io lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com https://data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com web-sdk-cdn.singular.net transcend-cdn.com vimeo.com *.vimeo.com https://*.vimeocdn.com cdn.widerfunnel.com edge-assets.wirewax.com embedder-sdk.wirewax.com embedder-sdk.wirewax.tv origin-4.xtlo.net static.zdassets.com *.zoom.us zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js cdn01.boxcdn.net; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.vimeo.com https://*.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com edge-player5.wirewax.com origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction 6
default-src 'self' 'unsafe-inline'  'unsafe-eval' https://snap.licdn.com *.willistowerswatson *.wtwco.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com  *.coveo.com https://players.brightcove.net *.doubleclick.net https://munchkin.marketo.net https://bat.bing.com *.facebook.net *.facebook.com https://siteimproveanalytics.com *.linkedin.com *.mktoresp.com *.siteimproveanalytics.io data: blob:;report-uri /custom/api/csp/logviolation 6
img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com https://*.creativecdn.com https://*.rokt.com https://*.mypurecloud.com.au https://s.yimg.com https://sp.analytics.yahoo.com *.feroot.com https://*.taboola.com https://*.redditstatic.com https://*.reddit.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://flowise-dev.dse.fctg.global https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://bat.bing.net https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com https://*.usabilla.com https://*.creativecdn.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au https://*.salesforce.com https://d1nojfewl3tku3.cloudfront.net/assets https://maps.googleapis.com https://s.yimg.com *.feroot.com https://insight.adsrvr.org https://*.taboola.com https://*.reddit.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; report-uri /api/csp_report 6
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://scripts.icommkt.online https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://scripts.icommkt.online https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.decidir.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://scripts.icommkt.online https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://scripts.icommkt.online https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com https://developers.decidir.com/ *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://scripts.icommkt.online https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://live.decidir.com https://developers.decidir.com/ *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com 'self' data: *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googleapis.com *.openstreetmap.org *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googleadservices.com www.facebook.com trengo.s3.eu-central-1.amazonaws.com ecom-stage.iutecredit.mk ecom.iutecredit.mk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.cmi.co.ma *.iprom.net iprom.net yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://widget-cdn.boxnow.hr *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk www.facebook.com *.widget.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ecom-stage.iutecredit.mk ecom.iutecredit.mk chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.hotjar.io onesignal.com *.onesignal.com *.criteo.com *.adsmurai.com gateway.bankart.si yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com *.iprom.net iprom.net static.cloudflareinsights.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.bootstrapcdn.com ecom-stage.iutecredit.mk ecom.iutecredit.mk downloads.mailchimp.com onesignal.com *.onesignal.com *.iprom.net iprom.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://widget-cdn.boxnow.hr *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googlesyndication.com *.doubleclick.net www.facebook.com *.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ecom-stage.iutecredit.mk ecom.iutecredit.mk form-assets.mailchimp.com *.intuit.com *.amazonaws.com connect.facebook.net graph.facebook.com business.facebook.com wss://ws.hotjar.com *.hotjar.io yandex.com *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.hotjar.com https://static.dhlecommerce.nl https://fonts.gstatic.com https://widgets.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.googletagmanager.com contact.robinhq.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com blackhole.lan:9000 bat.bing.com bat.bing.net https://maps.googleapis.com https://maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com magefan.com cm.magefan.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.sooqr.com *.spotlersearch.com *.multisafepay.com www.xtento.com cdn.xtento.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com/ *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com selfservice.robinhq.com robincontentdesktop.blob.core.windows.net az416426.vo.msecnd.net *.googleads.g.doubleclick.net *.googleadservices.com *.cloudfront.net spotlersearchanalytics.com *.hotjar.com bat.bing.com https://*.dpdconnect.nl https://static.dhlecommerce.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.sooqr.com *.spotlersearch.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com maps.googleapis.com maps.google.apis.com cdn-4.convertexperiments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.sooqr.com *.spotlersearch.com *.multisafepay.com maps.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com dc.services.visualstudio.com *.visualwebsiteoptimizer.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com bat.bing.com bat.bing.net *.hotjar.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.sooqr.com *.spotlersearch.com *.multisafepay.com maps.googleapis.com maps.google.apis.com cdn-4.convertexperiments.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src www.paypalobjects.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.mollie.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.mollie.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://integrations.etrusted.com https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com tm.tradetracker.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com imgsct.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://resources.paytrail.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net maps.googleapis.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com consent.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.avada.io connect.facebook.net twitter.com platform.twitter.com cdn.jsdelivr.net *.gstatic.com maps.googleapis.com applepay.cdn-apple.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.fontawesome.com https://fonts.bunny.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com applepay.cdn-apple.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com places.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com/ 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://widget.trustpilot.com/ *.weltpixel.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com https://www.usaskateshop.com/ *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com magefan.com cm.magefan.com maps.gstatic.com maps.googleapis.com https://usaskateshop-com.b-cdn.net/ *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.hotjar.com https://static.zdassets.com https://payments.worldpay.com https://cdn.clerk.io https://api.clerk.io https://ss.euroskateshop.de https://ss.euroskateshop.nl https://ss.euroskateshop.ch *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com applepay.cdn-apple.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net https://static.klaviyo.com assets.braintreegateway.com *.fontawesome.com applepay.cdn-apple.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.usaskateshop.dk https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://fcm.googleapis.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ https://accounts.google.com/ https://www.paypal.com/ https://cdn.socket.io/ https://widget.trustpilot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bucket.cdnwebcloud.com https://bat.bing.com https://www.clarity.ms https://www.google.com https://*.outbrain.com https://www.sandbox.paypal.com 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' https://www.googletagmanager.com blob: data:; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; font-src * data: moz-extension:; img-src * data: blob:; media-src * data: blob:; connect-src * properties: data:; frame-src *; worker-src * blob:; report-uri https://sentry-new.public.mybestpro.com/api/8/security/?sentry_key=54be949d75fc07530648e0a189a26f35&sentry_environment=prod 6
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.googleapis.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com 'self' 'unsafe-inline'; frame-ancestors pay.google.com www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com consentcdn.cookiebot.com consentcdn.cookiebot.eu pay.google.com apm.przelewy24.pl *.klarna.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com td.doubleclick.net hal9000.redintelligence.net kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com widget.trustpilot.com ecommplugins-trustboxpreview.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com imgsct.cookiebot.com imgsct.cookiebot.eu *.googleapis.com *.ggpht static.przelewy24.pl www.gstatic.com gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com static.payu.com *.ytimg.com www.google.pl kinderkraft.com pixel.wp.pl *.instagram.com *.payu.com *.hotjar.com *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com region1.analytics.google.com developers.google.com trk.datnova.com *.facebook.net server-side-tagging-vqegoo7bda-uc.a.run.app bcw.kinderkraft.fr widget.trustpilot.com images-static.trustpilot.com adservice.google.com ade.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com consent.cookiebot.com consent.cookiebot.eu https://browser.sentry-cdn.com *.googleapis.com *.gstatic.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.snrbox.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io secure.payu.com secure.snd.payu.com consentcdn.cookiebot.com *.trustpilot.com *.googletagmanager.com kinderkraft-staging.user.com *.user.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.criteo.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.tech ct.pinterest.com kng.kinderkraft.at sha.kinderkraft.be tag.facemyads.co bbd-tag.de s.retargeted.co apptracker.stream *.sddan.com trk.datnova.com js.cookieless-data.com bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com cdn.cookiehub.eu widget.trustpilot.com invitejs.trustpilot.com ecommplugins-trustboxpreview.trustpilot.com cdn.chatsimple.ai us-assets.i.posthog.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.snrcdn.net *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com *.typekit.net *.trustpilot.com *.instagram.com *.cloudflare.com cdn.luigisbox.tech widget.trustpilot.com ecommplugins-trustboxpreview.trustpilot.com cdn.cookiehub.eu 'self' 'unsafe-inline'; object-src ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com cdn.chatsimple.ai 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.ingest.sentry.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.snrbox.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com ws: *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com https://paypal.com paypal.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com wss://ws11.hotjar.com google.pl *.kinderkraft.fr *.metaffiliation.com sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.tech *.bing.com server-side-tagging-vqegoo7bda-uc.a.run.app wdg.kinderkraft.pl *.googleapis.com tvw.kinderkraft.co.uk analytics.tiktok.com *.kinderkraft.at *.kinderkraft.be bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com widget.trustpilot.com api.trustpilot.com ambcglobal.sc.omtrdc.net region1.analytics.google.com cdn.cookiehub.eu api.expertise.ai pagead2.googlesyndication.com us.i.posthog.com api.ipify.org 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com kinderkraft.co.uk kinderkraft.pl ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com; font-src 'self' https://font.circlekeurope.com data:; frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://www.google-analytics.com https://slim-prod.cksites-prod.alpaque.net https://maps.gstatic.com https://maps.googleapis.com https://imgsct.cookiebot.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://assets.adobedtm.com https://cdnjs.cloudflare.com https://www.buyatab.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://assets.adobedtm.com https://cdnjs.cloudflare.com https://www.buyatab.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 6
require-trusted-types-for 'script';report-uri /cspreport 5
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 5
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 5
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.googleadservices.com/pagead/conversion/ https://www.youtube.com/iframe_api https://youtube.googleapis.com/s/player/ https://youtube.googleapis.com/iframe_api https://ssl.gstatic.com/support/realtime/operator/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://maps.googleapis.com/maps/api/js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-gstore/_/js/k=boq-gstore.Gstore.en_US.lczXDC6KdXM.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/Gstore/cspreport/fine-allowlist 5
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 5
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dock.ui.bosch.tech https://www.googletagmanager.com https://www.google-analytics.com https://btm.bosch.com https://www.youtube.com https://maps.google.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://search.internet.bosch.com https://bosch-i3-caas-api.e-spirit.cloud https://*.google-analytics.com https://www.googletagmanager.com https://endpoint.chatbot-suite.bosch.tech https://maps.googleapis.com https://btm.bosch.com https://cx.bosch-so.com https://dock.ui.bosch.tech; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://crdostaticwebsite337215.z6.web.core.windows.net https://crdopublicationswebsite.z6.web.core.windows.net; img-src 'self' data: https://assets.bosch.com https://www.googletagmanager.com https://www.google-analytics.com https://i.ytimg.com https://maps.google.com https://maps.gstatic.com; manifest-src 'self'; media-src 'self' https://assets.bosch.com; style-src-elem 'self' 'unsafe-inline' https://btm.bosch.com https://fonts.googleapis.com https://webchatplugins.blob.core.windows.net; worker-src 'none'; report-uri https://o4508243129991168.ingest.de.sentry.io/api/4508243155288144/security/?sentry_key=2f9480313f00b63a26560fd685315765; report-to csp-endpoint 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5
default-src 'self' 'unsafe-inline' 'unsafe-eval';  font-src 'self' data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval';  frame-src 'self' https://cdn.cohesionapps.com/ https://www.googletagmanager.com/;  connect-src 'self' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://yg3l958nut-dsn.algolia.net https://www.google.com/ https://geolocation.onetrust.com/ https://bam.nr-data.net https://content.cmn.com https://api.mobius.highereducation.com https://www.googletagmanager.com/ https://cdn.cohesionapps.com/ https://www.edx.org/;  img-src 'self' https://res.cloudinary.com https://navi.cohesionapps.com https://cms.psychology.org/ https://simple-storage-server.highereducation.com/ https://content.cmn.com data:;  script-src-elem 'self' 'unsafe-inline' https://content.cmn.com/ https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://sb.scorecardresearch.com https://www.edx.org/beam.js 5
default-src 'self' 'unsafe-inline' data: *.hockeystack.com *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net unpkg.com *.wistia.net;upgrade-insecure-requests; 5
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; object-src * data: blob: 'unsafe-inline'; 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com geowidget.easypack24.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com accounts.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.doubleclick.net vars.hotjar.com m.goadservices.com apis.google.com www.google.com *.cookiebot.com ams.creativecdn.com ct.pinterest.com googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com data.imoje.pl https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com static.payu.com trustmate.io www.google.pl csr.onet.pl bbnaut.ibillboard.com rm.em.nscontext.eu mc.yandex.ru rtb-csync.smartadserver.com *.tile.openstreetmap.org geowidget.easypack24.net maps.gstatic.com maps.googleapis.com *.doubleclick.net kodano.pl ade.googlesyndication.com bat.bing.com qon-csts3.quartic.com.pl c.seznam.cz  payment.ecommerce.sebgroup.com imgsct.cookiebot.com *.facebook.net pixel.wp.pl *.pinimg.com *.pinterest.com *.bing.com simage2.pubmatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com paywall.imoje.pl sandbox.paywall.imoje.pl accounts.google.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.payu.com secure.snd.payu.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com trustmate.io *.hotjar.com mc.yandex.ru *.goadservices.com geowidget.easypack24.net maps.googleapis.com *.pushpushgo.com apis.google.com js-agent.newrelic.com *.cookiebot.com bat.bing.com *.tiktok.com *.smartsuppcdn.com www.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net static.cloudflareinsights.com *.quarticon.it *.quarticon.com *.quartic.com.pl *.ar-labs.io tags.creativecdn.com c.imedia.cz c.seznam.cz *.pinimg.com *.facebook.net pixel.wp.pl *.pinterest.com nominatim.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com accounts.google.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com trustmate.io geowidget.easypack24.net *.quartic.com.pl widget-v3.smartsuppcdn.com www.googletagmanager.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com accounts.google.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com trustmate.io mc.yandex.ru *.doubleclick.net api-shipx-pl.easypack24.net pagead2.googlesyndication.com maps.googleapis.com *.cookiebot.com *.tiktok.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net *.quarticon.it *.ar-labs.io www.google.com ams.creativecdn.com *.pinimg.com *.facebook.net pixel.wp.pl *.pinterest.com *.bing.com nominatim.openstreetmap.org region1.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://szkla0com.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 5
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; img-src 'self' https://www.google-analytics.com https://engage.supporthost.com data: blob:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://engage.supporthost.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://engage.supporthost.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://engage.supporthost.com; worker-src 'self' blob:; media-src 'self'; upgrade-insecure-requests 5
default-src 'self' https:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; frame-src https:; frame-ancestors 'self'; font-src 'self' https: data:; report-uri /report-csp-violation 5
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com mageside.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kaptcha.com *.disqus.com *.authorize.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://scripts.ltv.ai 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.kaptcha.com *.authorize.net www.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src *.cloudflare.com *.bootstrapcdn.com data: maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es test.saferpay.com www.saferpay.com saferpay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com test.saferpay.com www.saferpay.com saferpay.com tradingview-widget.com www.googletagmanager.com *.tradingview-widget.com www.google.com www.facebook.com platform.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es test.saferpay.com www.saferpay.com saferpay.com img.youtube.com *.cloudflare.com www.goldvorsorge.at www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com test.saferpay.com www.saferpay.com saferpay.com *.cloudflare.com *.twitter.com *.fontawesome.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com s3.tradingview.com *.avada.io connect.facebook.net twitter.com platform.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.sandbox.paypal.com https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ test.saferpay.com www.saferpay.com saferpay.com *.cloudflare.com www.google.com www.googletagmanager.com region1.google-analytics.com www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com helpimg.s3.amazonaws.com use.fontawesome.com use.typekit.net https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io deepfake-content-write-production-us-east-1.s3.amazonaws.com deepfake-content-read-production-us-east-1.s3.amazonaws.com fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.knowbe4.com https://*.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://helpimg.s3.amazonaws.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net https://cdn.pendo.io/agent/static/365392a9-6608-44ef-443b-572eef771b95/pendo.js ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io fonts.googleapis.com fonts.gstatic.com helpimg.s3.amazonaws.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ p.typekit.net pendo-static-6167502888239104.storage.googleapis.com s3.amazonaws.com/helpimg/ use.fontawesome.com use.typekit.net www.java.com/ga/css/print.css www.java.com/ga/css/screen.css ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src 'self' blob: data: ; 5
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.customer.io *.youtube.com mc.yandex.ru *.clariti.ws *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 5
block-all-mixed-content;default-src https:;script-src * 'self' https: 'unsafe-eval' 'unsafe-inline';style-src * 'self' https: 'unsafe-inline';connect-src * https: https://*.paynearme.com;manifest-src 'self';font-src * 'self' https:;form-action 'self' https://www.facebook.com https://accounts.google.com https://twitter.com https://login.microsoftonline.com;img-src * 'self' https: data:;media-src *;object-src 'none';frame-ancestors *;frame-src * https://*.paynearme.com;worker-src 'self';base-uri 'self';report-uri /csp-report 5
font-src x.klarnacdn.net static.lipscore.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com *.cloudflare.com *.klarnacdn.net *.office.net *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com *.perfectview.nl *.visualwebsiteoptimizer.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ advisor.bluebarry.ai osm.klarnaservices.com e.topdoek.nl sst.topdoek.nl sst.goedkooptuindoek.nl *.prismic.io sst.kitchenyeah.de sst.kitchenyeah.nl sst.kitchenyeah.fr sst.fotocadeau.nl ct.pinterest.com googletagmanager.com td.doubleclick.net *.multisafepay.com https://pay.google.com *.ad4m.at *.awin1.com deliverimages.com *.facebook.com *.formcrafts.com *.fotocadeau.nl *.google.com *.googlesyndication.com *.googletagmanager.com *.klarna.com *.mediacliphub.com *.noboringsuitcases.com *.opendns.com *.pinterest.com *.sleak.chat *.sovendus-connect.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com bat.bing.com *.cdn.prismic.io www.facebook.com www.google.nl *.appspot.com images.prismic.io storage.googleapis.com raw.githubusercontent.com *.taggrs.io *.prism.app-us1.com *.prismic.io static.lipscore.com blob: img.youtube.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.awin1.com *.bing.com *.bing.net bucket-ip-website.s3.eu-central-1.amazonaws.com *.clarity.ms deliverimages.com *.doubleclick.net *.facebook.com *.facebook.net *.fotocadeau.nl *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gm www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tn *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hscollectedforms.net *.hubspot.com *.klarnacdn.net *.klarnaevt.com *.linkedin.com *.lipscore.com *.mediacliphub.com noboringsuitcases.com *.noboringsuitcases.com *.perfectview.nl *.pinterest.com prismic-io.s3.amazonaws.com *.roeye.com *.sleak.chat *.tiktok.com *.tiktokw.us *.trustedshops.com *.visualwebsiteoptimizer.com *.webflow.com *.wepowerconnections.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ advisor.bluebarry.ai bluebarrycdn.blob.core.windows.net js.klarna.com js.klarnaservices.com bat.bing.com ct.pinterest.com d5yoctgpv4cpx.cloudfront.net connect.facebook.net magento.fcdev metrics.fotoopaluminium.nl metrics.self s.pinimg.com *.appspot.com stapecdn.com static.cdn.prismic.io static.hotjar.com static.mediacliphub.com widgets.trustedshops.com www.clarity.ms *.taggrs.io *.prism.app-us1.com *.prismic.io https://widget-acc.paazl.com https://api-acc.paazl.com/ static.lipscore.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://browser.sentry-cdn.com *.awin1.com *.bing.com *.clarity.ms *.deployteq-cdp.net *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.formcrafts.com *.googleapis.com translate.google.com.hk *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hs-scripts.com *.hubspot.com *.jsdelivr.net *.klarna.com *.leadinfo.net *.licdn.com *.lipscore.com *.mediacliphub.com *.pinimg.com *.pinterest.com prismic.io *.roeyecdn.com *.sleak.chat *.sovendus.com *.tiktok.com *.trustedshops.com *.visualwebsiteoptimizer.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com x.klarnacdn.net integrations.etrusted.com https://widget-acc.paazl.com https://api-acc.paazl.com/ static.lipscore.com maxcdn.bootstrapcdn.com *.multisafepay.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.cloudflare.com *.googletagmanager.com *.klarnacdn.net *.lipscore.com *.sleak.chat *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src deliverimages.com *.fotocadeau.nl *.googleapis.com *.mediacliphub.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com *.fotocadeau.nl *.googleapis.com *.gstatic.com noboringsuitcases.com *.noboringsuitcases.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net data.bluebarry.ai advisor.bluebarry.ai js.klarnaservices.com js.klarna.com na.klarnaevt.com sst.goedkooptuindoek.nl *.clarity.ms *.appspot.com ct.pinterest.com dc.services.visualstudio.com js.monitor.azure.com region1.analytics.google.com *.sentry.io *.prism.app-us1.com *.prismic.io https://widget-acc.paazl.com https://api-acc.paazl.com/ wapi.lipscore.com users.lipscore.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site o307176.ingest.us.sentry.io *.algolia.io *.algolia.net *.algolianet.com *.azure.com *.bing.com *.bing.net deliverimages.com *.deployteq-cdp.net *.doubleclick.net *.facebook.com *.facebook.net *.fotoophout.nl *.googleadservices.com *.googleapis.com google.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.hscollectedforms.net *.hubapi.com *.klarna.com *.klarnaevt.com *.leadinfo.com *.leadinfo.net *.linkedin.com *.lipscore.com *.make.com *.mediacliphub.com *.noboringsuitcases.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.pinterest.com polyfilljs.org *.sleak.chat *.sovendus.com *.tiktok.com *.tiktokw.us *.visualwebsiteoptimizer.com *.wepowerconnections.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.mediacliphub.com *.appspot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.leadinfo.com *.lipscore.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://0857a1ae-eb26-4f26-b573-76e7e6a78da5.sansec.watch/; report-to report-endpoint; 5
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; 5
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: data: 'unsafe-inline'; font-src 'self' https: data: https:; connect-src 'self' https: wss:; frame-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https: data: blob:; base-uri 'self' https:; form-action 'self' https:; frame-ancestors 'self' https:; worker-src 'self' https: data: blob:; report-uri /csp-report 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.pinterest.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.trustedshops.com cdn.cookielaw.org res.cloudinary.com www.b2c-nfinity.com t.squeezely.tech cdn-icons-png.flaticon.com docker.creative-serving.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.etrusted.com *.pinterest.com bat.bing.com *.adyen.com *.facebook.com img.youtube.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.co.uk *.google.ca b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net *.amazonaws.com blob: www.google.ge magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.trustedshops.com squeezely.tech bat.bing.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be unpkg.com cdn.jsdelivr.net commerce.adobe.net *.googletagmanager.com cdn.doofinder.com analytics.tiktok.com *.google.co.uk *.google.ca s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net *.trustpilot.com *.sendcloud.sc *.jsdelivr.net https://connect.facebook.net *.google.fr *.disqus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.etrusted.com *.pinterest.com *.sendcloud.sc *.jsdelivr.net *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com youtu.be www.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.google.lk analytics.topdrinks.nl ws.hotjar.com wss://ws.hotjar.com content.hotjar.io analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.adyen.com maps.googleapis.com nominatim.openstreetmap.org *.onyourmap.com *.mapbox.com *.doofinder.com wss://*.doofinder.com analytics.tiktok.com ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.sendcloud.sc *.cdn.jsdelivr.net https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
script-src 'self'; object-src 'self'; report-to csp-endpoint; 5
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://static.dhlecommerce.nl https://fonts.gstatic.com fonts.gstatic.com fonts.googleapis.com https://widgets.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.fr *.cdnfonts.com *.cloudflare.com *.filtre-de-hotte.fr *.flaticon.com *.fontawesome.com *.hotjar.com *.hsappstatic.net *.slant.co *.userway.org *.varify.io *.waterfilterwinkel.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.afzuigkapfilterwinkel.nl *.allspares.fr *.filtre-de-hotte.fr *.wasserfilterspezialist.de *.waterfilterwinkel.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com *.allspares.fr *.allspares.nl *.allspares.de *.dunstabzugshaube-filter.de *.filtricasafacile.it *.filtraciondomestica.es *.filtre-de-hotte.fr *.afzuigkapfilterwinkel.nl *.waterfilterwinkel.com *.wasserfilterspezialist.de *.paypal.com *.paypalobjects.com *.allspares.com *.bing.com *.cookiebot.com *.criteo.com *.criteo.net google.co.th *.googletagmanager.com *.hotjar.com *.opendns.com *.robinhq.com server-side-tagging-hgb22rqeua-uc.a.run.app *.userway.org *.varify.io *.yahoo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com *.trackedlink.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.multisafepay.com https://api.mapbox.com moogento.com *.moogento.com *.paypal.com *.paypalobjects.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.1rx.io *.3lift.com *.adnxs.com *.adsrvr.org *.afzuigkapfilterwinkel.nl *.agkn.com *.allspares.de *.allspares.fr *.allspares.nl *.baidu.com *.bidswitch.net *.bing.com *.bing.net *.casalemedia.com *.cookiebot.com *.criteo.com *.criteo.net *.crwdcntrl.net *.dunstabzugshaube-filter.de *.etrusted.com *.filtre-de-hotte.fr *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gl www.google.gm www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.tg www.google.tn www.google.tt google.com *.google.com *.hsappstatic.net *.hubspot.com id5-sync.com *.kelkoogroup.net *.liadm.com *.media.net *.outbrain.com *.pubmatic.com robincontentdesktop.blob.core.windows.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.trackedweb.net *.tremorhub.com *.trustedshops.com *.usercentrics.eu *.userway.org *.visualwebsiteoptimizer.com *.wasserfilterspezialist.de *.waterfilterwinkel.com *.webflow.com *.yahoo.com yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://static.dhlecommerce.nl https://maps.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.multisafepay.com https://pay.google.com l.moogento.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.com *.allspares.fr az416426.vo.msecnd.net *.beslist.nl *.bing.com *.cloudflare.com *.cloudflareinsights.com *.cookiebot.com *.criteo.com *.criteo.net d5yoctgpv4cpx.cloudfront.net *.etrusted.com *.filtre-de-hotte.fr *.googleadservices.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hubspot.com *.jquery.com *.kk-resources.com robincontentdesktop.blob.core.windows.net *.robinhq.com *.trengo.eu *.trustedshops.com *.usercentrics.eu *.userway.org *.varify.io *.waterfilterwinkel.com *.webeyez.com yastatic.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://hcaptcha.com https://*.hcaptcha.com fonts.googleapis.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.afzuigkapfilterwinkel.nl *.allspares.fr *.etrusted.com *.filtre-de-hotte.fr *.fontawesome.com *.trustedshops.com *.userway.org *.varify.io *.waterfilterwinkel.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com *.multisafepay.com autocomplete2.postdirekt.de ws.hotjar.com mpc-prod-17-s6uit34pua-wl.a.run.app *.paypal.com *.paypalobjects.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.afzuigkapfilterwinkel.nl *.allspares.de *.allspares.fr *.allspares.nl *.baidu.com *.beslist.nl *.bing.com *.bing.net *.cookiebot.com *.criteo.com *.dunstabzugshaube-filter.de *.filtre-de-hotte.fr *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mu www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tg www.google.tn google.com *.google.com *.hotjar.com *.hotjar.io *.hubspot.com *.jquery.com *.kelkoogroup.net localhost p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.robinhq.com *.samsung.com server-side-tagging-hgb22rqeua-uc.a.run.app *.trengo.eu *.usercentrics.eu *.userway.org *.varify.io *.visualstudio.com *.visualwebsiteoptimizer.com *.waterfilterwinkel.com *.webeyez.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://c6d02f62-c45e-4c56-876c-2102faf3fd5c.sansec.watch/; report-to report-endpoint; 5
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: https://widgets.trustedshops.com *.livechatinc.com https://td.doubleclick.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.livechatinc.com https://consentcdn.cookiebot.com/ api.ratingcaptain.com *.cookiebot.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://www.magezon.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://www.google.pl *.seznam.cz *.pricemania.sk https://imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.disqus.com *.avada.io *.shopify.com *.packeta.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com https://maps.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.livechatinc.com https://www.googletagmanager.com *.seznam.cz https://pixel.biano.cz https://consent.cookiebot.com *.biano.sk *.biano.cz *.biano.ro https://consentcdn.cookiebot.com https://api.ratingcaptain.com *.absulo.ro *.sgtm.absulo.ro *.cookiebot.eu cdn.ablyft.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cash.app https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.tagmanager.google.com *.googletagmanager.com *.pricemania.sk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://maps.googleapis.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app http://www.google-analytics.com *.livechatinc.com *.googlesyndication.com *.biano.cz *.biano.sk *.biano.ro https://consentcdn.cookiebot.com googleads.g.doubleclick.net api.ratingcaptain.com *.cookiebot.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com collector-47804.us.tvsquared.com/tv2track.js public.flourish.studio/resources/embed.js csi.gstatic.com cdn.parsely.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com platform.twitter.com/ platform.instagram.com/ www.instagram.com/embed.js www.threads.net/embed.js www.tiktok.com/embed.js lf16-tiktok-web.tiktokcdn-us.com/ www.facebook.com/ www.youtube.com/ ak.sail-horizon.com *.celtra.com *.heapanalytics.com heapanalytics.com cdn.us.heap-api.com *.doubleverify.com *.infogram.com cdn.concert.io *.adtrafficquality.google hymnal-prod.vox-cdn.com www.documentcloud.org/notes/loader.js truthsocial.com/embed.js embed.reddit.com/widgets.js embed.bsky.app/static/embed.js *.permutive.app 'unsafe-eval'; report-uri https://o62437.ingest.us.sentry.io/api/4509232895361024/security/?sentry_key=98a8908d38fbd5ecdf8e976a1cb6b404 4
default-src 'self' https://pref.docusign.com https://apps.docusign.com https://events.docusign.com https://momentum.docusign.com https://dsucustomers.docusign.com https://account.docusign.com https://account-d.docusign.com https://ecom.docusign.com https://support.docusign.com https://developers.docusign.com https://community.docusign.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://p.mdb.tools https://identity.mdb.tools https://sierra.chat:443 https://sierra.chat https://*.cloudfront.net https://cdn.jsdelivr.net https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn4.mxpnl.com https://s.yimg.com https://tags.srv.stackadapt.com:443 https://cdn.yellowmessenger.com https://docusign-api.arkoselabs.com https://trk.techtarget.com https://cdn.optimizely.com https://www.googletagmanager.com https://players.brightcove.net https://cdn3.optimizely.com https://cdn.cookielaw.org https://vjs.zencdn.net https://cdn.sift.com https://tags.srv.stackadapt.com https://js.driftt.com https://connect.facebook.net https://snap.licdn.com https://bat.bing.com https://tag.demandbase.com https://www.knotch-cdn.com https://js.adsrvr.org https://rs.fullstory.com https://edge.fullstory.com https://googleads.g.doubleclick.net https://protect.docusign.net https://protect-d.docusign.net https://app.gatedcontent.com https://img.en25.com https://track.docusign.com https://www.google.com https://www.gstatic.com https://browser.sentry-cdn.com https://app.guideflow.com https://zn0oqzbba3l7g5ph4-docusign.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://80e3c780877f.cdn4.forter.com https://sadmin.brightcove.com https://platform.twitter.com https://bam.nr-data.net https://static.ads-twitter.com https://www.redditstatic.com https://chat.docusign.net https://sdk.inbenta.io https://apps.usw2.pure.cloud https://api-cdn.usw2.pure.cloud https://cdn.taboola.com https://trc.taboola.com https://www.influ2.com https://t.influ2.com/ https://hermes.docusign.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://sierra.chat:443 https://sierra.chat https://*.cloudfront.net https://cdn.jsdelivr.net https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://cdn4.mxpnl.com https://s.yimg.com https://tags.srv.stackadapt.com:443 https://cdn.yellowmessenger.com https://docusign-api.arkoselabs.com https://trk.techtarget.com https://cdn.optimizely.com https://www.googletagmanager.com https://players.brightcove.net https://cdn3.optimizely.com https://cdn.cookielaw.org https://vjs.zencdn.net https://cdn.sift.com https://tags.srv.stackadapt.com https://tags.srv.stackadapt.com:443/events.js https://tags.srv.stackadapt.com/events.js https://js.driftt.com https://connect.facebook.net https://snap.licdn.com https://bat.bing.com https://tag.demandbase.com https://www.knotch-cdn.com https://js.adsrvr.org https://rs.fullstory.com https://edge.fullstory.com https://googleads.g.doubleclick.net https://protect.docusign.net https://protect-d.docusign.net https://app.gatedcontent.com https://img.en25.com https://track.docusign.com https://www.google.com https://www.gstatic.com https://browser.sentry-cdn.com https://app.guideflow.com https://zn0oqzbba3l7g5ph4-docusign.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://80e3c780877f.cdn4.forter.com https://sadmin.brightcove.com https://platform.twitter.com https://bam.nr-data.net https://static.ads-twitter.com https://www.redditstatic.com https://chat.docusign.net https://sdk.inbenta.io https://apps.usw2.pure.cloud https://api-cdn.usw2.pure.cloud https://cdn.taboola.com https://trc.taboola.com https://www.influ2.com https://t.influ2.com/ https://hermes.docusign.com https://identity.mdb.tools https://p.mdb.tools https://connect.facebook.net/en_US/fbevents.js https://cdn.yellowmessenger.com/plugin/widget-v2/latest/dist/main.min.js https://cdn.taboola.com/libtrc/unip/1790969/tfa.js https://cdn.sift.com/s.js https://bat.bing.com/bat.js https://www.influ2.com/tracker; style-src 'self' 'unsafe-inline' https://sierra.chat:443 https://sierra.chat https://cdn.prod.website-files.com https://cdn.yellowmessenger.com https://tags.srv.stackadapt.com https://app.gatedcontent.com https://www.gstatic.com https://app.guideflow.com https://sdk.inbenta.io; img-src 'self' data: blob: https://assets-global.website-files.com https://*.cloudfront.net https://sp.analytics.yahoo.com https://ecom.docusign.com https://cdn.prod.website-files.com https://connect.facebook.net https://r4-ym-uploads.s3-us-west-2.amazonaws.com https://r4.app.yellow.ai https://cdn.yellowmessenger.com https://www.google.com.ar https://www.google.co.kr https://www.google.co.nz https://www.google.com.hk https://www.google.com.pe https://translate.google.com https://www.google.co.id https://www.google.co.cr https://www.google.com.my https://www.google.cl https://www.googleadservices.com https://www.google.de https://www.google.it https://www.google.co.jp https://www.google.co.za https://www.google.es https://www.google.com.sg https://www.google.com.co https://www.google.co.uk https://www.google.co.in https://www.google.nl https://www.google.com.ph https://www.google.com.au https://www.google.ca https://www.google.com.br https://www.google.com https://www.google.com.mx https://www.google.fr https://secure.adnxs.com https://attr.ml-api.io https://attr-td.ml-api.io https://images.ctfassets.net https://cdn.bfldr.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hexagon-analytics.com https://s.ml-attr.com https://cdn.cookielaw.org https://id.rlcdn.com https://px.ads.linkedin.com https://frontdoor.knotch.it https://dsum-sec.casalemedia.com https://partners.tremorhub.com https://pixel.rubiconproject.com https://www.facebook.com https://segments.company-target.com https://www.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com https://track.docusign.com https://www.gstatic.com https://storage.googleapis.com https://imagedelivery.net https://app.gatedcontent.com https://images.esign.docusign.com https://www.googletagmanager.com https://t.co https://analytics.twitter.com https://analytics.google.com https://alb.reddit.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://img-taboola.com https://trc.taboola.com https://t.influ2.com https://i.liadm.com https://match.adsrvr.org https://r4.app.yellow.ai; font-src 'self' data: https://sierra.chat:443 https://sierra.chat https://cdn.prod.website-files.com https://images.simplycodes.com https://stylesheets.pixiebrix.com https://cdn.jsdelivr.net https://cdn.yellowmessenger.com https://fonts.gstatic.com https://docucdn-a.akamaihd.net https://cdn.inbenta.io https://use.typekit.net https://api-cdn.usw2.pure.cloud https://api-cdn.usw2.pure.cloud; connect-src 'self' https://api.iterable.com https://api.sitelytics.tech https://p.mdb.tools https://sierra.chat:443 https://sierra.chat https://api-js.mixpanel.com https://api.mixpanel.com https://cdn.prod.website-files.com https://s.yimg.com https://cdn4.forter.com https://a9b3895076a445bdaf9a9aada0ab7287-80e3c780877f.cdn.forter.com https://31ff10b411e04c66a144663da6b34da5-80e3c780877f.cdn.forter.com https://3dcb810e88774d429c6dba71bbee8c34-80e3c780877f.cdn.forter.com https://tag.demandbase.com https://cdn.yellowmessenger.com https://autocomplete.demandbase.com https://segments.company-target.com https://ibc-flow.techtarget.com https://ingesteer.services-prod.nsvcs.net https://www.googletagmanager.com https://www.google.com.co https://www.google.com.mx https://www.google.co.uk https://www.google.es https://www.google.com.br https://www.google.com.sg https://www.google.com.in https://www.google.com.ph https://www.google.ca https://www.google.com.au https://rum.optimizely.com wss://r4.cloud.yellow.ai https://cdn8.forter.com https://12e748c623734740a09ab181abb7a3a1-80e3c780877f.cdn.forter.com https://cdn3.forter.com https://r4.cloud.yellow.ai https://siteperformancetest.net https://wtp.siteperformancetest.net https://privacyportal.onetrust.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://telemetry-s.docusign.net https://telemetry.dev.docusign.net https://www.facebook.com https://www.google-analytics.com https://manifest.prod.boltdns.net https://frontdoor.knotch.it https://bat.bing.com https://bat.bing.net https://ingest.insights.ninetailed.co https://cdn.jsdelivr.net https://unpkg.com https://assets.ctfassets.net https://edge.api.brightcove.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://cdn.cookielaw.org https://telemetry.docusign.net https://geolocation.onetrust.com https://www.google.com https://experience.ninetailed.co https://edge.fullstory.com https://tags.srv.stackadapt.com https://api.company-target.com https://configs.knotch.com https://px.ads.linkedin.com https://rs.fullstory.com https://tag-logger.demandbase.com https://carddealer.knotch.com https://analytics.google.com https://insight.adsrvr.org https://logx.optimizely.com https://app.gatedcontent.com https://guideflow-api-eu-5cv4uu2lra-ew.a.run.app https://protect.docusign.net https://protect-d.docusign.net https://s566810826.t.eloqua.com https://insights.gatedcontent.com https://siteintercept.qualtrics.com https://cdn0.forter.com https://a.docusign.com https://datacollector.docusign.com https://datacollector-demo.docusign.com https://docusign-api.arkoselabs.com https://account.docusign.com https://account-d.docusign.com https://geo.docusign.com https://syndication.twitter.com https://pixel-config.reddit.com https://www.redditstatic.com https://www.googleadservices.com https://api.inbenta.io https://api-gcu1.inbenta.io https://apps.usw2.pure.cloud https://api-cdn.usw2.pure.cloud https://psb.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://t.influ2.com https://www.influ2.com; frame-src 'self' https://www.youtube.com https://players.brightcove.net https://js.driftt.com https://www.googletagmanager.com https://s.company-target.com https://insight.adsrvr.org https://match.adsrvr.org https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://ib.adnxs.com https://td.doubleclick.net https://www.google.com https://app.guideflow.com https://platform.twitter.com https://chat.docusign.net https://a275532918.cdn.optimizely.com https://app.netlify.com https://apps.usw2.pure.cloud https://api-cdn.usw2.pure.cloud https://hermes.docusign.com https://tsdtocl.com https://docusign-api.arkoselabs.com; media-src 'self' blob: https://manifest.prod.boltdns.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://videos.ctfassets.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com:443 https://manifest.prod.boltdns.net; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://trial.docusign.com https://ecomservices.docusign.com https://na.account.docusign.com https://app.gatedcontent.com https://datacollector.docusign.com https://datacollector-demo.docusign.com https://docusign-api.arkoselabs.com https://account.docusign.com https://account-d.docusign.com https://protect.docusign.net https://protect-d.docusign.net https://track.docusign.com; object-src 'self' https://players.brightcove.net; report-to csp-endpoint 4
default-src 'self' https: data: blob: gap: https://*.maersk.com; report-to reporting-endpoint; report-uri https://sescspreportcollector-prod.westeurope.prod.maersk.io/collect-data; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 4
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: blob: data:; object-src https: blob:; worker-src 'self' https: blob:; frame-src 'self' https: blob:; form-action 'self' https:; block-all-mixed-content; report-uri /csp-violation-report 4
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://google.com https://www.google.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4
object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://globalservices.conde.digital https://privacy.condenastdigital.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; connect-src 'self' https://strapi.gp-prod.conde.digital https://strapi-bus-eng.gp-prod-na-0.conde.digital https://www.google-analytics.com https://com-condenast-prod1.collector.snplow.net https://privacy.condenastdigital.com; frame-src 'self' https://vanityfair-poty.figma.site https://ion-jeep-01175370.figma.site https://bird-year-19865975.figma.site; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 4
img-src https: data: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 4
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; form-action 'self' https://accounts-*.cyberriskalliance.com https://188-UNZ-660.mktorest.com; script-src 'self' https://lytics.cyberriskalliance.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.clarity.ms https://s.dpmsrv.com https://cdn.feathr.co https://*.g.doubleclick.net https://www.googletagservices.com https://www.googleadservices.com https://munchkin.marketo.net https://pages.cyberriskalliance.com https://connect.facebook.net https://snap.licdn.com https://player.vimeo.com https://platform.twitter.com https://cra.hum.works https://*.ml314.com https://ml314.com https://ib.adnxs.com https://js.zi-scripts.com https://a.usbrowserspeed.com https://renderer.visuel.ly; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://files.cyberriskalliance.com https://image-optimizer*.cyberriskalliance.com https://www.cyberriskalliance.com https://securepubads.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api*.cyberriskalliance.com https://cms*.cyberriskalliance.com https://image-optimizer*.cyberriskalliance.com https://userapi*.cyberriskalliance.com https://*.hum.works https://7acfab725e3b6315db795ca16eb9966e.clients.hosted-elasticpress.io https://accounts-*.cyberriskalliance.com https://lytics.cyberriskalliance.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://www.google-analytics.com https://cdn.feathr.co https://s.dpmsrv.com https://munchkin.marketo.net https://pages.cyberriskalliance.com https://securepubads.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.google.com https://html5-player.libsyn.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com; media-src 'self' https://html5-player.libsyn.com; manifest-src 'self'; worker-src 'self'; report-uri /_csp; report-to default; 4
default-src 'self' *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; style-src 'self' 'unsafe-inline' wasm-eval: fonts.googleapis.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; script-src-elem 'self' 'unsafe-inline' blob: *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; font-src 'self' data: fonts.gstatic.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; connect-src 'self' data: maps.googleapis.com cdnml.global-cache.online *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; frame-src 'self' data: *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; frame-ancestors 'none'; img-src 'self' data: *.ytimg.com img.youtube.com maps.gstatic.com *.unrealengine.com *.epicgames.com *.epicgames.net cdn.cookielaw.org *.hcaptcha.com sentry.io *.youtube-nocookie.com epicgames-privacy.my.onetrust.com cloudflare.epicgamescdn.com *.launchdarkly.com player.vimeo.com edc-cdn.net cdn2.unrealengine.com maps.googleapis.com us-west-2-epicgames.graphassets.com d1ap1mz92jnks1.cloudfront.net cdnjs.cloudflare.com d3kjluh73b9h9o.cloudfront.net img.edc-cdn.net cdn1.epicgames.com connect.facebook.net *.realityscan.com; 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https: data: blob:; img-src 'self' https: data: blob:; connect-src 'self' https: data: wss://*.hotjar.com; report-uri https://o1089883.ingest.us.sentry.io/api/4511026110398464/security/?sentry_key=aae109d819521ff1a232f8558352fe71; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://csp-report.envytools.com 4
default-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self' 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.sovendus.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com js.mollie.com https://vars.hotjar.com https://www.pinterest.fr https://www.pinterest.com https://www.google.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://cdn.flbx.io magefan.com cm.magefan.com https://www.mollie.com https://www.google-analytics.com https://www.google.com https://www.google.fr *.ggpht.com *.googleapis.com https://maps.gstatic.com https://log.pinterest.com *.mondialtissus.fr *.mondialtissus.de *.mondialtissus.es *.mondialtissus.it *.mondialtissus.nl *.mondialtissus.se data: https://*.sovendus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdn.flbx.io *.getflowbox.com http://connect.getflowbox.com js.mollie.com https://sdk.privacy-center.org https://www.google-analytics.com https://www.analytics.google.com https://www.googleadservices.com https://www.googletagmanager.com https://wwww.paypalobjects.com https://s.ytimg.com https://maps.googleapis.com https://www.gstatic.com/recaptcha https://js.mollie.com https://france.mondialtissus.fr https://cdnjs.cloudflare.com https://assets.pinterest.com https://static.zdassets.com https://ekr.zdassets.com https://apis.google.com https://mondialtissus.zendesk.com https://admin.mondialtissus.fr 'unsafe-inline' https://*.sovendus.com https://cdn.jsdelivr.net https://static-sb.com https://social-sb.com 	https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' https://*.sovendus.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.algolia.net https://*.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io maps.googleapis.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com https://www.google-analytics.com *.hotjar.com https://ekr.zdassets.com https://maps.googleapis.com https://mondialtissus.zendesk.com https://a.getflowbox.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; 4
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.trustpilot.com *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.customer.io *.gist.build *.youtube.com mc.yandex.ru *.clariti.ws *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.trustpilot.com *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;script-src-elem 'self' 'unsafe-inline' *.trustpilot.com *.customer.io *.gist.build *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://apretailer.com.br 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.us1.gigya.com *.openpay.mx *.openpay.co *.facebook.com *.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.pagaleve.io *.pagaleve.com.br www.google-analytics.com unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com www.gstatic.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc magefan.com cm.magefan.com *.facebook.com *.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.mx *.pagaleve.com.br unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://www.gravatar.com *.googleusercontent.com https://apretailer.com.br https://cdn.aplazo.mx *.adobedtm.com *.clarity.ms https://smartbmc.com.br https://ib.adnxs.com https://r.casalemedia.com https://ads.stickyadstv.com https://ad.360yield.com https://i.liadm.com https://contextual.media.net https://exchange.mediavine.com *.bing.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://trends.revcontent.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://eb2.3lift.com https://sync.1rx.io https://gum.criteo.com https://public-prod-dspcookiematching.dmxleo.com https://www.mercadopago.cl *.agkn.com *.targeting.unrulymedia.com *.dnzdns.com *.adgrx.com *.bidr.io *.yahoo.com *.emkt.dinamize.com *.dinamize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.us1.gigya.com *.facebook.com *.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.pagaleve.com.br analytics.tiktok.com *.clarity.ms unpkg.com www.gstatic.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net aprtn.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br *.metricool.com *.hotjar.com *.bing.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app downloads.mailchimp.com 'unsafe-inline' data: *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://apretailer.com.br assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.openpay.mx *.openpay.co *.facebook.com *.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpay.pe unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.enviou.com.br http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br *.paniniadrenalyn.com pagead2.googlesyndication.com analytics.tiktok.com *.clarity.ms *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net googleads.g.doubleclick.net csm.us5.us.criteo.net commerce.adobedc.net https://apretailer.com.br *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com.ar *.google.com.uy *.hotjar.com *.doubleclick.net www.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://sparta.cl/ https://newbalance.cl/ https://head.cl/ https://spyder.cl/ https://trekbikeschile.com/ https://www.dynamicyield.org/ku/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com gen.sendtric.com *.yotpo.com *.google.com *.google.com.ar *.google.com.uy *.facebook.com *.doubleclick.net sparta.cl newbalance.cl head.cl speedo.cl spyder.cl trekbikes.cl *.sparta.cl *.newbalance.cl *.head.cl *.speedo.cl *.spyder.cl *.trekbikes.cl www.mercadolibre.com www.mercadopago.cl 'self' data: *.googleapis.com *.yandex.ru *.retailrocket.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com widget.freshworks.com mcdn.retailrocket.net *.google.com.ar *.google.com.uy *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com www.mercadopago.com www.mercadopago.cl sdk.mercadopago.com www.dynamicyield.org js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com analytics.tiktok.com www.tiktok.com business.tiktok.com https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com widget.freshworks.com *.googleapis.com sparta.cl newbalance.cl head.cl speedo.cl spyder.cl trekbikes.cl *.sparta.cl *.newbalance.cl *.head.cl *.speedo.cl *.spyder.cl *.trekbikes.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com *.retailrocket.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com widget.freshworks.com mcdn.retailrocket.net *.google-analytics.com *.yotpo.com *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru api.mercadopago.com events.mercadopago.com www.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com analytics.tiktok.com www.tiktok.com business.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com js.mollie.com www.xtento.com *.zuora.com *.worldpay.com theteachingcompanysalesllc.demdex.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com theteachingcompany.d1.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://images.unsplash.com https://www.mollie.com www.xtento.com cdn.xtento.com *.teach12.com *.thegreatcoursesplus.com prd.jwpltx.com *.pinterest.com bat.bing.com *.amazon-adsystem.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://maps.googleapis.com *.avada.io js.mollie.com www.xtento.com cdn.xtento.com cdnjs.cloudflare.com *.fontawesome.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com *.teach12.com *.tiqcdn.com cltgtstor001.blob.core.windows.net *.gstatic.com *.zuora.com *.worldpay.com *.jwpcdn.com analytics.tiktok.com *.bitmovin.com *.visioncritical.com bat.bing.com www.dwin1.com *.amazon-adsystem.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com *.fontawesome.com cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.teach12.com *.bitmovin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io theteachingcompany.d1.sc.omtrdc.net *.fontawesome.com *.acsbap.com *.acsbapp.com *.bitmovin.com *.slgnt.us *.tgcmag.com *.thegreatcourses.com *.theplatform.com teachco-mp4.akamaized.net *.cloudfunctions.net *.pinterest.com analytics.tiktok.com *.tealiumiq.com *.amazon-adsystem.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://translate.google.com/translate_a/element.js https://www.youtube.com/iframe_api https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-chrome-webstore/_/js/k=boq-chrome-webstore.ChromeWebStoreConsumerFeUi.en_US.-DAelsPB-cc.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/fine-allowlist 4
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.novaturas.lt dev-lt-novaturas.readymage.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.novaturas.lt  https://track.adform.net https://www.googletagmanager.com https://www.google.com https://master.d28zlv4dg2b2g7.amplifyapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' https://localhost https://novaturas-gwe-1661146907.readymage.com https://novaturas-gwe-1661146907.readymage-media.com https://prod-lt-novaturas.readymage.com https://www.google.com https://hatscripts.github.io https://www.google-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s2.adform.net  https://track.adform.net https://cdn.mxapis.com/service-worker.js https://www.googletagmanager.com https://www.google-analytics.com https://svht.tradedoubler.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com 'unsafe-inline' 'unsafe-eval' *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' https://bam.eu01.nr-data.net https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com ws: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' https://dev-lt-novaturas.readymage.com https://stage-lt-novaturas.readymage.com https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://novaturas-gwe-1661146907.readymage-media.com https://use.typekit.net https://www.googletagmanager.com https://localhost 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self'; script-src 'self' 'unsafe-eval' https://prototype.local.next.helmholtz-munich.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' https://*.dzd-ev.de https://images.admiralcloud.com https://prototype.local.next.helmholtz-munich.de; base-uri 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://spenden.twingle.de; connect-src 'self' https://*.dzd-ev.de wss://*.dzd-ev.de/ https://sentry2.in2code.de/api/62/security/ wss://prototype.local.next.helmholtz-munich.de/ https://hmwa.helmholtz-munich.de https://spenden.twingle.de; style-src 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://prototype.local.next.helmholtz-munich.de 'report-sample'; script-src-elem 'self' https://*.dzd-ev.de https://prototype.local.next.helmholtz-munich.de https://hmwa.helmholtz-munich.de https://spenden.twingle.de 'report-sample'; font-src 'self' https://*.dzd-ev.de https://prototype.local.next.helmholtz-munich.de; report-uri https://sentry2.in2code.de/api/62/security/?sentry_key=c8671bb1cf909cd134a5b859fc8d36e1 4
font-src * data:;img-src * data:;frame-src	'self'    *.sevenrooms.com    *.doubleclick.net     *.smartrecruiters.com     *.adyen.com     *.pinterest.com    *.googleadservices.com    *.google.com	*.googletagmanager.com	*.cardinalcommerce.com	sevenrooms.com	*.americanexpress.com	*.securesuite.co.uk	secure7.arcot.com	*.rsa3dsauth.co.uk	mycardsecure.com	www.mycardsecure.com	dupe.com	*.opentable.com.au;script-src    'self'	*.curator.io 	*.google-analytics.com 	*.googletagmanager.com	*.google.com	*.licdn.com 	*.clarity.ms	*.gstatic.com	*.facebook.net	*.pinimg.com	*.smartrecruiters.com	*.hotjar.com	cdn-cookieyes.com    'unsafe-eval'    'unsafe-inline'	data:;script-src-elem	'self'	'unsafe-inline' 	*.facebook.net	*.licdn.com	*.google.com	*.googletagmanager.com	https://www.googletagmanager.com	*.googleadservices.com	*.google-analytics.com	*.gstatic.com	*.smartrecruiters.com	*.curator.io	*.clarity.ms	*.pinimg.com	*.hotjar.com	cdn-cookieyes.com;style-src-elem    'self'	*.honey.io	*.google.com    *.curator.io	*.smartrecruiters.com	*.facebook.net	*.clarity.ms    'unsafe-inline';connect-src	'self'    *.facebook.com	*.google.com	*.google-analytics.com	*.googleapis.com	melprdwebsite.azurewebsites.net	crownkentico-prd-as-csearch.search.windows.net	*.pinterest.com	*.doubleclick.net    *.curator.io	*.clarity.ms	*.linkedin.com	*.datatoolscloud.net.au	*.hotjar.io	*.googleadservices.com	*.googletagmanager.com 	*.adyen.com	*.cookieyes.com	cdn-cookieyes.com	ws://localhost:12387	wss://ws.hotjar.com	https://www.google.com/	data:;report-uri /api/logs/csp-report;report-to csp-endpoint; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.gstatic.com https://*.hs-scripts.com https://js-na2.hs-analytics.net https://js-na2.hs-banner.com https://*.hscollectedforms.net https://snap.licdn.com https://bat.bing.com https://sc.lfeeder.com https://plugins.flockler.com https://apibeta.iamgaia.com https://cdn.cookielaw.org https://cdn.onthe.io https://cdn.zingchart.com https://darkvisitors.com https://c.sproutvideo.com https://knownagents.com; connect-src 'self' data: https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.hscollectedforms.net https://px.ads.linkedin.com https://tt.onthe.io https://listgrowth.ctctcdn.com https://apibeta.iamgaia.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://api.flockler.app https://media-api.flockler.com https://stats-api.flockler.app https://darkvisitors.com https://bat.bing.com https://bat.bing.net https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.googleadservices.com https://knownagents.com https://translate.googleapis.com; img-src 'self' https: data: blob: https://forms-na2.hsforms.com; media-src 'self' blob: data: https://videos.sproutvideo.com https://dms.licdn.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://static.ctctcdn.com https://www.gstatic.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://static.ctctcdn.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://s0.wp.com https://assets.merci-app.com https://appdown.pstatic.net https://at.alicdn.com https://cdn.yiban.io; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://open.spotify.com https://player.vimeo.com https://videos.sproutvideo.com https://www.youtube.com https://www.youtube-nocookie.com https://challenges.cloudflare.com; worker-src 'self' blob:; report-uri https://cspreport.kla.com/api/reports/csp; 4
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com fonts.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com bam.eu01.nr-data.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js-agent.newrelic.com bam.eu01.nr-data.net connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io bam.eu01.nr-data.net region1.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
script-src *.marketo.com https://*.elfsight.com https://*.elfsightcdn.com https://*.sentry-cdn.com https://*.wistia.com https://*.wistia.net https://880-tzc-395.mktoweb.com https://apis.google.com https://app.cdn.lookbookhq.com https://bat.bing.com https://cdn.bizible.com https://cdn.commoninja.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn-app.pathfactory.com https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://j.6sc.co https://js.monitor.azure.com https://js.qualified.com https://munchkin.marketo.net https://pixel.byspotify.com https://script.hotjar.com https://scripts.clarity.ms https://snap.licdn.com https://src.litix.io https://static.hotjar.com https://tags.srv.stackadapt.com https://tracking.g2crowd.com https://www.clarity.ms https://www.clickcease.com https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline';connect-src *.marketo.com https://*.algolia.net https://*.elfsight.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://880-tzc-395.mktoresp.com https://adnxs.com https://analytics.google.com https://api-js.mixpanel.com https://app.cdn.lookbookhq.com https://app.qualified.com https://bat.bing.com https://cdn.commoninja.com https://cdn-app.pathfactory.com https://consentcdn.cookiebot.com https://content.hotjar.io https://core.service.elfsight.com https://eastus-8.in.applicationinsights.azure.com https://epsilon.6sense.com https://evnt.byspotify.com https://explore.medius.com https://googleads.g.doubleclick.net https://ipv6.6sc.co https://js.monitor.azure.com https://jukebox.pathfactory.com https://metrics.hotjar.io https://n.clarity.ms https://pi.pardot.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://tracking.intentsify.io https://tracking-api.g2.com https://v.clarity.ms https://website-assets.commoninja.com https://widget-data.service.elfsight.com https://www.clarity.ms https://www.clickcease.com https://www.commoninja.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com 'self' wss://ws.hotjar.com wss://ws7.qualified.com;img-src *.marketo.com data: https://*.wistia.com https://*.wistia.net https://adnxs.com https://b.6sc.co https://bat.bing.com https://c.bing.com https://c.clarity.ms https://cdn.bizible.com https://cdn.commoninja.com https://cdn.pathfactory.com https://googleads.g.doubleclick.net https://i.ytimg.com https://imgsct.cookiebot.com https://monitor.clickcease.com https://pbcdn1.podbean.com https://phosphor.utils.elfsightcdn.com https://prodmediusumbstorage.blob.core.windows.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://s.ml-attr.com https://ssl.gstatic.com https://static.licdn.com https://www.google.com https://www.linkedin.com https://www.nqa.com https://yt3.ggpht.com 'self';style-src blob: https://880-tzc-395.mktoweb.com https://app.cdn.lookbookhq.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tags.srv.stackadapt.com 'report-sample' 'self' 'unsafe-inline';child-src blob:;media-src blob: data: https://*.wistia.com https://*.wistia.net https://app.qualified.com https://cdn.commoninja.com 'self';worker-src blob: 'self';font-src data: https://*.wistia.com https://fast.wistia.com https://fonts.gstatic.com 'self';default-src https://*.wistia.com https://*.wistia.net 'self';frame-src https://880-tzc-395.mktoweb.com https://accounts.google.com https://app.qualified.com https://consentcdn.cookiebot.com https://explore.medius.com https://express.theroishop.com https://fast.wistia.com https://fast.wistia.net https://insider.spendmatters.com https://medius.navattic.com https://open.spotify.com https://pi.pardot.com https://www.clarity.ms https://www.google.com https://www.gstatic.com https://www.medius.com https://www.podbean.com https://www.youtube.com 'self';frame-ancestors https://explore.medius.com https://www.expensya.com https://www.medius.com 'self';object-src 'none';base-uri 'self';manifest-src 'self' 4
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://meet.google.com/_/scs/mss-static/_/js/ https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/hangouts_echo_detector/release/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/video_effects/effects/ https://www.gstatic.com/meetings_p2p/ https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://meet.google.com/meetsw.js https://meet.google.com/devicesw.js https://meet.google.com/notrodsw.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://meet.google.com/_/scs/mss-static/_/js/k=boq-rtc.MeetingsUi_j2kt.en_US.AOKlx4jX2Jg.2020.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /_/MeetingsUi/cspreport/fine-allowlist 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 4
base-uri 'none'; frame-ancestors 'self'; img-src data: 'self' https://www.google-analytics.com https://cdn.rgfstaffing.be https://i.ytimg.com https://maps.googleapis.com https://vumbnail.com https://maps.gstatic.com https://img.youtube.com https://www.google.be https://cdn.startpeople.be; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.coms https://code.jquery.com https://cdn.jsdelivr.net https://consentcdn.cookiebot.com https://*.google-analytics.com https://cdn.startpeople.be https://kit.fontawesome.com https://maps.googleapis.com https://js.monitor.azure.com https://www.googletagmanager.com https://consent.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; report-to csp-endpoint; report-uri https://csp-dxp.rgfstaffing.be/csp 4
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' https://webpay3gint.transbank.cl https://webpay3g.transbank.cl https://www.facebook.com/* pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.google.com https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://tagmanager.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.youtube-nocookie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com bat.bing.com *.bat.bing.com *.msn.com *.bing.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.google.com www.gstatic.com *.avada.io https://www.googletagmanager.com https://tagmanager.google.com https://546002994.collect.igodigital.com https://assets.adobedtm.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://player.vimeo.com https://www.youtube.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.googleapis.com http://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com qa-api.magedevteam.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://commerce.adobedc.net https://analytics.google.com https://vimeo.com https://api.magento.com https://performance.typekit.net https://pilot-payflowlink.paypal.com https://commerce.adobe.io https://commerce.adobe.net https://google.com https://qa-api.magedevteam.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline' https://mercadopago.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src www.paypalobjects.com *.relaxdays.com *.gstatic.com *.trustami.com cdn.userway.org *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src *.paypal.com www.paypalobjects.com *.relaxdays.com *.youtube.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.consentmanager.net *.googlesyndication.com *.youtube-nocookie.com *.facebook.com *.pinterest.com *.pinterest.de *.sibforms.com sibautomation.com *.paypalobjects.com *.googletagmanager.com cdn.userway.org *.doubleclick.net conversations-widget.brevo.com *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.paypal.com *.paypalobjects.com *.relaxdays.com i.ytimg.com *.youtube.com *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.consentmanager.net www.it-recht-kanzlei.de *.clarity.ms *.google.com *.pinimg.com *.pinterest.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleusercontent.com *.facebook.com *.tiktok.com alb.reddit.com www.datenschutz.net *.trustami.com bat.bing.com bat.bing.net cdn.userway.org www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi www.google.com.mt www.google.com.cy *.criteo.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com s.ytimg.com *.googleapis.com *.relaxdays.com *.youtube.com *.gstatic.com *.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.consentmanager.net *.clarity.ms *.pinterest.com *.pinimg.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net *.doubleclick.net *.googlesyndication.com bat.bing.com bat.bing.net bat.bing-int.com *.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com *.trustami.com conversations-widget.brevo.com cdn.userway.org www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi *.criteo.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.relaxdays.com *.googletagmanager.com *.googleapis.com *.gstatic.com cdn.userway.org *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.relaxdays.com blob: *.consentmanager.net *.google.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com google.com www.google.de www.google.ch www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.be www.google.sk www.google.pt www.google.fr www.google.dk www.google.se www.google.co.uk www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.ro www.google.si www.google.ie www.google.hr www.google.fi *.facebook.com *.pinterest.com bat.bing.com bat.bing.net bat.bing-int.com *.tiktok.com *.sendinblue.com in-automate.brevo.com analytics.pangle-ads.com analytics-ipv6.tiktokw.us api.userway.org cdn.userway.org cmodul.solutenetwork.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 4
frame-src 'self' td.doubleclick.net youtube.com *.youtube.com; report-uri /infra/monitoring/csp 4
script-src  'self'  'unsafe-inline'  'unsafe-eval'  *.hatraco-shop.de;  4
font-src https://cdn.checkout.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com https://optimize.google.com https://play.google.com localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de js.driftt.com *.freshchat.com *.snapchat.com *.askly.me www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org https://map.plugins.itella.com magefan.com cm.magefan.com *.maksekeskus.ee *.test.maksekeskus.ee https://maps.omnivasiunta.lt www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com https://www.google-analytics.com https://optimize.google.com *.googleapis.com *.gstatic.com www.google.lv localhost *.local *.scandipwa.cloud *.readymage.com sportland.com *.sportland.com sportland.lv *.sportland.lv sportland.ee *.sportland.ee sportland.lt *.sportland.lt sportland.fi *.sportland.fi sportland.pl *.sportland.pl sportland.de *.sportland.de *.cloudfront.net *.snapchat.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://unpkg.com s7.addthis.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl *.google.com www.googleoptimize.com *.google-analytics.com *.googleapis.com js.driftt.com *.freshchat.com inte.searchnode.io *.sitescdn.net *.fibbl.com *.hotjar.com sc-static.net *.snapchat.com *.googlesyndication.com *.translatewise.com *.bloomreach.com *.exponea.com *.sizebay.technology www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com https://unpkg.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.google.com https://www.google-analytics.com https://fonts.googleapis.com *.typekit.net *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://js.checkout.com *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://geocode.arcgis.com ekr.zdassets.com/ 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.fibblar.com *.fibbl.com www.gstatic.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.scandipwa.cloud *.readymage.com *.sportland.com *.sportland.lv *.sportland.ee *.sportland.lt *.sportland.fi *.sportland.pl *.sportland.de blob: *.hotjar.com *.googlesyndication.com *.translatewise.com https://play.google.com *.bloomreach.com *.exponea.com *.sizebay.technology 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.twitter.com https://www.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://*.google.com *.doubleclick.net *.googlesyndication.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com axi.maxiaxi.com *.pinterest.com *.addthis.com https://consentcdn.cookiebot.com *.fast.amc.demdex.net https://tr.snapchat.com https://www.facebook.com *.cookiebot.eu *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://portal.payconiq.com https://static.buckaroo.nl validate.fishpig.co.uk https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://redchamps.com ts.tradetracker.net www.magmodules.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.maxiaxi.com bat.bing.com www.google.nl www.google.de www.google.fr www.google.es *.squeezely.tech squeezely.tech tm-tradetracker.net *.pinterest.com *.googleapis.com *.googleoptimize.com *.linkedin.com *.cookiebot.com *.etrusted.com *.adobedtm.com *.zendesk.com *.zdassets.com *.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io tm.tradetracker.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com app.aiden.cx js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net *.trustpilot.com *.zopim.com static.sooqr.com *.zdassets.com bat.bing.com static.buckaroo.nl *.squeezely.tech squeezely.tech tm-tradetracker.net *.maxiaxi.com *.clarity.ms *.googleoptimize.com *.zendesk.com bam.eu01.nr-data.net *.pinimg.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.hotjar.io *.licdn.com *.beslist.nl *.tiktok.com *.stripe.com *.cookiebot.com *.etrusted.com *.smooch.io *.pinterest.com *.convertexperiments.com d5yoctgpv4cpx.cloudfront.net *.cookiebot.eu tr.kickbite.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.sooqr.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com bam.nr-data.net *.zdassets.com widget-mediator.zopim.com stats.g.doubleclick.net squeezely.tech cognito-identity.eu-central-1.amazonaws.com rum-collector-2.pingdom.net wss://widget-mediator.zopim.com *.maxiaxi.com *.clarity.ms *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.pinterest.com measurement-api.criteo.com *.zendesk.com bam.eu01.nr-data.net *.addthis.com *.hotjar.com *.beslist.nl *.tiktok.com *.tiktokw.us app.aiden.cx *.hotjar.io wss://ws.hotjar.com analytics.pangle-ads.com googleads.g.doubleclick.net *.ads.linkedin.com *.cookiebot.com *.etrusted.com *.smooch.io *.convertexperiments.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.bing.com tr.kickbite.io wss://*.zendesk.com *.trustedshops.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.hotjar.com *.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport 4
font-src fonts.gstatic.com fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com https://www.googletagmanager.com/ *.addthis.com *.multisafepay.com https://pay.google.com static.addtoany.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.facebook.com *.google.pl *.google.com *.bing.com *.cookiebot.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io *.alothemes.com *.magepow.com *.multisafepay.com https://pay.google.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be www.clarity.ms connect.getflowbox.com static.addtoany.com cdn-4.convertexperiments.com assets.voyado.com *.cookiebot.com *.beslist.nl *.pinimg.com *.bing.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.gstatic.com fonts.googleapis.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.fontawesome.com *.googleapis.com *.addtoany.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.addthis.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be testapi.multisafepay.com connect.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.staging.voyado.com *.clarity.ms *.doubleclick.net *.pinterest.com *.cookiebot.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com www.youtube.com js-agent.newrelic.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be static.addtoany.com pay.multisafepay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src blob: https:;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	frame-src https:;	media-src data: https:;	object-src 'none';	connect-src https:;	frame-ancestors 'self'; 4
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.50-ml.media *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com https://fonts.gstatic.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.mainadv.com *.doubleclick.net *.2trk.info www.instagram.com calendly.com *.50-ml.it *.50-ml.eu *.50-ml.fr *.50-ml.de *.50-ml.es *.50-ml.com *.50-ml.co.uk *.lcmark.net *.weltpixel.com *.trustpilot.com *.iubenda.com *.sendcloud.sc *.jsdelivr.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.roeye.com *.50-ml.com *.50-ml.media *.google.com *.google.fr *.google.it *.google.es *.google.de *.google.eu *.google.co.uk *.googletagmanager.com bat.bing.com maps.gstatic.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.iubenda.com *.amazonaws.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.googletagmanager.com https://rum.hlx.page https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.preciso.net *.50-ml.eu *.50-ml.it *.50-ml.fr *.50-ml.de *.50-ml.es *.50-ml.com *.50-ml.co.uk www.clarity.ms bat.bing.com www.instagram.com *.googleapis.com maps.gstatic.com assets.calendly.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com *.iubenda.com *.50-ml.media *.sendcloud.sc *.jsdelivr.net https://servicepoints.sendcloud.sc https://embed.sendcloud.sc *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.calendly.com *.50-ml.media *.iubenda.com https://static.klaviyo.com *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.50-ml.media 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com capig.stape.tech *.50-ml.com *.clarity.ms maps.googleapis.com maps.gstatic.com pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.iubenda.com *.50-ml.media *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 50-ml.zendesk.com ekr.zdassets.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
worker-src https://helmonline-hyva.dev.localhost helmonline.nl; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com consentcdn.cookiebot.com td.doubleclick.net www.googletagmanager.com *.criteo.com/ www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pon.bike images.pondigital.solutions *.google.nl *.google.com *.google.fr *.mailplus.nl imgsct.cookiebot.com *.bing.net *.bing.com pagead2.googlesyndication.com www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com chimpstatic.com rum-static.pingdom.net rum-collector-2.pingdom.net consentcdn.cookiebot.com consent.cookiebot.com widget.thuiswinkel.org widget.thuiswinkel-cdn.org *.clarity.ms restapi.mailplus.nl www.googleoptimize.com googletagmanager.com *.googletagmanager.com *.bing.com *.criteo.com static.criteo.net *.mouseflow.com *.tiktok.com *.hotjar.com *.beslist.nl static.cloudflareinsights.com cdn.debugbear.com pagead2.googlesyndication.com static.widget.trengo.eu www.xtento.com cdn.xtento.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com js.mollie.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.typekit.net downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com devdocs.magento.com rum-collector-2.pingdom.net widgetcontent.thuiswinkel-cdn.org www.google.com *.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com doubleclick.net *.bing.com *.criteo.com *.tiktok.com *.hotjar.com *.hotjar.io *.beslist.nl data.debugbear.com pagead2.googlesyndication.com api.widget.trengo.eu form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mythad.com https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3
frame-ancestors gofundme.com *.gofundme.com *.hopin.com pillar.io *.pillar.io takethemameal.com *.takethemameal.com kudoboard.com *.kudoboard.com werememberdev.com *.werememberdev.com weremember.com *.weremember.com forevermissed.com *.forevermissed.com fm-stage.com *.fm-stage.com fm-qa.com *.fm-qa.com giftwhale.com *.giftwhale.com giftwhale.test *.chirp.me chirp.me *.giveinkind.com giveinkind.com *.inkind.dev; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 3
default-src 'self'; report-uri https://csp.loopia.se; connect-src 'self' https://*.analytics.google.com https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://accesswidget-log-receiver.acsbapp.com https://adservice.google.com https://analytics.google.com https://api-eu1.hubapi.com https://api.exponea.com https://api.infinario.com https://bat.bing.com https://cdn.iubenda.com https://consentcdn.cookiebot.com https://content.hotjar.io https://cta-eu1.hubspot.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com https://idb.iubenda.com https://in.hotjar.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://srv.motu-teamblue.services https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.google.se; font-src 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://fonts.gstatic.com; form-action 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://bib.eway2pay.com https://payment.architrade.com https://ticket.siriusit.net https://www.facebook.com; frame-src 'self' https://*.facebook.com https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://5.ec1.vbus.apps.ladesk.com https://active24.ladesk.com https://cdn.hub-prod.team.blue https://consentcdn.cookiebot.com https://vars.hotjar.com https://www.google.com https://www.googletagmanager.com https://*.freshchat.com; img-src 'self' data: https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://bat.bing.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://perf-eu1.hsforms.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://srv.motu-teamblue.services https://stats.g.doubleclick.net https://tbs.tradedoubler.com https://track-eu1.hubspot.com https://www.facebook.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://www.gstatic.com; media-src 'self' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://api.exponea.com https://api.infinario.com https://g.microsoft.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.google.com https://www.google.se https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://*.freshchat.com https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://active24.ladesk.com https://api.exponea.com https://bat.bing.com https://cdn.hub-prod.team.blue https://cdn.iubenda.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cs.iubenda.com https://eu.acsbapp.com https://eu.fw-cdn.com https://googleads.g.doubleclick.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://js-eu1.hsadspixel.net https://js-eu1.hubspot.com https://pagead2.googlesyndication.com https://script.hotjar.com https://snap.licdn.com https://srv.isy-teamblue.services https://srv.motu-teamblue.services https://static.hotjar.com https://widget.trustpilot.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.loopia.com https://*.loopia.no https://*.loopia.rs https://*.loopia.se https://cdn.iubenda.com https://fonts.googleapis.com https://*.freshchat.com 3
default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 3
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 3
object-src https://players.brightcove.net https://www.realpage.com https://s.realpage.com https://vjs.zencdn.net;img-src * blob: data:; font-src https://acsbapp.com https://www.realpage.com https://s.realpage.com https://use.typekit.net https://fonts.gstatic.com https://vjs.zencdn.net https://www.slant.co data:; style-src *.typekit.net https://www.realpage.com https://s.realpage.com https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com; report-to csp-report-only; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
font-src *.googleapis.com https://fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' data: https://use.fontawesome.com *.solodeportes.com.ar use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://player.vimeo.com https://www.youtube-nocookie.com *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com *.retargetly.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.clarity.ms *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com *.powerreviews.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://player.vimeo.com https://www.youtube.com *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com *.newrelic.com *.powerreviews.com *.clarity.ms *.retargetly.com *.embluemail.com *.tiktokw.us *.tiktok.com *.ads-twitter.com bat.bing.com cdn.evgnet.com cdn.jsdelivr.net *.evergage.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://use.fontawesome.com *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com use.fontawesome.com *.powerreviews.com *.evergage.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ *.solodeportes.com.ar *.solodeportes.com.ar:6081 *.solofutbol.com *.solourbano.com *.nr-data.net *.powerreviews.com *.google.com *.doubleclick.net *.tiktokw.us *.tiktok.com *.clarity.ms *.evergage.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 3
default-src 'self' disney.okta.com sso.myid.disney.com *.oktacdn.com; connect-src 'self' disney.okta.com disney-admin.okta.com sso.myid.disney.com *.oktacdn.com *.mixpanel.com *.mapbox.com disney.kerberos.okta.com disney.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' disney.okta.com sso.myid.disney.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' disney.okta.com sso.myid.disney.com *.oktacdn.com; frame-src 'self' disney.okta.com disney-admin.okta.com sso.myid.disney.com login.okta.com *.vidyard.com com-okta-authenticator: api-5a45a87b.duosecurity.com; img-src 'self' disney.okta.com sso.myid.disney.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' disney.okta.com sso.myid.disney.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://data.disneystreaming.com https://data-staging.disneystreaming.com https://data-dev.disneystreaming.com https://outlooksts.disney.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com/scripttemplates/ https://websdk.appsflyer.com/ https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com https://static.moonpay.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.moonpay.com https://api.moonpay.com https://api.coingecko.com https://cdn-ukwest.onetrust.com https://*.launchdarkly.com https://geolocation.onetrust.com https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://logs.browser-intake-datadoghq.com https://cdn.segment.com https://otel-collector.moonpay.com https://otel-collector.moonpaycloud.com https://otel-collector.moonpay-staging.com; font-src 'self' https://static.moonpay.com; frame-src 'self' https://buy.moonpay.com https://sell.moonpay.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' https://cdn-ukwest.onetrust.com https://images.ctfassets.net https://payload-marketing.moonpay.com https://staging.moonpay-marketing-c337344.payloadcms.app https://static.moonpay.com; manifest-src 'self'; media-src 'self' https://payload-marketing.moonpay.com https://staging.moonpay-marketing-c337344.payloadcms.app; worker-src 'self'; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4f9819648cf6c369f00daa5b3a3a0ea7&dd-evp-origin=content-security-policy&ddsource=csp-report 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://widget.trustpilot.com https://prod.spline.design; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https:; connect-src 'self' https://www.google-analytics.com https://*.supabase.co https://*.upstash.io https://prod.spline.design; frame-src 'self' https://widget.trustpilot.com; media-src 'self'; object-src 'none'; base-uri 'self' 3
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 3
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://accounts.google.com https://maps.googleapis.com https://connect.facebook.net https://analytics.tiktok.com https://s.pinimg.com https://ct.pinterest.com https://pixel.byspotify.com https://bat.bing.com https://*.criteo.com https://*.criteo.net https://s.axon.ai https://res4.applovin.com https://js.stripe.com https://www.paypal.com https://js.braintreegateway.com https://static-na.payments-amazon.com https://cdn1.affirm.com https://sdk.helloextend.com https://appleid.cdn-apple.com https://widget.intercom.io https://js.intercomcdn.com https://www.roomvo.com https://*.bazaarvoice.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://p.typekit.net https://accounts.google.com https://*.bazaarvoice.com; img-src 'self' data: https:; font-src 'self' data: https://assets.rugimg.com https://fonts.gstatic.com https://p.typekit.net; frame-src https://player.vimeo.com https://www.youtube.com https://showroom.aftermkt.com https://account.rugs.com https://www.emjcd.com https://www.google.com https://accounts.google.com https://www.facebook.com https://ct.pinterest.com https://*.criteo.com https://*.criteo.net https://js.stripe.com https://www.paypal.com https://static-na.payments-amazon.com https://www.roomvo.com; connect-src 'self' https:; media-src 'self' https://assets.rugimg.com; worker-src 'self' blob: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.greenhouse.io https://*.osano.com blob: https://pages.e2open.com https://cdn-cookieyes.com  https://play.vidyard.com  https://snap.licdn.com  https://ws.zoominfo.com  https://*.clarity.ms  https://cdn.bizible.com  https://www.googletagmanager.com  https://cdn.jsdelivr.net  https://cdnjs.cloudflare.com  https://js-agent.newrelic.com https://*.6sc.co https://*.adsrvr.org https://*.abrankings.com https://*.google-analytics.com https://bat.bing.com https://*.hotjar.com https://*.crazyegg.com https://connect.facebook.net https://*.marketo.net https://*.demandbase.com https://*.ads-twitter.com; style-src 'self' 'unsafe-inline' data: https://*.greenhouse.io https://*.osano.com https://pages.e2open.com https://cdn.jsdelivr.net https://*.googleapis.com; img-src 'self' data: https://secure.gravatar.com https://www.gravatar.com https://*.bizible.com https://*.bizibly.com https://*.licdn.com https://*.clarity.ms https://*.googlesyndication.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.linkedin.com https://t.co https://analytics.twitter.com https://*.6sc.co https://*.bing.com https://*.facebook.com https://*.rlcdn.com https://*.company-target.com https://*.facebook.net https://cdn-cookieyes.com https://*.vidyard.com secure.gravatar.com www.gravatar.com; connect-src 'self' https://*.greenhouse.io https://*.osano.com https://*.linkedin.com https://*.licdn.com https://www.google.com https://*.google-analytics.com https://sheets.googleapis.com https://*.vidyard.com https://bam.nr-data.net https://*.linkedin.com https://*.licdn.com https://www.google-analytics.com https://region1.google-analytics.com https://secure.adnxs.com https://*.6sc.co https://*.6sense.com https://api.company-target.com https://script.crazyegg.com https://*.mktoresp.com https://*.clarity.ms https://*.abrankings.com https://insight.adsrvr.org https://*.demandbase.com https://*.facebook.com https://*.hotjar.io https://log.cookieyes.com https://cdn-cookieyes.com; frame-src 'self' https://*.greenhouse.io https://*.osano.com https://pages.e2open.com https://www.googletagmanager.com https://*.company-target.com https://*.adsrvr.org https://*.vidyard.com; worker-src 'self' https://*.osano.com blob:; 3
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.b0e8.com magefan.com cm.magefan.com *.bc0a.com *.elotouch.com www.elotouch.com elotouch.com *.google.lv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.b0e8.com *.bc0a.com *.recaptcha.net *.simpli.fi *.zi-scripts.com siteimproveanalytics.com *.pardot.com *.elotouch.com *.jsdelivr.net unpkg.com *.cloudflare.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com hello.myfonts.net *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.elotouch.com elotouch.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.doubleclick.net *.zi-scripts.com *.zoominfo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 3
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.fi https://connect.facebook.net https://support.hostaan.com https://widget.trustmary.com https://embed.trustmary.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://support.hostaan.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://support.hostaan.com data:; connect-src 'self' https://region1.google-analytics.com https://embed.trustmary.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.facebook.com https://www.google.com https://www.googletagmanager.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.fi https://support.hostaan.com; media-src 'self' https://support.hostaan.com; img-src 'self' blob: data: https://www.googletagmanager.com https://fonts.gstatic.com https://translate.google.com https://widget.trustmary.com/ https://d2nce6johdc51d.cloudfront.net https://lh3.googleusercontent.com https://www.google.se https://www.google.fi https://www.google.com https://stats.g.doubleclick.net https://www.google.fi https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com https://support.hostaan.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://support.hostaan.com https://td.doubleclick.net; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'self' https://www.hostaan.fi; report-uri https://n8n.ppweb.fi/webhook/da8630cf-3a65-402b-b95f-6fa58e667ed6; 3
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://tag.flvcdn.net https://saf-sc-protect.com https://hubspotonwebflow.com https://www.rentracks.jp https://b98.yahoo.co.jp https://ichisan.jp https://sc.lfeeder.com https://trc.taboola.com https://b99.yahoo.co.jp https://static.ads-twitter.com https://bat.bing.com https://s.yimg.jp https://platform.twitter.com https://d.line-scdn.net https://cdn.taboola.com https://m.vpadn.com https://funnel-assets.startappservice.com https://tools.refokus.com https://*.intercomcdn.com https://*.intercom.io https://*.jsdelivr.net https://js.hsforms.net https://*.visualwebsiteoptimizer.com https://snap.licdn.com https://connect.facebook.net https://tracking.g2crowd.com https://*.spideraf.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hsadspixel.net https://*.hs-banner.com https://*.hubspot.com https://*.clarity.ms https://googleads.g.doubleclick.net https://*.hs-scripts.com https://*.webflow.com https://*.jetboost.io https://*.website-files.com https://www.googletagmanager.com https://*.googleapis.com https://*.jquery.com https://*.cloudfront.net https://cdn-cookieyes.com https://sp-trk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.webflow.com https://www.googletagmanager.com https://*.googleapis.com https://*.jquery.com https://*.cloudfront.net https://cdn-cookieyes.com https://*.intercom.io https://sp-trk.com https://*.jetboost.io https://*.visualwebsiteoptimizer.com https://*.cloudflare.com; style-src 'self' 'unsafe-inline' https://*; font-src 'self' data: https://*; img-src 'self' data: blob: https://*; connect-src 'self' https://*; frame-src 'self' https://*; worker-src 'self' blob:; object-src 'none'; report-uri https://saf-sitescan.com/api/csp-report/4rjsitdq; 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 3
frame-src 'self' https://widget.mercuryo.io https://*.sumsub.com https://gwa.pgalta.com; report-uri 'https://sentry.walletbot.me/api/38/security/?sentry_key=544a92e441a24f17aa6b08e34e728ed2&sentry_environment=production'; report-to csp-endpoint; 3
default-src 'self' data: 'unsafe-inline' *.belden.com belden.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com go.alphawire.com pi.pardot.com static.cloud.coveo.com www.googletagmanager.com analytics.google.com siteintercept.qualtrics.com stats.g.doubleclick.net zn2avekmmkqwmhtco-belden.siteintercept.qualtrics.com beldencableproductionbugpvwoi.analytics.org.coveo.com beldencableproductionbugpvwoi.org.coveo.com code.jquery.com null; script-src 'unsafe-inline' 'unsafe-eval' bat.bing.com *.belden.com belden.com cdn.pardot.com cdn.cookielaw.org view.ceros.com  cdn.evgnet.com code.jquery.com connect.facebook.net googleads.g.doubleclick.net j.6sc.co maps.googleapis.com pi.pardot.com siteintercept.qualtrics.com snap.licdn.com ssl.google-analytics.com static.cloud.coveo.com wasm-eval www.googletagmanager.com www.youtube.com znddv5x3kanrnsrdw-belden.siteintercept.qualtrics.com zn1jm0i9w5rbcjil6-belden.siteintercept.qualtrics.com go.alphawire.com cdnjs.cloudflare.com www.alphawire.com www.googleadservices.com pagead2.googlesyndication.com code.metalocator.com; script-src-elem 'self' 'unsafe-inline' analytics.convertlanguage.com bat.bing.com belden.com *.belden.com cdn.cookielaw.org view.ceros.com  cdn.evgnet.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net go.alphawire.com googleads.g.doubleclick.net j.6sc.co pi.pardot.com siteintercept.qualtrics.com snap.licdn.com ssl.google-analytics.com static.cloud.coveo.com www.googletagmanager.com www.youtube.com zn2avekmmkqwmhtco-belden.siteintercept.qualtrics.com zn1jm0i9w5rbcjil6-belden.siteintercept.qualtrics.com znddv5x3kanrnsrdw-belden.siteintercept.qualtrics.com html5.dcatalog.com www.google.com maps.googleapis.com pagead2.googlesyndication.com code.metalocator.com www.googleadservices.com; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' *.belden.com static.cloud.coveo.com fonts.googleapis.com www.alphawire.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.belden.com belden.com fonts.googleapis.com static.cloud.coveo.com cdnjs.cloudflare.com; style-src-attr 'unsafe-inline'; img-src 'self' data: ad.doubleclick.net ade.googlesyndication.com analytics.convertlanguage.com hm.baidu.com *.belden.com belden.com b.6sc.co bat.bing.com cdn.cookielaw.org px.ads.linkedin.com ssl.google-analytics.com www.facebook.com www.google.cl www.google.com www.googletagmanager.com www.google.com.gt www.google.hu googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.ca iad1.qualtrics.com www.google.co.il www.google.com.mx siteintercept.qualtrics.com 61320.global.siteimproveanalytics.io www.google.com.tr www.google.es cts.businesswire.com dilp.netcomponents.com http://dilp.netcomponents.com/images/gocart.gif maps.googleapis.com maps.gstatic.com www.google.bf www.google.co.in www.google.co.jp www.google.co.uk www.google.com.au www.google.com.co www.google.fr www.google.nl www.google.no www.google.be www.google.se www.google.sk www.google.kz www.google.pl www.google.com.tw www.google.cz www.google.co.nz www.google.com.sa www.google.mv translate.google.com www.google.ru www.google.com.vn www.google.ee www.google.com.eg www.google.co.th www.google.co.ve www.google.fi www.google.ch www.google.ie www.google.ro www.google.bg www.google.com.tw google.com.ng www.google.co.ve fonts.gstatic.com google.com.ar www.google.com.hk www.google.com.eg adservice.google.com blob: cdn.metalocator.com connect.facebook.net px4.ads.linkedin.com www.google.co.cr www.google.co.id www.google.com.cu www.google.com.my www.google.com.pr www.google.com.sg www.google.de www.google.gr www.google.is www.google.it www.google.lk www.linkedin.com file; font-src 'self' data: *.belden.com fonts.gstatic.com null; connect-src 'self' www.googleadservices.com adservice.google.com *.belden.com analytics.google.com beldencableproductionbugpvwoi.analytics.org.coveo.com beldencableproductionbugpvwoi.org.coveo.com beldeninc.us-7.evergage.com c.6sc.co cdn.cookielaw.org ipv6.6sc.co pagead2.googlesyndication.com privacyportal.onetrust.com px.ads.linkedin.com siteintercept.qualtrics.com static.cloud.coveo.com stats.g.doubleclick.net www.google-analytics.com www.google.com bat.bing.com region1.google-analytics.com www.facebook.com region1.analytics.google.com maps.googleapis.com ssl.google-analytics.com googleads.g.doubleclick.net login.microsoftonline.com mozendaagent.ecoinsight.com www.google.ca www.google.com.mx localhost:12387 epsilon.6sense.com secure.adnxs.com; media-src 'self' belden.com *.belden.com bynder-media-us-east-1.s3.amazonaws.com data:; child-src 11330854.fls.doubleclick.net 14683840.fls.doubleclick.net; frame-src 'self' div.show 11330854.fls.doubleclick.net 14683840.fls.doubleclick.net belden.com *.belden.com *.alphawire.com td.doubleclick.net html5.dcatalog.com belden.prod01.logik.io view.ceros.com www.googletagmanager.com www.youtube.com block.opendns.com code.metalocator.com photos.productphoto.com td.doubleclick.net.x.caf244fb07dc70414c0a22903e52945843c7.d043db89.id.opendns.com td.doubleclick.net.x.f46a820d0d27604f490949006659b57240b8.d043db9c.id.opendns.com www.facebook.com; frame-ancestors 'self'; form-action 'self' https://www.facebook.com; report-uri https://bdnaw.report-uri.com/r/d/csp/reportOnly; report-to https://bdnaw.report-uri.com/r/d/csp/reportOnly; 3
default-src https:;frame-ancestors about: 'self';frame-src https://optimize.google.com *;style-src https://optimize.google.com https://fonts.googleapis.com https: data: 'unsafe-inline' *;script-src https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com * 'unsafe-inline' 'unsafe-eval';img-src https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data: *;font-src https://fonts.gstatic.com data: *;object-src 'none';connect-src * ws: wss:; report-uri https://res.destinia.com/web/csp-violation-report-endpoint; report-to default; 3
default-src * data:;   script-src * 'unsafe-eval';   script-src-elem * 'unsafe-inline';   script-src-attr *;   style-src * 'unsafe-inline' blob:;   style-src-elem * 'unsafe-inline';   style-src-attr * 'unsafe-inline';   img-src * 'self' data: blob:;   font-src * 'self' data: blob:;   connect-src * 'self' blob:;   media-src * 'self' blob:;   object-src * 'self' 'unsafe-inline' blob:;   prefetch-src * 'self' blob:;   child-src * 'self' blob:;   frame-src * 'self' blob:;   worker-src * 'self' blob:;   frame-ancestors * 'self' blob:;   form-action *;   upgrade-insecure-requests;   base-uri * 'self';   manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3
default-src 'self';form-action 'self'; object-src 'self'; frame-ancestors 'self'; connect-src 'self' ely-keskus.fi *.youtube.com *.tyomarkkinatori.fi *.ahtp.fi keha-matomo-sdg-qa-qa.azurewebsites.net *.cookiebot.com wss://*.tyomarkkinatori.fi *.elisa.fi wss://*.elisa.fi tetyomarkkinatori.boost.ai lukija.aimater.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.elisa.fi fonts.googleapis.com *.youtube.com gstatic.com blob:; img-src * data: blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' *.tyomarkkinatori.fi *.ahtp.fi *.elisa.fi lukija.aimater.com tetyomarkkinatori.boost.ai *.cookiebot.com keha-matomo-sdg-qa-qa.azurewebsites.net youtube.com blob:; frame-src 'self' data: feed.mikle.com *.elisadesk.com *.cookiebot.com *.youtube.com; media-src 'self' data: blob:; font-src 'self' data: fonts.gstatic.com; report-uri https://csp-report-fa-prod.azurewebsites.net/api/csp-report; 3
font-src data: *.gstatic.com *.tryggehandel.net tryggehandel.net *.googleapis.com googleapis.com *.adsrvr.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.collector.se *.cardinalcommerce.com *.jobylon.com *.doubleclick.net *.proffs.se *.walleydev.com *.walleypay.com doubleclick.net *.adsrvr.org *.dotdigital-pages.com *.dotdigital.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com googleadservices.com google-analytics.com *.magentocommerce.com *.s.ytimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com googleapis.com *.gstatic.com *.collector.se *.adnxs.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk *.byggmax.com byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com bing.com *.teads.tv teads.tv *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com *.3lift.com 3lift.com *.smaato.net *.taboola.com taboola.com *.doubleclick.com *.360yield.com 360yield.com *.yahoo.com *.casalemedia.com casalemedia.com *.openx.net *.sharethrough.com sharethrough.com *.bidswitch.net *.pubmatic.com pubmatic.com *.omnitagjs.com omnitagjs.com *.yieldmo.com yieldmo.com *.ivitrack.com ivitrack.com *.advertising.com *.stickyadstv.com *.media.net media.net *.doubleclick.net *.e-planning.net *.clmbtech.com *.adform.net adform.net *.liadm.com *.postrelease.com postrelease.com *.smartclip.net *.krxd.net *.ad-stir.com *.outbrain.com outbrain.com *.tremorhub.com tremorhub.com *.demdex.net *.pingdom.net *.adscale.de *.twiago.com *.google.com *.google.se *.bluekai.com *.wisepops.com *.tapad.com *.mgid.com *.rambler.ru *.thebrighttag.com *.walleypay.com *.1rx.io 1rx.io id5-sync.com *.id5-sync.com *.mediavine.com mediavine.com *.yieldlab.net yieldlab.net *.emxdgt.com emxdgt.com *.unrulymedia.com unrulymedia.com *.tryggehandel.net tryggehandel.net adnxs.com cm.g.doubleclick.net bidswitch.net www.facebook.com *.quantserve.com quantserve.com *.adsrvr.org *.trackedlink.net https://cdn.flbx.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google-analytics.com *.collector.se *.assets.adobedtm.com *.authorize.net *.geostag.cardinalcommerce.com *.paypal.com *.vimeo.com *.ccdc02.com google.com *.braintreegateway.com *.ytimg.com *.signifyd.com *.adnxs.com adnxs.com adtr.io *.googletagmanager.com *.trackedlink.net *.jobylon.com *.doubleclick.net doubleclick.net *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.com *.byggmax.dk byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com *.hotjar.com hotjar.com bing.com *.cloudflare.com *.wisepops.com *.facebook.net facebook.net *.quantserve.com quantserve.com *.quantcount.com *.cloudflareinsights.com *.pingdom.net pingdom.net *.getflowbox.net *.kuvio.io kuvio.io *.walleydev.com *.tryggehandel.net tryggehandel.net *.dynamicyield.com dynamicyield.com *.testfreaks.com testfreaks.com *.walleypay.com *.videoly.co dialogtrail.com *.dialogtrail.com wisepops.net *.wisepops.net *.adsrvr.org *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.trustpilot.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.adsrvr.org *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.flbx.io flbx.io *.adsrvr.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.wisepops.com *.google-analytics.com google-analytics.com *.collector.se *.pingdom.net pingdom.net *.adnxs.com adnxs.com *.walleydev.com *.walleypay.com *.dynamicyield.com dynamicyield.com www.google.com google.com *.google.com *.doubleclick.net doubleclick.net *.dialogtrail.com dialogtrail.com *.ebbot.app ebbot.app *.adsrvr.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.bglobale.com *.global-e.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com 'self' data: *.onestock-retail.io *.sensefuel.live *.cdnfonts.com *.perplexity.ai *.isge49.com *.bocage.fr *.googleusercontent.com *.kameleoon.com *.abtasty.com s3-eu-west-1.amazonaws.com *.iadvize.com globale-prod.s3-eu-west-1.amazonaws.com ncspublicasset.s3.eu-west-3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.bglobale.com *.global-e.com *.google.com/ *.onestock-retail.com/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.effiliation.com *.doubleclick.net *.bing.com *.pinterest.com *.facebook.com *.criteo.com *.bocage.eu *.googletagmanager.com *.snapchat.com vimeo.com *.abtasty.com *.criteo.net *.googlesyndication.com *.vimeo.com *.goodays.co *.cookiebot.com *.cloudflare.com *.iadvize.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.bglobale.com *.global-e.com *.googleapis.com https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.google.gg www.google.gl www.google.com.pg www.google.com.np www.google.com.pe www.google.co.il www.google.jo www.google.it www.google.co.zm *.facebook.net www.google.hu *.google.com www.google.com.pr *.eram.eu www.google.li www.google.am *.adform.net *.pinterest.com www.google.is www.google.bi *.batch.com *.criteo.com www.google.mn *.smartadserver.com www.google.com.ec www.google.me www.google.com.kh www.google.co.th www.google.com.vn www.google.ps www.google.com.hk *.advalo.com www.google.com.cy www.google.cv www.google.ge *.bing.net www.google.ro www.google.cd www.google.co.ve *.teads.tv www.google.com.bn www.google.ru *.abtasty.com www.google.sm www.google.com.cu *.kameleoon.eu www.google.com.vc www.google.com.ni *.mellowyellow.com *.adnxs.com www.google.com.eg www.google.com.gt www.google.com.jm *.contentsquare.net www.google.je us-central1-shopmyinfluens.cloudfunctions.net *.iadvize.com www.google.so www.google.com.af *.mmtro.com www.google.com.sl *.taboola.com www.google.gr *.bocage.fr www.google.tn www.google.co.in *.ggpht.com www.google.ad www.google.at www.google.al www.google.vu *.lgw.io www.google.cm www.google.mw www.google.ae www.google.pl www.google.pt www.google.be www.google.ee www.google.com.py www.google.iq www.google.ca www.google.sr www.google.de www.google.lt www.google.co.zw www.google.co.ug www.google.com.ph www.google.ga mmtro.com www.google.tg www.google.lv *.doubleclick.net *.sensefuel.live www.google.dj www.google.ci *.onestock-retail.io *.affilae.com www.google.com.ua www.google.com.gh *.bing.com www.google.com.my www.google.com.om www.google.nl www.google.ws www.google.com.sv www.google.com.tr www.google.se www.google.co.ao www.google.sn www.google.cl www.google.sc bucket-ip-website.s3.eu-central-1.amazonaws.com www.google.co.nz www.google.com.bz www.google.co.uk www.google.com.bd www.google.tm *.googleadservices.com www.google.cf www.google.co.ck www.google.mk www.google.st *.isge49.com www.google.bf www.google.co.kr www.google.co.bw *.bocage.eu www.google.co.id www.google.com.qa www.google.com.bh www.google.com.co *.facebook.com www.google.lk www.google.by www.google.hr *.vimeo.com *.mellowyellow.eu www.google.ch www.google.com.et www.google.md www.google.im www.google.es www.google.td www.google.com.bo www.google.lu www.google.co.ma www.google.dm www.google.co.ls www.google.ba joko-mobile-app-media.s3.eu-west-1.amazonaws.com *.twiago.com www.google.rw *.kameleoon.com www.google.tt www.google.com.lb www.google.no www.google.dk www.google.mg www.google.hn *.ebuyclub.com www.google.ne www.google.ml d1oco4z2z1fhwp.cloudfront.net www.google.la www.google.com.br www.google.com.mt www.google.kg www.google.cn www.google.mv mellowyellow.com www.google.co.mz www.google.bg www.google.com.pk *.googletagmanager.com www.google.com.tw www.google.com.sg d3e54v103j8qbb.cloudfront.net www.google.rs www.google.ie www.google.co.ke www.google.com.pa google.com www.google.com.fj www.google.com.kw www.google.com.mx www.google.mu *.outbrain.com *.criteo.net www.google.co.cr www.google.gy www.google.co.jp www.google.com.do www.google.fi www.google.sk www.google.co.tz www.google.si www.google.com.sa www.google.bj *.eram.fr www.google.dz www.google.com.ar www.google.co.uz www.google.fr s3-eu-west-1.amazonaws.com www.google.com.ng *.xiti.com *.snapchat.com *.googleusercontent.com www.google.com.uy *.openx.net www.google.com.na www.google.com.mm *.cookiebot.com *.googlesyndication.com *.tiktok.com www.google.co.za www.google.gm www.google.cg www.google.ht www.google.kz www.google.com.au www.google.bs www.google.cz www.google.az www.google.com.ly www.google.com.gi data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page cdn.jsdelivr.net *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.criteo.com *.snapchat.com *.jquery.com *.iadvize.com critizr.com *.kameleoon.eu *.cloudflare.com *.taboola.com *.sensefuel.com *.contentsquare.com *.adform.net *.googlesyndication.com *.hotjar.com *.mmtro.com *.pinimg.com *.tiktok.com *.pinterest.com *.vimeo.com *.cookiebot.com *.googletagmanager.com *.batch.com *.bocage.fr translate.google.com.hk *.lgw.io *.sensefuel.live *.eram.fr dqfw2hlp4tfww.cloudfront.net *.facebook.net *.abtasty.com *.contentsquare.net *.kameleoon.com *.onestock-retail.io *.goodays.co *.doubleclick.net *.bing.com *.googleadservices.com mmtro.com *.aticdn.net *.criteo.net *.kameleoon.io *.affilae.com sc-static.net d3e54v103j8qbb.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.bglobale.com *.global-e.com *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.abtasty.com *.iadvize.com *.typekit.net semji.github.io *.onestock-retail.io *.sensefuel.com *.goodays.co *.kameleoon.com *.bocage.fr *.sensefuel.live *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeocdn.com *.fbcdn.net *.bing.com *.mellowyellow.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.getalma.eu *.almapay.com maps.googleapis.com https://nominatim.openstreetmap.org https://maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.kameleoon.eu *.deebr.co *.openx.net *.kameleoon.com *.contentsquare.net *.abtasty.com *.doubleclick.net *.iadvize.com *.onestock-retail.io *.merchant-center-analytics.goog *.hotjar.io www.google.ru *.sensefuel.biz *.typekit.net www.google.it *.pinterest.com *.googleapis.com *.facebook.com www.google.mu *.aticdn.net *.sensefuel.live *.tiktok.com www.google.co.id *.instagram.com *.jquery.com www.google.ge *.bing.net www.google.fr *.bocage.fr www.google.ca *.snapchat.com *.adnxs.com *.advalo.com *.taboola.com www.google.cn *.cookiebot.com *.affilae.com *.cloudflare.com *.teads.tv *.hotjar.com *.goodays.co *.gstatic.com *.contentsquare.com *.batch.com *.criteo.com www.google.es www.google.be *.googlesyndication.com www.google.ch *.googleadservices.com *.facebook.net *.bing.com *.eram.fr *.kameleoon.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ab48b69d-84be-485e-b94f-4ed50b3a5780.sansec.watch/; report-to report-endpoint; 3
default-src 'self' https://*.cit.com;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cit.com https://snap.licdn.com https://munchkin.marketo.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://s.yimg.com https://bat.bing.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://utt.impactcdn.com https://cdn.cookielaw.org https://www.fdic.gov https://assets.adobedtm.com https://siteintercept.qualtrics.com https://siteimproveanalytics.com https://www.everestjs.net https://zn780vxspp4zyl7dr-citcx.siteintercept.qualtrics.com https://citgroup.demdex.net https://pixel.everesttech.net https://sp.analytics.yahoo.com https://g.3gl.net https://cg-7ce3a684-2bed-464c-8d1c-1a0e4cba69c6.s3.us-gov-west-1.amazonaws.com;           connect-src 'self' https://*.cit.com https://graphql.contentful.com https://cms-images.cit.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://dpm.demdex.net https://edge.adobedc.net https://bat.bing.com https://lib-us-2.brilliantcollector.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google.com https://lasteventf-tm.everesttech.net https://s.yimg.com https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://151-fhs-046.mktoresp.com https://894-itd-344.mktoresp.com https://284-lbb-572.mktoresp.com https://022-ygl-099151-fhs-046284-lbb-572.mktoresp.com;           worker-src 'self';           style-src 'self' 'unsafe-inline' https://*.cit.com https://cdn.cookielaw.org;           style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cookielaw.org;           img-src 'self' https://*.cit.com https://cms-images.cit.com https://2884.global.siteimproveanalytics.io https://dpm.demdex.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://bat.bing.com https://sp.analytics.yahoo.com https://cm.everesttech.net https://www.linkedin.com;           frame-src 'self' https://*.cit.com https://www.googletagmanager.com https://fast.wistia.net https://citgroup.demdex.net;           frame-ancestors 'self' https://citbankapp.cit.com https://uat-oao.cit.com https://stage-oao.cit.com https://sape-oao.cit.com https://pl-oao.cit.com https://qa-oao.cit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com;           media-src 'self';           font-src 'self';            3
base-uri 'self'; connect-src 'self' https://*.google.com https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 3
base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.googleapis.com *.googleapis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://api.userway.org api.userway.org https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.google.com *.google.com https://cdn.userway.org cdn.userway.org https://*.api.userway.org *.api.userway.org https://sessions.bugsnag.com sessions.bugsnag.com https://px.ads.linkedin.com px.ads.linkedin.com https://*.facebook.com *.facebook.com https://region1.google-analytics.com region1.google-analytics.com https://geolocation.onetrust.com geolocation.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com https://cdn.userway.org cdn.userway.org data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://sidebar.bugherd.com sidebar.bugherd.com https://*.googletagmanager.com *.googletagmanager.com https://challenges.cloudflare.com challenges.cloudflare.com https://cdn.userway.org cdn.userway.org; img-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.googletagmanager.com *.googletagmanager.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com https://cdn.userway.org cdn.userway.org https://d2iiunr5ws5ch1.cloudfront.net d2iiunr5ws5ch1.cloudfront.net blob: data:; media-src https://youtube.com youtube.com https://ddo8pjvnj55tt.cloudfront.net ddo8pjvnj55tt.cloudfront.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net https://sidebar.bugherd.com sidebar.bugherd.com https://cdn.userway.org cdn.userway.org https://*.bugherd.com *.bugherd.com https://static.cloudflareinsights.com static.cloudflareinsights.com https://challenges.cloudflare.com challenges.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.userway.org cdn.userway.org 'unsafe-inline'; upgrade-insecure-requests 3
font-src fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com https://torus-stage-halkbankmacedonia.asseco-see.com.tr/ https://epay.halkbank.mk/fim/est3Dgate https://ipgtest.monri.com/ https://ipg.monri.com/ https://formtest.wspay.biz/ https://form.wspay.biz/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com www.google.com *.youtube-nocookie.com *.sharethis.com www.facebook.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net issuu.com e.issuu.com assets.pinterest.com *.hotjar.com https://ipgtest.monri.com/ https://ipg.monri.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com www.google.hr *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com maps.gstatic.com maps.googleapis.com log.pinterest.com pinterest.com www.pinterest.com *.hotjar.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net maps.googleapis.com *.hotjar.com connect.facebook.net *.disqus.com assets.pinterest.com *.tiktok.com analytics.google.com www.googletagmanager.com *.avada.io *.shopify.com https://ipgtest.monri.com/ https://ipg.monri.com/ *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com downloads.mailchimp.com googletagmanager.com tagmanager.google.com fonts.googleapis.com *.hotjar.com *.fontawesome.com https://fonts.bunny.net https://ipgtest.monri.com/ https://ipg.monri.com/ *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.sharethis.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com www.google.hr maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/ *.tiktok.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * self *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://www.silhouettedesignstore.com https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.instagram.com js.stripe.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://www.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com cdn.examplecdn.com s.pinimg.com in-automate.brevo.com cdn.by.wonderpush.com https://www.google.com https://flagcdn.com https://*.s3.us-west-2.amazonaws.com https://cdn-int.safecharge.com https://cdn.safecharge.com https://secure.safecharge.com/ *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.instagram.com js.stripe.com js.klevu.com *.ksearchnet.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com https://cdn.webpushr.com https://cdn.brevo.com https://player.vimeo.com https://intljs.rmtag.com https://ut.rd.linksynergy.com https://js.klevu.com unpkg.com sibautomation.com cdn.by.wonderpush.com s.pinimg.com ct.pinterest.com in-automate.brevo.com  https://magento.com https://cdn.safecharge.com https://cdn-int.safecharge.com https://play.google.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com https://cdn.brevo.com https://magneto-staging.s3.us-west-2.amazonaws.com https://maxcdn.bootstrapcdn.com https://cdn.safecharge.com  https://fonts.googleapis.com  https://www.gstatic.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klevu.com *.ksearchnet.com https://d2izb4xeo5e3ln.cloudfront.net https://d13obdxb25x34a.cloudfront.net https://media.silhouettedesignstore.com https://mediacdn.silhouettedesignstore.com https://bot.webpushr.com api.exampleconnect.com ct.pinterest.com in-automate.brevo.com cdn.by.wonderpush.com  https://sdkmon.safecharge.com https://ppp-test.safecharge.com https://ppp-test.nuvei.com https://secure.safecharge.com https://play.google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-to csp-endpoint; 3
default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://brandcenter.flex.com; upgrade-insecure-requests; 3
font-src www.paypalobjects.com cash-f.squarecdn.com fonts.gstatic.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ * all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * https://images.unsplash.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.imgix.net all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com maps.gstatic.com *.googleapis.com *.bing.com *.google.nl *.facebook.com *.facebook.net *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.bazaarvoice.com widgets.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hotjar.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com *.googletagmanager.com tagmanager.google.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.bing.com *.facebook.com *.facebook.net https://player.vimeo.com/api/player.js cdn.belco.io *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.bazaarvoice.com widgets.trustedshops.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app tagmanager.google.com fonts.google.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://maps.googleapis.com https://player.vimeo.com *.googletagmanager.com all4running.nl *.all4running.nl all4running.be *.all4running.be 21run.com *.21run.com *.dhlparcel.nl *.googleapis.com *.google.com *.doubleclick.net *.googlesyndication.com cdn.belco.io wss://chat.belco.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.bazaarvoice.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.smartschool.be widgets.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.wp.com https://ssl.p.jwpcdn.com *.wp.com use.typekit.net p.jwpcdn.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' *.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com c0.wp.com s0.wp.com data:; img-src 'self' http://www.smartschool.be pixel.wp.com *.typekit.net data:; connect-src maps.googleapis.com 'self' performance.typekit.net stats.g.doubleclick.net *.google-analytics.com; frame-src player.vimeo.com 'self'; report-uri /csp-violation.php 3
default-src blob: data: https: 'self'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: data: https: 'self'; connect-src blob: data: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self'; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.adform.net/ https://*.app-us1.com/ https://*.go-mpulse.net https://*.hotjar.com https://*.outbrain.com/ https://*.rapidimages.net https://*.scene7.com https://*.volvo.com/ https://*.volvotrucks.com https://assets.adobedtm.com https://c2c.mct.co.il/ https://cdn.cookielaw.org https://connect.facebook.net https://googleads.g.doubleclick.net/ https://s3.eu-central-1.amazonaws.com/ https://snap.licdn.com/ https://documentservices.adobe.com/ https://trackcmp.net/ https://volvo-trucks.activehosted.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.instagram.com/ https://www.youtube.com; report-to csp-endpoint; report-uri https://knxzhhty06.execute-api.eu-west-1.amazonaws.com/prod/browser-reporting/csp; 3
frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.afternorth.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://stats.afternorth.com https://maps.googleapis.com https://www.google-analytics.com; img-src 'self' data: https://i.realestatecreate.com https://maps1.dnr.state.mn.us https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: static.nacongaming.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com static.nacongaming.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com network-eu-a.bazaarvoice.com media.nacongaming.com scaleflex.ultrafast.io axeptio.imgix.net www.google.fr www.facebook.com static.nacongaming.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net anltc-v2.bigben.fr analytics.tiktok.com www.googleoptimize.com static.nacongaming.com static.axept.io anltc.bigben.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app display.ugc.bazaarvoice.com *.fontawesome.com use.typekit.net p.typekit.net static.nacongaming.com 'self' 'unsafe-inline'; object-src static.nacongaming.com 'self' 'unsafe-inline'; media-src *.adobe.com static.nacongaming.com media.nacongaming.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net anltc-v2.bigben.fr axeptio.imgix.net static.nacongaming.com client.axept.io api.axept.io anltc.bigben.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.punchout2go.com 'self' data: https://*.olark.com https://fonts.gstatic.com data: *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.punchout2go.com 'self' data: https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: https://spsco.alpine-integration-rffjevy-cdfc3vwc43inw.us-5.magentosite.cloud https://cw.alpine-integration-rffjevy-cdfc3vwc43inw.us-5.magentosite.cloud https://surefit.alpine-integration-rffjevy-cdfc3vwc43inw.us-5.magentosite.cloud https://hc.alpine-integration-rffjevy-cdfc3vwc43inw.us-5.magentosite.cloud https://stagingm2.spsco.com https://stagingm2.empowersupply.com https://stagingm2.surefitlab.com https://stagingm2.spshangerstore.com https://productionm2.spsco.com https://productionm2.empowersupply.com https://productionm2.surefitlab.com https://productionm2.spshangerstore.com https://www.spsco.com/ https://www.empowersupply.com https://www.surefitlab.com https://www.spshangerstore.com https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.online-metrix.net *.punchout2go.com https://static.olark.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com https://*.spsco.com https://*.punchout2go.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.punchout2go.com https://log.olark.com https://www.google.com https://stats.g.doubleclick.net https://*.hellobar.com https://*.magentocommerce.com https://*.paypal.com https://*.vimeocdn.com https://*.ytimg.com https://*.linkedin.com https://*.facebook.com https://*.hsforms.com https://*.clarity.ms https://*.hubspot.com https://*.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.online-metrix.net *.punchout2go.com https://h.online-metrix.net http://*.olark.com https://cdnjs.cloudflare.com https://*.hellobar.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.hsforms.net https://*.hsforms.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.cybersource.com https://connect.punchout2go.com https://js.hs-scripts.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.licdn.com https://*.cardinalcommerce.com https://*.ccdc02.com https://*.authorize.net https://*.signifyd.com https://*.hs-banner.com https://*.hs-analytics.com https://*.hs-analytics.net https://*.hscollectedforms.com https://*.hscollectedforms.net https://www.vimeo.com https://*.clarity.ms testflex.cybersource.com flex.cybersource.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://form.jotform.com/ https://cdn.jotfor.ms/ https://customfaborders.jotform.com/ https://surestepdev.wpenginepowered.com/ https://surestep.net/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com https://static.olark.com https://fonts.googleapis.com https://connect.punchout2go.com *.fontawesome.com assets.braintreegateway.com https://surestepdev.wpenginepowered.com/ https://use.typekit.net/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.olark.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.punchout2go.com https://*.olark.com https://forms.hsforms.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com https://bam.nr-data.net https://www.google-analyitics.com https://stats.g.doubleclick.net https://*.hubspot.com https://pro.ip-api.com https://*.cardinalcommerce.com https://*.google.com https://*.clarity.ms https://*.hscollectedforms.net https://*.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.clarity.ms https://*.google-analytics.com 'self' 'unsafe-inline'; 3
default-src 'self'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; connect-src 'self' https:; media-src 'self' https: data:; object-src 'self'; base-uri 'self'; report-to go1-csp; 3
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.affirm.com *.affirm.ca *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.mczbf.com pipedream.wistia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de us-autocomplete-pro.api.smarty.com lootly.io https://get.geojs.io *.avada.io adservice.google.com *.aeroflowapi.org doctor-lookup.aeroflow.ninja warranties-prod-warrantyuploads3bucket-pwksm63i2jcr.s3.amazonaws.com analytics.tiktok.com api.motifmedical.com/api/fullmotiflookuptool app.launchdarkly.com *.bing.com sdk.iad-02.braze.com bt.signifyd.com:11103 cdn.acsbapp.com *.osano.com www.cloudflare.com/cdn-cgi/trace data.stbuttons.click *.elfsight.com *.elfsightcdn.com www.facebook.com *.five9.net *.five9.com www.google.com *.doubleclick.net maps.googleapis.com *.googlesyndication.com graph.instagram.com *.klaviyo.com l.sharethis.com/pview *.lactationlink.com *.motifmedical.com motifmedical.zendesk.com *.noibu.com wss://*.noibu.com ct.pinterest.com prompts.maze.co req.easywebinar.com s.yimg.com *.snapchat.com dev.visualwebsiteoptimizer.com wss://widget-mediator.zopim.com *.zdassets.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com www.pinterest.com trail.grin.co *.adtrafficquality.google *.gstatic.com sentry.io *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.pumpingessentials.com *.aeroflowdiabetes.com shop.aeroflowinc.com gtm.aeroflowbreastpumps.com gtm.aeroflowdiabetes.com www.babylist.com cdnapisec.kaltura.com cfvod.kaltura.com browser-intake-datadoghq.com *.authorize.net *.google-analytics.com https://imgs.signifyd.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net portal.aeroflow.online https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.affirm.com *.aeroflow.io *.aeroflow.org *.doubleclick.net *.googlesyndication.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net portal.aeroflow.online https: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-src 'self'; frame-ancestors 'self'; object-src 'none' 3
frame-ancestors 'self' https://app.contentful.com; default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.obelink.at/metrics https://googleads.g.doubleclick.net https://analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://bat.bing.com https://*.hotjar.com https://*.stripe.com https://*.stripecdn.com https://*.squeezely.tech https://*.hcaptcha.tech https://*.trustedshops.com https://*.aiden.cx https://*.clarity.ms https://d5yoctgpv4cpx.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' data: media.obelink.nl https://obelink.nl https://www.obelink.nl https://media.obelink.de https://obelink.de https://www.obelink.de https://media.obelink.at https://obelink.at https://www.obelink.at https://media.obelink.be https://obelink.be https://www.obelink.be https://media.obelink.pl https://obelink.pl https://www.obelink.pl https://media.obelink.fr https://obelink.fr https://www.obelink.fr https://media.obelink.it https://obelink.it https://www.obelink.it https://media.obelink.es https://obelink.es https://www.obelink.es https://commerce.obelink.eu https://images.ctfassets.net https:// https://*.gstatic.com https://*.squeezely.tech https://*.googletagmanager.com https://widgets.trustedshops.com https://img.youtube.com https://i.ytimg.com https://bat.bing.com; connect-src 'self' https://*.squeezely.tech https://*.trustedshops.com https://*.etrusted.com https://bat.bing.com https://cdn.growthbook.io https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com; frame-src 'self' blob: https://*.stripe.com https://www.google.com https://www.youtube.com; media-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; 3
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; 3
base-uri 'none' ; connect-src 'self' https://mc.yandex.ru/ https://mc.yandex.md/ https://mc.yandex.uz/ https://mc.yandex.com/ https://privacy-cs.mail.ru/ https://top-fwz1.mail.ru/ ; default-src 'self' ; font-src 'self' data: ; frame-ancestors 'none' ; img-src 'self' data: https://top-fwz1.mail.ru/ https://mc.yandex.ru/ https://mc.yandex.com/ ; report-to vkpay-csp-endpoint ; report-uri https://cspreport.mail.ru/vkpay?disposition=report ; script-src 'self' 'unsafe-inline' https://top-fwz1.mail.ru/ https://mc.yandex.ru/* https://privacy-cs.mail.ru/ ; style-src 'self' 'unsafe-inline' 3
report-uri             https://gfcorporate.report-uri.com/r/d/csp/reportOnly ;         default-src             'self'             www.gfms.com             gfms.com             www.gfps.com             gfcorporate.report-uri.com             *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ;         connect-src             'self'             *.google-analytics.com             apikeys.civiccomputing.com             *.googleapis.com             center.lon5.atomz.com             clapi.civiccomputing.com             sp1004e61f.guided.lon5.atomz.com             sp1004e61a.guided.lon5.atomz.com             sp1004e5dd.guided.lon5.atomz.com             stats.g.doubleclick.net             www.facebook.com             uberall.com             locator.uberall.com             api.moin.ai             www.gfps.com             www.gfpstools.com             neoflow.gfpstools.com             cdn.linkedin.oribi.io             assets.georgfischer.com             google.com             analytics.google.com             *.analytics.google.com             *.googletagmanager.com             *.g.doubleclick.net             *.google.com             *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             cdn.cookielaw.org             *.onetrust.com             *.svc.dynamics.com             *.clarity.ms             ad.doubleclick.net             adservice.google.com             assets-eur.mkt.dynamics.com             public-eur.mkt.dynamics.com             assets.adobedtm.com             c-cdn.contentfry.com             catalog.contentfry.com             platform.contentfry.com             code.jquery.com             fbo-b.flippingbook.com             online.flippingbook.com             live.solique.ch             polyfilljs.org             s7e5a.scene7.com             s7mbrstream-g1.scene7.com             www.googleadservices.com ;         font-src             'self'             fonts.gstatic.com             www.gfms.com             widget.moin.ai             static-prod.uberall.com             static.prod.uberall.com ;         script-src             'self'             'unsafe-inline'             'unsafe-eval'             www.google.com             *.google-analytics.com             *.googletagmanager.com             assets.adobedtm.com             ajax.googleapis.com             assets.georgfischer.com             cc.cdn.civiccomputing.com             connect.facebook.net             cdnjs.cloudflare.com             gstatic.com             maps.googleapis.com             siteimproveanalytics.com             snap.licdn.com             static-prod.uberall.com             uberall.com             locator.uberall.com             www.youtube.com             www.pagespeed-mod.com             www.googleoptimize.com             mktdplp102cdn.azureedge.net             www.pagespeed-mod.com             widget.moin.ai             platform.contentfry.com             cdn.cookielaw.org             cookie-cdn.cookiepro.com             privacyportal.onetrust.com             geolocation.onetrust.com             r1.dotdigital-pages.com             r1-t.trackedlink.net             r1.ddlnk.net             www.googleadservices.com ;         script-src-elem             uberall.com             www.googletagmanager.com             'self'             assets.georgfischer.com             blob:             code.jquery.com             locator.uberall.com             maps.googleapis.com             s7e5a.scene7.com             www.clarity.ms             www.google.com             www.googleadservices.com             www.youtube.com ;         style-src             'self'             'unsafe-inline'             'unsafe-eval'             fonts.googleapis.com             assets.georgfischer.com             errors.adobeaemcloud.com             widget.moin.ai ;         style-src-elem             www.googletagmanager.com         	'self'         	assets.georgfischer.com         	blob: s7e5a.scene7.com             www.gstatic.com ;         img-src             'self'             'unsafe-inline'             'unsafe-eval'             data:             *.georgfischer.com             www.linkedin.com             *.global.siteimproveanalytics.io             nswow-imageresizer.azurewebsites.net             px.ads.linkedin.com             www.facebook.com             connect.facebook.net             *.google.com             gfms.com             www.gfms.com             static-prod.uberall.com             static.prod.uberall.com             www.linkedin.com             s7e5a.scene7.com             *.g.doubleclick.net             *.svc.dynamics.com             i.ytimg.com             maps.gstatic.com             fonts.gstatic.com             www.gfps.com             www.gfpstools.com             locator.uberall.com             *.amazonaws.com             *.googletagmanager.com             *.googleapis.com             *.google-analytics.com             *.analytics.google.com             *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             cdn.cookielaw.org             c.clarity.ms             m.youtube.com             *.onetrust.com ;         child-src             'self'             blob:             analytics-eu.clickdimensions.com             live.solique.ch             www.youtube.com ;         form-action             www.facebook.com             www.georgfischer.com             'self' ;         frame-ancestors             'self'             https://*.georgfischer.com;         frame-src             'self'             'unsafe-inline'             'unsafe-eval'             data:             analytics-eu.clickdimensions.com             google.com             ir.tools.investis.com             irs.tools.investis.com             live.solique.ch             recruitingapp-5505.de.umantis.com             registration.gesevent.com             six-swiss-exchange.com             tools.google.com             uberall.com             widget.moin.ai             *.svc.dynamics.com             *.ep-mimecast.dynamics.com             www.gfps.com             bim.gfps.com             ir2.flife.de             www.youtube.com             m.youtube.com             *.ep-mimecast.youtube-nocookie.com             www.youtube-nocookie.com.x.af435fba09eaa04ff30886e05784e20ddae5.d045227c.id.opendns.com             r1.dotdigital-pages.com             display.contentfry.com             googletagmanager.com             cad.georgfischer.com             forms.office.com             foundation-gf-dev.georgfischer.com             online.flippingbook.com             players.brightcove.net             youtube.com ;         manifest-src             'self' ;         media-src             'self'         	  assets.georgfischer.com         	  gfms.com         	  s7e5a.scene7.com         	  s7mbrstream-g1.scene7.com         	  www.gfps.com ; 3
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.kalogirou.com *.adman.gr *.grxchange.gr http://trustmark.gr *.klarnaservices.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.octocom.ai data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com www.facebook.com www.youtube.com *.adman.gr *.grxchange.gr http://trustmark.gr *.klarnaservices.com *.twitter.com *.octocom.ai 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.cookiebot.com www.youtube.com *.contactpigeon.com *.skroutz.gr *.netsteps.net *.trust-servers.net https://www.googletagmanager.com *.adman.gr *.grxchange.gr http://trustmark.gr *.klarnaservices.com *.twitter.com *.octocom.ai www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com *.sharethis.com *.klarnaservices.com *.netsteps.net *.trust-servers.net https://kalogirou.com https://kalogirou.com/pub/media/ *.adman.gr *.grxchange.gr http://trustmark.gr *.cloudflare.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.octocom.ai *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.kalogirou.com *.go-mpulse.net *.sharethis.com *.contactpigeon.com *.google.gr *.taboola.com *.skroutz.gr *.netsteps.net *.trust-servers.net *.adman.gr *.grxchange.gr http://trustmark.gr *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.octocom.ai www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.kalogirou.com www.youtube.com *.contactpigeon.com *.netsteps.net *.trust-servers.net *.adman.gr *.grxchange.gr http://trustmark.gr *.klarnaservices.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.octocom.ai 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.contactpigeon.com eu.klarnaevt.com *.taboola.com *.akstat.io *.skroutz.gr *.netsteps.net *.trust-servers.net *.adman.gr *.grxchange.gr http://trustmark.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.octocom.ai 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com *.netsteps.net *.trust-servers.net *.adman.gr *.grxchange.gr http://trustmark.gr *.klarnaservices.com 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://platform-api.sharethis.com https://rebilly.github.io https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com https://www.google.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 3
script-src-elem *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.payments-amazon.com *.cdn-apple.com *.billiger.de billiger.de *.bing.com *.bing.net js.braintreegateway.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.digitalbridgehq.com *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.avocet.io avocet.io *.gstatic.com *.google.com *.google.co.uk www.googleadservices.com www.google-analytics.com *.googleapis.com *.googlecommerce.com *.googlesyndication.com www.googletagmanager.com s.kk-resources.com *.klarna.com *.klarnacdn.net *.klaviyo.com *.klevu.com secure.cimg.leguide.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk trues11114.pcapredict.com s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com host *.solutenetwork.com *.trustpilot.com unpkg.com 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.webgains.io *.webgains.com; font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk w.appzi.io *.equalweb.com *.googleusercontent.com *.typekit.net fonts.gstatic.com *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://hpp.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://secure-test.worldpay.com/shopper/3ds/ddc.html https://secure.worldpay.com/shopper/3ds/ddc.html https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate 'self' 'unsafe-inline'; frame-ancestors https://pay.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.equalweb.com *.google.com *.google.co.uk *.googlecommerce.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.visualwebsiteoptimizer.com app.vwo.com https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://pay.google.com https://secure-test.worldpay.com https://hpp.worldpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com osm.klarnaservices.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.s3.eu-west-1.amazonaws.com *.bing.com *.bing.net *.cloudfront.net *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.google.com *.google.co.uk www.google.es www.google.it www.google.fr www.google.de www.google.nl www.google.be www.google.at www.google.ie *.googlesyndication.com *.googleusercontent.com *.gstatic.com *.clarity.ms *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.sirv.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.adalyser.com *.cdn-apple.com *.billiger.de billiger.de *.bing.com *.bing.net *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.digitalbridgehq.com *.doubleclick.net *.equalweb.com www.facebook.com connect.facebook.net *.avocet.io avocet.io *.google.com *.google.co.uk *.googleapis.com *.googlecommerce.com *.googlesyndication.com *.gstatic.com s.kk-resources.com *.klaviyo.com *.klevu.com secure.cimg.leguide.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com services.postcodeanywhere.co.uk trues11114.pcapredict.com s.pinimg.com ct.pinterest.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.solutenetwork.com *.trustpilot.com unpkg.com app.vwo.com *.visualwebsiteoptimizer.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.webgains.io *.webgains.com player.vimeo.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js *.sirv.com https://js.klevu.com https://service.force.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.equalweb.com fonts.googleapis.com www.googletagmanager.com *.gstatic.com *.klaviyo.com services.postcodeanywhere.co.uk *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.typekit.net *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io *.cloudflare.com https://fonts.googleapis.com/css *.sirv.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk *.bing.com *.bing.net *.equalweb.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.bestheating.com *.bestheating.ie *.bigbathroomshop.co.uk *.bigbathroomshop.ie *.hudsonreed.com *.magedev.co.uk *.magedev2.co.uk *.magedev3.co.uk *.magedev4.co.uk *.magedev5.co.uk *.magedev6.co.uk *.magestage.co.uk *.mageweb.co.uk *.localdev.com *.ldgdev.co.uk payments-eu.amazon.com *.s3.eu-west-1.amazonaws.com *.bing.com *.bing.net payments.braintree-api.com *.datadome.co *.digitalbridgehq.com eu.prd.impact.fixtuur.com *.fixtuur.io *.doubleclick.net *.equalweb.com *.facebook.com *.google.com *.google.co.uk www.google.es www.google.it www.google.fr www.google.de www.google.nl www.google.be www.google.at www.google.ie *.googleapis.com *.googlesyndication.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.onetrust.com www.paypalobjects.com *.paypal.com s.pinimg.com ct.pinterest.com www.pinterest.com services.postcodeanywhere.co.uk region1.google-analytics.com *.salesforce.com *.force.com *.salesforceliveagent.com ldg.my.site.com ldg.my.salesforce-scrt.com *.samsung.com *.typekit.net *.webgains.io *.visualwebsiteoptimizer.com app.vwo.com *.jsdelivr.net *.fabric-analytics.com *.growthbook.io *.gb-ingest.com *.appzi.io https://www.google.com/pay https://pay.google.com/gp/p/web_manifest.json https://pay.google.com/gp/p/payment_method_manifest.json https://pay.google.com/ https://google.com/pay *.worldpay.com https://hpp.worldpay.com/app/hpp/135-0/telemetry https://hpp.worldpay.com/app/hpp/135-0/payment/paypalsmartbutton/continue https://payments.worldpay.com/app/hpp/135-0/telemetry/iframe *.sirv.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.onetrust.com 'self' 'unsafe-inline'; report-uri https://f4ea971e-20d9-420f-b92f-973abc905556.sansec.watch/; report-to report-endpoint; 3
default-src 'self'; connect-src 'self' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.facebook.com *.acsbapp.com *.google.com *.s3-eu-west-1.amazonaws.com *.amazone.de *.userlike.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com *.amazone.de; script-src-elem 'self' 'unsafe-inline' amazone.concludis.de player.podigee-cdn.net *.googleapis.com *.youtube.com *.amazone.de userlike-cdn-umm.b-cdn.net *.consentmanager.net *.googletagmanager.com *.google-analytics.com connect.facebook.net *.acsbapp.com *.s3-eu-west-1.amazonaws.com *.doubleclick.net; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com amazone.concludis.de cdn.consentmanager.net *.amazone.de; img-src 'self' googleads.g.doubleclick.net *.googleapis.com  *.gstatic.com *.amazonaws.com *.cleverreach.com *.consentmanager.net *.facebook.com *.amazone.de amazone.de *.googletagmanager.com data:; font-src 'self' *.amazone.de data:; frame-src facebook.com player.podigee-cdn.net *.consentmanager.net *.google.com amazone.de amazone.net *.amazone.de *.amazone.net *.googletagmanager.com *.youtube-nocookie.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; report-uri https://temporarycsp.azurewebsites.net/api/CreateReport 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://widgets.trustedshops.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com *.stape.io 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com app.usercentrics.eu *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stape.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net cdn.scarabresearch.com orbitvu.co *.orbitvu.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com media.brand-distribution.com widgets.trustedshops.com app.usercentrics.eu privacy-proxy-server.usercentrics.eu uct.service.usercentrics.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.stape.io www.facebook.com connect.facebook.com www.google.de piwik.hama.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net/ cdn.scarabresearch.com s7.addthis.com orbitvu.co *.orbitvu.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com widgets.trustedshops.com aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stape.io connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com *.hsforms.net *.hsforms.com https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.orbitvu.co https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com fast.fonts.net hello.myfonts.net *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stape.io *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com ekr.zdassets.com/ *.orbitvu.cloud *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stape.io connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.hama.com *.kameleoon.com *.kameleoon.io *.kameleoon.eu *.kameleoon.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src-elem payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com data: 'self'; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com static.runconverge.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.trustedshops.com *.googleapis.com *.klaviyo.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.twitter.com services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.doubleclick.net *.facebook.com *.runconverge.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.freshchat.com *.twitter.com *.pinterest.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src 'self' data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com static.runconverge.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cloudfront.net/ *.criteo.net *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com *.bing.com/ *.clarity.ms/ *.google.al/ *.google.am/ *.google.at/ *.google.az/ *.google.ba/ *.google.be/ *.google.bg/ *.google.by/ *.google.ch/ *.google.cz/ *.google.de/ *.google.dk/ *.google.ee/ *.google.es/ *.google.fi/ *.google.fr/ *.google.ge/ *.google.gr/ *.google.hr/ *.google.hu/ *.google.ie/ *.google.is/ *.google.it/ *.google.kz/ *.google.li/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.md/ *.google.me/ *.google.mk/ *.google.mt/ *.google.nl/ *.google.no/ *.google.pl/ *.google.pt/ *.google.ro/ *.google.rs/ *.google.ru/ *.google.se/ *.google.si/ *.google.sk/ *.google.sm/ *.google.tr/ *.google.ua/ *.google.uk/ *.google.com.ua/ *.google.com.tr/ *.google.com.gr/ *.google.com.pt/ *.google.com.pl/ cdn2.hubspot.net resources.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://img.youtube.com *.unifaun.com/ openstreetmap.org *.openstreetmap.org cdn1.stamped.io stamped.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com polyfill.io *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.runconverge.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.kk-resources.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ polyfill-fastly.io/ services.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ unpkg.com/ cdn1.stamped.io stamped.io *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com s7.addthis.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com static.runconverge.com *.facebook.net *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cookiefirst.com *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ https://static.klaviyo.com maxcdn.bootstrapcdn.com unpkg.com/ cdn1.stamped.io stamped.io *.trustpilot.com assets.braintreegateway.com https://cdn.jsdelivr.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://maps.googleapis.com https://player.vimeo.com *.algolia.net *.algolia.com/ *.algolianet.com *.facebook.com *.facebook.net *.google.com/ payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.runconverge.com *.googletagmanager.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.criteo.com *.kelkoogroup.net/ *.chatbotize.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.paytrail.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io *.trustpilot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net https://cdn.riverty.design/ *.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com uc8.tv https://documents.riverty.com/ *.dotdigital-pages.com *.dotdigital.com *.facebook.com *.facebook.net *.doubleclick.net *.paypal.com *.vimeo.com *.google.com *.googletagmanager.com https://documents.riverty.com https://documents.myafterpay.com https://tag.heylink.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ imgsct.cookiebot.com https://info.dibs.se *.trackedlink.net magefan.com cm.magefan.com *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://bat.bing.com https://cdn.myafterpay.com https://instore.prisjakt.no https://pricerunner.dk https://pricerunner.se *.googleadservices.com *.google-analytics.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ consent.cookiebot.com https://*.dibspayment.eu *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://cdn.cookie-script.com https://bat.bing.com *.clarity.ms *.doubleclick.net https://r1-t.trackedlink.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypal.com https://tag.heylink.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://*.dibspayment.eu *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com https://bat.bing.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://*.dibspayment.eu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.facebook.com *.facebook.net *.cloudfront.net *.adobe.com *.adobe.net *.google.com *.googleapis.com *.gstatic.com https://bat.bing.com *.clarity.ms *.doubleclick.net https://fraktguide.bring.no *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:; font-src * data: blob:; connect-src *; frame-src *; object-src * 3
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com https://vcdn.blob.core.windows.net/* https://cdn.vcdn.vc/*; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online https://www.googletagmanager.com *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; 3
font-src *.gstatic.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.newrelic.com *.herokuapp.com *.doubleclick.net/ *.googleapis.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.weltpixel.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com.ar *.instagram.com *.cdninstagram.com *.gstatic.com *.facebook.com *.newrelic.com *.clarity.ms *.bing.com *.googleapis.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.woowup.com *.herokuapp.com *.instagram.com *.facebook.net *.newrelic.com *.nr-data.net *.clarity.ms mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.google.com/ onesignal.com *.onesignal.com *.avada.io player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.herokuapp.com *.newrelic.com mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google.com.ar *.doubleclick.com *.doubleclick.net *.newrelic.com *.nr-data.net *.clarity.ms mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl https://get.geojs.io *.avada.io https://*.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src mcstaging.iochile.cl mcstaging.magriffe.cl mcstaging.ashchile.cl www.iochile.cl www.magriffe.cl www.ashchile.cl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors *.vee24.com 3
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.plugins.emarsys.net *.scarabresearch.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.magento-datasolutions.com *.magento-ds.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.scarabresearch.com *.eservice.emarsys.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com challenges.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://connect.ekomi.de/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://connect.ekomi.de/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io challenges.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.facebook.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * destinilocators.com *.duosecurity.com *.olark.com *.frontiercoop.com *.yotpo.com www.google.com *.facebook.com *.googletagmanager.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.certcapture.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com frontiercoop.widen.net *.olark.com lux.speedcurve.com mediacdn.espssl.com brxcdn.com *.frontiercoop.com cdn-cookieyes.com *.yotpo.com *.google-analytics.com *.googletagmanager.com www.facebook.com *.facebook.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com *.exponea.com *.imi.chat *.frontiercoop.com cdn-cookieyes.com *.yotpo.com connect.facebook.net www.google.com js.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com *.widen.net *.widencdn.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com assets.braintreegateway.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.yotpo.com *.klevu.com *.ksearchnet.com 'unsafe-inline' *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.frontiercoop.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com bam.nr-data.net lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.exponea.com facebook.com *.facebook.com *.imi.chat *.frontiercoop.com *.cookieyes.com log.cookieyes.com *.yotpo.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.facebook.net *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com *.frontiercoop.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src static.leathercollection.com fonts.gstatic.com www.paypalobjects.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src td.doubleclick.net ct.pinterest.com js.stripe.com b.stripecdn.com pay.google.com newassets.hcaptcha.com m.stripe.network fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com platform.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src media.leathercollection.com static.leathercollection.com leathercollection.com leathercollection.co.br leathercollection.co.uk leathercollection.com.au eleather.it leathercollection.ch leathercollection.co.za leathercollection.jp leathercollection.nz leathercollection.ru leathercollection.se leathercollection.ca leathercollection.de leathercollection.es leathercollection.fr motospeeds.com app.fera.ai cdn.fera.ai media.fera.ai www.facebook.com www.google.com www.google.com.pk i.ytimg.com js.stripe.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: *.paypal.com *.typekit.net *.gstatic.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com pinterest.com assets.pinterest.com syndication.twitter.com blob: *.facebook.com data: 'self' 'unsafe-inline'; script-src static.leathercollection.com leathercollection.com leathercollection.co.br leathercollection.co.uk leathercollection.com.au eleather.it leathercollection.ch leathercollection.co.za leathercollection.jp leathercollection.nz leathercollection.ru leathercollection.se leathercollection.ca leathercollection.de leathercollection.es leathercollection.fr motospeeds.com app.fera.ai cdn.fera.ai www.googletagmanager.com s.pinimg.com static.zdassets.com connect.facebook.net googleads.g.doubleclick.net ct.pinterest.com www.google.com www.gstatic.com js.stripe.com b.stripecdn.com pay.google.com hcaptcha.com newassets.hcaptcha.com m.stripe.network assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com analytics.google.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com twitter.com platform.twitter.com static.addtoany.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src static.leathercollection.com media.leathercollection.com leathercollection.com leathercollection.co.br leathercollection.co.uk leathercollection.com.au eleather.it leathercollection.ch leathercollection.co.za leathercollection.jp leathercollection.nz leathercollection.ru leathercollection.se leathercollection.ca leathercollection.de leathercollection.es leathercollection.fr motospeeds.com app.fera.ai cdn.fera.ai js.stripe.com b.stripecdn.com *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src media.leathercollection.com static.leathercollection.com leathercollection.com leathercollection.co.br leathercollection.co.uk leathercollection.com.au eleather.it leathercollection.ch leathercollection.co.za leathercollection.jp leathercollection.nz leathercollection.ru leathercollection.se leathercollection.ca leathercollection.de leathercollection.es leathercollection.fr motospeeds.com app.fera.ai cdn.fera.ai ekr.zdassets.com ct.pinterest.com leathercollection.zendesk.com js.stripe.com merchant-ui-api.stripe.com r.stripe.com api.stripe.com api2.hcaptcha.com api.hcaptcha.com m.stripe.com analytics.google.com www.pinterest.com stats.g.doubleclick.net www.facebook.com googleads.g.doubleclick.net wss://widget-mediator.zopim.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com stats.addtoany.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src media.leathercollection.com static.leathercollection.com leathercollection.com leathercollection.co.br leathercollection.co.uk leathercollection.com.au eleather.it leathercollection.ch leathercollection.co.za leathercollection.jp leathercollection.nz leathercollection.ru leathercollection.se leathercollection.ca leathercollection.de leathercollection.es leathercollection.fr motospeeds.com app.fera.ai cdn.fera.ai static.zdassets.com ekr.zdassets.com leathercollection.zendesk.com *.zopim.com zendesk-eu.my.sentry.io v2assets.zopim.io wss://widget-mediator.zopim.com r.stripe.com apis.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com https://*.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://widgets.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://belco-prod.s3-eu-central-1.amazonaws.com https://images.unsplash.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sooqr.com *.spotlersearch.com www.magmodules.eu *.squeezely.tech *.amazonaws.com https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net https://cdn.belco.io https://maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com squeezely.tech www.squeezely.tech *.squeezely.tech *.sendcloud.sc *.avada.io *.shopify.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com assets.braintreegateway.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io https://maps.googleapis.com https://player.vimeo.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sooqr.com *.spotlersearch.com squeezely.tech *.squeezely.tech *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 3
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu https://apis.google.com static.zdassets.com buerostuhl24.app.baqend.com www.dwin1.com unpkg.com widget.trustpilot.com bat.bing.com invitejs.trustpilot.com lantern.roeyecdn.com www.googletagmanager.com s.pinimg.com s.kk-resources.com ct.beslist.nl dynamic.criteo.com data.bureaustoel24.nl www.google.com connect.facebook.net widgets.trustedshops.com googleads.g.doubleclick.net www.gstatic.com static.trbo.com api-v4.trbo.com sslwidget.criteo.com integrations.etrusted.com static.hotjar.com data.buerostuhl24.com secure.pay1.de script.hotjar.com tm708.ad-srv.net tm706.ad-srv.net tm.ad-srv.net ct.pinterest.com tm716.ad-srv.net data.sillasdeoficina24.es static-eu.payments-amazon.com cdn.jsdelivr.net snap.licdn.com tm710.ad-srv.net data.buerostuhl24.at tm701.ad-srv.net data.hjh-office.fr tm720.ad-srv.net data.hjh-office.se data.buerostuhl24.ch tm722.ad-srv.net tm712.ad-srv.net sibforms.com widget-mediator.zopim.com data.hjh-office.fi tm702.ad-srv.net tm724.ad-srv.net tm723.ad-srv.net tm709.ad-srv.net tm718.ad-srv.net tm707.ad-srv.net tm715.ad-srv.net tm711.ad-srv.net data.hjh-office.it tm719.ad-srv.net tm704.ad-srv.net tm703.ad-srv.net tm721.ad-srv.net www.moebel.de www.awin1.com data.hjh-office.dk 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu webcache-eu.datareporter.eu integrations.etrusted.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com webcachex-eu.datareporter.eu https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://plumrocket.com *.yotpo.com www.sillasdeoficina24.es www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com www.xtento.com https://plumrocket.com *.trustpilot.com *.yotpo.com gum.criteo.com ct.pinterest.com collect.trbo.com fledge.eu.criteo.com tm708.ad-srv.net td.doubleclick.net tm706.ad-srv.net tm722.ad-srv.net ad.ad-srv.net my.meetergo.com tm710.ad-srv.net tm720.ad-srv.net gumi.criteo.com static.criteo.net tm718.ad-srv.net tm701.ad-srv.net tm716.ad-srv.net tm702.ad-srv.net tm712.ad-srv.net tm723.ad-srv.net www.facebook.com tm707.ad-srv.net tm715.ad-srv.net tm711.ad-srv.net tm704.ad-srv.net tm703.ad-srv.net tm721.ad-srv.net tm719.ad-srv.net tm709.ad-srv.net www.instagram.com www.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: *.yotpo.com buerostuhl24.app.baqend.com www.buerostuhl24.at www.facebook.com bat.bing.net www.google.nl lantern.roeye.com bat.bing.com www.buerostuhl24.com visitor.omnitagjs.com rtb-csync.smartadserver.com r.casalemedia.com id5-sync.com x.bidswitch.net ib.adnxs.com ad.360yield.com gum.criteo.com sync-t1.taboola.com cm.g.doubleclick.net px.ads.linkedin.com img.idealo.com www.google.de a.twiago.com matching.ivitrack.com www.hjh-office.se www.buerostuhl24.ch collect.trbo.com www.bureaustoel24.nl www.google.co.in static.trbo.com contextual.media.net sync.outbrain.com match.sharethrough.com jadserve.postrelease.com sync.1rx.io exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com eb2.3lift.com sync-criteo.ads.yieldmo.com criteo-partners.tremorhub.com e1.emxdgt.com dis.criteo.com ad.yieldlab.net criteo-sync.teads.tv www.hjh-office.fi www.google.ch px4.ads.linkedin.com www.hjh-office.it www.google.es www.google.at s.kelkoogroup.net www.google.it pagead2.googlesyndication.com v2assets.zopim.io www.google.be data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.adyen.com tagmanager.google.com https://www.googletagmanager.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.datareporter.eu *.plugins.emarsys.net *.scarabresearch.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com data.hjh-office.fr www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.gstatic.com *.trustpilot.com *.yotpo.com https://apis.google.com buerostuhl24.app.baqend.com static.zdassets.com data.buerostuhl24.com static.hotjar.com tm706.ad-srv.net tm.ad-srv.net script.hotjar.com unpkg.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://webcache.datareporter.eu d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.gstatic.com *.trustpilot.com *.yotpo.com webcache-eu.datareporter.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com https://www.google-analytics.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.datareporter.eu *.scarabresearch.com *.eservice.emarsys.net payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.yotpo.com ekr.zdassets.com ct.pinterest.com hjhoffice.zendesk.com buerostuhl24.app.baqend.com data.bureaustoel24.nl wss://widget-mediator.zopim.com bat.bing.net data.hjh-office.dk px.ads.linkedin.com data.buerostuhl24.com vc.hotjar.io pagead2.googlesyndication.com data.buerostuhl24.at measurement-api.criteo.com payments-de.amazon.com data.sillasdeoficina24.es bat.bing.com data.hjh-office.fr data.hjh-office.se data.buerostuhl24.ch ct.beslist.nl ws://localhost:12387 sslwidget.criteo.com data.hjh-office.fi www.facebook.com data.hjh-office.it d158d42c.sibforms.com s.kelkoogroup.net invitejs.trustpilot.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.buerostuhl24.com/rest/all/V1/cspmanager/frontend_report; 3
font-src *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.wahl.com *.userway.org *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.wahl.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com *.wahl.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.bluesnap.com *.cardinalcommerce.com *.kaptcha.com *.sentry.io *.google.com *.gstatic.com google.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.klarna.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wahl.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; style-src *.adobe.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app fonts.googleapis.com display.ugc.bazaarvoice.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com *.kaptcha.com *.sentry.io *.google.com *.gstatic.com google.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.powerreviews.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com cdn.weglot.com *.wahl.com *.userway.org 'self' 'unsafe-inline'; object-src *.wahl.com 'self' 'unsafe-inline'; media-src *.adobe.com *.wahl.com 'self' 'unsafe-inline'; manifest-src *.wahl.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com *.kaptcha.com *.sentry.io *.google.com *.gstatic.com *.amazonaws.com google.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.addressy.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.link.com x.clarity.ms cdn.cookielaw.org forms.hscollectedforms.net geolocation.onetrust.com api.userway.org cdn77.api.userway.org cdn.userway.org api.weglot.com cdn.weglot.com https://cdn-api-weglot.com *.wahl.com *.hsforms.net *.hsforms.com *.clarity.ms *.pcapredict.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri *.wahl.com 'self' 'unsafe-inline'; script-src https://pxl.jivox.com https://secure.adnxs.com https://apps.bazaarvoice.com/ cdn.weglot.com 0409890c10.translations.weglot.io assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com 'self' 'unsafe-inline' sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com *.kaptcha.com *.sentry.io *.google.com static.cloudflareinsights.com cdnjs.cloudflare.com google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.powerreviews.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.clarity.ms cdn.cookielaw.org js.hubspot.com cdn.userway.org svht.tradedoubler.com swrap.tradedoubler.com *.wahl.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src static.hsappstatic.net https://ad.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com  *.google.com google.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com.mx  *.google-analytics.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com  *.google.com.in  *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com c.clarity.ms cdn.cookielaw.org cdn.userway.org *.wahl.com *.magecomp.com *.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; default-src https://de.wahl.com https://fr.wahl.com https://nl.wahl.com https://eu.wahl.com https://es.wahl.com https://jp.mcprod.wahl.com *.wahl.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com *.almapay.com *.cloudflare.com *.trustpilot.com *.avis-verifies.com *.bing.com *.sc.omtrdc.net 'self' data: https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.nootidev.com admin.nootica.fr *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it *.bandeja-shop.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ www.google.com *.hipay-tpp.com *.hipay.com *.googleapis.com *.klarna.com *.demdex.net *.hub-side.com *.nootidev.com admin.nootica.fr *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it *.bandeja-shop.com *.sc.omtrdc.net 'self' data: *.addthis.com *.trustpilot.com sibautomation.com *.doubleclick.net *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.hipay.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.com maps.googleapis.com *.google.fr *.doubleclick.net *.googletagmanager.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu *.avis-verifies.com *.bing.com *.omtrdc.net *.demdex.net *.everesttech.net flagcdn.com *.nootidev.com *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it *.bandeja-shop.com *.facebook.com *.reddit.com *.google-analytics.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com mpsnare.iesnare.com *.paypal.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com http://127.0.0.1:35729 *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.fr *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.trustpilot.com *.avis-verifies.com *.usercentrics.eu *.bing.com *.iesnare.com *.hipay.com 'self' data: *.addthis.com *.addthisedge.com *.moatads.com *.freshworks.com sibautomation.com *.skeepers.io umami.nootica.fr https://cdnjs.cloudflare.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.hipay.com *.googleapis.com *.klarnacdn.net https://use.fontawesome.com https://fonts.googleapis.com *.cloudflare.com *.typekit.net *.trustpilot.com *.avis-verifies.com *.usercentrics.eu *.bing.com *.sc.omtrdc.net 'self' data: https://cdnjs.cloudflare.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.getalma.eu *.almapay.com *.hipay-tpp.com wss://mpsnare.iesnare.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://olegnax.com *.google-analytics.com *.googlesyndication.com *.analytics.google.com *.doubleclick.net *.cloudflare.com *.bing.com *.demdex.net *.sc.omtrdc.net *.hipay.com 'self' data: ws: *.addthis.com *.brevo.com *.skeepers.io *.nootidev.com search.nootica.com search.bandeja-shop.com umami.nootica.fr *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
object-src 'self' 'unsafe-inline'; media-src *.adobe.com d3dc1lgancj6l0.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors wickey.de www.gstatic.com  *.useberry.com  *.gstatic.com 'self'; form-action wickey.nl wickey.de wickey.fr wickey.gateway.ford.neoday.cloud wickey.ro wickey.it wickey.at geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com wickey.us16.list-manage.com *.wickey.us16.list-manage.com 'self' 'unsafe-inline'; img-src www.google.rs googleads.g.doubleclick.net www.google.com.ua www.google.si scontent-lhr8-1.xx.fbcdn.net www.google.lt wickey.it stats.g.doubleclick.net widgets.xsellco.com wickey.fr wickey.cz wickey.ch wickey.be wickey.at wickey.bg www.google.gr wickey.co.uk wickey.ie wickey.sk wickey.si wickey.se wickey.ro wickey.pt wickey.pl wickey.no wickey.lu wickey.lt wickey.hu wickey.hr wickey.gr wickey.es wickey.dk scontent-ams4-1.xx.fbcdn.net wickey.nl region1.analytics.google.com www.facebook.com widgets.trustedshops.com scontent-lhr6-2.xx.fbcdn.net wickey.de twr.wickey.cz upgrade.wickey.nl data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io github.blog maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.ads.linkedin.com *.bing.com bing.com *.trustedshops.com *.mollie.com *.pinterest.com *.consentmanager.net tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com d3upe020n1uosc.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg ik.imagekit.io cst-tag-monitor-2nd-gen-6k3dd6vtka-ew.a.run.app dashboard.edesk.com static.sooqr.com onlinedialogue.s3.eu-west-1.amazonaws.com t.squeezely.tech wickey.ams3.digitaloceanspaces.com wickey-test.ams3.digitaloceanspaces.com d2rfa446ja7yzb.cloudfront.net app.squeezely.tech tw.wickey.si tw.wickey.gr static.spotlersearch.com dy639ytn88nua.cloudfront.net bat.bing.net europe-west1-code-cube.cloudfunctions.net xsellco-blobstore.s3.amazonaws.com twr.wickey.nl twr.wickey.de twr.wickey.at twr.wickey.ch twr.wickey.fr twr.wickey.be twr.wickey.it twr.wickey.es twr.wickey.pl twr.wickey.dk twr.wickey.se twr.wickey.hu twr.wickey.no twr.wickey.co.uk twr.wickey.ie twr.wickey.pt twr.wickey.ro twr.wickey.lu twr.wickey.sk twr.wickey.hr twr.wickey.bg twr.wickey.lt twr.wickey.si twr.wickey.gr *.clarity.ms *.flbx.io data: 'self' 'unsafe-inline'; font-src x.klarnacdn.net wickey.ie wickey.co.uk wickey.it www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com tbs.tradedoubler.com wickey.nl *.hotjar.com d3dc1lgancj6l0.cloudfront.net wickey.gateway.ford.neoday.cloud data: 'self' 'unsafe-inline'; style-src x.klarnacdn.net wickey.co.uk wickey.ie wickey.pl wickey.it wickey.fr wickey.gateway.ford.neoday.cloud wickey.at wickey.be wickey.de wickey.cz wickey.es *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com *.hotjar.com tagmanager.google.com widgets.xsellco.com static.sooqr.com static.spotlersearch.com js.neoday.com 'self' 'unsafe-inline'; frame-src js.klarna.com www.googletagmanager.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com *.trustpilot.com tbs.tradedoubler.com forms.office.com ct.pinterest.com *.hotjar.com d3dc1lgancj6l0.cloudfront.net www.youtube.com *.mollie.com *.wickey.de *.durchsichtig.xyz tw.wickey.co.uk tw.wickey.be twr.wickey.fr tw.wickey.gr tw.wickey.at tw.wickey.ch tw.wickey.it tw.wickey.es tw.wickey.pl tw.wickey.dk tw.wickey.cz tw.wickey.se tw.wickey.hu tw.wickey.no tw.wickey.ie tw.wickey.pt tw.wickey.ro tw.wickey.lu tw.wickey.sk tw.wickey.hr tw.wickey.bg tw.wickey.si twr.wickey.nl twr.wickey.de twr.wickey.at twr.wickey.ch twr.wickey.be twr.wickey.it twr.wickey.es twr.wickey.pl twr.wickey.dk twr.wickey.cz twr.wickey.se twr.wickey.hu twr.wickey.no twr.wickey.co.uk twr.wickey.ie twr.wickey.pt twr.wickey.ro twr.wickey.lu twr.wickey.sk twr.wickey.hr twr.wickey.bg twr.wickey.lt twr.wickey.si twr.wickey.gr js.neoday.com 'self' 'unsafe-inline'; script-src js.klarna.com bat.bing.com connect.facebook.net wickey.co.uk wickey.ie googleads.g.doubleclick.net static.spotlersearch.com tr.kickbite.io squeezely.tech widgets.xsellco.com static.sooqr.com widgets.trustedshops.com twr.wickey.nl fpp.wickey.de twr.wickey.de fpp.wickey.fr twr.wickey.fr wickey.pl twr.wickey.cz wickey.it wickey.fr twr.wickey.no twr.wickey.co.uk fpp.wickey.co.uk wickey.be wickey.de wickey.es twr.wickey.at fpp.wickey.at assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com js.mollie.com *.googleadservices.com bam.nr-data.net c.delivery.consentmanager.net cdn.consentmanager.net s.pinimg.com analytics.tiktok.com snap.licdn.com hst.tradedoubler.com swrap.tradedoubler.com static.cloudflareinsights.com tracking.s24.com tw.wickey.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg delivery.consentmanager.net cdn.stape.io *.hotjar.com d3dc1lgancj6l0.cloudfront.net ajax.cloudflare.com d5yoctgpv4cpx.cloudfront.net onlinedialogue.s3.eu-west-1.amazonaws.com dynamic.sooqr.com *.neoday.com js.neoday.com cdn.ablyft.com analytics.optimalpeople.fr connect.getflowbox.com ct.pinterest.com spotlersearchanalytics.com dynamic.spotlersearch.com *.wickey.de clarity.ms www.clarity.ms fpp.wickey.nl fpp.wickey.gr fpp.wickey.ch fpp.wickey.be fpp.wickey.it fpp.wickey.es fpp.wickey.dk fpp.wickey.pl fpp.wickey.cz fpp.wickey.se fpp.wickey.hu fpp.wickey.no fpp.wickey.ie fpp.wickey.pt fpp.wickey.ro fpp.wickey.lu fpp.wickey.sk fpp.wickey.hr fpp.wickey.bg fpp.wickey.lt fpp.wickey.si  *.useberry.com  stapecdn.com *.clarity.ms twr.wickey.ch twr.wickey.be twr.wickey.it twr.wickey.es twr.wickey.pl twr.wickey.dk twr.wickey.se twr.wickey.hu twr.wickey.ie twr.wickey.pt twr.wickey.ro twr.wickey.lu twr.wickey.sk twr.wickey.hr twr.wickey.bg twr.wickey.lt twr.wickey.si twr.wickey.gr wickey.gateway.ford.neoday.cloud 'self' 'unsafe-inline' 'unsafe-eval'; connect-src fpp.wickey.at js.klarna.com fpp.wickey.es fpp.wickey.fr fpp.wickey.hu fpp.wickey.it fpp.wickey.cz fpp.wickey.pl experience.getflowbox.com www.gstatic.com fpp.wickey.bg fpp.wickey.dk fpp.wickey.lu fpp.wickey.ie socketio.xsellco.com fpp.wickey.gr widgets.trustedshops.com googleads.g.doubleclick.net static.spotlersearch.com wickey.cz wickey.de www.wickey.be www.wickey.it www.wickey.cz dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com http://127.0.0.1:63342 http://127.0.0.1:34567 maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.pixriot.com *.storeimaging.com ct.pinterest.com *.wickey.de analytics.google.com stats.g.doubleclick.net analytics.tiktok.com bam.nr-data.net bat.bing.com www.google.com region1.analytics.google.com region1.google-analytics.com tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com *.hotjar.io wss://*.hotjar.com d3upe020n1uosc.cloudfront.net d3dc1lgancj6l0.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg rkkck31tec.execute-api.eu-central-1.amazonaws.com widgets.xsellco.com firehose.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com wickey.gateway.ford.neoday.cloud log.ablyft.com analytics.pangle-ads.com analytics.optimalpeople.fr trustbadge.api.etrusted.com gateway.getflowbox.com a.getflowbox.com tw.wickey.si tw.wickey.gr api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com px.ads.linkedin.com api.paypal.com *.durchsichtig.xyz tr.kickbite.io bat.bing.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com j.clarity.ms n.clarity.ms s.clarity.ms k.clarity.ms twr.wickey.fr fpp.wickey.nl u.clarity.ms i.clarity.ms fpp.wickey.co.uk d.clarity.ms fpp.wickey.be fpp.wickey.ch twr.wickey.nl twr.wickey.de twr.wickey.at twr.wickey.ch twr.wickey.be twr.wickey.it twr.wickey.es twr.wickey.pl twr.wickey.dk twr.wickey.cz twr.wickey.se twr.wickey.hu twr.wickey.no twr.wickey.co.uk twr.wickey.ie twr.wickey.pt twr.wickey.ro twr.wickey.lu twr.wickey.sk twr.wickey.hr twr.wickey.bg twr.wickey.lt twr.wickey.si twr.wickey.gr guarantee-log.trustedshops.com ad.doubleclick.net *.clarity.ms fpp.wickey.pt fpp.wickey.ro fpp.wickey.se fpp.wickey.sk fpp.wickey.lt fpp.wickey.si fpp.wickey.hr fpp.wickey.no 'self' 'unsafe-inline'; 3
default-src 'self' https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hubspot.com https://*.hsforms.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://*.hsadspixel.net https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://static.hsappstatic.net https://*.usemessages.com https://*.hsleadflows.net https://*.hsforms.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com; style-src 'self' 'unsafe-inline' https://*.hubspot.com https://*.hsforms.com https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent-eu1.net https://cdn2.hubspot.net; img-src 'self' data: https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net https://*.hubspotusercontent00.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent-eu1.net https://no-cache.hubspot.com https://js.hscta.net https://js-eu1.hscta.net https://cdn2.hubspot.net https://*.hubspot.net; font-src 'self' https://fonts.gstatic.com https://*.hubspot.com; connect-src 'self' https://*.hubspot.com https://*.hsforms.com https://api.hubapi.com https://*.hubapi.com https://*.hs-banner.com https://js.hscta.net https://js-eu1.hscta.net https://*.hscollectedforms.net; frame-src 'self' https://*.hubspot.com https://*.hsforms.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.hsforms.net; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hubspot.com https://*.hsforms.com; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com https://www.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com https://static.dhlecommerce.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net *.avada.io *.shopify.com js.mollie.com *.googletagmanager.com *.snrcdn.net *.snrbox.com *.ekomiapps.de www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://hcaptcha.com https://*.hcaptcha.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com https://firebasestorage.googleapis.com flagpedia.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://browser.sentry-cdn.com *.livechatinc.com *.livechat-static.com *.avada.io *.shopify.com *.gstatic.com maps.googleapis.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.livechatinc.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.livechatinc.com *.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://*.ingest.sentry.io *.livechatinc.com *.text.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.checkout.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarna.com *.ccavenue.ae checkout.tabby.ai https://c.sharethis.mgr.consensu.org https://secure.ccavenue.ae 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae cdn.jsdelivr.net data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.magentocommerce.com *.cloudfront.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://l.sharethis.com https://sharethis.com https://platform-cdn.sharethis.com *.facebook.com *.alothemes.com *.magepow.com *.tamara.co data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.checkout.com *.klarnacdn.net *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me apigoswirl.com cdn.jsdelivr.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.cloudflare.com *.authorize.net *.braintreegateway.com *.ytimg.com *.paypal.com *.payments-amazon.com *.croapp.net https://buttons-config.sharethis.com https://platform-api.sharethis.com s7.addthis.com *.googletagmanager.com *.facebook.net *.alothemes.com *.magepow.com cdn.tamara.co maps.googleapis.com *.tamara.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://cdn.checkout.com apigoswirl.com cdn.jsdelivr.net *.yotpo.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.alothemes.com *.magepow.com *.tamara.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarnaevt.com *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me apigoswirl.com api.goswirl.live checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.cloudflare.com *.twitter.com *.twimg.com api.homesrusae.evinent.site homesrusaenew-api.evinent.site api.homesrusqa.evinent.site homesrusqanew-api.evinent.site api.momstore.evinent.site momstorenew-api.evinent.site api.carters.evinent.site https://l.sharethis.com https://sharethis.com ekr.zdassets.com/ *.google-analytics.com *.alothemes.com *.magepow.com maps.googleapis.com *.tamara.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube-nocookie.com www.google.com https://*.dpdconnect.nl youtube.com *.doubleclick.net *.multisafepay.com https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://firebasestorage.googleapis.com flagpedia.net www.jmpbonderdelen.nl www.jmpbonderdelen.be www.jmpbparts.com www.jmpbteile.de www.jmpbteile.at www.jmpbdele.dk 'self' data: *.google.nl *.multisafepay.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.dpdconnect.nl https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io player.vimeo.com *.gstatic.com maps.googleapis.com *.multisafepay.com https://pay.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.google-analytics.com *.doubleclick.net *.google.com google.com *.googlesyndication.com *.googleadservices.com *.google.nl *.multisafepay.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za map.pargo.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.oppwa.com oppwa.com *.peachpayments.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
connect-src 'self' wss: ws: consentcdn.cookiebot.eu consent.cookiebot.com urkwvzhzpc.execute-api.eu-west-1.amazonaws.com *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com *.googleadservices.com *.google.com; default-src 'self' *.klaviyo.com  *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech  *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consent.cookiebot.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com *.sandbox.paypal.com *.paypal.com *.accounts.google.com; frame-ancestors 'self'; frame-src *.cookiebot.eu *.outfindo.com youtu.be *.klaviyo.com hubtiger.com  app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; style-src-elem 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io  *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; report-to csp-endpoint; 3
report-uri /es/Error/ReportCPS; 3
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 3
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 3
font-src *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.klevu.com *.ksearchnet.com *.fontawesome.com fonts.gstatic.com *.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com https://*.qliro.com https://*.vipps.no https://*.trustly.com https://*.ideal.nl https://*.apple.com https://*.unzer.com https://*.heidelpay.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ *.google.com/ https://cdn.lightwidget.com/ yotpo.com https://*.qliro.com *.cookiebot.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://www.magezon.com yotpo.com *.cookiebot.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ yotpo.com https://*.qliro.com *.cookiebot.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ yotpo.com *.cookiebot.com *.google-analytics.com *.googlesyndication.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com instantcredit.net test.instantcredit.net *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.paycomet.com api.paycomet.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: *.assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://images.unsplash.com *.doubleclick.net analytics.google.com *.cloudfront.net static-eu.payments-amazon.com assets.braintreegateway.com *.instantcredit.net instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.sooqr.com *.spotlersearch.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.doubleclick.net maps.googleapis.com *.ftcdn.net *.behance.net *.paypal.com *.gstatic.com validator.swagger.io *.cloudfront.net *.ssl-images-amazon.com *.media-amazon.com static-eu.payments-amazon.com assets.braintreegateway.com *.instantcredit.net www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com instantcredit.net test.instantcredit.net *.sooqr.com *.spotlersearch.com *.klarnacdn.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.spotlersearch.com maps.googleapis.com instantcredit.net *.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.sooqr.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://play-widget.pepperfinance.es/ https://instantcredit.net/ *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net 'self' https://*.uberall.com https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.doofinder.com https://images.unsplash.com https://cdn.scarabresearch.com https://static.scarabresearch.com https://snippet.plugins.emarsys.net https://*.uberall.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cdn.doofinder.com *.plugins.emarsys.net https://cdn.scarabresearch.com https://maps.googleapis.com https://snippet.plugins.emarsys.net https://static.scarabresearch.com https://locator.uberall.com https://*.uberall.com https://instantcredit.net/ https://code.jquery.com/ * *.fontawesome.com *.googleapis.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.doofinder.com https://play-widget.pepperfinance.es/ https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com https://recommender.scarabresearch.com *.eservice.emarsys.net https://play-merchant-config.pepperfinance.es/  https://play-api.peppermoneytest.es/ https://maps.googleapis.com https://player.vimeo.com https://cdn.scarabresearch.com https://snippet.plugins.emarsys.net https://*.uberall.com https://instantcredit.net/ https://test.instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://frontal-eu.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.bootstrapcdn.com maxcdn.bootstrapcdn.com data: 'self' data: d1tz4u8bvomi43.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com d1tz4u8bvomi43.cloudfront.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.facebook.com *.usercentrics.eu secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tokenization.secure.payone.com www.xtento.com d1tz4u8bvomi43.cloudfront.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com *.1rx.io *.3lift.com *.360yield.com *.adform.net *.adnxs.com *.adtriba.com *.amazonaws.com *.bidswitch.net *.bing.com *.casalemedia.com *.criteo.com *.demdex.net *.doubleclick.net *.emxdgt.com *.facebook.com maps.googleapis.com id5-sync.com *.ivitrack.com *.juneapp.com *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.roeye.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.snapchat.com squarelovin.com *.squarelovin.com *.taboola.com *.teads.tv *.tremorhub.com *.unrulymedia.com *.usercentrics.eu *.yieldlab.net *.yieldmo.com *.trustedshops.com flagpedia.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com d1tz4u8bvomi43.cloudfront.net *.google.de *.google.pl *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.dynamicyield.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.adtriba.com dwin1.com *.bing.com clarity.ms *.cloudflareinsights.com *.cloudfront.net *.criteo.com *.doubleclick.net *.facebook.net *.pinimg.com *.pinterest.com *.roeyecdn.com *.sc-static.net *.snapchat.com squarelovin.com *.squarelovin.com *.survicate.com *.usercentrics.eu *.getzowie.com *.eyefitu.com maps.googleapis.com *.trustedshops.com *.gstatic.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tokenization.secure.payone.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com d1tz4u8bvomi43.cloudfront.net *.brevo.com sibautomation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com squarelovin.com *.squarelovin.com *.cloudfront.net *.bootstrapcdn.com *.googleapis.com *.adtriba.com maxcdn.bootstrapcdn.com *.gstatic.com d.ratepay.com d.payla.io dr.payla.io src.mastercard.com d1tz4u8bvomi43.cloudfront.net 'self' 'unsafe-inline'; object-src d1tz4u8bvomi43.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net d1tz4u8bvomi43.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.dynamicyield.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.amazonaws.com *.cloudfront.net *.squarelovin.com *.usercentrics.eu maps.googleapis.com www.gstatic.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tokenization.secure.payone.com t.elasticsuite.io *.hsforms.net *.hsforms.com d1tz4u8bvomi43.cloudfront.net region1.analytics.google.com *.brevo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com d1tz4u8bvomi43.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9019ddbf-da08-455e-a3c6-d8ea66ab1180.sansec.watch/; report-to report-endpoint; 3
font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.klarna.com js.mollie.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com *.amazonaws.com https://widgets.trustedshops.com https://integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.magmodules.eu *.squeezely.tech https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.klarna.com *.klarnacdn.net *.klarnaservices.com js.mollie.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://widgets.trustedshops.com https://integrations.etrusted.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com squeezely.tech www.squeezely.tech *.squeezely.tech polyfill.io cdn.cookie-script.com gallery.cevoid.com inc.fotobehang.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnacdn.net *.fontawesome.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://maps.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://bat.bing.com https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hubspot.com https://js-eu1.hsadspixel.net https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com https://extend.vimeocdn.com https://connect.facebook.net https://snap.licdn.com https://bsqd.me; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.google.com/ccm https://maps.googleapis.com https://googleads.g.doubleclick.net https://bat.bing.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://cta-eu1.hubspot.com https://track-eu1.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://js-eu1.hs-analytics.net https://px.ads.linkedin.com https://bsqd.me wss://bsqd.me; img-src 'self' data: https://www.google.com https://www.google.nl https://maps.gstatic.com https://maps.google.com https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com https://track-eu1.hubspot.com https://perf-eu1.hsforms.com https://img.sct.eu1.usercentrics.eu https://px.ads.linkedin.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://consentcdn.cookiebot.eu https://player.vimeo.com https://www.youtube.com https://connect.facebook.net; 3
frame-ancestors 'self' *.volusion.com;default-src 'none' 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.gstatic.com www.apptrian.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.gstatic.com www.apptrian.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com www.apptrian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
upgrade-insecure-requests; default-src 'self' https://*.motorcar.com https://*.ebizautos.media; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; report-uri https://ebizautos.report-uri.com/r/t/csp/reportOnly; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ *.googleapis.com https://www.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://*.ekomiapps.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com https://www.facebook.com https://payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com www.google.com https://*.google.com *.doubleclick.net *.googlesyndication.com https://*.dpdconnect.nl account.fetchify.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.weltpixel.com https://web.facebook.com https://bid.g.doubleclick.net https://payflowlink.paypal.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://*.gstatic.com *.cdninstagram.com https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com cdn.doofinder.com https://*.googleapis.com https://*.googleusercontent.com *.fbcdn.net https://firebasestorage.googleapis.com www.facebook.com flagpedia.net ts.tradetracker.net www.magmodules.eu https://static-na.payments-amazon.com https://www.paypalobjects.com https://m.media-amazon.com https://bat.bing.com https://www.facebook.com https://www.google.com https://google.com https://www.google.co.in https://googleads.g.doubleclick.net *.ekomiapps.de *.visualwebsiteoptimizer.com api.taggrs.io *.floraconcepts.nl https://sst.maxifleur-kunstplanten.nl https://oct8neuploadcdneu.azureedge.net https://*.oct8ne.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.google.com *.google.bg https://www.googletagmanager.com/ *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com cdn.doofinder.com https://*.dpdconnect.nl https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com maps.googleapis.com tm.tradetracker.net https://www.googletagmanager.com tagmanager.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.hotjar.com https://www.paypal.com cdn.cookie-script.com *.visualwebsiteoptimizer.com sst.maxifleur-kunstplanten.nl *.ekomiapps.de maxifleur.floraconcepts.io *.crazyegg.com *.pinimg.com static-eu.oct8ne.com *.jquery.com *.pinterest.com *.bing.com https://cdn.leadinfo.net/ping.js https://*.ldnfrpl.com https://d5yoctgpv4cpx.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.doofinder.com cc-cdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com https://*.ekomiapps.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.google-analytics.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.doofinder.com wss://*.doofinder.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.ekomiapps.de *.oct8ne.com ct.pinterest.com *.crazyegg.com *.floraconcepts.io *.floraconcepts.nl https://*.leadinfo.net https://*.leadinfo.com https://sst.maxifleur-kunstplanten.nl https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://bat.bing.com https://bat.bing.net https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://online.fliphtml5.com/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://fledge.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.grupomonge.tt.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com https://ws.cs.1worldsync.com *.cloudflare.com https://bam.nr-data.net *.connect.facebook.net *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://grupomongeecommerceprd.112.2o7.net http://fonts.cdnfonts.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.grupomonge.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com https://bam.nr-data.net *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://analytics.tiktok.com *.firaonlive.com https://smetrics.verdugotienda.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://use.typekit.net https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com webetech.pl webep1.com *.inpost.pl fonts.googleapis.com https://fonts.bunny.net *.gls.com *.szybkapaczka.pl *.gls-poland.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://cookie.inpost.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com apm.przelewy24.pl webetech.pl webep1.com *.inpost.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.szybkapaczka.pl *.gls-poland.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://ekipatonosi.pl https://indeste.pl https://genzie.store https://influcenter.pl https://krakowkings.store https://hi-store.pl https://sklepbazy.pl https://sklepfazy.pl https://static.paynow.pl *.cloudfront.net https://player.vimeo.com https://www.google.pl https://www.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com track.webepartners.pl https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com *.szybkapaczka.pl *.gls-poland.com/ *.gls-poland.com.pl/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://ekipatonosi.pl https://indeste.pl https://genzie.store https://influcenter.pl https://krakowkings.store https://hi-store.pl https://sklepbazy.pl https://sklepfazy.pl https://static.paynow.pl https://developer.gls-poland.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl webetech.pl webep1.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.szybkapaczka.pl *.gls-poland.com/ sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://developer.gls-poland.com https://use.typekit.net https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com webetech.pl webep1.com *.inpost.pl https://fonts.bunny.net *.szybkapaczka.pl *.gls-poland.com/ sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.szybkapaczka.pl *.gls-poland.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl google.com www.google.com pay.google.com webetech.pl webep1.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.szybkapaczka.pl *.gls-poland.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://def9d71d-669f-4322-8f25-4ef099a2d33a.sansec.watch/; report-to report-endpoint; 3
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com gum.criteo.com fledge.eu.criteo.com *.cnstrc.com cnstrc.com graphical-editor.kameleoon.com *.vimeo.com vimeo.com www.googletagmanager.com 3
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://www.google.com https://www.gstatic.com https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com https://maps.google.com https://www.youtube.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.tisda.nl/csp-report.php; 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io s.ytimg.com tagmanager.google.com transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.firefox.com www.mozilla.org; base-uri 'none'; font-src 'self' www.firefox.com; frame-src 'self' accounts.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; img-src 'self' data: www.firefox.com www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.firefox.com; connect-src 'self' basket.mozilla.org cdn.transcend.io gtm.firefox.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.ingest.us.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com; default-src 'self' www.firefox.com; object-src 'none'; frame-ancestors 'none' 2
default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net connect.facebook.net *.betsolutions.com *.ertgaming.com *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net wss://*.sportradar.com *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.emxdgt.com *.sync.com *.ivitrack.com *.yieldmo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.7platform.com *.7platform.live *.nsoft-cdn.com *.launchdigi.net *.106digital.com *.gameturboz.cloud *.turboexplorer.online *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com *.dengage.com *.playbetman.com *.turbolabs.online *.aleaplay.com *.turbogg4u.online *.turbodiscovery.xyz *.ofmicropod.com *.dengagecdn.com launchdigi.net *.eskimi.com *.tiktok.com *.rsc.cdn77.org *.igamemedia.com *.castr.net data.widgets.sir.sportradar.com *.inseincvirtuals.com wss://data.widgets.sir.sportradar.com wss://*.sportradar.com wss://*.akamaized.net cdn.alsgp0.fds.api.mi-img.com apm-rum-sgp.inf.miui.com infragrid.v.network metrics-dre.dt.dbankcloud.cn cdn-uicons.flaticon.com *.cloudfront.net *.mobilproses.com *.codezania.com https://106gamesgalaxsys.online https://www.millipiyangoonline.com/ www.google.de www.google.com.cy www.google.nl www.google.fr www.google.co.uk www.google.iq www.google.ca www.google.pt www.google.ch www.google.bg www.google.az www.google.it www.google.no www.google.se www.google.com.sa www.google.com.qa www.google.ru www.google.be www.google.com.kw www.google.co.tz www.google.ro www.google.hu www.google.ba www.google.at www.google.rs *.millipiyangoonline.com www.google.dk www.google.co.uz www.google.dz www.google.es www.google.pl www.google.com.ly www.googletagmanager.com digital.millipiyangoonline.com www.google.at www.google.hu www.google.ro www.google.ru www.google.be dbox1.sisalsanstech.com www.millipiyangoonline.com pagead2.googlesyndication.com https://bulten.sm.mncdn.com sisal.queue-it.net; img-src * data:; report-uri /csp/cspreport/ 2
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2
default-src 'self';style-src 'self' 'unsafe-inline' https://use.typekit.net; object-src 'none'; base-uri 'self';worker-src 'none'; 2
require-trusted-types-for 'script';report-uri /us/_/BgcMiscSites/cspreport 2
default-src 'self' wwwv2.tailscale.com;	script-src 'self' wwwv2.tailscale.com bat.bing.com cdn.rudderlabs.com www.google-analytics.com www.googletagmanager.com www.google.com *.mutinycdn.com js.hs-scripts.com js.hs-banner.com js.hubspot.com js.hs-analytics.com *.hsforms.net unpkg.com snap.licdn.com www.redditstatic.com https://bwa.marketplace.awsstatic.com widget.kapa.ai;	connect-src 'self' wwwv2.tailscale.com login.tailscale.com bat.bing.com *.mutinyhq.io *.mutinycdn.com analytics.google.com www.google-analytics.com cdn.sanity.io unpkg.com *.rudderstack.com *.hubspot.com www.redditstatic.com pixel-config.reddit.com px.ads.linkedin.com https://medley.prod.irtysh.dubai.aws.dev proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai;	img-src 'self' wwwv2.tailscale.com cdn.sanity.io lh3.googleusercontent.com www.google-analytics.com *.hsforms.com alb.reddit.com px.ads.linkedin.com bat.bing.com track.hubspot.com;	frame-ancestors 'none';	form-action 'self' wwwv2.tailscale.com;	base-uri 'self' wwwv2.tailscale.com;	block-all-mixed-content;	object-src 'self' wwwv2.tailscale.com;	report-to csp-endpoint;	report-uri https://login.tailscale.com/csp-report; 2
script-src 'self' padlet.net maps.googleapis.com apis.google.com ta-echo.padlet.com api.commandbar.com cdn.commandbar.com app.getbeamer.com challenges.cloudflare.com embed.cloudflarestream.com cdn.usefathom.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' padlet.net fonts.googleapis.com cdn.commandbar.com app.getbeamer.com 'unsafe-inline'; font-src 'self' padlet.net fonts.gstatic.com data:; report-uri https://padlet.com/csp-report; 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://accounts.google.com https://analytics.google.com https://api.amplitude.com https://bi-beta.pst.tech https://bi.pst.tech https://bifrost-https-v4.gw.postman.com https://blog.postman.com https://dl.pstmn.io https://eo2kpuahxhuvgexlueall7gqzq0fihon.lambda-url.us-east-1.on.aws https://events.gw.postman.com https://events.rm-api.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://identity.getpostman-beta.com https://identity.getpostman.com https://lp.postman.com https://munchkin.marketo.net https://pages.getpostman.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://manifest.webmanifest https://ms1frkqnsp7r.statuspage.io https://run.pstmn.io https://skills-assets.pstmn.io https://st-ar.cdn.postman.com https://static.cloudflareinsights.com https://stats.g.doubleclick.net https://td.doubleclick.net https://voyager.postman.com https://web.postman.com https://www.googletagmanager.com https://www.slideshare.net https://snap.licdn.com https://www.google.com https://youtube.com https://*.youtube.com https://*.ytimg.com https://www.linkedin.com/px/ https://www.postman.com https://snap.licdn.com/ https://worldtimeapi.org https://maps.google.com https://*.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://bam.nr-data.net https://js-agent.newrelic.com https://res.cloudinary.com https://mkt.cdn.postman.com https://api.mapbox.com https://events.mapbox.com https://api.fpjs.io https://cdn.amplitude.com https://api2.amplitude.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://js.qualified.com wss://ws.qualified.com wss://ws2.qualified.com https://app.qualified.com https://api.company-target.com https://segments.company-target.com https://tag.demandbase.com https://tag-logger.demandbase.com https://s.company-target.com https://alb.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://*.hotjar.io https://*.hotjar.com wss://ws.hotjar.com https://cdn.segment.com https://api.cdp.postman.com https://api.segment.io https://evs.cdp.postman.com https://www.influ2.com https://t.influ2.com https://*.usbrowserspeed.com https://pxl.growth-channel.net https://tags.srv.stackadapt.com https://job-boards.greenhouse.io https://transcend-cdn.com https://telemetry.us.transcend.io https://unpkg.com/launchdarkly-js-client-sdk@3.8.1 https://app.launchdarkly.com/ https://events.launchdarkly.com https://tally.so/ https://postman.outgrow.us/ https://api-n.outgrow.co https://t.co/ https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://id.rlcdn.com https://cdn.cr-relay.com https://api.cr-relay.com https://cdn.vector.co https://api.vector.co https://*.liadm.com/ https://*.ip-api.com https://accretivemedia.go2cloud.org https://fast.wistia.net https://fast.wistia.com https://embed-ssl.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://embed-cloudfront.wistia.com https://postman.cdn.prismic.io https://static.cdn.prismic.io https://postman.prismic.io https://browser.sentry-cdn.com https://o1224273.ingest.us.sentry.io 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 2
child-src 'self' https://*.qualified.com; default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://*.qualified.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com wss://*.qualified.com https://*.qualified.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' mediastream: https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net https://*.qualified.com; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://*.qualified.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-qUCumqWBJj/7Cs/MqI+XwQ=='; style-src 'self' https://square-fonts-production-f.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com 'unsafe-inline' https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self';base-uri 'self';connect-src 'self' data: https: wss://keepalive.gotinder.com;script-src 'nonce-cQcmG9ELiMbbsWQspfSLZw==' 'strict-dynamic' 'unsafe-hashes' 'unsafe-eval' 'wasm-unsafe-eval' 'sha256-PLCxbpHSwAa8+W198R1KQQ9UDCexTvYy4z4YmCg21NM=' 'unsafe-inline';style-src 'self' 'unsafe-inline' blob: https://*.googleapis.com https://accounts.google.com;frame-src 'self' https:;frame-ancestors 'self';form-action 'self' https:;object-src 'none';img-src 'self' data: blob: https:;media-src 'self' data: https:;report-to tinderweb-csp-reports;font-src 'self' data: https:;manifest-src 'self' https: 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self'; report-uri /csp_report 2
default-src https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/JE8/GQUcaNigD https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/JE8/GQUcaNigD  https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/Y31EDVhzSmkGDzzOc5/XGQeKQE/MU5/zJiB0Sg0C  https://www.oreilly.com  * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb898c25826db9d251f99fdcece943792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:wordpress-prod-cluster; 2
frame-ancestors 'self'; report-to csp-endpoint 2
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 2
frame-src 'self' syndicatedsearch.goog *.google.com *.youtube.com vimeo.com *.vimeo.com *.podbean.com static.addtoany.com *.blackbaudhosting.com js.createsend1.com *.createsend.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com www.createsend.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com *.createsend.com www.createsend.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js *.simpli.fi https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' *.googleapis.com *.gstatic.com *.createsend1.com *.createsend.com *.blackbaudhosting.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com js.createsend1.com *.blackbaudhosting.com *.nla.gov.au *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://optly.heap.io https://www.googleoptimize.com https://www.googletagmanager.com https://cdn.us.heap-api.com https://marketo.clearbit.com https://*.wistia.net https://js.chilipiper.com https://js.driftt.com https://*.clearbit.com https://app-ab33.marketo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cookielaw.org https://*.ctfassets.net; img-src 'self' data: https://*.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://*.wistia.net https://heapanalytics.com https://*.clearbit.com https://*.doubleclick.net; connect-src 'self' https://*.contentful.com https://*.heap-api.com https://heapanalytics.com https://www.google-analytics.com https://*.wistia.net https://*.doubleclick.net https://*.cookielaw.org https://app-ab33.marketo.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.wistia.net https://*.marketo.com https://*.chilipiper.com; worker-src 'self' blob:; manifest-src 'self'; base-uri 'self'; form-action 'self' https://*.marketo.com; frame-ancestors 'self'; media-src 'self' https://*.wistia.net blob:; object-src 'none' 2
frame-ancestors 'self' https://*.kit.edu; report-uri /global-cgi-bin/csp-report; report-to csp-report 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
connect-src https:; child-src https:; default-src https:; font-src data: https:; form-action https:; frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; frame-src https:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https:; style-src-attr 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; worker-src blob:; report-uri https://csp.ffx.io/; report-to csp-endpoint 2
frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; worker-src blob:; report-uri https://www.sunrise.ch/csp-collector 2
frame-ancestors 'self' https://www.rferl.org/embed https://www.rferl.org/embed/player https://www.rferl.org/embed/player/0 https://www.rferl.org/embed/player/1 https://www.rferl.org/ext https://www.rferl.org/widget; report-uri https://csp.pangeadigital.io/cspreport 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:; script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:; style-src data: 'self' 'unsafe-inline' https:; img-src data: 'self' https: blob: android-webview-video-poster:; font-src 'self' https: data:; connect-src 'self' data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://prod.bhaskarapi.com/api/1.0/web-backend/csp-report; 2
frame-ancestors 'self'; report-uri /csp-report 2
base-uri 'self'; connect-src https: wss: blob:; default-src 'none'; font-src https: data:; frame-src https: blob:; img-src https: data: blob:; manifest-src 'self'; media-src https:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.compass.com https://app-glide.compass.com https://cdn.heapanalytics.com https://heapanalytics.com https://cdn.segment.com https://connect.facebook.net https://edge.fullstory.com/s/ https://maps.googleapis.com/maps/api/js/ https://static.zdassets.com/ekr/snippet.js https://static.filestackapi.com https://web-sdk.aptrinsic.com/api/aptrinsic.js https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://apis.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.stripe.com https://stats.pusher.com https://widget.intercom.io https://js.intercomcdn.com https://boards.greenhouse.io https://siteintercept.qualtrics.com https://zn0feyon15oqdwcu1-compass.siteintercept.qualtrics.com https://www.youtube.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hubspot.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://fast.wistia.com https://js.userpilot.io https://deploy.userpilot.io https://t.contentsquare.net https://consent.trustarc.com https://api.compass.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://code.jquery.com; script-src-elem 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.compass.com https://app-glide.compass.com https://cdn.heapanalytics.com https://heapanalytics.com https://cdn.segment.com https://connect.facebook.net https://edge.fullstory.com/s/ https://maps.googleapis.com/maps/api/js/ https://static.zdassets.com/ekr/snippet.js https://static.filestackapi.com https://web-sdk.aptrinsic.com/api/aptrinsic.js https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://apis.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.stripe.com https://stats.pusher.com https://widget.intercom.io https://js.intercomcdn.com https://boards.greenhouse.io https://siteintercept.qualtrics.com https://zn0feyon15oqdwcu1-compass.siteintercept.qualtrics.com https://www.youtube.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hubspot.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://fast.wistia.com https://js.userpilot.io https://deploy.userpilot.io https://t.contentsquare.net https://consent.trustarc.com https://api.compass.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://code.jquery.com; style-src 'report-sample' 'self' 'unsafe-inline' https://uc-frontend-assets.compass.com https://app-glide.compass.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.filestackapi.com https://web-sdk.aptrinsic.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com blob:; worker-src 'self' blob:; report-uri /csp-report/?key=new 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.eu https://content-wg.gcdn.co https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com https://api.worldoftanks.eu ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: agadata.online apis.google.com apps.rokt.com bat.bing.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com google-analytics.com googleads.g.doubleclick.net googletagmanager.com instagram.com js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com mountain.com nrdcapps.org pagespeed-mod.com pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net scrible.com scripts.clarity.ms snapchat.com tags.srv.stackadapt.com tiktok.com tp88trk.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com unpkg.com vimeo.com youtube.com https://static.cloudflareinsights.com/* https://www.googletagmanager.com/* https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' data: agadata.online apis.google.com apps.rokt.com bat.bing.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com google-analytics.com googleads.g.doubleclick.net googletagmanager.com instagram.com js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com mountain.com nrdcapps.org pagespeed-mod.com pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net scrible.com scripts.clarity.ms snapchat.com tags.srv.stackadapt.com tiktok.com tp88trk.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com unpkg.com vimeo.com youtube.com https://www.googletagmanager.com https://static.cloudflareinsights.com https://analytics.tiktok.com https://snap.licdn.com https://www.tp88trk.com https://px.mountain.com https://dx.mountain.com https://tr.snapchat.com https://gs.mountain.com https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://www.nrdcapps.org https://platform.instagram.com https://js.ipredictive.com https://sc-static.net https://tags.srv.stackadapt.com https://try.abtasty.com https://apps.rokt.com https://www.instagram.com https://s.yimg.com https://cdn.cookielaw.org https://cdn.clinch.co blob: https://unpkg.com https://www.youtube.com https://infird.com https://www.tiktok.com https://ff.kis.v2.scr.kaspersky-labs.com *.mountain.com https://static.cloudflareinsights.com/ https://googleads.g.doubleclick.net/* https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.honey.io tags.srv.stackadapt.com www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' blob: cdn.honey.io lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org sf16-website-login.neutral.ttwstatic.com tags.srv.stackadapt.com www.googletagmanager.com www.gstatic.com www.nrdcapps.org www.scrible.com https://tags.srv.stackadapt.com/sa.css https://adblockers.opera-mini.net cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self' 2
base-uri 'self'; default-src 'self' *.atl-paas.net; script-src 'self' 'unsafe-inline' *.atl-paas.net https://recaptcha.net https://www.recaptcha.net https://accounts.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' *.atl-paas.net; img-src 'self' *.atl-paas.net; font-src 'self' *.atl-paas.net; frame-ancestors 'none'; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/id-frontend; report-to csp-default-endpoint; connect-src 'self' *.atl-paas.net https://*.atlassian.com https://*.ingest.sentry.io; object-src 'none' 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://f.hellowork.com/ www.googletagmanager.com accounts.google.com t.screeb.app cdn.platform.openai.com module.hellocv.com t.hellowork.com/ f.hellowork.com tag.aticdn.net hellowork.piwik.pro scripts.clarity.ms www.clarity.ms pagead2.googlesyndication.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.net analytics.tiktok.com snap.licdn.com sc-static.net tr.snapchat.com bat.bing.com websdk.appsflyer.com www.tiktok.com www.instagram.com platform.twitter.com; style-src 'self' https://f.hellowork.com/ 'unsafe-inline' accounts.google.com; connect-src 'self' https://f.hellowork.com/ *.googletagmanager.com api.jobijoba.com cdn.jobijoba.com module.hellocv.com o4509546971070464.ingest.de.sentry.io sentry.jobijoba.net accounts.google.com csi.gstatic.com t.hellowork.com/ hellowork.piwik.pro *.hellowork.com *.clarity.ms *.google.com pagead2.googlesyndication.com www.googleadservices.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net td.doubleclick.net stats.g.doubleclick.net bat.bing.com bat.bing.net connect.facebook.net www.facebook.com px.ads.linkedin.com *.snapchat.com analytics.tiktok.com analytics-ipv6.tiktokw.us banner.appsflyer.com cdn.platform.openai.com; img-src 'self' data: https://f.hellowork.com/ www.googletagmanager.com fonts.gstatic.com cdn.jobijoba.com *.clarity.ms api.holeest.com www.googleadservices.com pagead2.googlesyndication.com www.google.be www.google.co.ma www.google.com www.google.dz www.google.fr storage.googleapis.com bat.bing.com bat.bing.net *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net td.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.facebook.com px.ads.linkedin.com syndication.twitter.com i.vimeocdn.com s1.dmcdn.net; font-src 'self' https://f.hellowork.com/ cdn.jobijoba.com fonts.gstatic.com; frame-src 'self' www.googletagmanager.com accounts.google.com cdn.platform.openai.com geo.dailymotion.com www.dailymotion.com www.instagram.com www.tiktok.com platform.twitter.com player.vimeo.com www.youtube-nocookie.com tr.snapchat.com securepubads.g.doubleclick.net www.facebook.com td.doubleclick.net; worker-src blob:; report-uri https://o4509546971070464.ingest.de.sentry.io/api/4509688537350225/security/?sentry_key=5a5877585a827bd206221e450ced9ea3 2
default-src 'self' ; connect-src 'self' https://*.clarity.ms https://www.google.com https://analytics.google.com https://pixelconnector.pixeltracker.co https://www.google-analytics.com https://insight.adsrvr.org https://tr.snapchat.com https://app.heyhalda.com https://analytics.heyhalda.com https://tr6.snapchat.com https://o.clarity.ms https://analytics.tiktok.com https://ip.veritonicmetrics.com https://mgln.ai https://atr.veritonicmetrics.com https://pixels.spotify.com https://px.ads.linkedin.com; script-src 'self' 'unsafe-inline' https://use.typekit.net https://www.googletagmanager.com https://platform.twitter.com https://www.youtube.com https://tracker.pixeltracker.co https://sc-static.net https://js.adsrvr.org https://googleads.g.doubleclick.net https://siteimproveanalytics.com https://connect.facebook.net https://app.heyhalda.com https://snap.licdn.com https://analytics.tiktok.com https://js.ipredictive.com https://cdn.veritonic.com https://pixel.byspotify.com https://cdn.mgln.ai https://www.clarity.ms https://tr.snapchat.com; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://app.heyhalda.com https://www.googletagmanager.com https://use.typekit.net https://platform.twitter.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://js.adsrvr.org https://snap.licdn.com https://tracker.pixeltracker.co https://analytics.tiktok.com https://js.ipredictive.com https://cdn.veritonic.com https://pixel.byspotify.com https://cdn.mgln.ai https://googleads.g.doubleclick.net https://clarity.ms https://siteimproveanalytics.com https://tr.snapchat.com https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://use.typekit.net; font-src 'self'  https://use.typekit.net; img-src 'self' data: https://*.cdninstagram.com https://instagram.f* https://graph.instagram.com https://www.linkedin.com https://c.clarity.ms https://s.gravatar.com https://*.wp.com https://cdn.auth0.com https://p.typekit.net https://tvspix.com https://www.google.com https://tr.snapchat.com https://66356254.global.siteimproveanalytics.io https://www.facebook.com https://px.ads.linkedin.com https://www.googletagmanager.com https://mgln.ai https://pixel.tapad.com https://us.mgln.ai; frame-src 'self' https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://platform.twitter.com https://insight.adsrvr.org https://ad.ipredictive.com; media-src 'self' https://*.cdninstagram.com https://instagram.f* https://graph.instagram.com; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.pie.org/ https://www.google.com/recaptcha/ https://accounts.google.com/ https://www.gstatic.com/ https://adblockforyoutube.com/ https://www.adblockforyoutube.com/; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *; object-src 'none'; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://cdn.pie.org; connect-src 'self' https://*.pie.org https://cdn.segment.com https://cdn.lottielab.com https://browser-intake-us5-datadoghq.com https://www.google.com/recaptcha/ https://adblockforyoutube.com https://www.adblockforyoutube.com; frame-src 'self' https://accounts.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://recaptcha.google.com/ https://adblockforyoutube.com/ https://www.adblockforyoutube.com/; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self'; script-src 'report-sample' 'self'   https://7052064.fs1.hubspotusercontent-na1.net   https://a.omappapi.com   https://app.hubspot.com   https://assets.apollo.io   https://cdn.demio.com   https://cdn.propensity.com   https://cdnjs.cloudflare.com   https://code.jquery.com   https://googleads.g.doubleclick.net   https://import-cdn.default.com   https://js.hscollectedforms.net   https://js.navattic.com   https://platform.linkedin.com   https://s3-us-west-2.amazonaws.com   https://snap.licdn.com   https://static.hsappstatic.net   https://www.googleadservices.com   https://www.googletagmanager.com   https://www.redditstatic.com   https://js.hs-analytics.net   https://js.hs-scripts.com; style-src 'report-sample' 'self'   https://7052064.fs1.hubspotusercontent-na1.net   https://ajax.googleapis.com   https://cdn.demio.com   https://cdnjs.cloudflare.com   https://fonts.googleapis.com   https://kit-free.fontawesome.com   https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self'   https://a.omappapi.com   https://analytics.google.com   https://aplo-evnt.com   https://app.hubspot.com   https://cp.hubspot.com   https://forms.default.com   https://forms.hsforms.com   https://geo.demio.com   https://js.hs-banner.com   https://nucleus.default.com   https://pixel-config.reddit.com   https://px.ads.linkedin.com   https://www.cloudflare.com   https://www.google.com   https://www.redditstatic.com   https://z.omappapi.com   https://api.hsforms.com   https://api.hubapi.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'   https://forms.hsforms.com   https://play.hubspotvideo.com   https://scheduler.default.com   https://td.doubleclick.net   https://www.googletagmanager.com; img-src 'self'   https://a.omappapi.com   https://alb.reddit.com   https://forms-na1.hsforms.com   https://forms.hsforms.com   https://forms.hubspot.com   https://googleads.g.doubleclick.net   https://px.ads.linkedin.com   https://static.hsappstatic.net   https://track.hubspot.com   https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://6823595ee2a3634bf77e7bfe.endpoint.csper.io?builder=true&v=2; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src 'self' 'unsafe-inline' https: data:;connect-src https: wss:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data: blob:;media-src https: blob:; report-uri /csp_rep 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-to default; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc&sentry_environment=&sentry_release=1.2.65 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.byted-static.com *.bytedapm.com *.bytegoofy.com *.bytescm.com *.feishu-boe.cn *.feishu.cn *.feishucdn.com *.framer.com *.hubspot.com *.ibytedapm.com *.ibytedtos.com *.larksuite-boe.com *.larksuite.com *.larksuitecdn.com *.ocic-static.com *.snssdk.com *.yahoo.co.jp https://framer.com https://accounts.google.com https://app.factors.ai https://bat.bing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://framerusercontent.com https://googleads.g.doubleclick.net https://googletagmanager.com https://hm.baidu.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.intercomcdn.com https://s.yimg.jp https://scout-cdn.salesloft.com https://sf16-website-login.neutral.ttwstatic.com https://snap.licdn.com https://static.ads-twitter.com https://widget.intercom.io https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://zz.bdstatic.com; worker-src 'self' blob:; report-to csp-endpoint 2
connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://youtube.com https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net; manifest-src 'self' https://cdn.wrike.com https://cdn.wrike-cn.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.google-analytics.com https://*.usercentrics.eu https://*.marketo.com https://*.marketo.net https://apis.google.com https://bat.bing.com https://cdn.ravenjs.com https://connect.facebook.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://snap.licdn.com https://static.ads-twitter.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962492627/ https://pagead2.googlesyndication.com/pagead/conversion/962492627/ https://s.yimg.jp/images/listing/tool/cv/ytag.js https://tag.demandbase.com/63365c817f510bbb.min.js https://api.tomi.ai/029/loader.js https://tags.srv.stackadapt.com/events.js https://s.yimg.jp/images/listing/tool/cv/conversion.js https://cdn.metadata.io https://js.partnerstack.com/v1/ https://www.clarity.ms/ https://tracking.intentsify.io/ https://b97.yahoo.co.jp/pagead/conversion_async.js https://ad.doubleclick.net/ddm/adj/N1344363.197812NSO.CODESRV/ https://*.d41.co https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://static.cloudflareinsights.com https://*.goldcast.io https://fast.wistia.com https://js.qualified.com https://static.axept.io; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website; 2
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 2
default-src 'self' *.sleeknote.com https://*.kindlycdn.com *.boozt.com *.klarna.com *.booztx.com wss://ws-eu.pusher.com:443 https://*.pusher.com checkout-cdn.avarda.com wss://sage.kindly.ai static.criteo.net wss://ws-eu.pusher.com https://*.kindly.ai *.booztcdn.com; script-src 'self' data: blob: *.rewardspay.com static.cloudflareinsights.com dp64mxip2za0c.cloudfront.net www.barilliance.net cdn.avo.app *.booztcdn.com www.googleoptimize.com www.googletagmanager.com analytics.tiktok.com *.clarity.ms cookie-cdn.cookiepro.com atemda.com  script.koral.nu hst.tradedoubler.com cdn.loadbee.com the.sciencebehindecommerce.com bat.bing.com *.zenaps.com s2.adform.net tagmanager.google.com vc.hotjar.io cdn.noibu.com *.sleeknote.com widget.eu.criteo.com tr.snapchat.com yastatic.net *.adyen.com googleads.g.doubleclick.net tracking.s24.com *.contentsquare.net cm.g.doubleclick.net *.issuu.com euob.isstarsbuilding.com cdn.cookielaw.org *.flixcar.com web-assets.stylitics.com s.pinimg.com pagead2.googlesyndication.com cdn.siftscience.com www.gstatic.com bam-cell.nr-data.net *.kronor.io www.googleadservices.com www.snapengage.com avdonl0p0checkout0fe.blob.core.windows.net 7276578.collect.igodigital.com www.awin1.com *.booztx.com connect.facebook.net bugcrowd.com track.adform.net www.datadoghq-browser-agent.com cdn.depict.ai ct.pinterest.com *.freshchat.com  obseu.isstarsbuilding.com *.criteo.com www.dwin1.com d38knilzwtuys1.cloudfront.net *.klarnacdn.net *.klarna.com sc-static.net sslwidget.criteo.com assets.bugcrowdusercontent.com *.google.com dev.visualwebsiteoptimizer.com cdn.evgnet.com *.google-analytics.com *.booztcdn.com *.boozt.com privacyportal.onetrust.com s3.amazonaws.com  maps.googleapis.com static.criteo.net *.tradedoubler.com swrap.tradedoubler.com chat.kindlycdn.com *.trustpilot.com www.google.com *.boozt.com tag.smartly.io bam.nr-data.net *.hotjar.com sdk.privacy-center.org geolocation.onetrust.com optimize.google.com lcx-embed.bambuser.com *.liveshopper.net widget.criteo.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' cdn.honey.io *.booztx.com *.boozt.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com chat.kindlycdn.com avdonl0p0checkout0fe.blob.core.windows.net *.avarda.com data: *.booztcdn.com  data: ; img-src optimize.google.com data: https: data: blob: 'unsafe-inline'; connect-src 'self' data: chat.kindlycdn.com *.google.com.pr www.bing.com www.googletagmanager.com *.google.com.kh bam.nr-data.net *.google.fr *.google.co.jp checkout-cdn.avarda.com wss://input.noibu.com *.google.com.eg *.google.by boozt.com *.google.com.ni *.criteo.net *.googleapis.com *.googleapis.com dev.visualwebsiteoptimizer.com *.loadbee.com *.google.mn *.google.com.lb *.google.be *.google.co.nz *.google.ps *.googleoptimize.com *.google-analytics.com *.google.com.tw *.google.com.cu analytics.tiktok.com *.google.com.np *.stylitics.com *.google.mk *.google.co.ke *.adzerk.net *.google.sk *.google.com.mt obseu.isstarsbuilding.com *.google.com.uy *.kronor.io *.google.ro api.dialogintelligens.dk *.analytics.google.com tr.snapchat.com *.google.lv *.google.com.au *.adform.net *.google.com.et wss://proxy.depict.ai:7315 *.google.com.ec *.google.md *.google.com.co *.google.ae analytics.sleeknote.com bot.kindly.ai *.google.co.zw translate.googleapis.com *.google.com.sa *.clarity.ms *.hotjar.com partner.revieve.com  spk.boozt.com cdn.cookielaw.org *.snapchat.com *.onetrust.com *.google.ie vc.hotjar.io *.google.ch *.google.tn *.google.co.id *.google.cl *.google.mw *.datadoghq-browser-agent.com *.google.ba www.snapengage.com *.google.gl *.google.com.bo *.google.es *.google.co.th input.noibu.com *.avarda.com *.google.ci *.google.gr *.google.com.hk unpkg.com *.privacy-center.org *.criteo.net *.google.co.il *.google.am *.browser-intake-datadoghq.eu *.google.com.bh *.google.com *.evergage.com *.google.com.ar *.criteo.com *.google.com.ly adservice.google.com *.google.so *.booztx.com *.boozt.com *.google.co.tz *.google.com *.google.me *.google.mv *.clarity.ms google.com *.google.co.za api.depict.ai *.klarnacdn.net *.google.com.vn kronor.io bam-cell.nr-data.net www.getpica.com *.google.com.qa *.booztcdn.com *.logs.datadoghq.eu  *.hotjar.io browser-intake-datadoghq.eu *.google.ru *.google.pt *.google.co.cr app.vwo.com *.google.com.tr *.google.lu *.contentsquare.net *.hotjar.com dawa.aws.dk *.google.lt sp.boozt.com *.doubleclick.net *.google.co.bw *.google.com.gh *.google.no *.sleeknote.com *.google.com.bd *.google.com.kw *.visualwebsiteoptimizer.com *.google.ge *.google.com.pe *.google.com.sg *.google.it pagead2.googlesyndication.com www.facebook.com wss://kronor.io *.google.al *.google.com.br *.google.com.ua *.google.co.vi *.google.co.ck www.googleadservices.com *.google.mu *.google.az stats.g.doubleclick.net *.google.bi *.google.lt *.google.com.na *.klarna.com *.google.ee *.google.cz *.google.com.pk *.google.gm *.google.fi *.hotjar.io media.flixfacts.com api.avo.app *.google.com.do *.google.sc *.google.rs *.google.hu *.google.si *.google.co.uz ct.pinterest.com *.google.sr *.google.iq *.google.co.zm *.google.hr *.google.tg *.google.co.uk *.google.lk *.google.com.jm *.google.kg *.google.com.af bat.bing.net *.google.pl *.google.com.ph *.google.nl *.google.cn *.google.cv wss://ws-eu.pusher.com *.contentsquare.com *.google.com.my *.google.bg fpt.boozt.com bat.bing.com *.google.is *.google.at *.google.com.mx *.google-analytics.com *.google.bt dev.visualwebsiteoptimizer.com *.klarnaevt.com code.jquery.com *.google.ca *.google.com.cy *.google.jo *.hotjar.com *.google.co.ma *.google.de *.adyen.com *.google.ga *.google.kz *.avarda.org; child-src 'self' td.doubleclick.net js.klarna.com tr.snapchat.com track.adform.net ct.pinterest.com www.googletagmanager.com *.freshchat.com *.trustpilot.com static.criteo.net fpt.boozt.com *.google-analytics.com *.criteo.com *.hotjar.com blob: ; frame-src 'self' www.instagram.com *.secure2gw.ro *.otpbanka.hr *.sbanken.no *.fuib.com *.klarnacdn.net *.ing.ro td.doubleclick.net www.securesuite.co.uk static.criteo.net *.criteo.com static.criteo.net *.adyen.com widget.eu.criteo.com *.op.fi *.issuu.com www.facebook.com chatbot.dialogintelligens.dk payment-gateway.kronor.io *.trustpilot.com *.edb.com *.rewardspay.com *.sibs.pt sc-static.net bid.g.doubleclick.net *.cardinalcommerce.com *.komplettbank.se www.rsa3dsauth.co.uk vc.hotjar.io *.snapchat.com *.skandia.se web.facebook.com *.nordea.com *.rpc-raiffeisen.com *.redsys.es trustly.com *.trustly.com *.freshchat.com *.booztcdn.com bugcrowd.com td.doubleclick.net *.saastopankki.fi *.lcl.fr the.sciencebehindecommerce.com *.komplettbank.com *.hcaptcha.co *.arcot.com gum.criteo.com xn--nskeskyen-k8a.dk *.klarna.com *.estcard.ee *.netcetera-payment.ch *.vinea.es optimize.google.com *.bpcbt.com lcx-player.bambuser.com *.hotjar.com *.alandsbanken.fi *.kronor.io *.wirecard.com *.signicat.com *.targobank.de *.swedbank.lt *.rabobank.nl player.vimeo.com *.sparebank1.no cdn.depict.ai *.boozt.com *.sia.eu *.sparkassen-kreditkarten.de *.modirum.com www.awin1.com *.danskebank.com *.btrl.ro gum.criteo.com *.zenaps.com widget.koral.nu assets.pinterest.com www.facebook.com *.fio.cz *.nexi.it td.doubleclick.net *.3dsecure.no *.wlp-acs.com staticxx.facebook.com *.loadbee.com *.nbg.gr ct.pinterest.com *.swedbank.se *.flixcar.com *.eewosecure.com acs-safekey.americanexpress.com track.adform.net dis.eu.criteo.com www.googletagmanager.com *.citadele.lv *.booztx.com  www.getpica.com *.touch.tech *.luottokunta.fi *.creditmutuel.fr *.cmbchina.com; style-src 'self' *.freshchat.com *.adyen.com cdn.cookielaw.org privacyportal.onetrust.com *.booztx.com *.booztcdn.com optimize.google.com *.boozt.com fonts.googleapis.com d38knilzwtuys1.cloudfront.net tagmanager.google.co geolocation.onetrust.com *.stylitics.com *.kronor.io chat.kindlycdn.com *.flixcar.com cdn.honey.io cookie-cdn.cookiepro.com translate.googleapis.com blob: data: blob: 'unsafe-inline'; manifest-src 'self' *.booztx.com *.boozt.com *.booztcdn.com; media-src 'self' data: *.booztcdn.com storage.googleapis.com *.booztx.com www.snapengage.com; frame-ancestors 'self' ; report-uri /csp-report/; report-to csp-reports 2
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.vimeo.com; style-src 'self' 'unsafe-inline' https: *.google.com *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com; img-src 'self' data: blob: https: *; font-src 'self' data: https: *.gstatic.com kit.fontawesome.com; connect-src 'self' https: wss: *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com; frame-src 'self' https: www.youtube.com player.vimeo.com *.google.com; media-src 'self' https:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://cspreports.desarrollotrevenque.com/api/csp-report/606018d5-b6db-426c-b949-d1cdd5e7e18c; 2
default-src 'self'; media-src 'self'; connect-src 'self' https://vpncdn.protonweb.com https://account.proton.me https://account.protonvpn.com https://telemetry.protonvpn.com *.metrics.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://vpncdn.protonweb.com; style-src 'self' 'unsafe-inline' https://vpncdn.protonweb.com; font-src 'self' https://vpncdn.protonweb.com; img-src 'self' data: blob: https:; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://www.openstreetmap.org; object-src 'self' data: blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' https://vercel.live https://challenges.cloudflare.com https://cdnjs.cloudflare.com https://*.posthog.com https://www.googletagmanager.com https://static.cloudflareinsights.com https://clerk.arena.ai https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://vercel.live https://challenges.cloudflare.com https://cdnjs.cloudflare.com https://*.posthog.com https://www.googletagmanager.com https://arena.ai https://static.cloudflareinsights.com/ https://clerk.arena.ai https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://challenges.cloudflare.com https://vercel.live https://us.posthog.com; img-src 'self' data: blob: https://challenges.cloudflare.com https://*.posthog.com https://vercel.live https://vercel.com https://*.27c852f3500f38c1e7786e2c9ff9e48f.r2.cloudflarestorage.com https://lh3.googleusercontent.com https://*.googletagmanager.com; connect-src 'self' https://arena.ai https://vercel.live wss://ws-us3.pusher.com https://*.posthog.com https://posthog.com https://challenges.cloudflare.com https://unpkg.com/@rive-app/ https://clerk.arena.ai https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.27c852f3500f38c1e7786e2c9ff9e48f.r2.cloudflarestorage.com; frame-src 'self' https://vercel.live https://challenges.cloudflare.com https://www.google.com https://*.arena.site https://*.staging.arena.site; font-src 'self' data: https://vercel.live https://assets.vercel.com https://*.gstatic.com; worker-src 'self' blob: 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
worker-src blob: 'self';font-src data: https: 'self';img-src data: https: 'self';media-src https: 'self';connect-src https://*.google.com https://cea.formstack.com https://consent.cookie-script.com/ https://cookie-script.com https://edge.api.brightcove.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://metrics.brightcove.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.google.com https://www.redditstatic.com 'self';script-src https://*.google.com https://cdn.clinch.co https://cea.formstack.com https://connect.facebook.net https://consent.cookie-script.com/ https://cookie-script.com https://edge.api.brightcove.com https://players.brightcove.net https://snap.licdn.com https://static.formstack.com https://www.google.com https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'sha256-DsBFEDeAVB8NfiULTlZ50vO8T1PBE1Z23d41C/l2PuY=' 'sha256-P6r4MES3B1SQPyCLTBrmNBJPZsVpoEzrg/Dzfu8xk/w=' 'sha256-yTjADT6NV2O6PKU2MuEDM2Na3ABcSUsRuRkMDHUsvjQ=' 'unsafe-eval' 'unsafe-hashes';style-src https://fonts.googleapis.com 'self' 'unsafe-hashes' 'unsafe-inline';frame-src https://player.cohostpodcasting.com https://www.google.com 'self';base-uri 'self';default-src 'self';manifest-src 'self' 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://assignments.edu.cloud.microsoft https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft https://m365.cloud.microsoft https://sbrprodprv.www.office.com https://scuprodprv.www.office.com https://fa000000174.resources.office.net https://outlook.office.com https://planner.cloud.microsoft; base-uri 'none'; manifest-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; script-src 'self' 'wasm-unsafe-eval' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-VCkGe6AeV2B4vV7flXt9Dkkp04wMc8zq7faHdRwhOx0=' 'sha256-Wmg7miLkEVn5v393z4Ch7lbKnpNnLZhnVOk/iJN1miE='; style-src 'self' 'unsafe-inline' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://whiteboard.svc.cloud.microsoft/sync wss://whiteboard.svc.cloud.dev.microsoft/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
default-src data: blob: 'unsafe-eval' 'unsafe-inline' px-client.net px-cdn.net pxchk.net perimeterx.net px-cloud.net https: 'self'; script-src 7299633.collect.igodigital.com ajax.cloudflare.com *.bazaarvoice.com bs.serving-sys.com cdn.evgnet.com/beacon/liderdomicilio/pruebas/scripts/evergage.min.js connect.facebook.net deploy.mopinion.com googleads.g.doubleclick.net *.lider.cl media.richrelevance.com recs.richrelevance.com s3.amazonaws.com/mapcity-assets/leaflet-0.7.3/leaflet.js secure-ds.serving-sys.com services.mapcity.com static.cloudflareinsights.com www.google-analytics.com www.google.com www.googletagmanager.com *.googleapis.com static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js *.googleadservices.com *.gstatic.com cdn-widgets.chattigo.com media.flixfacts.com media.flixcar.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; report-uri https://csp.walmart.com/c/r/liders 2
default-src 'self' https://d3q9kdqrtloda.cloudfront.net/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://c1001.report.gbss.io/ https://analytics.tiktok.com/ https://forms.hubspot.com/ https://region1.analytics.google.com/ https://*.analytics.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com/ https://*.onetrust.com/ https://cambridgeenglish.formstack.com/forms/ieltstrf https://cambridgeenglish.formstack.com/forms/ielts_recognising_organisation https://cambridgeenglish.formstack.com/; style-src 'self' 'unsafe-inline' https://static.formstack.com/forms/css/ https://static.formstack.com/common/css/ https://cdn.craft.cloud; script-src 'self' https://www.youtube.com/ https://cambridgeenglish.formstack.com/forms/ 'sha256-5woGd/mZkUg7jRI9rPBZPHKC+LdyheFkTyKDMVNRNAs=' https://static.hotjar.com/c/ https://static.formstack.com/forms/js/ 'sha256-BEia3zQX2ZCFqcEfWBg9chT7nMc26YOr506FmhGqIfE=' 'sha256-z+rMOYNYmUbRI0OKIZH9HZneWmS3dJkEIDLisI+5LwI=' 'sha256-4QifgdTNZlur9Y/OOGOV3SggRLnQQR4peyehG9Y5buo=' https://www.google.com/ https://www.gstatic.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ 'sha256-rbMVlXlWb1FxlmTxqO6hQI+5VPCMoqHMqeyWMrzk9E4=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-/6m2tVE+3ZAyrBnUps+rDpHpCwMi0VgW9mdVym2y2cE=' 'sha256-nanbr0ZSJrOvEvr6c5gV8UarYfjNXF+TAtmA9GjvyJ0=' 'sha256-ATpn7Ex50rRSNqmoA432bWfqvlsGB6CD/7fE2WtoU5A=' 'sha256-iXVjrS+TzaVqRdjZV8gecO6OkuAcobYu2OjiJVT8LYU=' 'sha256-+WTu64J4HVaiLZC0nSjR9XxbZZg1xX7cdNM/WA/pDcQ=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' 'sha256-xc61KVzUrz5aO4ACQyRqjH2fPpfIb/xoMmSSEiU+PWU=' 'sha256-wyNlDF2abbsDx6TZogcKckBQwZ4N8qFR3SAepboU7Sk=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' blob: 'unsafe-eval' https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com https://www.googleadservices.com/ https://connect.facebook.net/ https://a.quora.com/ https://js.hs-scripts.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://cl.qualaroo.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hubspot.com/ https://cdn.gbqofs.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://snap.licdn.com/ https://14d7fb0767d540569b202283222297c0.js.ubembed.com/ 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; object-src 'none'; font-src 'self' https://static.formstack.com/forms/fonts/; img-src 'self' data: https://d3q9kdqrtloda.cloudfront.net/ https://s3.eu-west-2.amazonaws.com/ielts-web-static/ www.googletagmanager.com https://i.ytimg.com/ https://cdn-ukwest.onetrust.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://t.co https://analytics.twitter.com/ https://www.facebook.com/ https://q.quora.com/ https://adservice.google.com/ https://perf-na1.hsforms.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://www.google-analytics.com/ https://*.linkedin.com/ https://*.amazonaws.com/ielts-web-static/ https://adservice.google.co.uk/ https://cdn.craft.cloud; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://dntcl.qualaroo.com/ https://td.doubleclick.net/ https://cambridgeenglish.formstack.com/ https://*.formstack.com https://www.googletagmanager.com/; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' *.insight.com *.drift.com *.driftcdn.com *.launchdarkly.com www.googletagmanager.com play.vidyard.com *.aimtell.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.insight.com *.adroll.com *.atgsvcs.com *.custhelp.com *.webcollage.net *.driftt.com *.google.com *.marketo.com *.doubleclick.com *.doubleclick.net *.qualtrics.com assets.adobedtm.com cdn.lr-in-prod.com cdn.pricespider.com munchkin.marketo.net play.vidyard.com s.go-mpulse.net up.pixel.ad use.typekit.net ws.cs.1worldsync.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.youtube.com apps.bazaarvoice.com static.ads-twitter.com cdn-ukwest.onetrust.com cdn01.basis.net cdns.eu1.gigya.com code.jquery.com content.syndigo.com js.adsrvr.org *.cnetcontentsolutions.com mpsnare.iesnare.com unpkg.com www.googleadservices.com bat.bing.com cdn.cs.1worldsync.com cdn.tt.omtrdc.net connect.facebook.net i.simpli.fi lex.33across.com px.ads.linkedin.com s3.amazonaws.com snap.licdn.com *.hotjar.com t.sellpoints.com tracking.intentsify.io view.ceros.com w.usabilla.com ws.zoominfo.com xiecomm.paymetric.com blob:; style-src 'self' 'unsafe-inline' *.insight.com *.drift.com *.marketo.com code.jquery.com cdn.cs.1worldsync.com fonts.googleapis.com cdn.tt.omtrdc.net; img-src * data:; font-src 'self' data: *.insight.com fonts.gstatic.com use.typekit.net cdn.cs.1worldsync.com insightenterprises.qualtrics.com s.nsit.com svcs.tql.com at.alicdn.com; connect-src 'self' *.akamaihd.net *.clarity.ms *.gigya.com *.google.com *.google-analytics.com *.googlesyndication.com *.insight.com *.launchdarkly.com *.mktoresp.com *.akstat.io *.go-mpulse.net *.onetrust.com insightenterprises.tt.omtrdc.net stats.g.doubleclick.net www.google-analytics.com 366-uky-221.mktoutil.com adservice.google.com bat.bing.com cdn.aimtell.io cdn.linkedin.oribi.io cert-xiecomm.paymetric.com content.syndigo.com dpm.demdex.net et-qalogin.insight.com integration.richrelevance.com r.lr-in-prod.com rules.atgsvcs.com signals.aimtell.com sjrtp2.marketo.com smetrics.insight.com *.bazaarvoice.com ws.zoominfo.com *.adroll.com play.vidyard.com *.richrelevance.com www.facebook.com siteintercept.qualtrics.com *.googletagmanager.com; media-src player.vimeo.com www.youtube.com; object-src *.insight.com; frame-src 'self' *.adsrvr.org pixel.sitescout.com insight.demdex.net js.driftt.com app-abm.marketo.com centinelapistag.cardinalcommerce.com cert-xiecomm.paymetric.com html5-player.libsyn.com insightent.wufoo.com *.insight.com play.vidyard.com view.ceros.com www.youtube.com *.marketo.com *.doubleclick.net *.everestjs.net cbsi.demdex.net www.facebook.com beacon.aimtell.com; report-uri https://insight.report-uri.com/r/t/csp/wizard 2
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl https://app.powerbi.com/ https://api.pdok.nl/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com https://api.pdok.nl/; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://app.powerbi.com/ https://api.pdok.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com https://data.rivm.nl/ https://api.pdok.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/ https://chemkap.rivm.nl https://api.pdok.nl/; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://app.powerbi.com https://api.pdok.nl/; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://api.pdok.nl/*; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://app.powerbi.com https://api.pdok.nl/; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://api.pdok.nl/; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quechoisir.org *.qccdn.fr *.tagcommander.com *.commander1.com *.trustcommander.net *.aticdn.net *.xiti.com *.bing.com *.google.com *.youtube.com *.youtu.be www.youtube-nocookie.com *.facebook.com *.kameleoon.io *.kameleoon.eu *.xiti.com *.aticdn.net *.facebook.net flo.uri.sh public.flourish.studio wss://dl1.quechoisir.org  wss://dl2.quechoisir.org wss://dl.quechoisir.org upgrade-insecure-requests; report-uri https://www.quechoisir.org/csp-violation-report-endpoint/; report-to csp-endpoint> 2
default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://challenges.cloudflare.com;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://player.captivate.fm/ https://syndication.twitter.com/ https://challenges.cloudflare.com;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report;report-to report-endpoint 2
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self' *.commerzbank.de; script-src 'self' *.commerzbank.de 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net extend.vimeocdn.com www.facebook.com connect.facebook.net; style-src 'self' *.commerzbank.de 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com https://tagmanager.google.com; frame-src 'self' *.commerzbank.de https://www.googletagmanager.com https://*.fls.doubleclick.net player.vimeo.com; worker-src 'self' *.commerzbank.de; connect-src 'self' *.commerzbank.de https://*.googletagmanager.com https://*.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.de https://*.google.bg https://pagead2.googlesyndication.com https://www.googleadservices.com www.facebook.com connect.facebook.net; font-src 'self' *.commerzbank.de data:; img-src 'self' *.commerzbank.de https: data: https://*.googletagmanager.com https://googletagmanager.com https://*.google-analytics.com https://ad.doubleclick.net https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.bg https://pagead2.googlesyndication.com https://www.googleadservices.com https://ade.googlesyndication.com https://adservice.google.com www.facebook.com connect.facebook.net; report-uri https://tp.commerzbank.de/csp; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2
default-src 'self' *.adsrvr.org *.google.com *.doubleclick.net *.optimizely.com *.facebook.com *.cookielaw.org *.clarity.ms apps.usw2.pure.cloud www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com embed.signalintent.com *.optimizely.com cdn.segment.com *.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com *.btttag.com *.bing.com *.app-us1.com *.adsrvr.org *.doubleclick.net *.cookielaw.org www.google-analytics.com *.mypurecloud.com *.googleadservices.com *.pure.cloud *.aptrinsic.com *.bootstrapcdn.com js.monitor.azure.com *.facebook.net *.facebook.com trackcmp.net extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net snap.licdn.com www.redditstatic.com;style-src 'self' 'unsafe-inline' use.fontawesome.com use.typekit.net embed.signalintent.com p.typekit.net *.mypurecloud.com *.googleapis.com *.aptrinsic.com *.jsdelivr.net *.bootstrapcdn.com extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net;img-src 'self' data: bat.bing.com *.google.com www.google-analytics.com content-cdn.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.facebook.net *.facebook.com *.adsrrvr.org *.doubleclick.net *.yahoo.com *.cookielaw.org *.googlesyndication.com *.ads.linkedin.com embed.signalintent.com insight.adsrvr.org ib.adnxs.com *.reddit.com;font-src 'self' use.fontawesome.com embed.signalintent.com use.typekit.net *.mypurecloud.com *.gstatic.com *.googleapis.com *.cloudfront.net data:;connect-src 'self' ws: wss: *.googlesyndication.com signal-intent-production-back.herokuapp.com cdn.segment.com *.optimizely.com *.cookielaw.org calc-backend-prod.herokuapp.com d.btttag.com *.googleapis.com www.google-analytics.com api.segment.io *.doubleclick.net *.alaskausa.org *.bing.com *.aptrinsic.com *.episerver.net *.visualstudio.com *.google.com *.facebook.com finalyticsdata.com devfinalyticsdata.com stgfinalyticsdata.com px.ads.linkedin.com api-cdn.usw2.pure.cloud pixel-config.reddit.com www.redditstatic.com;worker-src 'self' blob:;block-all-mixed-content 2
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://js.hs-scripts.com https://js.hs-analytics.net https://js-na2.hs-scripts.com https://js-na2.hubspot.com https://js-na2.hscollectedforms.net https://js-na2.hs-banner.com https://js-na2.hs-analytics.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://j.6sc.co https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdn-cookieyes.com; img-src 'self' data: https: http:; font-src 'self' data: https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://forms.hsforms.com https://forms-na2.hsforms.com https://api.hsforms.com https://cta-na2.hubspot.com https://forms-na2.hscollectedforms.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn-cookieyes.com https://*.cookieyes.com https://directory.cookieyes.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://secure.adnxs.com; frame-src 'self' https://www.youtube.com https://www.google.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src 'self' bard.edu www.bard.edu inside.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org ghea21.org; 	form-action 'self' bard.edu www.bard.edu tools.bard.edu connect.bard.edu opensocietyuniversitynetwork.org ghea21.org; 	base-uri 'self' bard.edu www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org; 	font-src 'self' data: www.bard.edu opensocietyuniversitynetwork.org ghea21.org fonts.gstatic.com *.fontawesome.com cdnjs.cloudflare.com; 	style-src 'self' 'unsafe-inline' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org fonts.googleapis.com *.fontawesome.com tagmanager.google.com www.google.com *.technolutions.net static.ctctcdn.com cdnjs.cloudflare.com *.curator.io; 	script-src 'self' 'unsafe-inline' 'report-sample' www.bard.edu tools.bard.edu connect.bard.edu explore.bard.edu opensocietyuniversitynetwork.org ghea21.org code.jquery.com player.vimeo.com *.fontawesome.com www.google-analytics.com ssl.google-analytics.com *.googletagmanager.com tagmanager.google.com www.google.com cse.google.com googleads.g.doubleclick.net connect.facebook.net consent.cookiebot.com cdn.unibuddy.co www.youvisit.com *.technolutions.net analytics.tiktok.com *.curator.io; 	img-src 'self' data: bard.edu www.bard.edu inside.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org www.facebook.com trck.youvisit.com ssl.gstatic.com www.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com curator-assets.b-cdn.net; 	connect-src 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org *.google-analytics.com *.analytics.google.com analytics.google.com www.google.com *.googletagmanager.com *.doubleclick.net *.technolutions.net analytics.tiktok.com *.curator.io; 	media-src 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org player.vimeo.com *.vimeocdn.com www.buzzsprout.com curator-assets.b-cdn.net; 	object-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org ghea21.org; 	child-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org ghea21.org www.youtube.com www.youtube-nocookie.com player.vimeo.com unibuddy.co popcard.unibuddy.co cdn.youvisit.com e.issuu.com; 	frame-src 'self' www.bard.edu tools.bard.edu maps.bard.edu opensocietyuniversitynetwork.org ghea21.org www.youtube.com www.youtube-nocookie.com player.vimeo.com *.googletagmanager.com *.doubleclick.net unibuddy.co popcard.unibuddy.co cdn.youvisit.com e.issuu.com; 	frame-ancestors 'self' www.bard.edu tools.bard.edu opensocietyuniversitynetwork.org ghea21.org; 2
default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-src *; img-src * data:; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'report-sample' 'unsafe-inline'; base-uri *; form-action *; frame-ancestors 'self' 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::AUREUS_APROD_4_7_0 2
default-src 'self'; script-src 'self' 'unsafe-eval' https: http: 'nonce-MGIwYTBiMjktMGY0OS00YmEyLWE5ZTgtNDI0NzcyMTRiYTcw' 'strict-dynamic'; script-src-elem 'unsafe-inline' https://yamap.com https://www.googletagmanager.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' https: blob: data:; object-src 'none'; form-action 'self'; connect-src 'self' https://*; report-uri https://zk6bsphzgvpliawi65sbwjdx6m0xhmnc.lambda-url.ap-northeast-1.on.aws/; frame-src https://docs.google.com/forms; 2
script-src https: blob: 'unsafe-inline' 'unsafe-eval' 'self';base-uri 'self';report-uri https://reporting-api.gannettinnovation.com 2
worker-src *.litter-robot.com *.litterbox.com *.whisker.com *.osano.com blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.elev.io *.paypalobjects.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.osano.com *.klarna.com https://*.talkable.com 'self' 'unsafe-inline'; img-src data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io widgets.automizely.com widgets.automizely.io *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adnxs.com *.adsrvr.org *.bidr.io *.bing.com *.facebook.com *.gotolstoy.com *.lightboxcdn.com *.localizecdn.com *.reddit.com *.twitter.com *.pinterest.com *.pbbl.co *.tiktok.com *.litter-robot.com *.litterbox.com *.whisker.com aa.agkn.com https://*.ordergroove.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com *.cdn.imgeng.in *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adnxs.com *.ads-twitter.com *.adsrvr.org *.attn.tv *.bing.com *.byspotify.com *.dixa.io *.dstillery.com *.elev.io *.exponea.com *.facebook.net *.gleamjs.io *.gotolstoy.com *.hotjar.com *.impactcdn.com *.iubenda.com *.lightboxcdn.com *.localizecdn.com *.noibu.com *.onescreen.ai *.pepperjam.com *.pinimg.com *.pinterest.com *.redditstatic.com *.tiktok.com getrockerbox.com *.litter-robot.com *.litterbox.com *.whisker.com *.optimizely.com s3-us-west-2.amazonaws.com *.pbbl.co d2hrivdxn8ekm8.cloudfront.net *.osano.com https://*.ordergroove.com https://elements.sika.health *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com *.cdn.imgeng.in *.hsforms.net *.hsforms.com https://d2jjzw81hqbuqv.cloudfront.net https://di6re4dxelnn2.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.certcapture.com assets.braintreegateway.com *.gotolstoy.com *.lightboxcdn.com *.plyr.io *.litter-robot.com *.litterbox.com *.whisker.com *.osano.com *.klarnacdn.net *.adobedtm.com *.cdn.imgeng.in *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gotolstoy.com *.litter-robot.com *.litterbox.com *.whisker.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.automizely.com api.automizely.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.adnxs.com *.attentivemobile.com *.attn.tv *.bing.com *.dixa.io *.elev.io *.exponea.com *.facebook.com *.gotolstoy.com *.hotjar.com *.iubenda.com *.localizecdn.com *.noibu.com *.onescreen.ai *.pinterest.com *.plyr.io *.reddit.com *.redditstatic.com *.spotify.com *.tiktok.com *.litter-robot.com *.litterbox.com *.whisker.com *.googlesyndication.com *.optimizely.com *.telemetry.vaultdcr.com *.osano.com https://*.ordergroove.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://472ad5a6-d25e-45ca-8d99-f4067de68ea9.sansec.watch/; report-to report-endpoint; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; media-src * blob:; worker-src * blob:; frame-src * data: blob:; connect-src *; frame-ancestors 'none'; report-uri /csp-violation-report 2
default-src 'none'; connect-src 'self' *.siteminder.com 123compareme.com *.123compareme.com *.ada-tray.com *.bookmebob.com *.flip.to *.gtsgapps.com *.hijiffy.com messenger-services.com *.sojern.com *.thehotelsnetwork.com *.triptease.io *.triptease.net *.userguest.com *.theguestbook.com connect.facebook.net *.facebook.com *.edge.sdk.awswaf.com *.paypal.com recaptcha.net *.launchdarkly.com *.newrelic.com bam.nr-data.net *.hotjar.com *.hotjar.io *.googletagmanager.com *.gstatic.com *.google-analytics.com *.google.com *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net *.doubleclick.net *.imgix.net; script-src 'self' 123compareme.com *.123compareme.com *.ada-tray.com *.adatray.com *.bookmebob.com *.flip.to *.gtsgapps.com *.hijiffy.com *.sojern.com *.thehotelsnetwork.com *.triptease.io *.triptease.net *.userguest.com theguestbook.com *.theguestbook.com connect.facebook.net *.edge.sdk.awswaf.com *.paypal.com recaptcha.net *.launchdarkly.com *.newrelic.com bam.nr-data.net *.hotjar.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.google-analytics.com *.google.com *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net *.doubleclick.net; frame-src 'self' recaptcha.net www.googletagmanager.com *.paypal.com *.triptease.io; img-src 'self' *.imgix.net *.siteminder.com *.paypalobjects.com *.googletagmanager.com *.openstreetmap.org *.adatray.com *.thehotelsnetwork.com data:; style-src 'self' 'unsafe-inline' *.adatray.com *.thehotelsnetwork.com *.userguest.com fonts.googleapis.com; font-src 'self' data: *.adatray.com *.thehotelsnetwork.com *.userguest.com fonts.gstatic.com; report-to cspendpoint; report-uri https://csp-report.siteminder.com/api/quokka/booking-engine/report; frame-ancestors 'self' 2
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io *.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.googlesyndication.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' emd.hybrid.ai *.hybrid.ai pixel.wp.pl www.google.com 'sha256-YSegCmpoY/9vy6z9Jp/wY5F+2CZOSO85IpkqRDamw6o=' 'sha256-8UQUF8T5SdG0xN7U0SziZK/tE7Mx20WlIEvrhPZS+5c=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-y+EdpRp7NGzuxDREjdSGXuM2ZRxY/zPRIps6hzHQOcU=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HbtNuErO4Ji0X7sd59L8NfJYuQk3WllCWK3gVuRMpfM=' 'sha256-BBirXJiJdwXRuf4PKdCNfYQLT8mhwGu68gkk2lfCqN8=' 'sha256-9gh4m8bsTLdMvKZ358mYZY2d+f5k+bk+APY/b3jwy1o=' 'sha256-xeKH9HwGHVm84iWqrxisQix9T08PGSCZTxFIO4+ewWk=' 'sha256-DwzQ63XCPWPBU9VhenPaZeU1L0tiiqJkkaWArzaMA14=' 'sha256-5t573MY7H7LQK71Vf2b+RoOG9NlBxHctIHdMjVPJIE0=' 'sha256-ZxrnaNw21FtNs0hG3ejrGPJWMFqp2c2scn3dGBS7Xtk=' 'sha256-DaJ5+aVVCCwmIoJpsto8Q2FfkqVlML3utJdn4mDMGD0=' 'sha256-Fj/OzUbSCuycXsQO3rkxgJpOQcr0O4grKcZDUi0FIiU=' 'sha256-L89rOqVn3e1Yeav7YFzFH7bxGr1IyHtjhNxYvrcVL4E=' 'sha256-g2T0Peh4PkAjcTj+CFHeM0y83Uuh+6W/+Ay4nUyncSo=' 'sha256-BpTz1JC47PMe4NhdM7n0gmuvr+83Jo3c+LLXav8o+Wc=' 'sha256-+i46atGTJGrevoy/LaA/uxqfIvacu6J/34f4LYs4FLU=' 'sha256-NW1gvrymt4M+SBgRpB7GKpbvkiAcBF120jBugIgwTkY=' 'sha256-TCOS0LXlyOYGx+xlpfAYkRxyaOiYLTlRzHwI0YQSm3Q=' 'sha256-XdoX181xfRJT12LmChyU6l4zxvoIsaAHf4FxTHoJM+I=' 'sha256-NKT4ofJEPzU1gDi1WITFInJvz8potrsIe5i+LSnCKqo=' 'sha256-w6kdg/3YV4tBVkaDe4i2aktYPtaPLEHNIGHKOXJ7aZI=' 'sha256-7OI/iFnRHuxJU3EbXDhDFX6g3cZ0C1I8U6VTbbk7bPw=' 'sha256-VY8NVZZ8EZKkngWGPFlpnC0jlPPS4naDQeeIKqLpgUU=' 'sha256-3ThNsno0lln5H88qDcBDPljNxQaOgkPiulXpM/OsV1s=' 'sha256-8N1I80yqbb8/sRov2zmhZf1nwe9Hd8PifhnSJaDP664=' 'sha256-LG4xcV34tsaAdFNYuH8Lr84Ovn0ZnSV2GoIA+TiLP5s=' 'sha256-y36RoFUJWgc8gbl/5Pk2/0bsYv2bJ+bMa8Y4LV/Wz/k=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-3FPxyKucOIUnwkis1jUlVWeg63ttBCdsnPZ7d1/U9vQ=' 'sha256-lBxE5qVCAIfADFr1+pdyVxAP7I/YVviosUAsCf3pZtU=' 'sha256-3iXpidN34sHSaOL+oY8lqqkqIs8qgMSZmmFOyyyJq5o=' 'sha256-TZjz12EnkJLarfuyWy8NqZ9HG8RpIuFAlQySbT4/4h8=' 'sha256-Y4y/Z3pJNei7wFfh20klvIrbZiajvE/JWO1KhI668Xo=' 'sha256-LigV2Z6/JVA57qW0q8wSx849ylkhI35JZTPqGObl9ks=' 'sha256-83sIN1kEH+EziQHRTaQiSWImOUtv0wFFfa74npfXyoE=' 'sha256-BMIPp0uCJPYMdHFyQdug09fBOv1yC4c3ATQ5HIB8lnU=' 'sha256-mkZ77JgvPSMOW/FuYQr4tf+Z2qIq0e/ozaNEcVp9eyc=' cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googleadservices.com *.santanderopenacademy.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud *.g2.com ai.g2.com; connect-src 'self' *.drip.com ai.g2.com; 2
default-src *; font-src 'self' https: data:; img-src * blob: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.enterprisedb.com http://enterprisedb.com http://enterprisedb.okta.com; frame-ancestors 'self'; report-uri https://www.enterprisedb.com/log-report-uri/reportOnly 2
worker-src 'self' blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' rum.hlx.page *.youtube.com *.gstatic.com *.licdn.com *.podigee-cdn.net static.xingcdn.com www.googleadservices.com *.google.com  *.googlesyndication.com  *.onetrust.com *.alida.com wave.outbrain.com  *.outbrain.com *.taboola.com *.intelliad.de *.doubleclick.net platform.twitter.com cdn.mouseflow.com  *.cnd-motionmedia.de *.facebook.net www.facebook.com *.bing.com *.googletagmanager.com cdn.scarabresearch.com *.spoteffects.net cdn.trackjs.com cdnjs.cloudflare.com *.realperson.de cdn.cookielaw.org *.ergodirekt.de *.ergo.com *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com *.cloudfirst.digital assets.adobedtm.com; frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com *.erg.ravespace.cloud; report-uri https://csp-reporting.ergo.com/csp-reports?tenant=dospa; report-to csp-endpoint; 2
default-src 'self'; connect-src 'none'; script-src-elem https://sdk.privacy-center.org https://www.googletagmanager.com; style-src-elem https://cdn.jsdelivr.net; img-src 'self' https://assets-eu-01.kc-usercontent.com https://cdn-prod.ppg.com; report-to csp-endpoint 2
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.io wss: https://cn2bi8ujy8.execute-api.us-east-1.amazonaws.com https://taskade-files.s3.us-east-1.amazonaws.com https://files.taskade.com https://vimeo.com https://fast.wistia.com https://*.loom.com https://www2.profitwell.com https://api.canny.io https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://challenges.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://r.wdfl.co https://public.profitwell.com https://cdn.firstpromoter.com https://canny.io https://pa.taskade.com https://unicorn.taskade.workers.dev https://static.cloudflareinsights.com;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://docs.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 2
default-src 'self' https://nexo.com *.nexo.com *.nexo.io cdn.segment.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://nexoio.my.salesforce-scrt.com https://widget.trustpilot.com https://appleid.cdn-apple.com https://www.apple.com https://browser-intake-datadoghq.eu https://region1.analytics.google.com https://region1.google-analytics.com https://events.eu1.segmentapis.com https://www.googletagmanager.com https://accounts.google.com https://www.gstatic.com https://fonts.gstatic.com *.geetest.com wss://platform.nexo.com https://nexoio.my.site.com; frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com; report-uri https://security-logging.nexo.com; 2
script-src 'self' https://challenges.cloudflare.com https://hcaptcha.com https://static.cloudflareinsights.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/; base-uri 'self'; object-src 'self'; report-uri /cdn-cgi/script_monitor/report 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.doubleclick.net; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; worker-src blob: https:; 2
default-src 'self'; script-src 'self' *.argenta.be argenta-aam.be *.argenta-aam.be *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be argenta-aam.be *.argenta-aam.be *.teads.tv *.googlesyndication.com *.pingdom.net *.google.com; font-src 'self'; frame-src 'self'  *.tst-argenta.be *.argenta-aam.be *.adsrvr.org *.teads.tv *.doubleclick.net *.googletagmanager.com; img-src 'self' *.argenta.be *.simargenta.be argenta-aam.be *.argenta-aam.be *.facebook.com *.google.be *.google.com *.google.ie *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://www.veracode.com?gdsih-csp-report; 2
frame-ancestors https://*.walmart.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4ebf0f2c2b22f7e232e33c048c5f3d2b&dd-evp-origin=content-security-policy&env=prod&ddsource=csp-report&ddtags=service:marketing-web 2
script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 2
default-src 'self';img-src * blob: data: px.ads.linkedin.com www.facebook.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amplitude.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net formstack.com *.formstack.com *.formstack.io *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io onesignal.com *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css script.crazyegg.com sc-static.net siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com cdn.mxpnl.com js.hubspot.com *.snapchat.com *.instabot.io *.roobrik.com connect.facebook.net services.cattailsservices.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.formstack.com *.formstack.io *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com *.instabot.io services.cattailsservices.com;font-src 'self' data: *.fontawesome.com *.typekit.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com *.roobrik.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net vimeo.com *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net static.addtoany.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com forms.hubspot.com *.roobrik.com *.cloudfront.net sanford.az1.qualtrics.com www.groupexpro.com;frame-ancestors 'self' *.mysanfordchart.org *.snapchat.com;connect-src 'self' *.amplitude.com cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.analytics.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io onesignal.com *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com *.hsforms.com *.hubspot.com js.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net forms.hscollectedforms.net js.hscollectedforms.net n2.mouseflow.com pnapi.invoca.net sanfordhealth.formstack.com *.formstack.io usageanalytics.coveo.com *.cloud.coveo.com px.ads.linkedin.com snap.licdn.com sc-static.net api.sanfordhealth.org api-js.mixpanel.com *.instabot.io api.fbanalytics.org connect.facebook.net assets.sitescdn.net *.cloudfront.net siteimproveanalytics.com *.roobrik.com services.cattailsservices.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.abtasty.com abtasty.com api-data-connector.abtasty.com ariane.abtasty.com assets-manager.abtasty.com common-fonts.abtasty.com dcinfos-cache.abtasty.com try.abtasty.com *.ipredictive.com ipredictive.com *.everesttech.net everesttech.net *.typekit.net typekit.net amazonaws.com execute-api.us-west-2.amazonaws.com us-east-2.amazonaws.com socialannex.com *.adnxs.com adnxs.com *.auryc.com auryc.com *.bidr.io prod.bidr.io *.bing.com *.bing.net bat.bing.net bing.com *.brxcdn.com brxcdn.com *.btttag.com btttag.com *.builder.io builder.io *.cloudflare.com cdnfonts.com cloudflare.com *.cloudfront.net cloudfront.net *.cloudinary.com cloudinary.com *.cnstrc.com cnstrc.com *.contentsquare.net bf.contentsquare.net contentsquare.net hj.contentsquare.net criteo.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.dstillery.com dstillery.com media6degrees.com *.facebook.com *.facebook.net facebook.com facebook.net *.getfastr.com getfastr.com *.iesnare.com iesnare.com *.google.com *.googlesyndication.com *.gstatic.com analytics.google.com google.bs google.ca google.co.cr google.co.il google.co.in google.co.jp google.co.th google.co.uk google.co.vi google.com google.com.ar google.com.br google.com.bz google.com.co google.com.hk google.com.mx google.com.my google.com.pa google.com.ph google.com.pk google.com.pr google.com.sa google.com.sv google.com.tr google.de google.fr google.hn google.hr google.ie google.it google.nl google.se google.sk google.tt googlesyndication.com gstatic.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.fsastore.com *.hsastore.com *.welldeservedhealth.com fsastore.com hsastore.com welldeservedhealth.com *.heapanalytics.com heapanalytics.com us.heap-api.com ip-api.com *.izooto.com izooto.com jquery.com listrak.com listrakbi.com liadm.com *.pcapredict.com pcapredict.com bing.net *.clarity.ms mountain.com *.northbeam.io northbeam.io *.oursprivacy.com oursprivacy.com *.pepperjam.com *.pepperjamnetwork.com pepperjam.com pepperjamnetwork.com *.pinimg.com *.pinterest.com pinimg.com pinterest.com *.pdst.fm *.powerreviews.com powerreviews.com *.riskified.com riskified.com disstg.commercecloud.salesforce.com *.segment.com *.segment.io segment.com segment.io ingest.sentry.io *.spotify.com *.mobify-storefront.com mobify-storefront.com alocdn.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com acsbapp.com postcodeanywhere.co.uk zma.gs *.youtube.com *.ytimg.com youtube.com ytimg.com *.zdassets.com *.zendesk.com zdassets.com zendesk.com zopim.com *.zmags.com creator-prod.zmags.com zmags.com zmags.workers.dev adlucent.com deepsearch.adlucent.com delighted.com google.com.au google.com.pe google.com.sg heap-api.com *.paypalobjects.com paypalobjects.com; frame-ancestors capacitor://localhost; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.attn.tv bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com humango.ai *.iterable.com kcc0.com www.kinomap.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com *.rudderstack.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com utt.impactcdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com unsafe-inline *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.getroster.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com h64.online-metrix.net cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv *.rudderlabs.com *.rudderstack.com cdn.segment.com imgs.signifyd.com *.stackadapt.com static.ads-twitter.com analytics.twitter.com modelviewer.dev d.emails.wahoofitness.com forms.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.stackadapt.com forms.wahoofitness.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com *.getroster.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv *.rollbar.com *.rudderstack.com api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wahoofitness.com/nullreport/report/nullendpoint; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.wmf.com accountuat.wmf.com ad4m.at ct.pinterest.com fledge.eu.criteo.com groupe-seb.my.salesforce-sites.com gum.criteo.com service.force.com static.criteo.com static.criteo.net td.doubleclick.net www.paypalobjects.com www.sovendus-connect.com backoffice-eu.oct8ne.com static.trbo.com collect.trbo.com track2.trbo.com charger-v2.trbo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com https://images.unsplash.com *.disqus.com https://img.youtube.com * https://api.mapbox.com *.hsforms.net *.hsforms.com 'self' data: *.contentsquare.net static.trbo.com collect.trbo.com track2.trbo.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.disqus.com * https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.contentsquare.net *.contentsquare.com halc.iadvize.com static.trbo.com api-v4.trbo.com charger-v2.trbo.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com service.force.com static.trbo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.contentsquare.net app.contentsquare.com api.paypal.com ariane.abtasty.com bat.bing.com cdn.cookielaw.org content.hotjar.io ct.pinterest.com dcinfos-cache.abtasty.com geolocation.onetrust.com googleads.g.doubleclick.net identification-api.sovendus.com maps.googleapis.com measurement-api.criteo.com pagead2.googlesyndication.com privacyportal-eu.onetrust.com region1.analytics.google.com stats.g.doubleclick.net tag.commander1.com try.abtasty.com ws.hotjar.com www.google.com www.google.de www.pinterest.com halc.iadvize.com data.trbo.com newsletter-api.trbo.com api-v4.trbo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pike13.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.linkedin.com https://platform.twitter.com https://snap.licdn.com https://tracking.g2crowd.com https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsforms.net https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hsappstatic.net https://*.hubapi.com https://*.wufoo.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.pike13.com https://fonts.googleapis.com https://*.hsappstatic.net https://*.hsforms.net https://*.hubspotusercontent-na1.net; font-src 'self' https://*.pike13.com https://fonts.gstatic.com https://*.hubspotusercontent-na1.net https://www.google.com; img-src 'self' https://*.pike13.com https://*.hubspot.com https://*.hubspot.net https://*.hsforms.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.linkedin.com https://*.hsappstatic.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.googletagmanager.com https://*.twitter.com; connect-src 'self' https://*.pike13.com https://analytics.google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-collectedforms.net https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com https://*.doubleclick.net; frame-src 'self' https://*.pike13.com https://*.hs-sites.com https://*.googletagmanager.com https://*.google.com https://*.facebook.com https://*.twitter.com; object-src 'none'; worker-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; report-uri https://pike13.report-uri.com/r/d/csp/wizard; 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 2
default-src 'self' data:; img-src 'self' data: *.hva.nl *.amsterdamuas.com imgsct.cookiebot.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu www.googletagmanager.com www.google.com www.google-analytics.com; script-src-elem 'unsafe-inline' 'self' consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu www.googletagmanager.com www.google.com www.google-analytics.com; object-src 'self'; base-uri 'none'; frame-ancestors 'self'; frame-src 'self' consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu www.google.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.hva.nl *.amsterdamuas.com www.google-analytics.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mxpnl.com www.googletagmanager.com cdn.cookiehub.eu www.google-analytics.com cdnjs.cloudflare.com cdn-4.convertexperiments.com www.convert.com leadbooster-chat.pipedrive.com cdn.pdx-1.pipedriveassets.com public.our-trace.com googleads.g.doubleclick.net snap.licdn.com bat.bing.com tracking-api.g2.com; style-src 'self' 'unsafe-inline' www.convert.com cookiehub.net cdn.cookiehub.eu; img-src 'self' data: blob: www.w3.org public.our-trace.com leadbooster-chat.pipedrive.com px.ads.linkedin.com bat.bing.com www.googletagmanager.com www.google.com www.google.com.au; frame-src 'self' www.googletagmanager.com; child-src 'none'; font-src 'self' data: cdn.pdx-1.pipedriveassets.com; connect-src 'self' cdn-4.convertexperiments.com api.our-trace.com pagead2.googlesyndication.com leadbooster-chat.pipedrive.com www.google.com px.ads.linkedin.com api-js.mixpanel.com www.google-analytics.com consent.cookiehub.net snap.licdn.com bat.bing.com tracking-api.g2.com googleads.g.doubleclick.net; manifest-src 'self'; media-src 'self'; object-src 'none'; 2
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; child-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' blob: https: data:; media-src 'self' ssl.gstatic.com v.adsrvr.org data:; script-src 'self' ajax.cloudflare.com cdn.ampproject.org cdn.printfriendly.com choices.trustarc.com choices.truste.com ep2.adtrafficquality.google *.kaspersky-labs.com js.chargebee.com s.adroll.com s0.2mdn.net s3.amazonaws.com www.googletagservices.com www.gstatic.com www.scrible.com *.doubleverify.com *.doubleclick.net *.google *.google.com *.googleapis.com *.googlesyndication.com 'unsafe-inline'; style-src 'self' js.chargebee.com pwm-image.trendmicro.com s3.amazonaws.com use.fontawesome.com www.gstatic.com *.googleapis.com *.kaspersky-labs.com *.public.law 'unsafe-inline'; worker-src 'self' https: blob:; report-uri https://www.public.law/csp-report 2
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net player.interactivity.brightcove.com fonts.gstatic.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com player.interactivity.brightcove.com;form-action 'self' *.armstrong.com  *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com armstrongceilings.my.site.com; frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com www.gstatic.com js-na1.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net *.bazaarvoice.com cdn-cookieyes.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com  vjs.zencdn.net www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.mountain.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 *.clearbitscripts.com;frame-src 'self' armstrongceilings.tfaforms.net bid.g.doubleclick.net d2qrdklrsxowl2.cloudfront.net armstrong.demdex.net www.google.com;img-src 'self' data: *.armstrong.com *.armstrongceilings.com *.bazaarvoice.com *.brightcove.com *.outbrain.com *.qualtrics.com armstrongceilings.my.salesforce-sites.com cdn-cookieyes.com cf-images.us-east-1.prod.boltdns.net cm.everesttech.net data.coremetrics.com dpm.demdex.net p.adsymptotic.com px.ads.linkedin.com s7d2.scene7.com www.google-analytics.com www.google.com www.googletagmanager.com track.hubspot.com www.facebook.com;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com cdn-cookieyes.com *.cookieyes.com edge.adobedc.net forms.hsforms.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io house-fastly-signed-us-east-1-prod.brightcovecdn.com armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 *.clearbitscripts.com 2
connect-src *; default-src *; font-src * data:; frame-src *; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'unsafe-inline' *; style-src 'unsafe-inline' *; style-src-elem 'unsafe-inline' *; 2
child-src 'self' blob: *.adairs.com.au; connect-src 'self' *.aptrinsic.com *.braintreegateway.com *.braze.com *.clarity.ms *.creativecdn.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.inside-graph.com *.paypal.com *.pinterest.com *.spotify.com *.unbxd.io *.unbxdapi.com *.yieldify-production.com *.yieldify.com cdn.jsdelivr.net cdnjs.cloudflare.com dc.services.visualstudio.com google.com js.monitor.azure.com payments.braintree-api.com wss://stellar-live.inside-graph.com wss://ws.hotjar.com www.facebook.com/tr/; font-src 'self' *.gstatic.com *.typekit.net/ *.yieldify-production.com *.yieldify.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self' *.braintreegateway.com *.creativecdn.com *.criteo.com *.criteo.net *.googletagmanager.com *.paypal.com *.pinterest.com pay.google.com; img-src 'self' data: *.adairs.co.nz *.adairs.com.au *.afterpay.com *.bing.com *.creativecdn.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.idio.episerver.net *.inside-graph.com *.paypal.com *.yieldify.com c.clarity.ms ib.adnxs.com r.turn.com www.facebook.com www.google.com.au www.paypalobjects.com; media-src 'self' *.inside-graph.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.aptrinsic.com *.bing.com *.braze.com *.cfjump.com *.clarity.ms *.creativecdn.com *.criteo.com *.criteo.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.idio.episerver.net *.inside-graph.com *.paypal.com *.pdst.fm *.pinimg.com *.pinterest.com *.rakuten.com *.unbxd.io *.unbxdapi.com *.wisepops.com *.yieldify.com applepay.cdn-apple.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com connect.facebook.net https://static.cloudflareinsights.com/ js.monitor.azure.com pay.google.com r.turn.com static.zip.co static.zipmoney.com.au unpkg.com wisepops.net; style-src 'self' 'unsafe-inline' *.afterpay.com *.aptrinsic.com *.googleapis.com *.inside-graph.com *.typekit.net/ *.unbxd.io *.unbxdapi.com applepay.cdn-apple.com cdn.datatables.net cdn.jsdelivr.net; default-src 'none'; report-to stott-security-endpoint; 2
form-action 'self' https://uwosh.tfaforms.net https://www.facebook.com/tr/; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://syndicatedsearch.goog https://*.adtrafficquality.google https://www.google.com https://tr.snapchat.com https://player.vimeo.com https://www.youtube.com https://static.addtoany.com https://www.facebook.com https://public.tableau.com https://bbox.blackbaudhosting.com https://cdn.yoshki.com https://cdnapisec.kaltura.com; frame-ancestors 'self'; object-src 'none'; report-uri https://sentry.it.uwosh.edu/api/3/security/?sentry_key=a83fa724347d841bd65fdab57f19925a; report-to csp-endpoint 2
default-src 'self' blob: *.senado.gov.br *.senado.leg.br;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senado.gov.br *.senado.leg.br *.youtube.com *.google-analytics.com www.googletagmanager.com vlibras.gov.br ajax.googleapis.com www.gstatic.com;img-src 'self' data: blob: *.senado.gov.br *.senado.leg.br *.ytimg.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com vlibras.gov.br;connect-src 'self' *.senado.gov.br *.senado.leg.br vlibras.gov.br *.vlibras.gov.br www.google-analytics.com www.googletagmanager.com;font-src 'self' data: vlibras.gov.br cdnjs.cloudflare.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' *.senado.gov.br *.senado.leg.br cdnjs.cloudflare.com fonts.googleapis.com;worker-src blob: *.senado.leg.br *.senado.gov.br;object-src 'none';frame-src 'self' *.senado.gov.br *.senado.leg.br *.youtube.com www.youtube-nocookie.com;base-uri 'self';frame-ancestors 'self' *.senado.gov.br *.senado.leg.br 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com bonialconnect.com *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de secure.ogone.com v1-sim.preprod.psp-solutions.com v2-sim.preprod.psp-solutions.com www.facebook.com/tr/ bpcepaymentservices-3ds-vdm.wlp-acs.com bnpp-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com secure.ogone.com ogone.test.v-psp.com widget.trustpilot.com gum.criteo.com s.salecycle.com https://10766555.fls.doubleclick.net/ static.criteo.net/ www.facebook.com/ magasins.bureau-vallee.fr magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx t.clic2buy.com bpcepaymentservices-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io td.doubleclick.net https://epaync.nc/vads-payment/ https://epaync.nc/static/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org bva-preprod-fbi-fr-media-s3.s3.amazonaws.com bva-recette-fbi-fr-media-s3.s3.amazonaws.com bv-prd-fbi-fr-media.s3.eu-west-3.amazonaws.com bv-prd-fbi-fr-media.s3.amazonaws.com d2hlj6xfalexml.cloudfront.net d3n1o8ch79p937.cloudfront.net dxbyzx5id4chj.cloudfront.net bonialconnect.com content-media.bonial.biz rum-metrics.quanta.io bat.bing.com ib.adnxs.com www.facebook.com cm.g.doubleclick.net gum.criteo.com dis.criteo.com sync-t1.taboola.com x.bidswitch.net r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com e1.emxdgt.com cm.adform.net visitor.omnitagjs.com id5-sync.com matching.ivitrack.com exchange.mediavine.com simage2.pubmatic.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com beacon.krxd.net s.thebrighttag.com www.bureau-vallee.fr www.google.fr bvci-e2.colop.com utypia.bureau-vallee.fr *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io www.gstatic.com jadserve.postrelease.com ad.doubleclick.net public-prod-dspcookiematching.dmxleo.com https://epaync.nc/static/latest/images/type-carte/ https://epaync.nc/static/ https://epaync.nc/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://assets.fintecture.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magasins.bureau-vallee.fr widget.trustpilot.com bonialconnect.com s3.amazonaws.com maps.googleapis.com/ d16fk4ms6rqz1v.cloudfront.net bat.bing.com appstatic.quanta.io try.abtasty.com acdn.adnxs.com static.criteo.net sslwidget.criteo.com connect.facebook.net cdn.jsdelivr.net static.target2sell.com js-agent.newrelic.com/ bam.eu01.nr-data.net *.oney.io magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx rs.clic2buy.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io pagead2.googlesyndication.com tpc.googlesyndication.com *.algolia.io https://epaync.nc/api-payment/ https://epaync.nc/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets-staging.oney.io *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src pay.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com s3.eu-west-1.amazonaws.com www.bonialserviceswidget.de maps.googleapis.com trackingapi.bonial.fr bonialconnect.com dcinfos-cache.abtasty.com ariane.abtasty.com c.salecycle.com api.ipify.org i.salecycle.com wss://ws.salecycle.com/ region1.analytics.google.com www.facebook.com serv-api.target2sell.com bat.bing.com/actionp/ rum-metrics.quanta.io reco.target2sell.com bam.eu01.nr-data.net www.google.fr *.oney.io autocomplete.geocoder.api.here.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io try.abtasty.com pagead2.googlesyndication.com measurement-api.criteo.com apigw-cf.bva-integ-web.decade.fr https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ bva-recette-impression-s3.s3.eu-west-3.amazonaws.com bva-preprod-impression-s3.s3.eu-west-3.amazonaws.com bva-prod-impression-s3.s3.eu-west-3.amazonaws.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; report-to csp-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com fonts.googleapis.com cludo.com customer.cludo.com api.cludo.com *.cookiebot.com siteimprove.com *.siteimprove.com *.siteimproveanalytics.io *.google.com *.newrelic.com newrelic.com *.23video.com *.gstatic.com *.rm.dk *.analysefortegnelsen.dk connect.facebook.net/en_US/sdk.js *.rm.dk *.regionshospitalet-horsens.dk *.cpropslagqa.rm.dk *.cpropslagtest.rm.dk auh.intranet.rm.dk alvorligpatologi.dk auh.dk danishairambulance.dk danishneurosciencecenter.dk desikredeinstitutioner.dk diabetes.rm.dk godstrup.dk groennekompetencer.dk horsens.rm.dk human-first.org ikh.rm.dk innoccus-simply.dk klinik-almenmedicin-lemvig.dk landsbyviden.dk life-act.eu madsonline.dk mit.ikh.rm.dk move-interreg.eu psykiatrien.rm.dk randers.rm.dk regionaludvikling.intranet.rm.dk regionsklinikkenskive.dk regionsklinikkenskjern.dk regionsklinikkenthyholm.dk *.akutlaegehelikopter.dk *.antk.dk *.auh.dk *.c2ccc.eu *.cdss.dk *.cfbh.rm.dk *.coolgeoheat.eu *.danishairambulance.dk *.danishneurosciencecenter.dk *.dccc.dk *.defactum.dk *.desikredeinstitutioner.dk *.digi-lingo.eu *.dmcg.dk *.dok.rm.dk en.auh.dk *.faellesservicecenter.dk *.fagperson.auh.dk *.fagperson.hospitalsenhedmidt.dk *.fagperson.psykiatrien.rm.dk *.fagperson.regionshospitalet-goedstrup.dk *.fagperson.regionshospitalet-horsens.dk *.fagperson.regionshospitalet-randers.dk *.fagperson.sundhed.rm.dk *.godstrup.dk *.grenaasundhedshus.dk *.groennekompetencer.dk *.harts.dk *.hemidt.dk *.hemidt.intranet.rm.dk *.holmstrupgaard.rm.dk *.horsens.rm.dk *.hospitalsenhedmidt.dk *.human-first.org *.ikh.rm.dk *.klinik-almenmedicin-lemvig.dk *.kulturregion.dk *.laege-kvalitet.dk *.landsbyviden.rm.dk *.lemvigsundhedshus.dk *.life-bioscape.eu *.marselisborgcentret.dk *.medarbejder.rm.dk *.organdonation.dk *.pa.intra.rm.dk *.patientkommunikation.dk *.ph.rm.dk *.ps-horsens.intra.rm.dk *.ps-midt.intra.rm.dk *.ps-randers.intra.rm.dk *.ps-vest.intra.rm.dk *.psykiatriakademiet.rm.dk *.psykiatrien.rm.dk *.randers.intranet.rm.dk *.randers.rm.dk *.refer-cdr.eu *.regionshospitalet-goedstrup.dk *.regionshospitalet-horsens.dk *.regionshospitalet-randers.dk *.regionsklinikkenskive.dk *.regionsklinikkenskjern.dk *.regionsklinikkenthyholm.dk *.rehabiliteringsforum.dk *.rkkp.dk *.ru.rm.dk *.sau.rm.dk *.sbu.rm.dk *.sekretariatet.intra.rm.dk *.sektorovergang.rm.dk *.skivesundhedshus.dk *.sku.rm.dk *.social.rm.dk *.socialkvalitetsmodel.dk *.socialmedicin.rm.dk *.soh.rm.dk *.specialpsykologuddannelsen.dk *.specpsyksygeplejerske.dk *.stenoaarhus.dk *.sua.rm.dk *.sundhed.rm.dk *.sundhedsaftalen.rm.dk *.sundhedshusringkoebing.dk *.svo.rm.dk *.tvaerspor.dk *.videreuddannelsen-nord.dk *.voldtaegt.dk *.voresbaredygtighed.rm.dk *.windowstudiet.dk *.zgodkender.rm.dk *.ramazzini.dk; style-src 'self'  'unsafe-inline' unpkg.com fonts.googleapis.com cludo.com customer.cludo.com api.cludo.com *.cookiebot.com siteimprove.com *.siteimprove.com *.siteimproveanalytics.io *.google.com *.newrelic.com newrelic.com *.23video.com *.gstatic.com *.rm.dk *.analysefortegnelsen.dk connect.facebook.net/en_US/sdk.js *.rm.dk *.regionshospitalet-horsens.dk *.cpropslagqa.rm.dk *.cpropslagtest.rm.dk auh.intranet.rm.dk alvorligpatologi.dk auh.dk danishairambulance.dk danishneurosciencecenter.dk desikredeinstitutioner.dk diabetes.rm.dk godstrup.dk groennekompetencer.dk horsens.rm.dk human-first.org ikh.rm.dk innoccus-simply.dk klinik-almenmedicin-lemvig.dk landsbyviden.dk life-act.eu madsonline.dk mit.ikh.rm.dk move-interreg.eu psykiatrien.rm.dk randers.rm.dk regionaludvikling.intranet.rm.dk regionsklinikkenskive.dk regionsklinikkenskjern.dk regionsklinikkenthyholm.dk *.akutlaegehelikopter.dk *.antk.dk *.auh.dk *.c2ccc.eu *.cdss.dk *.cfbh.rm.dk *.coolgeoheat.eu *.danishairambulance.dk *.danishneurosciencecenter.dk *.dccc.dk *.defactum.dk *.desikredeinstitutioner.dk *.digi-lingo.eu *.dmcg.dk *.dok.rm.dk en.auh.dk *.faellesservicecenter.dk *.fagperson.auh.dk *.fagperson.hospitalsenhedmidt.dk *.fagperson.psykiatrien.rm.dk *.fagperson.regionshospitalet-goedstrup.dk *.fagperson.regionshospitalet-horsens.dk *.fagperson.regionshospitalet-randers.dk *.fagperson.sundhed.rm.dk *.godstrup.dk *.grenaasundhedshus.dk *.groennekompetencer.dk *.harts.dk *.hemidt.dk *.hemidt.intranet.rm.dk *.holmstrupgaard.rm.dk *.horsens.rm.dk *.hospitalsenhedmidt.dk *.human-first.org *.ikh.rm.dk *.klinik-almenmedicin-lemvig.dk *.kulturregion.dk *.laege-kvalitet.dk *.landsbyviden.rm.dk *.lemvigsundhedshus.dk *.life-bioscape.eu *.marselisborgcentret.dk *.medarbejder.rm.dk *.organdonation.dk *.pa.intra.rm.dk *.patientkommunikation.dk *.ph.rm.dk *.ps-horsens.intra.rm.dk *.ps-midt.intra.rm.dk *.ps-randers.intra.rm.dk *.ps-vest.intra.rm.dk *.psykiatriakademiet.rm.dk *.psykiatrien.rm.dk *.randers.intranet.rm.dk *.randers.rm.dk *.refer-cdr.eu *.regionshospitalet-goedstrup.dk *.regionshospitalet-horsens.dk *.regionshospitalet-randers.dk *.regionsklinikkenskive.dk *.regionsklinikkenskjern.dk *.regionsklinikkenthyholm.dk *.rehabiliteringsforum.dk *.rkkp.dk *.ru.rm.dk *.sau.rm.dk *.sbu.rm.dk *.sekretariatet.intra.rm.dk *.sektorovergang.rm.dk *.skivesundhedshus.dk *.sku.rm.dk *.social.rm.dk *.socialkvalitetsmodel.dk *.socialmedicin.rm.dk *.soh.rm.dk *.specialpsykologuddannelsen.dk *.specpsyksygeplejerske.dk *.stenoaarhus.dk *.sua.rm.dk *.sundhed.rm.dk *.sundhedsaftalen.rm.dk *.sundhedshusringkoebing.dk *.svo.rm.dk *.tvaerspor.dk *.videreuddannelsen-nord.dk *.voldtaegt.dk *.voresbaredygtighed.rm.dk *.windowstudiet.dk *.zgodkender.rm.dk *.ramazzini.dk; img-src 'self' data: 'unsafe-inline' unpkg.com fonts.googleapis.com cludo.com customer.cludo.com api.cludo.com *.cookiebot.com siteimprove.com *.siteimprove.com *.siteimproveanalytics.io *.google.com *.newrelic.com newrelic.com *.23video.com *.gstatic.com *.rm.dk *.analysefortegnelsen.dk connect.facebook.net/en_US/sdk.js *.rm.dk *.regionshospitalet-horsens.dk *.cpropslagqa.rm.dk *.cpropslagtest.rm.dk auh.intranet.rm.dk alvorligpatologi.dk auh.dk danishairambulance.dk danishneurosciencecenter.dk desikredeinstitutioner.dk diabetes.rm.dk godstrup.dk groennekompetencer.dk horsens.rm.dk human-first.org ikh.rm.dk innoccus-simply.dk klinik-almenmedicin-lemvig.dk landsbyviden.dk life-act.eu madsonline.dk mit.ikh.rm.dk move-interreg.eu psykiatrien.rm.dk randers.rm.dk regionaludvikling.intranet.rm.dk regionsklinikkenskive.dk regionsklinikkenskjern.dk regionsklinikkenthyholm.dk *.akutlaegehelikopter.dk *.antk.dk *.auh.dk *.c2ccc.eu *.cdss.dk *.cfbh.rm.dk *.coolgeoheat.eu *.danishairambulance.dk *.danishneurosciencecenter.dk *.dccc.dk *.defactum.dk *.desikredeinstitutioner.dk *.digi-lingo.eu *.dmcg.dk *.dok.rm.dk en.auh.dk *.faellesservicecenter.dk *.fagperson.auh.dk *.fagperson.hospitalsenhedmidt.dk *.fagperson.psykiatrien.rm.dk *.fagperson.regionshospitalet-goedstrup.dk *.fagperson.regionshospitalet-horsens.dk *.fagperson.regionshospitalet-randers.dk *.fagperson.sundhed.rm.dk *.godstrup.dk *.grenaasundhedshus.dk *.groennekompetencer.dk *.harts.dk *.hemidt.dk *.hemidt.intranet.rm.dk *.holmstrupgaard.rm.dk *.horsens.rm.dk *.hospitalsenhedmidt.dk *.human-first.org *.ikh.rm.dk *.klinik-almenmedicin-lemvig.dk *.kulturregion.dk *.laege-kvalitet.dk *.landsbyviden.rm.dk *.lemvigsundhedshus.dk *.life-bioscape.eu *.marselisborgcentret.dk *.medarbejder.rm.dk *.organdonation.dk *.pa.intra.rm.dk *.patientkommunikation.dk *.ph.rm.dk *.ps-horsens.intra.rm.dk *.ps-midt.intra.rm.dk *.ps-randers.intra.rm.dk *.ps-vest.intra.rm.dk *.psykiatriakademiet.rm.dk *.psykiatrien.rm.dk *.randers.intranet.rm.dk *.randers.rm.dk *.refer-cdr.eu *.regionshospitalet-goedstrup.dk *.regionshospitalet-horsens.dk *.regionshospitalet-randers.dk *.regionsklinikkenskive.dk *.regionsklinikkenskjern.dk *.regionsklinikkenthyholm.dk *.rehabiliteringsforum.dk *.rkkp.dk *.ru.rm.dk *.sau.rm.dk *.sbu.rm.dk *.sekretariatet.intra.rm.dk *.sektorovergang.rm.dk *.skivesundhedshus.dk *.sku.rm.dk *.social.rm.dk *.socialkvalitetsmodel.dk *.socialmedicin.rm.dk *.soh.rm.dk *.specialpsykologuddannelsen.dk *.specpsyksygeplejerske.dk *.stenoaarhus.dk *.sua.rm.dk *.sundhed.rm.dk *.sundhedsaftalen.rm.dk *.sundhedshusringkoebing.dk *.svo.rm.dk *.tvaerspor.dk *.videreuddannelsen-nord.dk *.voldtaegt.dk *.voresbaredygtighed.rm.dk *.windowstudiet.dk *.zgodkender.rm.dk *.ramazzini.dk; connect-src 'self' bam.eu01.nr-data.net sentry.io unpkg.com fonts.googleapis.com cludo.com customer.cludo.com api.cludo.com *.cookiebot.com siteimprove.com *.siteimprove.com *.siteimproveanalytics.io *.google.com *.newrelic.com newrelic.com *.23video.com *.gstatic.com *.rm.dk *.analysefortegnelsen.dk connect.facebook.net/en_US/sdk.js *.rm.dk *.regionshospitalet-horsens.dk *.cpropslagqa.rm.dk *.cpropslagtest.rm.dk auh.intranet.rm.dk alvorligpatologi.dk auh.dk danishairambulance.dk danishneurosciencecenter.dk desikredeinstitutioner.dk diabetes.rm.dk godstrup.dk groennekompetencer.dk horsens.rm.dk human-first.org ikh.rm.dk innoccus-simply.dk klinik-almenmedicin-lemvig.dk landsbyviden.dk life-act.eu madsonline.dk mit.ikh.rm.dk move-interreg.eu psykiatrien.rm.dk randers.rm.dk regionaludvikling.intranet.rm.dk regionsklinikkenskive.dk regionsklinikkenskjern.dk regionsklinikkenthyholm.dk *.akutlaegehelikopter.dk *.antk.dk *.auh.dk *.c2ccc.eu *.cdss.dk *.cfbh.rm.dk *.coolgeoheat.eu *.danishairambulance.dk *.danishneurosciencecenter.dk *.dccc.dk *.defactum.dk *.desikredeinstitutioner.dk *.digi-lingo.eu *.dmcg.dk *.dok.rm.dk en.auh.dk *.faellesservicecenter.dk *.fagperson.auh.dk *.fagperson.hospitalsenhedmidt.dk *.fagperson.psykiatrien.rm.dk *.fagperson.regionshospitalet-goedstrup.dk *.fagperson.regionshospitalet-horsens.dk *.fagperson.regionshospitalet-randers.dk *.fagperson.sundhed.rm.dk *.godstrup.dk *.grenaasundhedshus.dk *.groennekompetencer.dk *.harts.dk *.hemidt.dk *.hemidt.intranet.rm.dk *.holmstrupgaard.rm.dk *.horsens.rm.dk *.hospitalsenhedmidt.dk *.human-first.org *.ikh.rm.dk *.klinik-almenmedicin-lemvig.dk *.kulturregion.dk *.laege-kvalitet.dk *.landsbyviden.rm.dk *.lemvigsundhedshus.dk *.life-bioscape.eu *.marselisborgcentret.dk *.medarbejder.rm.dk *.organdonation.dk *.pa.intra.rm.dk *.patientkommunikation.dk *.ph.rm.dk *.ps-horsens.intra.rm.dk *.ps-midt.intra.rm.dk *.ps-randers.intra.rm.dk *.ps-vest.intra.rm.dk *.psykiatriakademiet.rm.dk *.psykiatrien.rm.dk *.randers.intranet.rm.dk *.randers.rm.dk *.refer-cdr.eu *.regionshospitalet-goedstrup.dk *.regionshospitalet-horsens.dk *.regionshospitalet-randers.dk *.regionsklinikkenskive.dk *.regionsklinikkenskjern.dk *.regionsklinikkenthyholm.dk *.rehabiliteringsforum.dk *.rkkp.dk *.ru.rm.dk *.sau.rm.dk *.sbu.rm.dk *.sekretariatet.intra.rm.dk *.sektorovergang.rm.dk *.skivesundhedshus.dk *.sku.rm.dk *.social.rm.dk *.socialkvalitetsmodel.dk *.socialmedicin.rm.dk *.soh.rm.dk *.specialpsykologuddannelsen.dk *.specpsyksygeplejerske.dk *.stenoaarhus.dk *.sua.rm.dk *.sundhed.rm.dk *.sundhedsaftalen.rm.dk *.sundhedshusringkoebing.dk *.svo.rm.dk *.tvaerspor.dk *.videreuddannelsen-nord.dk *.voldtaegt.dk *.voresbaredygtighed.rm.dk *.windowstudiet.dk *.zgodkender.rm.dk *.ramazzini.dk; font-src 'self' fonts.gstatic.com fonts.googleapis.com; frame-src 'self' unpkg.com fonts.googleapis.com cludo.com customer.cludo.com api.cludo.com *.cookiebot.com siteimprove.com *.siteimprove.com *.siteimproveanalytics.io *.google.com *.newrelic.com newrelic.com *.23video.com *.gstatic.com *.rm.dk *.analysefortegnelsen.dk connect.facebook.net/en_US/sdk.js *.rm.dk *.regionshospitalet-horsens.dk *.cpropslagqa.rm.dk *.cpropslagtest.rm.dk auh.intranet.rm.dk alvorligpatologi.dk auh.dk danishairambulance.dk danishneurosciencecenter.dk desikredeinstitutioner.dk diabetes.rm.dk godstrup.dk groennekompetencer.dk horsens.rm.dk human-first.org ikh.rm.dk innoccus-simply.dk klinik-almenmedicin-lemvig.dk landsbyviden.dk life-act.eu madsonline.dk mit.ikh.rm.dk move-interreg.eu psykiatrien.rm.dk randers.rm.dk regionaludvikling.intranet.rm.dk regionsklinikkenskive.dk regionsklinikkenskjern.dk regionsklinikkenthyholm.dk *.akutlaegehelikopter.dk *.antk.dk *.auh.dk *.c2ccc.eu *.cdss.dk *.cfbh.rm.dk *.coolgeoheat.eu *.danishairambulance.dk *.danishneurosciencecenter.dk *.dccc.dk *.defactum.dk *.desikredeinstitutioner.dk *.digi-lingo.eu *.dmcg.dk *.dok.rm.dk en.auh.dk *.faellesservicecenter.dk *.fagperson.auh.dk *.fagperson.hospitalsenhedmidt.dk *.fagperson.psykiatrien.rm.dk *.fagperson.regionshospitalet-goedstrup.dk *.fagperson.regionshospitalet-horsens.dk *.fagperson.regionshospitalet-randers.dk *.fagperson.sundhed.rm.dk *.godstrup.dk *.grenaasundhedshus.dk *.groennekompetencer.dk *.harts.dk *.hemidt.dk *.hemidt.intranet.rm.dk *.holmstrupgaard.rm.dk *.horsens.rm.dk *.hospitalsenhedmidt.dk *.human-first.org *.ikh.rm.dk *.klinik-almenmedicin-lemvig.dk *.kulturregion.dk *.laege-kvalitet.dk *.landsbyviden.rm.dk *.lemvigsundhedshus.dk *.life-bioscape.eu *.marselisborgcentret.dk *.medarbejder.rm.dk *.organdonation.dk *.pa.intra.rm.dk *.patientkommunikation.dk *.ph.rm.dk *.ps-horsens.intra.rm.dk *.ps-midt.intra.rm.dk *.ps-randers.intra.rm.dk *.ps-vest.intra.rm.dk *.psykiatriakademiet.rm.dk *.psykiatrien.rm.dk *.randers.intranet.rm.dk *.randers.rm.dk *.refer-cdr.eu *.regionshospitalet-goedstrup.dk *.regionshospitalet-horsens.dk *.regionshospitalet-randers.dk *.regionsklinikkenskive.dk *.regionsklinikkenskjern.dk *.regionsklinikkenthyholm.dk *.rehabiliteringsforum.dk *.rkkp.dk *.ru.rm.dk *.sau.rm.dk *.sbu.rm.dk *.sekretariatet.intra.rm.dk *.sektorovergang.rm.dk *.skivesundhedshus.dk *.sku.rm.dk *.social.rm.dk *.socialkvalitetsmodel.dk *.socialmedicin.rm.dk *.soh.rm.dk *.specialpsykologuddannelsen.dk *.specpsyksygeplejerske.dk *.stenoaarhus.dk *.sua.rm.dk *.sundhed.rm.dk *.sundhedsaftalen.rm.dk *.sundhedshusringkoebing.dk *.svo.rm.dk *.tvaerspor.dk *.videreuddannelsen-nord.dk *.voldtaegt.dk *.voresbaredygtighed.rm.dk *.windowstudiet.dk *.zgodkender.rm.dk *.ramazzini.dk; base-uri 'self'; frame-ancestors 'self'; report-uri https://o4504207644033024.ingest.us.sentry.io/api/4510300403204096/security/?sentry_key=0f83650c1c0c90a8ea22a527173f4833&sentry_environment=prod; report-to csp-endpoint 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.secure-afterpay.com.au bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.cloudfront.net *.google-analytics.com *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com  *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 2
default-src 'self' 'unsafe-inline' data: *.squaretrade.com *.facebook.com *.outbound.io *.auth0.com *.launchdarkly.com *.pndsn.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com https://api.segment.io https://api.amplitude.com https://privacyportal-eu.onetrust.com https://secure.shippingapis.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://callback.vhtcx.com https://callback.virtualhold.com https://siteintercept.qualtrics.com https://squaretrade.my.site.com https://squaretrade--qa.sandbox.my.salesforce-scrt.com https://squaretrade--qa.sandbox.my.site.com; form-action 'self' data: *.squaretrade.com *.force.com *.salesforce.com *.auth0.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.squaretrade.com *.auth0.com https://cdn.segment.com *.bootstrapcdn.com *.force.com *.salesforce.com *.qualtrics.com https://platform.twitter.com; font-src 'self' data: *.squaretrade.com  https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: *.squaretrade.com *.auth0.com  *.facebook.com https://p.typekit.net *.google.com *.twitter.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.gstatic.com https://pay.google.com https://checkoutshopper-test.cdn.adyen.com https://m.media-amazon.com https://bfasset.costcostatic.com https://maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.squaretrade.com https://hello.myfonts.net https://service.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.smartrecruiters.com https://cdn.jsdelivr.net *.bootstrapcdn.com https://www.googletagmanager.com *.my.site.com https://www.gstatic.com; script-src-elem 'self' *.squaretrade.com 'unsafe-inline'  *.salesforceliveagent.com https://cdn.segment.com https://cdn.amplitude.com https://cdn.outbound.io https://connect.facebook.net https://www.googletagmanager.com https://service.force.com https://use.typekit.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform.twitter.com *.bootstrapcdn.com https://cdn.jsdelivr.net *.smartrecruiters.com https://player.vimeo.com https://zn8jglatqcy5dkma1-squaretrade.siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.cookielaw.org https://www.youtube.com https://uat-api.paylution.com https://api.paylution.com https://zingtree.com https://squaretrade--qa.sandbox.my.site.com https://maps.googleapis.com; frame-src 'self' *.squaretrade.com  https://service.force.com https://squaretrade.az1.qualtrics.com/ https://www.google.com https://www.facebook.com https://platform.twitter.com *.doubleclick.net https://www.googletagmanager.com https://zingtree.com https://www.youtube.com https://checkoutshopper-test.adyen.com https://squaretrade--qa.sandbox.my.site.com https://squaretrade.my.salesforce-scrt.com; connect-src 'self' *.squaretrade.com *.auth0.com https://cdn.cookielaw.org https://www.google.com https://privacyportal-eu.onetrust.com https://cdn.segment.com https://cdn.segment.io https://api.segment.io https://uat-api.paylution.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutanalytics-test.adyen.com https://siteintercept.qualtrics.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://www.googletagmanager.com https://geolocation.onetrust.com *.launchdarkly.com https://region1.google-analytics.com https://secure.shippingapis.com https://squaretrade.my.salesforce-scrt.com  https://squaretrade--qa.sandbox.my.salesforce-scrt.com https://www.facebook.com https://svc-api-int-1.qa1.squaretrade.com:20000 https://svc-api-int-1.qa2.squaretrade.com:20000 https://svc-api-int-1.qa3.squaretrade.com:20000 https://svc-api-int-1.qa4.squaretrade.com:20000 https://svc-api-int-1.qa5.squaretrade.com:20000 https://svc-api-int-1.qa6.squaretrade.com:20000 https://svc-api-int-1.qa7.squaretrade.com:20000 https://svc-api-int-8.qa1.squaretrade.com:20000 https://svc-api-int-1.stage.squaretrade.com:20000 https://svc-api-int-1.production.squaretrade.com:20000 https://maps.googleapis.com; 2
default-src 'self' http: filesystem: https://*-c2es.pantheonsite.io/ https://c2es.ddev.site https://*.addthis.com https://*.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' http: filesystem: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://*.addthis.com https://*.google-analytics.com https://*.ytimg.com https://*.moatads.com https://*.doubleclick.net https://*.addthisedge.com https://cdnjs.cloudflare.com; style-src 'unsafe-inline' http: filesystem: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.youtube.com; img-src 'self' http: data: filesystem: https://*.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.google-analytics.com; connect-src 'self' filesystem: https://*.google-analytics.com https://*.bookingbug.com https://geolocation.onetrust.com https://*.cookielaw.org https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com *.addtoany.com; font-src 'self' data: filesystem: fonts.gstatic.com use.typekit.net use.fontawesome.com bespoke.bookingbug.com; media-src 'self' filesystem: *.youtube.com *.vimeo.com *.akamaized.net; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame-src 'self'; worker-src 'self'; manifest-src 'self'; navigate-to 'self'; prefetch-src 'self'; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; report-uri /csp-report 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com maxcdn.bootstrapcdn.com data: 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.facebook.com *.nkd.com *.nkd.it 'self' 'unsafe-inline'; frame-ancestors *.nkd.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ *.facebook.com https://plumrocket.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tokenization.secure.payone.com https://accounts.google.com ad4m.at *.criteo.com *.doubleclick.net www.facebook.com hal9000.redintelligence.net *.usercentrics.eu www.usemaxserver.de *.fls.doubleclick.net *.creativecdn.com tsdtocl.com *.sovendus-benefits.com *.sovendus-connect.com *.usemaxserver.de 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com maps.googleapis.com maps.gstatic.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: ad11.adfarm1.adition.com bat.bing.com *.doubleclick.net *.google.com *.google.pl imagesrv.adition.com lantern.roeye.com *.nkd.com track.adform.net usage.trackjs.com *.usercentrics.eu widgets.trustedshops.com www.facebook.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.360yield.com *.3lift.com *.addlv.smt.docomo.ne.jp *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adx.opera.com *.bing.com *.casalemedia.com *.ck-ie.com *.connectad.io *.console.adtarget.com.tr *.creativecdn.com *.dmxleo.com *.e-planning.net *.facebook.com *.facebook.net *.g.doubleclick.net *.go.sonobi.com *.gumgum.com *.inmobi.com *.leap.de *.loopme.me *.marphezis.com *.media.net *.mgid.com *.nexx360.io *.openx.net *.outbrain.com *.roeye.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.trackjs.com *.udmserve.net *.visx.net *.adition.com *.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.googleoptimize.com maps.googleapis.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tokenization.secure.payone.com https://accounts.google.com https://www.gstatic.com *.hsforms.net *.hsforms.com ad4m.at api.sovendus.com bat.bing.com *.taboola.com cdn.mouseflow.com core.loopingo.com *.criteo.com *.epoq.de epoq-systems.de *.facebook.net lantern.roeyecdn.com *.nkd.com tags.creativecdn.com *.usercentrics.eu webanalytics.mso.digital widgets.trustedshops.com www.dwin1.com www.usemaxserver.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.bing.com *.dwin1.com *.epoq-systems.de *.loopingo.com *.usemaxserver.de *.trustedshops.com *.googletagmanager.com *.mouseflow.com *.outbrain.com *.creativecdn.com d22q3dafggn5rg.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io src.mastercard.com https://accounts.google.com https://www.gstatic.com *.googleapis.com *.epoq.de epoq-systems.de https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tokenization.secure.payone.com https://accounts.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com ams.creativecdn.com api.usercentrics.eu bat.bing.com *.criteo.com *.googleapis.com *.taboola.com webanalytics.mso.digital *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.bing.com *.usercentrics.eu *.creativecdn.com *.bing.net *.loopingo.com *.kameleoon.eu *.sovendus.com *.arc.epoq.de *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.cookielaw.org *.cdntwrk.com *.wistia.com *.wistia.net *.q2.com *.sentry-cdn.com *.clarity.ms *.google.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com *.hsappstatic.com *.hsappstatic.net *.hubspot.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.com *.hs-analytics.net *.licdn.com *.marketo.net *.marketo.com *.zoominfo.com *.bizible.com *.6sc.co *.qualified.com *.segment.com *.bugcrowd.com *.bugcrowdusercontent.com bugcrowd.com *.jsdeliver.net *.jsdelivr.net *.cloudflare.com *.doubleclick.net *.youtube.com *.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com 8ab0a26cb0027939bcf5-49c99c3c0c9c98b3365b710757036e1b.ssl.cf5.rackcdn.com *.crazyegg.com *.callrail.com; style-src 'self' *.q2.com 'report-sample' 'unsafe-inline' *.cdntwrk.com *.googleapis.com *.hsappstatic.net *.hubspot.net *.jsdeliver.net *.jsdelivr.net *.marketo.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.pathfactory.com *.googletagmanager.com *.zuddl.com *.qualified.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com *.hubspotusercontent-na1.net *.google.com *.hubspot.com *.hs-banner.com *.onetrust.com *.cookielaw.org *.wistia.com *.embed-cloudfront.wistia.com *.wistia.net *.6sc.co *.6sense.com *.qualified.com wss://*.qualified.com *.segment.com *.segment.io *.linkedin.com *.google-analytics.com *.clarity.ms *.hubapi.com *.doubleclick.com https://stats.g.doubleclick.net *.zoominfo.com *.adnxs.com *.litix.io *.marketo.com *.doubleclick.net *.youtube.com *.pathfactory.com *.zuddl.com api.prod.zuddl.com *.crazyegg.com *.gonorth.io *.callrail.com *.googleadservices.com *.sentry-cdn.com *.hsappstatic.net; font-src 'self' data: *.gstatic.com *.cdntwrk.com *.wistia.com *.wistia.net 7044196.fs1.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; frame-src 'self' *.q2.com *.qualified.com *.doubleclick.net *.wistia.net *.gstatic.com *.google.com *.googletagmanager.com *.bugcrowd.com bugcrowd.com *.hubspotvideo.com *.marketo.com *.youtube.com *.pathfactory.com *.uberflip.com *.zuddl.com *.on24.com *.qualified.com; img-src 'self' *.q2.com data: *.hubspotusercontent-na1.net *.hsappstatic.net *.6sc.co *.cdntwrk.com *.cookielaw.org *.wistia.com *.hsforms.com *.linkedin.com *.hubspot.com *.hubspot.net *.bizible.com *.cloudinary.com *.clarity.ms *.bing.com *.googletagmanager.com *.placeholder.com *.marketo.com googleads.g.doubleclick.net *.doubleclick.net *.google.com *.doubleclick.net *.youtube.com *.hubspotusercontent40.net *.pathfactory.com *.bizibly.com *.gstatic.com *.zuddl.com *.imgix.net *.wistia.net *.qualified.com; manifest-src 'self'; media-src 'self' *.q2.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net 7044196.fs1.hubspotusercontent-eu1.net 7044196.fs2.hubspotusercontent-eu1.net *.marketo.com blob: *.doubleclick.net *.youtube.com *.pathfactory.com; form-action 'self' *.marketo.com *.mktoweb.com *.zuddl.com *.callrail.com *.googleadservices.com *.qualified.com; frame-ancestors 'self' *.q2.com *.pathfactory.com *.lookbookhq.com; report-to https://343747560e392f7a31ae9a0247c09302.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://*.intercom.io wss://*.intercom.io https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://moneybird.cdn.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net data: https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.be https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://*.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io https://*.intercom.io wss://*.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://fast.wistia.com https://fast.wistia.net https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net https://*.wistia.com data: https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; report-uri https://moneybird.com/csp_report; 2
default-src 'self' https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://accounts.google.com https://apis.google.com https://appleid.cdn-apple.com https://bat.bing.com https://cdn.amplitude.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.intercomcdn.com https://maps.googleapis.com https://static.intercomcdn.com https://vercel.live https://tagmanager.google.com https://widget.intercom.io https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://accounts.google.com https://apis.google.com https://appleid.cdn-apple.com https://bat.bing.com https://cdn.amplitude.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.intercomcdn.com https://maps.googleapis.com https://static.intercomcdn.com https://vercel.live https://tagmanager.google.com https://widget.intercom.io https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://fonts.googleapis.com https://www.google.com; style-src-elem 'self' 'unsafe-inline' https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://fonts.googleapis.com https://www.google.com; img-src 'self' data: blob: https: http: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io; font-src 'self' data: blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://appdown.pstatic.net https://assets.cdn.bounc3.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com; connect-src 'self' data: blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://*.usebounce.io https://*.onrender.com https://accounts.google.com https://api-iam.eu.intercom.io https://api-iam.intercom.io https://api.eu.intercom.io https://api.intercom.io https://appleid.apple.com https://*.amplitude.com https://analytics.google.com https://*.analytics.google.com https://bat.bing.com https://bat.bing.net https://bounce.cdn.prismic.io https://browser-intake-datadoghq.com https://*.doubleclick.net https://*.googleapis.com https://maps.googleapis.com https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://primary-realtime.intercom-messenger.com https://*.intercom-messenger.com https://ucarecdn.com https://*.ucarecdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomcdn.com https://www.facebook.com https://www.facebook.net https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://*.google-analytics.com https://www.google.com https://google.com https://www.google.co.uk https://www.google.com.au https://www.google.com.br https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.com.hk https://www.google.de https://www.google.es https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.com.sg wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://primary-realtime.intercom-messenger.com wss://*.intercom-messenger.com wss://*.pusher.com https://*.pusher.com; worker-src 'self' blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io; frame-src 'self' https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://accounts.google.com https://appleid.apple.com https://intercom-sheets.com https://td.doubleclick.net https://vercel.live https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.facebook.com; media-src 'self' blob: https://bounce.com https://*.bounce.com https://usebounce.com https://*.usebounce.com https://*.usebounce.io https://js.intercomcdn.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; upgrade-insecure-requests; report-to https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub8e50b3cc2c1956779a374061145a7883&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketing-web; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub8e50b3cc2c1956779a374061145a7883&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketing-web 2
font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.modo.com.ar fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com.ar mercadopago.com.ar *.getblue.io *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.gocuotas.com www.facebook.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.google.com.ar *.google.es *.google.com.uy *.mercadopago.com.ar *.modo.com.ar *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.gocuotas.com flagpedia.net blob: *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.woowup.com *.hotjar.com *.pageimprove.io pageimprove.io *.getblue.io *.adidas.com *.modo.com.ar *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.gocuotas.com *.gstatic.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com www.gstatic.com *.tagmanager.google.com *.googletagmanager.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.pangle-ads.com *.modo.com.ar *.google.com.ar *.google.com *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.gocuotas.com www.gstatic.com maps.googleapis.com cdn.ampproject.org www.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
connect-src 'self' https: wss:; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://defi-promo.volet.com https://cdn.megabonus.com/fonts/; frame-src 'self' https://consentcdn.cookiebot.eu https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://calendly.com https://verify.walletconnect.org https://mc.yandex.ru https://mc.yandex.com; img-src 'self' data: blob: https:; manifest-src 'self'; media-src 'self' https://blog.static.volet.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://defi-promo.volet.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://connect.facebook.net https://eu-assets.i.posthog.com https://mc.yandex.com https://mc.yandex.ru https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://consentcdn.cookiebot.eu https://mc.yandex.com https://mc.yandex.ru https://connect.facebook.net https://eu-assets.i.posthog.com https://defi-promo.volet.com https://consent.cookiebot.eu https://challenges.cloudflare.com https://*.kaspersky-labs.com; style-src 'self' 'unsafe-inline' https://defi-promo.volet.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://defi-promo.volet.com https://www.gstatic.com https://www.gstatic.com:443 https://*.kaspersky-labs.com; worker-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://csp.volet.com/csp-reports; report-to csp-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; img-src 'self' data: https:; font-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://www.google.com; report-uri https://proxy.csidetm.com/csp; report-to csp-endpoint; 2
default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://*.ingest.sentry.io; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none' 2
default-src 'self' https:; connect-src 'self' https: wss: javascript:; font-src 'self' data: use.typekit.net fonts.gstatic.com *.cloudfront.net fonts.googleapis.com assets.parentsquare.com assets.sandbox.parentsquare.com assets.staging.parentsquare.com themes.googleusercontent.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' blob: data: https: pbs.twimg.com; media-src 'self' data: blob: https:; object-src 'self' parentsquare-restricted-data-production.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /csp_report 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://snap.licdn.com https://www.redditstatic.com https://policy.app.cookieinformation.com https://googleads.g.doubleclick.net https://secure.quantserve.com https://static.ads-twitter.com https://rules.quantcount.com https://analytics.tiktok.com https://tags.srv.stackadapt.com https://www.gstatic.com https://cdn.xsolla.net https://3001.scriptcdn.net https://infird.com; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.gstatic.com; img-src 'self' data: blob: https: https://cms.ioi.dk https://www.facebook.com https://px.ads.linkedin.com https://region1.google-analytics.com https://alb.reddit.com; font-src 'self' data: https://fonts.gstatic.com https://ioi.dk https://use.typekit.net https://r2cdn.perplexity.ai; connect-src 'self' data: https://cms.ioi.dk https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://px.ads.linkedin.com https://alb.reddit.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://www.facebook.com https://policy.app.cookieinformation.com https://o4504207644033024.ingest.us.sentry.io https://vimeo.com https://prreqcroab.icu https://analytics.tiktok.com https://tags.srv.stackadapt.com https://www.googleadservices.com https://pixel.quantserve.com https://pixel.quantcount.com https://googleads.g.doubleclick.net https://analytics-ipv6.tiktokw.us https://consent.app.cookieinformation.com https://store.xsolla.com https://api.killadsapi.com https://overbridgenet.com; frame-src 'self' https://www.googletagmanager.com https://policy.app.cookieinformation.com https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://purchase.xsolla.com https://duertry.com https://access.workspace.google.com https://accounts.google.com; frame-ancestors 'self' https://dev-ioi-website.euwest01.umbraco.io https://stage-ioi-website.euwest01.umbraco.io https://ioi-website.euwest01.umbraco.io; media-src 'self' https://dev-ioi-website.euwest01.umbraco.io https://stage-ioi-website.euwest01.umbraco.io https://cms.ioi.dk; report-uri https://4ff80cf698c8fa08a42150e2d0fae142@o4504207644033024.ingest.us.sentry.io/4510260682948608; report-to csp-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://prismic.io https://*.prismic.io https://*.cdn.prismic.io https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.vidyard.com https://*.ceros.com https://*.salesloft.com https://*.clarity.ms https://*.consentmanager.net https://*.linkedin.com https://*.stackadapt.com https://*.6sc.co https://*.adsrvr.org https://js.zi-scripts.com https://cdn.calibermind.com https://pi.pardot.com https://snap.licdn.com https://siteimproveanalytics.com https://analytics-sm.com https://cdn.evgnet.com https://connect.bakertilly.com https://explore.bakertilly.com https://connect.facebook.net https://bat.bing.com https://static.cloudflareinsights.com https://api.fouanalytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' blob: data: https:; font-src 'self' data: https:; connect-src 'self' https://*.prismic.io https://*.algolia.net https://*.algolianet.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.salesloft.com https://*.stackadapt.com https://*.consentmanager.net https://*.6sc.co https://*.adsrvr.org https://scout.salesloft.com https://e.calibermind.com https://js.zi-scripts.com https://ws.zoominfo.com https://px.ads.linkedin.com https://analytics-sm.com https://bakertillyusllp.us-6.evergage.com https://epsilon.6sense.com https://connect.bakertilly.com https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.net https://a.clarity.ms https://translate.googleapis.com https://translate-pa.googleapis.com https://api.fouanalytics.com https://static.cloudflareinsights.com; frame-src 'self' https://*.youtube.com https://vimeo.com https://*.vimeo.com https://*.vidyard.com https://*.ceros.com https://view.ceros.com https://cdn.consentmanager.net https://bakertilly.prismic.io https://www.googletagmanager.com https://connect.bakertilly.com https://explore.bakertilly.com https://experience.arcgis.com https://player.simplecast.com https://widget.spreaker.com https://insight.adsrvr.org https://match.adsrvr.org https://go.demo.pardot.com https://event.on24.com https://www.google.com; media-src 'self' data: https://*.prismic.io https://*.cdn.prismic.io; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://bakertilly.prismic.io; report-uri /api/csp-report; report-to csp-endpoint 2
default-src 'self'; script-src 'self' https://cdn.levelaccess.net https://cdn.segment.com https://js-agent.newrelic.com https://script.hotjar.com https://static.hotjar.com https://static.khealth.com https://static.legitscript.com; style-src 'self'; object-src 'none'; base-uri 'self'; img-src 'self' data: https://static.legitscript.com; font-src 'self'; connect-src 'self' https://cdn.levelaccess.net https://api.segment.io https://bam.nr-data.net https://cdn.segment.com; frame-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-to csp-endpoint 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
default-src 'self'; style-src 'self' https://*.typekit.net https://cdnjs.cloudflare.com; font-src https://*.typekit.net; script-src 'self' https://sparkplatform.com https://cdnjs.cloudflare.com 2
style-src-elem cdn.consentmanager.net cdn.honey.io www.bing.com r.bing.com *.hagel-shop.de *.hagel-shop.at 'unsafe-inline' tracking.paqato.com static-tracking.klaviyo.com m2stage-blog.hagel-shop.de www.gstatic.com fonts.googleapis.com; script-src-elem rum.hlx.page tracking.paqato.com platform.instagram.com dynamic.criteo.com www.googletagmanager.com www.dwin1.com kerastase-quiz.vercel.app unpkg.com lantern.roeyecdn.com www.instagram.com commerce.adobedtm.com cdn.consentmanager.net a.delivery.consentmanager.net www.clarity.ms static-eu.payments-amazon.com magento-recs-sdk.adobe.net bat.bing.com player.reetags.com connect.facebook.net analytics.tiktok.com js.mollie.com sslwidget.criteo.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: cdn.elev.io media.flixfacts.com static.klaviyo.com tracking.paqato.com account.affilitizer.com at.alicdn.com cdn-uicons.flaticon.com cdn.faceworks.nl cdn.honey.io media.flixcar.com moz-extension: r2cdn.perplexity.ai http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io d3dc1lgancj6l0.cloudfront.net maxcdn.bootstrapcdn.com *.paypal.com *.paypalobjects.com applepay.cdn-apple.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com http://*.facebook.com https://*.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.hagel-shop.de 'self' www.hagel-shop.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.consentmanager.net https://delivery.consentmanager.net www.awin1.com cdn.consentmanager.net *.criteo.com *.criteo.net *.dixa.io *.doubleclick.net *.durchsichtig.xyz *.hagel-shop.de *.hotjar.com www.facebook.com media.flixcar.com *.klarinsights.net www.paypalobjects.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com bat.bing.com www.instagram.com return.4sellers.de 10.10.10.1:8090 bcsgsrv.com bispadisch.de caclk.com cdn.elev.io cmodul.solutenetwork.com div.show fwwh.werkhaus-bielefeld.de:8091 gateway.zscaler.net gateway.zscloud.net hipodi.com kerastase-quiz.vercel.app oponas.com ptclk.com www.explorr.net www.pricejoe.com https://www.googletagmanager.com/ connect.facebook.net graph.facebook.com business.facebook.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ http://*.facebook.com https://*.facebook.com js.mollie.com *.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com gateways.zscloud.net ifw.noel.gv.at 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://cdn.consentmanager.net https://delivery.consentmanager.net validate.fishpig.co.uk sync.1rx.io ad.360yield.com eb2.3lift.com *.adnxs.com *.agkn.com www.awin1.com *.bing.com *.bing.net *.bidswitch.net *.casalemedia.com *.cloudfront.net *.consentmanager.net *.criteo.com public-prod-dspcookiematching.dmxleo.com *.doubleclick.net e1.emxdgt.com www.facebook.com media.flixcar.com *.flix360.com *.google.com *.google.de *.googletagmanager.com fonts.gstatic.com *.hagel-shop.de id5-sync.com matching.ivitrack.com contextual.media.net exchange.mediavine.com visitor.omnitagjs.com sync.outbrain.com jadserve.postrelease.com simage2.pubmatic.com *.roeye.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv *.tiktok.com criteo-partners.tremorhub.com a.twiago.com *.taboola.com sync.targeting.unrulymedia.com t.ssl.ak.dynamic.tiles.virtualearth.net www.wepowerconnections.com ad.yieldlab.net sync-criteo.ads.yieldmo.com *.zenaps.com c.clarity.ms assets.paqato.com www.google.hu www.google.es csm.nl3.eu.criteo.net www.google.nl *.hagel-shop.at bat.bing.com blob: client-side-metrics.fr3.eu.criteo.net client-side-metrics.nl3.eu.criteo.net d3k81ch9hvuctc.cloudfront.net google.com hagel-de.ddev.site media.flixfacts.com modular.flix360.io static-eu.payments-amazon.com t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.il www.google.co.in www.google.co.kr www.google.co.th www.google.co.uk www.google.co.uz www.google.co.za www.google.com.au www.google.com.br www.google.com.eg www.google.com.hk www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.fi www.google.fr www.google.gr www.google.hr www.google.ie www.google.it www.google.jo www.google.li www.google.lu www.google.lv www.google.md www.google.mk www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.zenaps.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.linkedin.com https://*.linkedin.com http://*.facebook.com https://*.facebook.com http://www.google.com/ http://www.google.de/ https://www.google.de/ https://www.googletagmanager.com http://www.googletagmanager.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://widgets.trustedshops.com/ https://www.mollie.com *.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com www.hagel-shop.at www.googleads.g.doubleckick.net www.google.com.ro data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsd-widget.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.hagel-shop.de *.hagel-shop.at *.ablyft.com www.awin1.com *.bing.com *.clarity.ms *.consentmanager.net *.criteo.com messenger.dixa.io www.dwin1.com cdn.elev.io connect.facebook.net prod.flixgvid.flix360.io media.flixcar.com media.flixfacts.com *.google-analytics.com *.googleoptimize.com *.hotjar.com lantern.roeyecdn.com lantern.roeye.com the.sciencebehindecommerce.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com analytics.tiktok.com *.virtualearth.net www.zeitung-direkt.de tracking.paqato.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com graph.facebook.com business.facebook.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io unsafe-inline userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com http://www.google.com/recaptcha/ https://widgets.trustedshops.com/ js.mollie.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com rum.hlx.page 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.bing.com media.flixcar.com *.googletagmanager.com css/light.theme.css static-tracking.klaviyo.com tracking.paqato.com www.gstatic.com 'unsafe-inline' https://static.klaviyo.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net data: 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.hagel-shop.de data: mcprod.hagel-shop.de media.flixfacts.com youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.ablyft.com magento-recs-sdk.adobe.net commerce.adobedtm.com *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.dixa.io *.criteo.com *.doubleclick.net *.durchsichtig.xyz *.elev.io media.flixcar.com maps.googleapis.com *.google-analytics.com *.google.de *.hagel-shop.de *.hotjar.com *.hotjar.io *.klarinsights.net the.sciencebehindecommerce.com *.sovendus.com analytics.tiktok.com unpkg.com/@adobe/ www.wepowerconnections.com tracking.paqato.com api-js.datadome.co api.killadsapi.com api.vid-adblocker.com cmodul.solutenetwork.com data: overbridgenet.com rt.flix360.com static-eu.payments-amazon.com update.adblock360.org www.facebook.com www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.il www.google.co.in www.google.co.kr www.google.co.th www.google.co.uk www.google.com.eg www.google.com.hk www.google.com.mx www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.vn www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.it www.google.lt www.google.lu www.google.mk www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn rum.hlx.page https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ connect.facebook.net graph.facebook.com business.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://salesviewer.org/ userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.sandbox.paypal.com autocomplete2.postdirekt.de test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com analytics-ipv6.tiktokw.us www.google.cz 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com https://cdn.consentmanager.net https://delivery.consentmanager.net test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 2
report-to https://r4com.report-uri.io/r/default/csp/reportOnly 2
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.inviewuclab.com static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com blob: ; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com data: blob: 127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' https://fonts.gstatic.com data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' https://google.com *.google.com https://maps.googleapis.com https://maps.gstatic.com ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com https://events.mapbox.com *.inviewuclab.com https://tiles.openfreemap.org ; worker-src 'self' blob: ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 2
default-src 'self'; script-src 'self' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https:; frame-src https://www.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chartbeat.com optanon.blob.core.windows.net *.brightcove.net *.brightcove.com *.googleadservices.com *.adservice.google.com https://adservice.google.com/* adservice.google.com.br *.googletagmanager.com *.tagmanager.google.com *.chimpstatic.com chimpstatic.com *.jquery.com *.zencdn.net *.ytimg.com *.surveymonkey.com *.googleapis.com *.facebook.net *.googletagservices.com *.addthis.com *.google-analytics.com *.onetrust.com *.ampproject.org *.doubleclick.net *.google.com *.mailchimp.com *.addthisedge.com *.youtube.com *.google.co.uk *.list-manage.com *.outbrain.com *.twitter.com *.twimg.com *.googlesyndication.com *.moatads.com *.radioplayer.co.uk *.cheqzone.com *.rubiconproject.com *.cookielaw.org *.cloudflareinsights.com *.instagram.com *.apester.com *.snap.licdn.com *.doubleverify.com *.aniview.com *.vidazoo.com *.ajax.cloudflare.com *.licdn.com *.pinterest.com *.embedresponsively.com *.amazonaws.com *.apester.com/* *.forces.liveblog.pro *.forces.liveblog.pro/* *.strawpoll.com *.freewheel.tv *.lkqd.net *.beachfront.com *.smartadserver.com *.aniview.com *.admanmedia.com *.improvedigital.com *.onetag.com *.indexexchange.com *.pubmatic.com *.rhythmone.com *.video.unrulymedia.com *.gstatic.com *.newrelic.com cdn.jsdelivr.net cdn.bidder.dev c.amazon-adsystem.com quantcast.mgr.consensu.org secure.quantserve.com rules.quantcount.com static.criteo.net *.dotomi.com *.tiktok.com *.google.ie *.ibytedtos.com *.tiktokcdn.com chartbeat.com *.media.net *.sharethrough.com *.openx.com *.sonobi.com *.districtm.io *.emxdgt.com *.appnexus.com *.google.com *.rhythmone.com *.33across.com *.lemmatechnologies.com *.e-planning.net *.themediagrid.com *.sovrn.com *.lijit.com *.gumgum.com *.nr-data.net *.ttwstatic.com *.thinglink.com *.thinglink.me *.defybrick.com e.infogram.com *.clarity.ms; frame-src 'self'  'unsafe-eval' *.addthis.com *.googlesyndication.com *.facebook.com/ *.outbrain.com *.twitter.com *.surveymonkey.com embeds.audioboom.com *.rubiconproject.com *.apester.com *.openx.net *.pinterest.com *.instagram.com *.embedresponsively.com *.youtube.com *.pubmatic.com *.forces.net *.forcesnews.com *.google.com *.bfbs.com apester.com/* forces.liveblog.pro forces.liveblog.pro/* *.strawpoll.com/ timbre-player.sharp-stream.com *.tiktok.com googleads.g.doubleclick.net gum.criteo.com pre.ads.justpremium.com console.googletagservices.com giphy.com *.giphy.com e.infogram.com *.thinglink.com *.thinglink.me; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: apester.com/* forces.liveblog.pro/* *.strawpoll.com/; upgrade-insecure-requests 2
default-src 'self' ; style-src 'self' 'unsafe-inline' https://cdn-cookieyes.com ; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.apple-mapkit.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn-cookieyes.com ; img-src 'self' blob: data: https://snapshot.apple-mapkit.com https://cdn.apple-mapkit.com https://www.googletagmanager.com https://www.google.co.uk https://*.ytimg.com https://img.youtube.com https://secure.gravatar.com https://cdn-cookieyes.com ; font-src 'self' data: https://fonts.gstatic.com ; media-src 'self' data: ; connect-src 'self' https://api.apple-mapkit.com https://cdn.apple-mapkit.com https://gsp10.apple-mapkit.com https://www.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.googletagmanager.com https://log.cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com ; frame-src 'self' https://allergens.jdwetherspoon.com https://www.jdwetherspooncareers.com https://www.google.com https://*.youtube-nocookie.com https://*.youtube.com ; frame-ancestors 'self' ; object-src 'none' ; base-uri 'self' ; form-action 'self' ; worker-src 'self' blob: ; upgrade-insecure-requests  ; report-uri https://jdwetherspoon.report-uri.com/r/d/csp/reportOnly ; report-to default ; 2
default-src 'self' data: blob: https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com; connect-src 'self' data: properties: https://cmfglifeinsurance.us-6.evergage.com https://*.google-analytics.com https://*.google.com https://*.linkedin.com https://*.niceincontact.com https://clientstream.launchdarkly.com/ https://fonts.gstatic.com https://*.optimizely.com https://*.cunamutual.com https://www.nextinsure.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googlesyndication.com https://*.trustage.com https://us-central1-adaptive-growth.cloudfunctions.net https://cdn.linkedin.oribi.io https://s.yimg.com https://*.doubleclick.net https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://*.bing.com https://*.googleapis.com https://cunamutual.okta.com https://cdn.cookielaw.org https://cunamutual.oktapreview.com/ https://*.googleadservices.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com https://facebook.com/ https://*.segment.io https://*.segment.com https://*.permutive.com https://calc-backend-prod.herokuapp.com https://www.facebook.com https://eastus2-0.in.applicationinsights.azure.com https://*.api.boomtrain.com https://cunamutualdtc--democc.sandbox.my.salesforce-scrt.com https://cunamutualdtc.my.site.com https://*.c360a.salesforce.com; frame-ancestors 'self' https://trustage.com https://*.optimizely.com https://*.trustagedem.com https://*.trustagedemo.com; frame-src 'self' https://trustage.com https://*.googlesyndication.com https://cunamutual.widen.net https://login.microsoftonline.com https://*.widencdn.net https://*.opendns.com https://*.optimizely.com https://www.youtube.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net https://*.doubleclick.net https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://www.googletagmanager.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.affec.tv https://*.opendns.com https://www.facebook.com https://*.ceros.com https://home-c27.incontact.com https://*.polly.co https://web-modules-de-na1.niceincontact.com https://cunamutualdtc--democc.sandbox.my.site.com https://cunamutualdtc.my.site.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cmfglifeinsurance.us-6.evergage.com https://*.googlesyndication.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static-demo.trustage.cloud https://*.trustage.com https://*.googleadservices.com https://*.trustagedem.com https://*.trustagedemo.com https://cdn.cookielaw.org https://*.signalintent.com https://*.google.com https://chase-var.hostedpaymentservice.net https://chase.hostedpaymentservice.net https://cdn.pdst.fm https://snap.licdn.com https://insurance.mediaalpha.com https://us-central1-adaptive-growth.cloudfunctions.net https://s.yimg.com https://*.facebook.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://privacyportal.onetrust.com https://*.google.com https://sp.analytics.yahoo.com https://*.linkedin.com https://www.pagespeed-mod.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://solutions.invocacdn.com https://pnapi.invoca.net https://*.affec.tv/ https://*.evgnet.com/ https://*.ceros.com https://home-c27.incontact.com https://secure.adnxs.com https://cdn.permutive.com https://trkn.us https://www.facebook.com https://cdn.c360a.salesforce.com/ https://seal.digicert.com/ https://*.boomtrain.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://cmfglifeinsurance.us-6.evergage.com https://www.gstatic.com https://*.optimizely.com https://*.affec.tv/ https://chase.hostedpaymentservice.net https://*.bing.com https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://cdn.pdst.fm https://cdn.cookielaw.org https://snap.licdn.com https://*.qualtrics.com https://s.yimg.com https://*.salesforceliveagent.com https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bat.bing.com https://*.evgnet.com/ https://*.levelaccess.net https://chase-var.hostedpaymentservice.net https://*.oktacdn.com https://www.googleoptimize.com https://*.trustpilot.com/ https://az416426.vo.msecnd.net/ https://solutions.invocacdn.com https://secure.adnxs.com https://cdn.permutive.com https://*.signalintent.coms https://*.segment.com https://*.ceros.coms https://cdn.c360a.salesforce.com/ https://seal.digicert.com/ https://tracking.intentsify.io/ https://web-modules-de-na1.niceincontact.com/ https://cunamutualdtc--democc.sandbox.my.site.com https://cunamutualdtc.my.site.com; style-src 'self' 'unsafe-inline' https://cmfglifeinsurance.us-6.evergage.com https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.signalintent.com https://rsms.me https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://google.ca https://www.googleoptimize.com https://*.google-analytics.com https://*.trustpilot.com/ https://www.youtube.com https://web-modules-de-na1.niceincontact.com  https://pwm-image.trendmicro.com https://cdn.honey.io https://www.gstatic.com/ https://cunamutualdtc--democc.sandbox.my.site.com https://cunamutualdtc.my.site.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; font-src 'self' data: https://cmfglifeinsurance.us-6.evergage.com https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com https://fonts.cdnfonts.com https://use.fontawesome.com https://static2.sharepointonline.com https://static.zip.co https://embed.signalintent.com https://appservice.azureedge.net/; report-uri /api/csp/report; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://fonts.gstatic.com *.stape.io *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com d114hh0cykhyb0.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com *.braintreegateway.com *.paypal.com *.google.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com superbrightleds.atlassian.net *.criteo.com *.criteo.net *.nr-data.net *.trustpilot.com *.pinimg.com *.pinterest.com *.licdn.com *.linkedin.com *.vwo.com *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com livehelpnow.net *.livehelpnow.net *.placeholder.com *.cloudfront.net *.trustkeeper.net *.trustwave.com *.digicert.com dis.criteo.com tags.bluekai.com secure.adnxs.com sync.ad-stir.com *.yahoo.com *.360yield.com *.3lift.com *.addthis.com *.adnxs.com *.adscale.de *.advertising.com *.agkn.com *.amazon-adsystem.com *.bbb.org *.bidswitch.net *.bing.com *.casalemedia.com *.clmbtech.com *.contextweb.com *.criteo.com *.demdex.net *.dmxleo.com matching.ivitrack.com *.krxd.net *.liadm.com mcprod.superbrightleds.com *.media.net exchange.mediavine.com partner.mediawallahscript.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.revcontent.com *.rlcdn.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.socdm.com *.smartadserver.com *.stickyadstv.com *.taboola.com *.tapad.com *.teads.tv ad.tpmn.co.kr *.tremorhub.com *.turn.com *.yieldlab.net *.yieldmo.com *.zonos.com *.pinimg.com *.pinterest.com *.linkedin.com *.visualwebsiteoptimizer.com id5-sync.com a.twiago.com sync.1rx.io *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com superbrightleds.atlassian.net *.digicert.com *.criteo.net *.criteo.com *.zonos.com *.trustpilot.com *.iglobalstores.com *.mixpanel.com *.mxpnl.com *.pinimg.com *.pinterest.com *.googleoptimize.com pageimprove.io *.licdn.com *.linkedin.com *.visualwebsiteoptimizer.com *.vwo.com *.facebook.net *.livehelpnow.net *.bing.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com d114hh0cykhyb0.cloudfront.net http://localhost:* *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.criteo.com *.zonos.com *.mixpanel.com *.pinimg.com *.pinterest.com pageimprove.io *.visualwebsiteoptimizer.com *.facebook.com *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill-fastly.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cstatic.weborama.fr cdn.trustcommander.net www.googletagmanager.com https://api.dmcdn.net https://*.criteo.com https://connect.facebook.net https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill-fastly.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
script-src-attr 'unsafe-inline'; font-src https://*.gstatic.com *.bglobale.com *.global-e.com https://use.typekit.net https://x.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com payments.amazon.de https://www.shopmyexchange.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.bglobale.com *.global-e.com https://ct.pinterest.com https://*.fls.doubleclick.net https://postrelease.com https://*.rfihub.com *.yotpo.com https://frame.hub-box.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://alb.reddit.com https://analytics.twitter.com https://bat.bing.com https://*.doubleclick.net https://*.facebook.com https://sync.intentiq.com https://jadserve.postrelease.com https://t.co https://*.teads.tv https://r.turn.com https://*.yahoo.com *.yotpo.com https://i.lfi.media https://cdn.hub-box.com https://www.danner.com https://www.lacrossefootwear.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cnstrc.com *.convertexperiments.com https://ads.pubmatic.com https://static.ads-twitter.com https://bat.bing.com https://cdn.attn.tv https://cdn.ravm.tv https://cdnjs.cloudflare.com https://ct.pinterest.com https://connect.facebook.net https://cdn.id5-sync.com https://agent.intentiq.com https://s.ntv.io https://s.pinimg.com https://platform.twitter.com https://jadserve.postrelease.com https://c1.rfihub.net https://*.taboola.com https://*.teads.tv https://s.yimg.com https://static.zdassets.com https://assets.calendly.com https://js.klarna.com https://*.locally.com *.yotpo.com https://*.klaviyo.com https://cdn.segment.com https://*.cdp.danner.com https://*.cdp.lacrossefootwear.com https://cdn.hub-box.com https://*.addressy.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.bglobale.com *.global-e.com https://static.klaviyo.com https://cdnjs.cloudflare.com https://*.typekit.net https://x.klarnacdn.net *.yotpo.com *.googleapis.com https://*.klaviyo.com https://api.addressy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://i.lfi.media 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ac.cnstrc.com https://*.attn.tv https://bat.bing.com https://cdn.ravm.tv https://gum.criteo.com https://id.crwdcntrl.net https://ct.pinterest.com https://*.doubleclick.net https://id5-sync.com https://eu-1-id5-sync.com/ https://*.reddit.com https://*.redditstatic.com https://*.taboola.com https://*.teads.tv https://s.yimg.com https://*.zdassets.com https://*.zendesk.com https://tags.w55c.net https://js.klarna.com https://evt-na.klarnaservices.com https://www.locally.com *.yotpo.com https://*.klaviyo.com https://api.segment.io https://cdn.segment.com https://*.cdp.danner.com https://*.cdp.lacrossefootwear.com https://api.addressy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 2
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com https://webapp.recyclecoach.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com https://webapp.recyclecoach.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.cloudfront.net https://*.vattenfall.nl https://*.vattenfall.com https://*.azure-api.net/ https://*.mopinion.com; base-uri 'self' https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com; form-action 'self'  https://*.demdex.net https://*.cloudfront.net https://*.svtrd.com https://*.vattenfall.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.stt.speech.microsoft.com wss://*.cognigy.cloud https://endpoint-vattenfall.cognigy.cloud https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://nominatim.openstreetmap.org https://*.linkedin.com https://*.demdex.net  https://*.www.google.nl/pagead https://*.pa-cd.com/ https://*.azure-api.net/ https://*.vattenfall.com https://*.googleapis.com https://*.blob.core.windows.net https://*.services.visualstudio.com https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwik.pro https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleads https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://*.relay42.com https://w.usabilla.com https://api.usabilla.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com  https://westeurope-5.in.applicationinsights.azure.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.google.nl/pagead https://cep-api.vattenfall.com https://*.googleadservices.com https://*.bing.net https://*.bing.com https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.adoberesources.net https://*.googlesyndication.com https://*.cloudfront.net https://*.idomoo.com https://*.queue-it.net https://*.mopinion.com https://*.piwik.pro https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com  https://westeurope-5.in.applicationinsights.azure.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://*.clarity.ms; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://datawrapper.dwcdn.net https://*.dwcdn.net https://*.bbvms.com https://*.idomoo.com https://*.zonatlas.nl https://*.spotify.com https://*.cloudfront.net https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com  https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://www.youtube.com https://js.monitor.azure.com https://web.telemetric.dk https://westeurope-5.in.applicationinsights.azure.com https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://*.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://*.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com https://www.googletagmanager.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.idomoo.com https://*.queue-it.net https://*.vattenfall.nl https://tdn.r42tag.com https://admin.relay42.com https://w.usabilla.com https://api.usabilla.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://*.youtube.com https://js.monitor.azure.com https://westeurope-5.in.applicationinsights.azure.com  https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.nl https://*.google.com https://*.google.co.uk https://pingvp.com https://*.pingvp.com; style-src 'self' 'unsafe-inline' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.idomoo.com https://*.cloudfront.net https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com https://r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.mopinion.com; img-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.google.nl https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io  https://*.linkedin.com https://tdn.r42tag.com https://admin.relay42.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://*.piwik.pro https://*.facebook.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.svtrd.com https://*.cloudfront.net https://w.usabilla.com https://web.telemetric.dk https://vattenfalltesting.24sessions.com https://connect.facebook.net https://img06.en25.com r2eu01.visualwebsiteoptimizer.com https://dc.services.visualstudio.com https://t.svtrd.com https://businessspecificapimanglobal.azure-api.ne https://googleads.g.doubleclick.net https://*.www.google.nl/pagead https://*.www.google.de/pagead https://cep-api.vattenfall.com https://td.doubleclick.net https://googleadservices.com https://*.cdn-0.d41.co https://*.w9shetvlr6.d41.co https://*.bing.com https://*.bing.net https://*.lt45.net https://snap.licdn.com https://*.visualwebsiteoptimizer.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.openstreetmap.org https://*.mopinion.com data:; font-src 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.googleapis.com https://*.gstatic.com https://dl.episerver.net https://pingvp.com https://*.pingvp.com https://*.mopinion.com data:; frame-ancestors 'self' https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.vattenfall.nl https://pingvp.com https://*.pingvp.com; worker-src 'self' data: https://*.svc.dynamics.com https://*.mkt.dynamics.com https://*.azureedge.net https://*.googlesyndication.com https://*.vattenfall.nl https://*.visualwebsiteoptimizer.com https://*.change.inc/ https://nrcwebwinkel.nl https://dl.episerver.net https://*.spotify.com https://www.google-analytics.com/* blob:; block-all-mixed-content 2
default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com *.optimizely.com *.decibelinsight.net *.onescreen.ai;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' data: fonts.gstatic.com *.fontawesome.com;worker-src 'self' blob: 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com https://script.hotjar.com *.algolia.com *.googleapis.com *.bootstrapcdn.com https://*.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.kohlerbycochez.com network-a.bazaarvoice.com maps.gstatic.com *.algolia.com media.flixcar.com rt.flix360.com *.google.com *.google-analytics.com *.googleadservices.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com https://*.bazaarvoice.com https://*.google.com.pa data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.publitas.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://apps.bazaarvoice.com *.kohlerbycochez.com apps.bazaarvoice.com static.hotjar.com script.hotjar.com h.online-metrix.net js-agent.newrelic.com www.google.com www.gstatic.com maps.googleapis.com *.algolia.com media.flixfacts.com media.flixcar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://cdn.jsdelivr.net https://view.publitas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.publitas.com *.fontawesome.com *.kohlerbycochez.com *.algolia.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com videos.pexels.com *.algolia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kohlerbycochez.com bam.nr-data.net maps.googleapis.com https://surveystats.hotjar.io media.flixcar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://*.bazaarvoice.com https://*.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net *.kohlerbycochez.com ws.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com cdn.bladeville.pl cdn.bladeville.com *.facebook.com *.facebook.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com cdn.bladeville.pl cdn.bladeville.com bladeville.dev.aur.ac bladevilleen.dev.aur.ac *.facebook.com *.facebook.net blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl secure.payu.com secure.snd.payu.com cdn.bladeville.pl cdn.bladeville.com bladeville.dev.aur.ac bladevilleen.dev.aur.ac *.facebook.com *.facebook.net https://furgonetka.pl *.jsdelivr.net api.mapbox.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com cdn.bladeville.pl cdn.bladeville.com bladeville.dev.aur.ac bladevilleen.dev.aur.ac *.facebook.com *.facebook.net api.mapbox.com *.jsdelivr.net https://unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com cdn.bladeville.pl cdn.bladeville.com bladeville.dev.aur.ac bladevilleen.dev.aur.ac *.facebook.com *.facebook.net *.furgonetka.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com st.dynamicyield.com go.mastercardservices.com pi.pardot.com snap.licdn.com assets.adobetm.com api-mastercard-dxp.nd.nudatasecurity.com s.go-mpulse.net 6sc.co 6sense.com *.6sc.co *.6sense.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://asset.forms.mastercard.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.dynamicyield.com https://asset.forms.mastercard.com; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; 2
upgrade-insecure-requests; report-to https://www.codium.ai; report-uri https://www.codium.ai; 2
default-src 'self' https://s0.wp.com https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' data: blob: https://www.youtube.com https://player.vimeo.com https://wp-themes.com; img-src * data:; media-src * data:; style-src 'self' https://fonts.googleapis.com data: 'unsafe-inline'; script-src https://wp-themes.com 'self' data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; frame-ancestors 'self' https://hub.libraesva.com; report-uri https://sentry.libraesva.com/api/16/security/?sentry_key=ec35ea3e850202bb70633fcd5d55c698 2
default-src 'self'; connect-src *; img-src * data:; script-src 'self' cdn.bizible.com; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/ https://*.qualified.com; font-src 'self' kit.fontawesome.com ka-p.fontawesome.com https://fast.wistia.com/ https://fast.wistia.net/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob: mediastream: https://*.qualified.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.8am.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/ https://*.qualified.com; child-src https://*.qualified.com; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content 2
script-src-elem *.bing.com *.clarity.ms *.googleadservices.com *.youtube.com *.global-e.com *.bglobale.com *.redditstatic.com *.bing-int.com *.trustpilot.com *.tiktok.com www.googletagmanager.com static-tracking.klaviyo.com static.klaviyo.com *.herroom.com unpkg.com *.googleapis.com www.paypal.com js.braintreegateway.com pay.google.com c.paypal.com cdn.kustomerapp.com connect.facebook.net gepi.global-e.com web.global-e.com webservices.global-e.com www.google.com www.gstatic.com *.pinimg.com cdn.noibu.com *.cloudfront.net utt.impactcdn.com googleads.g.doubleclick.net *.pinterest.com se.monetate.net www.paypalobjects.com *.sitejabber.com *.slick.min.js *.msn.com *.r.msn.com *.listrakbi.com cdn.jsdelivr.net *.listrak.com *.aftership.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.googleapis.com *.bglobale.com *.trustpilot.com *.herroom.com p.typekit.net use.typekit.net gepi.global-e.com static.klaviyo.com static-tracking.klaviyo.com *.sitejabber.com *.listrakbi.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.global-e.com *.bglobale.com *.gstatic.com s3-eu-west-1.amazonaws.com cdn.kustomerapp.com globale-prod.s3-eu-west-1.amazonaws.com *.sitejabber.com *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.cloudfront.net *.pinterest.com *.global-e.com *.youtube.com *.listrakbi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com www.googletagmanager.com *.weltpixel.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com *.google.com *.cloudfront.net *.pinterest.com *.listrakbi.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.global-e.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.bglobale.com assets.herroom.net media.herroom.com *.bing.com *.clarity.ms maps.googleapis.com *.herroom.com *.google.ch bat.bing.net widgets.automizely.com widgets.automizely.io magefan.com *.trustpilot.com *.magefan.com herroom.scene7.com www.googletagmanager.com s3-eu-west-1.amazonaws.com cdn.kustomerhostedcontent.com *.google.com *.brandlock.io media.hisroom.com www.ojrq.net logs-01.loggly.com *.cloudfront.net connect.facebook.net *.sitejabber.com *.doubleclick.net *.g.doubleclick.net *.listrakbi.com *.espssl.com *.kustomerapp.com data: 'self' 'unsafe-inline'; script-src *.adobe.com www.googleadservices.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.magento-ds.com *.global-e.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.maxmind.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com assets.adobedtm.com amcglobal.sc.omtrdc.net t.paypal.com www.googleapis.com vimeo.com www.vimeo.com www.google.com www.googletagmanager.com www.google-analytics.com *.bglobale.com unpkg.com *.clarity.ms *.tiktok.com *.cloudfront.net *.listrakbi.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.trustpilot.com *.pinimg.com *.listrak.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.global-e.com assets.braintreegateway.com *.bglobale.com *.typekit.net widgets.automizely.com widgets.automizely.io *.trustpilot.com use.typekit.net *.sitejabber.com *.listrakbi.com 'self' 'unsafe-inline'; object-src *.listrakbi.com 'self' 'unsafe-inline'; media-src *.adobe.com assets.herroom.net *.espssl.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src *.listrakbi.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.mmapiws.com *.googleapis.com *.bing.com *.clarity.ms *.brandlock.io *.tiktok.com *.cloudfront.net *.clartity.ms *.google.ch bat.bing.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.automizely.com api.automizely.io *.global-e.com *.bing-int.com *.trustpilot.com a.klaviyo.com andragroup.api.kustomerapp.com www.facebook.com input.noibu.com cdn.noibu.com wss://input.noibu.com herroom.pxf.io hisroom.sjv.io *.pinterest.com herroom.scene7.com *.pndsn.com resource-proxy.noibu.com *.sitejabber.com *.listrakbi.com *.listrak.com *.bglobale.com *.impact.site *.googleadservices.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self *.herroom.com *.hisroom.com mcprod.herroom.com *.hisrroom.com *.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri self *.herroom.com *.hisroom.com *.listrakbi.com 'self' 'unsafe-inline'; 2
connect-src 'self' *.posthog.com *.cybaa.io cybaa.kinde.com *.eu.kinde.com cloudflareinsights.com https://api.stripe.com; font-src cdnjs.cloudflare.com use.fontawesome.com fonts.gstatic.com 'self'; frame-src https://js.stripe.com https://*.js.stripe.com *.cybaa.io; img-src 'self' https: data:; manifest-src 'self' cybaa.cloudflareaccess.com; script-src-elem 'self' 'report-sha256' https://js.stripe.com/v3/pricing-table.js https://js.stripe.com/v3/buy-button.js *.cybaa.io cdnjs.cloudflare.com 'unsafe-inline' static.cloudflareinsights.com *.posthog.com; style-src cdn.jsdelivr.net; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; script-src 'self' 'report-sha256' 'wasm-unsafe-eval' 'unsafe-eval' *.cybaa.io 'unsafe-inline' static.cloudflareinsights.com https://*.js.stripe.com https://js.stripe.com cdn.jsdelivr.net; frame-ancestors https://*.cybaa.io; worker-src 'self' blob: data:; report-uri https://cybaa.report-uri.com/r/d/csp/enforce; report-to default 2
default-src 'self'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com; font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-scripts.com *.hs-analytics.net static.hsappstatic.net *.hsforms.net *.hsforms.com *.hsadspixel.net js.hscta.net js-eu1.hscta.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com www.googletagmanager.com www.google-analytics.com snap.licdn.com genio.co; style-src 'self' 'unsafe-inline' static.hsappstatic.net fonts.googleapis.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net genio.co; img-src 'self' data: *.hubspot.com *.hs-scripts.com www.google-analytics.com licdn.com js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com; connect-src 'self' *.hubapi.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-analytics.net *.azure.com *.posthog.com www.google-analytics.com; frame-src 'self' *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com play.hubspotvideo.com play-eu1.hubspotvideo.com *.hubspot.net *.hsforms.net *.hsforms.com www.youtube.com player.vimeo.com genio.co; child-src *.hsforms.com; font-src 'self' static.hsappstatic.net fonts.gstatic.com; upgrade-insecure-requests; 2
default-src 'self' https://jobs.b-ite.com https://bwp-online.gelsenkirchen.de https://ads.gelsen.net https://ads2.gelsen.net https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://start.video-stream-hosting.de https://www.xn--fundbrodeutschland-q6b.de; style-src 'self' 'unsafe-inline' https://bwp-online.gelsenkirchen.de https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com; img-src 'self' https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://server.arcgisonline.com https://*.tile.openstreetmap.org https://geodaten.metropoleruhr.de https://gdi.gelsenkirchen.de https://twebshop.tomas-travel.com https://cdn.podigee.com https://images.podigee-cdn.net https://cs-assets.b-ite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://pansite6.gelsenkirchen.de https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://static.b-ite.com https://cs-assets.b-ite.com https://bwp-online.gelsenkirchen.de/ https://twebshop.tomas-travel.com  https://player.podigee-cdn.net https://cdn.podigee.com https://start.video-stream-hosting.de https://www.xn--fundbrodeutschland-q6b.de; child-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://whitelabel.hotel.de https://tempus-termine.com https://*.gelsenkirchen.de https://player.podigee-cdn.net https://start.video-stream-hosting.de https://www.xn--fundbrodeutschland-q6b.de 2
object-src 'self' *.cined.com; report-uri /_/csp-report/ 2
default-src https: 'unsafe-inline' 2
default-src https://*.axa.ch blob: data: https://*.axa.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axa.ch https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://maps.google.com https://maps.googleapis.com https://connect.facebook.net https://axa-winterthur.dimelochat.com https://pay.sandbox.datatrans.com https://pay.datatrans.com https://recaptcha.net https://www.google.com https://www.gstatic.com/recaptcha/ https://bat.bing.com https://snap.licdn.com https://www.gstatic.com https://*.teads.tv https://*.survalyzer.swiss https://www.awin1.com https://lantern.roeyecdn.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.adobe.com https://*.adobe.io https://*.microsoft.com https://*.fusedeck.com https://*.onetrust.com https://*.whatsapp.com https://*.cookielaw.org https://slsnlytcs.com; style-src 'self' 'unsafe-inline' https://*.axa.ch https://fonts.googleapis.com https://www.googletagmanager.com https://*.survalyzer.swiss https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://*.adobe.com https://*.microsoft.com; img-src 'self' data: blob: https://chart.googleapis.com https://*.axa.ch https://*.google.com https://*.google.ch https://maps.gstatic.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://i.ytimg.com https://px.ads.linkedin.com https://bat.bing.com https://d5cplpsrt2s33.cloudfront.net https://bat.bing.net https://maps.googleapis.com https://region1.google-analytics.com https://*.googlesyndication.com https://connect.facebook.net https://flagcdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://www.gstatic.com https://*.teads.tv https://*.survalyzer.swiss https://www.google.ch https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' data: https://*.axa.ch https://fonts.gstatic.com https://cdn.mouseflow.com https://assets.merci-app.com; connect-src 'self' https://*.axa.ch https://gtm.axa.ch https://sgtm.axa.ch https://region1.analytics.google.com https://www.google.com https://*.tt.omtrdc.net https://europe.directline.botframework.com https://digitalassistantbot-acc.azurewebsites.net https://cdn.cookielaw.org wss://europe.directline.botframework.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://o2.mouseflow.com https://www.google.ch https://selfadvisory-acc.azurewebsites.net https://*.onetrust.com https://bat.bing.com https://bat.bing.net https://px.ads.linkedin.com https://*.service.signalr.net https://pagead2.googlesyndication.com https://*.in.applicationinsights.azure.com https://www.googleadservices.com https://www.google-analytics.com wss://*.service.signalr.net https://*.mouseflow.com https://api.trongrid.io https://digitalassistantbot.azurewebsites.net https://www.facebook.com https://*.teads.tv https://snap.licdn.com https://*.survalyzer.swiss https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://fonts.googleapis.com; frame-src https://*.axa.ch https://td.doubleclick.net https://8141516.fls.doubleclick.net https://www.youtube.com https://pay.sandbox.datatrans.com https://pay.datatrans.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://www.googletagmanager.com https://*.survalyzer.swiss https://www.axa.ch https://trk.axa.ch https://sgtm.axa.ch https://*.mouseflow.com https://exactag.axa.ch https://*.fusedeck.net https://*.dimelochat.com https://*.doubleclick.net https://www.google.com https://*.teads.tv https://*.onetrust.com https://*.whatsapp.com; frame-ancestors 'self'; block-all-mixed-content ; report-uri https://www.acc.axa.ch/servlets/external/csp-reports.csp 2
frame-ancestors 'self' https://bioland.we.network/ https://my.dlv.de/ 2
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2
img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.wilsonart.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.wilsonart.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://sogecommerce.societegenerale.eu/static/latest/images/type-carte/ https://api-sogecommerce.societegenerale.eu/static/ https://sogecommerce.societegenerale.eu/vads-payment/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com/ *.cloudflare.com *.google.com *.twitter.com *.twimg.com *.google.co.in *.ytimg.com *.googleadservices.com *.fontawesome.com *.mastercard.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.hotjar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ https://static-sogecommerce.societegenerale.eu/static/ *.fontawesome.com *.googleapis.com *.gstatic.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.bing.com *.zopim.com *.zdassets.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api-sogecommerce.societegenerale.eu/static/ https://static-sogecommerce.societegenerale.eu/static/ *.fontawesome.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io *.wilsonart.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://maps.googleapis.com www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.g.doubleclick.net *.bushboard.co.uk *.cookiebot.com *.chatbeacon.io *.jquery.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src 'self' data: https://cdn-ildfakh.nitrocdn.com  https://www.facebook.com  https://cc.swiftype.com  https://px.ads.linkedin.com  https://imgsct.cookiebot.com  https://img.youtube.com  https://www.google-analytics.com  https://resources.bamboohr.com  https://www.google.ch  https://www.googletagmanager.com  https://www.google.ie  https://www.google.si  https://www.google.co.in  https://pagead2.googlesyndication.com  https://www.google.com.vn  https://www.google.co.id  https://www.google.co.uk  https://www.google.de  https://www.google.ro  https://www.google.fr  https://www.google.co.th  https://www.google.co.cr  https://www.google.co.ke  https://www.google.be  https://www.google.iq  https://www.google.com.sa  blob:  https://www.google.nl  https://www.google.com.eg  https://www.google.gr  https://i.ytimg.com  https://www.google.co.nz  https://www.google.hu  https://www.google.com.tw  https://www.google.com.ph  https://www.google.ae  https://www.google.cz  https://www.google.dk  https://googleads.g.doubleclick.net  https://www.google.ca  https://www.google.co.jp  https://www.google.it  https://www.google.es  https://www.google.co.ug  https://fonts.gstatic.com  https://stats.g.doubleclick.net  https://www.google.is  https://plugin-updates.wpengine.com  https://www.google.hr  https://www.google.com.au  https://www.google.com.tr  https://www.google.pt  https://www.google.ge  https://www.google.co.za  https://www.google.com.mx  https://www.google.je  https://www.google.com.co  https://www.google.com.sg  https://www.google.co.kr  https://www.google.cl  https://www.google.at  https://www.google.com.mt  https://www.google.mk  https://www.google.sk  https://www.google.com.hk  https://www.google.com.ua  https://www.google.pl  https://log-papago.naver.com  https://www.google.rs  https://www.google.com.np  https://www.google.com.ar  https://www.google.lt  https://www.google.com.pk  https://www.google.co.il  https://www.google.com.mm  https://www.google.bg  https://translate.google.com  https://www.google.com.bd  https://wpengine.com  https://www.google.cd  https://www.google.se  https://www.google.com.br  https://www.crossiety.ch  https://www.google.com.et  https://yt3.ggpht.com  https://connect.advancedcustomfields.com  https://really-simple-ssl.com  https://www.open-systems.com  https://www.google.ru  https://www.google.dz  https://www.google.com.pg  https://www.googleadservices.com  https://www.google.com.my  https://www.google.com.ng  https://www.google.sn  https://www.google.com.ly  https://www.google.by  https://www.google.lu  https://www.google.fi  https://burst-statistics.com  https://www.google.no  https://www.google.com.pe  https://www.google.com.gh  https://www.google.com.af  https://www.google.co.tz  https://www.google.com.om  https://www.google.co.ao  https://www.google.kz  https://www.google.al  https://www.google.co.ve  https://www.google.jo  https://www.google.com.ni  https://www.google.com.pr  https://www.google.com.py  https://www.google.com.lb  https://www.google.tn  https://www.google.am  https://cdn.honey.io  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://js.adsrvr.org  https://munchkin.marketo.net  https://www.gartner.com  https://scout-cdn.salesloft.com  https://js.zi-scripts.com  https://nitroscripts.com  https://www.googletagmanager.com  https://s.swiftypecdn.com  https://opench.bamboohr.com  https://consent.cookiebot.com  https://cdn-ildfakh.nitrocdn.com  https://snap.licdn.com  blob:  https://yoast.com  https://consentcdn.cookiebot.com  https://connect.facebook.net  https://www.google-analytics.com  https://googleads.g.doubleclick.net  https://beacon-v2.helpscout.net  https://www.youtube.com  https://api.pirsch.io  https://www.googleadservices.com  https://pagead2.googlesyndication.com  https://www.google.com  https://ws-assets.zoominfo.com  https://retagro.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://apis.google.com  https://cdnjs.cloudflare.com  https://api.wire.threatspike.com  https://3001.scriptcdn.net  https://data1.sabuf.com  https://go.open-systems.com  https://www.open-systems.com  http://go.open-systems.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://cdn.gtranslate.net  http://munchkin.marketo.net  http://s.swiftypecdn.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://js.adsrvr.org  https://munchkin.marketo.net  https://www.gartner.com  https://scout-cdn.salesloft.com  https://js.zi-scripts.com  https://nitroscripts.com  https://www.googletagmanager.com  https://s.swiftypecdn.com  https://opench.bamboohr.com  https://consent.cookiebot.com  https://cdn-ildfakh.nitrocdn.com  https://snap.licdn.com  blob:  https://yoast.com  https://consentcdn.cookiebot.com  https://connect.facebook.net  https://www.google-analytics.com  https://googleads.g.doubleclick.net  https://beacon-v2.helpscout.net  https://www.youtube.com  https://api.pirsch.io  https://www.googleadservices.com  https://pagead2.googlesyndication.com  https://www.google.com  https://ws-assets.zoominfo.com  https://retagro.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://apis.google.com  https://cdnjs.cloudflare.com  https://api.wire.threatspike.com  https://3001.scriptcdn.net  https://data1.sabuf.com  https://go.open-systems.com  https://www.open-systems.com  http://go.open-systems.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://cdn.gtranslate.net  http://munchkin.marketo.net  http://s.swiftypecdn.com ; style-src 'self' 'unsafe-inline' https://s.swiftypecdn.com  https://cdn-ildfakh.nitrocdn.com  https://fonts.googleapis.com  https://adblockers.opera-mini.net  https://www.gstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.open-systems.com  https://www.gartner.com  https://go.open-systems.com ; style-src-elem 'self' 'unsafe-inline' https://s.swiftypecdn.com  https://cdn-ildfakh.nitrocdn.com  https://fonts.googleapis.com  https://adblockers.opera-mini.net  https://www.gstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.open-systems.com  https://www.gartner.com  https://go.open-systems.com ; font-src 'self' https://cdn-ildfakh.nitrocdn.com  https://fonts.gstatic.com  https://www.open-systems.com  https://cdn.fontshare.com  https://use.typekit.net  https://www.gartner.com  https://r2cdn.perplexity.ai  https://cdn.scite.ai  data:; frame-src 'self' https://www.youtube.com  https://www.googletagmanager.com  https://consentcdn.cookiebot.com  https://td.doubleclick.net  https://match.adsrvr.org  data:  https://www.gartner.com  https://www.youtube-nocookie.com  https://app.stylar.com  https://support.google.com  https://insight.adsrvr.org.x.53a1087a04f89043e70b1950e8116089eded.9270f457.id.opendns.com  https://connect.useparagon.com  https://safeframe.googlesyndication.com  https://static.prod.cloudcall.com  https://gateway.zscalertwo.net  blob:; connect-src 'self' https://www.google-analytics.com  https://analytics.google.com  https://px.ads.linkedin.com  https://514-zbl-151.mktoresp.com  https://region1.analytics.google.com  https://cdn-ildfakh.nitrocdn.com  https://to.getnitropack.com  https://pagead2.googlesyndication.com  https://consentcdn.cookiebot.com  https://s.swiftypecdn.com  https://my.yoast.com  https://region1.google-analytics.com  https://stats.g.doubleclick.net  https://514-zbl-151.mktoutil.com  https://www.facebook.com  https://opench.bamboohr.com  https://www.google.ie  https://www.google.ro  https://www.google.fr  https://www.google.kz  https://www.google.co.in  https://search-api.swiftype.com  https://www.google.co.id  https://www.google.co.nz  https://www.google.cz  https://www.google.de  https://www.google.ch  https://www.google.je  https://js.zi-scripts.com  https://consent.cookiebot.com  https://www.google.dk  https://www.google.nl  https://www.google.com.sa  https://ws.zoominfo.com  https://yoast.com  https://www.google.co.uk  https://www.google.co.th  https://www.google.co.za  https://www.google.ca  https://www.google.co.ug  https://www.google.com.sg  https://www.google.at  https://www.google.co.il  https://www.google.com.au  https://www.google.is  https://www.google.se  https://scout.salesloft.com  https://infragrid.v.network  https://www.google.com.ec  https://www.google.ru  https://www.google.com.mx  https://www.google.com.co  https://controlbar.eblocker.org  https://www.google.it  https://www.google.co.kr  https://www.google.com.ph  https://www.google.lt  https://www.google.com.mm  https://www.google.pl  https://translate.googleapis.com  https://www.google.es  https://www.google.com.hk  https://www.google.com.bd  https://www.google.co.jp  https://www.googletagmanager.com  https://www.google.be  https://js.adsrvr.org  https://insight.adsrvr.org  https://www.google.com.pk  https://www.google.com.pe  https://www.google.lv  https://www.google.sk  https://www.google.tn  https://www.google.rs  https://www.google.hu  https://www.google.pt  https://www.google.gr  https://overbridgenet.com  https://www.google.no  https://ws-assets.zoominfo.com  https://www.google.com.vn  https://nitropack.io  https://www.google.com.tw  https://www.google.si  https://www.google.com.br  https://www.google.vu  https://www.googleadservices.com  https://go.open-systems.com  https://localhost  https://www.google.co.ke  https://www.google.com.my  https://www.google.mk  https://www.google.fi  https://www.open-systems.com  https://www.google.co.zw  data:  https://www.google.bg  https://googleads.g.doubleclick.net  https://www.google.co.uz  https://www.google.co.ma  https://www.google.ae  https://www.google.lu  https://www.google.al  https://gjtrack.ucweb.com  https://www.google.com.tr  https://imgsct.cookiebot.com  https://api.redirect.li  https://www.google.dz  https://www.google.com.ua  https://www.google.com.ar  https://www.google.li  https://www.google.co.tz  https://www.google.co.ve  https://www.google.hr;  media-src 'self' data:  https://d4qgj78fzsl5j.cloudfront.net;  child-src 'self' blob:;  worker-src 'self' blob:  data:;  report-uri https://www.open-systems.com/wp-json/really-simple-security/v1/csp?rsssl_apitoken=530964519; 2
font-src 'self' data:; 2
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 2
font-src maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.paypal.com *.paypalobjects.com *.typekit.net *.gstatic.com applepay.cdn-apple.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.chatbot.com ct.pinterest.com *.criteo.com *.criteo.net www.facebook.com shop4runners.cr.rlvs.co.uk www.awin1.com d.c.cdnsrv.de mea.shop4runners.com mea.shop4runners.eu mea.shop4runners.at mea.shop4runners.ch mea.shop4runners.fr mea.runnershub.de mea.runnershub.bg mea.runnershub.eu *.attrxs.de *.getblue.io *.sovendus.com *.sovendus-connect.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com *.ad-srv.net *.paypal.com *.sandbox.paypal.com *.google.com js.mollie.com google.com https://c.paypal.com *.loadbee.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com https: www.googleadservices.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.google.com *.google.de *.google.at *.google.ch *.google.eu *.google.fr https://images.unsplash.com *.paypal.com *.sandbox.paypal.com https://api.mapbox.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ img.metaffiliation.com action.metaffiliation.com https://www.mollie.com https://c.paypal.com https://b.stats.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.chatarmin.com *.onefid.com maps.googleapis.com api.recova.ai assets.revlifter.io bat.bing.com cdn.chatbot.com *.consentmanager.net connect.facebook.net ct.pinterest.com s.pinimg.com *.criteo.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com www.ladenzeile.de tracking.s24.com d.c.cdnsrv.de smct.co s.uicdn.com *.attrxs.de *.gsitrix.com *.corporate-benefits.eu *.getblue.io *.wewomedia.com googleads.g.doubleclick.net www.google.com www.googleadservices.com www.google-analytics.com analytics.google.com *.googletagmanager.com tagmanager.google.com *.ad-srv.net *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.google.com *.cdn-apple.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ action.metaffiliation.com img.metaffiliation.com s7.addthis.com js.mollie.com google.com https://c.paypal.com *.loadbee.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.googletagmanager.com tagmanager.google.com https://static.klaviyo.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://api.batteryincluded.io *.chatarmin.com api.paypal.com maps.googleapis.com api.recova.ai devt.revlifter.com bat.bing.com bat.bing.net cdn.chatbot.com *.consentmanager.net www.facebook.com connect.facebook.net ct.pinterest.com www.pinterest.com *.criteo.com the.sciencebehindecommerce.com www.wepowerconnections.com tracking.s24.com mea.shop4runners.com mea.shop4runners.eu mea.shop4runners.at mea.shop4runners.ch mea.shop4runners.fr mea.runnershub.de mea.runnershub.bg mea.runnershub.eu r.nunami.ai *.gsitrix.com *.wewomedia.com *.sovendus.com *.sovendus-connect.com www.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.google.at *.google.ch *.google.eu *.google.fr *.googlesyndication.com *.paypal.com *.sandbox.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ action.metaffiliation.com img.metaffiliation.com ekr.zdassets.com/ google.com *.loadbee.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.ory.com https://fast.wistia.com https://fast.wistia.net https://distillery.wistia.com https://js.hsforms.net;  script-src-elem blob: 'self' 'unsafe-inline' https://vercel.live https://fast.wistia.com https://fast.wistia.net https://js.hsforms.net https://static.hsappstatic.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://js-eu1.usemessages.com https://googleads.g.doubleclick.net https://js.zi-scripts.com https://*.hs-scripts.com https://script.crazyegg.com https://www.googletagmanager.com https://sqa-web.ory.com https://static.reo.dev https://s.ory.com https://consent.ory.com https://www.redditstatic.com https://core.sanity-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com;  style-src 'self' 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' https://fast.wistia.com https://fast.wistia.net https://js.hsforms.net https://static.hsappstatic.net https://cdn.jsdelivr.net;  img-src 'self' data: blob: https:;  connect-src 'self' https://stats.g.doubleclick.net https://ws.zoominfo.com https://*.hubapi.com https://*.hubspot.com https://static.hsappstatic.net https://analytics.google.com https://js.zi-scripts.com https://script.crazyegg.com https://conversions-config.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://www.google.com https://api.reo.dev https://project.console.ory.sh https://api.console.ory.sh https://sqa-web.ory.com https://consent.ory.com https://fast.wistia.net https://fast.wistia.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms-eu1.hsforms.com https://33xluxe1.api.sanity.io https://33xluxe1.apicdn.sanity.io https://cdn.sanity.io https://cdn.jsdelivr.net wss://33xluxe1.api.sanity.io https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://raw.githubusercontent.com https://api.github.com https://www.googleadservices.com;  font-src 'self' data: https://fast.wistia.net https://cdn.jsdelivr.net;  worker-src blob: 'self';  media-src 'self' https://embed-ssl.wistia.com blob:;  frame-src 'self' https://*.hubspot.com https://vercel.live https://app-eu1.hubspot.com https://www.googletagmanager.com https://consent.ory.com https://sqa-web.ory.com https://fast.wistia.com https://fast.wistia.net https://embed-ssl.wistia.com https://www.youtube.com;  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'self' https://app-eu1.hubspot.com https://www.googletagmanager.com https://www.einpresswire.com https://*.vercel.app;  upgrade-insecure-requests;  report-uri https://o481709.ingest.us.sentry.io/api/4510205854482432/security/?sentry_key=62382f4c47aefd04c9afd518f417b97a;  report-to csp-endpoint; 2
font-src *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://*.gstatic.com *.narvar.com *.narvar.qa *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com script.hotjar.com fonts.googleapis.com fonts.gstatic.com *.inside-graph.com integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com *.cardinalcommerce.com www.facebook.com *.kaptcha.com bid.g.doubleclick.net ct.pinterest.com www.rsa3dsauth.co.uk www.securesuite.co.uk *.americanexpress.com 3dsecure-vrp.de 'self' 'unsafe-inline'; frame-ancestors *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.bglobale.com *.global-e.com *.google.com *.doubleclick.net *.facebook.com *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com *.pinterest.com *.sharethis.com *.hotjar.co vimeo.com acsbapp.com *.kaptcha.com player.smartzer.com www.google.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com cestream.me 3ds.sia.eu acs2.3dsecure.no www.houzz.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://*.gstatic.com *.narvar.com *.narvar.qa *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au *.searchspring.io *.media.tumblr.com s.ytimg.com maps.googleapis.com maps.gstatic.com au-cdn.inside-graph.com www.google.co.in d3cgm8py10hi0z.cloudfront.net track.linksynergy.com *.sharethis.com *.micpn.com *.pinterest.com zimmermann.com www.google.tn www.google.com.hk www.google.com.et www.google.com.eg www.google.co.tz www.google.ci www.google.co.ke www.google.cm www.google.lk www.google.com.ng www.google.ne www.google.com.mm www.google.co.mz www.google.co.id www.google.bi www.google.com.kh www.google.co.ve www.google.cd www.google.com.gh www.google.so www.google.com.af www.google.ht www.google.com.ni www.google.la www.google.cg www.google.bf www.google.sn www.google.com.ly www.google.mg www.google.com.sb www.google.com.pg www.google.com.np sync.sharethis.com www.google.com.py www.google.ml www.google.com.sl www.google.co.ls www.google.to www.google.gm www.google.rw www.google.com.vn www.google.com.sv www.google.co.kr www.google.com.bo www.google.com.sg www.google.mw www.google.si www.google.tl www.google.sc www.google.co.zm www.google.tg www.google.com.pk 4mrr1kwk.micpn.com www.google.ge www.google.com.fj www.google.com.na www.google.td www.google.ee www.google.mk www.google.bj www.google.mn www.google.bt www.google.co.bw www.google.fi www.google.com.uy www.google.co.th www.google.com.pe www.google.cv www.google.co.zw www.google.ga www.google.by www.google.iq www.google.com.ec www.google.co.jp www.google.com.pa www.google.dz www.google.ws analytics.tiktok.com www.google.gy www.google.de sdk.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com analytics.tiktok.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.searchspring.net *.acsbapp.com au-tracker.inside-graph.com cdn.scarabresearch.com intljs.rmtag.com *.inside-graph.co js-agent.newrelic.com *.inside-graph.com acsbapp.com tag.lexer.io *.toshi.co *.bugsnag.com *.sharethis.com script.crazyegg.com *.clarity.ms www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com vimeocdn.com youtube.com googletagmanager.com maps.googleapis.com fullstory.com bat.bing.com 4mrr1kwk.micpn.com s.pinimg.com tag.rmp.rakuten.com *.hotjar.com ut.rd.linksynergy.com ct.pinterest.com unsafe-inline sdk.privacy-center.org www.onelink-edge.com 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bglobale.com *.global-e.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com/ *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com *.inside-graph.com *.searchspring.net webchat.dotdigital.com cdn.honey.io *.aptrinsic.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com au-cdn.inside-graph.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://beacon.searchspring.io/beacon *.optimizely.com optimizely.s3.amazonaws.com logx.optimizely.com analytics.tiktok.com data.stbuttons.click www.google.com.au translate.googleapis.com *.searchspring.io *.acsbapp.co cdn.acsbapp.com au-live.inside-graph.com bam.nr-data.net uat.tryzens-analytics.com:12280 *.scarabresearch.com wss://au-live.inside-graph.com  *.bugsnag.com *.postcodeanywhere.co.uk *.sharethis.com script.crazyegg.com stats.g.doubleclick.net *.pinterest.com track.lexer.io www.tryzens-analytics.com:12280 www.google.co.ke www.google.bi pagestates-tracking.crazyegg.com www.google.com.sl www.google.co.ao www.google.cm www.google.com.np www.google.cd www.google.co.ve www.google.lk www.google.co.tz www.google.com.ng www.google.so www.google.ne www.google.co.id www.google.co.ls www.google.tn assets-tracking.crazyegg.com www.google.ht www.google.co.mz acsbapp.com www.google.com.co cp.crwdcntrl.net www.google.ci tracking.crazyegg.com www.google.co.za www.google.tl www.google.com.pk www.google.com.sv www.google.com.ly www.google.mg www.google.tg www.google.gm www.google.com.eg www.google.co.kr www.google.bf www.google.sn www.google.ga www.google.bj ad.doubleclick.net www.google.cg www.google.com.ar www.google.co.ma www.google.com.et www.google.fr www.google.com.na www.google.co.uk www.google.nl www.google.ml www.google.rw www.google.com.uy www.google.com.bo www.google.com.ni www.google.ki www.google.ee www.google.com.gt www.google.com.py www.google.com.gh www.google.com.kh www.google.com.vn www.google.ru www.google.cv www.google.com.mm www.google.co.zm www.google.vu www.google.com.ec www.google.es www.google.at bat.bing.com vc.hotjar.io www.google.de ws.hotjar.com content.hotjar.io metrics.hotjar.io www.google.ca www.tryzens-analytics.com ct.pinterest.com www.google.com.pe www.google.co.in www.google.ge googleads.g.doubleclick.net fresnel.vimeocdn.com api.privacy-center.org pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zmn-csp.tryzens-analytics.com; report-to report-endpoint; 2
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://app.termly.io https://browser.sentry-cdn.com https://fast.wistia.net https://fast.wistia.com https://go.r1rcm.com https://googleads.g.doubleclick.net https://i.simpli.fi https://js.adsrvr.org https://js.zi-scripts.com https://pi.pardot.com https://scripts.clarity.ms https://static.addtoany.com https://tag.demandbase.com https://tag.simpli.fi https://tags.clickagy.com https://www.clarity.ms https://www.googletagmanager.com https://r1rcmstg.wpengine.com https://r1rcm.wpengine.com https://s.go-mpulse.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://r1rcmstg.wpengine.com https://r1rcm.wpengine.com; connect-src 'self' https://api.company-target.com https://app.termly.io https://aorta.clickagy.com https://c.go-mpulse.net https://distillery.wistia.com https://insight.adsrvr.org https://j.clarity.ms https://js.zi-scripts.com https://pagead2.googlesyndication.com https://pipedream.wistia.com https://trial-eum-clientns4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://us.consent.api.termly.io https://ws.zoominfo.com https://*.akstat.io https://www.google-analytics.com https://www.google.com https://yoast.com https://r1rcm.wpengine.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.net https://r1rcmstg.wpengine.com https://r1rcm.wpengine.com; img-src 'self' data: https:; frame-src 'self' https://fast.wistia.net https://go.cloudmed.com https://go.r1rcm.com https://insight.adsrvr.org https://match.adsrvr.org https://s.company-target.com https://static.addtoany.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; report-uri https://sm2a5wgs2.uriports.com/reports; 2
default-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://*.acer.org                 https://kit.fontawesome.com https://cdnjs.cloudflare.com                 https://code.jquery.com                 https://cdn.jsdelivr.net https://www.youtube.com                 https://player.vimeo.com https://www.googletagmanager.com https://www.gstatic.com                 https://www.google-analytics.com https://cdn.monsido.com https://www.gstatic.com/call-tracking/ https://www.google.com/recaptcha/                 https://static.ads-twitter.com https://snap.licdn.com                 https://connect.facebook.net https://googleads.g.doubleclick.net                 https://maxcdn.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/bootstrap/                 https://*.adroll.com                 https://fast.wistia.com/embed/medias/ https://fast.wistia.com/assets/external/                 https://acer.tfaforms.net/ https://www.tfaforms.com/wForms/                 https://platform.twitter.com/                 https://widgets.sociablekit.com/                 https://cdn.mouseflow.com/                 https://js.createsend1.com/javascript/                 https://bat.bing.com;             style-src 'self' 'unsafe-inline'                 https://*.acer.org                 https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com                https://cdn.jsdelivr.net                 https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/                 https://acer.tfaforms.net/dist/ https://acer.tfaforms.net/uploads/themes/ https://www.tfaforms.com/dist/                 https://widgets.sociablekit.com/                 https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/;             img-src 'self' data: blob:                 https://*.acer.org https://www.acer-ibt.org https://www.researchconference.com.au https://www.immchallenge.org.au https://www.stemgames.org.au                 https://tracking.monsido.com                 https://www.google.com.au/ads/ https://www.google.com.au/pagead/ https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com                 https://px.ads.linkedin.com https://media.licdn.com/dms/image/ https://media.licdn.com/dms/image/                 https://sociablekit.com/app/ https://images.sociablekit.com/                 https://t.co/i/ https://analytics.twitter.com/i/                 https://www.facebook.com/tr/                 https://ping.eeharbor.com                 https://*.adroll.com                 https://bat.bing.com;             font-src 'self' data:                 https://*.acer.org                 https://fonts.googleapis.com https://fonts.gstatic.com                 https://cdnjs.cloudflare.com https://cdn.jsdelivr.net                 https://ka-p.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/;             media-src 'self' https://www.acer.org https://www.youtube.com https://player.vimeo.com;             frame-src                 https://www.google.com/recaptcha/ https://www.googletagmanager.com                 https://platform.twitter.com/widgets/                 https://www.acer.org https://www.youtube.com https://player.vimeo.com https://shorthand.com;             connect-src 'self'                 https://*.acer.org                 https://ka-p.fontawesome.com https://kit.fontawesome.com                 https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.com.au/pagead/                 https://acer.tfaforms.net/api_v2/                 https://stats.g.doubleclick.net/                 https://www.facebook.com/tr/                 https://updates.expressionengine.com                 https://px.ads.linkedin.com/wa/;             object-src 'none';             base-uri 'self';             form-action 'self';             upgrade-insecure-requests;             report-uri https://csp-testing.acer.org/reportOnly/index; 2
object-src 'none'; script-src 'self' 'report-sample' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com maps.google.com; style-src 'self' 'report-sample' https://cdn.jsdelivr.net https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.electronics.org/log-report-uri/reportOnly 2
default-src 'self'; img-src 'self' https://listafirme.ro https://*.ytimg.com https://flagcdn.com https://mdbootstrap.com https://img.youtube.com https://*.googleusercontent.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://cdn.jsdelivr.net https://www.googletagmanager.com data:; frame-src https://listafirme.ro https://www.youtube-nocookie.com https://www.youtube.com https://static.addtoany.com https://www.google.com https://accounts.google.com https://*.firebaseapp.com; script-src 'self' https://listafirme.ro https://www.googletagmanager.com https://*.google-analytics.com https://listafirme.eu https://static.addtoany.com https://platform.listafirme.eu https://platform.listafirme.ro https://cdn.jsdelivr.net https://*.cloudflare.com 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://listafirme.ro https://*.cloudflare.com https://*.google.com https://*.googleapis.com; font-src 'self' https://listafirme.ro https://*.cloudflare.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://listafirme.ro  https://platform.listafirme.ro https://*.googlevideo.com https://*.google-analytics.com https://static.addtoany.com https://www.google.com https://accounts.google.com https://*.googleapis.com https://cloudflareinsights.com; object-src 'none'; base-uri 'self'; form-action 'self'; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com *.hotjar.io analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com unpkg.com data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com 2
base-uri 'none';   connect-src     'self'     analytics-ipv6.tiktokw.us     api.ldnfrpl.com     api.leadinfo.com     c.ba.contentsquare.net     cdn.cookielaw.org     collector.leadinfo.net     collector4.leadinfo.net     *.bing.com     *.bing.net     *.brightsg.com     *.clarity.ms     *.cloudflare.com     *.doubleclick.net     *.facebook.com     *.google-analytics.com     *.google.com     *.googleapis.com     *.googletagmanager.com     *.googlesyndication.com     *.hotjar.com     *.hotjar.io     *.hubapi.com     *.hubspot.com     *.linkedin.com     *.onetrust.com     *.reddit.com     *.redditstatic.com     *.tiktok.com     sentry.io     wss://ws.hotjar.com;   default-src 'none';   font-src     https:     data:;   form-action     'self'     *.hsforms.com     shop.ie.brightsg.com;   frame-ancestors 'self';   frame-src     'self'     *.cloudflare.com     *.google.com     *.googletagmanager.com     *.hs-sites-eu1.com     *.hs-sites.com     *.hsforms.com     *.hubspot.com     *.jotform.com     *.vimeo.com     *.youtube.com;   img-src     https:     data:     blob:;   media-src     https:     data:;   object-src 'none';   prefetch-src     'self'     https:;   script-src     'self'     'unsafe-inline'    brightsg.referralrock.com     cdn.cookielaw.org     cdn.ldnfrpl.com     cdn.leadinfo.net     *.bing.com     *.bing.net     *.brightsg.com     *.capterra.com     *.clarity.ms     *.cloudflare.com     *.doubleclick.net     *.facebook.com     *.facebook.net     *.google-analytics.com     *.google.com     *.googleadservices.com     *.googletagmanager.com     *.googlesyndication.com     *.gstatic.com     *.hotjar.com     *.hotjar.io     *.hs-analytics.net     *.hs-banner.com     *.hs-scripts.com     *.hsadspixel.net     *.hsforms.net     *.hubapi.com     *.hubspot.com     *.jotform.com     *.licdn.com     *.linkedin.com     *.tiktok.com;   script-src-attr     'unsafe-inline';   style-src     'self'     'unsafe-inline'     https:;   upgrade-insecure-requests;   worker-src     'self'     blob:; report-uri https://brightsg.report-uri.com/r/d/csp/wizard; report-to csp-endpoint; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com 'self' data: *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googleapis.com *.openstreetmap.org *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googleadservices.com www.facebook.com trengo.s3.eu-central-1.amazonaws.com ecom-stage.iutecredit.mk ecom.iutecredit.mk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.cmi.co.ma *.iprom.net iprom.net yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://widget-cdn.boxnow.hr *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk www.facebook.com *.widget.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ecom-stage.iutecredit.mk ecom.iutecredit.mk chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.hotjar.io onesignal.com *.onesignal.com *.criteo.com *.adsmurai.com gateway.bankart.si yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com *.iprom.net iprom.net static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.bootstrapcdn.com ecom-stage.iutecredit.mk ecom.iutecredit.mk downloads.mailchimp.com onesignal.com *.onesignal.com *.iprom.net iprom.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://widget-cdn.boxnow.hr *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googlesyndication.com *.doubleclick.net www.facebook.com *.trengo.eu map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org ecom-stage.iutecredit.mk ecom.iutecredit.mk form-assets.mailchimp.com *.intuit.com *.amazonaws.com connect.facebook.net graph.facebook.com business.facebook.com wss://ws.hotjar.com *.hotjar.io yandex.com *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com *.pandorashop.si *.pandorashop.hr *.pandorashop.ba *.pandorashop.rs *.pandorashop.mk *.pandorashop.me *.pandorashop-sa.com *.pandorashop.ma *.pandorashop.mt *.pandorashop-ks.com *.pandorashop.md 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src yandex.com yandex.md *.yandex.md *.yandex.com yandex.ru *.yandex.ru *.yads.tech yads.tech *.yango.com *.doubleclick.net t.adx.opera.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.bunny.net *.icecat.biz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.multisafepay.com https://pay.google.com *.publitas.com *.elfsight.com *.cookiebot.com *.clarity.ms *.trustpilot.com *.hotjar.com *.googletagmanager.com *.cookiebot.eu *.pinterest.com tag.top1toys.nl *.awin1.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.multisafepay.com www.magmodules.eu *.squeezely.tech *.publitas.com *.pingdom.net *.sleeknote.com *.elfsight.com *.clarity.ms www.top1toys.nl staging.top1toys.nl *.cloudflare.com *.cloudimage.io *.linkedin.com *.adsymptotic.com *.google.nl *.trengo.eu *.bing.com *.webwinkelkeur.nl *.sgtm.nl *.cookiebot.com *.icecat.biz *.awin1.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net polyfill.io https://browser.sentry-cdn.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech *.publitas.com *.pingdom.net *.sleeknote.com *.elfsight.com *.cookiebot.com tag.top1toys.nl *.clarity.ms *.cloudflare.com *.twitter.com *.fontawesome.com *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com *.cookiebot.eu *.bing.com *.pinimg.com *.pinterest.com *.trengo.eu *.dwin1.com *.roeyecdn.com *.icecat.biz *.awin1.com *.awinblackfriday.com *.sciencebehindecommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com *.fontawesome.com *.multisafepay.com *.bunny.net *.icecat.biz *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io *.multisafepay.com squeezely.tech *.squeezely.tech *.publitas.com *.pingdom.net *.sleeknote.com *.elfsight.com *.cookiebot.com tag.top1toys.nl *.clarity.ms *.cloudflare.com *.hotjar.com *.usercentrics.eu *.pinterest.com *.bing.com *.trengo.eu *.cookiebot.eu *.sgtm.nl *.dwin1.com *.roeyecdn.com *.icecat.biz *.awin1.com *.awinblackfriday.com *.trustpilot.com *.sciencebehindecommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com r2.dotdigital-pages.com *.punchout2go.com *.tradecentric.com *.pinterest.com *.facebook.net *.facebook.com *.licdn.com *.userway.org cdn.optimizely.com optimizely.com performancehealth.freshchat.com cnstrc.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2
default-src 'self' https://branchapp.in https://branch.co https://branch.co.ke https://branch.com.ng https://branch.co.tz https://d2c5ectx2y1vm9.cloudfront.net; script-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://code.jquery.com https://ga.jspm.io https://connect.facebook.net https://www.googletagmanager.com https://www.gstatic.com/ https://cdnjs.cloudflare.com 'unsafe-inline' blob: https://www.recaptcha.net https://sdk.cashfree.com https://public.releases.juspay.in https://*.google-analytics.com https://*.google.com; style-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://fonts.gstatic.com data:; img-src 'self' https://d2c5ectx2y1vm9.cloudfront.net https://www.facebook.com data: blob: https://branch-in-production.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com https://graph.facebook.com https://branch-in-public.s3.amazonaws.com; object-src 'self' blob:; connect-src 'self' https://accounts.google.com https://browser-intake-datadoghq.com https://ga.jspm.io https://d2c5ectx2y1vm9.cloudfront.net https://branch-in-production-temp.s3.ap-south-1.amazonaws.com https://www.recaptcha.net https://*.google-analytics.com https://*.google.com; frame-src https://www.recaptcha.net https://sdk.cashfree.com https://www.googletagmanager.com https://branch-in-production.s3.ap-south-1.amazonaws.com; media-src https://d2c5ectx2y1vm9.cloudfront.net; report-uri /csp-violation-report-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://cdn.userecho.com https://yandex.ru/ https://*.yandex.ru https://*.maps.yandex.net https://yastatic.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://*.starline.ru https://*.maps.yandex.net https://*.google.com https://enterprise.api-maps.yandex.ru https://cdn.userecho.com https://*.openstreetmap.org http://yandex.st/ https://yandex.st/ https://mc.yandex.ru https://yastatic.net; connect-src 'self' ws://*.starline.ru wss://rpl.starline-online.ru https://mc.yandex.ru https://geocode.starline.ru; frame-src 'self' https://*.google.com https://mc.yandex.ru/ https://arkan.ru; 2
font-src fonts.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.facebook.net *.google.com *.addthis.com *.pinterest.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.facebook.com *.facebook.net https://www.magezon.com ozow-live-cdn.s3.eu-west-1.amazonaws.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://polyfill-fastly.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com s7.addthis.com *.facebook.com *.facebook.net *.avada.io *.google.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com www.youtube.com player.vimeo.com https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com ekr.zdassets.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.cookiebot.com static.klaviyo.com *.newrelic.com *.queue-it.net *.yotpo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.cookiebot.com *.adsrvr.org *.smct.io *.newrelic.com *.doubleclick.net *.cloudfront.net *.queue-it.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.bing.com *.newrelic.com *.clarity.ms cdn.noibu.com *.cloudfront.net x.klarnacdn.net *.queue-it.net www.google.co.uk alb.reddit.com www.facebook.com *.yotpo.com ads-twitter.com *.ads-twitter.com *.twitter.com t.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.cookiebot.com *.hotjar.com *.bing.com *.webgains.io *.clarity.ms *.tiktok.com *.adsrvr.org *.stackadapt.com *.smct.co smct.co *.smct.io *.noibu.com *.upsellit.com *.scriptcdn.net *.redditstatic.com *.queue-it.net rum.hlx.page *.abtasty.com *.yotpo.com ads-twitter.com *.ads-twitter.com *.twitter.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cookiebot.com *.newrelic.com static.klaviyo.com static-tracking.klaviyo.com *.noibu.com *.queue-it.net *.yotpo.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://instagram.fdel27-5.fna.fbcdn.net https://instagram.fdel27-4.fna.fbcdn.net https://instagram.fdel27-3.fna.fbcdn.net https://instagram.fdel27-2.fna.fbcdn.net https://instagram.fdel27-1.fna.fbcdn.net https://scontent-lcy1-1.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.cookiebot.com *.clarity.ms *.tiktok.com *.googlesyndication.com *.amazonaws.com cdn.noibu.com wss://*.noibu.com input.noibu.com *.tiktokw.us *.reddit.com *.redditstatic.com *.bing.com *.queue-it.net widget.trustpilot.com *.smct.io rum.hlx.page *.datadome.co adsmeasurement.com www.facebook.com *.abtasty.com *.yotpo.com ads-twitter.com *.ads-twitter.com *.twitter.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com places.googleapis.com www.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.squarecdn.com *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.zipmoney.com.au font.static.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.zip.co https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://cdn.livechatinc.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.cash.app https://www.google.com *.doubleclick.net www.facebook.com *.affirm.com *.affirm.ca https://plumrocket.com *.livechatinc.com *.paypal.com *.kaptcha.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com *.pinterest.com *.cloudfront.net *.scarabresearch.com www.xtento.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * photos.pixlee.co https://accounts.google.com *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://www.affirm.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.cash.app *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca *.beaconlighting.com.au *.trackjs.com *.cdninstagram.com *.zipmoney.com.au *.magentosite.cloud *.stamped.io *.scarabresearch.com *.paypal.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com blob: *.zip.co www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixlee.com *.yotpo.com dhv2ziothpgrr.cloudfront.net t.zip.co static.zipmoney.com.au static.zip.co https://web1.acsbapp.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app polyfill.io *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.affirm.com *.affirm.ca s7.addthis.com iguana2.com *.stamped.io *.zipmoney.com.au foursixty.com *.trackjs.com *.bootstrapcdn.com *.livechatinc.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com z.moatads.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.scarabresearch.com *.zip.co www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.plugins.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://accounts.google.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net static.zipmoney.com.au static.zip.co zip.co https://cdn1.affirm.com/js/v2/affirm.js https://acsbapp.com/ https://trx-cdn.zip.co/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.scarabresearch.com *.zip.co downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca ekr.zdassets.com/ *.bootstrapcdn.com *.zipmoney.com.au foursixty.com *.foursixty.com *.labs.au.edge.zip.co *.trackjs.com stamped.io *.livechatinc.com *.api.useinsider.com carrier.useinsider.com *.doubleclick.net *.pinterest.com *.cloudfront.net *.scarabresearch.com *.zip.co *.eservice.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://inbound-analytics.pixlee.com https://accounts.google.com https://beacon.searchspring.io/beacon *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://cdn.acsbapp.com/ https://trx.zip.co/z/t https://www.affirm.com/ https://tracker.affirm.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.affirm.com/ 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://api-eu.mixpanel.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com https://tagheuer-tcs-london.vercel.app https://vimeo.com/; img-src *; media-src *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.uk.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cookie-cdn.cookiepro.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; webrtc 'block'; worker-src 'self' blob: 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.fontawesome.com *.googleapis.net data: *.acsbapp.com *.bootstrapcdn.com *.cloudfare.com mediacdn.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.facebook.net www.xtento.com *.pinterest.com *.hotjar.com www.google.com *.adyen.com *.addthisedge.com *.addthis.com *.doubleclick.net *.my.salesforce-sites.com *.secure.force.com *.force.com *.cdn-btsg.com www.commercepartnerhub.com *.adsrvr.org https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.tiktok.com www.apptrian.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: magefan.com cm.magefan.com *.facebook.com *.facebook.net *.disqus.com https://img.youtube.com www.xtento.com cdn.xtento.com facebook.com *.b0e8.com *.dynamicyield.com *.pinterest.com *.e.aa.online-metrix.net *.acsbapp.com *.cookielaw.org *.bing.com *.yahoo.com *.google.co.in google.co.in *.listrakbi.com all-clad.com *.all-clad.com emjcd.com *.emjcd.com *.dotomi.com *.espssl.com *.clarity.ms *.tagcommander.com *.adsrvr.org *.rubiconproject.com *.g.doubleclick.net *.elfsightcdn.com *.bazaarvoice.com mediacdn.espssl.com *.hotjar.com *.doubleclick.net butterly.com *.butterly-images.com http://butterly.com *.google.com *.cdn-btsg.com *.lagostina.ca lagostina.ca https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page *.tiktok.com www.apptrian.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.gstatic.com *.iadvize.com *.facebook.com *.facebook.net *.disqus.com www.xtento.com cdn.xtento.com *.ugc.bazaarvoice.com *.listrakbi.com *.b0e8.com *.bc0a.com *.cookielaw.org *.dynamicyield.com *.tagcommander.com *.cloudflare.com *.yimg.com *.pinimg.com *.hotjar.com www.google.com *.mczbf.com analytics.tiktok.com *.acsbapp.com acsbapp.com *.salesforceliveagent.com *.force.com *.curalate.com *.noibu.com *.pinterest.com *.online-metrix.net *.googleapis.com *.bing.com *.vimeo.com *.amazonaws.com *.clarity.ms click2cart.com *.adsrvr.org *.aggregated-data.com *.cloudfront.net *.amazon-adsystem.com *.tkrconnector.com acds-events.adobe.io static.kyc.red shop.pe *.shop.pe addstrap-ui.addshoppers.com returns.parcellab.com cdn.parcellab.com gstatic.com cdn.cookielaw.org cdn.bc0a.com cdn1.b0e8.com service.force.com butterly.com *.moatads.com *.elfsight.com *.addthisedge.com *.addthis.com bam.nr-data.net acsbap.com *.acsbap.com *.salesforce.com *.bazaarvoice.com *.cdn-btsg.com acdn.adnxs.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app display.ugc.bazaarvoice.com *.googleapis.com *.fontawesome.com *.listrakbi.com *.ugc.bazaarvoice.com *.typekit.net service.force.com *.bootstrapcdn.com *.espssl.com *.cloudfront.net *.cloudfare.com *.addshoppers.com returns.parcellab.com cdn.parcellab.com *.bazaarvoice.com mediacdn.espssl.com *.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.apptrian.com edge.curalate.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com * *.tiktok.com www.apptrian.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.facebook.com *.facebook.net *.dynamicyield.com *.cookielaw.org *.g.doubleclick.net *.listrak.com *.listrakbi.com analytics.tiktok.com *.pinterest.com *.hotjar.com *.yimg.com google.co.in *.mczbf.com *.bc0a.com *.googleapis.com facebook.com *.acsbapp.com *.click2cart.com *.clarity.ms *.aggregated-data.com *.curalate.com *.noibu.com wss://input.noibu.com *.onetrust.com *.bing.com insight.adsrvr.org *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.adsrvr.org shop.pe *.shop.pe cdn.cookielaw.org *.elfsight.com *.addthis.com mediacdn.espssl.com bam.nr-data.net fonts.googleapis.com *.doubleclick.net wss://*.hotjar.com acsbap.com *.acsbap.com *.elfsightcdn.com *.hotjar.io www.xtento.com butterly.com *.cdn-btsg.com www.google.com *.bazaarvoice.com *.fbcdn.net static.xx.fbcdn.net *.xx.fbcdn.net https://static.xx.fbcdn.net *.commercepartnerhub.com  wss://*.facebook.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com account.groupeseb.com *.salesforceliveagent.com *.salesforce.com *.force.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://d1aosrekaw7sk8.cloudfront.net/reports; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' ws: blob: data: tagging.dupixent.com ad.doubleclick.net iron-wsa01 ironport 8188202.fls.doubleclick.net ad.doubleclick.net adservice.google.com aim-tag.hcn.health ajax.googleapis.com analytics.google.com analytics.tiktok.com ap.lijit.com apis.google.com apps.healthgrades.com bat.bing.com bcbolt446c5271-a.akamaihd.net bcp.crwdcntrl.net bh.contextweb.com c.clarity.ms cdn.cookielaw.org cdn.di-capt.com cdn.jsdelivr.net cdnjs.cloudflare.com clientstream.launchdarkly.com cm.g.doubleclick.net code.jquery.com connect.facebook.net content.hotjar.io contextual.media.net d1lkfzu2puirk6.cloudfront.net di.rlcdn.com dpm.demdex.net eb2.3lift.com edge.api.brightcove.com fast.fonts.net feedback-pa.clients6.google.com fonts.cdnfonts.com fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com form.typeform.com geolocation.onetrust.com googleads.g.doubleclick.net gum.criteo.com i.liadm.com i6.liadm.com ib.adnxs.com insight.adsrvr.org insights.algolia.io integrations.eu-de.assistant.watson.appdomain.cloud js.adsrvr.org manzanasjuegosco-a.akamaihd.net maps.googleapis.com maps.gstatic.com match.adsrvr.org match.deepintent.com match.sharethrough.com metrics.brightcove.com metrics.hotjar.io ms-cookie-sync.presage.io pixel.rubiconproject.com player.vimeo.com players.brightcove.net players.brightcove.net privacyportal-eu.onetrust.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com rialto-gms.s3.amazonaws.com rtb-csync.smartadserver.com rtb.gumgum.com sc-static.net script.hotjar.com security-eu.mimecast.com snap.licdn.com spoppe-b.azureedge.net ssum-sec.casalemedia.com staging-apps.healthgrades.com static.hotjar.com stats.g.doubleclick.net sync.1rx.io sync.crwdcntrl.net tags.bluekai.com td.doubleclick.net td.doubleclick.net thrtle.com token.rubiconproject.com translate-pa.googleapis.com translate.googleapis.com trc.lhmos.com trotjidayo-1.algolianet.com trotjidayo-2.algolianet.com trotjidayo-3.algolianet.com trotjidayo-dsn.algolia.net uipglob.semasio.net unpkg.com use.fontawesome.com vc.hotjar.io vjs.zencdn.net web-chat.global.assistant.watson.appdomain.cloud www.clarity.ms www.dupixent.com www.facebook.com www.google-analytics.com www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com fresnel-events.vimeocdn.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com www.medtargetsystem.com z.clarity.ms ws.hotjar.com secure.adnxs.com www.gstatic.com www.eventmgmtportal.com sanofi-privacy.my.onetrust.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net lpopeventportal-2-0-2.sanofigenzyme.intouch-preview.com som.healthgrades.com sanofi-japan-dev.eval.janraincapture.com sanofi-japan-staging.eval.janraincapture.com sanofi-japan.us.janraincapture.com sanofi-dev.us-dev.janraincapture.com sanofi-staging.us-dev.janraincapture.com sanofi.us.janraincapture.com sanofi-dev.eu-dev.janraincapture.com sanofi-staging.eu-dev.janraincapture.com sanofi.eu.janraincapture.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com fresnel-events.vimeocdn.com photos.healthgrades.com use.typekit.net p.typekit.net; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com static.klaviyo.com www.shopperapproved.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tracking.avantlink.com dgjcoqnzn763b.cloudfront.net www.shopperapproved.com seal.trustguard.com tgscript.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com acsbapp.com *.google-analytics.com js-agent.newrelic.com googletagmanager.com *.hotjar.com ssl.avmws.com d395yjvh5spyzw.cloudfront.net edge.curalate.com www.google.com *.googleapis.com config.gorgias.chat contact.gorgias.help s.pinimg.com *.pinterest.com https://cdn.searchspring.net/intellisuggest/is.min.js www.shopperapproved.com shopperapproved.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com analytics.tiktok.com tgscript.s3.amazonaws.com https://app.zinrelo.com app.zinrelo.com https://cdn.zinrelo.com/js/all.js snapui.searchspring.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://static.klaviyo.com www.gstatic.com www.shopperapproved.com use.typekit.net p.typekit.net tgscript.s3.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.acsbapp.com stats.g.doubleclick.net *.google-analytics.com googletagmanager.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.tiktokw.us *.googleapis.com config.gorgias.chat wss://us-east1-898b.gorgias.chat s.pinimg.com ct.pinterest.com *.pinterest.com https://beacon.searchspring.io/beacon shopperapproved.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com analytics.tiktok.com api.trustguard.com *.searchspring.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src assets.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com data: *.fontawesome.com fonts.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zdassets.com www.gstatic.com script.hotjar.com static.hotjar.com googleadservices.com maps.googleapis.com/ webpay3g.transbank.cl webpay3gint.transbank.cl *.google.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com googleadservices.com maps.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.moprestamo.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.izipay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com vars.hotjar.com *.doubleclick.net *.pinterest.com *.tryadviser.com *.webviewer.appar.io *.paperless.com.pe *.extranetrosen.cl static-content.vnforapps.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.moprestamo.com maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com magefan.com cm.magefan.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.extranetrosen.cl *.hsforms.com track.hubspot.com mercadopago.cl www.mercadopago.cl www.google.com.pe static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com *.pinterest.com *.sendtric.com *.tryadviser.com *.adnxs.com *.linkedin.com *.doubleclick.net *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.googleadservices.com *.google-analytics.com cdn.ckeditor.com google.com.ar https://www.mercadopago.com.pe https://www.google.com.ar https://www.google.es data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.dpm.demdex.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.moprestamo.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.izipay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com https://maps.googleapis.com www.extranetrosen.cl static.zdassets.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleoptimize.com static.hotjar.com *.google.cl script.hotjar.com js.hsleadflows.net *.pinimg.com www.youtube.com *.tryadviser.com *.adnxs.com *.hsadspixel.net *.verificado.ai api.verificado.ai snap.licdn.com *.google-analytics.com *.commerce.adobe.net *.magento.com *.hscollectedforms.net *.doubleclick.net *.omtrdc.net *.googletagmanager.com *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.mouseflow.com *.hubspot.com *.vnforapps.com rum.hlx.page dev.visualwebsiteoptimizer.com data.appar.io *.pinterest.com *.gstatic.com cdn.ckeditor.com/ pinterest.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.moprestamo.com cdn.dnky.co *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.rosen.cl *.rosen.com.pe www.extranetrosen.cl *.tryadviser.com *.googleapis.com *.gstatic.com fonts.googleapis.com/ cdn.ckeditor.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.izipay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zdassets.com v2.zopim.com ekr.zdassets.com rollbar-eu.zendesk.com wa.me *.hubspot.com stats.g.doubleclick.net rosen.zendesk.com wss://widget-mediator.zopim.com *.hotjar.com vc.hotjar.io www.facebook.com public.delivery.janisqa.in public.delivery.janis.in *.google.cl *.pinterest.com wss://*.hotjar.com *.hscollectedforms.net *.hubapi.com *.amazonaws.com *.amazon.com *.zendesk.com *.linkedin.com ad.doubleclick.net dev.visualwebsiteoptimizer.com *.google-analytics.com maps.googleapis.com/ *.visualwebsiteoptimizer.com http://localhost:12387 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.bootstrapcdn.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com https://plumrocket.com https://t.pepperjamnetwork.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.googleapis.com http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleadservices.com *.twitter.com *.adobedtm.com https://firebasestorage.googleapis.com https://img.youtube.com https://shareasale.com/sale.cfm https://track.linksynergy.com https://www.bizrate.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com https://track.webgains.com https://prf.hn https://track.flexlinks.com https://scripts.affiliatefuture.com https://t.powerreviews.com https://match.sharethrough.com https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://jadserve.postrelease.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://ps.eyeota.net https://public-prod-dspcookiematching.dmxleo.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com *.gstatic.com http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com graph.facebook.com *.adobedtm.com https://analytics.webgains.io *.avada.io *.shopify.com s7.addthis.com https://*.dwin1.com https://intljs.rmtag.com https://cdn.avmws.com https://images.bizrate.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://swrap.tradedoubler.com https://analytics.optimalpeople.fr https://www.linkconnector.com https://d3v27wwd40f0xu.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://*.affiliatefuture.com https://static.powerreviews.com *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com https://get.geojs.io *.avada.io api.addressy.com ekr.zdassets.com/ https://shareasale.com/sale.cfm https://analytics.optimalpeople.fr https://measurement-api.criteo.com https://api.webgains.io https://the.sciencebehindecommerce.com https://*.wepowerconnections.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorized.by *.bewakingscamera.nl *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.at www.google.be www.google.ch www.google.com.au www.google.com.bd www.google.com.br www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.uk www.google.cz www.google.de www.google.dk www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.google.ru *.google.com google.com *.googletagmanager.com *.gstatic.com *.mouseflow.com *.multisafepay.com *.newrelic.com *.nr-data.net *.returnless.com *.smartlook.com *.storyblok.com vercel.live api.marker.io ssr.marker.io s3.eu-west-1.amazonaws.com/marker.sessions.prod; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorized.by *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com *.googleapis.com www.google.at www.google.be www.google.ch www.google.co.uk www.google.de www.google.fr www.google.nl *.google.com *.googletagmanager.com *.gstatic.com *.mouseflow.com *.smartlook.com *.storyblok.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorized.by *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.at www.google.be www.google.ch www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.uk www.google.cz www.google.de www.google.dk www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.google.ru *.google.com *.googletagmanager.com *.gstatic.com *.multisafepay.com *.storyblok.com blob: data: media.marker.io app.marker.io edge.marker.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bewakingscamera.nl *.bing.com *.doubleclick.net *.googleapis.com *.google.com *.googletagmanager.com *.mouseflow.com *.multisafepay.com *.newrelic.com *.returnless.com *.smartlook.com *.storyblok.com vercel.live edge.marker.io app.marker.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.gstatic.com *.multisafepay.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.multisafepay.com *.returnless.com vercel.live app.marker.io; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com app.marker.io edge.marker.io; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.storyblok.com media.marker.io app.marker.io edge.marker.io; child-src 'self' 'unsafe-inline' 'unsafe-eval'  app.marker.io; form-action 'self' 'unsafe-inline' 'unsafe-eval' app.marker.io api.marker.io; report-uri https://14edc0c0-b3cc-497c-8aa2-2e84efa49370.sansec.watch/; report-to report-endpoint; 2
default-src 'self'; script-src 'nonce-KjlwR0pVUGk3YkR1dFRBV2ZmIUo=' 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://cdnjs.cloudflare.com; script-src-elem 'nonce-MTo4MDY2MDoxNjE3MDQ5ODExOjE3MzQ5NTc2NzU=' 'nonce-MTo4MDY2MzoxNjQ4Nzg0NDUxOjE3MzQ5NTc4NTQ=' 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.kaspersky-labs.com https://api.mailxpert.ch; script-src-attr 'self' 'unsafe-inline' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://*.kaspersky-labs.com https://cdnjs.cloudflare.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://api.friendlycaptcha.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://ige.prospective.ch https://td.doubleclick.net https://nl.mailxpert.ch https://www.youtube-nocookie.com; img-src 'self' data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://i.ytimg.com; manifest-src 'self'; media-src 'self' data:; worker-src blob:; report-uri /CspReportLogger.php 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'             *.googleapis.com fonts.gstatic.com *.fontawesome.com *.aspnetcdn.com *.jsdelivr.net *.googletagmanager.com              *.googleadservices.com s.adroll.com wss://*.hotjar.com/api/v2/client/ws *.jquery.com;              img-src data: *;              frame-ancestors 'self';              object-src 'none';              form-action 'self';              base-uri 'self';              media-src s3.amazonaws.com;              report-uri /csp/; 2
default-src 'self' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com *.qqcw.us;                                    connect-src 'self' https://*.ads.linkedin.com https://www.googleadservices.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://js.stripe.com https://m.stripe.network https://m.stripe.com https://api.stripe.com https://*.googleapis.com https://cdn.sanity.io https://*.google.com https://*.gstatic.com https://unpkg.com https://*.mouseflow.com https://api.segment.io/v1/m https://connect.facebook.net/en_US/fbevents.js https://*.facebook.net https://*.facebook.com https://qqcw.report-uri.com/r/t/csp/reportOnly https://www.googletagmanager.com https://tagmanager.google.com https://*.fbot.me https://cdn.feathery.io https://api.feathery.io https://cdn.jsdelivr.net https://www.google-analytics.com https://google.com https://*.doubleclick.net data: blob:;                                    font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://js.stripe.com https://m.stripe.network https://m.stripe.com https://*.fbot.me;                                    img-src 'self' https://d3st4nmzrq9nfk.cloudfront.net https://*.ads.linkedin.com https://analytics.tiktok.com https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://*.googleapis.com https://*.gstatic.com https://cdn.sanity.io *.google.com *.facebook.net www.facebook.com *.googleusercontent.com https://www.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://www.googletagmanager.com https://*.fbot.me data: blob:;                                    media-src 'self' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://*.fbot.me;                                    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ads.linkedin.com https://snap.licdn.com https://analytics.tiktok.com  https://sdk.iad-07.braze.com https://js.appboycdn.com https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://*.qqcw.us https://js.stripe.com https://m.stripe.network https://m.stripe.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://unpkg.com https://cdn.mouseflow.com *.googleusercontent.com https://connect.facebook.net/en_US/fbevents.js *.facebook.net https://www.googletagmanager.com https://tagmanager.google.com/ https://*.fbot.me https://*.feathery.io https://cdn.jsdelivr.net https://www.google-analytics.com https://*.doubleclick.net https://googleadservices.com https://www.youtube.com blob:;                                    style-src 'self' 'unsafe-inline' https://quickquack.com https://*.quickquack.com https://dontdrivedirty.com https://*.dontdrivedirty.com https://use.fontawesome.com https://fonts.googleapis.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://*.fbot.me data: blob:;                                    frame-src 'self' https://www.facebook.com https://js.stripe.com https://m.stripe.network https://m.stripe.com *.google.com  https://www.googletagmanager.com https://tagmanager.google.com/ https://*.fbot.me https://cdn.feathery.io https://cdn.jsdelivr.net https://*.doubleclick.net https://www.youtube-nocookie.com/ https://keycloak.dev.qqcw.us https://auth.dontdrivedirty.com;                                               report-uri https://qqcw.report-uri.com/r/t/csp/reportOnly?ngsw-bypass=true; 2
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com https://www.gstatic.com https://fonts.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.baktotaal.nl *.baktotaal.de *.baktotaal.com baktotaal.nl baktotaal.de baktotaal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com challenges.cloudflare.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.criteo.com consentcdn.cookiebot.eu consentcdn.cookiebot.com *.facebook.com www.googletagmanager.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io magefan.com cm.magefan.com *.multisafepay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.disqus.com https://firebasestorage.googleapis.com maps.gstatic.com ts.tradetracker.net www.magmodules.eu *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.baktotaal.nl *.baktotaal.de *.baktotaal.com *.cloudfront.net www.google.nl permalink.psinfoodservice.com www.facebook.com *.linkedin.com *.squeezely.tech *.bing.net *.criteo.com *.usercentrics.eu *.cookiebot.com *.bing.com *.etrusted.com *.clarity.ms pagead2.googlesyndication.com google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com *.disqus.com *.avada.io *.shopify.com challenges.cloudflare.com maps.googleapis.com www.gstatic.com tm.tradetracker.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com *.criteo.com *.criteo.net squeezely.tech instant.page *.licdn.com *.bing.com *.bing-int.com consent.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.com consentcdn.cookiebot.eu cdn.jsdelivr.net *.hotjar.com connect.facebook.net *.clarity.ms *.varify.io d5yoctgpv4cpx.cloudfront.net www.google.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://fonts.bunny.net www.gstatic.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.baktotaal.nl *.baktotaal.de *.baktotaal.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com *.baktotaal.nl *.baktotaal.de *.baktotaal.com *.criteo.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.bing.net *.bing.com *.varify.io *.clarity.ms www.facebook.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com pagead2.googlesyndication.com www.google.com google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.bglobale.com *.global-e.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.maisonkitsune.com *.maisonkitsune.test maisonkitsune.com preprod-m2.maisonkitsune.com maisonkitsune.test vestiaire.maisonkitsune.com preprod-vest.maisonkitsune.com vestiaire.test data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bglobale.com *.global-e.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ ssmkt.maisonkitsune.com/ *.fitle.com *.cookieinformation.com https://open.spotify.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.bglobale.com *.global-e.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.maisonkitsune.com *.maisonkitsune.test maisonkitsune.com preprod-m2.maisonkitsune.com maisonkitsune.test vestiaire.maisonkitsune.com preprod-vest.maisonkitsune.com vestiaire.test *.line.me *.bing.com https://bat.bing.net https://cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bglobale.com *.global-e.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.maisonkitsune.com *.maisonkitsune.test maisonkitsune.com preprod-m2.maisonkitsune.com maisonkitsune.test vestiaire.maisonkitsune.com preprod-vest.maisonkitsune.com vestiaire.test *.fitle.com *.cookieinformation.com *.bing.com *.line-scdn.net *.jsdelivr.net *.zdassets.com https://cdn.cookielaw.org wss://widget-mediator.zopim.com https://ssmkt.maisonkitsune.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bglobale.com *.global-e.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://cdnjs.cloudflare.com *.maisonkitsune.com *.maisonkitsune.test maisonkitsune.com preprod-m2.maisonkitsune.com maisonkitsune.test vestiaire.maisonkitsune.com preprod-vest.maisonkitsune.com vestiaire.test 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com https://cdn.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.maisonkitsune.com *.maisonkitsune.test maisonkitsune.com preprod-m2.maisonkitsune.com maisonkitsune.test vestiaire.maisonkitsune.com preprod-vest.maisonkitsune.com vestiaire.test *.fitle.com https://bat.bing.net *.googlesyndication.com *.cookieinformation.com *.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.spotify.com https://dimedic.eu https://*.dimedic.eu https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com pay.google.com apm.przelewy24.pl *.spotify.com https://aptekaradicula.pl *.googletagmanager.com https://dimedic.eu https://*.dimedic.eu https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com static.przelewy24.pl gstatic.com *.spotify.com media.recepta.pl https://dimedic.eu https://*.dimedic.eu https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googletagmanager.com tagmanager.google.com *.disqus.com https://cdn.jsdelivr.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.spotify.com *.cookiefirst.com static.recepta.pl mailing.pgf.com.pl an.gr-wcon.com us-an.gr-cdn.com svht.tradedoubler.com swrap.tradedoubler.com bat.bing.com connect.facebook.net https://dimedic.eu https://*.dimedic.eu https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com tagmanager.google.com fonts.google.com https://cdn.jsdelivr.net *.spotify.com *.googleapis.com *.google.com static.recepta.pl https://dimedic.eu https://*.dimedic.eu https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl *.spotify.com ga2.getresponse.com stats.g.doubleclick.net *.cookiefirst.com https://dimedic.eu https://*.dimedic.eu *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com mrpg.scene7.com cdn.media.amplience.net *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: *.yotpo.com https://js.klevu.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-inline' l.getsitecontrol.com www.googletagmanager.com region1.google-analytics.com www.google-analytics.com static.ads-twitter.com www.loom.com youtube.com *.semaphoreci.com *.semaphore.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: secure.gravatar.com s.w.org www.google-analytics.com www.googletagmanager.com static.ads-twitter.com t.co analytics.twitter.com img.youtube.com *.semaphoreci.com *.semaphore.io; font-src 'self' fonts.gstatic.com data:; frame-src youtube.com www.youtube.com www.loom.com calendar.google.com www.googletagmanager.com; media-src audio.buzzsprout.com; connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://l.getsitecontrol.com; report-uri https://sentry.io/api/4509293704970240/security/?sentry_key=de4512f268813ed97e73abec15d22aab 2
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.site24x7rum.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://www.google-analytics.com https://col.site24x7rum.com; require-trusted-types-for 'script'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.chatbase.co https://plumrocket.com *.yotpo.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com gophersport.com bat.bing.net sp.analytics.yahoo.com www.google.si maps.googleapis.com maps.gstatic.com *.yotpo.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'unsafe-eval' vip.gophersport.com onsite.optimonk.com cdn-asset.optimonk.com gs-cdn.optimonk.com rum.hlx.page www.clarity.ms scripts.clarity.ms bat.bing.com api.ipify.org s.yimg.com www.chatbase.co tagmanager.google.com cdn.mida.so maps.googleapis.com *.googletagmanager.com *.yotpo.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com vip.gophersport.com *.fontawesome.com *.yotpo.com *.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com vip.gophersport.com onsite.optimonk.com front.optimonk.com cdn-account.optimonk.com cdn-limit.optimonk.com jfapiprod.optimonk.com rum.hlx.page j.clarity.ms bat.bing.net s.yimg.com www.chatbase.co stats.g.doubleclick.net cdn.mida.so api.mida.so maps.googleapis.com *.yotpo.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.ads.linkedin.com https://aplo-evnt.com https://*.clarity.ms https://*.leadinfo.net https://*.leadinfo.com https://*.dyflexis.com https://google.com https://*.google.com https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://googletagmanager.com https://*.googletagmanager.com https://*.trustpilot.com https://www.googleadservices.com; font-src 'self' https://*.wp.com https://fonts.bunny.net https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.dyflexis.com; frame-src 'self' https://*.dyflexis.com https://*.fls.doubleclick.net https://10996528.fls.doubleclick.net https://*.google.com https://*.trustpilot.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://player.vimeo.com https://anchor.fm https://td.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; img-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.leadinfo.net https://*.dyflexis.com https://*.googleadservices.com  https://google.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vu https://*.google.ws https://*.googleusercontent.com https://*.clarity.ms https://api.taggrs.io https://*.w.org https://appwiki.nl https://bat.bing.com https://bat.bing.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://img.sct.eu1.usercentrics.eu https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://*.googlesyndication.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.activehosted.com https://*.adform.net https://*.leadinfo.net https://*.clarity.ms https://*.google.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; script-src-elem 'self' 'unsafe-inline' https://*.activehosted.com https://*.adform.net https://*.leadinfo.net https://*.clarity.ms https://*.cloudflare.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://connect.facebook.net https://*.trustpilot.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://fonts.bunny.net https://googleads.g.doubleclick.net https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://unpkg.com https://www.googleadservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data: 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net; worker-src 'self' blob:; report-uri https://webwhales.nl?gdsih-csp-report; report-to csp-endpoint 2
default-src 'self' 'unsafe-inline' *.bazaarvoice.com; connect-src 'self' 'unsafe-inline' maps.googleapis.com www.google.com www.gstatic.com analytics.google.com *.google-analytics.com *.googletagmanager.com www.google-analytics.com bam.nr-data.net *.afterpay.com *.afterpaycdn.com *.squarecdn.com static.afterpay.com *.paypal.com *.bazaarvoice.com edge.fullstory.com rs.fullstory.com ekr.zdassets.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net *.afterpay.com *.afterpaycdn.com *.squarecdn.com; frame-src 'self' 'unsafe-inline' www.google.com www.youtube.com player.vimeo.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com assets.braintreegateway.com *.paypal.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com i.vimeocdn.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com site-assets.afterpay.com www.paypalobjects.com *.bazaarvoice.com rs.fullstory.com insight.adsrvr.org theathletesfootcustomercarenz.zendesk.com accentgroupsupport.zendesk.com www.facebook.com; script-src 'self' 'unsafe-inline' blob: maps.googleapis.com www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com tagmanager.google.com js-agent.newrelic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com; child-src blob:; media-src 'self' blob: data:; worker-src 'self' blob:; report-uri https://36eddd1e-785d-4d1e-a6e1-6809b1003cef.sansec.watch/ 2
default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://umfworldwide.com https://ultrapassport.com https://umfstage.com https://london.resistancemusic.com https://warsaw.resistancemusic.com https://resistanceibiza.com https://ultraeurope.com https://ultrasouthafrica.com https://ultranewzealand.com https://ultrabuenosaires.com https://ultraperu.com https://ultraaustralia.com https://ultramusicfestival.com https://resistancemiami.com https://medellin.resistancemusic.com https://santiago.resistancemusic.com https://lima.resistancemusic.com https://ultrataiwan.com https://guatemala.roadtoultra.com https://ecuador.roadtoultra.com https://ultrajapan.com https://ultrahongkong.com https://ultrakorea.com https://resistancemusic.com https://ultrabali.com https://ultrachile.com https://thailand.roadtoultra.com https://india.roadtoultra.com https://ultraabudhabi.com https://costadelsol.ultrabeach.com https://costarica.roadtoultra.com https://ultrabrasil.com https://buenosaires.resistancemusic.com https://guatemala.resistancemusic.com https://colombia.roadtoultra.com https://australia.resistancemusic.com https://mexico.resistancemusic.com https://santacruz.resistancemusic.com https://panama.resistancemusic.com https://sanjose.resistancemusic.com https://uruguay.resistancemusic.com https://ultrasingapore.com https://ultramexico.com https://quito.resistancemusic.com https://ultrabeijing.com https://ultrashanghai.com https://philippines.roadtoultra.com https://paraguay.roadtoultra.com https://roadtoultra.com https://bolivia.roadtoultra.com https://*.umfworldwide.com https://*.ultrapassport.com https://*.umfstage.com https://*.london.resistancemusic.com https://*.warsaw.resistancemusic.com https://*.resistanceibiza.com https://*.ultraeurope.com https://*.ultrasouthafrica.com https://*.ultranewzealand.com https://*.ultrabuenosaires.com https://*.ultraperu.com https://*.ultraaustralia.com https://*.ultramusicfestival.com https://*.resistancemiami.com https://*.medellin.resistancemusic.com https://*.santiago.resistancemusic.com https://*.lima.resistancemusic.com https://*.ultrataiwan.com https://*.guatemala.roadtoultra.com https://*.ecuador.roadtoultra.com https://*.ultrajapan.com https://*.ultrahongkong.com https://*.ultrakorea.com https://*.resistancemusic.com https://*.ultrabali.com https://*.ultrachile.com https://*.thailand.roadtoultra.com https://*.india.roadtoultra.com https://*.ultraabudhabi.com https://*.costadelsol.ultrabeach.com https://*.costarica.roadtoultra.com https://*.ultrabrasil.com https://*.buenosaires.resistancemusic.com https://*.guatemala.resistancemusic.com https://*.colombia.roadtoultra.com https://*.australia.resistancemusic.com https://*.mexico.resistancemusic.com https://*.santacruz.resistancemusic.com https://*.panama.resistancemusic.com https://*.sanjose.resistancemusic.com https://*.uruguay.resistancemusic.com https://*.ultrasingapore.com https://*.ultramexico.com https://*.quito.resistancemusic.com https://*.ultrabeijing.com https://*.ultrashanghai.com https://*.philippines.roadtoultra.com https://*.paraguay.roadtoultra.com https://*.roadtoultra.com https://*.bolivia.roadtoultra.com; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.bootstrapcdn.com *.hotjar.com fonts.googleapis.com cdn.cookiehub.eu https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.networkmerchants.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com googleads.g.doubleclick.net secure.livechatinc.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.networkmerchants.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.amazonaws.com bat.bing.com cdn.ywxi.net blob *.instantsearchplus.com *.bbb.org cdn.livechat-files.com *.facebook.com *.hotjar.com *.clarity.ms *.bing.com *.google.com.ar www.doubleclick.net cdn.cookiehub.eu p.brsrvr.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.networkmerchants.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.certcapture.com *.fontawesome.com *.livechatinc.com bat.bing.com *.clarity.ms 199001.tctm.co *.facebook.net *.facebook.com *.cokertirecompany.com *.hotjar.com e.zip-corvette.com www.googletagservices.com www.doubleclick.net cdn.cookiehub.eu cdn.brcdn.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.networkmerchants.com *.certcapture.com *.bootstrapcdn.com static-autocomplete.fastsimon.com ping.fastsimon.com settings.fastsimon.com static-grid.fastsimon.com *.typekit.net cdn.cookiehub.eu cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.networkmerchants.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.clarity.ms api.livechatinc.com bat.bing.com api.fastsimon.com suggest.instantsearchplus.com suggest.fastsimon.com static-autocomplete.fastsimon.com static-grid.fastsimon.com ping.fastsimon.com settings.fastsimon.com stats.g.doubleclick.net bam.nr-data.net 199001.tctm.co *.facebook.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com googleads.g.doubleclick.net cdn.cookiehub.eu c.ba.contentsquare.net 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.google.com *.prismic.io *.google.com *.criteo.com *.criteo.net *.doubleclick.net *.pinterest.com *.facebook.com *.livechatinc.com *.sovendus-connect.com *.googletagmanager.com *.weltpixel.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.prism.app-us1.com *.prismic.io *.bing.com *.google.ch *.trackjs.com *.google.com *.twiago.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.adform.net *.omnitagjs.com *.lehner-versand.ch *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.livechat-files.com *.dmxleo.com *.profity.ch *.googleapis.com *.1rx.io *.files-text.com *.livechatinc.com *.livechat-static.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ bx-cdn.com/static/bav2.min.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js bx-cdn.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io *.trackjs.com *.gstatic.com *.livechatinc.com *.cdn.prismic.io *.google.com *.criteo.com *.pinimg.com *.bing.com *.adt313.net htm1.ch *.pinterest.com profity.ch *.profity.ch/clients/main.js *.getback.ch *.sovendus.com *.sovendus-connect.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.wi-platform-cloud.com *.bx-cdn.com *.googletagmanager.com *.bx-cloud.com *.doubleclick.net *.livechat-static.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.getback.ch *.cloudflare.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.livechatinc.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.googleapis.com storage.googleapis.com/*_rtux-data* *.livechatinc.com *.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com track.bx-cloud.com main.bx-cloud.com track-gw1.bx-cloud.com bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io htm1.ch *.pinterest.com *.lehner-versand.ch *.criteo.com *.google.com *.getback.ch *.doubleclick.net *.wi-platform-cloud.com *.trackjs.com *.livechatinc.com *.sovendus.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.bing.com *.text.com test.saferpay.com www.saferpay.com saferpay.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app 'self' 'unsafe-inline'; child-src *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://mcstagingdoral.booktrump.com https://mcstagingireland.booktrump.com https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://firebasestorage.googleapis.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://bat.bing.com https://*.bing.com https://*.synxis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net www.termsfeed.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://backend.alia-cloudflare.com https://capture.celopay.com https://api.cartstack.com https://*.cartstack.com https://script.hotjar.com https://www.thehotelsnetwork.com https://*.thehotelsnetwork.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://use.typekit.net https://p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://player.vimeo.com https://download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://get.geojs.io *.avada.io *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://capture.celopay.com https://api.cartstack.com https://*.cartstack.com https://bat.bing.com https://*.bing.com https://www.thehotelsnetwork.com https://*.thehotelsnetwork.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src https://higherlogicdownload.s3.amazonaws.com/CONSERVATIONUS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CONSERVATIONUS/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CONSERVATIONUS/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogicdownload.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogiclongterm.s3.amazonaws.com/CONSERVATIONUS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CONSERVATIONUS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CONSERVATIONUS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogicdownload.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogicstream.s3.amazonaws.com/CONSERVATIONUS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CONSERVATIONUS/ https://higherlogicdownload.s3.amazonaws.com/CONSERVATIONUS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CONSERVATIONUS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.cloudfront.net *.klaviyo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.braintreegateway.com *.google.com *.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com *.cloudfront.net https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au *.data-dynamic.net images.latitudepayapps.com *.godfreys.com.au *.feefo.com *.google.com *.google.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.bing.com *.criteo.com *.bluekai.com *.socdm.com *.krxd.net *.pubmatic.com *.outbrain.com *.mediavine.com *.aralego.com *.aralego.net *.smaato.net *.clmbtech.com *.yieldmo.com *.emxdgt.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.rlcdn.com *.3lift.com *.360yield.com *.mytopia.com.au *.clarity.ms *.edisons.com.au *.google.co.in *.1rx.io sync.targeting.unrulymedia.com aa.agkn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com app.alhena.ai *.forter.com *.cloudfront.net *.openpay.com.au https://js-agent.newrelic.com https://oc-library.playground.klarnaservices.com/lib.js *.bing.com *.criteo.com *.mytopia.com.au *.google.com *.googleoptimize.com *.cfjump.com *.freshchat.com *.zip.co *.clarity.ms *.hotjar.com *.edisons.com.au commerce.adobe.io cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com cdn.jsdelivr.net https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.freshchat.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com app.alhena.ai *.cloudfront.net *.forter.com *.zipmoney.com.au *.zip.co *.criteo.com *.googlesyndication.com *.googleapis.com *.afterpay.com https://ipapi.co/json/ *.clarity.ms *.hotjar.com *.bugsnag.com millsbrands.app.n8n.cloud siteperformancetest.net *.siteperformancetest.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/mapsplatform_google_com 2
default-src 'self' https://*.adnxs.com https://*.avanser.com https://*.hubapi.com https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://*.readspeaker.com https://*.cloudflare.com https://*.facebook.net https://*.cdnfonts.com https://*.googleapis.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hsform.com https://*.hubspot.com https://*.google.com.au https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://*.doubleclick.net https://*.cdninstagram.com https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://*.newrelic.com https://*.vimeo.com https://*.raisely.com https://*.siteimproveanalytics.com https://*.hotjar.com https://*.licdn.com https://*.ewaypayments.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.yimg.com https://*.youtube.com; object-src 'none'; img-src * data:; script-src 'self' https://*.adnxs.com https://*.avanser.com https://*.hubapi.com https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://*.readspeaker.com https://*.cloudflare.com https://*.facebook.net https://*.cdnfonts.com https://*.googleapis.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hsform.com https://*.hubspot.com https://*.google.com.au https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://*.doubleclick.net https://*.cdninstagram.com https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://*.newrelic.com https://*.vimeo.com https://*.raisely.com https://*.siteimproveanalytics.com https://*.hotjar.com https://*.licdn.com https://*.ewaypayments.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.yimg.com https://*.youtube.com; style-src 'self' * 'unsafe-inline'; font-src * data:; media-src *; frame-src *.vimeo.com *.googletagmanager.com *.doubleclick.net *.youtube.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2
font-src https://static.dhlecommerce.nl https://fonts.gstatic.com https://widgets.trustedshops.com fonts.gstatic.com widgets.trustedshops.com static.klaviyo.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io gum.criteo.com fledge.criteo.com fledge.eu.criteo.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com ct.pinterest.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com www.acc-brandfield.com *.googlesyndication.com api.taggrs.io widgets.trustedshops.com www.facebook.com bat.bing.com sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com x.bidswitch.net simage2.pubmatic.com eb2.3lift.com ad.360yield.com ad.yieldlab.net id5-sync.com exchange.mediavine.com jadserve.postrelease.com criteo-sync.teads.tv r.casalemedia.com sync.targeting.unrulymedia.com criteo-partners.tremorhub.com sync.outbrain.com contextual.media.net aa.agkn.com cm.g.doubleclick.net bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com www.google.nl d3k81ch9hvuctc.cloudfront.net brandfield.work public-prod-dspcookiematching.dmxleo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://static.dhlecommerce.nl https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com static.zdassets.com integrations.etrusted.com static.klaviyo.com widgets.trustedshops.com static-tracking.klaviyo.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com cdn.cookie-script.com s.pinimg.com connect.facebook.net dynamic.criteo.com bat.bing.com analytics.tiktok.com fledge.criteo.com sslwidget.criteo.com www.clarity.ms fledge.eu.criteo.com ct.pinterest.com www.google.com www.gstatic.com static.buckaroo.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com fonts.googleapis.com static.klaviyo.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com ekr.zdassets.com bfsst.brandfield.nl bfsst.brandfield.be bfsst.brandfield.fr bfsst.brandfield.de bfsst.brandfield.com fast.a.klaviyo.com static-forms.klaviyo.com a.klaviyo.com cdn.brandfield.nl cdn.brandfield.fr cdn.brandfield.de cdn.brandfield.be cdn.brandfield.com ct.pinterest.com gum.criteo.com measurement-api.criteo.com *.clarity.ms ipinfo.io www.google.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com l.clarity.ms www.google.com bat.bing.net analytics.tiktok.com csm.nl3.eu.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8f7c9b71-bcff-463a-be0a-2ff1273b3e9d.sansec.watch/; report-to report-endpoint; 2
default-src   'self' 'unsafe-inline';  img-src   'self' *.karte.io *.revico.jp *.shoplive.cloud *.smartnews-ads.com *.visumo.io *.visumo.jp *.yahoo.co.jp ads-engagement.presage.io ajax.googleapis.com analytics.twitter.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net d1ioo46r7yo3cy.cloudfront.net d25rwisachr1q4.cloudfront.net googleads.g.doubleclick.net i6.smartnews-ads.com images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com maihada.jp maison.kose.co.jp s3-ap-northeast-1.amazonaws.com sdk.hellouniweb.com seal.globalsign.com sekkisei.jp ssif1.globalsign.com static-fe.payments-amazon.com static-na.payments-amazon.com t.co tr.line.me ui-storage.userlocal.jp www.addiction-beauty.com www.decorte.com www.facebook.com www.google.at www.google.bg www.google.ca www.google.ch www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.hk www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.fr www.google.ie www.google.nl www.google.pl www.google.se www.googleadservices.com www.googletagmanager.com www.jillstuart-floranotisjillstuart.com data:;  font-src   'self' *.karte.io *.revico.jp *.shoplive.cloud assets.payments-amazon.com at.alicdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:;  connect-src   'self' *.karte.io *.line.me *.nakanohito.jp *.revico.jp *.shoplive.cloud *.visumo.io *.visumo.jp *.yahoo.co.jp analytics.google.com analytics.twitter.com apac.account.amazon.com api.amazon.co.jp api.amazon.com cognito-identity.ap-northeast-1.amazonaws.com connect.facebook.net d1ioo46r7yo3cy.cloudfront.net dc.services.visualstudio.com dm.slim02.jp dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com googleads.g.doubleclick.net liffsdk.line-scdn.net lightning-recommend.io log-v4-insight.kaizenplatform.net m.media-amazon.com mws.amazonservices.com mws.amazonservices.jp o4506773005533184.ingest.sentry.io payments-fe.amazon.com payments-jp.amazon.com payments.amazon.co.jp pinpoint.ap-northeast-1.amazonaws.com private.shopliveapi.com q2g7sv46jzbxljwitblgzewfzm.appsync-api.ap-northeast-1.amazonaws.com region1.analytics.google.com region1.google-analytics.com sdk.hellouniweb.com stats.g.doubleclick.net t.co www.facebook.com www.google-analytics.com www.google.at www.google.bg www.google.ca www.google.ch www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.hk www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.fr www.google.ie www.google.nl www.google.pl www.google.se www.googleadservices.com www.googletagmanager.com blob:;  frame-src   'self' *.revico.jp *.shoplive.cloud gw-3re7.iss.netstar-inc.com js.stripe.com payments-jp.amazon.com payments.amazon.co.jp recaptcha.google.com static-fe.payments-amazon.com static-na.payments-amazon.com www.facebook.com www.google.com www.googletagmanager.com www.jillstuart-floranotisjillstuart.com www.youtube.com;  media-src   'self' *.visumo.io *.visumo.jp blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.ebis.ne.jp *.karte.io *.mul-pay.jp *.nakanohito.jp *.revico.jp *.shoplive.cloud *.smartnews-ads.com *.visumo.io *.visumo.jp *.yahoo.co.jp adebisns.jillstuart-floranotisjillstuart.com ads-engagement.presage.io ajax.googleapis.com as.uncn.jp assets.payments-amazon.com cdn.credit.gmo-ab.com cdn.jsdelivr.net cdn.kaizenplatform.net cdn.smartnews-ads.com cdnjs.cloudflare.com connect.facebook.net d.line-scdn.net d1ioo46r7yo3cy.cloudfront.net fraud-buster.appspot.com googleads.g.doubleclick.net infird.com js.stripe.com lightning-recommend.io s.yimg.jp s3-ap-northeast-1.amazonaws.com sdk.hellouniweb.com seal.globalsign.com ssif1.globalsign.com static-fe.payments-amazon.com static-na.payments-amazon.com static.ads-twitter.com static.line-scdn.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.jillstuart-floranotisjillstuart.com www.youtube.com blob:;  style-src   'self' 'unsafe-inline' *.nakanohito.jp *.revico.jp *.shoplive.cloud *.visumo.jp ajax.googleapis.com assets.payments-amazon.com cdn.jsdelivr.net cdnjs.cloudflare.com d1ioo46r7yo3cy.cloudfront.net d25rwisachr1q4.cloudfront.net fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com www.jillstuart-beauty.com www.jillstuart-floranotisjillstuart.com;  worker-src   'self' blob:;  report-to   csp-endpoint; 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.network *.stripecdn.com *.amazon.com *.googleapis.com *.trustpilot.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adobedc.net *.demdex.net *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://7dc0cf2f-7ee0-4e32-abdf-e62b11896390.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: https://fonts.gstatic.com *.googleapis.com *.hsappstatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.cookiebot.com *.doubleclick.net js.mollie.com *.weltpixel.com www.xtento.com *.googletagmanager.com *.bing.com *.facebook.com *.google.com google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.bing.com *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com 'self' data: www.google.com.ua www.xtento.com cdn.xtento.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.td www.google.tm www.google.tn *.google.com google.com *.googlesyndication.com *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.cookiebot.com *.cloudfront.net *.bing.com *.facebook.net *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.mollie.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com https://fonts.googleapis.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.prism.app-us1.com *.prismic.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.googletagmanager.com *.pay.nl *.bing.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.bs www.google.ca www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mg www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.td www.google.tn *.google.com google.com *.googlesyndication.com *.klaviyo.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com rkkck31tec.execute-api.eu-central-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cc69216c-160f-49b7-b5a2-f80ae473753e.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.doubleclick.net *.typeform.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.online-metrix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://dev.visualwebsiteoptimizer.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page https://fmgaggi.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.cardinalcommerce.com *.cardinaltrusted.com *.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://dev.visualwebsiteoptimizer.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://fmgaggi.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.cardinalcommerce.com *.cardinaltrusted.com *.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com google.com https://dev.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /_/csp-reports 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn-cookieyes.com https://sdk.woosmap.com https://unpkg.com https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com https://f.vimeocdn.com https://www.youtube.com https://www.google.com https://static.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn-cookieyes.com https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-live.cdn.adyen.com https://f.vimeocdn.com https://www.youtube.com; img-src 'self' data: blob: https://cdn-cookieyes.com https://www.google.com https://www.google.es https://www.googletagmanager.com https://i.vimeocdn.com https://www.youtube.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.woosmap.com https://cdn-cookieyes.com https://region1.google-analytics.com https://region1.analytics.google.com https://pagead2.googlesyndication.com https://www.google.com https://stats.g.doubleclick.net https://log.cookieyes.com https://www.googletagmanager.com https://vimeo.com https://arclight.vimeo.com https://lensflare.vimeo.com https://i.vimeocdn.com https://f.vimeocdn.com https://vod-adaptive-ak.vimeocdn.com https://www.youtube.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com; frame-src 'self' https://*.cdn.adyen.com https://player.vimeo.com https://vimeo.com https://www.googletagmanager.com https://www.youtube.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; 2
font-src data: fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com *.gstatic.com 'self' data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.doubleclick.net td.doubleclick.net https://*.moneris.com/ www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com track.hubspot.com servedbyadbutler.com img.youtube.com www.facebook.com www.google.co.in twin-iq.kickfire.com ad.doubleclick.net c.clarity.ms c.bing.com maps.googleapis.com store.paradoxlabs.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hotjar.com js.hs-banner.com js.hs-scripts.com js.hs-analytics.net servedbyadbutler.com js.hscollectedforms.net js.hubspot.com js.hsadspixel.net tracker.gaconnector.com www.clarity.ms tag.simpli.fi twin-iq.kickfire.com js.usemessages.com https://*.moneris.com/ *.avada.io *.hsforms.net *.hsforms.com *.google.com *.gstatic.com maps.googleapis.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.moneris.com/ *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net maps.googleapis.com www.google.com *.hotjar.com cta-service-cms2.hubspot.com forms.hscollectedforms.net api.hubapi.com api.hubspot.com wss://ws.hotjar.com *.hotjar.io *.clarity.ms www.facebook.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com www.googleapis.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' blob: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://*.quantserve.com https: https://*.doubleclick.net https://*.teads.tv; worker-src 'self' blob:; connect-src 'self' https: wss:; img-src 'self' https:; frame-src 'self' http://*.trendmicro.com https:; report-to csp-endpoint 2
default-src 'self'; script-src 'self' https://www.google.com https://script.crazyegg.com/ https://static.hotjar.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ https://cc.cdn.civiccomputing.com/ https://www.gstatic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src * data: ; frame-src 'self' https://www.youtube.com/; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://cdn.cookielaw.org/ https://region1.google-analytics.com/ https://geolocation.onetrust.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://metrics.hotjar.io/ https://cc.cdn.civiccomputing.com/ https://apikeys.civiccomputing.com;  2
default-src 'self'; script-src 'self'  'unsafe-eval' https://www.youtube.com https://*.wistia.com https://*.wistia.net https://*.org.coveo.com https://elearning.childrenswi.org https://ajax.googleapis.com https://js.eruptr.io https://siteimproveanalytics.com https://storage.googleapis.com https://mychart.chw.org https://my-symptom.appcatalyst.com https://mychart-np.et0815.epichosted.com https://l6bcxsyfvoka8mbm.public.blob.vercel-storage.com; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://*.wistia.com https://*.wistia.net https://elearning.childrenswi.org https://ajax.googleapis.com https://js.eruptr.io https://siteimproveanalytics.com https://storage.googleapis.com https://browser.sentry-cdn.com https://mychart-np.et0815.epichosted.com https://mychart.chw.org https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.addtoany.com https://my-symptom.appcatalyst.com https://*.contentsquare.net https://*.heap-api.com https://*.calltrk.com https://elearning.childrenswi.org https://fonts.googleapis.com https://l6bcxsyfvoka8mbm.public.blob.vercel-storage.com; style-src 'self' 'unsafe-inline' https://*.sitecorecloud.io https://mychart.chw.org https://cdn.jsdelivr.net https://*.addtoany.com https://my-symptom.appcatalyst.com https://mychart-np.et0815.epichosted.com https://elearning.childrenswi.org https://fonts.googleapis.com https://l6bcxsyfvoka8mbm.public.blob.vercel-storage.com; img-src 'self' data: https: blob:; font-src 'self' data: https:; connect-src 'self' https://xmc-childrensho3e59-cw60b4-prod2126.sitecorecloud.io https://www.youtube.com https://*.sitecorecloud.io https://*.wistia.com https://*.wistia.net https://*.org.coveo.com https://elearning.childrenswi.org https://ajax.googleapis.com https://js.eruptr.io https://siteimproveanalytics.com https://storage.googleapis.com https://cw-sp-collector.modea.com https://mychart.chw.org https://cdn.jsdelivr.net https://ipapi.co https://*.addtoany.com https://my-symptom.appcatalyst.com https://mychart-np.et0815.epichosted.com https://*.litix.io https://*.contentsquare.net https://*.heap-api.com https://js.calltrk.com https://l6bcxsyfvoka8mbm.public.blob.vercel-storage.com; frame-src 'self' https://xmc-childrensho3e59-cw60b4-prod2126.sitecorecloud.io https://www.youtube.com https://mychart.chw.org https://*.addtoany.com https://my-symptom.appcatalyst.com https://mychart-np.et0815.epichosted.com https://mychart.chw.org; frame-ancestors 'self' https://xmc-childrensho3e59-cw60b4-prod2126.sitecorecloud.io https://*.sitecorecloud.io http://localhost:3000 https://mychart.chw.org https://*.xealth.io; media-src 'self' https: data: blob:; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; manifest-src 'self'; report-to csp-endpoint; report-uri https://childrenswi.org/api/csp-report/xt2c9f8er8 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://accounts.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://mobbex.com *.weltpixel.com *.getblue.io *.doubleclick.net *.criteo.com *.groovinads.com www.tfaforms.com https://mercadopago.com.ar https://www.mercadopago.com.ar 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://res.sugaway.io *.visualwebsiteoptimizer.com https://*.g.doubleclick.net *.clarity.ms *.bing.com mcstaging.sommiercenter.com *.groovinads.com *.criteo.com https://facebook.com url.directo.com.ar https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://www.gstatic.com https://ssl.gstatic.com https://ad.doubleclick.net https://ade.googlesyndication.com https://www.mercadopago.com.ar https://m.facebook.com https://maps.googleapis.com https://www.afip.gob.ar https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://live.decidir.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google.com https://maps.googleapis.com api.wcx.cloud f.wcentrix.com https://www.googletagmanager.com tagmanager.google.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.hotjar.com *.cardinalcommerce.com *.embluemail.com *.navdmp.com *.zdassets.com *.visualwebsiteoptimizer.com *.getblue.io *.zopim.com *.clarity.ms *.groovinads.com *.criteo.net *.criteo.com *.decidir.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https//static.zdassets.com https://v2.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://accounts.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.embluemail.com https://fonts.googleapis.com https://*.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com bedtime.com.ar *.bedtime.com.ar 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://developers.decidir.com/ https://accounts.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google-analytics.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ wss://widget-mediator.zopim.com *.braindw.com *.clarity.ms *.zdassets.com *.zendesk.com *.embluemail.com *.visualwebsiteoptimizer.com *.criteo.com *.decidir.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://maps.googleapis.com https://www.google.com.ar https://analytics.google.com/g/collect https://www.google.com.ar/ads https://ad.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src * blob:; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com *.zdassets.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.mb-app.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.zendesk.com *.zdassets.com *.googleapis.com *.atlantic.fr *.azurewebsites.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io groupe-mb.scene7.com *.cloudflare.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.connect.facebook.net *.doubleclick.net *.google.fr *.trustpilot.com * *.stripe.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.hcaptcha.com hcaptcha.com maps.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.licdn.com *.bing.com *.zendesk.com *.zdassets.com *.clarity.ms *.sparkow.net t4.my-probance.one *.contentsquare.net *.googleapis.com bam.nr-data.net bam.eu01.nr-data.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.zoovu.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.stripe.com *.clarity.ms *.scandit.com *.zendesk.com tereva.zendesk.com mabeo.zendesk.com tereva.zendesk.com/frontendevents mabeo.zendesk.com/frontendevents *.zdassets.com *.bing.com *.sparkow.net *.contentsquare.net bam.nr-data.net bam.eu01.nr-data.net *.googleapis.com *.linkedin.com px.ads.linkedin.com/wa/ *.zoovu.com *.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://region1.google-analytics.com https://v2.zopim.com https://ajax.googleapis.com https://analytics.silktide.com https://analytics.tiktok.com https://api.reciteme.com/asset/js https://app.geckoform.com https://cdn.populo-services.com https://connect.facebook.net https://embed.geckochat.io https://googleads.g.doubleclick.net https://l.getsitecontrol.com https://sc-static.net/scevent.min.js https://script.hotjar.com https://static.hotjar.com https://tr.snapchat.com https://www.googletagmanager.com https://cdn.populo-services.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.geckoform.com https://fonts.gstatic.com/ https://embed.geckochat.io https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cms-stmarys.cloud.contensis.com https://surveystats.hotjar.io https://googleads.g.doubleclick.net https://capigateway.adaptworldwide.com wss://widget-mediator.zopim.com https://router-euwest2.geckochat.io https://stats.g.doubleclick.net https://www.google.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://a.eu.silktide.com https://analytics.tiktok.com https://api.geckochat.io https://ekr.zdassets.com https://l.getsitecontrol.com https://region1.analytics.google.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://app.geckoform.com; font-src 'self' https://script.hotjar.com https://fonts.geckoform.com https://embed.geckochat.io https://fonts.gstatic.com/; frame-src 'self' https://app.geckoform.com https://td.doubleclick.net https://tr.snapchat.com https://www.youtube.com; img-src 'self' data: https://survey-images.hotjar.com https://img.youtube.com https://www.googletagmanager.com https://widget-assets.geckochat.io https://www.facebook.com https://i.ytimg.com https://populo.populo-services.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self' https://audio.geckochat.io; worker-src 'none'; 2
script-src 'unsafe-inline' 'unsafe-eval' www.dropbox.com 'self' apis.google.com assets.adobedtm.com c.go-mpulse.net connect.facebook.net googleads.g.doubleclick.net static.ads-twitter.com www.adobetag.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com s.pinimg.com snap.licdn.com blob:; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com apis.google.com az416426.vo.msecnd.net connect.facebook.net snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net c.go-mpulse.net www.adobetag.com www.gstatic.com www.youtube.com www.google.com s.pinimg.com ct.pinterest.com www.dropbox.com www.googleadservices.com www.scrible.com ajax.googleapis.com cdnjs.cloudflare.com googletagmanager.com script.hotjar.com static.hotjar.com; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.flowplayer.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com www.gstatic.com www.scrible.com use.fontawesome.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.oerproject.com analytics.twitter.com px.ads.linkedin.com www.facebook.com www.google.com cm.everesttech.net t.co *.bighistoryproject.com www.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com bgc3worldhistorydev.112.2o7.net csi.gstatic.com ssl.gstatic.com www.google.co.uk www.google.com.ar www.googleadservices.com cfdc4d69b.lwcdn.com stats.g.doubleclick.net www.google.ca www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.com.au www.google.com.bz www.google.com.co www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.sg www.google.mn cm.g.doubleclick.net www.google.cl www.google.co.id www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.ch www.google.ci www.google.co.cr www.google.co.il www.google.co.ke www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.tz www.google.co.ug www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.com.af www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.my www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cv www.google.cz www.google.de www.google.es www.google.fi www.google.fr www.google.gl www.google.gm www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.lk www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.rw www.google.se www.google.sk www.google.so www.google.tn www.linkedin.com fonts.gstatic.com translate.google.com ad.doubleclick.net adservice.google.com px4.ads.linkedin.com i.ytimg.com live.rezync.com yastatic.net dpm.demdex.net cdn.honey.io bat.bing.com 20537739p.rfihub.com 20537741p.rfihub.com a.rfihub.com blob: assets.clever.com www.google.as www.google.az www.google.bj www.google.by www.google.cg www.google.co.ao www.google.co.ck www.google.co.zw www.google.com.cy www.google.com.fj www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.ni www.google.com.sl www.google.com.uy www.google.dj www.google.dk www.google.dz www.google.ee www.google.ga www.google.ge www.google.hn www.google.la www.google.lt www.google.lu www.google.md www.google.me www.google.mk www.google.mu www.google.mw www.google.ps www.google.rs www.google.si www.google.sc accounts.google.com connect.facebook.net google.com l.facebook.com www.google.ad www.google.al www.google.bf www.google.cd www.google.cm www.google.co.mz www.google.com.bn www.google.com.gi www.google.dm www.google.gg www.google.je www.google.ml www.google.mv www.google.ne www.google.sn www.google.td www.google.tl www.google.tt www.youtube.com; font-src 'self' fonts.gstatic.com assets.clever.com use.fontawesome.com; connect-src 'self' dc.services.visualstudio.com dpm.demdex.net px.ads.linkedin.com *.oerproject.com www.google-analytics.com c.go-mpulse.net cfdc4d69b.lwcdn.com ihi.flowplayer.com ljsp.lwcdn.com ptm.flowplayer.com www.facebook.com adservice.google.com ct.pinterest.com apis.google.com google.com pmi.flowplayer.com region1.google-analytics.com www.google.com analytics.google.com api.facebook.com region1.analytics.google.com stats.g.doubleclick.net translate-pa.googleapis.com translate.googleapis.com www.googleadservices.com www.googletagmanager.com www.scrible.com ad.doubleclick.net api.fbanalytics.org cdn.flowplayer.com fonts.googleapis.com fonts.gstatic.com analytics.twitter.com edge.microsoft.com oerproject.report-uri.com t.co www.google.ca; frame-src 'self' bgc3.demdex.net www.google.com ct.pinterest.com td.doubleclick.net accounts.google.com drive.google.com *.oerproject.com www.facebook.com www.googletagmanager.com www.youtube.com; frame-ancestors * 'self'; form-action 'self'; worker-src 'self' blob:; report-uri https://oerproject.report-uri.com/r/d/csp/wizard 2
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://d3js.org https://www.gstatic.com https://cse.google.com https://www.googleadservices.com cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com https://www.lbtu.lv; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://d3js.org https://www.gstatic.com https://cse.google.com https://www.googleadservices.com cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com https://www.lbtu.lv; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.podigee-cdn.net 'self' data: d3c2yqbxx52o4l.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.office365.com schoeffel-lowa.de *.podigee-cdn.net komoot.com d3c2yqbxx52o4l.cloudfront.net www.komoot.com d3ms8mre5rhtvu.cloudfront.net dwin1.com awin1.com zenaps.com the.sciencebehindecommerce.com wepowerconnections.com lantern.roeyecdn.com lantern.roeye.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.usercentrics.eu *.hubspot.com *.podigee-cdn.net *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com d3c2yqbxx52o4l.cloudfront.net dwin1.com awin1.com zenaps.com the.sciencebehindecommerce.com wepowerconnections.com lantern.roeyecdn.com lantern.roeye.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleadservices.com *.usercentrics.eu *.googleapis.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.podigee-cdn.net *.hsforms.net *.hsforms.com *.gstatic.com d3c2yqbxx52o4l.cloudfront.net pagead2.googlesyndication.com *.dwin1.com dwin1.com *.awin1.com awin1.com *.zenaps.com zenaps.com the.sciencebehindecommerce.com wepowerconnections.com lantern.roeyecdn.com lantern.roeye.com *.hsadspixel.net *.digiaccess.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.podigee-cdn.net *.googleapis.com *.gstatic.com d3c2yqbxx52o4l.cloudfront.net *.googletagmanager.com 'self' 'unsafe-inline'; object-src d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.usercentrics.eu *.googleapis.com *.googlesyndication.com t.elasticsuite.io *.hsforms.net *.hsforms.com d3c2yqbxx52o4l.cloudfront.net www.google-analytics.com analytics.google.com paypal.com *.paypalobjects.com dwin1.com awin1.com zenaps.com the.sciencebehindecommerce.com wepowerconnections.com lantern.roeyecdn.com lantern.roeye.com *.digiaccess.org *.hubapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com d3c2yqbxx52o4l.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src sw-assets.ekomiapps.de *.contentbird-convert.com static-v2.unzer.com www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com https://www.gstatic.com https://fonts.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.usercentrics.eu td.doubleclick.net *.pinterest.com *.criteo.com www.sovendus-connect.com static.experimentation.dev static-cc.unzer.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com https://www.google.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget-app.inpost.pl/ 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.josera.de *.foodforplanet.de *.trbo.com sw-assets.ekomiapps.de *.usercentrics.eu www.google.de *.analytics.google.com bat.bing.com *.g.doubleclick.net ib.adnxs.com region1.google-analytics.com rtb-csync.smartadserver.com a.twiago.com sync-t1.taboola.com pixel.quantserve.com ad.360yield.com sync.1rx.io *.criteo.com sync.targeting.unrulymedia.com *.wepowerconnections.com lantern.roeye.com static.experimentation.dev *.contilla.de *.contentbird-convert.com static-v2.unzer.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com https://ssl.ceneo.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.unzer.com *.online-metrix.net https://www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://firebasestorage.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src 'unsafe-inline' foodf11123.pcapredict.com *.trbo.com *.usercentrics.eu cdn.jsdelivr.net tierspuren.online *.upsellit.com *.cptrack.de lantern.roeyecdn.com *.brandswap.com brandswaptag.azureedge.net api.contester.net sw-assets.ekomiapps.de s.pinimg.com bat.bing.com *.facebook.net *.criteo.com *.criteo.net googleads.g.doubleclick.net www.clarity.ms secure.quantserve.com ad4m.at *.pinterest.com rules.quantcount.com *.sovendus.com static.experimentation.dev *.kameleoon.io *.contilla.de *.contentbird-convert.com static-v2.unzer.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://ssl.ceneo.pl widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.amplifyapp.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ https://www.google.com https://www.gstatic.com *.disqus.com *.snrbox.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.avada.io *.shopify.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src sw-assets.ekomiapps.de static.experimentation.dev *.contentbird-convert.com static-v2.unzer.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ *.snrcdn.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.josera.de tierspuren.online region1.google-analytics.com tagapi.brandswap.com sw-assets.ekomiapps.de *.usercentrics.eu www.google.com *.analytics.google.com *.googlesyndication.com googleads.g.doubleclick.net *.pinterest.com *.criteo.com *.clarity.ms *.sovendus.com *.googletagmanager.com bat.bing.com www.google.de static.experimentation.dev sdk-config.experimentation.dev eu-data.experimentation.dev *.contentbird-convert.com api.unzer.com static-cc.unzer.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ *.snrbox.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com api.addressy.com https://get.geojs.io *.avada.io *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net *.lndo.site *.weprovide.shop script.hotjar.com unpkg.com *.triggerbee.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io landofcoder.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ *.trustpilot.com *.lndo.site *.weprovide.shop dtm.cando.eu vars.hotjar.com ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com 'self' data: www.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com cdn.flbx.io *.cloudfront.net 'self' blob: data http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.lndo.site *.weprovide.shop maps.google.com maps.googleapis.com mailing.deli-home.nl *.clarity.ms *.omappapi.com ct.pinterest.com cdn.cookielaw.org *.cando.eu skantrae.com *.weekampdeuren.nl dev.visualwebsiteoptimizer.com *.triggerbee.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com cdn.jsdelivr.net *.tiktok.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.getflowbox.com landofcoder.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.trustpilot.com *.lndo.site *.weprovide.shop cdnjs.cloudflare.com code.jquery.com optanon.blob.core.windows.net geolocation.onetrust.com *.omappapi.com bam.nr-data.net cdn.cookielaw.org js-agent.newrelic.com s.pinimg.com *.hotjar.com *.clarity.ms cdn.leadinfo.net ct.pinterest.com dev.visualwebsiteoptimizer.com *.triggerbee.com *.myvisitors.se *.jotform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com https://fonts.bunny.net *.trustpilot.com *.lndo.site *.weprovide.shop optanon.blob.core.windows.net a.omappapi.com cdn.cookielaw.org p.typekit.net skantrae.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com *.getflowbox.com *.googleapis.com landofcoder.com maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.lndo.site *.weprovide.shop *.cando.eu bam.nr-data.net *.clarity.ms *.omappapi.com ct.pinterest.com sp.spheremall.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.cookielaw.org geolocation.onetrust.com dev.visualwebsiteoptimizer.com *.triggerbee.com gethatch.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: wss:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stanleysteemer.com https://static.ads-twitter.com https://analytics.tiktok.com https://widget-prime.rafflecopter.com https://www.googletagmanager.com https://view.ceros.com https://amplify.review-alerts.com https://ajax.googleapis.com https://labs.ceros.com https://api.ipify.org https://sdk.ceros.com https://cdn.chatavise.com https://apps.usw2.pure.cloud https://maps.googleapis.com https://apis.google.com https://cdn.cookielaw.org https://api.ipify.org https://*.api.ipify.org https://www.google-analytics.com https://schema-cf.bc0a.com https://*.audioeye.com https://f.vimeocdn.com https://www.gstatic.com https://fonts.gstatic.com https://marvel-b1-cdn.bc0a.com https://s.pinimg.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://ct.pinterest.com https://static.hotjar.com https://script.hotjar.com https://i.loopme.me https://bat.bing.com https://*.tvsquared.com https://cdn.chatavise.com https://www.googleadservices.com https://www.google.com https://bam.nr-data.net https://js-agent.newrelic.com; connect-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://bat.bing.com https://adservice.google.com https://bam.nr-data.net https://maps.googleapis.com https://cdn.cookielaw.org https://analytics.google.com https://*.bc0a.com https://qa.metrics.stanleysteemer.com https://ct.pinterest.com https://*.linkedin.com https://gdpr.loopme.com https://*.audioeye.com https://*.vimeocdn.com https://*.onetrust.com https://*.doubleclick.net https://vimeo.com https://www.google.com https://api.chatavise.com; report-uri https://66787c15d528e3ceb6b0d8fe.endpoint.csper.io/?v=0 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ace.de *.ace.de ace-clubinitiative.de *.ace-clubinitiative.de 360yield.com 3lift.com adform.net adnxs.com adsrvr.org agkn.com bidr.io bidswitch.net bing.com bugsnag.com bussgeldrechner.org casalemedia.com clarity.ms clmbtech.com co.kr cookielaw.org criteo.com *.criteo.com demdex.net dmxleo.com doubleclick.net *.doubleclick.net dwin1.com facebook.net *.facebook.net finanzcheck.de *.finanzcheck.de fwmrm.net ggpht.com google.com *.google.com googleadservices.com googlesyndication.com googletagmanager.com *.googletagmanager.com gsitrix.com gstatic.com *.gstatic.com ioadentifi.com *.ioadentifi.com liadm.com media.net mediavine.com mediawallahscript.com outbrain.com pippio.com postrelease.com pubmatic.com revcontent.com rezync.com rfihub.com roeye.com roeyecdn.com rubiconproject.com smartadserver.com springserve.com stape.net stapecdn.com stickyadstv.com taboola.com tapad.com teads.tv thrtle.com tpmn.io tremorhub.com turn.com ubembed.com unrulymedia.com usemaxserver.de *.usemaxserver.de w55c.net yahoo.com *.yahoo.com youtube.com *.youtube.com ytimg.com; frame-ancestors 'self' ace.de *.ace.de ace-clubinitiative.de *.ace-clubinitiative.de; 2
font-src https://*.mailcampaigns.nl https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com https://*.hotjar.com https://*.doubleclick.net www.googletagmanager.com sst.chromeburner.com sst.uat.chromeburner.com sst.chromeburner.nl sst.uat.chromeburner.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://*.bing.com bat.bing.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.google.nl https://*.google.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.chromeburner.test blob: https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl https://googleads.g.doubleclick.net https://*.usercentrics.eu https://images.unsplash.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bing.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.webgains.io https://*.clarity.ms https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl analytics.tiktok.com https://partner-cdn.shoparize.com https://*.usercentrics.eu https://maps.googleapis.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.mailcampaigns.nl *.fontawesome.com *.multisafepay.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.bing.com bat.bing.net https://*.doubleclick.net https://*.google.com https://*.google.nl https://pagead2.googlesyndication.com https://*.clarity.ms https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.mailcampaigns.nl analytics.tiktok.com https://*.usercentrics.eu https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://chromeburner.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self' blob: data:; connect-src 'self' https://*.analytics.google.com https://graphql.landsbankinn.is https://www.google-analytics.com cdn.landsbankinn.is https://log.landsbankinn.is https://www.google.com https://landsbankinn.boost.ai/ https://googleads.g.doubleclick.net https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ events.mapbox.com https://landsbankinn.cdn.prismic.io/ api.mapbox.com https://a.landsbankinn.is/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://landsbankinn.boost.ai https://www.google.com https://www.gstatic.com cdn.landsbankinn.is https://static.cdn.prismic.io blob: data: https://td.doubleclick.net https://graphql.landsbankinn.is https://e.infogram.com/ https://prismic.io/ https://*.jotform.com https://a.landsbankinn.is/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com; img-src 'self' blob: data: images.prismic.io https://prismic-io.s3.amazonaws.com/ www.gstatic.com www.google-analytics.com/ api.mapbox.com cdn.landsbankinn.is https://landsbankinn.is/ https://www.googletagmanager.com https://www.facebook.com/tr/ https://www.facebook.com/ https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com/files/LANDSBANKINN/ https://www.google.is/ https://www.google.com/ https://landsbankinn.cdn.prismic.io/; font-src 'self' cdn.landsbankinn.is fonts.gstatic.com https://unpkg.com blob: data:; object-src 'self' https://graphql.landsbankinn.is; base-uri 'self'; form-action 'self' https://graphql.landsbankinn.is; frame-ancestors 'self' cdn.landsbankinn.is; frame-src 'self' https://www.googletagmanager.com/ https://landsbankinn.prismic.io/ cdn.landsbankinn.is https://td.doubleclick.net/ https://landsbankinn.boost.ai https://www.google.com/ https://www.google.is/ https://e.infogram.com/ https://*.jotform.com; style-src-elem https://fonts.googleapis.com 'self' https://unpkg.com 'unsafe-eval' 'unsafe-inline' https://a.landsbankinn.is/; media-src 'self' blob: https://prismic-io.s3.amazonaws.com/landsbankinn/ cdn.landsbankinn.is https://landsbankinn.cdn.prismic.io/; report-to name-of-endpoint; report-uri https://log.landsbankinn.is/api/20/security/?sentry_key=5619b3ff53a764b525920b31d3e32e4a; 2
font-src https://*.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com *.tradecentric.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.affirm.com *.affirm.ca *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com *.tradecentric.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com https://*.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.affirm.com *.affirm.ca www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com *.tradecentric.com * *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.tradecentric.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com * *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://plumrocket.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.hubspot.com *.hsforms.com static.hsappstatic.net bat.bing.com *.googleusercontent.com obs.withflowersea.com aorta.clickagy.com *.affirm.com *.affirm.ca *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.usemessages.com js.hs-banner.com *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js-agent.newrelic.com ob.withflowersea.com obs.withflowersea.com script.crazyegg.com bat.bing.com www.clarity.ms amplify.outbrain.com wave.outbrain.com bigsur.ai ws-assets.zoominfo.com js.zi-scripts.com tags.clickagy.com js.adsrvr.org js.callrail.com cdn.callrail.com *.affirm.com *.affirm.ca *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://apis.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.hubspot.com api.hubapi.com bam.nr-data.net tr.outbrain.com amplify.outbrain.com paid.outbrain.com obs.withflowersea.com js.callrail.com script.crazyegg.com api.prod.bigsur.ai v.clarity.ms js.zi-scripts.com ws.zoominfo.com aorta.clickagy.com hemsync.clickagy.com *.affirm.com *.affirm.ca *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data: gap: *.klarna.com *.freshchat.com *.vimeo.com *.youtube.com *.whittard.co.uk *.whittard.com mention-me.com *.zenaps.com *.sub2tech.com *.gstatic.com *.facebook.com *.bglobale.com *.global-e.com *.onetrust.com *.windows.net *.whittardofchelsea.freshdesk.com *.tvsquared.com; img-src data: blob: *.demandware.net *.commercecloud.salesforce.com *.ads.linkedin.com *.demdex.net *.amazonaws.com *.ometria.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.whittard.co.uk *.whittard.com *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com img.tokywoky.com *.klarnaservices.com *.klarnacdn.net *.mention-me.com *.awin1.com *.dwin1.com bda.bookatable.com i.ytimg.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.youtube.com *.vimeo.com bat.bing.com *.zenaps.com *.msgfocus.com *.fbsbx.com *.fbcdn.net graph.facebook.com *.zscloud.net *.googleusercontent.com *.klarnaevt.com i.vimeocdn.com *.surveymonkey.com *.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.bc0a.com *.b0e8.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.tvsquared.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.abtasty.com *.roeyecdn.com *.roeye.com *.linkedin.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; child-src 'self' blob: *.abtasty.com *.studentbeans.com *.google.com *.doubleclick.net *.facebook.com *.tokywoky.com *.freshchat.com mention-me.com *.mention-me.com *.klarna.com *.klarnaservices.com bda.bookatable.com *.sub2tech.com *.youtube.com *.vimeo.com *.zenaps.com *.googlesyndication.com *.online-metrix.net *.pagetiger.com *.googletagmanager.com connect.studentbeans.com *.googleapis.com *.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com whittardofchelsea.freshdesk.com *.pinterest.com *.whittard.co.uk *.whittard.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.postcodeanywhere.co.uk *.pcapredict.com *.bootstrapcdn.com *.myfonts.net cdnjs.cloudflare.com *.yotpo.com *.freshchat.com *.mention-me.com *.sub2tech.com bda.bookatable.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.particularaudience.com *.p-a.io *.google.com *.amazonaws.com *.abtasty.com *.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; font-src 'self' data: *.gstatic.com *.g.doubleclick.net *.bootstrapcdn.com *.yotpo.com *.bookatable.com *.alicdn.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.fontawesome.com *.bglobale.com *.global-e.com *.abtasty.com *.googleapis.com use.typekit.net *.hotjar.com *.hotjar.io wss://*.hotjar.com; media-src 'self' data: *.facebook.com *.youtube.com *.vimeo.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com code.jquery.com *.pinimg.com *.cquotient.com *.ometria.com *.tryzens-analytics.com:12443 *.tvsquared.com *.facebook.net cdnjs.cloudflare.com cdn.cquotient.com *.googletagmanager.com www.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.dwin1.com *.postcodeanywhere.co.uk *.pcapredict.com *.z-analytics.net *.yotpo.com *.tokywoky.com *.msecnd.net *.freshchat.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com *.worldpay.com *.cardinalcommerce.com bda.bookatable.com bat.bing.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.yottaa.com *.cloudfront.net *.freshworksapi.com *.zenaps.com *.paypal.com *.paypalobjects.com *.awin1.com *.dwin1.com *.sessioncam.com *.whittard.co.uk *.whittard.com *.bootstrapcdn.com *.googlesyndication.com www.google.com *.studentbeans.com onlineerp.solution.quebec widget.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com cdnapisec.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.b0e8.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.googleoptimize.com analytics.whittard.com analytics.whittard.co.uk *.amazonaws.com *.abtasty.com *.roeyecdn.com *.roeye.com *.pinterest.com *.zi-scripts.com *.roeye.com *.payments-amazon.com *.tryzens-analytics.com unpkg.com cdn.cookielaw.org *.hotjar.com *.hotjar.io wss://*.hotjar.com; connect-src 'self' *.ads.linkedin.com snap.licdn.com *.rapid.yottaa-network.net pagead2.googlesyndication.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.tryzens-analytics.com:12280 *.ometria.com *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com *.klarnauserservices.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com mention-me.com bda.bookatable.com *.z-analytics.net *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.awin1.com *.dwin1.com *.yottaa.net *.sessioncam.com bat.bing.com *.facebook.com *.google.com *.facebook.net *.googleapis.com widget.surveymonkey.com *.s3.amazonaws.com *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.gstatic.com *.abtasty.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.whittard.com *.whittard.co.uk *.amazonaws.com *.pinterest.com *.zi-scripts.com *.zoominfo.com *.tryzens-analytics.com unpkg.com cdn.cookielaw.org *.google.co.uk *.bing.net payments-eu.amazon.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; manifest-src 'self'; ; report-uri https://whtd-csp.tryzens-analytics.com; 2
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com *.fontawesome.com *.alothemes.com *.magepow.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.vimeo.com https://*.youtube.com *.bglobale.com *.global-e.com landofcoder.com *.facebook.com *.facebook.net *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://bluesound.com https://forms-na1.hsforms.com https://mcstaging.bluesound.com https://static.zdassets.com https://static.hotjar.com https://cdn.cookielaw.org https://www.google.co.uk *.bglobale.com *.global-e.com magefan.com cm.magefan.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com https://www.milople.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://js.hsforms.net https://cdn.weglot.com unsafe-inline unsafe-eval https://static.zdassets.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://widget-mediator.zopim.com https://js.hs-scripts.com *.bglobale.com *.global-e.com landofcoder.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src http://*.adobe.com fonts.googleapis.com http://fonts.googleapis.com https://js.digitalriverws.com *.fontawesome.com http://*.alothemes.com http://*.magepow.com http://assets.braintreegateway.com http://tagmanager.google.com https://www.googletagmanager.com 'self' 'unsafe-inline' https://cdn.weglot.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://*.adobe.com https://mcstaging.bluesound.com https://www.bluesound.com https://bluesound.com https://content-bluesound-com.s3.amazonaws.com 'self' 'unsafe-inline' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://forms.hsforms.com https://js.hsforms.net https://cdn.weglot.com 'self' https://ekr.zdassets.com https://script.hotjar.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://bluesound.zendesk.com https://psbspeakers.zendesk.com wss://widget-mediator.zopim.com https://region1.analytics.google.com landofcoder.com *.facebook.com *.facebook.net *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sandersondesigngroup.com *.googleapis.com translate.google.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com *.searchspring.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' www.mage.sandersondesigngroup.com *.sandersondesigngroup.com *.klevu.com *.searchspring.com api.exponea.com ct.pinterest.com *.abtasty.com *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com api.addressy.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com; 2
style-src-elem w.vi.skadtec.com euc-widget.freshworks.com tags.srv.stackadapt.com static-tracking.klaviyo.com maxcdn.bootstrapcdn.com *.klarnaservices.com x.klarnacdn.net fonts.googleapis.com 'self' 'unsafe-inline' ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com static.trbo.com static.klaviyo.com cdn.jsdelivr.net; script-src-elem www.ladenzeile.de 3001.scriptcdn.net pix.hyj.mobi www.hammer.de euc-widget.freshworks.com t.adcell.com pagead2.googlesyndication.com connect.facebook.net analytics.tiktok.com collect.bannercrowd.net containertags.belboon.com bat.bing.com cdn.alevco.de neso.r.niwepa.com pluto.r.powuta.com s.kk-resources.com unpkg.com cdn-quick-ar.threedy.ai hammersport.trafft.com www.googletagmanager.com *.klarnaservices.com commerce.adobedtm.com maps.googleapis.com magento-recs-sdk.adobe.net *.cptrack.de secure.pay1.de www.google.com *.gstatic.com d.ratepay.com *.payments-amazon.com static-tracking.klaviyo.com static.klaviyo.com l.ecn-ldr.de *.trbo.com *.usercentrics.eu *.hammer.de www.googleadservices.com widgets.trustedshops.com *.ad-srv.net x.klarnacdn.net containertags.belboon.de *.hotjar.com *.adform.net ai.trk42.net *.retargeted.co pikkasrv.com analytics.bestofluck.io *.gsitrix.com tags.srv.stackadapt.com 'self' 'unsafe-inline' [Filtered]: app.usercentrics.eu blob: cdn.adt357.net cdn.jsdelivr.net content.cptrack.de eu-library.klarnaservices.com ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com googleads.g.doubleclick.net infird.com me.kis.v2.scr.kaspersky-labs.com portal.threedy.ai secured-pixel.com static-na.payments-amazon.com static.getback.ch tm.ad-srv.net tm704.ad-srv.net tm710.ad-srv.net tm716.ad-srv.net tm717.ad-srv.net track.adform.net ubaslome.maynhtml.com valuesportal.com www.getback.ch www.google-analytics.com xeldurap.peazheut.com *.newrelic.com trk.cytelligence.io www.youtube.com rast.hammer-fitness.at bat.bing-int.com; font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com data: ray.st w.vi.skadtec.com account.affilitizer.com cdn.scite.ai moz-extension: *.klarnacdn.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io d3dc1lgancj6l0.cloudfront.net *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com http://*.facebook.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.hammer-fitness.at www.hammer-fitness.ch www.hammer-fitness.be www.hammer-fitness.nl www.hammer.de 'self' 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de browserstart.org link.shoplooks.com osak.com r.secprf2.com qimp.net hammer-fitness.at bat.bing.com vently.com tatrck.com monetoad.com de.kweriee.com as.ad4m.at yaketar.com findarios.com *.ddev.site jsctool.com *.sendinblue.com sibautomation.com *.trbo.com containertags.belboon.com roxxtraxx.de *.ad-srv.net td.doubleclick.net pluto.r.powuta.com hammersport.trafft.com r.adserver01.de player.flipsnack.com nakoona.com ptclk.com www.linkbux.com neso.r.niwepa.com r.linksprf.com hammer.de oponas.com t.adcell.com bcsgsrv.com hammer-fitness.ch adnx.de quick-ar.threedy.ai www.facebook.com hammer-fitness.nl c1.adform.net such.de caclk.com osm.klarnaservices.com t.hammer.de 127.0.0.1:20489 admin.rewardoo.com affiliate.grabasaving.com atlas.r.akipam.com browsak.com clcktrck.com discountheld.de duertry.com everydaysi.com gateway.zscloud.net go.adt246.net hipodi.com janus.r.jakuli.com r.perfsimpl.com rast.hammer.de shopbuttler.com support.google.com vently.org www.hammer.de www.pickalink.com www.searchfor.org xgs.bdo.gi:8090 yazary.com *.klarna.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ http://*.facebook.com https://*.facebook.com secure.pay1.de payments.amazon.de www.jsctool.com js.playground.klarna.com www.xtento.com https://recaptcha.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com files.shoop.de www.google.pl www.google.nl www.google.dk www.google.lu www.google.com.hk www.google.mk www.google.ch www.google.no www.google.pt www.google.it www.google.es www.google.ae www.google.co.in www.google.com.bo *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.trbo.com widgets.trustedshops.com ai.trk42.net *.usercentrics.eu www.zenaps.com www.facebook.com bat.bing.net x.bidswitch.net bat.bing.com *.casalemedia.com www.google.de region1.analytics.google.com neso.r.niwepa.com s.ad.smaato.net pixel.rubiconproject.com sync.outbrain.com e1.emxdgt.com lh3.ggpht.com pluto.r.powuta.com translate.google.com www.hammerworkouts.de stats.g.doubleclick.net www.google.se w.vi.skadtec.com www.google.at server.seadform.net www.google.co.uk ad.yieldlab.net ih.adscale.de *.pubmatic.com *.openx.net *.adform.net *.smartadserver.com *.connectad.io *.loopme.me *.360yield.com *.1rx.io router.infolinks.com *.rmp.rakuten.com *.doubleclick.net unsafe-inline s.c.appier.net capi.connatix.com api.qrserver.com cdn.retailads.net cdn.valuesportal.com cnv.adt644.net connect.facebook.net d3k81ch9hvuctc.cloudfront.net dsum-sec.casalemedia.com lh3.google.com lh3.googleusercontent.com mitarchive.info my.productfruits.com ncr.preqservices.com s.kelkoogroup.net s3-eu-central-1.amazonaws.com st-filebanking.igstatic.com static.wixstatic.com t.adcell.com www.econda-monitor.de www.google.ba www.google.be www.google.bg www.google.ca www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.za www.google.com.au www.google.com.br www.google.com.do www.google.com.eg www.google.com.gi www.google.com.lb www.google.com.na www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.ee www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.jo www.google.li www.google.lt www.google.md www.google.ro www.google.rs www.google.ru www.google.si www.google.sk www.google.sn www.google.tn magefan.com cm.magefan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.linkedin.com https://*.linkedin.com http://*.facebook.com https://*.facebook.com http://www.google.com/ https://www.google.com/ http://www.google.de/ https://www.google.de/ https://www.googletagmanager.com http://www.googletagmanager.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://widgets.trustedshops.com/ cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com *.disqus.com https://img.youtube.com www.xtento.com cdn.xtento.com sync.inmobi.com blob: www.hammer-fitness.nl www.google.com.tr *.google-analytics.com static.trbo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de hammersport.trafft.com *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com *.emailsys1a.net *.trbo.com *.usercentrics.eu widgets.trustedshops.com content.cptrack.de t.adcell.com l.ecn-ldr.de containertags.belboon.de *.adform.net ai.trk42.net s.retargeted.co pix.hyj.mobi pikkasrv.com analytics.bestofluck.io *.gsitrix.com *.ad-srv.net trk.cytelligence.io tags.srv.stackadapt.com qvdt3feo.com cdn.alevco.de neso.r.niwepa.com pluto.r.powuta.com analytics.tiktok.com bat.bing.com collect.bannercrowd.net containertags.belboon.com connect.facebook.net cdn-quick-ar.threedy.ai s.kk-resources.com unsafe-inline bat.bing-int.com blob: cdn.adt357.net cdn.jsdelivr.net portal.threedy.ai static.getback.ch unpkg.com valuesportal.com www.getback.ch *.klarna.com *.klarnacdn.net x.klarnacdn.net maps.googleapis.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com http://www.google.com/recaptcha/ https://widgets.trustedshops.com/ secure.pay1.de d.ratepay.com static-eu.payments-amazon.com cdn.klarna.com jsctool.com d.payla.io *.disqus.com *.google.com *.tracify.ai www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tags.srv.stackadapt.com euc-widget.freshworks.com static-tracking.klaviyo.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com static.trbo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com w.vi.skadtec.com www.hammerworkouts.de data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com maps.googleapis.com *.usercentrics.eu *.econda-monitor.de t.adcell.com *.gsitrix.com analytics.bestofluck.io tags.srv.stackadapt.com bat.bing.net bat.bing.com region1.analytics.google.com www.google.se stats.g.doubleclick.net region1.google-analytics.com analytics.tiktok.com api.retargeted.co www.facebook.com quick-ar.threedy.ai static.trbo.com api.bannercrowd.net s.kelkoogroup.net www.google.com euc-widget.freshworks.com api-js.datadome.co api.killadsapi.com salesviewer.org api.global-data-lab.com api.solarspireconsulting.com hammer.freshdesk.com api.datacloudstat.com api.socialsolutionapp.com adtonus.com api.adtraction.net api.ipify.org api.smartblocker.org api.trustedshops.com api.video-adblock.com blob: cnv.adt644.net code.jquery.com data: go.adt246.net my.productfruits.com ncrfiles.s3.us-central-1.wasabisys.com overbridgenet.com rktds.net update.adblock360.org www.google.dk www.google.no api.qrserver.com cdn.retailads.net cdn.valuesportal.com connect.facebook.net d3k81ch9hvuctc.cloudfront.net dsum-sec.casalemedia.com googleads.g.doubleclick.net lh3.google.com lh3.googleusercontent.com mitarchive.info ncr.preqservices.com s3-eu-central-1.amazonaws.com st-filebanking.igstatic.com static.wixstatic.com www.econda-monitor.de www.google.ba www.google.be www.google.bg www.google.ca www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.za www.google.com.au www.google.com.br www.google.com.do www.google.com.eg www.google.com.gi www.google.com.lb www.google.com.na www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.ee www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.jo www.google.li www.google.lt www.google.md www.google.ro www.google.rs www.google.ru www.google.si www.google.sk www.google.sn www.google.tn x.bidswitch.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://salesviewer.org/ userlike-cdn-widgets.s3-eu-west-1.amazonaws.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.tracify.ai bat.bing-int.com analytics-ipv6.tiktokw.us google.com https://www.google.com/recaptcha/ *.trbo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.twitter.com nitropack.io *.nitrocdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://media.convergetp.co.uk/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' *.klevu.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com account.fetchify.com js-eu1.hsforms.net 'self' data: *.klevu.com 'self' *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com account.fetchify.com *.freshchat.com *.crwdcntrl.net/ js-eu1.hsforms.net *.service-now.com cgtforms.com *.convergetp.co.uk *.klevu.com *.punchout2go.com *.tradecentric.com magento-cloudflare.jetrails.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.trustpilot.com *.twitter.com *.vimeo.com nitropack.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://maps.googleapis.com https://maps.gstatic.com *.google.co.uk *.klevu.com *.ytimg.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.cloudflare.com *.twitter.com *.contentsquare.net nitropack.io *.nitrocdn.com https://media.convergetp.co.uk/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com cc-cdn.com https://maps.googleapis.com *.gatorleads.co.uk *.freshchat.com *.hotjar.com *.adnxs.com js-eu1.hsforms.net *.service-now.com cgtforms.com *.convergetp.co.uk *.klevu.com *.punchout2go.com *.tradecentric.com js.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.googleapis.com *.cloudflare.com *.fontawesome.com googletagmanager.com graph.facebook.com *.moatads.com *.trustpilot.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net cdn.tailwindcss.com cdn.jsdelivr.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://media.convergetp.co.uk/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com cc-cdn.com https://fonts.googleapis.com *.typekit.net *.freshchat.com *.klevu.com *.punchout2go.com *.tradecentric.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.cloudflare.com *.fontawesome.com *.twitter.com cdn.tailwindcss.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com cdn.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com https://media.convergetp.co.uk/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.service-now.com cgtforms.com *.convergetp.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://maps.googleapis.com *.hotjar.io js-eu1.hsforms.net *.service-now.com cgtforms.com *.convergetp.co.uk *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.cloudflare.com *.twitter.com *.contentsquare.net *.nitrocdn.com nitropack.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://media.convergetp.co.uk/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.audioeye.com akstat.io *.akstat.io cookielaw.org cdn.cookielaw.org *.google-analytics.com *.quantummetric.com quantummetric.com *.typekit.net www.googletagmanager.com tapestry.com *.tapestry.com tapestry.support *.licdn.com *.jwplatform.com *.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com *.jwpsrv.com jsdelivr.net *.jsdelivr.net *.newrelic.com *-tapestry-news.pantheonsite.io cdnjs.cloudflare.com fonts.googleapis.com secure.gravatar.com px.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com tapestry.gcs-web.com opensupplyhub.org *.akamaihd.net go-mpulse.net *.go-mpulse.net geolocation.onetrust.com stats.g.doubleclick.net fonts.gstatic.com data: blob:; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.espssl.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.ladesk.com *.twitter.com *.google.co.in *.kaptcha.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com *.espssl.com *.payments-amazon.com *.listrakbi.com *.pinterest.com *.facebook.com *.google.com *.google.co.in *.klarna.com *.twitter.com *.ytimg.com stats.g.doubleclick.net *.connect.facebook.net pixel.advertising.com *.googletagmanager.com *.twimg.com *.placehold.it blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdnjs.cloudflare.com *.pinterest.com *.listrakbi.com *.listrak.com *.ladesk.com s.pinimg.com *.facebook.net *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com connect.facebook.net *.googletagmanager.com static-na.payments-amazon.com js-agent.newrelic.com *.jquery.com 'self' https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com *.jquery.com *.espssl.com *.fontawesome.com *.typekit.net https://use.typekit.net *.listrakbi.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.youtube.com *.bootstrapcdn.com 'unsafe-inline' assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.listrakbi.com *.doubleclick.net *.algolia.io *.pinterest.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.amazon.com bam.nr-data.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://actionis.report-uri.com/a/d/g; report-to report-endpoint; 2
default-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com;; connect-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://stats.g.doubleclick.net https://*.google-analytics.com https://cdn.cookielaw.org https://*.feefo.com https://*.trustpilot.com https://*.civiccomputing.com;; img-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com data: https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.feefo.com https://*.trustpilot.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com https://static.srcspot.com https://cdn.cookielaw.org https://*.google-analytics.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://code.jquery.com https://*.feefo.com; https://*.trustpilot.com;; style-src 'self' 'unsafe-inline' https://*.securetrustbank.com https://*.v12retailfinance.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.feefo.com https://*.trustpilot.com;; font-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.trustpilot.com;; frame-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.youtube-nocookie.com https://*.trustpilot.com;; frame-ancestors 'self' 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.shopify.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
frame-src 'self' *.app.baqend.com www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com gum.criteo.com fledge.eu.criteo.com *.cnstrc.com cnstrc.com graphical-editor.kameleoon.com *.vimeo.com vimeo.com www.googletagmanager.com 2
font-src *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.mercadolibre.com https://www.googletagmanager.com/ *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.magerocket.com *.gocuotas.com storage.googleapis.com *.google.com *.google.com.ar imgmp.mlstatic.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://device.clearsale.com.br https://live.decidir.com meli-tag.com www.meli-tag.com *.meli-tag.com melisignals.com www.melisignals.com *.melisignals.com *.mlstatic.com *.mercadopago.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.magerocket.com *.gocuotas.com *.googleapis.com *.google.com *.gstatic.com *.avada.io polyfill.io go.botmaker.com storage.googleapis.com https://assets-cdn.woowup.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com storage.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://events.woowup.com https://developers.decidir.com/ https://developers-ventasonline.payway.com.ar/ melisignals.com www.melisignals.com *.melisignals.com *.mercadopago.com *.mercadolibre.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.magerocket.com *.gocuotas.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io go.botmaker.com stats.g.doubleclick.net maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.checkout.com *.careem-pay.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: static.sizebay.technology *.moengage.com fonts.googleapis.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com connect.facebook.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://js.checkout.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net *.tap.company *.careem-pay.com https://c.sharethis.mgr.consensu.org gumi.criteo.com rivafashion.api.useinsider.com www.googletagmanager.com td.doubleclick.net fledge.eu.criteo.com static.criteo.net static.sizebay.technology ams.creativecdn.com js.checkout.com tr.snapchat.com *.moengage.com https://www.googletagmanager.com/ checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.tamara.co www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net https://firebasestorage.googleapis.com *.meetanshi.com *.cloudflare.com www.rivafashion.com sentinel.api.useinsider.com t.co www.google.co.in analytics.twitter.com ad.360yield.com pixel.rubiconproject.com s.ad.smaato.net ade.clmbtech.com contextual.media.net sync-t1.taboola.com simage2.pubmatic.com eb2.3lift.com sync-criteo.ads.yieldmo.com x.bidswitch.net dis.criteo.com r.casalemedia.com c.bing.com criteo-sync.teads.tv rtb-csync.smartadserver.com idsync.rlcdn.com sync.outbrain.com cs.adingo.jp cdn.aralego.net tg.socdm.com adx.dable.io sync.targeting.unrulymedia.com cm.adgrx.com sync.aralego.com public-prod-dspcookiematching.dmxleo.com tr.snapchat.com cm.g.doubleclick.net sync.1rx.io/ image-eu.moengage.com ib.adnxs.com ads.stickyadstv.com *.moengage.com moe-email-campaigns.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.tamara.co https://cdn.checkout.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net *.careem-pay.com *.cloudflare.com *.avada.io *.cloudflareinsights.com static.cloudflareinsights.com web-sdk.ackoo.app *.api.useinsider.com tags.creativecdn.com *.twitter.com *.fontawesome.com static.ads-twitter.com widget.eu.criteo.com ams.creativecdn.com sc-static.net static.sizebay.technology dynamic.criteo.com rivafashion.api.useinsider.com app.link cdn.branch.io analytics.tiktok.com www.gstatic.com cdn.moengage.com sslwidget.criteo.com cdn.checkout.com js-agent.newrelic.com tr.snapchat.com vfr-v3-production.sizebay.technology http://www.googletagmanager.com/ https://www.googletagmanager.com/ libraries.unbxdapi.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tamara.co https://cdn.checkout.com *.b-cdn.net *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.bootstrapcdn.com www.rivafashion.com goselljslib.b-cdn.net static.sizebay.technology *.moengage.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co *.moengage.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.tamara.co https://js.checkout.com *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dev.tap.company *.tap.company https://get.geojs.io *.avada.io *.api.useinsider.com api2.branch.io mug.criteo.com ams.creativecdn.com www.rivafashion.com segment.api.useinsider.com hit.api.useinsider.com measurement-api.criteo.com tr6.snapchat.com static.sizebay.technology tr.snapchat.com js.checkout.com stats.g.doubleclick.net get.geojs.io sdk-02.moengage.com api.ipify.org api.allorigins.win bam.eu01.nr-data.net *.twitter.com carrier.useinsider.com unification.useinsider.com analytics.tiktok.com vfr-v3-production.sizebay.technology *.moengage.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.rivafashion.com www.google.com tr6.snapchat.com *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.rivafashion.com/; report-to report-endpoint; 2
frame-src 'self' *.house.gov congress.gov www.congress.gov *.congressnewsletter.net www.google.com www.instagram.com www.facebook.com platform.twitter.com video.teleforumonline.com vekeo.com syndication.twitter.com pixel-sync.sitescout.com www.googletagmanager.com www.youtube.com syndicatedsearch.goog m.facebook.com ws.sharethis.com web.facebook.com pixel.sitescout.com www.youtube-nocookie.com video.ibm.com www.ustream.tv creators.spotify.com podcasters.spotify.com anchor.fm www.c-span.org www.census.gov http://www.youtube.com www.washingtonpost.com maps.google.com house.us1.list-manage.com house.us21.list-manage.com http://www.youtube-nocookie.com googleads.g.doubleclick.net authenticate.ibotta.com sts1.auth.ecuf.deas.mil safe.menlosecurity.com cdn.flipsnack.com www.canva.com vastcdn.outbrain.com tpc.googlesyndication.com *.safeframe.googlesyndication.com imasdk.googleapis.com denied.schoolsbroadband.net docs.google.com w.soundcloud.com lookerstudio.google.com storify.com rumble.com uw-media.app.com interactive.tegna-media.com disqus.com embed.podcasts.apple.com; report-uri https://api.web.fireside21.app/csp-report 2
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-to /rest/trackers/csp; 2
font-src maxcdn.bootstrapcdn.com *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.klaviyo.com *.locally.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.lasportivausa.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://plumrocket.com *.weltpixel.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com *.googlesyndication.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.curalate.com *.viglink.com *.klaviyo.com *.locally.com *.doubleclick.net *.cloudfront.net *.avantlink.com *.localizecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com *.locally.com *.curalate.com *.experticity.com *.eventscalendar.co *.localizecdn.com https://global.localizecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com *.typekit.net *.localizecdn.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.googleapis.com *.googlesyndication.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.curalate.com *.locally.com *.eventscalendar.co *.mixpanel.com *.localizecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://cdn.riverty.design/ *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com uc8.tv 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ https://documents.riverty.com consentcdn.cookiebot.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src cdn.annadiva.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.googleapis.com https://*.gstatic.com https://cdn.riverty.design imgsct.cookiebot.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com *.multisafepay.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.googleapis.com https://*.gstatic.com https://cdn.myafterpay.com https://documents.myafterpay.com https://www.afterpay.nl https://cdn.bnpl.riverty.io https://widget-acc.paazl.com www.googleoptimize.com d36mpcpuzc4ztk.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.voyado.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.multisafepay.com https://pay.google.com maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://widget-acc.paazl.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.googleapis.com https://cdn.myafterpay.com https://documents.myafterpay.com https://www.afterpay.nl https://cdn.bnpl.riverty.io https://widget-acc.paazl.com chat.freshdesk.com consentcdn.cookiebot.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'self'; 2
default-src 'self' https:; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' highnote.com www.googletagmanager.com cdn.propensity.com tag.clearbitscripts.com snap.licdn.com vegetableplate.highnote.com googleads.g.doubleclick.net survey.survicate.com; script-src-elem blob: 'unsafe-inline' 'unsafe-eval' 'self' highnote.com www.googletagmanager.com cdn.propensity.com vercel.live tag.clearbitscripts.com snap.licdn.com vegetableplate.highnote.com googleads.g.doubleclick.net survey.survicate.com; style-src 'self' 'unsafe-inline' highnote.com; img-src 'self' data: highnote.com vegetableplate.highnote.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.linkedin.com *.ads.linkedin.com www.google.com media.graphassets.com us-west-2.graphassets.com imageio.forbes.com www.googleadservices.com; font-src 'self' data: highnote.com; frame-src 'self' highnote.com www.googletagmanager.com vercel.live storage.googleapis.com; connect-src 'self' *.sentry.io analytics.propensity-abm.com docs.highnote.com api.us.test.highnote.com api.us.highnote.com www.googleadservices.com browser-intake-us5-datadoghq.com *.algolia.net www.google.com boards-api.greenhouse.io dashboard.highnote.com highnote.com *.ads.linkedin.com googleads.g.doubleclick.net www.google-analytics.com region1.google-analytics.com www.googletagmanager.com vegetableplate.highnote.com www.linkedin.com a.usbrowserspeed.com *.algolianet.com api.hsforms.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' highnote.com; worker-src blob:; report-uri https://o492040.ingest.us.sentry.io/api/4510921137455104/security/?sentry_key=5afce4b9364792aaf1292c9ffa7de913 2
font-src *.klevu.com *.ksearchnet.com https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.olark.com *.trustedshops.com *.googleapis.com https://fast.fonts.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com https://fast.wistia.net https://www.googletagmanager.com secure.authorize.net test.authorize.net 1eaf.cardinalcommerce.om www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com https://mkt.solution-tree.com https://mkt.solutiontree.com https://mkt.marzanoresources.com *.olark.com *.facebook.com https://bid.g.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com store.paradoxlabs.com https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com https://cloudfront-s3.solutiontree.com https://marzano-s3.solutiontree.com https://mediafiles.solutiontree.com https://solutiontree.s3.amazonaws.com https://px.ads.linkedin.com https://t.co https://www.google.com  https://www.google.co.in https://www.facebook.com https://d.adroll.com https://log.olark.com https://dc.ads.linkedin.com https://googleads.g.doubleclick.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://p.adsymptotic.com https://ups.analytics.yahoo.com https://soltreemrls3.s3-us-west-2.amazonaws.com fpdbs.paypal.com t.paypal.com fpdbs.sandbox.paypal.com *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.olark.com https://soltreemrls3.s3.us-west-2.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com *.authorize.net https://cdn.raygun.io https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com *.googletagmanager.com https://connect.facebook.net https://s.adroll.com https://snap.licdn.com https://static.ads-twitter.com https://script.crazyegg.com https://analytics.twitter.com https://d.adroll.com https://fast.wistia.com https://fast.wistia.net https://static.olark.com https://pi.pardot.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net secure.authorize.net test.authorize.net *.google.co.in *.facebook.com *.olark.com/ *.pardot.com/ *.cloudflare.com *.twitter.com *.google.com *.linkedin.com *.twimg.com *.gstatic.com *.paypalobjects.com *.paypal.com *.bootstrapcdn.com www.paypalobjects.com js.braintreegateway.com t.paypal.com *.cardinalcommerce.com www.sandbox.paypal.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.klevu.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com https://mkt.solution-tree.com https://mkt.solutiontree.com https://mkt.marzanoresources.com https://static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com https://s.adroll.com *.olark.com https://fast.fonts.net/ *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.authorize.net https://api.raygun.io https://staticfiles.solutiontree.com https://contentstatic.solutiontree.com https://stats.g.doubleclick.net https://script.crazyegg.com https://www.facebook.com https://s.adroll.com https://d.adroll.com https://tracking.crazyegg.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.yotpo.com *.olark.com *.crazyegg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.hotjar.com *.tidiochat.com *.cookiebot.com *.pcapredict.com *.postcodeanywhere.co.uk maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.superpayments.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.pcapredict.com *.postcodeanywhere.co.uk *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.superpayments.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hotjar.com *.cookiebot.com *.electrical2go.co.uk maps.googleapis.com td.doubleclick.net *.pcapredict.com *.dotdigital-pages.com *.dotdigital.com *.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.superpayments.com *.js.stripe.com *.trustpilot.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.google.co.uk *.hotjar.com *.mailchimp.com *.cloudflare.com *.electrical2go.co.uk electrical2go.co.uk *.google.co.in maps.googleapis.com *.cookiebot.com *.facebook.com *.bing.com *.pcapredict.com *.postcodeanywhere.co.uk *.increasingly.co *.trackedlink.net magefan.com cm.magefan.com *.disqus.com maps.gstatic.com *.superpayments.com *.stripe.com a.storyblok.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com *.hotjar.com *.cookiebot.com *.tidio.co *.tidiochat.com *.electrical2go.co.uk *.clarity.ms *.bing.com *.facebook.net maps.googleapis.com *.increasingly.co *.pcapredict.com *.postcodeanywhere.co.uk *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://cdn.searchspring.net/intellisuggest/is.min.js *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.superpayments.com b.stripecdn.com m.stripe.network segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com https://cdn.superpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.hotjar.com maps.googleapis.com *.cookiebot.com *.increasingly.co *.pcapredict.com *.postcodeanywhere.co.uk https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.superpayments.com *.stripe.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.tidiochat.com *.electrical2go.co.uk electrical2go.co.uk maps.googleapis.com *.cookiebot.com *.pcapredict.com *.postcodeanywhere.co.uk 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.hotjar.com *.cookiebot.com *.tidio.co wss://socket.tidio.co googleads.g.doubleclick.net *.clarity.ms maps.googleapis.com *.trustpilot.com *.increasingly.co *.pcapredict.com *.postcodeanywhere.co.uk *.increasingly.com *.bing.com *.google.co.uk *.searchspring.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://beacon.searchspring.io/beacon *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.superpayments.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com api.storyblok.com web-sdk.smartlook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.deploy.co.uk/99aaa83e-4a88-4ed6-893b-2d02806828b8; report-to report-endpoint; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://firebasestorage.googleapis.com flagpedia.net *.multisafepay.com assets.myparcel.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://mylivechat.com https://uk.mylivechat.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.avada.io *.shopify.com maps.googleapis.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com cdn.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.multisafepay.com cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://uk.mylivechat.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.multisafepay.com api.myparcel.nl cdn.jsdelivr.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' www.clarity.ms js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com https://client.rum.us-east-1.amazonaws.com https://integrations.etrusted.com https://apps.mypurecloud.ie https://cookie-cdn.cookiepro.com https://pay.google.com/gp/p/js/pay.js https://services.postcodeanywhere.co.uk/js/address-3.91.min.js static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.tradedoubler.com https://cdn.studentbeans.com https://googleads.g.doubleclick.net https://bat.bing.com/p/action/5035386.js https://www.paypal.com https://loader.wisepops.com https://wisepops.net https://widget.trustpilot.com https://widgets.trustedshops.com https://tag.mention-me.com https://static.mention-me.com https://*.klarnacdn.net https://*.criteo.com maps.googleapis.com https://www.googleadservices.com https://www.google.com https://ob.segreencolumn.com https://obs.segreencolumn.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://integrations.etrusted.com; object-src 'none'; base-uri 'self'; connect-src 'self' api.lenstore.co.uk api.lenstore.de api.lenstore.it api.lenstore.fr api.lenstore.es https://*.clarity.ms/collect https://*.mypurecloud.ie dataplane.rum.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com/ api.braintreegateway.com client-analytics.braintreegateway.com https://*.etrusted.com https://auth.split.io https://cookie-cdn.cookiepro.com https://klarna.com https://*.klarnaevt.com https://x.klarnacdn.net https://*.klarna.com https://events.split.io https://google.com https://pay.google.com https://google.com/pay https://*.braintree-api.com https://sdk.split.io https://streaming.split.io https://www.paypal.com https://www.sandbox.paypal.com https://www.google.com/ccm/collect https://*.google-analytics.com *.analytics.google.com https://*.wisepops.com https://wisepops.net https://obs.segreencolumn.com cardinalcommerce.com *.cardinalcommerce.com https://privacyportal.cookiepro.com *.trustedshops.com trustedshops.com services.postcodeanywhere.co.uk sts.eu-west-1.amazonaws.com bat.bing.net *.doubleclick.net wss://am.freshrelevance.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' *; img-src 'self' assets.lenstore.co.uk assets.lenstore.de assets.lenstore.it assets.lenstore.fr assets.lenstore.es data: assets.braintreegateway.com checkout.paypal.com https://c.clarity.ms https://www.gstatic.com https://integrations.etrusted.com https://www.paypalobjects.com https://cookie-cdn.cookiepro.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://criteo-partners.tremorhub.com/ https://x.bidswitch.net https://cm.g.doubleclick.net/pixel https://ib.adnxs.com/getuid https://r.casalemedia.com/rum https://gum.criteo.com https://id5-sync.com/ https://ad.360yield.com https://contextual.media.net https://exchange.mediavine.com/usersync/push https://jadserve.postrelease.com https://sync.outbrain.com/cookie-sync https://simage2.pubmatic.com/AdServer/Pug https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ad.yieldlab.net https://sync.1rx.io https://dis.criteo.com https://sync.targeting.unrulymedia.com https://www.google-analytics.com/collect https://x.klarnacdn.net https://services.postcodeanywhere.co.uk trustedshops.com; manifest-src 'self'; media-src 'self'; worker-src 'none' blob; report-uri https://api.lenstore.co.uk/event/csp-report 2
default-src 'self' *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' d1qmrxg9gbf226.cloudfront.net api-accent.bloomreach.co *.qantasloyalty.com api.smooch.io applepay.cdn-apple.com *.googleadservices.com assets.braintreegateway.com/web *.bazaarvoice.com *.doubleclick.net storage.googleapis.com/workbox-cdn www.google.com/pagead *.google.com/recaptcha/ www.gstatic.com/recaptcha/ cfjump.platypusshoes.com.au cfjump.platypusshoes.co.nz *.fullstory.com www.googletagmanager.com analytics.tiktok.com cdn.unidays.world *.truefitcorp.com www.paypalobjects.com/api/checkout.min.js *.klaviyo.com t.cfjump.com *.zdassets.com connect.facebook.net maps.googleapis.com js-agent.newrelic.com js.datadome.co ct.captcha-delivery.com *.adobedtm.com *.afterpay.com *.demdex.net *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.useinsider.com *.roymorgan.com s.pinimg.com lantern.roeyecdn.com ct.pinterest.com js-sandbox.squarecdn.com js.squarecdn.com ; style-src 'self' 'unsafe-inline' display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com/font-awesome *.typekit.net fonts.googleapis.com assets.braintreegateway.com *.adobetm.com foursixty.com assets.api.useinsider.com *.adobemc.com ; img-src data: 'self' api-accent.bloomreach.co *.zendesk.com dpm.demdex.net www.googleadservices.com/ccm www.magentocommerce.com/products/media *.platypusshoes.co.nz *.platypusshoes.com.au googleads.g.doubleclick.net ad.doubleclick.net www.google.com/ccm www.paypalobjects.com www.google.com www.google.com.au www.google.co.nz www.google.com.vn maps.gstatic.com/mapfiles scontent.cdninstagram.com *.afterpay.com *.accentgra.com www.googletagmanager.com www.facebook.com *.bazaarvoice.com t.paypal.com duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d3nocrch4qti4v.cloudfront.net *.google-analytics.com *.pinterest.com *.twilio.com *.tiktok.com *.useinsider.com maps.googleapis.com/maps developers.google.com *.zopim.io *.zdassets.com amcglobal.sc.omtrdc.net adservice.google.com lantern.roeye.com accentgroupxpdev.112.2o7.net/b/ss/accentgroup-xpdev i.vimeocdn.com/video ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' api-accent.bloomreach.co *.qantasloyalty.com analytics.google.com/g/collect iq.afterpay.com/us/v1 iq.afterpay-beta.com/us/v1 *.my.sentry.io wss://api.smooch.io *.accentgra.com www.facebook.com/tr google.com www.google.com collect-ap2.attraqt.io smetrics.platypusshoes.co.nz *.fullstory.com *.klaviyo.com smetrics.platypusshoes.com.au api-js.datadome.co *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.forter.com *.foursixty.com google.com/ccm www.google.com/ccm *.google-analytics.com *.googleapis.com www.google.com.au/ads/ga-audiences *.nr-data.net *.paypal.com *.truefitcorp.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com facebook.com *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.myunidays.com ct.pinterest.com stats.g.doubleclick.net *.useinsider.com ; font-src data: 'self' maxcdn.bootstrapcdn.com/font-awesome fonts.gstatic.com *.truefitcorp.com *.useinsider.com static.klaviyo.com use.typekit.net shopping.qantas.com ; frame-src 'self' api-accent.bloomreach.co *.qlstg.qantas.com www.googletagmanager.com geo.captcha-delivery.com *.formstack.com *.afterpay.com *.bazaarvoice.com *.demdex.net *.doubleclick.net *.facebook.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com facebook.com foursixty.com google.com www.google.com vimeo.com ct.pinterest.com ; worker-src 'self' blob: *.accentgra.com *.platypusshoes.co.nz *.platypusshoes.com.au; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app https://www.facebook.com *.criteo.com/ *.sandbox.paypal.com *.paypalobjects.com *.sandbox.clearpay.co.uk *.clearpay.co.uk *.afterpay.com *.sandbox.afterpay.com *.payway.com.au *.afterpay-beta.com *.weltpixel.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.jbmetro.com.au *.jbmetro-sc-act.com.au *.jbmetroadelaide.com.au *.jbmetro-sa-nt.com.au *.google.co.in *.google.com *.bing.com *.pinterest.com *.criteo.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.gstatic.com *.facebook.com *.criteo.com *.criteo.net https://www.google.com/recaptcha/api2/webworker.js *.jbmetro.com.au *.jbmetro-sc-act.com.au *.jbmetroadelaide.com.au *.jbmetro-sa-nt.com.au *.hotjar.com https://static.hotjar.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.vimeo.com https://www.googletagmanager.com *.smartlook.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.sandbox.clearpay.co.uk *.clearpay.co.uk *.afterpay.com *.sandbox.afterpay.com *.payway.com.au *.afterpay-beta.com *.google.co.in *.www.google.co.in *.disqus.com *.avada.io tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app *.coolzcloud.com *.amazonaws.com *.fontawesome.com https://fonts.bunny.net tagmanager.google.com 'self' 'unsafe-inline'; object-src *.jbmetro.com.au *.jbmetro-sc-act.com.au *.jbmetroadelaide.com.au *.jbmetro-sa-nt.com.au *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.sandbox.clearpay.co.uk *.clearpay.co.uk *.afterpay.com *.sandbox.afterpay.com *.payway.com.au *.afterpay-beta.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.jbmetro.com.au *.jbmetro-sc-act.com.au *.jbmetroadelaide.com.au *.jbmetro-sa-nt.com.au 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.doubleclick.net https://www.facebook.com *.googleapis.com *.criteo.com *.pinterest.com *.facebook.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.sandbox.paypal.com *.paypalobjects.com *.sandbox.clearpay.co.uk *.clearpay.co.uk *.sandbox.afterpay.com *.payway.com.au *.afterpay-beta.com *.google.co.in *.www.google.co.in https://get.geojs.io *.avada.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.gstatic.com data: *.bootstrapcdn.com *.cloudflare.com *.klarnacdn.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.twitter.com 'self' 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.adyen.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.pinterest.com *.trustpilot.com *.twitter.com *.snapwidget.com 'self' www.googletagmanager.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com maps.gstatic.com *.calcurates.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.clarity.ms *.cloudflare.com craftyclicks.co.uk *.demdex.net *.facebook.com fetchify.com *.goldboutique.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.pinterest.com *.elfsightcdn.com *.qpj.de *.qpj.fr *.qpjewellers.com *.rubyandoscar.com *.scarletocean.com *.twimg.com *.twitter.com *.usercentrics.eu *.wisepops.com *.ytimg.com *.roeye.com *.roeyecdn.com *.bailandstone.com *.roxoa.com 'self' https://*.google-analytics.com https://*.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.bing.com *.clickcease.com *.cloudflare.com cc-cdn.com *.facebook.net *.fontawesome.com *.getdrip.com *.google-analytics.com *.pcapredict.com *.pinimg.com *.pinterest.com *.plerdy.com *.taboola.com *.termly.io *.tiktok.com *.trustedshops.com *.trustpilot.com *.twimg.com *.twitter.com *.usercentrics.eu *.wisepops.net *.wisepops.com https://wisepops.net https://wisepops.com *.zdassets.com *.klarnaservices.com *.klarna.com *.clarity.ms https://snapwidget.com *.elfsight.com *.elfsightcdn.com *.roeyecdn.com *.qpjewellers.com/connector/ajax/emailcapture *.rubyandoscar.com/connector/ajax/emailcapture *.goldboutique.com/connector/ajax/emailcapture *.bailandstone.com/connector/ajax/emailcapture https://*.googletagmanager.com *.dotdigital.com 'self' *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://fonts.googleapis.com/ fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com assets.braintreegateway.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu  *.zdassets.com 'self' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.adyen.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.slack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.bootstrapcdn.com *.bing.com *.clarity.ms *.cloudflare.com *.doubleclick.net *.facebook.com *.google-analytics.com https://google.com/pay *.googleadservices.com *.klarna.com *.klarnaservices.com *.klarnaevt.com *.paypalobjects.com *.pcapredict.com *.pinterest.com *.plerdy.com *.sandbox.paypal.com *.termly.io *.tiktok.com *.trustpilot.com https://invitejs.trustpilot.com *.twimg.com *.twitter.com *.vimeocdn.com *.wisepops.net *.wisepops.com https://wisepops.net https://wisepops.com  *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.sentry.io *.elfsight.com 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.threatview.app/report; report-to report-endpoint; 2
font-src *.googleapis.com *.twitter.com *.gstatic.com *.cloudflare.com https://css.zohocdn.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.vimeo.com *.gstatic.com https://salesiq.zohopublic.eu https://translate.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com cdn.doofinder.com *.cloudflare.com *.klarna.com *.ytimg.com *.doubleclick.net *.gstatic.com https://salesiq.zohopublic.eu https://salesiq.zoho.eu *.mastercard.com https://static.hotjar.com https://*.zohopublic.eu https://*.zohocdn.com https://www.google.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.fontawesome.com *.cloudflare.com *.google-analytics.com *.gstatic.com *.twitter.com https://salesiq.zohopublic.eu https://salesiq.zoho.eu https://js.zohocdn.com https://postcodeanywhere.co.uk https://static.zohocdn.com https://static.hotjar.com crm.zoho.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.avada.io www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com https://css.zohocdn.com *.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com unsafe-inline assets.braintreegateway.com https://fonts.bunny.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.gstatic.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.google-analytics.com https://salesiq.zohopublic.eu https://salesiq.zoho.eu https://translate.google.com https://translate.googleapis.com wss://vts.zohopublic.eu https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.google.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'self' https:; connect-src 'self' data: blob: h https://ga.jspm.io *.sentry.io https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://static.raspberrypi.org; font-src 'self' https: data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://challenges.cloudflare.com https://consentcdn.cookiebot.com *.google.com e.issuu.com prezi.com storify.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' https: data: https://*.raspberrypi.org https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob: https://static.raspberrypi.org/js/global-nav-web-component/ https://challenges.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.googletagmanager.com https://*.hotjar.com https://browser.sentry-cdn.com https://js.sentry-cdn.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://static.raspberrypi.org/styles/design-system/ https://*.cookiebot.com; worker-src blob:; report-uri https://o17504.ingest.us.sentry.io/api/4507769026707457/security/?sentry_key=53fc037dc5040a1a9fe07334577adc13&sentry_environment=production 2
worker-src blob: *.osano.com; font-src 'self' data: *.gstatic.com; style-src 'self' data: fonts.googleapis.com *.leadoo.com 'unsafe-inline' *.osano.com; default-src 'self' 'unsafe-eval' data: media.hachettelearning.com; frame-src passport.hoddereducation.co.uk *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.trustpilot.com *.youtube.com *.vimeo.com *.osano.com td.doubleclick.net verify.monzo.com; connect-src *.algolia.net *.algolianet.com 'self' *.algolia.io *.sentry.io *.browser-intake-datadoghq.eu *.sentry.io google.com/pay *.cardinalcommerce.com *.fontawesome.com vimeo.com *.osano.com *.ads.linkedin.com analytics.tiktok.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.hotjar.io www.google.com googleads.g.doubleclick.net ws.hotjar.com adservice.google.com analytics.google.com stats.g.doubleclick.net; frame-ancestors admin.hachettelearning.com 'self' admin.hachettelearning.com; script-src cdn.eu.trustpayments.com 'self' *.securetrading.net *.secure.checkout.visa.com secure.checkout.visa.com *.cardinalcommerce.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu pay.google.com *.fontawesome.com *.trustpilot.com *.youtube.com *.vimeo.com *.cloudflare.com *.osano.com www.googletagmanager.com 'unsafe-inline' snap.licdn.com static.hotjar.com connect.facebook.net static.ads-twitter.com analytics.tiktok.com *.analytics.google.com script.hotjar.com googleads.g.doubleclick.net; img-src secure.checkout.visa.com *.secure.checkout.visa.com *.vims.visa.com 'self' data: resourcehub-resource-api.hodder.education analytics.twitter.com *.ads.linkedin.com www.facebook.com/tr www.facebook.com www.googletagmanager.com www.google.com t.co www.google.co.uk googleads.g.doubleclick.net media.hachettelearning.com; form-action 'self' *.cardinalcommerce.com *.securetrading.net verify.monzo.com; base-uri 'self'; report-uri https://www.hachettelearning.com/csp-report 2
default-src 'self' https://*.trinitywallstreet.org; connect-src 'self' https://translate.googleapis.com https://bam.nr-data.net https://*.kaltura.com https://analytics.google.com https://stats.g.doubleclick.net; font-src * data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://translate.google.com https://translate.googleapis.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.hs-scripts.com https://static.addtoany.com https://unpkg.com https://www.eventbrite.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.newrelic.com https://*.kaltura.com https://*.addevent.com/ https://www.googletagmanager.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.hs-scripts.com https://static.addtoany.com https://unpkg.com https://www.eventbrite.com https://www.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://live-tcws-new.pantheonsite.io https://*.googleapis.com/ cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://trinitychurchnyc.org/report-uri/reportOnly 2
connect-src hn.inspectlet.com www.paypal.com bam.nr-data.net *.doubleclick.net *.google-analytics.com bat.bing.com *.clarity.ms imgs.signifyd.com *.analytics.google.com gigaparts.needle.com *.gigaparts.com pagead2.googlesyndication.com *.braintree-api.com *.braintreegateway.com sockjs-us2.pusher.com gigaparts.com *.klaviyo.com push.needle.com maps.googleapis.com get.geojs.io wss://ws-us2.pusher.com api.paypal.com dzcse0jfd3c6i.cloudfront.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com rkkck31tec.execute-api.eu-central-1.amazonaws.com connect.breadpayments.com *.breadgateway.net *.google.com www.googleadservices.com google.com bat.bing.net o1431786.ingest.sentry.io *.sentry.io; font-src *.cloudmaestro.com fonts.gstatic.com 'self' fonts.googleapis.com dzcse0jfd3c6i.cloudfront.net resources.webscale.com data: static.klaviyo.com maxcdn.bootstrapcdn.com connect.gigaparts.com; frame-ancestors 'self' *.paypal.com; img-src 'self' *.rackcdn.com *.cloudfront.net *.adobedtm.com *.authorize.net *.googleadservices.com *.gigaparts.com *.nextopia.net guarantee-cdn.com *.google.com *.espssl.com *.facebook.com *.cloudmaestro.com *.gstatic.com *.google-analytics.com imgs.signifyd.com *.online-metrix.net bat.bing.com *.paypal.com 'unsafe-inline' data: nxtuploads.s3.amazonaws.com www.googletagmanager.com needler-images.s3.amazonaws.com *.clarity.ms *.icomamerica.com *.bing.com www.icomamerica.com *.inspectlet.com www.paypalobjects.com *.doubleclick.net gen.sendtric.com maps.googleapis.com gigaparts.com *.breadpayments.com bat.bing.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com gigaparts.needle.com bat.bing.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com cdn-scripts.signifyd.com imgs.signifyd.com www.paypal.com connect.facebook.net googleads.g.doubleclick.net *.adobedtm.com *.authorize.net *.facebook.net www.paypalobjects.com ac.nextopiasoftware.com data: maps.googleapis.com www.youtube.com *.clarity.ms *.twitter.com *.google.com *.instagram.com *.nextopia.net *.klaviyo.com js.braintreegateway.com www.gstatic.com *.googlesyndication.com *.paypal.com *.gigaparts.com gigaparts.com static.klaviyo.com connect.breadpayments.com browser.sentry-cdn.com d5yoctgpv4cpx.cloudfront.net gigaparts-v2.ecomm-nav.com *.sentry-cdn.com dzcse0jfd3c6i.cloudfront.net ingest.blackfire.io admin.pipeline.blackfire.io; style-src *.cloudmaestro.com 'unsafe-inline' cdn.nextopia.net 'self' fonts.googleapis.com *.klaviyo.com cdn.tickettailor.com maxcdn.bootstrapcdn.com dzcse0jfd3c6i.cloudfront.net; worker-src blob: *.gigaparts.com gigaparts.com; report-uri /.webscale/csp-report 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com https://*.tawk.to/ *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com http://cdnjs.cloudflare.com/ajax/libs/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube.com/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://buttons-config.sharethis.com https://l.sharethis.com https://platform-cdn.sharethis.com https://scontent-ams4-1.cdninstagram.com https://s3.ap-south-1.amazonaws.com/* https://s3.ap-south-1.amazonaws.com https://*.tawk.to flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com */walletsystem/index/applypaymentamount www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com maps.googleapis.com *.trackedlink.net *.maps.gstatic.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://*.tawk.to https://adtarbo.eywamedia.com/scripts/adtarbo.min.js https://static.getbutton.io/widget-send-button/js/init.js https://adtarbo.eywamedia.com/scripts/adtarbo-core.min.js?v=66.68988515157149 player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://*.tawk.to/ https://s3.ap-south-1.amazonaws.com/* https://s3.ap-south-1.amazonaws.com maxcdn.bootstrapcdn.com assets.braintreegateway.com unsafe-inline http://cdnjs.cloudflare.com/ajax/libs/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://*.tawk.to/ wss://*.tawk.to https://adtarbo.eywamedia.com/ www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.bootstrapcdn.com js.klevu.com *.finance-calculator.co.uk *.klarnacdn.net *.klevu.com *.ksearchnet.com *.magentocommerce.com *.googleapis.com *.cloudfront.net fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com https://plumrocket.com www.facebook.com 1merchantacsstag.cardinalcommerce.com payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.instagram.com https://www.google.com *.doubleclick.net *.facebook.com assets.braintreegateway.com tst.kaptcha.com c.paypal.com www.paypalobjects.com *.zopim.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org *.klarnacdn.net https://plumrocket.com *.magentocommerce.com cdn.dnky.co *.hotjar.com www.facebook.com *.trustpilot.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud x.klarnacdn.net *.pinterest.com *.pinterdev.com commerce-app.pintergration.com webservices.securetrading.net cdn.eu.trustpayments.com brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cdninstagram.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bing.com *.clarity.ms js.klevu.com cdn-cookieyes.com *.finance-calculator.co.uk *.dekopay.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.magentocommerce.com *.cloudfront.net https://*.gstatic.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com *.googleapis.com www.linkedin.com linkedin.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.increasingly.co https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com 'self' *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com bat.bing.com js.klevu.com *.clarity.ms c.paypal.com chimpstatic.com cdn-cookieyes.com *.hotjar.com sentry.bigeyedeers.dev browser.sentry-cdn.com *.finance-calculator.co.uk *.dekopay.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com *.magentocommerce.com *.cloudfront.net maps.googleapis.com *.trackedlink.net *.increasingly.co *.increasingly.com *.googleapis.com cdn.dnky.co api.comapi.com snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com www.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net www.googleoptimize.com *.paypal.com js.klarna.com *.eu-library.klarnaservices.com/lib.js *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.mouseflow.com *.webgains.io https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com player.vimeo.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://apis.google.com webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.typekit.net js.klevu.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com 'self' *.magentocommerce.com *.cloudfront.net cdn.dnky.co *.fontawesome.com *.mailchimp.com *.finance-calculator.co.uk *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.increasingly.co https://fonts.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.sandbox.braintree-api.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.doubleclick.net *.trustpilot.com *.hotjar.com *.googlesyndication.com sentry.bigeyedeers.dev *.finance-calculator.co.uk *.dekopay.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cloudfront.net *.magentocommerce.com commerce.adobedc.net api.comapi.com *.googleapis.com *.zdassets.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.zendesk.com *.eu-library.klarnaservices.com/lib.js *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.increasingly.co api.addressy.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com *.braintreegateway.com *.paypal.com *.google.com *.certcapture.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net youtu.be *.nr-data.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.trackedlink.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.yahoo.com *.bing.com *.facebook.com mossmotors.com *.mossmotors.com services.postcodeanywhere.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.certcapture.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.hotjar.com *.facebook.net *.bing.com *.murdoog.com *.pcapredict.com *.jsdelivr.net *.yimg.com *.maxmind.com services.postcodeanywhere.co.uk *.cloudfront.net *info.mossmotors.com form.jotform.com *.freshrelevance.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.gstatic.com dmp.info.mossmotors.com dmp.info.mossmiata.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.pcapredict.com services.postcodeanywhere.co.uk assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.yimg.com *.doubleclick.net *.adobedtm.com *.mmapiws.com *.cloudfront.net connect.facebook.net *.facebook.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app dmp.info.mossmotors.com dmp.info.mossmiata.com *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com cdn.dnky.co amc.demdex.net www.google.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://maps.googleapis.com *.tiktok.com *.ttcdn-row.com *.bytedance.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.tiktok.com *.ttcdn-row.com 'self' 'unsafe-inline'; object-src *.tiktok.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org analytics.tiktok.com business-api.tiktok.com *.ttcdn-row.com *.bytedance.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.google.com *.google.ca *.omappapi.com *.hotjar.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.klaviyo.com d1cwup7r903a1d.cloudfront.net *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.hotjar.com *.kaptcha.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.google.ca *.bing.com *.facebook.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.freshbots.ai *.googletagmanager.com *.shopperapproved.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.doubleclick.net *.facebook.net *.facebook.com *.hotjar.com *.riskified.com *.clarity.ms *.cloudfront.net *.omappapi.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.forter.com *.cloudfront.net *.optnmstr.com *.hotjar.com *.shopperapproved.com *.bing.com *.freshbots.ai *.clarity.ms *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.addthisedge.com *.moatads.com *.nort.ca *.google.ca *.omappapi.com *.facebook.net *.facebook.com *.riskified.com *.doubleclick.net *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.noibu.com *.attn.tv *.omniconvert.com *.route.io *.routeapp.io *.route.com unpkg.com *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com cdn.routeapp.io fonts.googleapis.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.omappapi.com *.freshbots.ai *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.shopperapproved.com *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv *.route.io *.routeapp.io *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.forter.com *.omappapi.com *.hotjar.com *.doubleclick.net *.shopperapproved.com *.freshbots.ai *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.clarity.ms *.youtube.com *.google.ca *.facebook.net *.facebook.com *.bing.com *.riskified.com *.klaviyo.com *.crazyegg.com *.hotjar.io *.pusher.com *.freshworksapi.com wss://rts-us.freshworksapi.com wss://ws.hotjar.com *.noibu.com wss://*.noibu.com *.attn.tv events.attentivemobile.com google.com/pay *.omniconvert.com *.route.io *.routeapp.io *.route.com *.convertexperiments.com *.trycaddie.com caddie-ai-public.s3.us-east-2.amazonaws.com prod-caddie-public-custom-stylesheets.s3.us-east-2.amazonaws.com *.posthog.com api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';                    script-src 'report-sample' 'self' 'unsafe-inline' https://acsbapp.com/ https://browser.sentry-cdn.com/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdn.tailwindcss.com/ https://code.jquery.com/ https://fast.wistia.com/ https://js.monitor.azure.com/ https://kit.fontawesome.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/;                    style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com;                    img-src *;                    font-src * data:;                    frame-src 'self' https://privacyportal.onetrust.com https://www.google.com;                    frame-ancestors 'self' *.globalmedicalresponse.corpweb *.globalmedicalresponse.com;                    connect-src 'self' https://*.litix.io https://cdn.acsbapp.com https://cdn.cookielaw.org https://centralus-2.in.applicationinsights.azure.com https://dc.services.visualstudio.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://fast.wistia.net https://geolocation.onetrust.com https://ka-p.fontawesome.com https://pipedream.wistia.com https://privacyportal.onetrust.com https://www.google-analytics.com;                    object-src 'none';                    base-uri 'self';                    manifest-src 'self';                    media-src 'self' blob:;                   worker-src 'none';                    report-uri https://68654b2b841f0014a4c0d0f7.endpoint.csper.io?v=1; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://api.aipei.tw/csp_report; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2
script-src 'self'  https://cdn.suitableshop.net https://bat.bing.com https://d5yoctgpv4cpx.cloudfront.net https://tggng.suitableshop.com 'unsafe-inline' ; 2
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.sooqr.com *.spotlersearch.com *.amazonaws.com epc.het-magazijn.com https://imgproxy.vendic.dev www.ghmparts.com https://images.ghmparts.com https://pagead2.googlesyndication.com https://www.google.nl https://www.google.de https://www.google.fr https://www.google.es https://www.google.it https://www.google.pt https://www.google.pl https://www.google.be https://www.google.co.uk https://www.google.com https://www.facebook.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://maps.googleapis.com https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.sendcloud.sc *.jsdelivr.net https://cdn.cookie-script.com https://static.cloudflareinsights.com https://d5yoctgpv4cpx.cloudfront.net https://pagead2.googlesyndication.com https://connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net https://www.vizeo.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://*.ingest.sentry.io https://ipinfo.io https://www.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://pagead2.googlesyndication.com https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com https://www.google.nl https://www.google.de https://www.google.fr https://www.google.es https://www.google.it https://www.google.pt https://www.google.pl https://www.google.be https://www.google.co.uk googleads.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://www.google.com https://widget.trustpilot.com https://bid.g.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com https://www.google.com https://www.google.co.in magefan.com cm.magefan.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.disqus.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com/ https://amcglobal.sc.omtrdc.net *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.certcapture.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com https://maps.googleapis.com *.googleapis.com *.googleadservices.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com/ https://maps.googleapis.com/maps/api/js https://widget.trustpilot.com http://widget.trustpilot.com https://invitejs.trustpilot.com chimpstatic.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com downloads.mailchimp.com *.list-manage.com *.disqus.com maps.googleapis.com https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com/ https://js-agent.newrelic.com https://bam.nr-data.net assets.shipperhq.com *.trustpilot.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://stats.g.doubleclick.net https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://bam.nr-data.net ovs.shipperhq.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://marysvillemarine.com/; report-to report-endpoint; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.velux.de *.paypalobjects.com *.oney.io *.staging.oney.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.jsctool.com *.googleapis.com *.pay1.de *.hotjar.com *.solutect.de *.awin1.com *.sovendus.com *.paypalobjects.com *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de *.criteo.com *.criteo.net *.doubleclick.net *.googletagmanager.com *.demdex.net *.sovendus-benefits.com *.sovendus-connect.com *.hipay-tpp.com *.hipay.com *.mondu.ai/ *.mondu.local localhost:*/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com https://maps.gstatic.com benz24.de benz24.at benz24.ch benz24.fr *.consentmanager.net *.pay1.de *.consensu.org *.bing.com *.bing.net *.googleapis.com *.google.de *.google.ch *.google.at *.google.fr *.google.nl *.google.be *.google.li *.google.lu *.awin1.com *.bizrate.com *.ladenzeile.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.velux.de *.twiago.com *.1rx.io *.adnxs.com *.smartadserver.com *.taboola.com *.360yield.com *.criteo.com *.criteo.net *.unrulymedia.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.hipay.com *.oney.io *.staging.oney.io https://firebasestorage.googleapis.com *.mondu.ai/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com https://maps.googleapis.com cdnjs.cloudflare.com *.consentmanager.net *.pay1.de *.paypal.com *.ratepay.com *.googleapis.com *.sovendus.com *.googletagmanager.com *.consensu.org *.dwin1.com *.bing.com *.hotjar.com *.cnnx.link *.ladenzeile.de *.solutect.de *.awin1.com *.sciencebehindecommerce.com *.trustedshops.com benz24.de benz24.at benz24.ch benz24.fr *.velux.de chimpstatic.com *.paqato.com *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com *.s24.com *.nextleveldefend.com nextleveldefend.com zaunplaner.traumgarten.de *.criteo.com *.doubleclick.net *.detailsdata7.com *.upsellit.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.oney.io *.staging.oney.io *.avada.io *.shopify.com *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.consensu.org *.velux.de downloads.mailchimp.com *.hipay.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com *.ratepay.com *.doubleclick.net *.googleapis.com *.google.de *.bing.com *.bing.net *.hotjar.com *.hotjar.io *.sovendus.com *.sciencebehindecommerce.com *.trustedshops.com *.etrusted.com *.velux.de *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de *.nextleveldefend.com nextleveldefend.com *.criteo.com googleapis.com *.googletagmanager.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.oney.io *.staging.oney.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://checkout.staging.devpayever.com https://checkout.payever.org *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.mollie.com cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ratenkauf.easycredit.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ ratenkauf.easycredit.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com maps.googleapis.com x.klarnacdn.net/ www.gstatic.com www.google.com *.googleapis.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com x.klarnacdn.net www.gstatic.com/recaptcha 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ratenkauf.easycredit.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com *.livechatinc.com *.youtube.com *.google.com blob:;  img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com data:;  connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net www.google.com.au;  font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:;  object-src 'self' *.livechatinc.com *.youtube.com *.google.com;  frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com https://info.leap.com.au *.livechatinc.com x.adroll.com;  worker-src 'self' blob:;  media-src 'self' https://*.wistia.com https://*.wistia.net  *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com https://js.driftt.com https://widget.drift.com blob: data:;  base-uri 'self';  form-action 'self';  frame-ancestors 'self' https://app.storyblok.com ; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://pi.pardot.com s.adroll.com https://*.wistia.com https://*.bing.com https://*.onetrust.com https://netlify-rum.netlify.app; script-src-attr 'self' 'unsafe-inline'; child-src *.livechatinc.com *.youtube.com *.google.com blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations; 2
font-src *.fontawesome.com script.hotjar.com hyfin.app data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com 17squares.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.fbcdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com *.us-6.evergage.com hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com 17squares.com *.googleapis.com *.gstatic.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com cdn.evgnet.com *.us-6.evergage.com wss://*.hyfin.app hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com 17squares.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' *.osha.europa.eu www.gstatic.com www.google.com cdn.jsdelivr.net europa.eu platform.twitter.com www.youtube.com cdnjs.cloudflare.com webtools.europa.eu translate.googleapis.com translate-pa.googleapis.com static.addtoany.com translate.google.com; style-src 'self' 'unsafe-inline' www.gstatic.com europa.eu webtools.europa.eu fonts.googleapis.com; img-src 'self' data: *.osha.europa.eu abs.twimg.com pbs.twimg.com europa.eu syndication.twitter.com webtools.europa.eu *.google.com *.gstatic.com i.ytimg.com; media-src 'self' data:; connect-src 'self' translate.googleapis.com translate-pa.googleapis.com webtools.europa.eu europa.eu piwik.osha.europa.eu www.google.com; frame-src 'self' platform.twitter.com www.google.com syndication.twitter.com www.youtube.com www.youtube-nocookie.com euosha.gestmax.eu webtools.europa.eu; worker-src 'none'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com themes.googleusercontent.com use.typekit.net; report-uri https://stat.alberora.eu/stat/CSP.php; 2
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com partner.testseek.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com www.google.com www.vimeo.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com static.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net https://*.googletagmanager.com www.google.com www.gstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 2
font-src smct.co *.smct.co smct.io *.smct.io *.amazonaws.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: *.bootstrapcdn.com https://widgets.trustedshops.com fonts.gstatic.com *.gstatic.com 'self' data: https://*.sovendus.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de smct.co *.smct.co smct.io *.smct.io *.amazonaws.com d2d7do8qaecbru.cloudfront.net *.google.com *.adcell.com *.mollie.com www.xtento.com js.mollie.com *.weltpixel.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.bing.com *.usercentrics.eu *.trustedshops.com *.etrusted.com *.google.com *.google.at *.google.de *.static-eu.payments-amazon.com static-eu.payments-amazon.com *.googletagmanager.com *.adcell.com *.ad4m.at *.doubleclick.net x.bidswitch.net dsum-sec.casalemedia.com csync.loopme.me r.adserver01.de *.adition.com secure.adnxs.com rtb-csync.smartadserver.com usync.vrtcal.com s.ad.smaato.net inv-nets.admixer.net *.adform.net pixel.rubiconproject.com us-u.openx.net s.pubmine.com ad.yieldlab.net sync-eu.connectad.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com https://www.mollie.com 'self' data: https://*.sovendus.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de smct.co *.smct.co smct.io *.smct.io *.amazonaws.com pix.hyj.mobi *.bing.com *.usercentrics.eu *.amazon.com *.trustedshops.com *.braintreegateway.com *.gstatic.com *.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.adcell.com *.ad-srv.net *.ad4m.at ad4m.at https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com js.mollie.com https://*.sovendus.com https://www.sovopt.com https://static.sovopt.com https://www.getback.ch https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.etrusted.com *.cloudflare.com *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleapis.com *.gstatic.com https://static.getback.ch https://*.sovendus.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.bing.com *.ad4m.at *.usercentrics.eu *.doubleclick.net *.google-analytics.com *.google.com *.google.at *.adcell.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' https://trusted-scripts.example.com;style-src 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.youtube.com/ *.google.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com https://www.googletagmanager.com/ *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://buttons-config.sharethis.com https://l.sharethis.com https://platform-cdn.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.google.com *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://static.klaviyo.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.stevens.com.pa https://www.googletagmanager.com/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com tracker.metricool.com www.facebook.com www.google.cl *.stevens.com.pa stevens.com.pa *.clau.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.google.com rum-static.pingdom.net connect.facebook.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com bam.nr-data.net rum-collector-2.pingdom.net www.google.com.ar test-drive-11-s6uit34pua-uc.a.run.app http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net www.google.com *.stevens.com.pa stevens.com.pa 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com wsv3cdn.audioeye.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * bid.g.doubleclick.net/ ssl.kaptcha.com tst.kaptcha.com wsv3cdn.audioeye.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https: https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com buttons-config.sharethis.com platform-api.sharethis.com t.sharethis.com www.redditstatic.com www.mczbf.com connect.facebook.net wsmcdn.audioeye.com wsv3cdn.audioeye.com cmp.osano.com appleid.cdn-apple.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com googleads.g.doubleclick.net stats.g.doubleclick.net l.sharethis.com platform-api.sharethis.com *.braintreegateway.com *.sandbox.paypal.com www.mczbf.com analytics.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com www.ups.com rms.ups.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.ups.com rms.ups.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.gstatic.com/ https://*.lisecharmel.com/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.ups.com rms.ups.com maps.googleapis.com polyfill.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://*.doofinder.com/ https://*.newrelic.com/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com www.ups.com rms.ups.com maps.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://*.allfont.net/ https://*.doofinder.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com ws://localhost:9109/ws wss://localhost:9109/ws wss://localhost:9109/ www.ups.com rms.ups.com maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://*.doofinder.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.mpgs.axisbank.com *.americanexpress.com *-gateway.mastercard.com *.accertify.net *paymentsvcs.com *.amxvpos.com *.accelya.com *.commbank.com.au *.americanexpress.co.in *.areeba.com *.bbvaglobalgateway.com *.arcpay.travel *.merchantlink.com *paymentgateway.nomba.com *.nab.com.au *.unicredit.ro *paymentgateway.epay.halykbank.kz *commerce.nbg.gr *.prahsys.com qpay.gov.qa *.qpay.gov.qa www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.mpgs.axisbank.com *.americanexpress.com *-gateway.mastercard.com *.accertify.net *paymentsvcs.com *.amxvpos.com *.accelya.com *.commbank.com.au *.americanexpress.co.in *.areeba.com *.bbvaglobalgateway.com *.arcpay.travel *.merchantlink.com *paymentgateway.nomba.com *.nab.com.au *.unicredit.ro *paymentgateway.epay.halykbank.kz *commerce.nbg.gr *.prahsys.com www.googletagmanager.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.googleadservices.com *.googletagmanager.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.mpgs.axisbank.com *.americanexpress.com *-gateway.mastercard.com *.accertify.net *paymentsvcs.com *.amxvpos.com *.accelya.com *.commbank.com.au *.americanexpress.co.in *.areeba.com *.bbvaglobalgateway.com *.arcpay.travel *.merchantlink.com *paymentgateway.nomba.com *.nab.com.au *.unicredit.ro *paymentgateway.epay.halykbank.kz *commerce.nbg.gr *.prahsys.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com stats.g.doubleclick.net api.amplitude.com www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' blob: https://prod-bk-web.es.rbi.tools/en/static/js/vendor.f8bf6a32.js https://prod-bk-web.es.rbi.tools/en/static/js/main.b4ad39e7.js https://prod-bk-web.es.rbi.tools/en/static/js/runtime.b8cc223c.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.es.rbi.tools/en/static/js/vendor.73d19e5d.js https://prod-bk-web.es.rbi.tools/en/static/js/main.8725a4f5.js https://prod-bk-web.es.rbi.tools/en/static/js/runtime.b36953dd.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; report-uri /csp-violation-report-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; 2
default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 2
font-src *.agrialpro.fr *.lamaison.fr fonts.gstatic.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors dynamic.criteo.com api.oney.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com gum.criteo.com youtu.be facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com *.agrialpro.fr *.lamaison.fr maps.gstatic.com maps.google.com maps.googleapis.com cl.avis-verifies.com www.google.fr www.facebook.com *.dmxleo.com *.bidswitch.net *.adform.net *.casalemedia.com *.criteo.com sync.1rx.io sync.targeting.unrulymedia.com *.id5-sync.com id5-sync.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.yieldmo.com *.yieldlab.net *.emxdgt.com *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.net *.3lift.com *.omnitagjs.com *.360yield.com *.sharethrough.com *.tremorhub.com *.krxd.net *.join-stories.com ade.googlesyndication.com *.hsforms.net *.hsforms.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page maps.google.com maps.googleapis.com *.agrialpro.fr *.lamaison.fr cdn.jsdelivr.net cl.avis-verifies.com connect.facebook.net js-agent.newrelic.com *.criteo.com bam.nr-data.net *.join-stories.com cdn.webotit.ai secure.adnxs.com *.hsforms.net *.hsforms.com *.disqus.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.8/pwacompat.min.js https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agrialpro.fr *.lamaison.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.join-stories.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agrialpro.fr *.lamaison.fr stats.g.doubleclick.net bam.nr-data.net *.criteo.com maps.googleapis.com *.stories.studio t.elasticsuite.io *.hsforms.net *.hsforms.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local 'self' data: *.twitter.com *.twimg.com *.zopim.com https://www.ppl.cz https://api.mapy.cz https://api.dhl.com data: 'self' 'unsafe-inline'; form-action self *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.facebook.com *.twitter.com yaby.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.restorio.cz 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com platform.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.google.com *.googletagmanager.com *.ladesk.com elibro.ladesk.com *.ec1.vbus.apps.ladesk.com *.gopay.cz *.gopay.com *.hotjar.com *.outfindo.com *.packeta.com *.pinterest.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com data: *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu media.restorio.cz media.restorio.sk media.restorio.eu yaby.eu *.yaby.eu *.vegadesign.cz *.vegadesign.local blob: *.ceneo.pl *.bing.com *.bing.net *.clarity.ms *.doofinder.com eu1-doofinderuser.s3.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.net *.google.at *.google.be *.google.bg *.google.com google.com *.google.com.au *.google.com.cr *.google.com.cy *.google.com.do *.google.com.eg *.google.com.mt *.google.com.mx *.google.com.ph *.google.com.tr *.google.com.ua *.google.co.il *.google.co.in *.google.co.jp *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tw *.google.co.uk *.google.ae *.google.by *.google.ca *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.lu *.google.lv *.google.md *.google.me *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.rs *.google.se *.google.sk *.google.tn *.google.tr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.googlesyndication.com *.heureka.cz *.heureka.sk im9.cz *.imedia.cz *.packeta.com *.seznam.cz t.co *.tiktok.com img.tiplicdn.com *.twiago.com *.twitter.com *.twimg.com *.ytimg.com *.zopim.com *.ziskejte.cz *.zbozi.cz *.criteo.com *.criteo.net ad.360yield.com eb2.3lift.com *.adform.net *.adnxs.com *.adnxs.net *.bidswitch.net r.casalemedia.com *.emxdgt.com id5-sync.com matching.ivitrack.com beacon.krxd.net *.1rx.io exchange.mediavine.com contextual.media.net visitor.omnitagjs.com sync.outbrain.com jadserve.postrelease.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com/ criteo-sync.teads.tv criteo-partners.tremorhub.com sync.targeting.unrulymedia.com *.yahoo.net ad.yieldlab.net sync-criteo.ads.yieldmo.com https://www.ppl.cz https://api.mapy.cz https://api.dhl.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net cdn.jsdelivr.net connect.facebook.net twitter.com platform.twitter.com *.restorio.cz *.restorio.sk *.restorio.eu static.restorio.cz static.restorio.sk static.restorio.eu *.vegadesign.cz *.vegadesign.local *.addthis.com *.adform.net *.bing.com *.cloudflare.com *.ceneo.pl *.clarity.ms *.cloudflareinsights.com *.cookiehub.com cookiehub.net *.cookiehub.eu restorio.bot.coworkers.ai *.criteo.com *.criteo.net *.daktela.com *.dognet.sk login.dognet.sk *.doofinder.com *.doubleclick.net *.facebook.com *.fontawesome.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.google.com *.google.cz *.gopay.cz *.gopay.com *.hotjar.com im9.cz *.im9.cz *.imedia.cz *.ladesk.com *.outfindo.com *.packeta.com *.pinterest.com *.pinimg.com *.selltoro.com *.seznam.cz sc-static.net *.srovname.cz stapecdn.com *.tiktok.com *.ads-twitter.com *.twitter.com *.twimg.com *.zbozi.cz *.zdassets.com *.zopim.com https://www.ppl.cz https://api.mapy.cz https://api.dhl.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.restorio.eu static.restorio.cz static.restorio.sk static.restorio.eu *.vegadesign.cz *.vegadesign.local *.cloudflare.com *.cookiehub.com *.cookiehub.eu cookiehub.net *.doofinder.com *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.zopim.com https://www.ppl.cz https://api.mapy.cz https://api.dhl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com https://*.ingest.sentry.io *.google-analytics.com *.restorio.cz *.restorio.sk *.restorio.eu yaby.eu *.vegadesign.cz *.vegadesign.local *.bing.com *.bing.net *.clarity.ms *.cookiehub.com *.cookiehub.net cookiehub.net *.cookiehub.eu restorio.bot.coworkers.ai wss://restorio.bot.coworkers.ai *.criteo.com *.criteo.net *.doofinder.com wss://eu1-layer.doofinder.com wss://eu1-recommendations.doofinder.com *.doubleclick.net *.facebook.com *.facebook.net google.com *.google.com *.google.cz *.google.sk adservice.google.com *.googleadservices.com *.googlesyndication.com *.gopay.cz *.gopay.com *.outfindo.com *.packeta.com *.pinterest.com *.selltoro.com *.seznam.cz *.srovname.cz *.tiktok.com *.tiktokw.us *.twitter.com *.twimg.com *.yaby.eu *.zdassets.com wss://widget-mediator.zopim.com https://www.ppl.cz https://api.mapy.cz https://api.dhl.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.restorio.cz *.restorio.sk *.restorio.eu *.vegadesign.cz *.vegadesign.local *.gopay.cz *.gopay.com *.yaby.eu yaby.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.vegadesign.cz/api/4/security/?sentry_key=aabf49608cca46b2bf8fb3c0ad2a8eba; report-to report-endpoint; 2
font-src *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src *.sbc29.com *.sbc30.net *.sbc33.com *.sbc35.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.sarbacane.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdn.popt.in/pixel.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://connect.facebook.net/en_GB/sdk.js https://embed.tawk.to/_s/v4/app/62835fee0eb/js/twk-chunk-2d0b9454.js https://js.stripe.com/v3/ https://stats.g.doubleclick.net/dc.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__en.js https://www.ipqualityscore.com/api/pingperfect.com/EnAWcy60QjCbGaVhQ47aEJDsOzvE8HxDKAr6xkGX0SiALznu9wGoX7FLCXQormDbwuF21HTXtvA2MlNkkv8l9hAvCvIHZwzBMhqVZkpUKj2FRYixhYbofewy9zy8sMcZVLi2VveEv7XpV9PPssOitHFBjuCGOMbNY1DcLnrgAiVTYb1UsOHaNSO5ezYFHi5mfLH5A7qII1i2K https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ https://platform.twitter.com https://analytics.twitter.com https://en.twitter.com https://cdn.syndication.twimg.com https://use.fontawesome.com https://kit.fontawesome.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://static.cloudflareinsights.com https://ajax.googleapis.com https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://m.youtube.com https://www.googletagmanager.com https://googletagmanager.com https://secure.gravatar.com https://cdn.jsdelivr.net https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com https://www.paypalobjects.com https://static.ads-twitter.com https://*.ep-mimecast.ads-twitter.com https://cdn.popt.in https://pingperfect.com http://pingperfect.com https://rec.smartlook.com https://www.gstatic.com https://www.pagespeed-mod.com; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.popt.in/ https://cdnjs.cloudflare.com/ https://embed.tawk.to/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://platform.twitter.com/ https://use.fontawesome.com/ fonts.googleapis.com embed.tawk.to ton.twimg.com platform.twitter.com *.fontawesome.com cdnjs.cloudflare.com *.google.com ajax.googleapis.com checkout.stripe.com secure.gravatar.com cdn.jsdelivr.net display.popt.in cdn.popt.in www.gstatic.com www.tinymce.com; object-src *.googlesyndication.com; frame-src 'self' https://js.stripe.com/ https://www.google.com/ va.tawk.to *.twitter.com *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.stripe.com *.stripe.network *.youtube.com www.youtube-nocookie.com www.googletagmanager.com *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com www.paypalobjects.com *.paypal.com; child-src 'self' blob: *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com www.googletagmanager.com www.paypalobjects.com *.paypal.com; img-src 'self' data: blob: https://abs.twimg.com/ https://embed.tawk.to/ https://pbs.twimg.com/ https://stats.g.doubleclick.net/ https://syndication.twitter.com/ https://www.google.co.uk/ https://www.google.com/ fonts.gstatic.com embed.tawk.to tawk.link cdn.jsdelivr.net/emojione t.co *.twitter.com *.twimg.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.fbcdn.net www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com ajax.googleapis.com *.stripe.com *.ytimg.com *.youtube.com www.googletagmanager.com *.gravatar.com cdn.jsdelivr.net www.gstatic.com/recaptcha www.paypalobjects.com analytics.twitter.com www.gstatic.com steamuserimages-a.akamaihd.net www.pingperfect.com pingperfect.com uploads.mordhau.com www.google.ps www.google.ba www.google.com.mm i.imgur.com android-webview-video-poster:; font-src 'self' data: https://cdnjs.cloudflare.com/ https://embed.tawk.to/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ *.tawk.to wss://*.tawk.to t.co *.twitter.com *.twimg.com *.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: cloudflareinsights.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com ajax.googleapis.com *.stripe.com www.googletagmanager.com *.gravatar.com *.paypal.com www.paypalobjects.com display.popt.in manager.eu.smartlook.cloud web-writer.eu.smartlook.cloud web-writer.br.smartlook.cloud events-writer.smartlook.com d3lopmpcew67el.cloudfront.net https://new229.com fonts.gstatic.com fonts.googleapis.com embed.tawk.to *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com chrome-extension:; connect-src 'self' https://verify.cpanel.net/ https://d3lopmpcew67el.cloudfront.net/ https://display.popt.in/ https://embed.tawk.to/ https://fn.eu.ipqualityscore.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ https://va.tawk.to/ https://www.google-analytics.com/; manifest-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.facebook.com connect.facebook.net *.google.com gamepanel.pingperfect.com www.paypal.com; media-src 'self' embed.tawk.to tawk.link dai.google.com; prefetch-src 'self' *.googlesyndication.com; worker-src 'self' blob: www.google.com www.recaptcha.net; report-uri https://pingperfect.report-uri.com/r/d/csp/wizard 2
default-src 'self'; script-src 'self' https://api-maps.yandex.ru https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://api-maps.yandex.ru https://www.gstatic.com; font-src 'self'; connect-src 'self' https://www.google.com https://www.gstatic.com; frame-src https://www.google.com; child-src https://www.google.com; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/recaptcha/ www.facebook.com platform.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.curopayments.net *.google-analytics.com *.googleapis.com 'self' data: www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com/recaptcha/ connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.homoactive.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com 'self' ws: 'self' wss: *.pay.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.homoactive.com/paynl/csp/report; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.addthis.com *.facebook.com *.twitter.com *.authorize.net www.youtube.com accounts.google.com *.iubenda.com cdn-quick-ar.threedy.ai quick-ar.threedy.ai td.doubleclick.net www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.addthisedge.com *.twitter.com *.hsforms.net *.hsforms.com 'self' data: cdn.ywxi.net seal.networksolutions.com ssl.gstatic.com syndication.twitter.com *.stats.paypal.com *.cloudmaestro.com *.twimg.com maps.gstatic.com maps.googleapis.com seal-santabarbara.bbb.org *.google.com csi.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.authorize.net *.hsforms.net *.hsforms.com *.gstatic.com diffuser-cdn.app-us1.com/ prism.app-us1.com trackcmp.net seal-santabarbara.bbb.org platform.twitter.com apis.google.com seal.networksolutions.com www.google.com www.gstatic.com *.iubenda.com *.paypal.com *.twimg.com maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net cdn-quick-ar.threedy.ai acsbapp.com cdn.iubenda.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.twitter.com *.twimg.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.googleadservices.com www.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.iubenda.com *.facebook.com maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net quick-ar.threedy.ai *.acsbapp.com *.doubleclick.net stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ab6dd833-5ccc-470b-a6cb-3bca3080bb2f.sansec.watch/; report-to report-endpoint; 2
worker-src blob:; font-src https://*.yotpo.com https://use.typekit.net https://netdna.bootstrapcdn.com 'self' data: *.googleapis.com https://www.gstatic.com *.kodaris.com *.amazonaws.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com *.tradecentric.com 'self' data: *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.punchout2go.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com https://forms.hsforms.com *.google.com *.duosecurity.com *.creditkey.com https://www.socialintents.com *.tradecentric.com *.cenpos.net *.cenpos.com *.gstatic.com *.cardinalcommerce.com *.punchout2go.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com blob: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://*.hsforms.com https://www.google.com https://www.gstatic.com https://*.yotpo.com https://amcglobal.sc.omtrdc.net https://*.punchout2go.com https://hanes.resultspage.com https://empirerigging.resultspage.com https://assets.resultspage.com https://hanes.resultsdemo.com https://empirerigging.resultsdemo.com https://creditkey-assets.s3-us-west-2.amazonaws.com https://*.hanessupply.com https://*.empirerigging.com https://forms.hsforms.com https://track.hubspot.com www.google.de/ads/ga-audiences *.cenpos.net *.cenpos.com *.googleapis.com https://*.gstatic.com *.kodaris.com *.amazonaws.com *.monsido.com bat.bing.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://coc.codes/images/badge/41497493 https://d10lpsik1i8c69.cloudfront.net *.shopperapproved.com https://firebasestorage.googleapis.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com *.reddit.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://js.hsforms.net https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://*.yotpo.com https://*.newrelic.com https://*.demdex.net https://*.aptrinsic.com https://*.nr-data.net https://hanes.resultspage.com https://empirerigging.resultspage.com https://hanes.resultsdemo.com https://empirerigging.resultsdemo.com https://unpkg.com https://www.socialintents.com https://*.g.doubleclick.net *.tradecentric.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hscollectedforms.net *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.kodaris.com *.amazonaws.com *.monsido.com *.punchout2go.com bat.bing.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://polyfill-fastly.io https://d10lpsik1i8c69.cloudfront.net *.hubspot.com https://cdn-in.pagesense.io/js/innopplitservices/51b88749fcca40fbbdf7fef19d4c664d.js https://static.zohocdn.com *.shopperapproved.com *.avada.io *.shopify.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.cloudflare.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://www.google.com https://www.gstatic.com https://*.yotpo.com https://*.aptrinsic.com https://hanes.resultspage.com https://empirerigging.resultspage.com https://hanes.resultsdemo.com https://empirerigging.resultsdemo.com https://*.typekit.net https://www.socialintents.com https://netdna.bootstrapcdn.com *.tradecentric.com 'self' data: fonts.googleapis.com *.kodaris.com *.gstatic.com *.googleapis.com *.amazonaws.com *.jsdelivr.net *.punchout2go.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://d10lpsik1i8c69.cloudfront.net https://static.zohocdn.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://d10lpsik1i8c69.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://forms.hsforms.com *.amazonaws.com https://*.yotpo.com https://*.demdex.net https://*.aptrinsic.com https://www.google-analytics.com https://*.g.doubleclick.net https://*.punchout2go.com https://maps.googleapis.com https://*.nr-data.net *.tradecentric.com https://forms.hscollectedforms.net *.googleapis.com *.kodaris.com *.monsido.com bat.bing.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://api.luckyorange.com https://settings.luckyorange.net https://pubsub.googleapis.com wss://visitors.live wss://*.visitors.live *.hubspot.com https://*.pagesense.io https://*.zoho.in https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net https://imgs.signifyd.com https://sirius-staging.atwixlabs.tech https://sirius.atwixlabs.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com https://applepay.cdn-apple.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com p.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com api-qa.payplug.com secure-qa.payplug.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat cl.avis-verifies.com bat.bing.com s.pinimg.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com https://cdn.payplug.com https://cdn-qa.payplug.com https://unpkg.com/pwacompat *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org *.arcgis.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.googleapis.com https://fonts.gstatic.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com https://fast.amc.demdex.net https://vimeo.com *.player.vimeo.com http://consent-pref.trustarc.com https://consent-pref.trustarc.com https://plumrocket.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com *.storyblok.com https://cdn1.1800flowers.com *.googletagmanager.com *.amcglobal.sc.omtrdc.net *.portotheme.com https://images.contentstack.io https://px.ads.linkedin.com https://p.adsymptotic.com http://consent.trustarc.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.google.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com *.storyblok.com https://optimize.google.com https://www.googleoptimize.com/optimize.js http://tags.tiqcdn.com https://js-agent.newrelic.com https://cdn.auth0.com https://bam.nr-data.net *.jquery.com https://assets.adobedtm.com *.auth0.com data: https://snap.licdn.com/li.lms-analytics/insight.min.js https://px.ads.linkedin.com https://www.googleoptimize.com https://edge.fullstory.com/s/fs.js *.rs.fullstory.com https://rs.fullstory.com/rec/integrations https://snap.licdn.com/ https://service.force.com/ https://cdnjs.cloudflare.com/ https://*.salesforce.com/ https://hello.zonos.com/ https://*.salesforceliveagent.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com fonts.googleapis.com *.certcapture.com *.storyblok.com https://fonts.googleapis.com https://use.typekit.net https://*.salesforceliveagent.com https://*.salesforce.com/ https://static.klaviyo.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.storyblok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com *.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net *.dpm.demdex.net *.rs.fullstory.com https://rs.fullstory.com/rec/page https://rs.fullstory.com/rec/bundle *.assets.adobedtm.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com imgsct.cookiebot.com imgsct.cookiebot.eu https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com *.typekit.net assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src blob: 'self'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.kxcdn.com geowidget.easypack24.net v2.zopim.com cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com geowidget-app.inpost.pl mapa.ecommerce.poczta-polska.pl pudofinder.dpd.com.pl js.mollie.com pay.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com www.google.com *.addthis.com secure.livechatinc.com cm.g.doubleclick.net td.doubleclick.net sync.clickonometrics.pl static.clickonometrics.pl www.googletagmanager.com vars.hotjar.com ct.pinterest.com cdn2.pollster.pl widget.spreaker.com start.assets.paypo.pl start.paypo.pl popup.paypo.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com https://firebasestorage.googleapis.com https://www.mollie.com static.przelewy24.pl www.gstatic.com gstatic.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com google.com td.doubleclick.net www.google.pl ct.pinterest.com *.fbcdn.net cdn.livechatinc.com www.facebook.com img.onesignal.com v2.zopim.com cdn.stamped.io content.pollster.pl s1782711468.t.eloqua.com *.adform.net ads.avct.cloud c.clarity.ms c.bing.com ssl.ceneo.pl mrtg.emailpartners.net conversionlabs.net geowidget.easypack24.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com geowidget.inpost.pl api.inpost.pl mapa.ecommerce.poczta-polska.pl api.furgonetka.pl maps.googleapis.com *.avada.io js.mollie.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com ruch-osm.sysadvisors.pl *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com *.googleapis.com www.google.com www.google.pl cdn.ampproject.org connect.facebook.net googletagmanager.com analytics.tiktok.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com cdn.livechatinc.com api.livechatinc.com chimpstatic.com delivery.clickonometrics.pl static.clickonometrics.pl profiling.clickonometrics.pl cdn.mouseflow.com onesignal.com cdn.onesignal.com geowidget.easypack24.net v2.zopim.com static.zdassets.com widget-mediator.zopim.com chat-widget.thulium.com cdn.thulium.com s.pinimg.com static.hotjar.com script.hotjar.com smart.idmnet.pl cdn2.pollster.pl exchange.pollster.pl *.adform.net img06.en25.com utrack.buybox.click hop-js.buybox.click shop-js.buybox.click s1782711468.t.eloqua.com cdn.files.smcloud.net ssl.ceneo.pl api.bebio.pl www.clarity.ms s-eu-1.pushpushgo.com ct.pinterest.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com geowidget.inpost.pl mapa.orlenpaczka.pl *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net ruch-osm.sysadvisors.pl tagmanager.google.com fonts.google.com google.com *.kxcdn.com onesignal.com www.googletagmanager.com geowidget.easypack24.net api.bebio.pl cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com chat-widget.thulium.com cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.furgonetka.pl maps.googleapis.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com stats.g.doubleclick.net pagead2.googlesyndication.com region1.google-analytics.com region1.analytics.google.com www.facebook.com analytics.tiktok.com sandbox-api-shipx-pl.easypack24.net api-shipx-pl.easypack24.net wss://widget-mediator.zopim.com widget-mediator.zopim.com ekr.zdassets.com onesignal.com api.synerise.com ai-api.synerise.com api.bebio.pl ct.pinterest.com in.hotjar.com smart.idmnet.pl check.pollster.pl q.clarity.ms utrack.buybox.click content.pollster.pl y.clarity.ms s1782711468.t.eloqua.com ssl.ceneo.pl o2.mouseflow.com grow-apps.growpoland.pl delivery.clickonometrics.pl googleads.g.doubleclick.net cdn.thulium.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://play-widget.pepperfinance.es/ https://instantcredit.net/ *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net 'self' https://*.uberall.com https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.doofinder.com https://images.unsplash.com https://cdn.scarabresearch.com https://static.scarabresearch.com https://snippet.plugins.emarsys.net https://*.uberall.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cdn.doofinder.com *.plugins.emarsys.net https://cdn.scarabresearch.com https://maps.googleapis.com https://snippet.plugins.emarsys.net https://static.scarabresearch.com https://locator.uberall.com https://*.uberall.com https://instantcredit.net/ https://code.jquery.com/ * *.fontawesome.com *.googleapis.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.doofinder.com https://play-widget.pepperfinance.es/ https://instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com https://recommender.scarabresearch.com *.eservice.emarsys.net https://play-merchant-config.pepperfinance.es/  https://play-api.peppermoneytest.es/ https://maps.googleapis.com https://player.vimeo.com https://cdn.scarabresearch.com https://snippet.plugins.emarsys.net https://*.uberall.com https://instantcredit.net/ https://test.instantcredit.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://frontal-eu.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com; connect-src 'self' https://static.hsappstatic.net https://forms.hsforms.com https://forms-na1.hsforms.com https://api.hubspot.com https://track.hubspot.com https://*.hubspot.com https://*.hs-banner.com https://*.linkedin.com https://*.pa-cd.com https://*.abtasty.com https://www.google-analytics.com https://www.googletagmanager.com https://stm.smile.eu; font-src *; img-src 'self' https://fonts.gstatic.com data: https://*.hubspot.com https://*.hsforms.com https://*.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://try.abtasty.com https://stm.smile.eu https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com/ https://forms-na1.hsforms.com https://try.abtasty.com https://www.clarity.ms https://analytics.tiktok.com https://api.livechatinc.com https://s.yimg.jp https://www.google-analytics.com https://cdn.qgraph.io https://script.infinity-tracking.com https://loader.wisepops.com https://connect.facebook.net https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://b92.yahoo.co.jp/ https://img.macromill.com https://platform.linkedin.com https://www.linkedin.com https://*.licdn.com https://stm.smile.eu https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com/pagead/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem * 'unsafe-inline'; report-uri https://qasmileeu.report-uri.com/r/d/csp/reportOnly 2
font-src *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com https://wsv3cdn.audioeye.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.google.com *.braintreegateway.com *.paypal.com *.kaptcha.com https://bid.g.doubleclick.net *.gettopple.com https://analytics.tiktok.com *.weltpixel.com business.facebook.com www.commercepartnerhub.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.paypal.com *.hubspot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com blob: https://a5.behance.net https://www.googletagmanager.com *.hsforms.com https://forms.hsforms.com https://forms-na1.hsforms.com *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.hsforms.net *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://wsmcdn.audioeye.com/aem.js *.gstatic.com https://ssl.avmws.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.google.com *.braintreegateway.com *.paypal.com amcglobal.sc.omtrdc.net https://js.hsadspixel.net https://connect.facebook.net https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com *.gettopple.com https://analytics.tiktok.com player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com business.facebook.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.googleapis.com amcglobal.sc.omtrdc.net *.gettopple.com https://analytics.tiktok.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.hubspot.com *.google.com hubspot-forms-static-embed.s3.amazonaws.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hs-banner.com *.facebook.net https://api.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://dpm.demdex.net *.hsforms.com https://forms.hsforms.com *.gettopple.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us/ipv6/enrich_ipv6  https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.google-analytics.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://*.fratellicarli.com https://carli.my.site.com https://*.carli.my.site.com https://*.salesforce.com https://google.com https://*.google.com https://google.it https://*.google.it https://google.de https://*.google.de https://google.ch https://*.google.ch https://google.co.uk https://*.google.co.uk https://google.com.ua https://*.google.com.ua https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://pay.google.com https://accounts.google.com https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://shopforward.eu https://*.gestpay.net https://*.sella.it https://*.klarna.com https://*.adyen.com https://*.authorize.net https://*.visa.com https://*.ccdc02.com https://*.addthis.com https://*.addthisedge.com https://static.addtoany.com https://*.newrelic.com https://*.nr-data.net https://*.cookiebot.com https://*.clarity.ms https://*.luckyorange.com https://*.hotjar.com https://*.fullstory.com https://*.smartlook.com https://*.taboola.com https://*.zemanta.com https://*.rfihub.net https://twitter.com https://*.twitter.com https://*.ads-twitter.com https://*.facebook.net https://*.bing.com https://*.webgains.io https://*.typekit.net https://*.jsdelivr.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://*.salecycle.com https://*.omniconvert.com https://*.fanplayr.com https://*.visualwebsiteoptimizer.com https://*.sc-static.net https://*.moatads.com https://*.lockerdomecdn.com https://*.dwin1.com https://*.roeye.com https://*.roeyecdn.com https://*.plyr.io https://*.trustpilot.com https://*.sandbox.my.site.com https://*.creativecdn.com https://*.r66net.com https://*.r66net.net https://malsup.github.io https://the.sciencebehindecommerce.com https://*.awin1.com https://*.adform.net https://player.wowza.com https://rum.hlx.page https://*.zenaps.com https://overbridgenet.com https://*.videostep.com https://*.acsbapp.com https://www.youtube.com; connect-src 'self' https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://acsbapp.com https://*.acsbapp.com https://*.addthis.com https://*.googleapis.com https://*.nr-data.net https://*.demdex.net https://*.omtrdc.net https://*.cardinalcommerce.com https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://amazon.com https://*.amazon.com https://amazon.it https://*.amazon.it https://amazon.fr https://*.amazon.fr https://amazon.es https://*.amazon.es https://amazon.de https://*.amazon.de https://*.amazonpay.com https://*.amazonservices.com https://*.amazonservices.it https://*.amazonservices.fr https://*.amazonservices.es https://*.amazonservices.de https://*.dotdigital-pages.com https://webchat.dotdigital.com https://*.braintreegateway.com https://*.braintree-api.com https://*.yotpo.com https://*.trackedlink.net https://*.trackedweb.net https://*.sella.it https://*.cookiebot.com https://*.clarity.ms https://*.luckyorange.com https://*.cloudfront.net https://*.sc-static.net https://*.salecycle.com wss://ws.salecycle.com https://*.fratellicarli.com https://*.omniconvert.com https://*.fanplayr.com https://*.doubleclick.net https://*.taboola.com https://*.visualwebsiteoptimizer.com https://shopforward.eu https://*.a.run.app https://*.googlesyndication.com https://*.hotjar.com https://*.fullstory.com https://*.pinimg.com https://*.pinterest.com https://*.salesforce-scrt.com https://*.bing.com https://*.zemanta.com https://*.outbrain.com https://*.typekit.net https://*.authorize.net https://*.googletagmanager.com https://*.trustpilot.com https://*.sandbox.my.site.com https://*.googleadservices.com https://google.com https://*.google.com https://google.it https://*.google.it https://google.de https://*.google.de https://google.at https://*.google.at https://google.fr https://*.google.fr https://google.ch https://*.google.ch https://google.co.uk https://*.google.co.uk https://google.com.ua https://*.google-analytics.com https://*.salesforce.com https://*.jsdelivr.net https://*.roeye.com https://klarna.com https://*.klarna.com https://*.klarnaevt.com https://*.sentry.io https://*.adyen.com https://*.creativecdn.com https://*.conversionsapigateway.com https://facebook.com https://*.facebook.com https://*.r66net.com https://*.r66net.net https://*.videostep.com https://user-sync.fwmrm.net https://*.awinblackfriday.com https://*.wepowerconnections.com https://*.adform.net https://rum.hlx.page https://*.zenaps.com https://overbridgenet.com https://the.sciencebehindecommerce.com; frame-src 'self' https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://static.addtoany.com https://*.addthis.com https://*.gestpay.net https://*.sella.it https://*.salecycle.com https://*.cookiebot.com https://*.doubleclick.net https://*.rfihub.com https://*.googleapis.com https://*.typekit.net https://*.trustpilot.com https://*.googletagmanager.com https://*.mainadv.com https://*.sandbox.my.site.com https://google.com https://*.google.com https://google.it https://*.google.it https://google.de https://*.google.de https://google.ch https://*.google.ch https://google.co.uk https://*.google.co.uk https://google.com.ua https://*.paypal.com https://carli.my.site.com https://*.carli.my.site.com https://klarna.com https://*.klarna.com https://platform.twitter.com https://facebook.com https://*.facebook.com https://*.youtube.com https://tsdtocl.com https://*.awin1.com https://*.rsa3dsauth.co.uk https://*.securesuite.co.uk https://e.issuu.com https://*.wlp-acs.com https://*.fatcoupon.com https://tatrck.com https://hipodi.com https://*.lcl.fr https://*.arcot.com https://*.nexigroup.com https://oponas.com https://mitlogen.com https://bcsgsrv.com https://go.storecategory.com https://*.adyen.com https://*.zenaps.com https://overbridgenet.com https://*.videostep.com; font-src 'self' data: https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://*.acsbapp.com https://*.cloudflare.com https://*.gstatic.com https://*.typekit.net https://res-1.cdn.office.net https://*.klarnacdn.net; img-src 'self' data: blob: https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://*.cookiebot.com https://*.clarity.ms https://*.luckyorange.com https://*.cloudfront.net https://*.sc-static.net https://*.salecycle.com https://*.fratellicarli.com https://*.omniconvert.com https://*.fanplayr.com https://*.visualwebsiteoptimizer.com https://*.zemanta.com https://t.co https://twitter.com https://*.twitter.com https://google.it https://*.google.it https://google.com https://*.google.com https://google.rw https://*.google.rw https://google.de https://*.google.de https://google.at https://*.google.at https://google.fr https://*.google.fr https://google.ch https://*.google.ch https://google.co.il https://*.google.co.il https://*.bing.com https://*.adnxs.com https://*.doubleclick.net https://*.visa.com https://*.gstatic.com https://*.roeye.com https://*.googletagmanager.com https://*.googleapis.com https://*.adyen.com https://facebook.com https://*.facebook.com https://facebook.net https://*.facebook.net https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.videostep.com https://*.pubmatic.com https://*.googlesyndication.com https://*.udmserve.net https://*.rubiconproject.com https://*.adform.net https://*.teads.tv https://*.3lift.com https://*.adscale.de https://*.taboola.com https://*.smartadserver.com https://*.casalemedia.com https://ks1.invibes.com https://ks1.b26net.com https://*.fwmrm.net https://*.outbrain.com https://*.33across.com https://*.yieldmo.com https://*.dmxleo.com https://*.nexx360.io https://*.awin1.com https://*.googleadservices.com https://*.1rx.io https://i.ytimg.com https://*.onetag-sys.com https://*.admixer.net https://*.omnitagjs.com https://*.lijit.com https://*.docomo.ne.jp https://*.openx.net https://*.e-planning.net https://*.seedtag.com https://*.media.net https://*.adtarget.com.tr https://*.mgid.com https://*.opera.com https://*.gumgum.com https://*.smaato.net https://*.rakuten.com https://*.connectad.io https://*.sonobi.com https://*.contextweb.com https://*.adtech.ink https://*.sharethrough.com https://*.ck-ie.com https://*.360yield.com https://*.inmobi.com https://ib.adnxs.com https://*.awinblackfriday.com https://*.loopme.me https://static-eu.payments-amazon.com https://user-sync.fwmrm.net https://cm.g.doubleclick.net https://bh.contextweb.com https://onetag-sys.com https://s.ad.smaato.net https://carli.my.site.com https://*.carli.my.site.com; style-src 'self' 'unsafe-inline' https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://*.cloudflare.com https://carli.my.site.com https://*.carli.my.site.com https://*.googleapis.com https://*.typekit.net https://*.plyr.io https://*.sandbox.my.site.com https://*.klarnacdn.net; worker-src 'self' blob:; media-src 'self' data: https://*.oliocarli.it https://*.oliocarli.de https://*.oliocarli.at https://*.oliocarli.fr https://*.oliocarli.be https://*.oliocarli.ch https://*.oliocarli.us https://*.adobe.com; frame-ancestors 'self' https://*.adyen.com https://*.google.com; report-uri magento-endpoint; report-to magento-endpoint 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.adyen.com *.surveysparrow.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarna.com *.kustom.co *.surveysparrow.com *.pinterest.com *.echatsoft.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com flagpedia.net *.cloudflare.com *.klarna.com *.kustom.co *.klarnaevt.com *.googleadservices.com *.google-analytics.com *.google.dk *.google.de *.google.fr *.google.hk *.google.it *.google.co.jp *.google.com.my *.google.no *.google.com.sg *.google.co.kr *.google.com.tw *.google.co.th *.google.co.uk *.google.se *.google.pl *.google.nl *.ytimg.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com *.naver.com *.pinterest.com *.surveysparrow.com *.baidu.com *.bdimg.com *.rainbowred.com *.twitter.com *.yahoo.co.jp https://t.co https://yotpo-editor-production.s3.amazonaws.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.disqus.com *.avada.io *.shopify.com maps.googleapis.com *.cloudflare.com *.cloudflareinsights.com https://chimpstatic.com https://s3.amazonaws.com/downloads.mailchimp.com/ *.googleoptimize.com *.googleapis.com *.twimg.com *.fontawesome.com *.zdassets.com *.zendesk.com *.zopim.com *.klarna.com *.kustom.co *.surveysparrow.com *.naver.net *.naver.com *.tiktok.com *.pinimg.com *.baidu.com *.bdimg.com *.echatsoft.com *.dwin1.com *.ads-twitter.com *.fibbl.com *.yahoo.co.jp addrevenue.io *.addrevenue.io *.pinterest.com 'self' 'self' data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com *.echatsoft.com *.typekit.net *.baidu.com *.yahoo.co.jp 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com 'self' 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.cloudflare.com *.googleapis.com *.zendesk.com *.adyen.com *.klarna.com *.kustom.co *.klarnaevt.com *.surveysparrow.com *.naver.com *.pinterest.com *.tiktok.com *.twitter.com *.echatsoft.com *.typekit.net https://static.zdassets.com https://ekr.zdassets.com https://gstatic.com https://*.zopim.com wss://*.zopim.com wss://*.echatsoft.com *.baidu.com *.bdimg.com *.yahoo.co.jp 'self' 'self' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/Z2c/QPQRlDywD https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/Z2c/QPQRlDywD  https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/Y31EDVhzSmkGDzzOc5/XGQeKQE/MU5/zJiB0Sg0C  https://www.oreilly.com  * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb898c25826db9d251f99fdcece943792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:wordpress-prod-cluster; 2
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io magefan.com cm.magefan.com *.disqus.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com *.vimeo.com *.vimeocdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.trustpilot.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://images.unsplash.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com *.trustpilot.com *.googleapis.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.trustpilot.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://66998dd5-b8bd-4cd3-98ce-5f467499faec.sansec.watch/; report-to report-endpoint; 2
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://www.facebook.com https://c.clarity.ms/ https://bat.bing.com/ https://c.bing.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com s7.addthis.com *.fontawesome.com *.googleapis.com *.gstatic.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com https://cs.iubenda.com/ static.addtoany.com acsbapp.com mylivechat.com a6.mylivechat.com https://cdn.iubenda.com/cs/ccpa/stub.js https://connect.facebook.net/ http://www.paypalobjects.com http://www.googletagmanager.com http://www.vimeo.com https://cdn.iubenda.com/ https://bat.bing.com/ https://www.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com a6.mylivechat.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com ekr.zdassets.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.acsbapp.com http://www.googletagmanager.com http://www.sandbox.paypal.com http://www.paypalobjects.com https://hits-i.iubenda.com/ https://w.clarity.ms/collect http://www.google-analytics.com https://consent.iubenda.com/ https://o.clarity.ms/collect https://v.clarity.ms/collect 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; font-src 'self' https: http: data:; img-src 'self' data: https: http: blob:; media-src 'self' https: http: blob:; connect-src 'self' https: http: ws: wss:; frame-src 'self' https: http:; object-src 'none'; base-uri 'self'; form-action 'self' 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.klaviyo.com *.cdnfonts.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.com *.amazon-adsystem.com *.doubleclick.net *.sitescout.com *.adsrvr.org *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.googleapis.com media.sezzle.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com/mapfiles/api-3/images/* *.s3.amazonaws.com *.net/company/SPJKye/images/* *.google.co.in *.cloudfront.net *.facebook.com *.amazonaws.com https://maps.googleapis.com *.sitescout.com trkn.us *.zdassets.com *.zendesk.com *.zdusercontent.com *.nextdoor.com *.redditstatic.com *.reddit.com *.amazon-adsystem.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net *.googleapis.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudfront.net/js/grin-sdk.js *.googleapis.com/maps/* *.googleapis.com/maps-api-v3/api/js *.zdassets.com *.mouseflow.com *.jquery.com *.direct/feathersnap.js *.facebook.net/en_US/fbevents.js *.facebook.net *.facebook.com *.googletagmanager.com *.amazon-adsystem.com *.googleadservices.com *.google-analytics.com *.klaviyo.com q.stripe.com *.basis.net *.smooch.io *.adsrvr.org *.redditstatic.com *.nextdoor.com safevisit.online tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com https://static.klaviyo.com https://cdn.jsdelivr.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.cdnfonts.com *.stripe.network *.stripecdn.com *.amazon.com *.cdnfonts.com *.typekit.net *.sezzle.com *.net/ffj4apz.css *.klaviyo.com tagmanager.google.com fonts.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com/cdn-cgi/trace *.googleapis.com/maps/api/* *.grin.co/fingerprint/* *.sezzle.com *.grin.co *.g.doubleclick.net https://ipapi.co *.zendesk.com *.googleapis.com *.ipdata.co *.googletagmanager.com *.mouseflow.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.webpagefx.org *.facebook.com *.zdassets.com *.smooch.io wss://api.smooch.io *.redditstatic.com *.reddit.com *.adsrvr.org *.analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://o4510960324837376.ingest.us.sentry.io/api/4510960614375424/security/?sentry_key=6b1b2932f1532eff2227d01a122adbb4; 2
font-src *.fontawesome.com https://fonts.bunny.net https://www.ppl.cz/ fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com gate.gopay.cz gate.gopay.com gw.sandbox.gopay.com *.weltpixel.com https://*.clic2buy.com https://*.doubleclick.net https://ehub.cz https://*.gls-czech.cz https://*.packeta.com/ https://*.heureka.cz/ https://*.heureka.sk/ https://*.googletagmanager.com https://*.facebook.com *.foxentry.cz widget.packeta.com backup.packeta.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://firebasestorage.googleapis.com https://*.cdninstagram.com https://*.ppl.cz https://*.seznam.cz https://im9.cz https://*.google.cz https://*.google.sk https://*.google.de https://*.google.at https://*.google.pl https://*.google.nl https://*.google.hu https://*.facebook.com https://*.g.doubleclick.net https://*.mailkit.eu https://ehub.cz https://*.heureka.cz/ https://*.heureka.sk/ https://*.zbozi.cz https://*.bing.com https://*.clarity.ms/ https://bat.bing.net https://bat.bing.com https://*.analytics.google.com *.foxentry.cz flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.avada.io gate.gopay.cz gate.gopay.com gw.sandbox.gopay.com https://*.clic2buy.com https://*.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud https://*.smartform.cz https://*.heureka.cz https://*.mailkit.eu https://*.google.cz/ https://*.google.sk https://*.google.de https://*.google.at https://*.google.pl https://*.google.nl https://*.google.hu https://*.seznam.cz https://*.dognet.sk https://ehub.cz https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.packeta.com/ https://*.zbozi.cz/ https://im9.cz/ https://*.clarity.ms/ https://bat.bing.com/ https://bat.bing.net/ https://cdn.heureka.group/ https://*.heureka.sk/ https://*.googlesyndication.com https://*.cdn-apple.com https://*.cloudfront.net *.foxentry.cz widget.packeta.com backup.packeta.com *.gstatic.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.fontawesome.com https://fonts.bunny.net https://www.ppl.cz/ https://client.smartform.cz/ fonts.googleapis.com *.foxentry.cz maxcdn.bootstrapcdn.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://maps.googleapis.com https://player.vimeo.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech https://get.geojs.io *.avada.io https://*.ppl.cz https://*.smartlook.com https://*.smartlook.cloud https://*.mailkit.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.facebook.com https://*.g.doubleclick.net https://ehub.cz https://widget.packeta.com https://*.clarity.ms https://*.heureka.group https://bat.bing.net https://*.seznam.cz https://*.googlesyndication.com https://bat.bing.com https://*.stape.at *.foxentry.cz *.homecredit.cz *.homecredit.sk widget.packeta.com backup.packeta.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: https://*.sovendus.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com https://app-wallee.com https://paymentshub.weareplanet.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com *.cookiebot.com maps.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://*.sovendus.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://app-wallee.com https://paymentshub.weareplanet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.disqus.com tracking.moevenpick-wein.com *.cookiebot.com maps.googleapis.com newsletter.moevenpick-wein.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://*.sovendus.com https://www.sovopt.com https://static.sovopt.com https://www.getback.ch https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://app-wallee.com https://paymentshub.weareplanet.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com consent.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com https://static.getback.ch https://*.sovendus.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://app-wallee.com https://paymentshub.weareplanet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com tracking.moevenpick-wein.com *.cookiebot.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://app-wallee.com https://paymentshub.weareplanet.com https://assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src-elem *.cfjump.com *.popupsmart.com embedsocial.com *.preezie.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com data: 'self' 'unsafe-inline' 'unsafe-eval'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com t.zip.co static.zipmoney.com.au static.zip.co *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com *.riskified.com *.bing.com *.legitscript.com data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au static.zip.co zip.co *.cfjump.com *.popupsmart.com embedsocial.com *.preezie.com *.bazaarvoice.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net static.afterpay.com/ *.squarecdn.com *.cash.app display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com embedsocial.com *.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network-stg.bazaarvoice.com network.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com qa-api.magedevteam.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.popupsmart.com *.bazaarvoice.com *.demdex.net *.riskified.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com *.tradecentric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.punchout2go.com *.tradecentric.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.brsrvr.com *.bloomreach.cloud forms.hsforms.com track.hubspot.com px.ads.linkedin.com www.facebook.com *.hsforms.com https://www.magezon.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page cdn.brcdn.com js-na1.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hs-scripts.com js.hubspot.com js.hsadspixel.net connect.facebook.net snap.licdn.com *.punchout2go.com *.tradecentric.com *.alothemes.com *.magepow.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.punchout2go.com *.tradecentric.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.dxpapi.com forms.hscollectedforms.net api.hubapi.com cta-service-cms2.hubspot.com px.ads.linkedin.com www.facebook.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.babysmile24.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.kameleoon.io *.fontawesome.com https://fonts.bunny.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tokenization.secure.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.babygalerie24.de *.facebook.com *.googleapis.com *.google.de *.ovh.net www.google.at www.google.ch www.google.com.bd *.babysmile24.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.google.com *.hub.baby *.googlesyndication.com www.google.si *.googleusercontent.com www.google.co.in www.google.kz www.google.ro *.ccm19.de *.kameleoon.io magefan.com cm.magefan.com https://firebasestorage.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com bspic.hub.baby data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.etermin.net *.ccm19.de *.facebook.net *.googleapis.com *.babysmile24.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.googletagmanager.com *.clarity.ms *.kameleoon.io *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tokenization.secure.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.ccm19.de *.gstatic.com *.etermin.net *.kameleoon.io *.fontawesome.com https://fonts.bunny.net d.ratepay.com d.payla.io dr.payla.io src.mastercard.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.hub.baby *.babysmile24.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.ovh.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.ccm19.de *.google-analytics.com *.googleapis.com *.babysmile24.com cdn.babysmile24.de cdn.babysmile24.at cdn.babysmile24.ch *.doubleclick.net *.googlesyndication.com *.facebook.com *.clarity.ms *.kameleoon.io https://get.geojs.io *.avada.io payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tokenization.secure.payone.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.ccm19.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bec24c5a-6980-491a-b199-6ac1940dc2e1.sansec.watch/; report-to report-endpoint; 2
font-src *.klaviyo.com res-1.cdn.office.net i.icomoon.io fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.clic2buy.com *.facebook.com *.linkbux.com *.opendns.com *.perfsimpl.com *.zipchat.ai consentcdn.cookiebot.com consentcdn.cookiebot.eu *.multisafepay.com https://pay.google.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.bing.com *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.trustprofile.com *.usercentrics.eu d3k81ch9hvuctc.cloudfront.net www.google.be www.google.fr www.google.nl www.google.ro https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.clerk.io imgsct.cookiebot.com imgsct.cookiebot.eu https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.multisafepay.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://widget-acc.paazl.com https://api-acc.paazl.com/ *.clarity.ms *.clerk.io *.clic2buy.com *.cookiebot.eu *.facebook.net *.feedbackcompany.com *.getsitecontrol.com *.google.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.paazl.com *.tiktok.com *.zipchat.ai https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://api.clerk.io https://cdn.clerk.io https://custom.clerk.io consent.cookiebot.com consent.cookiebot.eu *.multisafepay.com https://pay.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://widget-acc.paazl.com https://api-acc.paazl.com/ *.gstatic.com *.klaviyo.com *.paazl.com https://static.klaviyo.com https://api.clerk.io https://cdn.clerk.io i.icomoon.io fonts.googleapis.com *.typekit.net *.multisafepay.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://widget-acc.paazl.com https://api-acc.paazl.com/ *.clarity.ms *.conversionsapigateway.com *.datadome.co *.doubleclick.net *.facebook.com *.feedbackcompany.com *.getsitecontrol.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.paazl.com *.sentry.io *.tiktok.com *.tiktokw.us *.zipchat.ai google.com mpc-prod-21-1053047382554.us-central1.run.app wss://ws.hotjar.com www.google.be www.google.fr www.google.nl www.google.ro https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.multisafepay.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://84966c07-9303-4ce4-a8a1-d967b6d75831.sansec.watch/; report-to report-endpoint; 2
frame-src 'self' https://consentcdn.cookiebot.com https://checkoutshopper-test.adyen.com/ https://checkoutshopper.adyen.com/ https://checkoutshopper-live.adyen.com https://pay.google.com https://td.doubleclick.net https://tr.snapchat.com https://ajax.cloudflare.com https://cdn.cxense.com https://scdn.cxense.com https://id.cxense.com https://www.googleadservices.com https://mainf.global-cache.online https://www.gstatic.com https://analytics.soulz.lt https://analytics.soulz.lv https://analytics.soulz.ee https://app.omnisend.com https://cdn.userway.org https://www.googletagmanager.com https://omnisnippet1.com https://www.google.com https://acs2.3ds.modirum.com https://acs.3ds.modirum.com https://acs1.3ds.modirum.com https://acs1.swedbank.se https://acs2.swedbank.se https://3ds2-visasecure2.acdcproc.com https://3dsec.cardcenter.ch https://googleads.g.doubleclick.net https://acs.revolut.com https://acs-challenge.apata.io https://pal-test.adyen.com https://assets.boomio.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.soulz.lt https://assets.soulz.lv https://assets.soulz.ee https://assets.dev.soulz.lt https://assets.dev.soulz.lv https://assets.dev.soulz.ee https://assets.test.soulz.lt https://assets.test.soulz.lv https://assets.test.soulz.ee https://boomio-widgets.adomas.workers.dev https://widgets.boomio.com https://assets.boomio.com https://connect.facebook.net https://consentcdn.cookiebot.com https://*.cookiebot.com https://assets.pinterest.com https://omnisnippet1.com https://www.googletagmanager.com https://www.redditstatic.com https://services.digitalmatter.ai http://assets.pinterest.com https://www.primeai.co.uk https://www.google-analytics.com https://scdn.cxense.com/cx.js https://static.cloudflareinsights.com https://pay.google.com https://maps.googleapis.com https://checkoutshopper-test.adyen.com https://unpkg.com https://cdn.cxense.com https://analytics.tiktok.com https://ajax.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://payment.ecommerce.sebgroup.com https://googleads.g.doubleclick.net https://instagram.com https://tr.snapchat.com https://sc-static.net https://checkoutshopper-live.adyen.com https://id.cxense.com https://www.googleadservices.com https://analytics.soulz.lt https://analytics.soulz.lv https://analytics.soulz.ee https://test.soulz.lt/cdn-cgi/challenge-platform/scripts/jsd/main.js https://soulz.lt/cdn-cgi/challenge-platform/scripts/jsd/main.js https://soulz.lv/cdn-cgi/challenge-platform/scripts/jsd/main.js https://soulz.ee/cdn-cgi/challenge-platform/scripts/jsd/main.js https://ajax.googleapis.com https://app.omnisend.com https://www.google.com https://www.gstatic.com; report-uri /nelmio/csp/report 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com typesense.c-833.maxcluster.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * https://cdn.consentmanager.net https://delivery.consentmanager.net *.trustpilot.com *.weltpixel.com typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://cdn.consentmanager.net https://delivery.consentmanager.net https://images.unsplash.com https://redchamps.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com maps.googleapis.com *.amazonaws.com typesense.c-833.maxcluster.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://maps.googleapis.com *.googletagmanager.com tagmanager.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com maps.googleapis.com typesense.c-833.maxcluster.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.fontawesome.com tagmanager.google.com fonts.google.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://cdn.consentmanager.net https://delivery.consentmanager.net https://maps.googleapis.com https://player.vimeo.com *.googletagmanager.com *.trustedshops.com *.etrusted.com typesense.c-833.maxcluster.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net typesense.c-833.maxcluster.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://667b8714-1464-4a69-9685-942a89db4a14.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.stripe.com www.googletagmanager.com td.doubleclick.net *.trbo.com app.usercentrics.eu *.cloudflarestream.com accounts.google.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com cdn.newsha.com productimages.newsha.com productimages.newsha.de www.google.de perf-eu1.hsforms.com app.usercentrics.eu uct.service.usercentrics.eu track-eu1.hubspot.com widgets.trustedshops.com maps.gstatic.com collect.trbo.com maps.google.com maps.googleapis.com https://meetanshi.com/media/logo.png https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com https://www.magezon.com flagpedia.net https://www.mollie.com https://prf.hn https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com js.stripe.com app.usercentrics.eu pzapi-nb.com widgets.trustedshops.com js-eu1.hs-scripts.com analytics.tiktok.com js-eu1.hs-analytics.net js-eu1.hubspot.com js-eu1.hsadspixel.net js-eu1.hs-banner.com maps.google.com api-v4.trbo.com www.clarity.ms t.clarity.ms static.trbo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net www.termsfeed.com accounts.google.com *.gstatic.com maps.googleapis.com js.mollie.com https://prf.hn https://pzapi-nb.com https://pzapi-kg.com https://pzapi-ij.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.fontawesome.com accounts.google.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com region1.google-analytics.com region1.analytics.google.com api.usercentrics.eu cta-eu1.hubspot.com api-eu1.hubapi.com maps.googleapis.com www.clarity.ms t.clarity.ms analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com accounts.google.com www.gstatic.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://beacon-v2.helpscout.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.chargebee.com https://www.googletagmanager.com https://www.gstatic.com/firebasejs/ https://www.gstatic.com/charts/ https://www.youtube.com https://static.cloudflareinsights.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' blob: https://rehearse-api.ccli.com https://cdn.jsdelivr.net/gh/ https://apis.google.com https://cdn.segment.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://js.chargebee.com https://js.stripe.com https://static.cloudflareinsights.com https://beacon-v2.helpscout.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: blob: https://api.builder.io/api/v1/ https://d33v4339jhl8k0.cloudfront.net https://support.apple.com https://www.googleadservices.com https://*.mzstatic.com https://beacon-v2.helpscout.net https://s3.amazonaws.com/helpscout.net/docs/ https://s3.amazonaws.com/helpscout.net https://cdn.worshipextreme.com https://i3.ytimg.com https://i.ytimg.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://translate.google.com https://www.worshipextreme.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://googleads.g.doubleclick.net/pagead https://api.worship.tools https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://download.worshiptools.com https://ipapi.co https://pagead2.googlesyndication.com https://www.google.com https://www.googleapis.com https://region1.google-analytics.com https://www.google-analytics.com https://firestore.googleapis.com https://securetoken.googleapis.com https://translate.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://us-east1-worship-extreme.cloudfunctions.net; media-src 'self' data: https://ssl.gstatic.com https://cdn.worshipextreme.com https://media.worshiptools.com; object-src 'none'; frame-src 'self' https://rehearse-api.ccli.com https://bluecirclelab.chargebee.com https://js.chargebee.com https://www.googletagmanager.com https://www.youtube.com https://docs.google.com https://www.google.com https://js.stripe.com https://worship-extreme-datastore.firebaseapp.com; worker-src 'none'; base-uri 'self'; manifest-src 'self'; report-uri https://starpraise.report-uri.com/r/t/csp/reportOnly; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com cdn.jsdelivr.net geowidget.easypack24.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.wesupply.xyz https://wesupplylabs.com secure.payu.com merch-prod.snd.payu.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.google.pl www.facebook.com px.ads.linkedin.com elmark.com.pl www.elmark.com.pl *.clarity.ms *.bing.com geowidget.easypack24.net osm.inpost.pl www.rugged.com.pl elmatic.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com static.payu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com snap.licdn.com connect.facebook.net *.clarity.ms pi.pardot.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net info.elmark.com.pl consent.cookiefirst.com *.googlesyndication.com *.cloudflare.com *.avada.io secure.payu.com secure.snd.payu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net geowidget.easypack24.net *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com region1.analytics.google.com px.ads.linkedin.com *.clarity.ms stats.g.doubleclick.net *.googlesyndication.com api-pl-points.easypack24.net *.google-analytics.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com 'self' data: embed.tawk.to data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' data: www.googletagmanager.com ct.pinterest.com 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com 'self' data: integrations.etrusted.com interface.mailcampaigns.nl px.ads.linkedin.com www.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' data: interface.mailcampaigns.nl connect.facebook.net s.pinimg.com embed.tawk.to snap.licdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com 'self' data: integrations.etrusted.com interface.mailcampaigns.nl embed.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src embed.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com 'self' data: ct.pinterest.com pagead2.googlesyndication.com *.tawk.to px.ads.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 2
frame-src 'self'             https://*.adyen.com             *.cookiebot.com             https://cdn.tagcommander.com             https://cdn.trustcommander.net             https://privacy.trustcommander.net             https://privacy.commander1.com             https://apps.apple.com             https://*.zebet.fr             https://*.zebet.com             https://*.zebet.be             https://*.zebet.es             https://*.zebet.nl             https://*.zeturf.be             https://*.zeturf.com             https://*.zeturf.es             https://*.zeturf.fr             https://*.zeturf.nl             https://*.m-itrust.com             https://*.redsys.es             https://*.apata.io             https://*.abanca.com             https://*.n26.com             https://*.postfinance.ch             https://*.ing.fr             https://*.monext.fr             https://*.ing.com             https://*.vinea.es             https://*.verifiedbyvisa.com             https://*.cic.fr             https://*.cm-cic.com             https://*.creditmutuel.fr             https://*.modirum.com             https://*.gbp.ma             https://*.cornercard.ch             https://*.wlp-acs.com ;    report-uri /en/webservice/api/report-csp 2
font-src www.paypalobjects.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com  'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.innoship.ro https://*.sameday.ro *.addthis.com  www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com https://oqtagonmedia-1224e.kxcdn.com https://www.google.ro/ads/ga-audiences https://region1.analytics.google.com/ https://airsoftcluj-1224e.kxcdn.com/ https://airsoftbucuresti-1224e.kxcdn.com https://oqtagon-1224e.kxcdn.com https://www.oqtagon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com https://*.sameday.ro *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com *.avada.io *.shopify.com www.xtento.com cdn.xtento.com https://airsoftbucuresti-1224e.kxcdn.com https://oqtagon-1224e.kxcdn.com https://airsoftcluj-1224e.kxcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://*.sameday.ro maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net https://oqtagonmedia-1224e.kxcdn.com https://airsoftcluj-1224e.kxcdn.com/ https://airsoftbucuresti-1224e.kxcdn.com https://oqtagon-1224e.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io  https://region1.analytics.google.com/g/collect 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platform.twitter.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com twitter.com platform.twitter.com static.addtoany.com *.gstatic.com maps.googleapis.com *.nosto.com *.nos.to https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.nosto.com *.nos.to https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io stats.addtoany.com www.gstatic.com maps.googleapis.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com https://accounts.google.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page cc-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com cdnjs.cloudflare.com https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms https://www.clarity.ms/tag/ *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net x.klarnacdn.net https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://tag.rmp.rakuten.com *.klevu.com *.ksearchnet.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com assets.braintreegateway.com *.googleapis.com *.hotjar.com https://accounts.google.com https://www.gstatic.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms https://y.clarity.ms/collect *.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f720cf68-df7d-4a7b-a5e9-4e537ae99361.sansec.watch/; report-to report-endpoint; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ *.fontawesome.com * robincontentdesktop.blob.core.windows.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ * *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com *.prism.app-us1.com *.prismic.io *.facebook.com * *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com *.prism.app-us1.com *.prismic.io *.googletagmanager.com *.facebook.net * https://widget-acc.paazl.com https://widget.paazl.com https://api-acc.paazl.com https://api.paazl.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com * https://widget-acc.paazl.com https://widget.paazl.com https://api-acc.paazl.com https://api.paazl.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com *.prism.app-us1.com *.prismic.io * https://widget-acc.paazl.com https://widget.paazl.com https://api-acc.paazl.com https://api.paazl.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://4c701c01-85ba-408b-96cc-0fd2ab244242.sansec.watch/; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to csp-endpoint 2
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https:; connect-src 'self' https:; form-action 'self'; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://*.js.stripe.com https://checkout.stripe.com https://connect-js.stripe.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://*.website-files.com https://d3e54v103j8qbb.cloudfront.net https://*.onetrust.com https://*.cookielaw.org https://*.visualwebsiteoptimizer.com https://*.iwoca.com https://widget.trustpilot.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://snap.licdn.com https://bat.bing.com https://cdn.amplitude.com https://www.redditstatic.com https://*.fullstory.com https://connect.facebook.net https://*.hs-scripts.com https://*.tiktok.com https://*.intercom.io https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.doubleclick.net https://*.intercomcdn.com https://*.online-metrix.net https://cdn.datatables.net https://www.datadoghq-browser-agent.com https://*.dwin1.com https://cdn.checkout.com https://tools.refokus.com https://sdk.onfido.com https://*.awin1.com https://snippet.maze.co; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.website-files.com https://*.iwoca.com https://cdn.jsdelivr.net https://*.gstatic.com https://verify.iwoca.co.uk https://verify.iwoca.de https://sdk.onfido.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: https://*.stripe.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://*.website-files.com https://uploads-ssl.webflow.com https://d3e54v103j8qbb.cloudfront.net https://*.onetrust.com https://*.cookielaw.org https://*.visualwebsiteoptimizer.com https://*.reddit.com https://bat.bing.com https://www.facebook.com https://*.hubspot.com https://www.google.com https://www.google.fr https://*.hsforms.com https://*.ads.linkedin.com https://*.iwoca.com https://www.google.co.uk https://www.google.de https://*.online-metrix.net https://emailsignature.trustpilot.com https://providers-assets.truelayer.com; font-src 'self' data: https://*.gstatic.com https://*.website-files.com https://*.iwoca.com https://fonts.intercomcdn.com https://verify.iwoca.co.uk https://verify.iwoca.de https://cdnjs.cloudflare.com; connect-src 'self' https://api.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://www.google.com wss://*.iwoca.co.uk wss://*.iwoca.de https://*.onetrust.com https://*.cookielaw.org https://*.visualwebsiteoptimizer.com https://*.amplitude.com https://*.fullstory.com https://*.reddit.com https://www.facebook.com https://bat.bing.com https://*.hubspot.com https://*.hubapi.com https://*.intercom.io wss://*.intercom.io https://*.ads.linkedin.com https://*.tiktok.com https://*.tiktokw.us https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.iwoca.com  https://api.onfido.com https://*.online-metrix.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.co.uk; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://connect-js.stripe.com https://www.youtube.com https://player.vimeo.com https://widget.trustpilot.com https://www.googletagmanager.com https://*.online-metrix.net https://sdk.onfido.com https://*.awin1.com https://*.iwoca.com https://cdn.embedly.com https://jobs.ashbyhq.com https://e.infogram.com https://meetings.hubspot.com https://intercom-sheets.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://checkout.stripe.com; worker-src 'self' blob:; manifest-src 'self' https://*.iwoca.com; media-src 'self' https://*.intercomcdn.com https://*.website-files.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub5026669e7744a3ed13bf57586a630b91&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:gateway; 2
font-src *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com static.klaviyo.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com *.bank.in * hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com *.cardinaltrusted.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.klarna.com www.google.com accounts.google.com *.meetanshi.com *.purolator.com secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de https://hosted.paysafe.com *.sendcloud.sc *.jsdelivr.net checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.trustpilot.com https://*.paysafe.com https://*.netbanx.com *.bank.in * customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.cardinalcommerce.com *.cardinaltrusted.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com imgsct.cookiebot.com imgsct.cookiebot.eu *.doofinder.com validate.fishpig.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ accounts.google.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.meetanshi.com https://redchamps.com *.amazonaws.com media.sezzle.com osm.klarnaservices.com c.clarity.ms c.bing.com videodelivery.net 6064173.fs1.hubspotusercontent-na1.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com *.cardinaltrusted.com js.klevu.com x.klarnacdn.net *.cloudfront.net *.google.co.in *.trustpilot.com guarantee-cdn.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu *.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.google.com accounts.google.com *.googleapis.com *.google.com *.gstatic.com *.meetanshi.com *.purolator.com cdn.novalnet.de cdn.barzahlen.de applepay.cdn-apple.com https://*.paysafe.com https://api.test.paysafe.com https://api.paysafe.com  https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc *.jsdelivr.net checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.trustpilot.com https://*.netbanx.com widget.trustpilot.com static-tracking.klaviyo.com js.klarna.com www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com stats.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g10894638425.co g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com *.cardinaltrusted.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com js.klevu.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com x.klarnacdn.net *.adobedtm.com *.clarity.ms data: *.aggle.net *.g10696554090.co *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.klaviyo.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com *.cardinaltrusted.com *.adobedtm.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.google.com accounts.google.com *.meetanshi.com payport.novalnet.de secure.novalnet.de https://api.test.paysafe.com https://api.paysafe.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com gateway.sezzle.com sandbox.gateway.sezzle.com https://*.paysafe.com https://*.netbanx.com cdn.onesignal.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com *.cardinaltrusted.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.ksearchnet.com *.paypal.com *.amazonaws.com *.trustpilot.com *.clarity.ms *.adobedtm.com *.adobe.com *.aggle.net *.google.co.in *.demdex.net static.olark.com t.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.flixcar.com *.flixfacts.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.monetico-services.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.monetico-services.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com cdn.doofinder.com *.flix360.com *.flix360.io https://images.unsplash.com *.openstreetmap.org *.flixcar.com *.bazaarvoice.com *.jwpsrv.com *.flixfacts.com *.imgix.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.doofinder.com *.channelsight.com media.flixfacts.com *.flix360.io *.flixcar.com *.cloudflareinsights.com *.gitem.fr fghcx.gitem.fr xvvcw.procie.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.doofinder.com *.flixcar.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.monetico-services.com *.doofinder.com wss://*.doofinder.com *.flixcar.com *.openstreetmap.org *.axept.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gls.com *.szybkapaczka.pl *.gls-poland.com/ *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' data: *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.facebook.net *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.facebook.net js.mollie.com *.szybkapaczka.pl *.gls-poland.com/ secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.tawk.to *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.doofinder.com magefan.com cm.magefan.com *.facebook.com *.facebook.net https://firebasestorage.googleapis.com https://www.mollie.com https://api.mapbox.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ *.gls-poland.com.pl/ static.payu.com 'self' data: *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com https://*.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://*.vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com tagmanager.google.com https://www.googletagmanager.com *.doofinder.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com https://*.gstatic.com *.avada.io *.shopify.com js.mollie.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ secure.payu.com secure.snd.payu.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com https://static.cloudflareinsights.com https://script.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://*.vimeocdn.com https://cdn.jsdelivr.net https://*.tawk.to https://*.stripe.com https://*.stripe.network https://*.stripecdn.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://www.facebook.com https://connect.facebook.net https://*.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doofinder.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.szybkapaczka.pl *.gls-poland.com/ *.stripe.network *.stripecdn.com *.gstatic.com *.tawk.to cdn.jsdelivr.net fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.szybkapaczka.pl *.gls-poland.com/ *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.doofinder.com wss://*.doofinder.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ secure.payu.com merch-prod.snd.payu.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.tawk.to wss://*.tawk.to *.googletagmanager.com https://static.cloudflareinsights.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com https://www.sandbox.paypal.com https://*.newrelic.com https://*.nr-data.net https://*.stripe.com https://connect.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.sharethis.com *.rawgit.com *.jquery.com *.facebook.net *.usercentrics.eu *.cookiebot.eu *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.googleapis.com *.linkedin.com *.hotjar.com wasm-eval *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.sharethis.com *.rawgit.com *.cloudflare.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.bootstrapcdn.com *.wisoyekivo.com *.linkedin.com *.vimeo.com *.skedify.io *.plugin.skedify.io *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.pagespeed-mod.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-elem 'self' 'unsafe-inline' *.jquery.com *.googleapis.com *.bootstrapcdn.com *.skedify.io pv.skedify.show *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-attr 'unsafe-inline'; img-src 'self' data: *.google.com *.skedify.io *.vimeocdn.com *.ytimg.com *.sharethis.com *.googleapis.com *.gstatic.com *.sharethis.com *.google-analytics.com *.hotjar.com *.gstatic.com *.sharethis.com *.google.com *.sharethis.com *.facebook.com *.google-analytics.com *.google.at *.google.be *.google.ch *.google.co.uk *.google.co.za *.google.com *.google.com.ng *.google.de *.google.es *.google.fi *.google.fr *.google.ie *.google.it *.google.lu *.google.nl *.google.pt *.google.se *.googletagmanager.com *.gstatic.com *.ondernemersbelang.nl *.pv.be *.pvgroep.coop *.pvgroup.be *.reprintsdesk.com *.researchsolutions.com *.verfvanniveau.nl *.google.co.in; font-src 'self' data: *.alicdn.com *.gstatic.com github.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.doubleclick.net *.google.com *.eu1.kaskocloud.com *.skedify.io *.crwdcntrl.net *.cookiebot.com *.withgoogle.com *.stbuttons.click data: *.hotjar.com *.fontawesome.com *.sharethis.com *.google.com *.googleapis.com *.ingest.sentry.io *.googlesyndication.com properties *.google-analytics.com *.g.doubleclick.net *.hotjar.io *.facebook.com; media-src 'self'; child-src *.fls.doubleclick.net *.google.com *.esignlive.eu *.cookiebot.com *.sharethis.com *.facebook.com *.linkedin.com *.youtube-nocookie.com *.youtube.com; frame-src 'self' *.fls.doubleclick.net *.google.com *.esignlive.eu blob: *.cookiebot.com *.ebconnect.be *.zscaler.net *.zscalertwo.net *.vimeo.com *.plugin.skedify.io *.sharethis.com properties *.facebook.com *.sharethis.com *.facebook.com *.google.com *.linkedin.com *.sofiskonline.be *.youtube-nocookie.com *.youtube.com; frame-ancestors 'self'; form-action 'self' *.sips-services.com *.salesforce.com *.facebook.com; manifest-src 'self'; object-src 'none' 2
font-src *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com test.saferpay.com www.saferpay.com saferpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com https://cdn.eye-able.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net *.avada.io *.shopify.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com https://cdn.eye-able.com https://cdn.findologic.com https://static.criteo.net maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net 'unsafe-inline' assets.braintreegateway.com https://cdn.eye-able.com https://cdn.findologic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com places.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://*.hotjar.com https://*.clarity.ms https://snap.licdn.com https://widget.tabnav.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.synaxon.com https://stackpath.bootstrapcdn.com https://*.gstatic.com https://*.adform.net https://*.google.com https://www.youtube.com https://*.googlesyndication.com https://*.twitter.com https://widget.tabnav.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://stackpath.bootstrapcdn.com; img-src 'self' data: 'self' data: https: https://*.gstatic.com https://px.ads.linkedin.com https://widgets.kununu.com https://www.facebook.com https://*.google.com https://www.googletagmanager.com; font-src 'self' data: https://*.gstatic.com https://static2.sharepointonline.com https://*.wp.com; connect-src 'self' https://px.ads.linkedin.com https://region1.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.clarity.ms https://analytics.synaxon.com https://web-api.synaxon.de https://www.facebook.com https://www.google-analytics.com https://region1.analytics.google.com https://*.adform.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.hotjar.io wss://*.hotjar.com https://analytics.google.com https://*.googlesyndication.com https://widget-config.tabnav.com; media-src 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; report-uri /csp-report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com searchserverapi.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com searchserverapi.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.youtube.com/ https://scontent-ams4-1.cdninstagram.com *.multisafepay.com https://pay.google.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent-ams4-1.cdninstagram.com widgets.trustedshops.com *.etrusted.com searchserverapi.com *.facebook.com *.google.nl *.bing.com *.clarity.ms imgsct.cookiebot.com *.klaviyo.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://scontent-ams4-1.cdninstagram.com widgets.trustedshops.com searchserverapi.com cdn.amplitude.com google.nl *.facebook.net *.bing.com *.clarity.ms consent.cookiebot.com s.pinimg.com *.clerk.io *.klaviyo.com sst.kayori.nl *.avada.io *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com widgets.trustedshops.com *.etrusted.com searchserverapi.com *.klaviyo.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://scontent-ams4-1.cdninstagram.com searchserverapi.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.clarity.ms ct.pinterest.com *.klaviyo.com https://get.geojs.io *.avada.io *.multisafepay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 2
policy 2
report-uri /nelmio/csp/report 2
default-src 'self' https://i.vimeocdn.com https://f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io *.akamaized.net clientassets.sightera.com.s3.amazonaws.com https://d263mgllkjh2k2.cloudfront.net http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net cognito-identity.us-east-1.amazonaws.com cognito-identity.us-west-1.amazonaws.com https://s3.amazonaws.com/beast.branding.sightera.com https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.branding.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/business.sightera.com/ https://s3.amazonaws.com/sound.sightera.com/ sqs.us-east-1.amazonaws.com sqs.us-west-1.amazonaws.com wirewax.s3.eu-west-1.amazonaws.com *.amplitude.com vimeo.bynder.com bat.bing-int.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io https://d1ripsxh7es2qp.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net media.gettyimages.com d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net dv7a7fjpjy29e.cloudfront.net cdn.cookielaw.org https://browser-intake-datadoghq.com ad.doubleclick.net *.g.doubleclick.net *.elfsight.com fp.service.expressplay.com pr.service.expressplay.com wv.service.expressplay.com www.facebook.com api.figma.com *.firebaseio.com tracking-api.g2.com *.getsmartling.com *.google.ae *.google.com *.google.ca *.google.ch *.google.es *.google.fr *.google.ge *.google.iq *.google.is *.google.it *.google.pl *.google.se *.google.si *.google.rs *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.com.ar *.google.com.au *.google.com.br *.google.com.mx *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.uk *.google.de *.analytics.google.com *.google-analytics.com www.googleadservices.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com api.greenhouse.io *.hivestreaming.com 117151225.intellimizeio.com *.intellimize.co *.kollective.app *.kollective.app:31015 *.kollectivecd.com leatherback-dot-vimeo-prod.appspot.com snap.licdn.com px.ads.linkedin.com linkedin.com *.litix.io *.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com js-agent.newrelic.com t.paypal.com https://data.pendo.io *.pndsn.com privacyportal.onetrust.com privacyportal-cdn.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com *.statscollector.ap.sd-rtn.com *.ap.sd-rtn.com *.sd-rtn.com o209747.ingest.us.sentry.io sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net https://telemetry.transcend.io transcend-cdn.com https://drm.vhx.com/v2/fairplay/cert collector.vhx.tv *.cloud.vimeo.com interactive.create.vimeo.com *.vimeo.com https://vimeo.com *.vimeo.work https://*.vimeocdn.com cdn.widerfunnel.com appds8093.blob.core.windows.net *.wirewax.com *.wirewax.tv *.wirewax.video *.zdassets.com https://vimeosupport.zendesk.com *.zoom.us zoom.us ws.zoominfo.com api.box.com public.boxcloud.com us-central1-vimeo-record-prod.cloudfunctions.net https://api.picox.bendingspoons.com https://orion.bendingspoons.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net dv7a7fjpjy29e.cloudfront.net fonts.gstatic.com *.cdn.magisto.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net https://f.vimeocdn.com edge-assets.wirewax.com edge-assets.wirewax.video cdn01.boxcdn.net; frame-src *; img-src * blob: data:; media-src 'self' blob: data: *.akamaized.net https://d263mgllkjh2k2.cloudfront.net http://d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.gvt1.com *.cdn.magisto.com *.eu.cloud.vimeo.com live-api.cloud.vimeo.com captions.vimeo.com captions.eu.vimeo.com player.vimeo.com https://*.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://s3.amazonaws.com/test.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com/ https://s3.amazonaws.com/beast.business.sightera.com https://s3.amazonaws.com/beast.branding.sightera.com/ https://storage.googleapis.com/vimeo-create-prod-files/ http://d1ripsxh7es2qp.cloudfront.net https://d3fclmoge30w0w.cloudfront.net https://storage.googleapis.com/vimeo-prod-upload-create-us-east1/ https://storage.googleapis.com/vimeo-prod-upload-create-europe-west1/ https://storage.googleapis.com/vimeo-storage-dev-upload-create-us-east1/ https://storage.googleapis.com/vimeo-storage-dev-upload-create-europe-west1/ https://captions.vimeo.com https://captions-eu.vimeo.com; object-src 'self' player.vimeo.com *.vimeocdn.com *.akamaized.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: https://s0.2mdn.net/instream/video/ *.6sc.co wirewax.s3.eu-west-1.amazonaws.com app.link https://bat.bing-int.com https://bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com https://d3pvxrmcry8qui.cloudfront.net https://browser-intake.datadoghq.com https://www.datadoghq-browser-agent.com https://*.g.doubleclick.net www.dropbox.com static.elfsight.com *.elfsightcdn.com connect.facebook.net *.firebaseio.com tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com ajax.googleapis.com maps.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com https://www.googletagmanager.com www.googletagservices.com cdn.intellimize.co *.kollective.app snap.licdn.com src.litix.io lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com https://data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com js.stripe.com web-sdk-cdn.singular.net transcend-cdn.com vimeo.com *.vimeo.com *.vimeocdn.com https://*.vimeocdn.com cdn.widerfunnel.com edge-assets.wirewax.com edge-assets.wirewax.video embedder-sdk.wirewax.com embedder-sdk.wirewax.tv embedder-sdk.wirewax.video origin-4.xtlo.net static.zdassets.com *.zoom.us zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js cdn01.boxcdn.net; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.vimeo.com *.vimeocdn.com https://*.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com edge-assets.wirewax.video edge-player5.wirewax.com edge-player5.wirewax.video origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com data: *.formstack.com hscoilusa.com *.hscoilusa.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com *.geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com *.modinjapan.com cdn-btsg.com *.cdn-btsg.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca *.certcapture.com *.formstack.com *.paypalobjects.com paypalobjects.com *.payfabric.com *.kaptcha.com kaptcha.com *.geniustoolsusa.com *.modinjapan.com affirm.com hscoilusa.com *.hscoilusa.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com cdn-btsg.com *.cdn-btsg.com trustpilot.com *.trustpilot.com signifyd.com *.signifyd.com facebook.com *.facebook.com https://www.googletagmanager.com/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.affirm.com *.affirm.ca *.certcapture.com *.cloudflare.com *.google.com *.elfsightcdn.com *.facebook.com facebook.com *.geniustoolsusa.com gstatic.com *.googleapis.com googleapis.com paypal.com affirm.com hscoilusa.com *.hscoilusa.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com *.modinjapan.com cdn-btsg.com *.cdn-btsg.com userway.org *.userway.org cloudfront.org *.cloudfront.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src adobedtm.org *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.certcapture.com *.cloudflare.com *.twitter.com *.fontawesome.com unpkg.com *.trustpilot.com *.elfsight.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.facebook.net facebook.net *.payfabric.com *.jsdelivr.net *.formstack.com ipinfo.io affirm.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com *.geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com *.modinjapan.com hscoilusa.com *.hscoilusa.com cdn-btsg.com *.cdn-btsg.com userway.org *.userway.org *.adobedtm.org cloudflareinsights.com *.cloudflareinsights.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com maps.googleapis.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com unpkg.com *.googleapis.com data: *.jsdelivr.net *.formstack.com hscoilusa.com *.hscoilusa.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com *.geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com *.modinjapan.com cdn-btsg.com *.cdn-btsg.com userway.org *.userway.org widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.affirm.com *.affirm.ca *.certcapture.com *.cloudflare.com *.elfsight.com *.doubleclick.net *.payfabric.com googleapis.com *.googleapis.com affirm.com hscoilusa.com *.hscoilusa.com stackpathcdn.com *.stackpathcdn.com geniustoolsusa.com *.geniustoolsusa.com duratiredirect.com *.duratiredirect.com otrprodirect.com *.otrprodirect.com modinjapan.com *.modinjapan.com cdn-btsg.com *.cdn-btsg.com userway.org *.userway.org widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com places.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.bunny.net www.searchanise.com *.searchserverapi.com *.gstatic.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.meetanshi.com js.mollie.com www.searchanise.com *.searchserverapi.com *.twitter.com www.xtento.com *.googletagmanager.com *.yotpo.com widget.trustpilot.com lpcdn.lpsnmedia.net www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://meetanshi.com/media/logo.png *.meetanshi.com https://www.mollie.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.yotpo.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.meetanshi.com js.mollie.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.yotpo.com *.cloudflare.com *.fontawesome.com *.liveperson.net *.trustpilot.com static.zdassets.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com fonts.googleapis.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.meetanshi.com api.amplitude.com stats.g.doubleclick.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.yotpo.com *.cloudflare.com *.abakhan.co.uk *.woolbox.co.uk *.fabriczone.co.uk *.zendesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.quadpay.com https://*.zip.co maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.lewandmassager.com *.bvibe.com use.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://bid.g.doubleclick.net *.lewandmassager.com *.bvibe.com https://www.googletagmanager.com/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com https://*.zip.co www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com shareasale.com *.bvibe.com *.lewandmassager.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://*.quadpay.com https://*.zip.co *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com *.lewandmassager.com *.bvibe.com *.impactcdn.com https://maps.googleapis.com https://maps.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://fonts.gstatic.com https://fonts.googleapis.com *.lewandmassager.com *.bvibe.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://*.quadpay.com https://*.zip.co api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://bvibe.pxf.io/ https://lewand-massager.sjv.io/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com static.compari.ro *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'self' 'strict-dynamic' https: data:; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
script-src-elem *.crazyegg.com; style-src-elem *.stackadapt.com; font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.googleapis.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://d1cwup7r903a1d.cloudfront.net *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.authorize.net *.visualwebsiteoptimizer.com https://cryptnsend.com *.cryptnsend.net *.bbb.org *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.webeyez.com storage.googleapis.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com widgets.automizely.com widgets.automizely.io *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.googletagmanager.com *.reddit.com *.visualwebsiteoptimizer.com *.listrakbi.com *.bing.com *.facebook.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.adsrvr.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com ajax.googleapis.com https//fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com *.stackadapt.com/events.js *.crazyegg.com *.redditstatic.com *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.rtb123.com *.routeapp.io *.route.com *.mypurecloud.com https://sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.webeyez.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https//fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.automizely.com api.automizely.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com *.stackadapt.com *.redditstatic.com *.reddit.com *.crazyegg.com *.visualwebsiteoptimizer.com *.listrak.com *.listrakbi.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salescycle.com wss://ws.salescycle.com *.salecycle.com wss://ws.salecycle.com *.facebook.com https://www.facebook.com *.route.com *.adnxs.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.pro.ip-api.com *.ip-api.com *.amazonaws.com *.breadgateway.net *.bing.com *.webeyez.com storage.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
font-src cdn.rawgit.com cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com hmg-attachments.s3-eu-west-1.amazonaws.com maps.gstatic.com maps.googleapis.com ssl.google-analytics.com www.facebook.com cookie-cdn.cookiepro.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com api-js.mixpanel.com bam.nr-data.net maps.googleapis.com ssl.google-analytics.com cdn.pubble.io cookie-cdn.cookiepro.com connect.facebook.net *.elavon.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.pubble.io cdn.rawgit.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net www.pubble.io cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net *.elavon.com *.sagepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://lleung.uriports.com/reports/report; report-to default 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 2
report-uri /algemeen/report_CSP_error.php; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
https://www.calyxsoftware.com;static.hsappstatic.net, *.hubspotusercontent-*.net, *.hubspot.net, *.hs-scripts.com 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com media.beautytime.pro media.beautytime.pro.local *.googleapis.com *.google.com *.livechatinc.com 'unsafe-inline' data: script.hotjar.com vc.hotjar.io ws.hotjar.com content.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'unsafe-inline' data: blob: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com flagpedia.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com maps.gstatic.com script.hotjar.com vc.hotjar.io ws.hotjar.com content.hotjar.io media.beautytime.pro media.beautytime.pro.local www.gravatar.com *.googleapis.com *.google.com *.livechatinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com *.gstatic.com maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com cdn.jsdelivr.net telegram.org media.beautytime.pro *.plerdy.com media.beautytime.pro.local *.googletagmanager.com *.googleapis.com wss: script.hotjar.com static.hotjar.com/ vc.hotjar.io ws.hotjar.com content.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com cdn.jsdelivr.net media.beautytime.pro media.beautytime.pro.local *.googleapis.com *.livechatinc.com *.google.com script.hotjar.com vc.hotjar.io ws.hotjar.com content.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.gstatic.com maps.googleapis.com *.plerdy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.typekit.net *.bing.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.langshop.io www.google.com *.google.com *.doubleclick.net *.facebook.com data.henkterhorst.nl js.mollie.com *.google.nl *.google.at *.google.de *.google.be *.google.fr *.google.it www.googletagmanager.com *.trustpilot.com *.pinterest.com *.criteo.com *.criteo.net *.cookiebot.com https://squeezely.tech *.sendcloud.sc *.jsdelivr.net *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://cdn.clerk.io retail.googleapis.com henkterhorst.nl *.henkterhorst.nl henkterhorst.de *.henkterhorst.de *.henkterhorst.dk brinks-media.com *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.1rx.io *.yieldmo.com *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.emxdgt.com *.adform.net *.twiago.com *.dmxleo.com *.unrulymedia.com *.eyeota.net *.agkn.com *.clarity.ms https://www.magezon.com https://www.mollie.com *.mailcampaigns.nl/ *.linkedin.com *.pinterest.com *.google.com.ua *.google.de *.google.nl *.google.at *.google.be *.google.fr *.google.it *.twitter.com *.yahoo.com *.webwinkelkeur.nl *.cookiebot.com *.criteo.com *.criteo.net *.bing.com *.cloudflare.com *.jmango360.com *.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com https://api.clerk.io https://cdn.clerk.io robincontentdesktop.blob.core.windows.net *.pagesense.io *.adnxs.com *.faslet.net blob: data.henkterhorst.nl *.avada.io js.mollie.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.paypal.com chimpstatic.com *.newrelic.com *.cloudflare.com *.criteo.net *.robinhq.com *.mailcampaigns.nl *.cloudflareinsights.com *.hotjar.com *.trustpilot.com *.dhlparcel.nl *.nr-data.net *.criteo.com *.cookiebot.com *.bing.com *.msecnd.net *.pinterest.com *.clarity.ms *.pinimg.com *.licdn.com *.sooqr.com https://squeezely.tech *.billygrace.com *.sendcloud.sc *.jsdelivr.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.mailcampaigns.nl *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.typekit.net *.klaviyo.com *.bing.com *.sooqr.com https://unpkg.com *.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com henkterhorst.nl *.henkterhorst.nl *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.faslet.net *.henkterhorst.nl *.zoho.eu *.googlesyndication.com https://get.geojs.io *.avada.io *.nr-data.net *.newrelic.com *.mailcampaigns.nl *.visualstudio.com *.pinterest.com google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.bing.com *.linkedin.com *.hotjar.com *.hotjar.io *.trustpilot.com *.doubleclick.net *.googletagmanager.com wss://ws.hotjar.com/ *.criteo.com *.criteo.net *.cookiebot.com *.clarity.ms *.amazonaws.com https://squeezely.tech *.jsdelivr.net *.billypx.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com *.hsforms.net *.hsforms.com 'self' data: *.cdninstagram.com *.fbcdn.net *.google.co.in *.sansha.com *.magento2.sansha.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.cardinalcommerce.com *.ccdc02.com *.paypalobjects.com *.ytimg.com *.googleapis.com *.vimeo.eu *.vimeo.com *.gstatic.com *.omtrdc.net *.mailchimp.com *.braintreegateway.com *.packeta.com *.app-wallee.com *.cdek.ru *.chronopost.fr *.authorize.net *.stripe.com *.hsforms.net *.hsforms.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.instagram.com maps.googleapis.com klarna.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com embed.tawk.to *.tawk.to *.jsdelivr.net www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com embed.tawk.to *.tawk.to *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com embed.tawk.to *.tawk.to *.jsdelivr.net vsa104.tawk.to vsa94.tawk.to vsa79.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com; report-uri /csp-report; 2
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' unpkg.com *.cookieinformation.com *.episerver.net *.itxuc.com *.googletagmanager.com *.imgi.no *.youtube.com siteimproveanalytics.com *.siteimproveanalytics.io *.doubleclick.net localhost:5000 *.snapchat.com *.google.com *.facebook.com js.monitor.azure.com *.facebook.net snap.licdn.com sc-static.net *.tiktok.com px.ads.linkedin.com *.cloudfront.net *.bing.com *.ads.linkedin.com *.services.visualstudio.com *.googlesyndication.com *.aptrinsic.com cdn.siteimprove.net adservice.google.com *.googleapis.com *.gstatic.com elvia.my.site.com elvia.my.salesforce-scrt.com elvia--test.sandbox.my.site.com elvia--test.sandbox.my.salesforce-scrt.com cookie-cdn.cookiepro.com fonts.vev.design;report-uri https://phoenix-csp-reporting.azurewebsites.net/cspreport 2
default-src * 'unsafe-inline' 'unsafe-eval'; report-to report; report-uri /?_task=background&_action=csp_report 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com applepay.cdn-apple.com *.fonts.googleapis.com data: *.cloudflare.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api-qa.payplug.com secure-qa.payplug.com *.payplug.com *.addthis.com *.pinterest.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://secure-magenta.dalenys.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com https://www.google.it *.mr-malt.it data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.instagram.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.iubenda.com *.tawk.to *.jsdelivr.net *.clerk.io *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com *.tawk.to *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.tawk.to wss://*.tawk.to *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.flavedo.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.connectif.cloud *.privacy-center.org *.visualwebsiteoptimizer.com *.shippypro.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com assets.braintreegateway.com *.shippypro.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.shippypro.com *.connectif.cloud t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.link.com *.amazon.com *.citrusad.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
upgrade-insecure-requests; report-to https://myrgroup.com/csp-report.php;; report-uri https://myrgroup.com/csp-report.php;; 2
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com *.fontawesome.com fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.awin1.com *.zenaps.com https://images.unsplash.com flagpedia.net https://www.mollie.com www.bunzlaucastle.nl www.bunzlaucastle.com www.bunzlaucastle.de www.bunzlaucastle.fr www.returntosender.nl returntosender.content.clipbv.com bunzlaucastle.content.clipbv.com bat.bing.com googleads.g.doubleclick.net www.google.nl www.google.com b2b.content.clipbv.com b2b.clipbv.com www.thetable.store thetable.content.clipbv.com viavel.content.clipbv.com www.viavel.nl www.facebook.com d15k2d11r6t6rl.cloudfront.net www.googletagmanager.com api.mapbox.com pins.stockist.co stockist.co c.bing.com c.clarity.ms https://widgets.trustedshops.com https://integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://maps.googleapis.com *.gstatic.com maps.googleapis.com js.mollie.com bat.bing.com cdn-eu.pagesense.io app.reloadify.com s.pinimg.com connect.facebook.net ct.pinterest.com stockist.co cdnjs.cloudflare.com widget-portal.givacard.nl tagging.bunzlaucastle.nl pagead2.googlesyndication.com tagging.bunzlaucastle.com tagging.bunzlaucastle.de tagging.thetable.store tagging.returntosender.nl https://widgets.trustedshops.com https://integrations.etrusted.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com fonts.googleapis.com stockist.co https://widgets.trustedshops.com https://integrations.etrusted.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src b2b.content.clipbv.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://player.vimeo.com www.gstatic.com maps.googleapis.com bat.bing.com app.reloadify.com region1.google-analytics.com ct.pinterest.com www.google.nl stockist.co us-central1-stockist-prod.cloudfunctions.net gap.stockist.workers.dev pro.ip-api.com www.pinterest.com widget-portal.givacard.nl tagging.bunzlaucastle.nl tagging.bunzlaucastle.com tagging.bunzlaucastle.de tagging.thetable.store pagead2.googlesyndication.com tagging.returntosender.nl www.facebook.com *.trustedshops.com *.etrusted.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: widget.trustpilot.com cdn.segment.com *.intercomcdn.com va.vercel-scripts.com connect.facebook.net widget.intercom.io bat.bing.com analytics.tiktok.com *.pinimg.com ct.pinterest.com www.googletagmanager.com player.vimeo.com googleads.g.doubleclick.net www.youtube.com cf-st.sc-cdn.net; style-src 'self' 'unsafe-inline' checkoutshopper-test.adyen.com checkoutshopper-live.adyenpayments.com; img-src 'self' data: blob: cdn.sanity.io pimimages.azureedge.net ggfrontendassets.azureedge.net pslimagesqa.azureedge.net pslimagesprod.azureedge.net ggpslimageqa.blob.core.windows.net godtlevertpimimages.blob.core.windows.net *.intercomcdn.com bat.bing.com bat.bing.net www.facebook.com www.google.com www.google.no www.google.se www.google.dk www.google.de cm.g.doubleclick.net www.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' data: ggfrontendassets.azureedge.net pimimages.azureedge.net fonts.intercomcdn.com fonts.gstatic.com; connect-src 'self' *.datadoghq.eu browser-intake-datadoghq.eu http-intake.logs.datadoghq.eu cdn.sanity.io *.api.sanity.io cdn.segment.com api.segment.io in.eu2.segmentapis.com *.intercom.io wss://*.intercom.io *.intercomcdn.com *.azurewebsites.net bat.bing.com bat.bing.net analytics.tiktok.com analytics-ipv6.tiktokw.us www.facebook.com connect.facebook.net www.google.com ct.pinterest.com vimeo.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.googleadservices.com graph.facebook.com www.googletagmanager.com region1.google-analytics.com www.google-analytics.com googleads.g.doubleclick.net https://graph.cheffelo.com https://gg-api-management-prod.azure-api.net; frame-src 'self' widget.trustpilot.com checkoutshopper-test.adyen.com checkoutshopper-live.adyenpayments.com *.intercom.io ct.pinterest.com *.fls.doubleclick.net player.vimeo.com www.facebook.com www.googletagmanager.com www.youtube.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self' 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 2
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.xtento.com *.klarna.com *.resurs.com *.vimeo.com *.google.com *.googletagmanager.com gtm.sharkgaming.dk gtm.sharkgaming.se gtm.sharkgaming.no gtm-p7bx89s-nwviz.uc.r.appspot.com *.chatbotize.com *.cookieinformation.com *.trustpilot.com *.viabill.com *.doubleclick.net *.getzowie.com chat.karlachat.com *.getblue.io *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.xtento.com cdn.xtento.com *.bird.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.bing.com *.magentocommerce.com sharkgaming.dk sharkgaming.se sharkgaming.no *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.google.dk *.google.se *.google.no *.charpstar.net s7g10.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com www.xtento.com cdn.xtento.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.resurs.com *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.app.cookieinformation.com *.viabill.com *.trustpilot.com *.emaerket.dk *.payever.org *.hotjar.com *.bing.com addrevenue.io *.retargeted.co *.getzowie.com *.zopim.com *.adii.se *.charpstar.net *.azureedge.net gtm-p7bx89s-nwviz.uc.r.appspot.com analytics.tiktok.com *.getblue.io analytics.bestofluck.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.omtrdc.net data: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.charpstar.net *.klaviyo.com *.doubleclick.net *.google.com *.app.cookieinformation.com *.getzowie.com *.zopim.com wss://widget-mediator.zopim.com *.browser-intake-datadoghq.eu *.googlesyndication.com blob: *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.payever.org *.elastic-cloud.com addrevenue.io *.chatbotize.com mboxedge37.tt.omtrdc.net gtm-p7bx89s-nwviz.uc.r.appspot.com analytics.tiktok.com *.bing.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io maps.googleapis.com bat.bing.net *.sparxpres.dk sparxpres.dk 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://*.evidon.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com https://*.evidon.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
default-src 'self'; script-src 'self' 'unsafe-inline'  https://ovbgd-marcom-service.westeurope.cloudapp.azure.com https://consentcdn.cookiebot.com https://busgd.nl https://www.googletagmanager.com https://consent.cookiebot.com https://static.zdassets.com https://qbuzz.stream.prepr.io https://*.mux.com https://www.gstatic.com http://www.gstatic.com https://googleads.g.doubleclick.net https://consent.cookiebot.eu https://static.hotjar.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' blob: data:  https://qbuzz.files.prepr.io; font-src 'self' data: https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com; connect-src 'self'  https://ovbgd-marcom-service.westeurope.cloudapp.azure.com https://region1.google-analytics.com https://consentcdn.cookiebot.com https://qbuzz.zendesk.com https://ekr.zdassets.com https://qbuzz.stream.prepr.io https://*.mux.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://inferred.litix.io https://www.google.com https://metrics.hotjar.io https://*.a.run.app; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://consentcdn.cookiebot.com https://em.qbuzz.nl https://www.googletagmanager.com; media-src 'self' https://inferred.litix.io/ https://*.mux.com https://manifest-oci-us-ashburn-1-vop1.edgemv.mux.com; upgrade-insecure-requests 2
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com cash-f.squarecdn.com github.com *.fontawesome.com https://fonts.bunny.net *.avis-verifies.com *.skeepers.io https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.skeepers.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ * critizr.com asset.easydmp.net creativecdn.com *.doubleclick.net *.wlp-acs.com *.hotjar.com/ *.adyen.com js.mollie.com *.avis-verifies.com *.skeepers.io *.adyenpayments.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com cdn.matomo.cloud *.matomo.cloud *.openstreetmap.org axeptio.imgix.net www.facebook.com google.fr *.google.fr *.bing.com *.adnxs.com *.adyen.com cl.avis-verifies.com *.metaffiliation.com *.leroidumatelas.fr *.googletagmanager.com https://firebasestorage.googleapis.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: *.adyenpayments.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.jsdelivr.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com https://player.vimeo.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.avis-verifies.com static.critizr.com *.googletagmanager.com cdn.matomo.cloud *.matomo.cloud *.axept.io *.bing.com asset.easydmp.net analytics.tiktok.com trk.lgw.io connect.facebook.net *.hotjar.com *.lm-tracking.com *.metaffiliation.com *.leroidumatelas.fr *.avada.io *.shopify.com js.mollie.com *.skeepers.io https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.gstatic.com *.de-matrassenkoning.be *.leroidumatelas.be *.msecnd.net *.adyenpayments.com unpkg.com *.perfmaker.net *.zdassets.com 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.cash.app static.critizr.com *.adyen.com *.metaffiliation.com *.leroidumatelas.fr *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.avis-verifies.com *.skeepers.io https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.adyenpayments.com *.perfmaker.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.getalma.eu *.almapay.com *.openstreetmap.org * https://maps.googleapis.com https://player.vimeo.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ cdn.matomo.cloud *.matomo.cloud *.axept.io analytics.tiktok.com *.google.fr *.doubleclick.net *.metaffiliation.com *.leroidumatelas.fr *.googletagmanager.com https://get.geojs.io *.avada.io *.avis-verifies.com awsapis3.netreviews.eu *.skeepers.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.de-matrassenkoning.be *.leroidumatelas.be *.msecnd.net *.adyenpayments.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.hotjar.com secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com mcstagingmedia.carou.com mcprodmedia.carou.com *.google.com www.google.com.ua ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hotjar.com unsafe-inline *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com bam.nr-data.net js-agent.newrelic *.ratepay.com js-agent.newrelic.com s.pinimg.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com/ *.ratepay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.hotjar.com wss://*.hotjar.com/ bam.nr-data.net www.carou.com stats.g.doubleclick.net vc.hotjar.io ct.pinterest.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://js.stripe.com https://accounts.google.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.stripe.com https://accounts.google.com https://api.deepseek.com; frame-src https://js.stripe.com https://accounts.google.com https://www.youtube.com https://iframe.mediadelivery.net https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self' https://accounts.google.com; 2
font-src *.klarnacdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de player.vimeo.com *.facebook.com *.youtube.com *.youtube-nocookie.com 'self' 'unsafe-inline'; img-src d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cdninstagram.com *.hsforms.net *.hsforms.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com connect.facebook.net *.newrelic.com *.nr-data.net *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net https://static.klaviyo.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.newrelic.com *.nr-data.net vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.lineicons.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.maksekeskus.ee *.test.maksekeskus.ee www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://firebasestorage.googleapis.com https://www.terminalmappingjs.com https://osm.venipak.com http://mano.venipak.lt *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.nsking.com *.nsking.lv nsking.lv nsking.ee nsking.fi nsking.lt *.nsking.lt *.nsking.fi *.nsking.ee *.google.de *.google.ee data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.shopify.com *.fontawesome.com https://unpkg.com cdn.ampproject.org www.gstatic.com *.googletagmanager.com *.google.com maps.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://unpkg.com www.gstatic.com maxcdn.bootstrapcdn.com fonts.google.com cdn.lineicons.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io https://www.terminalmappingjs.com https://geocode.arcgis.com cdn.ampproject.org www.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.google.com maps.google.com maps.googleapis.com google-analytics.com 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudflare.com *.trustedshops.com data: *.stape.io *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad4m.at *.doubleclick.net *.ad-srv.net *.adserver01.de *.bsmartdata.com https://www.googletagmanager.com/ *.addthis.com *.google.com.ua *.google.co.uk *.stape.io www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com dashandy.de *.tradetracker.net *.adcell.com www.xtento.com *.dashandy.de *.bild.de *.testit.de *.s24.com *.doubleclick.net *.adscale.de *.cloudflare.com cdn.klarna.com res.cloudinary.com *.ytimg.com *.usercentrics.eu *.haendlerbund.de *.idealo.com *.ad4m.at *.adition.com *.adform.net www.google.de *.bidswitch.net *.smartadserver.com *.rubiconproject.com *.360yield.com blob: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com *.google.com.ua *.google.co.uk *.stape.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com apis.google.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.s24.com *.hyj.mobi *.tradetracker.net api.bounce-commerce.de *.cloudflare.com *.magento.com ad4m.at *.adcell.com *.ad-srv.net *.google-analytics.com *.trustedshops.com *.usercentrics.eu *.googletagmanager.com *.loadbee.com *.bild.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.stape.io *.avada.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.typekit.net https://widgets.trustedshops.com *.usercentrics.eu *.googleapis.com *.bildstatic.de https://cdn.jsdelivr.net *.googletagmanager.com *.stape.io *.fontawesome.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ad.doubleclick.net *.bounce-commerce.de *.adcell.com *.loadbee.com *.ad4m.at http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.google-analytics.com *.stape.io https://get.geojs.io *.avada.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dashandy.de/; report-to report-endpoint; 2
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com *.cenpos.net *.cenpos.com https://www.magezon.com *.hubspot.com *.hsforms.com *.linkedin.com *.adsymptotic.com *.otcindustrial.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ws.zoominfo.com secure.venture-365-inspired.com js.hubspot.com cdn.callrail.com js.usemessages.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com *.termly.io *.fullstory.com *.licdn.com *.doubleclick.net *.listenlayer.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com ws.zoominfo.com idx.liadm.com px.ads.linkedin.com forms.hscollectedforms.net static.listenlayer.com pagead2.googlesyndication.com googleads.g.doubleclick.net js.hs-banner.com *.fullstory.com *.termly.io *.linkedin.oribi.io *.analytics.google.com *.hubspot.com *.hubapi.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.bing.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cookiebot.eu *.youtube.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.nl *.google.at *.google.de *.google.be *.google.fr *.google.it www.googletagmanager.com *.trustpilot.com *.pinterest.com *.criteo.com *.criteo.net *.cookiebot.com https://squeezely.tech *.sendcloud.sc *.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.lutz.nl *.lutzfashion.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.mailcampaigns.nl/ *.linkedin.com *.pinterest.com *.google.com.ua *.google.de *.google.nl *.google.at *.google.be *.google.fr *.google.it *.yahoo.com *.webwinkelkeur.nl *.cookiebot.com *.criteo.com *.criteo.net *.bing.com *.jmango360.com *.amazonaws.com ssl.gstatic.com www.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.lutz.nl *.lutzfashion.com *.getdrip.com *.tweakwise.com *.cookiebot.eu *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr chimpstatic.com *.criteo.net *.robinhq.com *.mailcampaigns.nl *.cloudflareinsights.com *.hotjar.com *.trustpilot.com *.dhlparcel.nl *.criteo.com *.cookiebot.com *.bing.com *.msecnd.net *.pinterest.com *.clarity.ms *.pinimg.com *.licdn.com *.sooqr.com https://squeezely.tech *.billygrace.com *.sendcloud.sc *.jsdelivr.net *.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.mailcampaigns.nl *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.bing.com *.sooqr.com https://unpkg.com *.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net tagmanager.google.com fonts.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.lutz.nl *.lutzfashion.com *.tweakwise.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.mailcampaigns.nl *.visualstudio.com *.pinterest.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.bing.com *.linkedin.com *.hotjar.com *.hotjar.io *.trustpilot.com *.googletagmanager.com wss://ws.hotjar.com/ *.criteo.com *.criteo.net *.cookiebot.com *.clarity.ms *.amazonaws.com https://squeezely.tech *.jsdelivr.net *.billypx.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://cdn.wolterskluwer.io/ https://www.googletagmanager.com/ https://analytics.sleeknote.com/ https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com/ https://region1.google-analytics.com/ https://vimeo.com/ https://pagead2.googlesyndication.com/ https://cmtt.nl/ https://ep1.adtrafficquality.google/ https://securepubads.g.doubleclick.net/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.userdatatrust.com/ https://securepubads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://ep2.adtrafficquality.google/ https://www.googletagmanager.com/ https://eu2.cdn.thunderhead.com/one/rt/js/one-tag.js?siteKey=ONE-JHGTRIWT14-2067 http://sleeknotecustomerscripts.sleeknote.com/23807.js http://img.en25.com/i/elqCfg.min.js https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://sleeknotestaticcontent.sleeknote.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069938057/ https://www.google-analytics.com/analytics.js https://www.googletagservices.com/ https://connect.facebook.net/ http://cdn.feedbackify.com/ http://dev.visualwebsiteoptimizer.com/ https://certify-js.alexametrics.com/ http://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://cdn.wolterskluwer.io/; img-src 'self' https://cdn.wolterskluwer.io/wk-logos/1.0.x/ https://s1364398973.t.eloqua.com/visitor/v200/svrGP data: https://www.google.com/ https://www.google.it/ https://www.google-analytics.com/ https://i.vimeocdn.com/ https://www.taxvisions.nl/ https://acc.taxvisions.nl/ https://ep1.adtrafficquality.google/ https://ep2.adtrafficquality.google/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ http://cdn.feedbackify.com/ https://dev.visualwebsiteoptimizer.com/; font-src 'self' https://cdn.wolterskluwer.io/; frame-src 'self' https://player.vimeo.com/ *.safeframe.googlesyndication.com/ https://ep2.adtrafficquality.google/; frame-ancestors 'self'; 2
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://*.hsforms.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; media-src 'self' https: data: blob:; worker-src 'self' blob: data:; frame-src https:; manifest-src 'self'; report-uri https://b288bea8a51fb90daf961744c3a98a53.report-uri.com/r/t/csp/reportOnly; 2
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.iglusport.si www.iglusport.rs iglusport.magento.dev.optiweb.si www.google.com cdn.flipsnack.com consentcdn.cookiebot.com td.doubleclick.net www.facebook.com www.googletagmanager.com kuula.co *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.iglusport.si *.iglusport.rs iglusport.magento.dev.optiweb.si *.cookiebot.com *.google.si *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.cookiebot.com static.kuula.io kuula.co c.bing.com *.clarity.ms pagead2.googlesyndication.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.iglusport.si *.iglusport.rs iglusport.magento.dev.optiweb.si unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io pagead2.googlesyndication.com *.google-analytics.com maps.googleapis.com *.iglusport.si *.iglusport.rs capig.stape.tech *.cookiebot.com *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src capig.stape.tech 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.klarnacdn.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net * *.googleapis.com *.gstatic.com magefan.com cm.magefan.com *.cookiebot.com ericeirasurfskate.pt data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.googleapis.com *.gstatic.com player.vimeo.com d1wc04gc1zp1rt.cloudfront.net d39mkej10j6rgd.cloudfront.net *.improove.io *.klarna.com *.cookiebot.com d1ekgxxzy7ounl.cloudfront.net d26u8mjnuxived.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app maxcdn.bootstrapcdn.com *.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com * *.googleapis.com *.google-analytics.com *.google.com *.klarna.com *.klarnaevt.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e77ecc29-42f6-4ccb-b6de-661ba8ba453e.sansec.watch/; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.cloudflare.com *.trustedshops.com *.googleapis.com *.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.facebook.com *.nosto.com *.nos.to *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.doubleclick.net *.facebook.com *.klarna.com *.nosto.com *.nos.to *.freshchat.com *.twitter.com *.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.klarna.com *.klarnaevt.com *.nosto.com *.nos.to *.rubiconproject.com/ *.sharethrough.com/ *.teads.tv/ *.tremorhub.com/ *.3lift.com/ *.yieldlab.net/ *.ads.yieldmo.com/ *.emxdgt.com/ *.adform.net/ *.demdex.net/ *.criteo.net *.adnxs.com/ *.cloudfront.net/ *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com *.bing.com/ *.clarity.ms/ *.google.al/ *.google.am/ *.google.at/ *.google.az/ *.google.ba/ *.google.be/ *.google.bg/ *.google.by/ *.google.ch/ *.google.cz/ *.google.de/ *.google.dk/ *.google.ee/ *.google.es/ *.google.fi/ *.google.fr/ *.google.ge/ *.google.gr/ *.google.hr/ *.google.hu/ *.google.ie/ *.google.is/ *.google.it/ *.google.kz/ *.google.li/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.md/ *.google.me/ *.google.mk/ *.google.mt/ *.google.nl/ *.google.no/ *.google.pl/ *.google.pt/ *.google.ro/ *.google.rs/ *.google.ru/ *.google.se/ *.google.si/ *.google.sk/ *.google.sm/ *.google.tr/ *.google.ua/ *.google.uk/ *.google.com.ua/ *.google.com.tr/ *.google.com.gr/ *.google.com.pt/ *.google.com.pl/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com/ *.nosto.com *.nos.to *.cloudfront.net/ *.cookiebot.com/ *.kuvio.io/ *.reamaze.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ *.klarnaservices.com/ *.livechatinc.com/ *.hotjar.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com cdn1.stamped.io stamped.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.algolia.net *.algolia.com/ *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com/ *.klarnaevt.com *.nosto.com *.nos.to *.criteo.com *.hobbybox.fi/ *.g.doubleclick.net/ *.reamaze.com/ *.cookiebot.com/ *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.klarna.com/ wss://ws.reamaze.com/ *.reamaze.io/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self data: *.nosto.com/ *.klaviyo.com/ *.stamped.io/ https://stamped.io/ *.gstatic.com/ *.cloudfront.net/ *.cloudflare.com/ *.klarnaservices.com/ *.klarna.com/ *.klarnaevt.com/ *.klarnacdn.net/ *.yotpo.com/ *.reamaze.io/ *.reamaze.com/ wss://ws.reamaze.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src https://cdn.connectif.cloud; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.cs.1worldsync.com https://script.hotjar.com https://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * td.doubleclick.net www.google.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com mcstaging.digitalixcomercio.com mcprod.digitalixcomercio.com rt.flix360.com media.flixcar.com www.google.com.co https://mcprod.digitalixcomercio.com https://cdn.cs.1worldsync.com https://photos-us.bazaarvoice.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com/px/ https://ad.doubleclick.net https://px4.ads.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com https://cdn.connectif.cloud js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.cardinalcommerce.com www.google.com www.gstatic.com cdn.cs.1worldsync.com media.flixfacts.com ws.cs.1worldsync.com media.flixcar.com static.queue-it.net assets.queue-it.net static.hotjar.com script.hotjar.com static.zdassets.com js-agent.newrelic.com https://static.zdassets.com https://static.hotjar.com https://static.queue-it.net https://prod.flixgvid.flix360.io  https://connect.facebook.net https://snap.licdn.com https://analytics.tiktok.com https://pixels.lemonpi.io https://pagead2.googlesyndication.com https://stapecdn.com https://ix.aqmaster.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com assets.braintreegateway.com tagmanager.google.com https://cdn.cs.1worldsync.com https://fonts.cdnfonts.com/css/satoshi https://www.googletagmanager.com/debug/badge.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com https://cdn.cs.1worldsync.com https://mcprod.shop.epson.com.co/media 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.doubleclick.net media.flixcar.com ekr.zdassets.com *.zendesk.com bam.nr-data.net googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://am1-api.connectif.cloud https://surveystats.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io https://analytics.tiktok.com https://px.ads.linkedin.com https://www.facebook.com https://ix.aqmaster.com https://cdn.connectif.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https: blob: 'self' 'unsafe-inline'; default-src googleads.g.doubleclick.net stats.g.doubleclick.net commerce.adobedc.net widget-mediator.zopim.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net connect.facebook.net tags.tiqcdn.com cdn.cookielaw.org eploytealium.com munchkin.marketo.net cdn.livechatinc.com api.livechatinc.com cdn.optimizely.com googletagmanager.com *.arrivia-cdn.com googleads.g.doubleclick.net deploytealium.com maps.googleapis.com *.clarity.ms scripts.clarity.ms *.personyze.com counter.personyze.com counter2.personyze.com count.personyze.com *.tealiumiq.com *.blob.core.windows.net cdn.quantummetric.com www.googletagmanager.com www.googletagmanager.com:443 cdn.jsdelivr.net cdn.jsdelivr.net:443 ajax.googleapis.com cdnjs.cloudflare.com unpkg.com kit.fontawesome.com pagead2.googlesyndication.com static.elfsight.com static.elfsight.com:443 universe-static.elfsightcdn.com universe-static.elfsightcdn.com:443 snippet.maze.co lpcdn.lpsnmedia.net apis.google.com cdn.segment.com bat.bing.com bat.bing.com:443; frame-src 'self' https: *.clarity.ms *.personyze.com *.tealiumiq.com *.blob.core.windows.net pagead2.googlesyndication.com static.elfsight.com static.elfsight.com:443 universe-static.elfsightcdn.com universe-static.elfsightcdn.com:443; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: *.clarity.ms *.personyze.com counter.personyze.com counter2.personyze.com count.personyze.com *.tealiumiq.com *.blob.core.windows.net https://visitor-service-us-east-1.tealiumiq.com visitor-service.tealiumiq.com googleads.g.doubleclick.net www.clarity.ms bat.bing.com bat.bing.com:443 nebula-cdn.kampyle.com api.livechatinc.com connect.facebook.net ajax.googleapis.com cdnjs.cloudflare.com cdn.quantummetric.com www.googletagmanager.com www.googletagmanager.com:443 cdn.jsdelivr.net cdn.jsdelivr.net:443 static.elfsight.com static.elfsight.com:443 universe-static.elfsightcdn.com universe-static.elfsightcdn.com:443 lpcdn.lpsnmedia.net apis.google.com cdn.segment.com; frame-ancestors 'self' ... *.clarity.ms *.personyze.com pagead2.googlesyndication.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://temporarycsp.azurewebsites.net/api/CreateReport; report-to csp-endpoint; 2
font-src *.easypack24.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.pl *.easypack24.net *.inpost.pl https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.safemage.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.cloudflareinsights.com *.hotjar.com *.easypack24.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com maps.googleapis.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.easypack24.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.hotjar.io *.easypack24.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://www.google-analytics.com *.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
Content-Security-Policy-Report-Only: default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; script-src 'none' 'report-sample'; connect-src 'none'; form-action 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.threatview.app/report; report-to threatview 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.certcapture.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src  'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src  'self' google.com *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com bat.bing.net live.luigisbox.com api.luigisbox.com  https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev https://eshops-uet-tags.ams3.cdn.digitaloceanspaces.com apps.sg-nabytek.cz apps.sg-nabytok.sk apps.sg-butor.hu ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com bat.bing.net scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com apps.sg-nabytek.cz apps.sg-nabytok.sk apps.sg-butor.hu ;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com bat.bing.net *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src  'self' ; report-uri /frontendreport/report/ 2
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/tr/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bebemundo.com.do *.jugueton.com.do *.zdassets.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co amc.demdex.net www.google.com www.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.facebook.com/tr/ *.youtube.com *.yotpo.com *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.gstatic.com maps.googleapis.com accounts.google.com www.google.com www.facebook.com https://googleads.g.doubleclick.net www.google.com.ar www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com *.youtube.com https://connect.facebook.net https://notifications-icommkt.website *.yotpo.com *.notifications-icommkt.com *.simpleanalyticscdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.avada.io *.google.com *.gstatic.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://www.gstatic.com/recaptcha/releases/tFhBvPrftr7Y91fo1S1ASkA6/recaptcha__es.js https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js *.youtube.com https://static.zdassets.com ekr.zdassets.com *.yotpo.com *.simpleanalyticscdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com https://www.hotjar.com https://script.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://static.zdassets.com ekr.zdassets.com jugueton.zendesk.com bebemundord.zendesk.com casacuesta.zendesk.com *.googletagmanager.com *.yotpo.com *.googleapis.com *.zdassets.com *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src, object-src, base-uri, frame-src 2
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com *.libreka.de *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com js.stripe.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.libreka.de www.sovendus-connect.com www.sovendus-benefits.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de https://firebasestorage.googleapis.com *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu *.scnem2.com cdn.consentmanager.net cloud.ccm19.de *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com tagmanager.google.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de api.sovendus.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.avada.io *.shopify.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu *.scnem2.com *.s7.addthis.com cdn.consentmanager.net d.delivery.consentmanager.net cloud.ccm19.de *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com fonts.google.com *.libreka.de *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com cdn.consentmanager.net cloud.ccm19.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.libreka.de *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com privacyportal-de.onetrust.com pagead2.googlesyndication.com qm.magazinabo.com qm.getredbulletin.ch *.libreka.de identification-api.sovendus.com press-tracking-api.sovendus.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com cloud.ccm19.de t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';  frame-src 'self' wine-cult.firebaseapp.com *.youtube.com *.spotify.com *.vimeo.com *.doubleclick.net *.facebook.com *.trkn.us *.googletagmanager.com *.googlesyndication.com vercel.live vercel.com *.instagram.com form.jotform.com *.ctfassets.net *.audioeye.com *.pinterest.com *.stripe.com *.hsforms.com *.hsforms.net;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.adsrvr.org *.googlesyndication.com *.youtube.com *.spotify.com *.vimeo.com maps.googleapis.com form.jotform.com *.vercel.live *.audioeye.com *.tiktok.com *.adroll.com *.nextdoor.com *.stackadapt.com *.pinterest.com *.pinimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com snap.licdn.com *.facebook.net *.pixeltracker.co *.stripe.com *.hsforms.net *.hubspotusercontent-na1.net *.hsappstatic.net;  child-src 'self' *.youtube.com *.google.com *.spotify.com vercel.live vercel.com;  style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.googletagmanager.com *.stackadapt.com *.audioeye.com *.hsforms.net *.hubspotusercontent-na1.net;  img-src * blob: data:;  media-src 'self' *.cdninstagram.com;  object-src data: *.ctfassets.net;  connect-src *;  font-src 'self' data: *.typekit.net fonts.gstatic.com *.audioeye.com *.hsforms.net *.hubspotusercontent-na1.net;  frame-ancestors 'self' https://app.contentful.com; 2
connect-src 'self' https: data: *.app.cookieinformation.com *.google-analytics.com maps.googleapis.com danfoss-ps-shared-test-services-.z01.azurefd.net danfoss-ps--fd-algolia-.z01.azurefd.net *.algolia.net northeurope-2.in.applicationinsights.azure.com gst.powersource.danfoss.com *.bf.dynatrace.com *.siteintercept.qualtrics.com *.g.doubleclick.net *.analytics.google.com googletagmanager.com danfoss-appswitcherapi-prod-webapi.azurewebsites.net;frame-src https://policy.app.cookieinformation.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://*.danfoss.com https://danfoss.eu.qualtrics.com https://player.youku.com; style-src 'self' 'unsafe-inline' https://cdn.mosaic.danfoss.com https://fonts.googleapis.com; font-src https://*.danfoss.com https://fonts.googleapis.com https://cdn.mosaic.danfoss.com https://fonts.gstatic.com; object-src 'none'; manifest-src 'self' https://cdn.mosaic.danfoss.com;img-src 'self' data: https://cdn.mosaic.danfoss.com https://*.danfoss.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://www.c.clarity.ms https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://login.windows.net https://*.contentstack.com https://*.qualtrics.com https://*.g.doubleclick.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://policy.app.cookieinformation.com https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://cdn.mouseflow.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://js-cdn.dynatrace.com https://maps.googleapis.com https://www.google.com/recaptcha https://www.google.com/recaptcha/api.js https://www.gstatic.com https://*.danfoss.com https://*.z16.web.core.windows.net/scripts/ https://googleads.g.doubleclick.net https://cdn.jsdelivr.net/npm/search-insights@*;frame-ancestors 'self'; default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline'; report-uri /api/csp-report 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gopersonal.ai 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.gopersonal.ai *.mercadolibre.com api.cappasity.com event.getblue.io googleads.g.doubleclick.net api-static.mercadopago.com secure-fields.mercadopago.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net https://*.gopersonal.ai *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com 'self' data: www.google.com.mx www.google.com.ar operaciones.jazminchebar.com.ar www.mailing.todoparachebar.com mg.mlstatic.com h.online-metrix.net ventasonline.payway.com.ar developers-ventasonline.payway.com.ar www.mailing.jazminchebar.com public-assets.goshops.ai jazminchebar.com.ar jazminchebar.com jazminchebar.cl jazminchebar.mx todoparachebar.com.ar todoparachebar.cl jazmincircular.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://*.gopersonal.ai https://*.gstatic.com *.mlstatic.com *.mercadopago.com *.gstatic.com cdn.retailrocket.net d12zyq17vm1xwx.cloudfront.net event.getblue.io widget.getblue.io externalassets.icommarketing.com static.oct8ne.com connect.facebook.net services.fitprenda.com live.decidir.com maps.googleapis.com developers.decidir.com h.online-metrix.net h64.online-metrix.net ventasonline.payway.com.ar developers-ventasonline.payway.com.ar api.wcx.cloud www.clarity.ms f.wcentrix.com js-agent.newrelic.com scripts.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.gopersonal.ai *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.gopersonal.ai https://*.goshops.ai https://*.googleapis.com https://*.gstatic.com *.mercadopago.com *.mercadolibre.com notifications-icommkt.com track-icommkt.com tracking.retailrocket.net cdn.retailrocket.net frontal-usa.oct8ne.com maps.googleapis.com googleads.g.doubleclick.net developers.decidir.com h.online-metrix.net ventasonline.payway.com.ar developers-ventasonline.payway.com.ar bam.nr-data.net d.clarity.ms jch-api.goshops.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src 'self' *.kerebro.com *.google-analytics.com *.google.com *.facebook.com *.livechatinc.com store.gsscloud.com opencompany.azurewebsites.net in.hotjar.com kerebro.com stats.g.doubleclick.net vc.hotjar.io www.gsscloud.com ka-p.fontawesome.com b.clarity.ms https://r.adgeek.net; font-src 'self' data: fonts.gstatic.com www.gsscloud.com uwillx.com cdn.livechatinc.com; frame-src 'self' *.doubleclick.net secure.livechatinc.com www.facebook.com vars.hotjar.com www.youtube.com tpc.googlesyndication.com www.googletagmanager.com cdn.videgree.com bizform.vitalyun.com; img-src 'self' data:  *.gsscloud.com *.google-analytics.com *.n0.cdn.getcloudapp.com *.g.doubleclick.net *.gstatic.com cdn.files-text.com www.facebook.com i.ytimg.com www.google.com www.google.com.tw gssweb.gss.com.tw www.gss.com.tw cl.ly connect.facebook.net uwillx.com www.googletagmanager.com widgets.magentocommerce.com s3.amazonaws.com lh3.googleusercontent.com lh4.ggpht.com member.kerebro.com www.googleadservices.com jolly-beach-08300eb00.6.azurestaticapps.net; media-src cdn.livechatinc.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.livechatinc.com *.hotjar.com *.google-analytics.com *.google.com connect.facebook.net googleads.g.doubleclick.net kerebro.com store.gsscloud.com www.googleadservices.com www.googletagmanager.com www.youtube.com www.linkedin.com  uwillx.com tpc.googlesyndication.com unpkg.com kit.fontawesome.com cdnjs.cloudflare.com www.clarity.ms; script-src-elem 'self' 'unsafe-inline' data: store.gsscloud.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.livechatinc.com api.livechatinc.com unpkg.com www.clarity.ms kit.fontawesome.com www.googletagmanager.com kerebro.com www.youtube.com www.google-analytics.com ssl.google-analytics.com connect.facebook.net googleads.g.doubleclick.net https://r.adgeek.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com store.gsscloud.com uwillx.com kerebro.com kerebro.com unpkg.com cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com; report-uri https://gsscloud.report-uri.com/r/d/csp/wizard 2
font-src https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' f24.com *.f24.com; upgrade-insecure-requests; report-uri https://0ze76053.uriports.com/reports/report; report-to csp-endpoint; manifest-src 'self'; script-src https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com snap.licdn.com j.6sc.co https://pi.pardot.com https://www.youtube-nocookie.com https://www.youtube.com https://www.clarity.ms https://scripts.clarity.ms 'self' f24.com *.f24.com 'unsafe-inline'; style-src https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com https://www.youtube-nocookie.com https://www.youtube.com 'self' f24.com *.f24.com 'unsafe-inline'; media-src fact24.com 'self' f24.com *.f24.com; img-src data: fact24.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com www.google.com www.google.hr www.google.fr www.google.no www.google.ch www.google.lu www.google.de www.google.at www.google.es www.google.hn www.google.dk www.google.nl googleads.g.doubleclick.net cdn.cookielaw.org px.ads.linkedin.com px4.ads.linkedin.com b.6sc.co img.youtube.com img.youtube-nocookie.com https://c.clarity.ms https://claritystatic.blob.core.windows.net https://c.bing.com 'self' f24.com *.f24.com; frame-src https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com www.tfaforms.com f24.jobs.personio.de 'self' f24.com *.f24.com; font-src https://fonts.gstatic.com data: 'self' f24.com *.f24.com; connect-src www.googletagmanager.com www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com px.ads.linkedin.com ipv6.6sc.co c.6sc.co epsilon.6sense.com https://www.youtube-nocookie.com https://www.youtube.com noembed.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms 'self' f24.com *.f24.com; frame-ancestors 'none'; 2
font-src www.paypalobjects.com *.gstatic.com widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.livechatinc.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com player.vimeo.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com https://www.google.com/recaptcha/ *.avis-verifies.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.googletagmanager.com *.google.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.livechatinc.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.cetelem.es cdn.doofinder.com *.google.com *.youtube.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.livechatinc.com imgsct.cookiebot.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cetelem.es cdn.doofinder.com *.googletagmanager.com *.cdn.cookielaw.org/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.livechatinc.com *.tradedoubler.com consent.cookiebot.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cetelem.es *.doofinder.com *.googleapis.com widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.livechatinc.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cetelem.es *.doofinder.com wss://*.doofinder.com *.googletagmanager.com *.cdn.cookielaw.org/ *.youtube.com/ widget.trustpilot.com t4.my-probance.one *.aplazame.com *.zendesk.com *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.livechatinc.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com assets.fintoc.com https://assets.fintoc.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.contentsquare.net https://*.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.contentsquare.net https://*.contentsquare.com; img-src 'self' data: https://*.contentsquare.net https://*.contentsquare.com; connect-src 'self' https://*.contentsquare.net https://*.contentsquare.com; font-src 'self' data: https://*.contentsquare.net https://*.contentsquare.com; frame-src 'self' https://*.contentsquare.net https://*.contentsquare.com; 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; img-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://accounts.google.com https://app.productfruits.com https://maps.google.com https://www.bing.com https://r.bing.com https://*.googleapis.com https://js.api.here.com https://traffic.ls.hereapi.com https://*.amap.com https://api-maps.yandex.ru https://yastatic.net https://hst-api.wialon.com;style-src 'self' 'unsafe-inline' https://app.productfruits.com https://fonts.googleapis.com https://r.bing.com;img-src 'self' data: blob: https:;connect-src 'self' https://*.productfruits.com wss://ws2.productfruits.com https://*.google-analytics.com https://maps.googleapis.com https://*.amap.com https://*.mapbox.com https://*.maps.ls.hereapi.com https://vector.hereapi.com https://js.api.here.com https://*.wialon.com https://*.wialon.net blob:;frame-src 'self' https://hst-api.wialon.com https://geocode-maps.wialon.com;form-action 'self' https://hst-api.wialon.com;object-src 'none';frame-ancestors *;worker-src 'self' blob:;font-src 'self' data: https:;media-src 'self' blob: https:; report-uri https://sentry-new.wialon.net/api/91/security/?sentry_key=7ee88f41a9457af92483172d09fb61c4; report-to csp-endpoint 2
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.fontawesome.com *.gstatic.com 'self' data: data: surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com www.google.com.co js.intercomcdn.com intercomassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://rum.hlx.page https://www.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com https://maps.googleapis.com *.snrbox.com static.hotjar.com *.clarity.ms surveys-static.survicate.com script.hotjar.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.googleapis.com *.gstatic.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.snrcdn.net https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.synerise.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org *.snrbox.com t.clarity.ms stats.g.doubleclick.net api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com https://content.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'self' wss: https:; style-src 'self' 'unsafe-inline' data: https:; frame-src 'self' https://batmaid.prismic.io https://*.trustpilot.com https://vars.hotjar.com https://*.google.com https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://pay.datatrans.com https://3dsec.cardcenter.ch https://acs1.viseca.ch https://acs.touch.tech https://www.instagram.com https://www.googletagmanager.com https://consentcdn.cookiebot.com data:; frame-ancestors 'self'; form-action 'self' https://pay.datatrans.com https://www.facebook.com; object-src 'none'; upgrade-insecure-requests; report-uri /en/api/v1/csp-violation-report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  https://go.mufg-investorservices.com/ https://cdn.cookielaw.org https://cdn.bizible.com/ https://www.googletagmanager.com/ https://j.6sc.co/ https://snap.licdn.com/ https://munchkin.marketo.net/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://ipv6.6sc.co/ https://b.6sc.co/ https://www.google.com https://c.6sc.co/ https://www.gstatic.com/ https://googleads.g.doubleclick.net https://static.smartrecruiters.com/ https://www.smartrecruiters.com/ https://www.buzzsprout.com/ https://www.youtube-nocookie.com/ https://geolocation.onetrust.com/ www.youtube.com https://privacyportal-eu.onetrust.com/ https://secure.adnxs.com/ https://www.googleadservices.com/ https://td.doubleclick.net/ https://epsilon.6sense.com/ https://427-brk-404.mktoresp.com/ youtu.be; img-src * 'self' data: blob:; font-src 'self' data:; 2
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.clover.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com *.clover.com *.hsforms.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://firebasestorage.googleapis.com https://www.mollie.com *.clover.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.avada.io *.shopify.com js.mollie.com *.clover.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.bomenenzo.nl www.bomenenzo.nl *.feedbackcompany.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.bomenenzo.nl *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.googletagmanager.com td.doubleclick.net mc.yandex.com www.facebook.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src cdn.bomenenzo.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.datatrics.com *.google.nl *.google-analytics.com *.hipex.cloud *.bomenenzo.nl *.smartsuppcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.video-dns.com www.google.nl www.facebook.com www.bomenenzo.nl *.feedbackcompany.com https://www.mollie.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl *.clarity.ms chimpstatic.com downloads.mailchimp.com *.list-manage.com www.bomenenzo.nl www.clarity.ms scripts.clarity.ms mc.yandex.ru googletagmanager.com www.smartsuppchat.com connect.facebook.net widget-v3.smartsuppcdn.com static.cloudflareinsights.com pay.multisafepay.com js.mollie.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.typekit.net *.bomenenzo.nl downloads.mailchimp.com widget-v3.smartsuppcdn.com www.bomenenzo.nl pay.multisafepay.com https://fonts.googleapis.com *.fontawesome.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.video-dns.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com translations.smartsuppcdn.com websocket-visitors.smartsupp.com wss://*.smartsupp.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl *.clarity.ms wss://metrics.video-dns.com bootstrap.smartsuppchat.com widget-v3.smartsuppcdn.com *.video-dns.com www.feedbackcompany.com mc.yandex.com region1.analytics.google.com region1.google-analytics.com www.bomenenzo.nl www.google.com mpc2-prod-1-is5qnl632q-uc.a.run.app b.clarity.ms *.multisafepay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src websocket-visitors.smartsupp.com www.google.com *.video-dns.com www.bomenenzo.nl b.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src 'self' data: *.fonts.googleapis.com *.gstatic.com applepay.cdn-apple.com; img-src https: 'self' data: https://pc.fcdn.eu/media/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src 'self' *.trustpilot.com *.canva.com *.vimeo.com *.adyen.com *.paypal.com *.google.com *.bunq.com *.youtube.com *.jotform.com pay.google.com applepay.cdn-apple.com; script-src *.googletagmanager.com *.getflowbox.com *.trustpilot.com *.paracord.shop paracord.shop pay.google.com 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.payments-amazon.com *.adyen.com *.paypal.com *.cloudflareinsights.com *.trustedshops.com applepay.cdn-apple.com *.clarity.ms; connect-src *.sentry.io *.sanity.io *.flbx.io *.google-analytics.com *.getflowbox.com *.paracord.shop paracord.shop google.com *.google.com *.adyen.com *.paypal.com 'self' *.paracord.eu pc.fcdn.eu *.clarity.ms *.trustedshops.com *.paracord.nl *.paracord.de *.paracord.fr *.paracord.it *.paracord.eu *.paracord.shop *.paracord.co.uk *.paracordshop.es *.paracordshop.dk *.paracordshop.pl *.paracordsverige.se *.googleapis.com *.gstatic.com; frame-ancestors *.sanity.studio https://*.trustpilot.com *.paracord.local:3333; object-src 'none'; base-uri 'self'; script-src-attr 'unsafe-inline' 2
default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de cdn.cookielaw.org geolocation.onetrust.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self'  *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net cdn.cookielaw.org; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
script-src-elem www.googletagmanager.com ajax.googleapis.com consent.cookiebot.com consentcdn.cookiebot.com embed.sendcloud.sc cdn.jsdelivr.net gc.kis.v2.scr.kaspersky-labs.com ff.kis.v2.scr.kaspersky-labs.com infirc.com ritrag.com me.kis.v2.scr.kaspersky-labs.com connect.facebook.net infird.com kproxyservers.site gc.kes.v2.scr.kaspersky-labs.com cdn.toolszen.com ff.kes.v2.scr.kaspersky-labs.com mstat.acestream.net cdnjs.cloudflare.com data1.pletar.com apis.google.com translate.google.com translate.googleapis.com c.chuyueshop.com gc.kis.scr.kaspersky-labs.com me.kes.v2.scr.kaspersky-labs.com dakotaram.com jullyambery.net hublosk.com wistiaextension.com utq.vvipquan.com secured-pixel.com 3001.scriptcdn.net api.wire.threatspike.com extensionscontrol.com cdn.cookie-script.com www.oilonline.store sc-static.net 4ddons.com cdn.sleak.chat static.ads-twitter.com rialto-gms.s3.amazonaws.com vk-online.xyz pro-sw.ru mainf.global-cache.online www.pagespeed-mod.com www.google-analytics.com images.uc.cn g.alicdn.com vtesting.yoganc.fun dmp.im-apps.net static.hotjar.com www.clickcease.com script.hotjar.com assets.adobedtm.com pagead2.googlesyndication.com conversations-widget.sendinblue.com cdn.by.wonderpush.com bokezu.tijapixuno.com static.cloudflareinsights.com www.google.com www.gstatic.com mediashower.com www.youtube.com youwanoss.oss-cn-shanghai.aliyuncs.com cdn.livechatinc.com api.livechatinc.com img.otv.cc veniwa.bakowiseda.com cogupo.piyugahevo.com biwiki.zesewodasi.com browser.360.cn 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net gc.kis.v2.scr.kaspersky-labs.com ff.kis.v2.scr.kaspersky-labs.com www.gstatic.com pwm-image.trendmicro.com me.kis.v2.scr.kaspersky-labs.com www.oilonline.store cdn.honey.io use.fontawesome.com cdn.sleak.chat adblockers.opera-mini.net mediashower.com sleakbot-v2.pages.dev 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com at.alicdn.com cdn.megabonus.com use.typekit.net static.hsappstatic.net themes.googleusercontent.com chrome-extension://jcmcbmdmfmelmlelagelpfhmohipjjia static3.avast.com use.fontawesome.com aceify.ai cdn.scite.ai cdn.fontshare.com www.slant.co appdown.pstatic.net app.escribelo.ai qncdn.aoscdn.com cdn.faceworks.nl www.oilonline.store assets.alicdn.com cdnjs.cloudflare.com images.simplycodes.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com r2cdn.perplexity.ai www.vinci.com cdn-uicons.flaticon.com migaku-public-data.migaku.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com www.oilonline.store translate.googleapis.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.oilonline.store 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com www.xtento.com *.googletagmanager.com *.doubleclick.net consentcdn.cookiebot.com www.googletagmanager.com pwm-image.trendmicro.com gateway.zscloud.net gateway.zscalerthree.net menrealitycalc.com safe.menlosecurity.com gateway.zscaler.net acestream.tv emet.live emet.news gateway.zscalertwo.net feedback-pa.clients6.google.com c.safen110.com div.show global.acs.prismaaccess.com 172.16.1.240:9123 noop.style portal.farsons.com 10.33.141.1 wm-livechat-2-prod-dot-watermelonmessenger.appspot.com translate.googleapis.com widget.sleak.chat lordfilm-crew.net remove.video block.opendns.com www.youtube.com.x.11d761ca0d21704a6c0b3510df542b18da88.d045213f.id.opendns.com www.oelonline.com saml.saasprotection.com safeframe.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io quickchart.io img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com *.gstatic.com *.facebook.com maps.googleapis.com www.xtento.com cdn.xtento.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://www.magezon.com flagpedia.net imgsct.cookiebot.com www.olieonline.nl www.olieonline.co.uk www.oelonline.com translate.google.com log-papago.naver.com pos.baidu.com www.oilonline.store cdn.honey.io mc.yandex.ru translate.googleapis.com dakotaram.com yastatic.net staging.oilonline.store sygpwnluwwetrkmwilea.supabase.co uploads-ssl.webflow.com t.co analytics.twitter.com my.productfruits.com gateway.zscalertwo.net cdn.sleak.chat actimg.heytapimg.com stagingcw.olieonline.co.uk www.bing.com img.alicdn.com sleak-chat.github.io db.sleak.chat data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sendcloud.sc *.jsdelivr.net ajax.googleapis.com *.google.com *.facebook.net unpkg.com maps.googleapis.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com greasyfork.org update.greasyfork.org cdn.cookie-script.com cdn.sleak.chat static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline *.sendcloud.sc *.jsdelivr.net *.tagmanager.google.com *.googletagmanager.com *.gstatic.com www.gstatic.com cdn.sleak.chat 'self' 'unsafe-inline'; object-src object.center 'self' 'unsafe-inline'; media-src *.adobe.com ssl.gstatic.com sygpwnluwwetrkmwilea.supabase.co cdn.sleak.chat 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app www.gstatic.com maps.googleapis.com consentcdn.cookiebot.com translate.googleapis.com translate-pa.googleapis.com overbridgenet.com api.global-data-lab.com api.mkmediaworks.com wss://ny1.xmrminingproxy.com consent.cookiebot.com www.oilonline.store gjtrack.ucweb.com api.amcreativemedia.com api.fbanalytics.org yandex.ru www.google.com s3.ap-east-1.amazonaws.com o0rmue7xt0.execute-api.il-central-1.amazonaws.com wss://127.0.0.1:2020 wss://127.0.0.1:2023 wss://127.0.0.1:2024 wss://127.0.0.1:2021 wss://127.0.0.1:2025 wss://127.0.0.1:2027 wss://127.0.0.1:2022 wss://127.0.0.1:2026 wss://127.0.0.1:2029 wss://127.0.0.1:2028 localhost:8036 api.trongrid.io n.wistiaextension.com region1.google-analytics.com ajax.googleapis.com baidustatics.net infragrid.v.network adtonus.com code.jquery.com rktds.net d1lkfzu2puirk6.cloudfront.net consent.cookie-script.com editor.api.clonable.net clientstream.launchdarkly.com fonts.googleapis.com fonts.gstatic.com local.adblock360.com cdn.sleak.chat widget.sleak.chat sygpwnluwwetrkmwilea.supabase.co my.productfruits.com api.video-adblock.com gateway.zscalertwo.net api.privacy-protector-adblocker.com ws://127.0.0.1:35729 tl.ytlogs.ru service.gstatic-cache.com cdnmmh.global-cache.online aegis.qq.com api.vid-adblocker.com localhost:4443 detector.scamsniffer.io px.wpk.quark.cn vtesting.yoganc.fun www.facebook.com api.freevideoguard.org www.olieonline.co.uk junklip.com ad-ninja.net felo-crawler.com metrics-dra.dt.dbankcloud.cn sleakbot-v2.pages.dev safesearchinc.com api.blocksly.org fr.api4load.net gateway.zscloud.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.amazon.de www.exxonmobil.com www.mobil.com www.oelonline.com 7gtronic.pl 'self' 'unsafe-inline'; report-uri https://www.olieonline.co.uk/rest/all/V1/cspmanager/frontend_report; 2
font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com https://plumrocket.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://*.google.nl https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net https://*.adservice.google.com https://*.facebook.net https://*.tiktok.com https://www.mollie.com maps.gstatic.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.captcha.eu *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.facebook.net https://*.tiktok.com js.mollie.com maps.googleapis.com *.googletagmanager.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.captcha.eu https://w19.captcha.at https://at.captcha.at *.cloudflare.com *.paypal.com *.googleapis.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://stream.getmetrion.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.nl https://*.googlevideo.com https://*.googleusercontent.com https://*.googledomains.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://*.adservice.google.com https://*.facebook.net https://*.tiktok.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://widgets.trustedshops.com *.medewo.com *.rausch-packaging.com *.pack-verde.com 'self' data: 'unsafe-inline' data: *.paypal.com *.pay1.de *.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etrusted.com *.b-cdn.net *.optimonk.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.medewo.com *.rausch-packaging.com *.pack-verde.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etrusted.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com validate.fishpig.co.uk cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.medewo.com *.rausch-packaging.com *.pack-verde.com *.bing.com *.bing.net *.cookiefirst.com *.facebook.net *.googlesyndication.com *.google.de *.leadlab.click *.linkedin.com *.outbrain.com *.pingdom.net *.ratepay.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com 'self' data: blob: *.userlike.com *.doubleclick.net *.google.com *.googleapis.com dashboard.trustprofile.com *.facebook.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.apptrian.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.medewo.com *.rausch-packaging.com *.pack-verde.com *.bing.com *.cloudfront.net *.facebook.net *.google.de *.googlesyndication.com *.licdn.com *.outbrain.com *.pingdom.net *.leadlab.click *.cookiefirst.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.yotpo.com *.matelso.de *.b-cdn.net *.clarity.ms *.getresponse.com *.gr-cdn.com *.googleapis.com *.optimonk.com *.trustedshops.com *.hsforms.net *.hsforms.com *.gstatic.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com d.ratepay.com d.payla.io dr.payla.io *.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.medewo.com *.rausch-packaging.com *.pack-verde.com *.dnky.co *.dotdigital.com *.paypal.com *.ratepay.com *.pay1.de *.bing.com *.pingdom.net *.leadlab.click *.cookiefirst.com *.youtube.com *.adobedtm.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com 'self' 'unsafe-inline' data: *.optimonk.com cdn.datatables.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com www.apptrian.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.medewo.com *.rausch-packaging.com *.pack-verde.com *.facebook.com *.pay1.de *.bing.com *.googlesyndication.com *.omtrcd.net *.pingdom.net *.leadlab.click *.cookiefirst.com *.doubleclick.net *.userlike.com wss://*.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.outbrain.com *.matelso.de *.linkedin.com *.getresponse.com mpc-prod-17-s6uit34pua-wl.a.run.app *.googleapis.com *.optimonk.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ js.mollie.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net https://www.mollie.com *.multisafepay.com https://redchamps.com 'self' data: ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.disqus.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com js.mollie.com *.multisafepay.com https://pay.google.com tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.multisafepay.com *.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com *.multisafepay.com t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none';base-uri 'self';script-src 'nonce-_dWDBPUlP-je9wGN_115CA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-aOpFu-md846xU2ZnWOueTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-IfC54SN-xWqxhKEUInFC5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io js.stripe.com s.ytimg.com tagmanager.google.com transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; default-src 'self' *.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; upgrade-insecure-requests; connect-src 'self' cdn.transcend.io gtm.mozilla.org https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; form-action 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org; font-src 'self' www.mozilla.org; frame-ancestors 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.mozilla.org; base-uri 'none' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/www_google 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv75%3A(h%60duv-19cf956a7a1-0x1506#pd 1
default-src 'self'; script-src 'self' hubapi.com *.hubapi.com hubspot.com *.hubspot.com app.hubspot.com hubspotusercontent-na1.net *.hubspotusercontent-na1.net hsappstatic.net *.hsappstatic.net hs-banner.com *.hs-banner.com hsforms.com *.hsforms.com forms.hsforms.com *googletagmanager.com  https://munchkin.marketo.net https://snap.licdn.com *linkedin.com; 'unsafe-inline' https://trusted-cdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' forms.hscollectedforms.net *.hscollectedforms.net hubspot.com *.hubspot.com hubapi.com *.hubapi.com hsforms.com *.hsforms.com hsforms.net *.hsforms.net hsappstatic.net *.hsappstatic.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com cdn.cookielaw.org *.cookielaw.org www.google.com analytics.google.com  px.ads.linkedin.com *.linkedin.com; frame-ancestors 'none'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-P4pkOmf1d8IpMijZ+y3rlg=='; report-uri https://send.hsbrowserreports.com/csp/report 1
script-src 'report-sample' 'nonce-b6GTyutRYpcHNY_O10WgRg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /us/_/BgcMiscSites/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-_ir_ZbOGCeIojBqLjLyfVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qQ_6c60CFjBuzEGd3Y6odQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://www.yelp.com/csp_report_only?id=d732bfa25153271c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1773712252; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
script-src 'nonce-88d2MY5dhoN8FS947CZywA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-BTWJn2m3s9KCaKpp77hE5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-n4XwXb5dLSBwfQVGB4OnZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-A9fS-X60DYjtHsuLdNd_-A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=rrYaWE8V_3TeyyKt8.W0gFi46NG3Z4CjklXi0Kn.Pk8-1773712733.1274157-1.0.1.1-7lkmgNFk1TBLQDI0L7a0.94KDqmY_5RF.FBvpBmQ13e.zQIM00p03BgtTFxiaDFcnTVGOkiDfFG6LngIVqA3_ALRmhI0WXF2ZJC5Zz6veO9Cnph8bDjQSt7VIkNF4Q3PO7hQG8uEsbKPcvsADaEVmnAHuehNPAnCZ2BGJAZ11QjrEfAwBeIml8rC3tyRhGNC; report-to cf-csp-endpoint 1
script-src 'nonce-5S78BA8EwloeBZorzODeyA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=3d241b3f-bc3e-453c-9aa9-fe6606a690a5; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.co.uk *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv50.tj3kk-19cf985cad0-0x703#pd 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.de *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.de *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.de *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv27.%7Du%3Eof-19cf986cfcc-0x703#pd 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::ONET2_APROD_4_7_0 1
script-src 'nonce-vWNtXPCDCQK6amLb+1Br2w==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=3370028d-9a5a-4b3c-842e-e4b2c1577bca; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-lZBOe6E4HaCy5S6Vbm1Sqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content ; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-VoqkK0HsZfJ1ydctssW_0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src   'self'   'unsafe-inline'   'unsafe-eval'   'report-sample'   https://*.savagebeast.com   https://pandora.com   https://*.pandora.com   https://staging.cdn-net.com   https://cdn.cookielaw.org   https://assets.adobedtm.com   https://*.adsafeprotected.com   https://ep2.adtrafficquality.google   https://fundingchoicesmessages.google.com   https://*.googlesyndication.com   https://*.google-analytics.com   https://www.googletagmanager.com   https://www.googletagservices.com   https://imasdk.googleapis.com   https://storage.googleapis.com   https://*.doubleclick.net   https://*.doubleverify.com   https://pagead2.googlesyndication.com   https://s0.2mdn.net   https://cdn.branch.io   https://app.link   https://client.px-cloud.net   https://connect.facebook.net   https://sb.scorecardresearch.com   https://secure-us.imrworldwide.com   https://z.moatads.com   https://lex.33across.com   https://s.adroll.com   https://d.adroll.com   https://*.adswizz.com   https://ads.revjet.com   https://pix.revjet.com   https://seal.verisign.com   https://code.jquery.com   https://snap.licdn.com; report-uri https://o1407395.ingest.us.sentry.io/api/4505048133992448/security/?sentry_key=d15ac02981a04fb19de9b9d0a65da386&sentry_environment=production; report-to csp-endpoint; 1
script-src 'nonce-HxYXJDCdmB1U+PBuW8Jb4A==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=bb64f59c-be4b-4fc9-bd66-4afcf5bc98d9; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src 'self'; base-uri 'self'; font-src localhost:3000 *.www.ucla.edu www.ucla.edu cdn.jsdelivr.net; frame-src 'self' cse.google.com www.youtube.com www.google.com *.adtrafficquality.google; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu images.sidearmdev.com *.tiktokcdn-us.com *.fbcdn.net t.co analytics.twitter.com *.linkedin.com *.cdninstagram.com www.facebook.com www.googletagmanager.com *.uclabruins.com syndicatedsearch.goog *.adtrafficquality.google data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu snap.licdn.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com *.adtrafficquality.google *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com stats.g.doubleclick.net *.adtrafficquality.google; report-uri /csp-hotline.php 1
object-src 'none';base-uri 'self';script-src 'nonce-vr7__QBALVDBbL8Q23HRyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.it *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.it *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.it *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv75%3A(%3Fln7n-19cf9a96f77-0x703#pd 1
default-src 'self'; frame-src 'self' https://*.hsforms.net https://www.googletagmanager.com https://forms.hsforms.com https://*.chilipiper.com https://js.datadome.co https://dnaz0af4um3to.cloudfront.net https://cdn.cookielaw.org https://www.facebook.com https://calendly.com https://www.youtube-nocookie.com https://www.youtube.com https://*.captcha-delivery.com; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsforms.net https://www.googletagmanager.com https://forms.hsforms.com https://*.chilipiper.com https://js.datadome.co https://dnaz0af4um3to.cloudfront.net https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://snap.licdn.com https://bat.bing.com https://www.google-analytics.com https://www.redditstatic.com https://tracking.g2crowd.com https://connect.facebook.net https://cdn.cr-relay.com https://cdn.vector.co https://*.claydar.com https://*.hs-scripts.com https://cdn.userway.org https://*.matomo.cloud https://fast.wistia.com https://analytics.ahrefs.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.captcha-delivery.com https://*.hubspot.com https://static.hsappstatic.net https://assets.calendly.com https://browser.sentry-cdn.com https://www.youtube.com https://cdn-4.convertexperiments.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://fast.wistia.net data:; style-src 'self' 'unsafe-inline' https://*.hsforms.net https://forms.hsforms.com https://*.chilipiper.com https://dnaz0af4um3to.cloudfront.net https://fonts.googleapis.com https://cdn.userway.org https://assets.calendly.com https://*.captcha-delivery.com; connect-src *; media-src * blob:; worker-src 'self' blob:; report-to csp-report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1
default-src 'self'; base-uri 'self'; object-src 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://static.cloudflareinsights.com https://*.qualaroo.com https://cdn.typing.com https://cdn.intergient.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://config.playwire.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.qualaroo.com https://*.intergient.com; frame-src 'self' https://*.qualaroo.com https://*.doubleclick.net https://*.google.com https://cdn.typing.com https://cdn.intergient.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://classroom.google.com https://*.schoology.com https://*.typing.com https://*.adtrafficquality.google https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.google.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-mA6_Q5j86mngpbPz_t9vyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bypCGxYysv38HeJG0syysg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2KHLns3980rEqy6FRajkCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' https://ss.datasconsole.com; worker-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.coinmarketcap.com https://cdn.fuseplatform.net https://cdn.adx.ws https://cdn.cookielaw.org https://cdn4.buysellads.net https://btloader.com https://script.4dex.io https://www.google.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://ep2.adtrafficquality.google https://www.youtube.com https://s3.tradingview.com https://organizer.bizzabo.com https://telegram.org https://staticrecap.cgicgi.io https://unpkg.com/vconsole/dist/vconsole.min.js https://browser.sentry-cdn.com https://ajax.googleapis.com/ajax/libs/jquery/ https://www.recaptcha.net/recaptcha/; report-uri https://o230231.ingest.us.sentry.io/api/1773863/security/?sentry_key=f6a79779d88945e5bf5c2b7e74ee1ed8 1
object-src 'none';base-uri 'self';script-src 'nonce-vSSCfJVbkUqE2OAl1i0t9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src 'self' https://*.qualified.com; default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://*.qualified.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com wss://*.qualified.com https://*.qualified.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' mediastream: https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net https://*.qualified.com; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://*.qualified.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-wYpAOBypwv3oAzjKT92TWQ=='; style-src 'self' https://square-fonts-production-f.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com 'unsafe-inline' https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
connect-src 'self' *.licdn.com *.linkedin.com; script-src static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: *.licdn.com *.linkedin.com; media-src blob: 'self' *.licdn.com *.linkedin.com; frame-src 'self' *.licdn.com *.linkedin.com 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-DcvVyXTtjH4CGQYnNE47iA==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://cdn.ampproject.org https://consent.bumble.com https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/pagead *.googlesyndication.com *.typeform.com *.typeformcdn.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
object-src 'none';base-uri 'self';script-src 'nonce-toswP1VFfOps26LmBxW9Lg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-a0px0O8CGR0FQdbNR7HSfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
object-src 'none';base-uri 'self';script-src 'nonce-BB3YJdUGTkkyNMKEveMkyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' https://*.posthog.com https://www.youtube.com https://fast.wistia.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.posthog.com https://res.cloudinary.com https://www.gravatar.com https://raw.githubusercontent.com https://obuldanrptloktxcffvn.supabase.co https://cdn.shopify.com https://i.ytimg.com https://embed-ssl.wistia.com https://fast.wistia.com https://cdn.jsdelivr.net https://user-images.githubusercontent.com https://brandbadge.clearbit.com; font-src 'self' data: https://d27nj4tzr3d5tm.cloudfront.net https://res.cloudinary.com https://fonts.gstatic.com https://r2cdn.perplexity.ai https://fast.wistia.com https://use.typekit.net; connect-src 'self' https://*.posthog.com https://api.github.com https://lottie.host https://better-animal-d658c56969.strapiapp.com https://forms.default.com https://posthog.myshopify.com https://*.algolia.net https://*.algolianet.com https://api.io.inkeep.com https://fast.wistia.net https://fast.wistia.com https://embed-cloudfront.wistia.com https://api.inkeep.com; media-src 'self' https://d1hovhsvet4m1p.cloudfront.net https://res.cloudinary.com blob:; frame-src 'self' https://www.youtube-nocookie.com https://hogwars.vercel.app https://hedgehog-mode-playground.vercel.app; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none'; frame-ancestors 'none'; report-uri https://us.i.posthog.com/report/?token=sTMFPsFhdP1Ssg&sample_rate=0.1&v=1; report-to posthog 1
default-src 'self'; script-src 'self' https://cdn.wetransfer.com 'nonce-ca98d5a3-daa4-4074-b93e-ce5f141c4c1c' 'sha256-4hRuHNFOqK6I2GgL9T5HwGETI5qu8rNsCs1G/d5PPBk=' 'sha256-ZES/2z0cbUZYbmG6sgCzU453zUUUmmotyFwnZ7G8WaY=' 'sha256-NvzBT9rJnGEWMlHqwvXg6OHIegGdn5PsAP3YZ7RzmgE=' 'sha256-f/k++c7mXW35G13Y7R6PzP/vWuqKqAVF3ph0iisXZX0=' 'sha256-ws2EcVAq3u/bDFH4r+3pcRahQuX/HRlekAqTc6GnDWI=' blob: https://accounts.google.com https://tagging.wetransfer.com https://www.googletagmanager.com https://bat.bing.com https://cdn.cookielaw.org https://js.stripe.com https://public.profitwell.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms https://*.rokt.com https://*.hcaptcha.com https://*.typeform.com; style-src 'self' https://cdn.wetransfer.com 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com; font-src 'self' https://cdn.wetransfer.com https://fonts.gstatic.com; img-src 'self' data: blob: https://helios-assets.wetransferbeta.net https://helios-assets.wetransfer.net https://*.wetransfer.com https://*.wetransfer.net https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.hotjar.com https://bat.bing.com https://bat.bing.net https://cdn.cookielaw.org https://*.googleusercontent.com https://accounts.google.com https://www.googletagmanager.com https://*.amazonaws.com; connect-src 'self' https://wetransferbeta.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://wetransfer.com https://*.wetransfer.net https://*.wetransfer.com https://*.datadoghq.eu https://*.browser-intake-datadoghq.eu https://*.hcaptcha.com https://js.hcaptcha.com https://*.stripe.com https://wetransfer.zendesk.com https://app.launchdarkly.com wss://*.hotjar.com https://bat.bing.com https://bat.bing.net https://www.clarity.ms https://*.clarity.ms https://cdn.cookielaw.org https://*.onetrust.com https://*.profitwell.com https://fonts.googleapis.com https://accounts.google.com https://www.googletagmanager.com https://*.rokt.com https://*.adzerk.net https://*.googlesyndication.com https://*.googleusercontent.com https://*.typeform.com https://*.amazonaws.com; frame-src 'self' https://tagging.wetransfer.com https://*.stripe.com https://*.hcaptcha.com https://collectapp.page.link https://debugcollectapp.page.link https://*.wetransfer.net https://*.wetransfer.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.rokt.com; worker-src 'self' blob:; media-src 'self' blob: https://*.wetransfer.net https://wetransferplusimages.s3.eu-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; form-action 'self' https://webto.salesforce.com https://test.salesforce.com https://wetransfer.zendesk.com; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubabbc81b16855ec184b0753bf36600da1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afrontend-transfer%2Cenv%3Aproduction%2Cversion%3A94ffc923bdc5ead3e6cb6b8970057f8e3167efab 1
object-src 'none';base-uri 'self';script-src 'nonce-4vVk1RIQXjBS9hcG1fr6Jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https: https://www.google-analytics.com https://cdn.amplitude.com 'unsafe-eval' 'unsafe-inline' data: 'nonce-uZe1urlz5rA5nlC8pyjufw=='; worker-src blob: data:; report-uri https://us.sentry.io/api/4506690010480640/security/?sentry_key=aab2498373841041d6b48d721aefbdc1&sentry_environment=production&sentry_release=8288b246c7127b3e06d8e5e5fba5096d33954343 1
frame-ancestors 'self' https://*.webflow.com https://webflow.com https://app.intellimize.com; connect-src 'self' https://webflow.com https://*.webflow.com https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://webflow-assets.s3.us-east-1.amazonaws.com https://browser-intake-datadoghq.com https://statsigapi.net https://beyondwickedmapping.org https://cloudflare-dns.com https://featureassets.org https://prodregistryv2.org https://api.segment.io https://www.google-analytics.com https://*.clarity.ms https://050-lkc-745.mktoresp.com https://050-lkc-745.mktoutil.com https://bat.bing.com https://bat.bing.net https://cdn.dreamdata.cloud https://grsm.io https://partnerlinks.io https://pixel-config.reddit.com https://px.ads.linkedin.com https://q.quora.com https://tracking.goentri.com https://api.claydar.com https://api.goentri.com https://api.intellimize.co https://api.knock.app https://api.sprig.com https://app.clearbit.com https://log.intellimize.co wss://api.knock.app https://*.doubleclick.net https://www.facebook.com https://www.googleadservices.com https://www.googleservices.com https://cdn.birdie.so https://cf.birdie.so https://sock.birdie.so https://sockr.birdie.so wss://sock.birdie.so wss://sockr.birdie.so https://*.px-cdn.net https://*.px-client.net https://*.px-cloud.net https://*.pxchk.net https://c.6sc.co https://ipv6.6sc.co https://telemetry.us.transcend.io https://transcend-cdn.com https://tzm.px-cloud.net https://distillery.wistia.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://pipedream.wistia.com https://app.qualified.com wss://ws7.qualified.com https://webflow-prod-assets.s3.amazonaws.com https://webflow-tmp-csv-import-production.s3.amazonaws.com https://www.google.ae https://www.google.al https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bg https://www.google.bj https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.za https://www.google.co.zm https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.kw https://www.google.com.mx https://www.google.com.ng https://www.google.com.np https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.mg https://www.google.mw https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk; style-src 'self' 'unsafe-inline' https://d3e54v103j8qbb.cloudfront.net https://fonts.googleapis.com https://accounts.google.com https://cdn.birdie.so https://cdn.jsdelivr.net https://cdn.prod.website-files.com https://dhygzobemt712.cloudfront.net https://www.gstatic.com; img-src 'self' https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://webflow-assets.s3.us-east-1.amazonaws.com https://*.webflow.com https://account-assets.knock.app https://q.quora.com; report-uri https://webflow.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-laBFCrETy2Zdu3MXrPcNIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uN1lahNH05XwJnVPjhJGGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CuleSP2Lkudc2UvC8hBUlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-c3c9984e9a374b7c8349b142e4e743b7' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytegoofy.com;img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn;report-to slardar-endpoint;style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline';manifest-src *.bytednsdoc.com;frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-0cAdZU0dbeY/I6U643S9TA=='; report-uri https://send.hsbrowserreports.com/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BuSdTOLHJjXoOBE1rxg2nA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZzKJh92E1rrhyhnGWUvHHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rlv4c7NMYAfqYHMnVp0Feg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qmIXQ888-3LwxVs48bRKsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TLfIB4fUyymYXsbxGjKRlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-Z-9zTslwzx7-SKSGT5UUv' *.bytescm.com *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.toutiaostatic.com;style-src 'self' 'unsafe-inline' *.toutiaoimg.com *.bdxiguaimg.com *.bytescm.com *.bytegoofy.com *.douyinstatic.com *.toutiao.com *.toutiaostatic.com *.bytedance.net cdn.bootcss.com;connect-src 'self' wss: ws: data: blob: http://localhost:* toutiao.govwza.cn *.bytedance.net *.bytedance.com *.snssdk.com *.toutiaostatic.com *.bytescm.com *.toutiao.com *.bytetcc.com *.zijieapi.com *.yhgfb-cn-static.com *.toutiaovod.com *.bytednsdoc.com *.ibytedapm.com *.bytedanceapi.com *.google-analytics.com *.douyinstatic.com *.douyinvod.com *.bytegoofy.com *.bytetos.com *.toutiaoimg.com *.huoshanstatic.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:*  *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:*  *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.qnqcdn.net:*  *.jomoxc.com *.jomoxd.com *.a.bdycdn.cn *.hiecheimaetu.com:* *.ppio.cloud:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.vegslb.com:*;upgrade-insecure-requests;frame-ancestors 'self' *.bytedance.net *.snssdk.com shiqu.cn *.shiqu.cn zhan.vivo.com wukong.vivo.com.cn *.feishuapp.cn *.toutiao.com *.bytescm.com *.jiyunhudong.com *.bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-K_OTlGjuhSyC99V7cqhZNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BwHeDaBmhvQyZfH_hMYruQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gNvD9tpq6Smk5xKUVafZTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';connect-src 'self' https: https://www.recaptcha.net https://challenges.cloudflare.com wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.recaptcha.net https://challenges.cloudflare.com https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'sha256-l/3fcn6MZG0SSVJq6fOLe49ZKIjbWdNzhreJz7KQ/1M=' 'sha256-+MedjqNIfWWYUGuHJ53XLEjzmGDCp9Om50MVUO/C/zo=' https://ieatest.blob.core.windows.net https://iea.blob.core.windows.net 'nonce-EeSIq7dcy3uujwUdJD5aUXvUeCFZ2Isb';style-src 'self' https: 'unsafe-inline';worker-src https://ieatest.blob.core.windows.net https://iea.blob.core.windows.net;frame-ancestors 'self' 1
script-src https://accounts.google.com/gsi/client; frame-src https://accounts.google.com/gsi/; connect-src https://accounts.google.com/gsi/; 1
object-src 'none';base-uri 'self';script-src 'nonce-2aglMT7z-Cy6lVGRA3g5gA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CKwVC8pvLn0rN5ZNwHMt2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ebPOMI_Jj2AyAwMnCiMIgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4rl7TCwKKrrkThVSsNXGxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1
object-src 'none';base-uri 'self';script-src 'nonce-ThVYLfWJuZaqbirnaqNjEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JRjdhcU7MAC1fXoMOUwJhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eoaJiLxPu2d4pjNiy0Slhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nx79AyJ-5l6HPlXYEt6O0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NUzP1PSFUxWANZWLMV1Ghg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EOr99ySvEfbEqXFaCi5FIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.stripe.com *.braintreegateway.com *.googleadservices.com *.googletagservices.com *.googleapis.com cdnjs.cloudflare.com unpkg.com cdn.datatables.net connect.facebook.net *.google.com *.recaptcha.net recaptcha.net *.marinetraffic.com *.googletagmanager.com *.wootric.com *.segment.com *.hotjar.com *.licdn.com *.inmobi.com *.profitwell.com *.kpler.com *.intercom.io *.intercomcdn.com *.doubleclick.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com *.hs-banner.com *.hs-analytics.net static.cloudflareinsights.com cdn.dreamdata.cloud *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com unpkg.com netdna.bootstrapcdn.com cdn.datatables.net *.kpler.com *.gstatic.com; img-src 'self' data: blob: https:; media-src 'self' data: *.intercomcdn.com; worker-src 'self' blob:; connect-src 'self' https: wss://*.marinetraffic.com wss://*.intercom.io wss://*.hotjar.com; font-src 'self' data: *.marinetraffic.com *.gstatic.com netdna.bootstrapcdn.com *.intercomcdn.com; frame-src 'self' *.google.com *.googletagmanager.com *.stripe.com *.hotjar.com *.intercom.io *.facebook.com recaptcha.net; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; report-uri /csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-0yfZyec1uVpuVlc7kwmodQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5TtaIldvhoS7k7vybsknww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--LIEKZlVbWi_CoZg48jVwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ESJ-K9gLLBa5IoSRL7psrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Yb9fJNVYtQMXfNMhs4ZrTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WbWceZr8q_HKy-V9aQQ5IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-Ju9a7r/MJr9JXEQLrpJ3awO/fVu6LPz4Lb8lUqNtMYQ7160IvemjTu+fHX9y8DUAZV1zmlGkAN7ulko0rO8iRCPNqBb/MCkqAOD72GDw5xEpA2r0OobwUCEGZ/QDTwTAgRdJzvQOEIVCUOMPzhC5u4N5US5lqUXh10BD8T/OWS8=' 'unsafe-inline' 'unsafe-hashes' 'sha256-EnSEfJP4zhNQBFAozjuyelc0fm4jWf9phCiK96htyGc=' 'sha256-ZcYoif0YqFumWAFmINgDs5Q+4Phz/zqLrkV1G++X3TU=' 'unsafe-eval' 'strict-dynamic' https: https://wcpstatic.microsoft.com/; base-uri 'none'; object-src 'none'; require-trusted-types-for 'script'; trusted-types default dompurify dynamic-style twitter-parser embed-code script-url 1DSScriptURL MeControlScriptURL  trusted-script youtube-widget-api copy-html; report-uri https://csp.microsoft.com/report/OfficeSway-PROD; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-3upV72u7lGoUdKXRxq0bQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LXSGBm98XU-Lriiplknn_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-woBJODLFKyDkw3QYo1G6fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src peatix.com *.peatix.com cdn.peatix.com peatix-api.com data:; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.com.au *.ebay.au *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.com.au *.ebay.au *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.com.au *.ebay.au *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv50.7pc7o-19cf96dabb3-0x604#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-I5t5VQJee4cGcD6WchpUEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-T3E0rIgrmf3G-r8tsWF_xA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9DzaaxGyQ_3zQ3UJNPsguQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.ca *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.ca *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.ca *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv5%3F.ov1qg-19cf9724206-0x2606#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-eCPizPrMJYGJfEcE88mgGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-s8gl85bww3SKj46krI1uRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-s_wS5FOp1TT0ej_vyO7YdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tXqYScRqQVc5KrA4mzujuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IPVVNPymdFd0wg8CamPbVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; report-uri /+cspreport/log; 1
object-src 'none';base-uri 'self';script-src 'nonce-kIL9it05wgC7KptUFcOTsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.fr *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.fr *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.fr *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv7%3F2(e%3E6ap-19cf99def57-0x702#pd 1
script-src 'report-sample' 'nonce-f9x6wpErEwMrbRpMcrFk3w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /us/_/ThinkWithGoogle/cspreport 1
report-to slardar-endpoint; upgrade-insecure-requests ; frame-ancestors 'self' *.toutiao.com *.douyin.com *.bytedance.com *.bytedance.net tcs.jiyunhudong.com aup.jijixiangshangabc.com chrome-extension://dbjibobgilijgolhjdcbdebjhejelffo chrome-extension://molcibnmfbjmmfbefjfcafdeabfniobi chrome-extension://capohkkfagimodmlpnahjoijgooocdjhd chrome-extension://mijalhmcgaaaggjfhkliffkanfhimhch chrome-extension://obkcimipmjdkghadnfcjojepocldeggd chrome-extension://epjhdbhhoeemcbbbgkimcfndcbjapdaa safari-web-extension:; script-src 'nonce-e51933b8f61918abf231edc8ea1c99f7-argus' blob: data: 'self' 'unsafe-eval' 'report-sample' 'strict-dynamic'  'unsafe-inline' https:; base-uri 'self'; object-src 'self'; frame-src 'self' *.toutiao.com *.douyin.com *.bytedance.com *.bytedance.net tcs.jiyunhudong.com aup.jijixiangshangabc.com;report-uri https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=flow_web; 1
object-src 'none';base-uri 'self';script-src 'nonce-oklRxrM2LQI-dApvIZ4N0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OcqLEzx_xWTyb3jaUV05Bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';script-src 'self' *.aliyun.com *.alicdn.com dxwebview: *.qwen.ai qwen.ai *.alibaba.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' 'report-sample' https: http: 'nonce-YQWMTEcydvG5iwemx7HkMw' 'Strict-Dynamic' 'unsafe-hashes';frame-src 'self'  *.aliyun.com *.alicdn.com td.doubleclick.net *.alibaba-inc.com qwenlm.io *.alibabacloud.com dxwebview: *.qwen.ai qwen.ai www.youtube.com;worker-src blob: 'self';object-src 'none';frame-ancestors 'self' *.aliyun.com *.alibabacloud.com;report-uri /report-csp 1
default-src 'self'; script-src 'self' https://cdn.wetransfer.com 'nonce-a9094c75-0d3e-4cd6-9a7d-be47624bd5c6' 'sha256-4hRuHNFOqK6I2GgL9T5HwGETI5qu8rNsCs1G/d5PPBk=' 'sha256-ZES/2z0cbUZYbmG6sgCzU453zUUUmmotyFwnZ7G8WaY=' 'sha256-NvzBT9rJnGEWMlHqwvXg6OHIegGdn5PsAP3YZ7RzmgE=' 'sha256-f/k++c7mXW35G13Y7R6PzP/vWuqKqAVF3ph0iisXZX0=' 'sha256-ws2EcVAq3u/bDFH4r+3pcRahQuX/HRlekAqTc6GnDWI=' blob: https://accounts.google.com https://tagging.wetransfer.com https://www.googletagmanager.com https://bat.bing.com https://cdn.cookielaw.org https://js.stripe.com https://public.profitwell.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms https://*.rokt.com https://*.hcaptcha.com https://*.typeform.com; style-src 'self' https://cdn.wetransfer.com 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com; font-src 'self' https://cdn.wetransfer.com https://fonts.gstatic.com; img-src 'self' data: blob: https://helios-assets.wetransferbeta.net https://helios-assets.wetransfer.net https://*.wetransfer.com https://*.wetransfer.net https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.hotjar.com https://bat.bing.com https://bat.bing.net https://cdn.cookielaw.org https://*.googleusercontent.com https://accounts.google.com https://www.googletagmanager.com https://*.amazonaws.com; connect-src 'self' https://wetransferbeta.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://wetransfer.com https://*.wetransfer.net https://*.wetransfer.com https://*.datadoghq.eu https://*.browser-intake-datadoghq.eu https://*.hcaptcha.com https://js.hcaptcha.com https://*.stripe.com https://wetransfer.zendesk.com https://app.launchdarkly.com wss://*.hotjar.com https://bat.bing.com https://bat.bing.net https://www.clarity.ms https://*.clarity.ms https://cdn.cookielaw.org https://*.onetrust.com https://*.profitwell.com https://fonts.googleapis.com https://accounts.google.com https://www.googletagmanager.com https://*.rokt.com https://*.adzerk.net https://*.googlesyndication.com https://*.googleusercontent.com https://*.typeform.com https://*.amazonaws.com; frame-src 'self' https://tagging.wetransfer.com https://*.stripe.com https://*.hcaptcha.com https://collectapp.page.link https://debugcollectapp.page.link https://*.wetransfer.net https://*.wetransfer.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.rokt.com; worker-src 'self' blob:; media-src 'self' blob: https://*.wetransfer.net https://wetransferplusimages.s3.eu-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; form-action 'self' https://webto.salesforce.com https://test.salesforce.com https://wetransfer.zendesk.com; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubabbc81b16855ec184b0753bf36600da1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afrontend-transfer%2Cenv%3Aproduction%2Cversion%3A94ffc923bdc5ead3e6cb6b8970057f8e3167efab 1
default-src 'self' 'unsafe-inline' *.epfl.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.epfl.ch https://*.cast.switch.ch https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com; object-src 'none'; connect-src 'self' *.epfl.ch https://*.cast.switch.ch https://*.cloudfront.net https://*.google-analytics.com https://api.cdnjs.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' *.epfl.ch https://api.cast.switch.ch https://datawrapper.dwcdn.net https://platform.twitter.com https://player.vimeo.com https://www.instagram.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' *.epfl.ch https://fonts.googleapis.com; font-src 'self' data: *.epfl.ch https://fonts.gstatic.com; media-src 'self' data: *.epfl.ch https://*.cloudfront.net; img-src * data: https://s.w.org https://syndication.twitter.com https://www.google-analytics.com; worker-src 'none' blob:; report-uri https://report-uri.epfl.ch/csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-RPsXOxZN6c0tZnXeyYX62Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_kqMcu1VoZHQbUMjgGDhTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vnG6IzWj0PY_1BztQKyxgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--hXXUnhSaV4jyZS32uZDXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-aAjRlbnLyMj7JZZZ/UgpAw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=ca57753c-acfa-4ee5-a807-b25d8757ee2d; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
object-src 'none';base-uri 'self';script-src 'nonce-UnJZp-jP7gX_c97AIrOGqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QEBliAbX36KGqJglBzwIOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://www.google.com; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.uicdn.com *.mail.com *.ui-portal.de *.doubleclick.net *.primis.tech *.sekindo.com *.amazon-adsystem.com www.googletagmanager.com *.googlesyndication.com *.adtrafficquality.google *.googleapis.com *.script.ac *.2mdn.net; style-src 'self' 'unsafe-inline' *.uicdn.com *.primis.tech *.sekindo.com *.googleapis.com *.mail.com; font-src 'self' *.uicdn.com *.gstatic.com *.mail.com; img-src 'self' data: blob: *.uicdn.com *.ui-portal.de *.google.de *.google.com *.doubleclick.net *.primis.tech *.sekindo.com *.intentiq.com *.adtrafficquality.google *.mail.com *.taboola.com *.criteo.com *.criteo.net united-infos.net *.adition.com *.googletagmanager.com *.googlesyndication.com *.quantserve.com *.bidswitch.net *.adsrvr.org *.loopme.me *.casalemedia.com *.3lift.com *.rubiconproject.com *.yahoo.com *.tremorhub.com *.media.net *.lijit.com *.stickyadstv.com *.smartadserver.com *.adform.net *.sharethrough.com *.1rx.io *.kueezrtb.com *.ingage.tech *.a-mo.net *.yieldmo.com *.inmobi.com *.ottadvisors.com *.fwmrm.net *.adnxs.com domself.de *.ads.linkedin.com *.a-mx.com *.pubmatic.com *.unrulymedia.com *.openx.net *.visx.net *.360yield.com *.amazon-adsystem.com *.opera.com *.outbrain.com *.turn.com *.ctnsnet.com *.admanmedia.com *.temu.com; connect-src 'self' data: *.mail.com *.ui-portal.de *.gstatic.com *.google-analytics.com *.analytics.google.com *.criteo.com *.criteo.net *.taboola.com *.id5-sync.com id5-sync.com *.eu-1-id5-sync.com *.adsrvr.org *.primis.tech *.sekindo.com *.doubleclick.net *.googlesyndication.com *.amazon-adsystem.com *.adtrafficquality.google *.crwdcntrl.net *.intentiq.com *.uicdn.com *.adition.com *.rlcdn.com united-infos.net *.pubmatic.com *.openx.net *.sharethrough.com *.rubiconproject.com *.primis-tech.org *.dnacdn.net dnacdn.net *.casalemedia.com *.adnxs-simple.com *.smartadserver.com; frame-src 'self' *.mail.com *.doubleclick.net www.googletagmanager.com *.googlesyndication.com *.adtrafficquality.google *.google.com *.primis.tech *.sekindo.com *.pubmatic.com *.openx.net *.yellowblue.io *.googleapis.com; media-src 'self' blob: *.primis.tech *.sekindo.com; frame-ancestors *.mail.com; object-src 'none'; block-all-mixed-content 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/  ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js *.abtasty.com *.adsafeprotected.com *.amplitude.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com sugg.search.yahoo.net/sg/ bat.bing.com www.clarity.ms tags.clickagy.com t.contentsquare.net app.contentsquare.com cdn.cookielaw.org swagbucks.disqus.com/embed.js swagbucks-qa.disqus.com/embed.js googleads.g.doubleclick.net *.doubleverify.com www.dwin1.com pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ *.equalweb.com cdn.us.heap-api.com cdn.heapanalytics.com heapanalytics.com cdn.hellosign.com hideout.tv script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure-gl.imrworldwide.com secure.insightexpressai.com surveys.insightexpressai.com media-cdn.ipredictive.com app.lifesight.io/personica.js global.localizecdn.com api.maruusurv-serving.com img.macromill.com privacyportal-cdn.onetrust.com on-device.com www.paypalobjects.com aalert.peanutlabs.com pix.pub api.prsrvy.com rules.quantcount.com secure.quantserve.com idsync.reson8.com publishers.revenueuniverse.com wsdk.rokt.com cn.rtclx.com *.scorecardresearch.com classic.slingo.com js.stripe.com jsd.supersonicads.com js.swagbucks.com cdn.taboola.com analytics.tiktok.com transcend-cdn.com widget.trustpilot.com platform.twitter.com web-sdk.urbanairship.com *.voicefive.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io cdn.wootric.com static.zdassets.com assets.zendesk.com www.p.zjptg.com/tag/ cdnjs.cloudflare.com/ajax/libs/crypto-js/ cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js cdnjs.cloudflare.com/polyfill/ d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js *.verisoul.ai *.zendesk.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/  ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js *.abtasty.com *.adsafeprotected.com *.amplitude.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com sugg.search.yahoo.net/sg/ bat.bing.com www.clarity.ms tags.clickagy.com t.contentsquare.net app.contentsquare.com cdn.cookielaw.org swagbucks.disqus.com/embed.js swagbucks-qa.disqus.com/embed.js googleads.g.doubleclick.net *.doubleverify.com www.dwin1.com pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ *.equalweb.com cdn.us.heap-api.com cdn.heapanalytics.com heapanalytics.com cdn.hellosign.com hideout.tv script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure-gl.imrworldwide.com secure.insightexpressai.com surveys.insightexpressai.com media-cdn.ipredictive.com app.lifesight.io/personica.js global.localizecdn.com api.maruusurv-serving.com img.macromill.com privacyportal-cdn.onetrust.com on-device.com www.paypalobjects.com aalert.peanutlabs.com pix.pub api.prsrvy.com rules.quantcount.com secure.quantserve.com idsync.reson8.com publishers.revenueuniverse.com wsdk.rokt.com cn.rtclx.com *.scorecardresearch.com classic.slingo.com js.stripe.com jsd.supersonicads.com js.swagbucks.com cdn.taboola.com analytics.tiktok.com transcend-cdn.com widget.trustpilot.com platform.twitter.com web-sdk.urbanairship.com *.voicefive.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io cdn.wootric.com static.zdassets.com assets.zendesk.com www.p.zjptg.com/tag/ cdnjs.cloudflare.com/ajax/libs/crypto-js/ cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js cdnjs.cloudflare.com/polyfill/ d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js *.verisoul.ai *.zendesk.com; report-uri https://csp.prodege.workers.dev/report 1
script-src 'nonce-tBv43WDy3q6+mkFVsGCj6w==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=fdaa9b7f-e492-441f-a042-3de137766db4; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betgenius.com *.betgenius.com bing.com *.bing.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu kameleoon.io *.kameleoon.io optimove.net *.optimove.net sportradar.com *.sportradar.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery bet.br *.bet.br google-analytics.com *.google-analytics.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com sportradarserving.com *.sportradarserving.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=124Ijobb7qvcMUpdlN5iHTKA34pmxUEp4hEHxF5rtaE-1773709741-1.0.1.1-nmmu1Ksd6B3VkLhfZqhbKuz7wdBVN8D_bF3XEFQBCd0Hk0fv8rrksVGybP57.FR1jLOnn4rF43Hi1GuPzF_4MJmAGmWzizRmFebNqrAENKZg4dMRlb0NDJLsE0BfanyM8CcyiFP.yDCuYd9_tlDPCuuy6zfKZUTemZKgeD3YEnIz0x1VESe6feL8lCarru_4N4QDngy7f8NCkoXAWR.oYg; report-to cf-kqfctwbjzekgncpa 1
object-src 'none';base-uri 'self';script-src 'nonce-rGqgxKLm0Af2jziXBphMvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.googleadservices.com/pagead/conversion/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.google.com/js/bg/ https://www.gstatic.com/external_hosted/highlightjs/highlight.pack.js https://www.gstatic.com/monaco_editor/ https://fonts.gstatic.com/s/e/notoemoji/search/wrapper.js https://www.youtube.com/iframe_api https://translate.google.com/translate_a/element.js https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://maps.googleapis.com/maps/api/js https://www.gstatic.com/_/mss/boq-bard-web/_/js/k=boq-bard-web.BardChatUi.en_US.4Q6w-5g-hMM.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/BardChatUi/cspreport/fine-allowlist 1
object-src 'none';base-uri 'self';script-src 'nonce-39I1N2nzROfvUQqEge444Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'nonce-Jjo8ei0jYueKDbEyIR2vWg==' 'strict-dynamic' 'self' 'report-sample'; report-uri https://us.i.posthog.com/report/?token=phc_xdBVCyOkYw40Pqd7xp5Er88lGq2IGFd4kZHRiKvvkjr&v=3 1
object-src 'none';base-uri 'self';script-src 'nonce-ifbrl4AIKPmcgydZbdPgBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-V6XaxWwFDFv-n3oae6jf6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'nonce-b2e65abbeed70f65236dc8f7ff034fe7' 'self' data: https: blob:; img-src 'self' data: https: http: blob:; script-src 'nonce-b2e65abbeed70f65236dc8f7ff034fe7' 'self' 'nonce-EA6239DA700CB1DCBED337990ACF7DE528C0F2BA5443C8E7BA0802BA14CD246E' *.enable-now.cloud.sap *.salesforceliveagent.com *.siteintercept.qualtrics.com *.walkme.com *.liveperson.net *.ssl.ak.dynamic.tiles.virtualearth.net *.concursolutions.com *.sapdas-staging.cloud.sap *.sapdas.cloud.sap code.jquery.com consent.trustarc.com dev.virtualearth.net storage.glancecdn.net www.glancecdn.net www.google-analytics.com assets.adobedtm.com bam.nr-data.net maps.googleapis.com www.google-analytics.com www.googletagmanager.com siteintercept.qualtrics.com ajax.googleapis.com static.contextall.com *.bing.com www.vfmii.com blob:; style-src 'self' 'unsafe-inline' https: blob:; connect-src wss://*.glance.net 'self' https:; report-uri https://concursolutions.report-uri.com/r/t/csp/reportOnly; report-to report-only 1
object-src 'none';base-uri 'self';script-src 'nonce-4O2Y2ZlV30TUQcXYH7zWBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline'; connect-src *; font-src 'self' data:; frame-src *; img-src 'self' data: https://core-renderer-tiles.maps.yandex.net https://yandex.ru/ https://api-maps.yandex.ru https://mc.yandex.ru/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api-maps.yandex.ru https://mc.yandex.ru/metrika/tag.js https://cdn.redoc.ly; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://api-maps.yandex.ru/ https://mc.yandex.ru/metrika/tag.js https://smartcaptcha.yandexcloud.net/captcha.js https://cdn.redoc.ly; object-src none; report-uri https://csp.nspk.ru/report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-HKuGSRT+D8S+WN866jBdkw=='; report-uri https://send.hsbrowserreports.com/csp/report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com 1
object-src 'none';base-uri 'self';script-src 'nonce-SvSbVs_Rcl3DKZjzpyjXLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook 1
object-src 'none';base-uri 'self';script-src 'nonce-MrTSxmk0vc-jdKjXfb4v8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'report-sample' addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://code.jquery.com https://science-catalog.fws.gov https://touchpoints.app.cloud.gov https://unpkg.com https://www.google.com maps.google.com unpkg.com; style-src 'self' 'report-sample' addtocalendar.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://fonts.googleapis.com https://science-catalog.fws.gov https://unpkg.com unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.kolesa.kz https://kolesa.kz wss://*.kolesa.kz https://sentry-common.kolesa.team yastatic.net *.adfox.ru *.yandex.ru *.yandex.net *.yandex.kz *.yandex.com yandex.ru yandex.kz yandex.com yandexadexchange.net *.ftd.agency *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.kz *.google.co.uz *.googlesyndication.com *.googleadservices.com *.gstatic.com *.ampproject.org *.segmentstream.com *.facebook.net *.facebook.com *.tiktok.com *.youtube.com; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-J3ip-7FSfDtBwwy_1KR5Sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gVrSLlcOeFgKo4VhWrkuLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RL3K4ECo_rF6Ratj8AZmvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-j8ZYKjj2o6HRDkb5Hv3qQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RLwDzipTkYAd2edLoBouoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-F-n0M4scTSMOQ0W1UvB9ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qhBPkyuEvIXL-0ty_8FAnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; object-src 'none'; report-to https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub5b9d250bbda65cde913b47e33482ee7e&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod%2Cservice%3Aameno%2Cversion%3Abrlm_1.81.1; 1
object-src 'none';base-uri 'self';script-src 'nonce-OJaezE9P0epa_rkr_r7yKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-MfMENoTHnkxTK9FEZsh2jA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-eKd8VHMlBGEixk552dKCfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';script-src-elem 'self' https://snap.licdn.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.googletagmanager.com/gtag/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://x.clearbitjs.com/ https://reveal.clearbit.com/ https://tag.clearbitscripts.com/ https://cdn.koala.live/ https://app.leandata.com/ https://www.datadoghq-browser-agent.com/ https://cdn.jsdelivr.net/ https://browser.sentry-cdn.com/ 'nonce-98985fcf35e646a5';report-uri /api/report_csp_violation;object-src 'self';form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-FNdTMAjj0DGLiSNb5fTrFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ot5MkiUjHiL2OIpYToqFKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ObG4uLf7bS5lIBSZ8HERgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 1
object-src 'none';base-uri 'self';script-src 'nonce-_t_U46m1iEtsMA4YpjnzuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8EE1yYtOp9IKj0Cq295RKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https://s3.amazonaws.com/media.nngroup.com/ https://media.nngroup.com; img-src 'self' https://s3.amazonaws.com/media.nngroup.com/ https://media.nngroup.com; connect-src 'self'; font-src 'self' https://s3.amazonaws.com/media.nngroup.com/ https://media.nngroup.com; default-src 'self'; style-src 'self' https://s3.amazonaws.com/media.nngroup.com/ https://media.nngroup.com 1
script-src 'strict-dynamic' 'self' https: 'nonce-05066c1bc9d97d5df3c4dc54a0117dd1c161337e'; script-src-elem 'self' 'nonce-05066c1bc9d97d5df3c4dc54a0117dd1c161337e'; object-src 'none'; base-uri 'none'; report-to csp-report; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-Ic3VW0bZ7N4KyostXEYZDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tDIiCaUcjcSSTSsOlQ_9EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-3M7P6j16ryFGQq5nK4ksOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-o0dPd9qulC0VoOdxZR1fRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fuc_AnA_pps0rKUG_X52Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'nonce-qrvAzi9IU2igV1VO6grtSZejLiTBQ+Oygctdixmdmlw=' 'strict-dynamic' https:; script-src 'nonce-qrvAzi9IU2igV1VO6grtSZejLiTBQ+Oygctdixmdmlw='  'sha512-gU7kztaQEl7SHJyraPfZLQCNnrKdaQi5ndOyt4L4UPL/FHDd/uB9Je6KDARIqwnNNE27hnqoWLBq+Kpe4iHfeQ==' 'sha512-DXYctkkhmMYJ4vYp4Dm6jprD4ZareZ7ud/d9mGCKif/Dt3FnN95SjogHvwKvxXHoMAAkZX6EO6ePwpDIR1Y8jw==' 'sha512-mz4SrGyk+dtPY9MNYOMkD81gp8ajViZ4S0VDuM/Zqg40cg9xgIBYSiL5fN79Htbz4f2+uR9lrDO6mgcjM+NAXA==' 'sha512-pnt8OPBTOklRd4/iSW7msOiCVO4uvffF17Egr3c7AaN0h3qFnSu7L6UmdZJUCednMhhruTLRq7X9WbyAWNBegw=='  'strict-dynamic' https:; font-src 'self' https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/fonts/ https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/icons/ 'nonce-qrvAzi9IU2igV1VO6grtSZejLiTBQ+Oygctdixmdmlw='; base-uri 'none'; form-action 'self' 'nonce-qrvAzi9IU2igV1VO6grtSZejLiTBQ+Oygctdixmdmlw='; style-src 'self' 'nonce-qrvAzi9IU2igV1VO6grtSZejLiTBQ+Oygctdixmdmlw='; report-uri ; object-src 'none'; frame-ancestors 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Myue9DTrodHfpXcdzaF_Jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZcwhwbPDAzn0F3aWnTAX3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mORkkxDUe5KDzKNiYWs54g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'nonce-ncoHS6pOOvNs8416AzCVpg==' 'strict-dynamic' 'self' 'report-sample'; report-uri https://us.i.posthog.com/report/?token=phc_xdBVCyOkYw40Pqd7xp5Er88lGq2IGFd4kZHRiKvvkjr&v=3 1
object-src 'none';base-uri 'self';script-src 'nonce-slpcU5S7TAL4gtCjrkOS4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hrwrk88ZGKGATZTTDKHJ1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EYcFinhV5_puEYRnQPUCNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src 'self' https://*.qualified.com; default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://*.qualified.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com wss://*.qualified.com https://*.qualified.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' mediastream: https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net https://*.qualified.com; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://*.qualified.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-N8Flur2Z385lgXBwGczoAg=='; style-src 'self' https://square-fonts-production-f.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com 'unsafe-inline' https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
object-src 'none';base-uri 'self';script-src 'nonce-PLplbHseYBBQAiEl2grjXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jgVMZit7p4TMUfFDVpO-KA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' *.cdn.content.amplience.net *.staging.bigcontent.io *.algolia.net direct-collect.dy-api.eu rcom-eu.dynamicyield.com st-eu.dynamicyield.com async-px-eu.dynamicyield.com direct.dy-api.eu *.algolianet.com *.worldline-solutions.com *.ingenico.com *.ideal-postcodes.co.uk *.criteo.com www.bing.com dev.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net insights.algolia.io *.scoota.co *.criteo.net adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com *.accdab.net apps.bazaarvoice.com display.ugc.bazaarvoice.com static.cloudflareinsights.com staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com https://api-eu.jdadelivers.com collection.decibelinsight.net cdn.decibelinsight.net *.decibel.com wss://collection.decibelinsight.net wss://cdn.decibelinsight.net *.digital-cloud.medallia.eu bam.nr-data.net ingressteam.cloudflareaccess.com *.google-analytics.com analytics.tiktok.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com *.analytics.google.com www.google.com google.com api2.asda.com ghs-mm.asda.com https://cdn-eu.dynamicyield.com/scripts/2.74.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.72.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.68.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.66.0/dy-coll-nojq-min.js cdn-eu.dynamicyield.com api.bazaarvoice.com bat.bing.net; default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' *; frame-ancestors 'self' *.amplience.net; img-src 'self' *.commercecloud.salesforce.com *.media.amplience.net data: asda.a.bigcontent.io asdagroceries.scene7.com *.assets-asda.com *.dynamicyield.com *.criteo.com retailmedia-static.azureedge.net staticassets-creator-design.criteo.net t.ssl.ak.dynamic.tiles.virtualearth.net www.bing.com *.scoota.co adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com analytics.tiktok.com region1.analytics.google.com www.google.co.uk fonts.gstatic.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com adservice.google.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com www.google.com google.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net gum.criteo.com x.bidswitch.net r.casalemedia.com cm.g.doubleclick.net secure.adnxs.com simage2.pubmatic.com pixel.rubiconproject.com sync-criteo.ads.yieldmo.com hb.yahoo.net sync-t1.taboola.com haq81g6w.micpn.com *.bazaarvoice.com d1fd8aj8bhyfe9.cloudfront.net synchroscript.deliveryengine.adswizz.com us-u.openx.net cms.analytics.yahoo.com; media-src 'self' asdagroceries.scene7.com s7d2.scene7.com *.scoota.co static.criteo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' apps.rokt.com storage.googleapis.com *.algolia.net cdn-eu.dynamicyield.com st-eu.dynamicyield.com *.worldline-solutions.com *.ingenico.com assets.adobedtm.com www.bing.com r.bing.com dev.virtualearth.net *.scoota.co asdagroceries.scene7.com ui.assets-asda.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com *.accdab.net *.criteo.com *.hlserve.com apps.bazaarvoice.com display.ugc.bazaarvoice.com stg.api.bazaarvoice.com static.cloudflareinsights.com mpsnare.iesnare.com collection.decibelinsight.net cdn.decibelinsight.net *.decibel.com blob: *.digital-cloud.medallia.eu staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com js-agent.newrelic.com ingressteam.cloudflareaccess.com www.googletagmanager.com *.google-analytics.com analytics.tiktok.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com tagmanager.google.com googletagmanager.com *.googletagmanager.com www.google.com google.com haq81g6w.micpn.com migroceries.asda.com asda-promotions.co.uk api.bazaarvoice.com *.criteo.net *.d3dh5c7rwzliwm.cloudfront.net *.mpsnare.iesnare.com https://analytics-static.ugc.bazaarvoice.com/prod/static/3/bv-analytics.js; style-src 'self' https: 'unsafe-inline' *.bazaarvoice.com ssl.gstatic.com www.gstatic.com tagmanager.google.com fonts.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=QR.jlzjLXPWQ00nPQLXLhCiFCfRN_o.4NlNgO5Nj_tU-1773716840-1.0.1.1-At5VarP5qNkl5Xpxtt_uweypjp3M_09ikPceiN_0IVDBGurq4UvRoJHsvkUpkz9aiIn7XvFxscfJin9sy2shgkpjKSvtbLQfRuBIR.rWjIO0QvENT6yyd.9IUp9X48gFHWYaAKTt9e2vqxeYHMN_YIHziciy6hDwcfd5bxHDOW.ZcYqsi7BBJn3i932xc0hAz9ls63VlolySGZxNCSHRqA; report-to cf-nssddwoyrbbgflel 1
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk https://*.trustarc.com https://secure.feed5mown.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://dbm.demdex.net https://bamboohr.demdex.net https://*.licdn.com https://*.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://script.googleusercontent.com https://munchkin.marketo.com https://munchkin.marketo.net https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.clarity.ms https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://cdn.pdst.fm https://x.clearbitjs.com https://app.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://activitymap.adobe.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.tiktok.com https://fonts.gstatic.com https://fonts.googleapis.com https://edge.adobedc.net https://adobedc.demdex.net https://stats.g.doubleclick.net https://www.google.com https://analytics.google.com https://*.mktoresp.com https://*.clearbit.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://tracking.contanuity.com https://c.bing.com https://*.hlx.page https://*.hlx.live https://bamboohr--webchat.sandbox.my.site.com https://bamboohr--webchat.sandbox.my.salesforce-scrt.com https://bamboohr.my.site.com https://bamboohr.my.salesforce-scrt.com https://js.driftt.com https://static.cloudflareinsights.com https://script.crazyegg.com https://rc-widget-frame.js.driftt.com https://arttrk.com https://intentstream.contanuity.com https://td.doubleclick.net https://bamboohr.com wss://ws.hotjar.com https://*.hotjar.io https://*.gstatic.com https://*.leandata.com https://195-loz-515.mktoutil.com https://*.bizibly.com https://*.google.com.ua https://www.google.ca https://www.getapp.com https://*.wistia.com https://*.honey.io https://boards.greenhouse.io https://*.ucweb.com https://qvdt3feo.com https://*.srv.stackadapt.com https://ct.capterra.com https://*.youtube.com https://*.googleadservices.com https://hook.us1.make.celonis.com https://bamboohr.formstack.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.qualified.com https://js.qualified.com https://app.qualified.com https://*.6sc.co https://*.zi-scripts.com https://mapixl.com https://*.metadata.io https://tvspix.com https://*.ipify.org https://*.6sense.com https://*.zoominfo.com https://*.cloudinary.com https://*.googlesyndication.com https://*.adsrvr.org https://*.clickagy.com 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; report-to https://app.bamboohr.com/ajax/parse_csp_report.php; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.icrc.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.icrc.org www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net *.youtube.com *.vimeo.com *.vimeocdn.com js.hs-analytics.net *.hs-scripts.com *.hs-banner.com  js.hsleadflows.net *.facebook.net *.bing.com *.getblue.io *.adnxs.com js.usemessages.com js.hsadspixel.net *.googlesyndication.com *.ads-twitter.com *.cloudflare.com *.licdn.com hcaptcha.com https://hcaptcha.com api.mapbox.com unpkg.com *.hubspot.com *.usercentrics.eu *.cmp.usercentrics.eu https://*.usercentrics.eu  *.hotjar.com *.facebook.com; object-src 'self' 'unsafe-inline' 'unsafe-eval'  *.icrc.org *.usercentrics.eu https://*.usercentrics.eu https://hcaptcha.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com api.mapbox.com web.cmp.usercentrics.eu app.usercentrics.eu *.usercentrics.eu https://hcaptcha.com; img-src 'self' data: icrc.org *.icrc.org *.usercentrics.eu hcaptcha.com *.bing.com *.facebook.com *.google.com *.google.ch analytics.twitter.com *.linkedin.com *.doubleclick.net *.hubspot.com ; media-src  icrc.org *.icrc.org *.usercentrics.eu hcaptcha.com; frame-src 'self' icrc.org *.icrc.org *.youtube.com *.vimeo.com *.youku.com *.getblue.io www.googletagmanager.com *.googletagmanager.com *.hcaptcha.com  td.doubleclick.net *.usercentrics.eu hcaptcha.com; frame-ancestors 'self' icrc.org *.icrc.org *.usercentrics.eu hcaptcha.com *.googletagmanager.com; child-src 'self' blob: icrc.org *.icrc.org *.usercentrics.eu hcaptcha.com; font-src 'self' fonts.gstatic.com fonts.gstatic.com *.usercentrics.euhcaptcha.com; connect-src 'self' icrc.org *.icrc.org *.linkedin.com *.hubspot.com *.bing.com api.hubapi.com *.google-analytics.com *.googlesyndication.com *.google.com *.google.ch google-analytics.com bat.bing.net *.adnxs.com *.hcaptcha.com hcaptcha.com *.mapbox.com *.arcgis.com *.visualstudio.com *.usercentrics.eu; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-0V_PS1xdMqSeEN_xh9Ow7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' tanki.su *.tanki.su lesta.ru *.lesta.ru *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.edgevideo.ru https://image.sendsay.ru https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://vk.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' lesta.ru *.lesta.ru tanki.su *.tanki.su https://fonts.googleapis.com ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://privacy-cs.mail.ru https://sendsay.ru https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://lesta.ru wss://tanki.su wss://*.lstprod.net https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' lesta.ru *.lesta.ru *.tanki.su https://fonts.gstatic.com ; media-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru ; frame-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://*.yandex.ru https://webwisor.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://ad3.adfarm1.adition.com https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://aax-eu.amazon-adsystem.com ; frame-ancestors 'self' https://webwisor.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr ; object-src 'self' lesta.ru *.lesta.ru tanki.su *.tanki.su *.edgevideo.ru https://www.youtube.com ; report-uri https://cspreport.lesta.ru/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-bLQnGKpo4zLc1J7G7twCOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pyI7dSbfIg_jdS3Sgto_sg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1inri4p5RM0jdsHgFHTBNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oS2DdSQC5dDu7em9ayLMIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mU2CQRjXgAvPxBYsGx9D4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Jrsf7FWmSCn37dD3Rq8LWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jy39T0WXfJhQRQ2u-4QBIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.fantia.jp; script-src 'unsafe-inline' 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp https://ec-widget.toranoana.jp nav.yumenosora.co.jp *.google-analytics.com www.googletagmanager.com www.googleoptimize.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net vjs.zencdn.net *.twitter.com static.ads-twitter.com *.clarity.ms *.recaptcha.net *.gstatic.com *.fontawesome.com *.chatplus.jp *.amplitude.com https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; font-src 'self' https://*.fantia.jp * data:; style-src 'self' https://*.fantia.jp 'unsafe-inline' * data:; img-src 'self' https://*.fantia.jp * blob: data: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp platform.twitter.com www.googletagmanager.com www.youtube.com player.vimeo.com *.recaptcha.net *.chatplus.jp; connect-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp https://cc.fantia.jp https://c.fantia.jp https://dd.fantia.jp https://d.fantia.jp https://ec-widget.toranoana.jp www.google-analytics.com stats.g.doubleclick.net *.clarity.ms *.fontawesome.com *.agora.io:* *.agoraio.cn *.ap.sd-rtn.com *.statscollector.sd-rtn.com:* *.veritrans.co.jp *.chatplus.jp wss://*.edge.agora.io:* wss://*.edge.agoraio.cn:* wss://*.edge.sd-rtn.com *.amplitude.com https://ogp-cache-system-prod-ij4goxpsha-an.a.run.app/api/v1/ogp/info https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report https://fantia.s3.ap-northeast-1.amazonaws.com; media-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspat.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net securepubads.g.doubleclick.net *.geniee.jp blob: https://*.chatplus.jp; frame-ancestors 'self' https://*.fantia.jp *.toranoana.jp toranoana.jp *.yumenosora.co.jp yumenosora.co.jp *.toranoana.co.jp toranoana.co.jp; form-action 'self' https://*.fantia.jp; report-to report-server; report-uri https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-KnCPC7LgHsuJFGlYHh3-RQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iNfOvanbpQVnozE1VokFAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-23uU-7BDivkvzYyBy3z42g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.bg *.betano.bg betano.com *.betano.com betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com creativecdn.com *.creativecdn.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com bing.com *.bing.com stoiximan.gr *.stoiximan.gr cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery google-analytics.com *.google-analytics.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=qKb0Vzif9BuxNJwplLnCCfLnoUlrZ8ZILMWXyIj9FYk-1773709465-1.0.1.1-W2JsALMRt6P5JfilCmUEmUYMRcIAIlrlsJnKZDP9OeFBqxtm3nIRSXDe.Uqg6thKt4X2CGw6KEe_a0hogSDAjkQ34Zc8XTwPKW_as5I6Yv8bgow0Z9Tw_piImhQl0pCDgx6iQ_8DjI0jJqTjgPVMub0idtwfSVcZsPdOeBO0InPdwG85._uCfbYpwZ.E2wVT; report-to cf-pszblvtxsliwdhei 1
object-src 'none';base-uri 'self';script-src 'nonce-Zxp_BdIvZHiwMcGeSYgalQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* *.homedepot.com.mx;         frame-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* *.creativecdn.com *.youtube.com *.doubleclick.net *.googletagmanager.com *.bazaarvoice.com *.roomvo.com *.criteo.com ct.pinterest.com *.creativecdn.com *.criteo.net *.demdex.net;         default-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* blob:;         child-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* blob: *.homedepot.com.mx *.youtube.com;         script-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com assets.adobedtm.com *.adobedc.net cm.everesttech.net *.demdex.net *.hotjar.com *.hotjar.io *.criteo.com *.criteo.net *.bing.com *.revjet.com *.accenture.com *.accenture.vntana.com *.bazaarvoice.com unpkg.com *.roomvo.com *.adobe.com *.cybersource.com *.paypal.com *.openpay.mx *.liveperson.net btttag.com *.btttag.com *.scarabresearch.com *.googleapis.com *.google.com *.creativecdn.com *.facebook.net analytics.tiktok.com s.pinimg.com tag.rmp.rakuten.com static.ads-twitter.com *.sprinklr.com svht.afftrk1.com *.doubleclick.net ct.pinterest.com *.homedepot.com.mx *.go-mpulse.net;         connect-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* wss://prod2-live-chat-tier2-mqtt.sprinklr.com *.hotjar.io *.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.scarabresearch.com cm.everesttech.net *.demdex.net api.digitalfemsa.io h.online-metrix.net *.liveperson.net *.openpay.mx *.creativecdn.com ct.pinterest.com *.sprinklr.com webchannel-content.eservice.emarsys.net *.btttag.com ct.pinterest.com *.bing.com *.homedepot.com.mx *.akamaihd.net *.akstat.io *.go-mpulse.net *.tiktok.com *.tiktokw.us *.bazaarvoice.com;         style-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* 'unsafe-inline' data: *.googleapis.com *.homedepot.com.mx;         font-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* data: *.gstatic.com *.google.com *.google.ca *.sprinklr.com *.homedepot.com.mx *.bazaarvoice.com;         img-src 'self' prd.hdmx.now.hclsoftware.cloud:* *.prd.hdmx.now.hclsoftware.cloud:* data: blob: ct.pinterest.com *.bing.com analytics.tiktok.com s.pinimg.com static.ads-twitter.com *.doubleclick.net *.googleadservices.com *.facebook.com *.facebook.net *.twitter.com x.bidswitch.net *.adnxs.com r.casalemedia.com ad.360yield.com i.liadm.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com *.pubmatic.com trends.revcontent.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv criteo-partners.tremorhub.com ade.clmbtech.com eb2.3lift.com *.1rx.io ads.stickyadstv.com partner.mediawallahscript.com user-sync.fwmrm.net *.creativecdn.com *.agkn.com *.unrulymedia.com *.adsrvr.org *.rezync.com *.dmxleo.com quickchart.io *.sprinklr.com placehold.co *.scarabresearch.com www.google.com.mx *.google.com *.google.ca assets.adobedtm.com tag.rmp.rakuten.com svht.afftrk1.com webchannel-content.eservice.emarsys.net www.gstatic.com *.accenture.com *.bazaarvoice.com unpkg.com s3.amazonaws.com *.tiktokw.us akamaihd.net akstat.io go-mpulse.net online-metrix.net rtbhouse.com *.publitas.com *.surveymonkey.com *.adobe.com *.cybersource.com *.paypal.com api.digitalfemsa.io *.openpay.mx h.online-metrix.net cs.media.net p.rfihub.com pubmatic.com *.zemanta.com *.stackadapt.com sync.crwdcntrl.net *.liveperson.net *.lpsnmedia.net t.co *.criteo.com *.rlcdn.com *.demdex.net *.youtube.com *.homedepot.com.mx *.hclsoftware.cloud *.liftdsp.com *.criteo.net *.rkdms.com *.outbrain.com *.everesttech.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-V24Hwo0fxeRmaEwT9WkeQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cV4evlwA0lgmdaieQhTmog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-u06wzMKSV1pdxc4e0fdGQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KpoUf0UYjq5VwDpiQ5YGgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PThRw-kFaW_oqdxLwWT13A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9xr0DLdaBdrgI470dQUYBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-54vAYCTdH0m9p8pTb1Yi5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EwBY7-22lvLJ6Ms-ruClKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-346a5jFeACq4hysX0KyvUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-X5lxcTdwqUni63bC2m8EFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GNg3bNq77BQBKnED7ugRtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MfsG-5PET6NUpEr_l6InVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rGfJb3BIdHfeAJ56PDIVgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: https://www.uptodate.com https://www.uptodate.cn; child-src https: data: blob: edge: brave: puffin:; img-src data: https: blob: https://www.uptodate.com https://www.uptodate.cn https://*.d.aa.online-metrix.net https://cdn.cookielaw.org https://app.pendo.uptodate.com https://cdn.wolterskluwer.io; font-src https: data: https://www.uptodate.com https://www.uptodate.cn; worker-src blob: brave: edge: puffin: https://www.uptodate.com https://www.uptodate.cn; media-src data: https: https://www.uptodate.com https://www.uptodate.cn; connect-src data: https: wss: https://www.uptodate.com https://www.uptodate.cn https://geolocation.onetrust.com https://cdn.cookielaw.org https://app.pendo.uptodate.com https://privacyportal-de.onetrust.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.uptodate.com https://www.uptodate.cn https://cdn.cookielaw.org https://cdn.pendo.uptodate.com https://www.googletagmanager.com https://tmx.uptodate.com https://rollouts.cdn.uptodate.com https://www.google-analytics.com https://code.jquery.com; style-src 'unsafe-inline' https: https://www.uptodate.com https://www.uptodate.cn https://cdn.pendo.uptodate.com; frame-src https: https://www.uptodate.com https://www.uptodate.cn baiduboxapp: ms-appx-web:; report-uri /services/app/content-security-policy-report/report/json;frame-ancestors *; 1
object-src 'none';base-uri 'self';script-src 'nonce-rx9x86mM-wA3MB3NOH_84w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7gcZotyw87_-D94KQ_B5ag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yziQqvOeLv3e4thKXYAzgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FYb91X0VhkaM9ivpaXqATA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src *.bundesregierung.de analytics.bundesregierung.de https://hls-hd.myrasec.de *.stage.bio ; style-src *.bundesregierung.de 'unsafe-inline' ; script-src *.bundesregierung.de ; script-src-elem *.bundesregierung.de 'nonce-ym6bT+9b+4ptLIlOeLsSwsMdSWkvR4WveouiBXAXfnfpnk6PKoB/BdVtUorlb9yDoldjkSNvpk6Qm8wh6dEUfHxAYRf2+5wxkfldmdn4rpLquSry2MwDj1vqEmsobhmG4hzgSvn/R4r+J8FQlSLWo0NEZ2NCJqb1g2tKMWOWanI=' *.stage.bio ; frame-src *.bundesregierung.de ; media-src *.bundesregierung.de http://video.bundesregierung.de https://zdf-hls-18.akamaized.net *.stage.bio ; frame-ancestors *.bundesregierung.de ; img-src *.bundesregierung.de *.bundeskanzler.de https://*.tile.openstreetmap.de data: *.stage.bio ; default-src *.bundesregierung.de ; font-src *.bundesregierung.de ; report-uri https://www.bundesregierung.de/service/csp-report ; 1
object-src 'none';base-uri 'self';script-src 'nonce-m7OgjiKtpGrSHwue54qCBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OVhm14m7sKnwrc55a02u0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Pglt2kVpSrklZ9iR2X7f0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors https://*.workable.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcbe8d2ef0966e8645a91099cfac490bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=%40http.headers.cfray%3A9dd84b901ee8f3db 1
object-src 'none';base-uri 'self';script-src 'nonce-23Ni9zqsD6heJE1_HOwORQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RdlAJ1HMKz7Qh2DhU8ZoxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xDSlexz1DyL8uKW0uVRmJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oMI41FlT2K19yMTw6w8E0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xFsFa6P69k_yUQlfIK7Gyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.dedeman.ro data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com maps.google.com *.recaptcha.net *.dedeman.ro applepay.cdn-apple.com *.gigya.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.dedeman.ro maps.gstatic.com *.googletagmanager.com server.arcgisonline.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org applepay.cdn-apple.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.gigya.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.nr-ext.net *.nr-assets.net *.dedeman.ro *.googleapis.com *.google-analytics.com *.recaptcha.net *.facebook.com applepay.cdn-apple.com pay.google.com *.clarity.ms *.plugins.emarsys.net *.scarabresearch.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.gigya.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.dedeman.ro downloads.mailchimp.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.dedeman.ro 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.dedeman.ro maps.googleapis.com cdns.eu1.gigya.com apple-pay-gateway.apple.com apple-pay-gateway-cert.apple.com apple.com *.clarity.ms *.scarabresearch.com *.eservice.emarsys.net form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.gigya.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3bfNtn5ypOjTjbJTh8ljKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fCJ-WXkPPtVxuL0tz5QHrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Eif1i5kFXbpsPHOPTRfQoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-V05iRY4RKK5bKqCvtW-ENA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LGpUsgXfOhqSJMk4ADxvuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com creativecdn.com *.creativecdn.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com bing.com *.bing.com stoiximan.gr *.stoiximan.gr cloudflareinsights.com *.cloudflareinsights.com betano.bet.ar *.betano.bet.ar geocomply.com *.geocomply.com kameleoon.io *.kameleoon.io ads-twitter.com *.ads-twitter.com app.delivery *.app.delivery google-analytics.com *.google-analytics.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=sYMYkPqsG.TuvbwAHrVEX9pUkhL_Bu0qpWy6B.M2Gm0-1773713186-1.0.1.1-UOsaGKHPA90qQT_zJu3OnTEGU0McR6WLYuHmKs_1dlnghGU45rIy6uZCQXdT0fFInepPVfLI2yNMWTfTNfUNcR85TYB1H3abzLlOi5JgMUhcA5lMNuMvgKIyJCaop7Uli06rFkn7iQcakpm2YRJRi3xZktGLhigARKfun1xjYX28AG7vdjs.WjhCKCsSXXicibtbuTX996cQvcikF.adpw; report-to cf-wxajfyobimkszlac 1
object-src 'none';base-uri 'self';script-src 'nonce-gQrtAuy1AVsK79sPHqzGTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S5ZvD_a6XwSwqLoBCXEp-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lPSST2qivULJVyIif4YuWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Oh4z8ryk8QgKA8AC6OOaWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S2qnrhOQLFNDHQbBmKBRvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://client-registry.mutinycdn.com https://js.qualified.com/ https://unpkg.com/ https://analytics.ahrefs.com https://fast.wistia.com https://connect.facebook.net https://browser.sentry-cdn.com;style-src 'self' 'unsafe-inline'; img-src 'self' https://logicmonitor.com https://www.logicmonitor.com https://d21y75miwcfqoq.cloudfront.net https://fast.wistia.com https://embed-ssl.wistia.com; media-src 'self' blob:; font-src 'self' data: https://fast.wistia.com; object-src 'none'; base-uri 'self'; form-action 'none'; frame-ancestors 'self' https://*.logicmonitor.com; frame-src 'self' https://logicmonitor.com https://www.logicmonitor.com ; connect-src 'self' https://app.qualified.com wss://ws2.qualified.com https://fast.wistia.com https://pipedream.wistia.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io;upgrade-insecure-requests; report-uri /wp-json/lm/v1/csp-report; report-to csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-dHXNEhylS6JOydPh4Ut5Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-saDg1fpj91Uog3cm2q3-qA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Jgc5h2M42D-_shahrrG1Mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6tpjs3Y5D1Kmkr2m0Z1UVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ijW5gWaoN_RcF2-atS9qRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betano.pe *.betano.pe betgenius.com *.betgenius.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com sportradarserving.com *.sportradarserving.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery cloudflare.com *.cloudflare.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GpasYOv.zQwue53AJe4CdRMnJpiad_JFvsSYu_ps4vA-1773714279-1.0.1.1-6x1PGHkINedb.fI.Ix0vCd8_9bM.1mdaTF3buCkvb3f7L_ZVRN8rrpegDQUmnz0V6qg9bPIfR.dHzh1VU6lFZOEUNcbnhV9QG0XS35fwGjoxbEKqKXjd6WkjRhiRo343xa488vjBP5tOoKdm3RuAIpHfSyiuYQ767TUf2E8FJmN.jPw_y8FLYEAByfUA0w4WVlRRIt5hfnHpEE2xBmX4Mw; report-to cf-ununqlptpprdqisv 1
object-src 'none';base-uri 'self';script-src 'nonce-oxMIDv8aFdI_DURnn-Y8hQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pJiSwjUk27FdwkkGcVdBXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ogXCKbRgGAaBKSQpz9xAVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BvRXUnd9U0BbLhYXgOozjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zUw1sOtzo2b7w8c1Md_gkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src bam.nr-data.net cdn.growthbook.io cdn-ukwest.onetrust.com geolocation.onetrust.com pagead2.googlesyndication.com privacyportal-uk.onetrust.com prod.global-fragments-server.green.which.co.uk tpc.googlesyndication.com *.safeframe.googlesyndication.com www.googletagmanager.com ep2.adtrafficquality.google which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk;script-src a.quora.com ajax.googleapis.com bat.bing.com c.amazon-adsystem.com cdn-magiclinks.trackonomics.net cdn-ukwest.onetrust.com cdn.amplitude.com cdn.jsdelivr.net connect.facebook.net ct.pinterest.com cdn.growthbook.io googleads.g.doubleclick.net manifest.prod.boltdns.net maps.googleapis.com pagead2.googlesyndication.com platform.twitter.com player.captivate.fm players.brightcove.net prod.global-fragments-server.green.which.co.uk public.flourish.studio pym.nprapps.org region1.google-analytics.com s.pinimg.com siteintercept.qualtrics.com static-ssl.responsetap.com static.ads-twitter.com static.digidip.net t.contentsquare.net tpc.googlesyndication.com track.omguk.com which.resultspage.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yksbw1yr.micpn.com zeta-live.getsquirrel.co znbiyguoobqgm5gwu-which.siteintercept.qualtrics.com which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk 'nonce-2047eae82f20974e779f8934c1d17530bf145b5c0e8a926eb984a0ce8034137b';style-src aaf1a18515da0e792f78-c27fdabe952dfc357fe25ebf5c8897ee.ssl.cf5.rackcdn.com cdn.jsdelivr.net flo.uri.sh fonts.googleapis.com pagead2.googlesyndication.com player.captivate.fm public.flourish.studio service.force.com zeta-live.getsquirrel.co which.resultspage.com which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk;font-src fonts-which-co-uk.s3.amazonaws.com player.captivate.fm public.flourish.studio 'unsafe-inline' 'self' https://*.which.co.uk;img-src abs-0.twimg.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com alb.reddit.com analytics.twitter.com artwork.captivate.fm bat.bing.com c.contentsquare.net cdn-ukwest.onetrust.com cf-images.eu-west-1.prod.boltdns.net ct.pinterest.com googleads.g.doubleclick.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com maps.gstatic.com media.which.gpp.io metrics.brightcove.com pagead2.googlesyndication.com pbs.twimg.com q.quora.com s3-eu-west-1.amazonaws.com securepubads.g.doubleclick.net siteintercept.qualtrics.com storage.googleapis.com syndication.twitter.com t.co tpc.googlesyndication.com tracking.audio.thisisdax.com trx-hub.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com yksbw1yr.micpn.com ep1.adtrafficquality.google 'unsafe-inline' 'self' https://*.which.co.uk;connect-src region1.google-analytics.com which-group.my.salesforce-scrt.com cdn.growthbook.io cdn-ukwest.onetrust.com geolocation.onetrust.com pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google 'unsafe-inline' 'self' https://*.which.co.uk;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce--9cx0ZBVVUsxUDZyXAlCKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oI3aVJ5P-n6AHn371GUidQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net self data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://store.plumrocket.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com self *.doubleclick.net *.criteo.com *.easydmp.net *.snapchat.com https://store.plumrocket.com https://accounts.google.com checkoutshopper-test.adyen.com pal-test.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com self *.bing.com *.paypal.com *.google.fr *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.cookielaw.org *.snapchat.com checkoutshopper-test.adyen.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com self sc-static.net *.abtasty.com *.jsdelivr.net *.gstatic.com *.facebook.net *.tiktok.com *.googleapis.com *.easydmp.net *.vzbl.eu *.aticdn.net *.m1by1.com *.woosmap.com *.doubleclick.net *.cookielaw.org *.snapchat.com *.valiuz.com *.mediarithmics.com *.prediggo.services https://accounts.google.com checkoutshopper-test.adyen.com 'self' 'unsafe-eval' 'nonce-enN4eHBub3dzemtwZzVwYzAwbGl3c2RyN3NmOWJyeno=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com self *.gstatic.com *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.snapchat.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com self *.snapchat.com *.cookielaw.org *.abtasty.com *.googleapis.com *.vzbl.eu *.criteo.com *.easydmp.net *.xiti.com *.valiuz.com *.doubleclick.net *.mediarithmics.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.bing.com *.criteo.net *.snapchat.com *.netvigie.com *.xiti.com *.valiuz.com *.googletagmanager.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4Qm14pGjkADVwulgqtuDkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BgiuL_YP-Lv4zq-u3RmEjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
object-src 'none';base-uri 'self';script-src 'nonce-RJrF4TO5xuKBgEgCfffbIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-l9Lp3XcntDsFhDPHU2kpNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-W7xzBDyMlzZoiJYAzM7aGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GoNOZOgCvK4o0Bgd-4oYtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-__Z7R7uk8-wI03CJCNb0yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-v4ksNWRuCEDYx78axENKJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KxxRf4lzpLyMIpRjBWBttA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' 'nonce-3b5dd041c6c633575ae98d0229661d23' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-1WSAvGNkvJK3a-V1JAtNVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UbXmFl5DdG-pusy4Gg8HIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eEwdjfql6T1R3MmZQ9cGhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Pdn6tKyHG5BVSM2URUkYTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QecGMdqml20Meh1IqaUtmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-scNl0CWU-02aEo7H55OjIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1
object-src 'none';base-uri 'self';script-src 'nonce-ic-BJtqXprkEysfpDjlYQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eEgd4k5J0SzMRN61q9cEFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qJYnmw6wm7BM-ZOaCfGW1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' https://*.clarity.ms/collect https://*.google-analytics.com/g/collect https://*.launchdarkly.com https://ad.doubleclick.net https://amplify.outbrain.com https://analytics.google.com https://analytics.tiktok.com https://api.segment.io https://aplo-evnt.com https://bat.bing.com https://bat.bing.net https://browser-intake-datadoghq.eu https://cdn.segment.com https://content.hotjar.io https://conversions-config.reddit.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://graphql.contentful.com https://id.sage.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pagesense-collect.zoho.in https://pixel-config.reddit.com https://pixel.quantserve.com https://pixels.spotify.com https://postcodes.io https://privacyportal.cookiepro.com https://px.ads.linkedin.com https://rum-http-intake.logs.datadoghq.eu https://stats.g.doubleclick.net https://tide.api.kustomerapp.com https://tr.outbrain.com https://widget.trustpilot.com https://www.cloudflare.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.redditstatic.com https://z.clarity.ms; default-src 'none'; font-src 'self' https://cdn.kustomerapp.com https://fonts.gstatic.com https://web-assets.tide.co; frame-ancestors 'self' https://uniclient-demo.web.app; frame-src 'self' https://14663405.fls.doubleclick.net https://forms.zohopublic.in https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://ade.googlesyndication.com https://bat.bing.net https://c.clarity.ms https://cdn.prod2.kustomerhostedcontent.com https://downloads.ctfassets.net https://heapanalytics.com https://images.ctfassets.net https://impressions.onelink.me https://px.ads.linkedin.com/collect https://q.quora.com https://web-assets.tide.co https://www.facebook.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://videos.ctfassets.net; object-src 'none'; report-to csp-reporting-endpoint; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubd4258020965cc5258eee35ac618e9586&dd-evp-origin=content-security-policy&ddsource=csp-report; script-src 'self' 'unsafe-inline' https://a.quora.com https://amplify.outbrain.com https://analytics.tiktok.com/ https://assets.apollo.io/ https://bat.bing.com https://cdn-in.pagesense.io https://cdn.datatables.net https://cdn.heapanalytics.com https://cdn.jsdelivr.net https://cdn.kustomerapp.com https://cdn.segment.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://code.jquery.com https://connect.facebook.net/ https://cookie-cdn.cookiepro.com/ https://d34r8q7sht0t9k.cloudfront.net https://d38xvr37kwwhcm.cloudfront.net https://geotargetly-api-2.com https://googleads.g.doubleclick.net https://googleusercontent.com https://js.stripe.com https://kit.fontawesome.com https://payments.tide.co https://pixel.byspotify.com/ https://rules.quantcount.com https://script.hotjar.com https://scripts.clarity.ms https://scripts.clarity.ms/ https://secure.quantserve.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.ads-twitter.com https://static.hotjar.com https://tr.outbrain.com https://wave.outbrain.com https://web-assets.tide.co/ https://widget.trustpilot.com/ https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.gstatic.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs https://fonts.googleapis.com/css https://stackpath.bootstrapcdn.com https://use.typekit.net; worker-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-YXdKlKcQfLhzhiV6GbEvRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rVS_Jl7fpfE0-iWkKHNcoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://tally.so https://player.vimeo.com https://muse.ai https://embeds.iubenda.com https://cdn.iubenda.com https://www.googletagmanager.com https://platform.twitter.com https://va.vercel-scripts.com https://connect.facebook.net https://snap.licdn.com https://d34r8q7sht0t9k.cloudfront.net https://www.gstatic.com http://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: https://api.dub.co https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://pbs.twimg.com https://abs.twimg.com https://www.facebook.com https://px.ads.linkedin.com https://verifi.podscribe.com https://verifi.pdscrb.com https://*.iubenda.com https://*.muse.ai; font-src 'self' data: https://*.iubenda.com; connect-src 'self' https: https://amp.granola.ai https://plausible.io https://api.dub.co https://vitals.vercel-insights.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://o4506028222513152.ingest.us.sentry.io https://app.appsflyer.com https://engagements.appsflyer.com https://www.facebook.com https://px.ads.linkedin.com https://verifi.podscribe.com https://verifi.pdscrb.com https://pixel.tapad.com https://ipv4.podscribe.com https://ipv4.pdscrb.com https://*.iubenda.com https://muse.ai https://*.muse.ai; frame-src 'self' https://tally.so https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://muse.ai https://platform.twitter.com https://*.iubenda.com https://*.sanity.io; media-src 'self' blob: https://granola-marketing-assets.s3.us-east-1.amazonaws.com https://video.twimg.com https://*.muse.ai; worker-src 'self' blob:; manifest-src 'self'; form-action 'self'; upgrade-insecure-requests; report-uri https://o4506028222513152.ingest.us.sentry.io/api/4510606199488512/security/?sentry_key=52cfb921b4c29a142972c19448181de3; report-to sentry-csp-reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-sDl0asPoosK4yVivZgDcEg=='; report-uri https://send.hsbrowserreports.com/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-r9960PvHuFYHWWyTq1qsgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; require-trusted-types-for 'script'; object-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; 1
default-src 'self' *.iheartmedia.com data: blob: https:; img-src 'self' data: https:; font-src https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' data: https:; child-src https:; media-src https:; object-src 'none'; connect-src 'self' wss: https:; report-uri https://csp.qw.iheartmedia.com/api/report 1
report-uri https://mon-ttp.lemon8-app.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=a2ER8eALdqWH8mbn5n3bkT&v=4&s=587&b=oab; report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com connect.facebook.net ct.pinterest.com; worker-src 'self' 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.lightning.force.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://www.facebook.com https://druni.my.salesforce-sites.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://store.plumrocket.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-src http://fast.amc.demdex.net https://www.youtube.com https://www.facebook.com https://app3.salesmanago.pl https://10138016.fls.doubleclick.net https://insight.adsrvr.org https://td.doubleclick.net https://druni.my.salesforce-sites.com https://www.googletagmanager.com https://pay.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com https://store.plumrocket.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com *.salesforce-sites.com *.lightning.force.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; connect-src https://dpm.demdex.net http://dpm.demdex.net https://www.paypal.com https://eu1-search.doofinder.com https://shops-si.trustedshops.com https://api.trustedshops.com https://trustbadge.api.etrusted.com https://storytech.io https://analytics.tiktok.com https://region1.analytics.google.com https://vc-service.saleago.com https://api.swogo.net https://content.syndigo.com https://tracking.swogo.net https://www.google.com https://bat.bing.com https://druni.my.salesforce-sites.com https://pay.google.com https://cdn.equalweb.com https://analytics-ipv6.tiktokw.us https://www.googletagmanager.com https://vc-service.salesmanago.pl https://app3.salesmanago.es https://www.facebook.com https://war.salesmanago.com https://capig.stape.org www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://js.checkout.com *.klarnaevt.com *.doofinder.com wss://*.doofinder.com instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://maps.googleapis.com https://player.vimeo.com *.salesforce-sites.com *.lightning.force.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; img-src data: http://cm.everesttech.net http://amcglobal.sc.omtrdc.net https://asistentecosmeticatest1.herokuapp.com https://ad.doubleclick.net https://p1.zemanta.com https://www.storytech.io https://cdnstory.com https://insight.adsrvr.org https://www.druni.es https://event.syndigo.cloud https://ui.swogo.net https://googleads.g.doubleclick.net https://tau.collect.igodigital.com https://www.googletagmanager.com https://analytics.tiktok.com https://app3.salesmanago.es https://c.clarity.ms https://connect.facebook.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://images.unsplash.com *.salesforce-sites.com *.lightning.force.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com 'self' data: data: 'self' 'unsafe-inline'; font-src http://widgets.trustedshops.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://asistentecosmeticatest1.herokuapp.com https://cdn.checkout.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com *.salesforce-sites.com *.lightning.force.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; style-src http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://asistentecosmeticatest1.herokuapp.com https://storytech.io https://druni.my.salesforce-sites.com https://access.equalweb.com https://cdn.checkout.com *.doofinder.com instantcredit.net test.instantcredit.net maxcdn.bootstrapcdn.com *.salesforce-sites.com *.lightning.force.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src http://widgets.trustedshops.com http://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://www.dwin1.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://asistentecosmeticatest1.herokuapp.com https://cdnjs.cloudflare.com/ https://ui.swogo.net https://analytics.tiktok.com https://storytech.io https://bucket.cdnwebcloud.com https://js.adsrvr.org https://js-tag.zemanta.com https://content.syndigo.com https://ct.pinterest.com https://fonts.googleapis.com https://druni.my.salesforce-sites.com https://536005834.collect.igodigital.com https://cdn.equalweb.com https://access.equalweb.com https://app3.salesmanago.es www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.checkout.com *.klarnacdn.net cdn.doofinder.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com https://maps.googleapis.com *.salesforce-sites.com *.lightning.force.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-2c9140d0-ade9-4144-b6fc-90c36086adcf' https: data: https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://siteintercept.qualtrics.com https://browser.sentry-cdn.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://cdn.jsdelivr.net https://more.suse.com; img-src 'self' https: data: https://fast.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://fast.wistia.net https://fast.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com; connect-src 'self' https: wss: https://cdn.cookielaw.org https://distillery.wistia.com https://siteintercept.qualtrics.com https://dc.services.visualstudio.com https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com wss://ws.qualified.com https://embed-ssl.wistia.com https://apple.dxcloud.episerver.net https://cdn.jsdelivr.net https://js.monitor.azure.com wss://ws.qualified.com; font-src 'self' https: data: https://fonts.gstatic.com https://fast.wistia.net; object-src 'none' ; media-src 'self' https: blob: ; frame-src 'self' https: ; form-action 'self' https://suselinux.fra1.qualtrics.com; frame-ancestors 'self' ; base-uri 'none' ;  report-uri https://www.suse.com/api/reporting/;  report-to csp-endpoint; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: chrome: https:; worker-src 'self' data: blob:; child-src 'self' blob:; frame-src 'self' *.consumeraffairs.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.com *.youtube.com *.px-cloud.net i.liadm.com; connect-src 'self' *.consumeraffairs.com wss://ws.hotjar.com https://ws.hotjar.com *.px-cloud.net api.segment.io https:; report-uri https://stderr.consumeraffairs.com/api/40/security/?sentry_key=7cf6b3564e4343f68a310b937a3d823e&sentry_environment=production&sentry_release=ms-2025.12.23.00; 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://vercel.com https://vercel.live/; style-src 'self' 'unsafe-inline'; img-src * data: blob:; connect-src * data: blob:; worker-src 'self' blob:; frame-src 'self' *; report-to https://uniswaplabs.report-uri.com/r/t/csp/reportOnly; form-action none; 1
base-uri 'self'; media-src 'none'; object-src 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' blob: https://wcpstatic.microsoft.com https://shell.cdn.office.net https://res.cdn.office.net https://r4.res.office365.com https://amcdn.msftauth.net https://js.monitor.azure.com https://vsa.services.microsoft.com https://api.flow.microsoft.com https://content.powerapps.com 'sha256-CnzmUY9XDWPjkAgzDPEHLlm4gygKztleRupzQDsr608=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-+2jm5SNRB4WubmMQDChnXjseeCIhj34lMFWKhVn1qBE=' 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk=' 'sha256-iq1l+aw9c9BMb1h/fCSlTPg0OPfrxztpuMGs3PmaA3w=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-rCHJEDwmyc6v1Nr14rsmjQ/o3ICdWGn0OWnDnUOswBE=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; form-action 'self'; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal; 1
frame-ancestors 'self' http://localhost:4002; 1
default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-1674b8ecb2883c53205d720351756416-argus' 'strict-dynamic'; 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com jsv3.recruitics.com accounts.google.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-ea1d0a5e63e9fe7d7d81f24c4d7d7de5' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net securepubads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org assets.calendly.com jsv3.recruitics.com accounts.google.com 'nonce-35a5ebd4e4601965f0cd62de33c7acd3' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org match.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net https://calendly.com securepubads.g.doubleclick.net *.googlesyndication.com ep2.adtrafficquality.google tagging.care.com accounts.google.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-35a5ebd4e4601965f0cd62de33c7acd3';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%402.206.0&sentry_environment=prod 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' https://*.anwb.nl https://anwb1.cdn-expoints.nl https://*.optimizely.com https://anwb.sb.blueconic.net https://opendata.rdw.nl https://api.kvk.nl https://*.sentry.io https://www.google.com https://bat.bing.com https://bat.bing.net https://*.aseasky.link https://*.speedcurve.com https://ingesteer.services-prod.nsvcs.net https://*.creativecdn.com https://*.contentsquare.net https://*.tomtom.com https://www.facebook.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.hotjar.io https://api.faslet.net https://*.google-analytics.com https://*.azure.com https://*.amazonaws.com https://www.awinblackfriday.com https://secure-static.prettigparkeren.nl https://www.googletagmanager.com https://the.sciencebehindecommerce.com https://*.doubleclick.net https://*.g.doubleclick.net https://accdn.lpsnmedia.net https://www.wepowerconnections.com https://www.youtube.com wss://api.anwb.nl data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://anwb1.cdn-expoints.nl; img-src 'self' https://*.anwb.nl https://*.google.com https://adservice.google.com https://www.facebook.com https://bat.bing.com https://lux.speedcurve.com https://*.aseasky.link https://*.contentsquare.net https://assets.fox.nl https://*.primsic.io https://*.cdn.primsic.io https://cdn.autotrack.nl https://*.amazonaws.com https://cdn.imagin.studio https://*.doubleclick.net https://*.g.doubleclick.net https://*.openstreetmap.org https://www.google.de https://www.google.nl https://www.google.it https://www.google.at https://www.google.be https://www.google.es https://www.google.pt https://www.google.co.tz https://www.google.co.il https://www.google.co.th https://www.google.co.uk https://www.google.sr https://www.google.com.vn https://cdn.getyourguide.com https://dsum-sec.casalemedia.com https://*.cloudfront.net https://*.3lift.com https://fast.nexx360.io https://match.sharethrough.com https://*.google-analytics.com https://ssc-cms.33across.com https://csync.loopme.me https://sync.taboola.com https://sync.teads.tv https://ib.adnxs.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://sync.addlv.smt.docomo.ne.jp https://sync.go.sonobi.com https://q-xx.bstatic.com https://cdn.psholland.nl https://rt.udmserve.net https://images.prismic.io https://lantern.roeye.com https://content.solera.nl https://pixel.rubiconproject.com https://connect.facebook.net https://www.awin1.com https://ih.adscale.de https://ib.adnxs.com https://sync.outbrain.com data:; font-src 'self' data: https://*.anwb.nl https://anwb1.cdn-expoints.nl https://fonts.gstatic.com https://fonts.googleapis.comz https://cdn.scite.ai; media-src 'self'; frame-src 'self' https://*.anwb.nl https://app.netlify.com https://www.googletagmanager.com https://*.liveperson.net https://www.facebook.com https://www.awin1.com https://anwb1.cdn-expoints.nl https://app.aiden.cx https://dynamic.mc-cdn.io https://www.youtube.com https://www.youtube-nocookie.com https://datawrapper.dwcdn.net; object-src 'none'; worker-src blob:; child-src blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.anwb.nl https://www.googletagmanager.com https://www.google-analytics.com https://cdn.optimizely.com https://cdn.speedcurve.com https://anwb.sb.blueconic.net https://*.aseasky.link https://connect.facebook.net https://bat.bing.com https://anwb1.cdn-expoints.nl https://*.creativecdn.com https://*.hotjar.com https://www.dwin1.com https://*.contentsquare.net https://api.liveperson.net https://lantern.roeyecdn.com https://widget.prod.faslest.com https://gateway.tweakwisenavigator.net https://the.sciencebehindecommerce.com https://app.aiden.cx blob:; style-src-elem 'self' 'unsafe-inline' https://anwb1.cdn-expoints.nl https://*.anwb.nl https://*.static.anwb.nl https://fonts.googleapis.com; frame-ancestors https://*.anwb.nl; report-uri https://o4507644678569984.ingest.de.sentry.io/api/4507979702861905/security/?sentry_key=bd05bb53f3064b3b048d86ec9f379283 1
default-src 'none' ;script-src 'unsafe-eval' 'unsafe-inline' *.starbucks.co.jp *.google.com *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net cdn.optimizely.com/js/ *.facebook.net b92.yahoo.co.jp *.twitter.com d.adlpo.com *.treasuredata.com hm.mieru-ca.com d2fzkgg97cd93o.cloudfront.net platform.sumally.com p.jwpcdn.com jwpsrv.com apis.google.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp rum.optimizely.com s.yimg.jp b97.yahoo.co.jp ci-mpsnare.iovation.com dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net ajax.googleapis.com auth1.freespot.com collect.ptengine.jp d-cache.microad.jp js.ptengine.jp js.fout.jp cdnjs.cloudflare.com in.treasuredata.com ssl.p.jwpcdn.com ;style-src 'unsafe-inline' *.starbucks.co.jp fonts.googleapis.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp ;img-src data: *.starbucks.co.jp *.google.com *.google.co.jp *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net *.twitter.com d2fzkgg97cd93o.cloudfront.net sumally.com jwpltx.com b97.yahoo.co.jp dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net collect.ptengine.jp d-track.send.microad.jp target.fout.jp huaban.com map.chizumaru.com s3-ap-northeast-1.amazonaws.com www.google.co.id www.google.co.kr www.google.com.hk www.google.com.sg www.google.com.tw www.google.de www.gstatic.com ;font-src *.starbucks.co.jp fonts.gstatic.com ;media-src d2fzkgg97cd93o.cloudfront.net ;object-src *.starbucks.co.jp ;frame-src *.google.com *.g.doubleclick.net *.facebook.com *.twitter.com sumally.com www.youtube.com js.fout.jp dsp.fout.jp ;connect-src *.starbucks.co.jp *.g.doubleclick.net dwjw4x8nnai5d.cloudfront.net rum.optimizely.com uc.gre d11abxzrrvbz6o.cloudfront.net track.uc.cn ws://ntjp.mieru-ca.com ;report-uri https://sbjcsp2.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; connect-src https:; font-src 'self' data: cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; frame-src 'self' cms.zdv.uni-mainz.de video.uni-mainz.de; img-src blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; style-src 'self' 'unsafe-inline' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; worker-src 'self' blob:; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.es *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.es *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.es *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv73%3B(ri410-19cf97663a9-0x2606#pd 1
base-uri 'self'; child-src 'self'; connect-src 'self' sicoob.com.br *.sicoob.com.br google.com *.google.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com clarity.ms *.clarity.ms; default-src 'self' sicoob.com.br *.sicoob.com.br; font-src 'self'; frame-src 'self'; media-src 'self'; script-src 'self' sicoob.com.br *.sicoob.com.br google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com google.com *.google.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=l0cKM0LvrOFYn4CYc_lIfpkE6I8EzraPH6CBWp5iQ1U-1773712130-1.0.1.1-y9eN2KhWCpa44HRspmGaC3e0bb.95C7FTv7WG_iO6GgUnpprRpz2YbNMget8_EkZP2cPKCIxmCym7l69mq9IRN0cNYInIwGLIuye8HIoUyZda.MjUuMF205ZH.BXNk_3p4SgznbAjAC1wWvkvhLCHW5xojVqfTjLuBNPW2kRALSN50ExjJ36u0.uOgeAvEhiGp2blv.jXW21wfgExp81dQ; report-to cf-otwrgqgoxlundahy 1
script-src 'nonce-l5JJT3+RKsqzH9p9/mya5FSS9kPDTzZrZ3/eQjDOs8URJp+XxcwfrX8Ll6k468quzeEcMENPSc1t+CfXp3kOiKp/Be9XJoIyLfIaFnYnOmLOo/qQf/4GiSCnHbK6jUqEAXrmM0Ay5qrek7K1YlHEJPEdR/AJ2xUaaaKjZiN7QJQ=' 'unsafe-inline' 'unsafe-hashes' 'sha256-EnSEfJP4zhNQBFAozjuyelc0fm4jWf9phCiK96htyGc=' 'sha256-ZcYoif0YqFumWAFmINgDs5Q+4Phz/zqLrkV1G++X3TU=' 'unsafe-eval' 'strict-dynamic' https: https://wcpstatic.microsoft.com/; base-uri 'none'; object-src 'none'; require-trusted-types-for 'script'; trusted-types default dompurify dynamic-style twitter-parser embed-code script-url 1DSScriptURL MeControlScriptURL  trusted-script youtube-widget-api copy-html; report-uri https://csp.microsoft.com/report/OfficeSway-PROD; 1
connect-src 'self' data: *.amazonaws.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googleapis.com *.gstatic.com *.masonline.id *.nr-data.net *.stockbit.com *.stockbit.io *.tiktok.com *.youtube.com wss://*.crisp.chat wss://*.stockbit.com analytics.google.com analytics-ipv6.tiktokw.us api.trongrid.io cdnma.cdnservice.space client.crisp.chat www.google.co.id www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockbit.com analytics.tiktok.com apis.google.com app.midtrans.com bam.nr-data.net client.crisp.chat connect.facebook.net d2r1yp2w7bby2u.cloudfront.net js-agent.newrelic.com midtrans.com nr-data.net sg1.wzrkt.com sg1.clevertap-prod.com www.google-analytics.com www.google.com/recaptcha/api.js www.googletagmanager.com www.gstatic.com/firebasejs/ www.gstatic.com/recaptcha/ www.youtube.com/iframe_api www.youtube.com/s/player/ ssl.google-analytics.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.stockbit.com *.cloudfront.net assets-nextjs.stockbit.com client.crisp.chat translate.googleapis.com; object-src 'none'; media-src 'self' assets-nextjs.stockbit.com; report-uri https://browser-intake-us5-datadoghq.com/api/v2/logs?dd-api-key=pub521231ea4d284aa9bbf819c83a438ad4&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
base-uri 'none'; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.heapanalytics.com https://distillery.wistia.com/x https://matillion.ddev.site:3000/ wss://matillion.ddev.site:3000 https://fast.wistia.com https://www.googletagmanager.com https://cdn.heapanalytics.com/js/heap-1873293713.js https://cdn.iubenda.com/cs/iubenda_cs.js https://connect.facebook.net/en_US/fbevents.js https://content.cdntwrk.com/components/website-widget/v1/118604/widget.js https://fast.wistia.com/assets/external/E-v1.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/848565924/ https://in.ml314.com/ud.ashx https://js.driftt.com/include/1688577300000/vh948h8ntehg.js https://js.intercomcdn.com/vendor-modern.255c4d36.js https://lift-ai-js.marketlinc.com/www.matillion.com/deployment.js https://ml314.com/tag.aspx https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.matillion.com/js/forms2/js/forms2.min.js https://script.hotjar.com/modules.832d10fb416834285523.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2386626.js https://static.oktopost.com/oktrk.js https://tag.demandbase.com/00a4b81bfa345e5b.min.js https://tracking.g2crowd.com/attribution_tracking/conversions/5351.js https://widget.intercom.io/widget/rjk6vrpn https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion/848565924/ https://www.googletagmanager.com/gtag/js https://www.iubenda.com/cookie-solution/confs/js/48216078.js https://www.redditstatic.com/ads/pixel.js; style-src 'self' 'unsafe-inline' https://p.typekit.net https://pages.matillion.com https://use.typekit.net; img-src 'self' data: 'self' data: https://alb.reddit.com https://analytics.twitter.com https://embed-ssl.wistia.com https://fast.wistia.com https://googleads.g.doubleclick.net https://heapanalytics.com https://id.rlcdn.com https://insight.adsrvr.org https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; connect-src 'self' https://992-uiw-731.mktoresp.com https://analytics.google.com https://api-iam.intercom.io https://api.company-target.com https://content.hotjar.io https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://google.com https://hits-i.iubenda.com https://in.hotjar.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://v2.api.uberflip.com https://visitor-scoring-c.marketlinc.com https://www.google-analytics.com https://www.google.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' 'self' data: https://fast.wistia.com https://use.typekit.net; media-src 'self' blob:; frame-src 'self' 'self' https://12420912.fls.doubleclick.net https://js.driftt.com https://pages.matillion.com https://s.company-target.com https://www.facebook.com; 1
default-src * data: blob: wss: 'unsafe-eval' 'unsafe-inline'; connect-src * wss:; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data: blob:; object-src * data:; media-src * data:; frame-src *; font-src * data:; manifest-src *; worker-src * blob:; frame-ancestors 'self' *.speechify.com speechify.com *.speechify.dev; report-uri https://speechify.com/api/csp-reports; report-to speechify 1
object-src 'none';base-uri 'self';script-src 'nonce-kPcRe-Ik-LO2KBlBkvbUzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_fD2k4HMku8r8DD9ZMuqQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OTbJOcy_80ebf3To3ioUlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NRmqJ1lUS5aq2NnQWjN6-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WUKlFCHr4vFP-aHZKEeeMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IHMKmP42d0O6aKzJvBa0vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors https: canvas.uts.edu.au;  report-uri https://www.uts.edu.au/api/reporting/;  report-to csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-WbHc5g3dK-mGOSsulK46iQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'unsafe-inline' data: *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com https://www.youtube.com https://c.paypal.com/ *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ https://cdn.sparkfun.com track.hubspot.com perf-na1.hsforms.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.googleapis.com *.fontawesome.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com js.hs-scripts.com cta-service-cms2.hubspot.com api.hubspot.com js.usemessages.com js.hs-analytics.net js.hsleadflows.net js.hubspot.com js.hs-banner.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com *.googleapis.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ cta-service-cms2.hubspot.com api.hubspot.com forms.hubspot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sparkfun.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
frame-src 'self' *.google.com *.google.be *.google.nl *.google.co.uk *.google.co.il *.google.com.ua *.gstatic.com *.scrmtech.com *.quora.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com *.googletagmanager.com *.adform.net payoneer.kinsta.cloud klentycal.com kl-website-tracking.s3.us-west-2.amazonaws.com cdn.klenty.com sgtm.payoneer.com sgtm.payoneer.com.cn *.div.show; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com bat.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.google.be *.google.nl *.google.co.uk *.google.co.il *.gstatic.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com server-side-tagging-sbyzlt5hyq-uc.a.run.app *.trackjs.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com optimizely.s3.amazonaws.com *.adform.net sdk.teamme.link js.hsforms.net app.beschannels.com js.hs-scripts.com kl-website-tracking.s3.us-west-2.amazonaws.com cdn.klenty.com work.codejudge.io hsforms.com storage.googleapis.com/skuad-public-assets/ geoapify.com s3-us-west-2.amazonaws.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com adform.net sgtm.payoneer.com sgtm.payoneer.com.cn; connect-src 'self' *.clarity.ms *.clarity.site api.factors.ai *.doubleclick.net *.userway.org *.google.com *.google.be *.google.nl *.google.co.uk *.google.co.il *.googleadservices.com *.google-analytics.com *.gstatic.com *.youtube.com *.amplitude.com www.payoneer.com www.payoneer.com.cn pubs.payoneer.com go.payoneer.com logx.optimizely.com rum.optimizely.com tapi.optimizely.com *.mktoresp.com *.execute-api.eu-north-1.amazonaws.com pagead2.googlesyndication.com adservice.google.com ssgtm-sbyzlt5hyq-ey.a.run.app sgtm.payoneer.com *.onetrust.io privacyportal-eu.onetrust.com geolocation.onetrust.com *.6sc.co *.bing.com bat.bing.com bat.bing.net px.ads.linkedin.com capture.trackjs.com storage.googleapis.com/skuad-public-assets/ www.g2.com api.hubapi.com app.klenty.com www.sk-t1.com *.algolia.net work.codejudge.io script.googleusercontent.com api.hsforms.com www.googletagmanager.com hm.baidu.com vrtywv29f3-dsn.algolia.net *.fastly.mux.com *.mktoutil.com *.yahoo.co.jp *.slim02.jp *.teamme.link *.cookielaw.org; img-src 'self' data: blob: https:; report-to default; report-uri https://payoneer.report-uri.com/r/d/csp/enforce 1
object-src 'none';base-uri 'self';script-src 'nonce-LXbfN45E3zb8QvLDfLTIDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-p3N8Tgsa7fpYjGpqLS6Stg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src * data:; img-src * data:; media-src * data: blob:; frame-src *; script-src 'nonce-a6824fcaae4d7d4522bf32f0ac412a40' 'unsafe-hashes' 'sha256-qwP4QCno5UAWneuNeQYFyvAiDvTfkg75J5D14cZjCDA=' 'sha256-S5xKDgI7S06g6YwGoh/T/JTDbndl/QB9P/WrrdygaUU=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' 'sha256-rRMdkshZyJlCmDX27XnL7g3zXaxv7ei6Sg+yt4R3svU=' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'sha256-F2FIxepkuC0NOVNSk0vN01FYQmWDYl4CITiGrDxcpZs=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-1tjffMrOxPdkP4w/XDnQFquGVJ+hRMdaRnvL6y+/CtQ=' 'unsafe-eval' https://actionnetwork.org/includes/js/ https://cdn.basejump.ai/js/ https://app.basejump.ai/static/ https://cdn.jsdelivr.net/npm/emojione@3.1.2/; worker-src 'self' blob:; style-src * 'unsafe-inline'; style-src-attr 'unsafe-inline'; object-src 'none'; connect-src https:; report-uri /_/csp-reports; report-to local-csp-reports; 1
report-uri https://bringatrailer.report-uri.com/r/t/csp/wizard; script-src 'nonce-PAzrUXaQQmK32LazaomGjA==' 'self' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.carfax.com *.hearstapps.com 1
default-src 'self'; script-src 'self' 'nonce-nonce-eb9df28fa165487e627ee9f142fb8e68'; img-src 'self' data: https:; font-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1
frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.akamai.net *.convertexperiments.com *.flickr.com *.hotjar.com *.google.com *.sierraclub.org *.twitter.com cdn.ampproject.org cdn.hypemarks.com cdn.jsdelivr.net cdn.optimizely.com connect.facebook.net google-analytics.com google.com googletagmanager.com instagram.com js.maxmind.com maps.googleapis.com partner.googleadservices.com pixel.sitescout.com public.tableau.com reddit.com scribd.com snap.licdn.com unpkg.com v1.addthisedge.com widgets.pinterest.com z.moatads.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: *.sierraclub.org cdn.honey.io cdn.jsdelivr.net cdn.knightlab.com cdnjs.cloudflare.com cloud.typography.com *.hotjar.com fonts.googleapis.com google.com pro.fontawesome.com; img-src * 'unsafe-inline' blob: data: https:; media-src 'self' data:; frame-src 'self' https: *.addthis.com *.doubleclick.net *.fls.doubleclick.net *.ggusd.us *.google.com *.hotjar.com *.optimizely.com *.s3.amazonaws.com *.sierraclub.org *.stpsb.org *.twitter.com block.opendns.com blocked.goguardian.com calendar.google.com cdn.bannersnack.com ckreport.lisd.net clubvolunteer.org facebook.com funnyordie.com gateway.zscalertwo.net global.acs.prismaaccess.com googletagmanager.com instagram.com m.facebook.com maphub.net meetup.com mozbar.moz.com player.vimeo.com public.tableau.com quorum.us rcm-na.amazon-adsystem.com s7.addthis.com spur.maps.arcgis.com static.contextall.com trustpoint-lax.northcentraltrust.com vpn.myips.org web.facebook.com youtube-nocookie.com youtube.com driveelectricweek.org; frame-ancestors 'self' https: blob: sierraclub.org driveelectricweek.org; child-src 'self' https: blob: sierraclub.org driveelectricweek.org; font-src 'self' data: https: *.sierraclub.org at.alicdn.com cdn.honey.io cdn.jsdelivr.net *.hotjar.com fonts.gstatic.com pro.fontawesome.com slant.co; connect-src 'self' https: *.doubleclick.net *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.optimizely.com *.sierraclub.org cdn.linkedin.oribi.io csp.withgoogle.com facebook.com geoip-js.com google-analytics.com googletagmanager.com logx.optimizely.com maps.googleapis.com sharethis.com secure.geonames.org stats.g.doubleclick.net *.osano.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-O6UNaPibtULeTDStSHKI4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
object-src 'none'; script-src 'self' 'report-sample' giving.classy.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://unpkg.com https://www.googletagmanager.com https://www.youtube.com public.flourish.studio; style-src 'self' 'report-sample' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=F8ThZhDh2Trk.WqqMnD6miJN7vQgNh6dloKPfdcyQFw-1773715515.6987715-1.0.1.1-_FJrYrBvc0A5jWvUW4J.9e8p4mdT9bKCy5thpPUtrll3wYeEfupoecBQ8885QJ5mUYBenUO6OIOzkD0ho0JP2TkXWvrnWRDn7bR0szumyg.F3TSJqNhqmQDrXZyq2QJJKht86do27sxSunQYptcETtwXQtS_N4oPXFyE.tsVLMk; report-to cf-csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-VrsbaR9FnBNtxa5gUXdzug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' https: 'unsafe-eval' https://*.zoom.us wss://zpns.zoom.us wss://widget-mediator.zopim.com; default-src 'self' https:; font-src 'self' https: data: data: source.zoom.us; img-src 'self' https: data: blob: *.zoom.us https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https: *.zoom.us; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: http://zoom.us *.zoom.us; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 1
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' https://unpkg.com 'unsafe-inline' https://webomat.unistra.fr/; script-src-elem 'self' 'report-sample' 'unsafe-eval' https://unpkg.com; style-src 'self' 'report-sample'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/ https://pay.google.com/ https://js.playground.klarna.com/ https://js.klarna.com/ https://placement-api-sandbox.clearpay.co.uk/ https://placement-api.clearpay.co.uk/ https://portal.sandbox.clearpay.co.uk/ https://portal.clearpay.co.uk/; report-uri https://csp-violations.external.wickes.co.uk 1
report-uri https://www.yelp.com/csp_report_only?id=8f97e3424c539315&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1773710017; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';    font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;     style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://a.usbrowserspeed.com https://pg.feroot.com https://static.hsappstatic.net https://js.hs-scripts.com https://js.hubspot.com https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://unpkg.com https://cdn.cookielaw.org https://js.hsforms.net https://tag.trovo-tag.com https://www.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.statcounter.com https://s3-us-west-2.amazonaws.com https://r2.leadsy.ai https://api.hubspot.com;     img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://c.clarity.ms https://track.hubspot.com https://cdn.cookielaw.org https://perf-na1.hsforms.com https://forms-na1.hsforms.com;     connect-src 'self' https://pro.ip-api.com https://geolocation.onetrust.com https://pageguard.feroot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com wss://statcounter.io https://s.clarity.ms https://n.clarity.ms https://cdn.cookielaw.org https://forms.hsforms.com https://c.statcounter.com https://www.google-analytics.com https://stats.g.doubleclick.net;     worker-src blob:;     frame-src https://meetings.hubspot.com https://app.hubspot.com https://www.facebook.com;     report-uri https://csp.ferootstage.com/18b81144-3bd3-4865-a794-a12c61fe5488/277c4f84-de2d-44c9-9079-40f8187028cb/collect; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com/api/csp-report; report-to csp-endpoint 1
script-src 'nonce-ejS8O5u1pZzRpcbgRtMvrw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=83539eee-4fda-481f-becd-4300880c9d44; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
script-src 'nonce-S5+P9lqEs5pi5LyzocTp8g==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=5248c1ac-561c-4b92-95fb-a9ab9782c454; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; frame-src *; worker-src blob:; script-src 'self' erli.pl 'unsafe-inline' 'unsafe-eval' https://*.erli.pl https://*.erli.tech https://*.prod.erli.tech https://bat.bing.com/bat.js https://bat.bing.com/p/action/134629556.js *.px-cloud.net *.px-cdn.net https://static.hotjar.com/c/hotjar-1742207.js https://script.hotjar.com/modules.*.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://analytics.optimalpeople.fr/js/rd-o-sdk.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/main.* https://analytics.tiktok.com/i18n/pixel/static/identify_935b0d03.js https://cdngazeta.pl/pixel/ID-625573 https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/306722670488438 https://googleads.g.doubleclick.net/pagead/viewthroughconversion/655077238 https://googleads.g.doubleclick.net/pagead/viewthroughconversion/466746092 https://pixel.wp.pl/w/tr.js https://pixel.wp.pl/w/WP-ERLI-SOFQW-AHA/ir.js https://fpx.wp.pl/web/v3/geBqSFMxQ5V57gTthkuL/loader_v3.11.0.js https://swrap.tradedoubler.com/wrap https://ams.creativecdn.com/tags/v2 https://ams.creativecdn.com/ig-membership https://tags.creativecdn.com/J05AnhvDIxGtgSQnpWbK.js https://www.artfut.com/static/tagtag.min.js https://www.artfut.com/static/tracking.min.js https://www.artfut.com/static/crossdevice.min.js https://www.google.com/pagead/1p-conversion/655077238 https://www.googleadservices.com/pagead/conversion/655077238; script-src-elem 'self' 'unsafe-inline' erli.pl *.erli.pl *.erli.tech *.prod.erli.tech connect.facebook.net maps.googleapis.com www.googleadservices.com www.gstatic.com www.google.com fpx.wp.pl bat.bing.com *.px-cloud.net *.px-cdn.net static.hotjar.com script.hotjar.com www.googletagmanager.com analytics.optimalpeople.fr analytics.tiktok.com cdngazeta.pl connect.facebook.net googleads.g.doubleclick.net pixel.wp.pl fpx.wp.pl swrap.tradedoubler.com ams.creativecdn.com tags.creativecdn.com www.artfut.com; connect-src 'self' erli.pl *.erli.pl *.erli.tech *.prod.erli.tech *.px-cloud.net *.px-cdn.net *.pxchk.net *.px-client.net *.google-analytics.com *.analytics.google.com *.googleadservices.com https://storage.googleapis.com/images-temp-erli-pl/ https://storage.googleapis.com/external-offers-import-erli-pl/ www.google.pl www.google.com maps.googleapis.com *.hotjar.io pixel.wp.pl fpx.wp.pl bat.bing.com forms.fcc-online.pl analytics.tiktok.com pos.bliskapaczka.pl clk.leadexpert.pl analytics.optimalpeople.fr ams.creativecdn.com stats.g.doubleclick.net www.facebook.com pixel-router.gazeta.pl; report-to 'csp-endpoint' 1
base-uri 'self'; default-src 'self' data: https://*.emcd.io https://at.alicdn.com https://cdn.carrotquest.app https://cdn.fontshare.com https://cdn.megabonus.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://mc.yandex.com https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://telegram.org https://use.fontawesome.com https://use.typekit.net https://www.cdn-tinkoff.ru; object-src 'none'; worker-src 'none' blob:; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.emcd.io https://accounts.google.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com https://www.gstatic.cn https://mc.webvisor.org https://mc.yandex.com https://mc.yandex.ru/ https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://js.intercomcdn.com https://widget.intercom.io https://telegram.org/js/pixel.js https://telegram.org/js/telegram-web-app.js https://telegram.org/js/telegram-widget.js?22 https://af.click.ru/ https://ajax.cloudflare.com https://analytics.dev.mind-dev.com https://cdn.carrotquest.app https://cdn.segment.com https://cloud.roistat.com https://connect.facebook.net https://edge.fullstory.com https://*.programmatica.com https://script.marquiz.io https://script.marquiz.ru https://snap.licdn.com/li.lms-analytics/insight.min.js https://v1.slise.xyz https://widgets.outbrain.com https://appleid.cdn-apple.com/appleauth/ https://snap.licdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://telegram.org https://fonts.googleapis.com https://accounts.google.com https://mc.yandex.ru; img-src 'self' data: https://*.emcd.io https://fonts.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://mc.webvisor.org https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.ru https://mc.yandex.uz https://yastatic.net https://*.intercomcdn.com https://messenger-apps.intercom.io https://static.intercomassets.com https://app.getbeamer.com https://cdn4.telesco.pe https://px.ads.linkedin.com https://sync.programmatica.com https://www.facebook.com https://t.me/i/userpic; frame-src 'self' data: https://accounts.google.com https://www.google.com https://www.googletagmanager.com https://www.recaptcha.net https://mc.yandex.com https://mc.yandex.ru https://intercom-sheets.com https://www.intercom-reporting.com/ https://af.click.ru https://emet.live https://emet.news https://eu.id.group-ib.com https://oauth.telegram.org https://payments.mercuryo.io https://quiz.marquiz.io https://quiz.marquiz.ru https://www.youtube.com; connect-src 'self' data: https://*.emcd.io wss://*.emcd.io https://accounts.google.com https://play.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.recaptcha.net https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://translate.yandex.net wss://mc.yandex.ru https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://browser.sentry-cdn.com https://o1144246.ingest.sentry.io https://o1144246.ingest.us.sentry.io https://api.segment.io https://cdn.segment.com https://oauth.telegram.org https://telegram.org/pxl https://adtonus.com https://analytics.dev.mind-dev.com https://api.carrotquest.app https://code.jquery.com https://containers.programmatica.com https://endpoint.em-app.tech https://infragrid.v.network https://ipapi.co https://px.ads.linkedin.com https://rktds.net https://*.fullstory.com https://v1.slise.xyz https://www.facebook.com https://*.intercom.io/ https://www.google.com/recaptcha https://mpc-prod-1-1053047382554.us-central1.run.app; report-uri https://cspr.emcd.io/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss://*.dathost.net https://*.dathost.net https://www.googletagmanager.com https://*.cookieyes.com https://cdn-cookieyes.com https://analytics.ahrefs.com https://widget.trustpilot.com https://*.clarity.ms https://c.bing.com/ https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://cdnjs.cloudflare.com https://*.js.stripe.com https://js.stripe.com https://api.stripe.com https://hooks.stripe.com https://maps.googleapis.com https://*.gravatar.com https://s3.dathost.net https://www.paypalobjects.com https://fonts.gstatic.com https://media.forgecdn.net https://avatars.steamstatic.com https://accounts.google.com https://challenges.cloudflare.com https://i.gyazo.com https://i.imgur.com https://i.ytimg.com https://*.youtube.com https://fonts.googleapis.com https://use.typekit.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.ae https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bg https://www.google.by https://www.google.ca https://www.google.ch https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.ve https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.at https://www.google.com.au https://www.google.com.bg https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.hk https://www.google.com.kh https://www.google.com.lb https://www.google.com.mm https://www.google.com.mx https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sg https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.md https://www.google.mk https://www.google.mn https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.rs https://www.google.se https://www.google.sk https://www.googleadservices.com; report-uri /internal-api/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cmp.inmobi.com https://cdn.intergient.com https://*.doubleclick.net https://cdn.intergi.com http://cdn.intergient.com https://btloader.com https://c.amazon-adsystem.com https://*.googlesyndication.com https://mowgoats.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://jamie-oliver-2.commercelayer.io https://*.googlesyndication.com https://*.doubleclick.net https://*.sentry.io https://*.playwire.com https://*.amazon-adsystem.com https://api.btloader.com https://*.algolia.net https://*.algolianet.com https://auth.commercelayer.io https://*.auth0.com https://csi.gstatic.com https://simple-save.jamieoliver.workers.dev https://s5g.jamieoliver.workers.dev; img-src 'self' https://asset.jamieoliver.com https://www.google.co.uk https://www.google-analytics.com https://px.moatads.com https://ad-delivery.net https://ad.doubleclick.net https://www.googletagmanager.com https://img.youtube.com https://i.ytimg.com https://s.gravatar.com https://*.auth0.com https://*.googlesyndication.com https://csi.gstatic.com https://cdn.sanity.io https://*.wp.com data:; media-src 'self' data:; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://cdn.intergient.com https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self' blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https://config.playwire.com; frame-ancestors 'none'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com principiaskin.com *.principiaskin.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.mercadolibre.com *.weltpixel.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.authorize.net *.google.com *.paypal.com *.freshchat.com *.pagseguro.uol.com.br *.doubleclick.net *.pinterest.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com *.instagram.com *.magentocommerce.com *.ytimg.com s.ytimg.com *.pinterest.com *.googleadservices.com *.google.com *.google.com.br *.google.it *.google-analytics.com www.paypalobjects.com *.paypalobjects.com *.paypal.com www.paypal.com t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.ftcdn.com *.behance.com *.pagseguro.com/ *.apptrian.com *.mercadolivre.com *.yotpo.com *.adobedtm.com *.demdex.net *.everesttech.net assets.braintreegateway.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.doubleclick.net *.onesignal.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com https://principiacosmeticos.com/mtracking.gif https://www.google.com.ar/ads/ga-audiences https://www.google.com.ar/pagead/1p-user-list/700931334/ https://principiaskincare.com.br/mtracking.gif https://t.co/1/i/adsct *.facebook.com content.app-us1.com cdn.jsdelivr.net *.cloudfront.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com www.apptrian.com *.freshchat.com *.google.com *.google-analytics.com *.facebook.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.paypal.com www.paypal.com *.ytimg.com *.googleadservices.com *.paypalobjects.com www.paypalobjects.com *.vimeo.com www.youtube.com *.viacep.com.br *.apptrian.com *.polyfill.io *.cloudflare.com *.pagseguro.uol.com.br *.tiktok.com *.pinimg.com *.mercadopago.com *.doubleclick.net *.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io pay.google.com *.yotpo.com *.onesignal.com https://onesignal.com/api/v1/sync/980b27db-f331-407d-8b91-7ea1ff79c577/web *.principiacosmeticos.com https://principiacosmeticos.com/mtc.js *.k-analytix.com principiaskin.com *.principiaskin.com *.cloudflareinsights.com https://designestylelab.com/css/ https://analytics-manager.com/an https://analytics-manager.com/an/ https://principiaskincare.com.br/mtc.js https://static.cloudflareinights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 *.ads-twitter.com/uwt.js *.pinterest.com diffuser-cdn.app-us1.com prism.app-us1.com *.activehosted.com trackcmp.net cdn.jsdelivr.net *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.freshchat.com fonts.googleapis.com *.mercadopago.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.onesignal.com https://onesignal.com/sdks/OneSignalSDKStyles.css *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com *.google.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.rastreio.alfatracking.com.br *.tracking.totalexpress.com.br *.rastreio.fmtransportes.com.br *.correios.com.br www.apptrian.com *.instagram.com *.pinterest.com *.apptrian.com *.polyfill.io *.cloudflare.com *.paypal.com *.pinimg.com *.tiktok.com *.google.com *.google.com.br *.google.it https://www.google.com.br/ads/ga-audiences https://www.google.it/ads/ga-audiences *.google-analytics.com *.doubleclick.net *.yotpo.com *.mercadolibre.com *.onesignal.com https://onesignal.com/api/v1/apps/980b27db-f331-407d-8b91-7ea1ff79c577/icon *.principiacosmeticos.com https://principiacosmeticos.com/mtc/event *.konduto.com principiaskin.com *.principiaskin.com *.googleapis.com *.viacep.com.br https://viacep.com.br/ws/ viacep.com.br/ws *.amcglobal.sc.omtrdc.net *.geostag.cardinalcommerce.com *.geo.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.1eaf.cardinalcommerce.com *.centinelapistag.cardinalcommerce.com *.centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.api.comapi.com *.webchat.dotdigital.com *.ekr.zdassets.com *.braintreegateway.com *.braintree-api.com https://principiaskincare.com.br/mtc/event https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ analytics.pangle-ads.com https://google.com/ccm/form-data/700931334 https://google.com/pagead/form-data/700931334 analytics-ipv6.tiktokw.us http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.activehosted.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri csp-reporting/; report-to report-endpoint; 1
default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.instagram.com *.europa.eu *.3qsdn.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.instagram.com *.europa.eu *.3qsdn.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.instagram.com *.europa.eu *.3qsdn.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.instagram.com *.europa.eu *.3qsdn.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
report-uri https://www.feedingamerica.org/report-uri/reportOnly 1
script-src https://faq.wadax.ne.jp https://taj1.ebis.ne.jp/SFQ4WWMM/cmt.js 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://gmocloudcommunity.force.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/779117373/ https://am.yahoo.co.jp/rt/ https://b99.yahoo.co.jp/pagead/conversion_async.js https://checkoutshopper-live.adyen.com/ https://www.wadax.ne.jp https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://www.googletagmanager.com/ https://taj2.ebis.ne.jp/SFQ4WWMM/cmt.js https://cache.img.gmo.jp https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://support.gmocloud.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ https://s.yimg.jp/images/listing/tool/cv/ytag.js 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://gmogshd-ch.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D10000000Hq6P&networkId=0DM5F00000001rL&type=communities 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval' blob:;img-src * data:;style-src * 'unsafe-inline';report-to report;report-uri /users/main/reporting-api?mode=csp2&server_id=502; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mozzartbet.com data: blob: ws: wss: https://*.mozzartbet.com https://*.mozzartsport.com https://*.mozzartio.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sportradar.com https://*.sportradarserving.com https://*.betradar.com https://*.onesignal.com https://onesignal.com https://*.cookiebot.com https://*.livechatinc.com https://*.sift.com https://*.siftscience.com https://*.cloudflare.com https://*.adsrvr.org https://*.taboola.com https://*.yimg.com https://*.segment.com https://*.segment.io https://*.privacy-center.org https://*.clarity.ms https://*.mxpnl.com https://*.ads-twitter.com https://*.tiktok.com https://*.amazonaws.com https://fpnpmcdn.net; style-src 'self' 'unsafe-inline' https://*.mozzartbet.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com https://*.privacy-center.org; font-src 'self' data: https://*.mozzartbet.com https://*.gstatic.com https://*.googleapis.com; frame-src 'self' https:; base-uri 'self'; form-action 'self' https:; report-uri /_csp-report 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.bg *.betano.bg betano.com *.betano.com betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com creativecdn.com *.creativecdn.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com bing.com *.bing.com betano.pt *.betano.pt cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery clarity.ms *.clarity.ms lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0FC1FhbMFbVU3QmEE7oJe7wlvMMAtwjGDNPwMxRtU9A-1773710579-1.0.1.1-ckO4_KlZfD_AcHoLLftB7XK89eU90ohaU_SVdxrwL5Q3xJjqN69lrtOdvqDmCdw4eLiOC3Wx7ricWDjpq3qNtjzR6dZXFSSaELOKRSAipCmu_RTiFmxsKxoKzhOUCMWsvDCLwgBVD02RYjIbwfLkOg0VFEaKw0gQ7R2280D0B3Broqxe3HXgWraKAO4OIysDppWSenx10LVKSTJs9lcE4Q; report-to cf-fdnsaibhceutkhin 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';report-uri /csp.php 1
default-src 'self' https:; object-src 'none'; img-src 'self' https: blob: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://buildkite.uriports.com/reports/report 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.github.com/ https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/ace/1.1.3/ace.js https://connect.facebook.net/en_US/fbevents.js  https://connect.facebook.net/signals/config/ https://js.intercomcdn.com https://js.intercomcdn.com/vendor-modern.7a9ca9be.js https://prod.hackster-cdn.online/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.intercomcdn.com/ https://widget.intercom.io/widget/l4h7orei https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js  https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://prod.hackster-cdn.online https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://www.hackster.io/ https://hacksterio.s3.amazonaws.com/ https://7yqjt9bhux-dsn.algolia.net https://analytics.google.com https://api-iam.intercom.io https://api.hackster.io https://o4506440451424256.ingest.sentry.io https://ohm-dot-hackster-io.appspot.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: application/font-woff https://prod.hackster-cdn.online; frame-src 'self' https://lookerstudio.google.com/ https://datastudio.google.com https://www.facebook.com/ https://www.google.com https://www.youtube.com; img-src 'self' data: blob: https://lh6.googleusercontent.com https://lh5.googleusercontent.com https://content.arduino.cc https://avatars.githubusercontent.com https://avatars2.githubusercontent.com/ https://platform-lookaside.fbsbx.com https://www.hackster.io/ https://graph.facebook.com https://gravatar.com https://hackster.imgix.net https://i.ytimg.com https://lh3.googleusercontent.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.newark.com https://px4.ads.linkedin.com; manifest-src 'self' https://prod.hackster-cdn.online; media-src 'self' https://hackster.imgix.net; report-uri https://6620045c077c1adc81b63f22.endpoint.csper.io/?v=2; worker-src blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: cdn.weglot.com *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; img-src * data: *.mutinycdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net use.fontawesome.com ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com data: api.weglot.com cdn.weglot.com *.clarity.ms *.datadoghq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.onetrust.com *.pingdom.net *.segment.com *.segment.io *.sentry.io *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com cdn.cookielaw.org d.adroll.com in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com analytics.funnelfuel.io tag-logger.demandbase.com api.c99.ai ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: cdn.weglot.com *.3lift.com *.adroll.com *.affilae.com *.arcade.software *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.js.driftt.com *.facebook.com *.getbeamer.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.sitespect.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com m.servedby-buysellads.com paapi9371.d41.co api.c99.ai analytics.funnelfuel.io v2.d41.co ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1
report-to cf-csp-endpoint 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com chat.bncenlinea.com:8000 ajax.googleapis.com 341d26ed8226.bncenlinea.com ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com d3i9pllfrk5tet.cloudfront.net d3q4nr72nuserl.cloudfront.net maxcdn.bootstrapcdn.com s3.amazonaws.com www.googletagmanager.com s3.amazonaws.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com d3i9pllfrk5tet.cloudfront.net d3q4nr72nuserl.cloudfront.net;font-src 'self' d3i9pllfrk5tet.cloudfront.net fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: s3.amazonaws.com d3i9pllfrk5tet.cloudfront.net d3q4nr72nuserl.cloudfront.net;connect-src 'self' ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com cloudfront.net 341d26ed8226.bncenlinea.com www.google-analytics.com; 1
default-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.dacast.com/ https://*.google-analytics.com https://*.googletagmanager.com https://dacastmmd.mmdlive.lldns.net/ https://*.akamaized.net/ https://kinesis.us-east-1.amazonaws.com/ https://license.theoplayer.com/ https://www.cloudflare.com/; font-src 'self' data: https://cdnjs.cloudflare.com/ https://fonts.gstatic.com; frame-src 'self' https://*.icc-cpi.int/ https://*.dacast.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://widgets.ebscohost.com/ https://www.google.com/recaptcha/ https://signup.es-mail.co.uk/; img-src 'self' data: https://*.dacast.com/ https://*.google-analytics.com https://*.googletagmanager.com https://license.theoplayer.com/ https://*.ytimg.com; media-src 'self' blob: data: https://dacastmmd.mmdlive.lldns.net/ https://*.akamaized.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.dacast.com/ https://*.google-analytics.com https://*.googletagmanager.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://static.cloudflareinsights.com/ https://unpkg.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net https://code.jquery.com https://player.dacast.com https://unpkg.com https://www.google.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://prod-nplayer.dacast.com/ https://*.dacast.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.icc-cpi.int/report-uri/reportOnly 1
script-src 'nonce-uVD/qAqcKuwS5pEvamS9gQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=7cd4224b-a3f2-4cfd-b6f8-d5f094c58104; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *.unionesarda.it s.clickiocdn.com *.ampproject.org *.google.com; report-uri /csp-report 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk  *.chatcora.natwest.com *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Q9l+iADLMZJGWiwwp2Izqw==' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-LKoKPmNqHRN8cRo6oechbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://pagesense-collect.zoho.com https://stats.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://connect.facebook.net https://m.facebook.com https://maps.google.com https://maps.googleapis.com https://mobile.facebook.com https://platform.twitter.com https://static.addtoany.com https://web.facebook.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://fonts.gstatic.com https://pagesense-collect.zoho.com https://*.fbcdn.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.gcis.gov.za https://www.google.com https://www.google.co.za https://www.googletagmanager.com https://www.gov.za https://www.gstatic.com https://www.publicsectormanager.gov.za https://www.sanews.gov.za https://www.vukuzenzele.gov.za https://*.openstreetmap.org https://*.ytimg.com https://www.google-analytics.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://cdn.pagesense.io https://connect.facebook.net https://maps.googleapis.com https://platform.twitter.com https://static.addtoany.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://platform.twitter.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.gov.za/system/reporting/default; report-to default 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.de/api/csp-report; report-to csp-endpoint 1
worker-src https://www.googletagmanager.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.klarnacdn.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.google.com/ *.klarna.com *.packeta.com apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com imgsct.cookiebot.com imgsct.cookiebot.eu magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://img.youtube.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js consent.cookiebot.com consent.cookiebot.eu *.disqus.com https://cdn.jsdelivr.net *.google.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com mapa.orlenpaczka.pl *.packeta.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org unpkg.com *.snrbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://cdn.jsdelivr.net *.klarnacdn.net maxcdn.bootstrapcdn.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.snrcdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com https://maps.googleapis.com https://player.vimeo.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com nominatim.openstreetmap.org *.packeta.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; trusted-types sanitizer unsafe dompurify scriptHelper 1
frame-ancestors 'none'; report-uri https://csp.some.porn/csp-report; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-QqEm3zNhf5nMHFDv6Chu0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-uKWYGmUd_QDMcAQ7FDpFELwoi3g5fQc94DWIgiNYigJUZUiyiCJbww' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'nonce-uKWYGmUd_QDMcAQ7FDpFELwoi3g5fQc94DWIgiNYigJUZUiyiCJbww' 'report-sample'; report-uri https://typo3.org/@http-reporting?csp=report&requestTime=1773713867932191&requestHash=c420731442abcbd65e797b2a7487b0d2fff4c482 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://isho.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com https://platform.twitter.com https://www.instagram.com; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1
default-src 'self' *.lexus.com login.microsoftonline.com; frame-src 'self' *.lexus.com *.adsrvr.org csxd.contentsquare.net toyota.demdex.net *.doubleclick.net www.facebook.com *.flashtalking.com www.google.com www.googletagmanager.com *.pinterest.net *.pinterest.com *.snapchat.com www.youtube.com; connect-src 'self' 'unsafe-eval' *.lexus.com *.toyota.com insight.adsrvr.org *.agkn.com ara.paa-reporting-advertising.amazon *.amazon-adsystem.com *.awsapprunner.com *.awswaf.com *.bing.com doh.cq0.co *.contentsquare.net *.demdex.net *.doubleclick.net www.facebook.com *.google.com *.googleadservices.com maps.googleapis.com *.googletagmanager.com *.linkedin.com *.loopme.com *.tt.omtrdc.net *.pinterest.net *.pinterest.com *.quantserve.com *.reddit.com tagging.shiftdigitalapps.io *.snapchat.com *.spotify.com tags.srv.stackadapt.com *.teads.tv *.yimg.com browser-intake-datadoghq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lexus.com *.toyota.com sc-static.net adserv.mobi *.adsrvr.org *.amazon-adsystem.com *.awswaf.com sdtagging.azureedge.net bat.bing.com pixel.byspotify.com *.contentsquare.net pixel.demandlocal.com googleads.g.doubleclick.net connect.facebook.net *.flashtalking.com www.google.com maps.googleapis.com www.googletagmanager.com www.gstatic.com c.gumgum.com rum.hlx.page scripts.inmarkethub.com snap.licdn.com i.loopme.me pixel.mathtag.com s.pinimg.com *.pinterest.net *.pinterest.com rules.quantcount.com secure.quantserve.com www.redditstatic.com tagging.shiftdigitalapps.io *.snapchat.com tags.srv.stackadapt.com *.teads.tv *.tribalfusion.com *.turn.com *.tvsquared.com static.ads-twitter.com s.yimg.com www.youtube.com; style-src 'self' 'unsafe-inline' *.lexus.com *.toyota.com tags.srv.stackadapt.com; font-src 'self' *.lexus.com *.toyota.com data:; img-src 'self' *.lexus.com *.toyota.com *.adentifi.com *.adsrvr.org js.adstk.io *.agkn.com s.amazon-adsystem.com bat.bing.com *.cognitivlabs.com *.contentsquare.net *.doubleclick.net cm.everesttech.net www.facebook.com *.flashtalking.com accretivemedia.go2cloud.org www.google.com www.google.fr www.googleadservices.com www.googletagmanager.com maps.gstatic.com px.gumgum.com *.ispot.tv px.ads.linkedin.com kcc0.com pixel.logtrackback.com lciapi.ninthdecimal.com *.tt.omtrdc.net *.postrelease.com *.quantserve.com *.reddit.com di.rlcdn.com *.scene7.com tagging.shiftdigitalapps.io *.springserve.com *.stackadapt.com t.co *.teads.tv dsp.tk0x1.com *.tribalfusion.com trkn.us *.turn.com *.tvsquared.com analytics.twitter.com ads.undertone.com *.w55c.net sp.analytics.yahoo.com data:; media-src 'self' *.doubleclick.net *.toyota.com dts.innovid.com m.youtube.com pdst.fm s-static.innovid.com www.googleadservices.com www.youtube-nocookie.com www.youtube.com; child-src 'self' blob:; worker-src 'self' 'unsafe-inline' blob: data:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd963f598149f172b4b36c022bf30d5d5&dd-evp-origin=content-security-policy&ddsource=csp-report 1
default-src 'self' https://*.sugarondemand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.avery.com https://*.osano.com https://analytics.tiktok.com https://www.google-analytics.com https://s.pinimg.com https://*.bazaarvoice.com https://*.dynamicyield.com https://js.squarecdn.com https://*.usablenet.com https://www.googletagmanager.com https://*.livechatinc.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://*.google.com https://*.debugbear.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.3/picturefill.min.js https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js https://*.salesloft.com https://*.bc0a.com https://*.attn.tv https://*.lrkt-in.com https://connect.facebook.net https://www.gstatic.com https://ct.pinterest.com https://*.curalate.com https://www.redditstatic.com https://*.doubleclick.net https://*.bing.com https://cdn.dashhudson.com/web/js/board-carousel-embed.js https://cdn.jsdelivr.net/npm/swiper@11/ https://*.cloudinary.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.5/js/lightbox-plus-jquery.min.js 'wasm-unsafe-eval' https://*.glance.net https://*.glancecdn.net https://*.amazon-adsystem.com https://container.pepperjam.com https://cdn.lgrckt-in.com/logger-1.min.js *.udev1a.net *.usablenet.com https://cdn.jsdelivr.net/npm/beerslider@1.0.3/dist/BeerSlider.js https://static.dy-api.com; style-src 'self' 'unsafe-inline' https://*.avery.com https://fonts.googleapis.com https://*.dynamicyield.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://*.typekit.net https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.5/css/lightbox.min.css https://*.glance.net https://*.glancecdn.net https://avery-static-tailwind.s3.us-east-1.amazonaws.com/ *.udev1a.net *.usablenet.com https://cdn.jsdelivr.net/npm/beerslider@1.0.3/dist/BeerSlider.css https://static.dy-api.com; img-src 'self' data: https://*.avery.com https://www.google-analytics.com https://www.googletagmanager.com https://*.afterpay.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.usablenet.com https://www.facebook.com https://*.dynamicyield.com https://*.livechatinc.com https://s3.amazonaws.com https://*.gstatic.com https://*.sugarondemand.com https://i.ytimg.com https://*.reddit.com https://*.bing.com https://*.cloudfront.net https://likeshop.me https://images.dashsocial.com https://images.dashhudson.com https://*.google.com https://*.glance.net https://*.glancecdn.net https://tvspix.com https://arttrk.com https://*.attentivemobile.com; font-src 'self' data: https://*.avery.com https://fonts.gstatic.com https://*.dynamicyield.com https://cdnjs.cloudflare.com https://*.squarecdn.com https://*.bazaarvoice.com https://*.typekit.net https://likeshop.me https://*.glance.net https://*.glancecdn.net; connect-src 'self' https://*.avery.com https://*.dynamicyield.com https://*.doubleclick.net https://dy-api.com https://www.google-analytics.com https://*.osano.com https://ct.pinterest.com https://analytics.tiktok.com https://*.bazaarvoice.com https://*.salesloft.com https://*.lrkt-in.com https://*.bc0a.com https://events.attentivemobile.com https://*.attn.tv https://*.afterpay.com https://server-side-tagging-ykzfrilmoq-uc.a.run.app https://*.amplitude.com https://*.google.com https://*.salsify.com https://salsify-ecdn.com https://*.curalate.com https://ls.chatid.com/events https://*.reddit.com https://www.redditstatic.com https://*.debugbear.com https://*.bing.com https://www.googleadservices.com https://api.likeshop.me/gallery-more https://www.facebook.com *.livechatinc.com wss://*.glance.net https://*.glance.net https://*.glancecdn.net https://direct-collect.dy-api.com https://*.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://analytics-ipv6.tiktokw.us https://google.com https://r.lgrckt-in.com/i https://*.braintreegateway.com https://*.braintree-api.com https://static.dy-api.com; frame-src 'self' https://*.avery.com https://ct.pinterest.com https://*.google.com https://*.dynamicyield.com https://*.doubleclick.net https://*.livechatinc.com https://*.afterpay.com https://*.attn.tv https://www.facebook.com https://salsify-ecdn.com https://www.youtube.com https://server-side-tagging-ykzfrilmoq-uc.a.run.app https://www.googletagmanager.com https://*.amazon-adsystem.com https://*.cloudinary.com https://*.sugarondemand.com https://*.glance.net https://*.braintreegateway.com; frame-ancestors 'self' https://*.avery.com https://*.google.com; worker-src 'self' blob:; object-src 'none'; report-uri /_api/csp-report; report-to csp-endpoint; 1
default-src 'self'; script-src 'nonce-WZvz+MBxTwrH5JrLzSlQlQ==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://python-util-funcs-c2dzg6bdbrdbd0g6.australiaeast-01.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com https://static.userguiding.com https://metrics.userguiding.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-uploads.openlearning.com https://uploads.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net klarna.com https://fonts.gstatic.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.facebook.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.google.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.stripe.com * *.weltpixel.com consentcdn.cookiebot.com consentcdn.cookiebot.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com challenges.cloudflare.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com * imgsct.cookiebot.com imgsct.cookiebot.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pushalert.co www.xtento.com cdn.xtento.com lookaside.fbsbx.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io *.google.com/ *.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com https://maps.googleapis.com https://static.hotjar.com * consent.cookiebot.com consent.cookiebot.eu js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com challenges.cloudflare.com *.pushalert.co https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.loudcrowd.com https://www.onlinehomeshop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net assets.braintreegateway.com tagmanager.google.com https://fonts.googleapis.com *.loudcrowd.com https://www.onlinehomeshop.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com lookaside.fbsbx.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com https://developer.adobe.com https://maps.googleapis.com * consentcdn.cookiebot.com consentcdn.cookiebot.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pushalert.co https://www.google-analytics.com *.loudcrowd.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-1a1f014614ac47999cc85e2d45548e19' 'strict-dynamic'; report-uri /api/fb/cspLogs; script-src-attr 'sha256-bwK6T5wZVTANitXbrTsel7kl/PyCjCd/Dq5Qoz3imjM=' 'unsafe-hashes'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.ie *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.ie *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.ie *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv%3F3.t2qns-19cf95d2f09-0x604#pd 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com http2.mlstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com mldp.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.mercadopago.com.ar www.mercadopago.cl *.google.com *.online-metrix.net *.groovinads.com *.g.doubleclick.net *.clarity.ms *.bing.com *.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.braindw.com *.mlstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br http2.mlstatic.com secure.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com h.online-metrix.net https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ i.k-analytix.com rum-static.pingdom.net live.decidir.com *.newrelic.com bam-cell.nr-data.net https://api.wcx.cloud https://static-s.braindw.com https://f.wcentrix.com https://ads01.groovinads.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net *.groovinads.com *.online-metrix.net *.bing.com *.clarity.ms *.cloudfront.net *.force.com *.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.varify.io *.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ http2.mlstatic.com *.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.braindw.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magerocket.com *.gocuotas.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.google-analytics.com i.konduto.com rum-collector-2.pingdom.net *.mercadolibre.com.ar *.decidir.com bam-cell.nr-data.net https://stats.g.doubleclick.net https://s.braindw.com https://a.braindw.com https://api.wcx.cloud https://f.wcentrix.com *.g.doubleclick.net *.nr-data.net *.clarity.ms *.online-metrix.net *.varify.io *.bing.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KUvotCUdL5ZwaPtBwuuu0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-4k392Vleyj44pnJmBYRq8w==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=8e6298bc-92ef-4966-bdf3-f834b078ac8f; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
script-src 'self' 'unsafe-eval' 'sha256-Tzu6+wuu1SjTdVaXJEV6PivtY9mRqZb0xhhm2BLRAOA=' 'sha256-7IyttL+tUqfo+WQfAWL3v6YMknUKo9ajmbpNtuTjMN0=' 'sha256-3hfUlZv/u0yM7A3uB3JvxOvBYAe8qn24uA4O2An1VRY=' 'sha256-MV1RuepqvbyT5NhbRPeSj1juoiQBimzZ/wO2CMs3kus=' 'sha256-ABZr65Zok8xacqLFUeZR+42Msgxys7C+6WB+vtacJb8=' 'sha256-bHVKPlpu6EceFvLitpQwu5mjjCOghOO0EQqqS41Qn6Q=' 'sha256-wxehmTJycT+YLBVHLN3bWj/zTcxemiqmfRQzTQW8ir4=' 'sha256-xCJKn7hMM9SELWl17uBsfarS81wpzMEJEmq9eKBxtzs=' 'sha256-+2rXXU3laxTDtQNsImGyQ1X64rn4ISQLNShnWzx821g=' 'sha256-/J1Ywi0oxHQHCpzRvtKWWe4P+hIt7HcIaSwR9c4c5Rs=' 'sha256-39X4GDwTjoEuiHC/2kJYF7mNFjiDloAgzPDJAZFmXUA=' 'sha256-4H8OjgRPgGcbXIWnunILQFptlaDulDAprEkdWAmd5rs=' 'sha256-6ncdpKw08Cc1EFsSeeLsVjAIaYvgm1rBcI4cNp12+Qw=' 'sha256-7PIxQkJpqFtF3ibD6pIWa3xB9NioZz/ynQRYzL0/GQk=' 'sha256-7gtkfRfWNDeobU0B/hfsPp2BIWvoaQl9Qnyy5LiRnxs=' 'sha256-FCJSELYJJqB55vIG3t/ph5fM8YdnNvdK1wyBgKoLBv8=' 'sha256-FTGWq2sxofS5L8Yq87ilEpDqn9l5NkLK0cc3sd7OvnM=' 'sha256-IHOzCHp//Jl1lFsowvMxAPGD+T7zlnWM2mFk53CcUCQ=' 'sha256-Lbd7CfEvDCWYMyHY0+sXbfaSIJoSyADQN1msRc5GDNI=' 'sha256-UIJOLWy/Osv+QGQ4imdRlRujM6eUI1MSyU7o0yUPUZY=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-av+IGVQJsQwpqceEC0sQFA8e9C8QabH8uLcfyhwM7SQ=' 'sha256-eVK40NIq3UGWc8qEju5kUvLu1HgsUzj88BW49m/q4j0=' 'sha256-ggRYfkK/3LVUNlNZMQmNN9BFxap4CrJfPbtZ6v2xbjo=' 'sha256-grcTsfRWbkeUhSuDjdKCkH5D8wGl/7m/mQ40fxHu0mw=' 'sha256-jFtAwO73SFINACr8TD6icHqaE8VW008cFmXWwD0f9fM=' 'sha256-r217nY7GmxmFONoUAdkKv3HkplOIco6U4dEWu4mrSIs=' 'sha256-u24cgm8XlTjNvJyJKe51ekUDI8IYMtxoJZ/6Obf/+y0=' 'sha256-xGfPUma/ZEUO/hLpxJqIvAXja0IQ6z6bdVSim0NgRs0=' 'report-sample' https://*.doubleclick.net https://*.cdn4.forter.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nr-data.net https://*.yahoo.com https://api.bounceexchange.com https://assets.bounceexchange.com https://at1.listrakbi.com https://bat.bing.com https://bam.nr-data.net https://cdn.attn.tv https://cdn.browsiprod.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.listrakbi.com https://connect.nosto.com https://cdn.roirevolution.com https://f.clarity.ms https://googleads.g.doubleclick.net https://graph.facebook.com https://geoipwebservice.com https://google-analytics.com https://googletagmanager.com https://guarantee-cdn.com https://js.facebook.com https://js-agent.newrelic.com https://platform.linkedin.com https://query.yahooapis.com https://r.bing.com https://r.webeyez.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://services.listrak.com https://s1.listrakbi.com https://s.pinimg.com https://sec.webeyez.com https://s.yimg.com https://tag.bounceexchange.com https://tagmanager.google.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://sdk.helloextend.com/extend-sdk-client/v1/extend-sdk-client.min.js https://cdn1.affirm.com/js/v2/affirm.js https://*.clarity.ms/s/0.6.34/clarity.js;frame-ancestors 'self' *.yahoo.com s.yimg.com;frame-src https://www.affirm.com/ https://creatives.attn.tv/ https://r.webeyez.com/ https://assets.bounceexchange.com/;block-all-mixed-content;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.google.com *.bing.com code.jquery.com cdn.jsdelivr.net cdn.listrakbi.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com;base-uri 'self' *.yahoo.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; frame-src https:; child-src https:; frame-ancestors 'self'; form-action 'self'; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-YCFsJCQ/Zhh+h83y580b8ae1'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-A1YSc_ZBrajD5266-Imq7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: report-uri https://o1151714.ingest.us.sentry.io/api/4509640700461056/security/?sentry_key=74a33d973a69190986eba8f4bca540d2; report-to csp-endpoint; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com seeedstudio.us11.list-manage.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com https://bid.g.doubleclick.net seeedstudio.us11.list-manage.com *.sandbox.braintree-api.com *.paypal.com *.certcapture.com; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com maps.googleapis.com *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.taboola.com seeedstudio.us11.list-manage.com *.seeedstudio.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.weltpixel.com *.certcapture.com *.oscato.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.seeedstudio.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com *.google.com.tw bat.bing.com *.facebook.com *.linkedin.com disqus.com *.disqus.com *.amazonaws.com *.taboola.com *.scorecardresearch.com *.viglink.com p.adsymptotic.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com static.cloudflareinsights.com *.gstatic.com *.certcapture.com https://hnd.stats.paypal.com *.oscato.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com bazaar-upgrade.seeed.local bat.bing.com connect.facebook.net snap.licdn.com stats.g.doubleclick.net disqus.com *.disqus.com *.disquscdn.com seeedsite.disqus.com *.taboola.com *.scorecardresearch.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com *.sandbox.braintree-api.com static.cloudflareinsights.com https://www.googletagmanager.com tagmanager.google.com *.certcapture.com https://assets.optile.net *.oscato.com utt.impactcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.seeedstudio.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com nwzimg.wezhan.net *.sandbox.braintree-api.com *.paypal.com tagmanager.google.com *.certcapture.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.seeedstudio.com *.twitter.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net *.taboola.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com arms-retcode.aliyuncs.com/ *.sandbox.braintree-api.com static.cloudflareinsights.com mc.yandex.ru https://www.google-analytics.com *.certcapture.com *.oscato.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.clubsextury21.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.clubsextury21.com join.gammasecure.com; script-src 'self' *.clubsextury21.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.clubsextury21.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://cdn.galvia.ai https://helper.portsmouth.galvia.ai www-embed-player.js *.cookiebot.com *.cookiefirst.com *.google-analytics.com www.instagram.com *.facebook.net *.tiktok.com *.ads-twitter.com *.twitter.com lf16-tiktok-web.ttwstatic.com cdn.unibuddy.co *.googletagmanager.com bat.bing.com w.soundcloud.com s.yimg.com sc-static.net snap.licdn.com www.googleadservices.com *.doubleclick.net siteimproveanalytics.com www.youtube.com *.hotjar.com *.linkedin.com service.force.com *.salesforceliveagent.com universityofportsmouth.my.salesforce.com *.formstack.com *.googleapis.com cdn.jsdelivr.net www.google.ie sfapi.formstack.io az416426.vo.msecnd.net discoveruni.gov.uk *.discoveruni.gov.uk *.matterport.com webteamuop.github.io *.port.ac.uk *.secure.force.com portsmouthuni.h5p.com *.go-mpulse.net js-agent.newrelic.com *.algolia.net *.jquery.com bot.ivy.ai bam.nr-data.net *.force.com *.clarity.ms dev.visualwebsiteoptimizer.com artsthread.com tr.snapchat.com tags.srv.stackadapt.com https://rv-vepple-embed.web.app https://builder.lift.acquia.com universityofportsmouth.my.salesforce-sites.com vimeo.com https://player.vimeo.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com universityofportsmouth--chatbotdv2.sandbox.lightning.force.com universityofportsmouth.tfaforms.net universityofportsmouth--qa.sandbox.my.site.com https://*.sandbox.lightning.force.com https://*.sandbox.my.salesforce.com universityofportsmouth.my.site.com universityofportsmouth.my.salesforce-scrt.com  https://d8ejoa1fys2rk.cloudfront.net https://js-agent.newrelic.com; object-src 'self' https://discoveruni.gov.uk; style-src 'self' 'unsafe-inline'  https://helper.portsmouth.galvia.ai modernizr.min.js *.googleapis.com platform.twitter.com lf16-tiktok-web.ttwstatic.com  *.force.com static.formstack.com formsprod.azureedge.net sfapi.formstack.io port.formstack.com *.cookiefirst.com webteamuop.github.io *.port.ac.uk *.googletagmanager.com artsthread.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com universityofportsmouth.my.salesforce-sites.com embed.tawk.to *.tawk.to cdn.jsdelivr.net builder.lift.acquia.com *.formstack.io universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com universityofportsmouth.my.salesforce.com https://universityofportsmouth--qa.sandbox.my.site.com universityofportsmouth.tfaforms.net universityofportsmouth.my.site.com https://cdnjs.cloudflare.com; img-src  'self' data: *.google-analytics.com i.vimeocdn.com i.ytimg.com *.googletagmanager.com jadserve.postrelease.com bat.bing.com sp.analytics.yahoo.com *.siteimproveanalytics.io *.facebook.com *.facebook.net *.twitter.com t.co *.doubleclick.net googleads.g.doubleclick.net *.linkedin.com uks-prd-xp2-cd.azurewebsites.net ormsprod.azureedge.net port.formstack.com maps.gstatic.com *.googleapis.com lh3.ggpht.com www.google.ie *.cookiefirst.com formsprod.azureedge.net discoveruni.gov.uk *.force.com *.universityofportsmouth.my.salesforce.com *.salesforce.com *.port.ac.uk bot.ivy.ai *.clarity.ms *.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com blob: https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com *.frontdoorcdn.formstack.io https://frontdoorcdn.formstack.io images.artsthread.com *.google.co.uk https://cdn.galvia.ai/portsmouth/nellie-helper.js https://helper.portsmouth.galvia.ai https://*.ivy-cdn.com; media-src 'self'; frame-src 'self'  https://www.googletagmanager.com https://helper.portsmouth.galvia.ai player.vimeo.com www.youtube.com *.linkedin.com portsmouthuni.h5p.com w.soundcloud.com viewer.joomag.com *.cookiebot.com www.instagram.com *.facebook.com *.tiktok.com *.twitter.com embed.acast.com unibuddy.co popcard.unibuddy.co tr.snapchat.com *.doubleclick.net view.genial.ly service.force.com *.hotjar.com *.matterport.com webteamuop.github.io universityofportsmouth.force.com *.port.ac.uk *.secure.force.com open.spotify.com *.google.com port.cloud.panopto.eu bot.ivy.ai app.nearpod.com *.visualwebsiteoptimizer.com universityofportsmouth.my.salesforce-sites.com *.tawk.to https://cdn.galvia.ai/portsmouth/nellie-helper.js universityofportsmouth.my.salesforce.com https://*.sandbox.lightning.force.com https://*.sandbox.my.salesforce.com https://universityofportsmouth--qa.sandbox.my.site.com https://universityofportsmouth--qa.sandbox.my.site.com https://universityofportsmouth.my.site.com https://outlook.office365.com https://discoveruni.gov.uk; frame-ancestors 'self' portsmouthuni.h5p.com; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com use.typekit.net *.modernizr.min.js  static.formstack.com fonts.googleapis.com bot.ivy.ai cdn.scite.ai embed.tawk.to *.tawk.to res-1.cdn.office.net https://cdnjs.cloudflare.com; connect-src  'self' *.google-analytics.com www.googletagmanager.com marketing.port.ac.uk sentry10.bynder.cloud www.ucas.com *.tiktok.com tr.snapchat.com *.doubleclick.net s.yimg.com *.linkedin.com *.secure.force.com sfapi.formstack.io *.googleapis.com *.algolia.net *.cookiefirst.com ohpuem12fk-3.algolianet.com *.facebook.com vc.hotjar.io dc.services.visualstudio.com prod-discoveruni.azure-api.net cdn.linkedin.oribi.io webteamuop.github.io *.algolianet.com *.go-mpulse.net bam.nr-data.net *.akstat.io *.akamaihd.net *.hotjar.com plugin.ucads.ucweb.com *.clarity.ms tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.port.ac.uk vimeo.com universityofportsmouth.my.salesforce-sites.com artsthread.com eu.perz-api.cloudservices.acquia.io *.google.com va.tawk.to embed.tawk.to *.tawk.to wss://*.tawk.to insights.algolia.io virtual.port.ac.uk *.virtual.port.ac.uk *.analytics.pangle-ads.com https://api.portsmouth.rvhosted.com eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com https://google.com blob: https://analytics.pangle-ads.com https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com https://*.sandbox.lightning.force.com https://*.sandbox.my.salesforce.com https://universityofportsmouth--qa.sandbox.my.salesforce-scrt.com https://universityofportsmouth.my.site.com https://*.my.site.com https://cdn.jsdelivr.net https://universityofportsmouth.my.salesforce-scrt.com https://fonts.gstatic.com https://universityofportsmouth.my.salesforce.com https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com https://universityofportsmouth.tfaforms.net *.jquery.com code.jquery.com https://bot.ivy.ai https://cdn.galvia.ai/portsmouth/portia-helper.js 1
object-src 'none';base-uri 'self';script-src 'nonce-X6sdPK4b6LY1kIdzUc5u' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mZDmxRwKlXB47UyE5dMHrA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.force.com https://content.instrumentation.getconga.com https://optimize.google.com 'self' https://stats.g.doubleclick.net https://opengraph.io https://xcelnew--xeteam3.sandbox.my.site.com https://www.gstatic.com http://api.ipstack.com https://www.google.ca https://composer.congamerge.com https://idsync.rlcdn.com https://assets.adobedtm.com https://www.google.com *.medallia.com https://www.googleoptimize.com https://analytics.google.com https://fonts.gstatic.com/ https://events.api.boomtrain.com http://adobedtm.com blob: https://accounts.google.com https://20844768p.rfihub.com https://insight.adsrvr.org https://region1.analytics.google.com https://20844767p.rfihub.com https://20844766p.rfihub.com *.kargo.com https://20844765p.rfihub.com https://data.instrumentation.getconga.com https://ssl.gstatic.com http://doubleclick.net https://xcelnew--c.vf.force.com https://xcelnew.my.salesforce-scrt.com https://pdx-col.eum-appdynamics.com https://people.api.boomtrain.com https://fonts.gstatic.com https://cdn.appdynamics.com *.kampyle.com https://twin-iq.kickfire.com http://kickfire.com https://fonts.googleapis.com https://ad.doubleclick.net https://beacon.lynx.cognitivlabs.com https://tagmanager.google.com https://tags.tiqcdn.com https://a.rfihub.com https://td.doubleclick.net https://www.google.co.in https://www.google.com.ph https://www.googletagmanager.com storage.cloud.kargo.com https://www.google-analytics.com *.salesforce.com data: https://*.my.site.com; report-to sfdc-csp-ep; report-uri https://xcelnew.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1U0000011ttV&networkId=0DM2R000000CbkT&type=communities 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; report-uri https://search.ch/api/mixedcontent.json 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yky3xV.sKYyys1FVmqMeWRyy6Wg7fZ1g2j_b4OFvy_Y-1773714771-1.0.1.1-TgdGjxZh9V71JvIgt.pyx1HXlb5ua_RUGvk6Vw_xwjBUTN2a73xFDEV6ersP.2ooN16pU4qBXk2RlZg24SlJhE9OYNT7ZbYF5Nyd.gtSXi01DvWTMjBSW4mWKBjIKE8mQkCmho8nThrSzSiGtIM199C5Hukum02Wme8.ElJ3PbAeWDQoUd54qqAdvJI2mv.V; report-to cf-csp-endpoint 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.at *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.at *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.at *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv27.0%601om-19cf9a61a40-0x2706#pd 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.nl *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.nl *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.nl *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv7%3F2(h5niv-19cf9accc9a-0x1703#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-Bli_h3VmJDp9BDhH2hh0JA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yw9cmkyRM5RvW1IJeLl9Z7nrMPqXwba5Wse9eZm5FeM-1773715735.1443987-1.0.1.1-SQ85Cn0hpSq78HBrF4RQF0gActHPPztTaiNMZhOXm7HRXFgyJYY3BUbdBwiRNh5cDqFD8aLM.rkvTfVtbDiWCNCYnXqHM7iwhp6Mq1jfdPOXEvTsAHtKVJVb.gLDS2d_ScRdrKZljN70ZQC9aufslr6ZNJQ507VlvTrR1ypTpxU; report-to cf-csp-endpoint 1
default-src 'self' adobedtm.com *.adobedtm.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com afterpay.com *.afterpay.com apxprogrammatic.com *.apxprogrammatic.com bazaarvoice.com *.bazaarvoice.com bing.com *.bing.com boldchat.com *.boldchat.com braintree-api.com *.braintree-api.com braintreegateway.com *.braintreegateway.com brcdn.com *.brcdn.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org demdex.net *.demdex.net dotomi.com *.dotomi.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net fullstory.com *.fullstory.com genpt.com *.genpt.com google-analytics.com *.google-analytics.com google.ca *.google.ca google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com fonts.gstatic.com iesnare.com *.iesnare.com jst.ai *.jst.ai klaviyo.com *.klaviyo.com livechatinc.com *.livechatinc.com maps.googleapis.com *.maps.googleapis.com maxmind.com *.maxmind.com micpn.com *.micpn.com mmapiws.com *.mmapiws.com napaonline.com *.napaonline.com netmng.com *.netmng.com newrelic.com *.newrelic.com nr-data.net *.nr-data.net omtrdc.net *.omtrdc.net onetrust.com *.onetrust.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com pinterest.com *.pinterest.com rakuten.com *.rakuten.com repairpal.com *.repairpal.com rfihub.net *.rfihub.net scene7.com *.scene7.com sentry-cdn.com *.sentry-cdn.com signifyd.com *.signifyd.com skyword.com *.skyword.com smartystreets.com *.smartystreets.com twitter.com *.twitter.com vibescm.com *.vibescm.com vimeo.com *.vimeo.com wp.com *.wp.com youtube.com *.youtube.com localhost *.localhost; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=OtFp_p3Ygobi7Mh_wb4rt8vyJIWIEKuAE5Fy2FtAYDs-1773715850-1.0.1.1-Z0HdaNqmytMwjCbKGlruCDdODUuJfhZUUonPNQx4A6D5BQc236CN4MK3UZ1PquDeHnhECJTcWKf_paIGXXMZA3BBCyM2leCyx35dtwhYR4BmqYZnzw8PcNLhaSGSc98Q94Ho7KBXxwTZ630vZDA74qBQUf15Kaxt4unsS5D5fuSbv9MvVPnR_7DtTGe.OydI4U74ySmioJCZY1jucm6dmg; report-to cf-ckxdtakdurcojcxt 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' connect.facebook.net platform.linkedin.com platform.twitter.com cdn.matomo.cloud cdn.gtranslate.net translate.google.com translate.googleapis.com https://static.hotjar.com https://script.hotjar.com cdn.rawgit.com cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 1
object-src 'none';base-uri 'self';script-src 'nonce-KOhdIFIh_BJbhbWbJ_s3lA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.drmartens.com *.adyen.com *.google.com *.onetrust.com *.monetate.net js-agent.newrelic.com *.cloudflare.com static.cloudflareinsights.com *.paypal.com *.klaviyo.com js.afterpay.com cdn.attraqt.io *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net d2w2nqfk3z9hdt.cloudfront.net *.global-e.com www.googletagmanager.com www.google-analytics.com x.klarnacdn.net js.klarna.com assets.ntcacdn.net cdn-widgetsrepository.yotpo.com staticw2.yotpo.com www.recaptcha.net maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com ad.doubleclick.net www.gstatic.com connect.facebook.net connect.facebook.net static.srcspot.com analytics.tiktok.com cdn.userway.org bat.bing.com *.attn.tv c.amazon-adsystem.com photorankstatics-a.akamaihd.net widgets.olapic-cdn.com s.pinimg.com ct.pinterest.com *.contentsquare.net tr.snapchat.com sc-static.net *.upsellit.com tag.rmp.rakuten.com www.redditstatic.com api.myunidays.com cdn.unidays.world rum-static.pingdom.net *.storystream.ai ucarecdn.com; worker-src 'self'; report-uri /cdn-cgi/script_monitor/report?m=DXBqubV5s8Yw2w.k3S6PiWBNqPQtasf2pO42yK7y4X4-1773717334.536115-1.0.1.1-esV7pR17gUVn.wos_ZAVXsClGBjdT1gfBfrDs6Qypk5QEJ639pTU4.chOJT.OvQEAyA943QHc.pGH.h7n2zgCvKT86iZN8TCy4CNFqKxhEBUS0vZkSiS0353eY_L4JzQPj_lmMspHsq0b_NErXHNSW8FZTBQwQE3jYNmw2kIQ8SQwib4Stwgiv0B83krFbizycV.XiGsOWvpnP8KRKNr5w; report-to cf-nvqlytxiwljxheuw 1
object-src 'none';base-uri 'self';script-src 'nonce-yEAI9KcCiawiwWqeuEIPIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com data: blob: 'report-sample' 'nonce-730798a909d4ba3c4ef402293ca6ad31-argus' 'strict-dynamic'; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:* *.hizhecheng.com:* *.sealaly.net:* *.souajki.net:* *.souajki.com:* *.souajki.cn:* *.siomxity.cn:* *.siomxity.com:* *.siomxity.net:* *.uochly.cn:* *.smogfly.cloud:* *.smogfly.club:* *.iquaveizeeru.com:* *.ietheivaicai.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com; frame-ancestors 'self'; upgrade-insecure-requests ; 1
object-src 'none';base-uri 'self';script-src 'nonce-0lqWuqrnJ9T-fTfxIs0y1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 1
default-src 'self';media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk;base-uri 'none';font-src m.media-amazon.com;connect-src 'self' adservice.google.com/pagead/regclk audible.sc.omtrdc.net audible.tt.omtrdc.net ct.pinterest.com dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com pixel.quantcount.com sonic.frontier.a2z.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com/tr/ www.google.com/pagead/landing;frame-ancestors 'self';style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com;frame-src 'self' 12184389.fls.doubleclick.net 8127728.fls.doubleclick.net audible.demdex.net ct.pinterest.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net tr.snapchat.com www.facebook.com;object-src 'none';img-src 'self' ad.doubleclick.net analytics.twitter.com bat.bing.com ct.pinterest.com fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com lantern.roeye.com m.media-amazon.com pixel.mediaiqdigital.com pixel.quantserve.com secure.adnxs.com t.co www.awin1.com/sread.php www.facebook.com www.google.ca/pagead/1p-user-list/ www.googletagmanager.com;script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com cdn.pdst.fm connect.facebook.net d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com js.adsrvr.org lantern.roeyecdn.com rules.quantcount.com s.pinimg.com sc-static.net secure.quantserve.com static.ads-twitter.com tr.snapchat.com www.dwin1.com www.googleadservices.com www.googletagmanager.com 1
object-src 'none';base-uri 'self';script-src 'nonce-p0h3_LGZKZAnqkMaBhT5Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-to https://costa.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; connect-src *; img-src * data:; script-src 'self' cdn.bizible.com kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/ https://*.qualified.com; font-src 'self' kit.fontawesome.com ka-p.fontawesome.com https://fast.wistia.net/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob: mediastream: https://*.qualified.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://404-tpa-276.mktoweb.com/ https://*.qualified.com; child-src https://*.qualified.com; frame-ancestors demo.affinipay.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; frame-src 'self' https://replicate-search-prototype-production.replicate.workers.dev https://www.googletagmanager.com; worker-src https://static.replicateassets.com; connect-src 'self' https://api.replicate.com https://stream.replicate.com https://replicate.delivery https://*.replicate.delivery https://api.us.svix.com https://*.sentry.io https://*.usepylon.com https://*.posthog.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d3vl36l12sfx26.cloudfront.net https://og.replicateassets.com https://static.replicateassets.com https://*.pusher.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.replicatestatus.com https://replicate-search-prototype-production.replicate.workers.dev; font-src 'self' data: https://*.usepylon.com https://*.posthog.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d31rfu1d3w8e4q.cloudfront.net https://d3vl36l12sfx26.cloudfront.net https://fonts.replicateassets.com https://*.pusher.com https://fonts.gstatic.com https://replicate-search-prototype-production.replicate.workers.dev; img-src 'self' blob: data: https://replicate.delivery https://*.replicate.delivery https://og.replicateassets.com https://static.replicateassets.com https://d31rfu1d3w8e4q.cloudfront.net https://d3vl36l12sfx26.cloudfront.net https://*.githubusercontent.com https://github.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://replicate-search-prototype-production.replicate.workers.dev https://replicateassets.com/cdn-cgi/image/; media-src 'self' https://replicate.delivery https://*.replicate.delivery https://static.replicateassets.com https://d31rfu1d3w8e4q.cloudfront.net https://d3vl36l12sfx26.cloudfront.net https://*.sentry.io https://replicate-search-prototype-production.replicate.workers.dev https://replicateassets.com/cdn-cgi/media/; script-src 'report-sample' 'self' 'nonce-NDVjMjU2OTktOGUyZS00ODQ4LThkNzctOGFiMDc0Y2MyNGIz' https://*.usepylon.com https://*.posthog.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d31rfu1d3w8e4q.cloudfront.net https://d3vl36l12sfx26.cloudfront.net https://static.replicateassets.com https://*.pusher.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://replicate-search-prototype-production.replicate.workers.dev https://challenges.cloudflare.com; style-src 'self' https://*.usepylon.com https://*.posthog.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d31rfu1d3w8e4q.cloudfront.net https://d3vl36l12sfx26.cloudfront.net https://static.replicateassets.com https://*.pusher.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://replicate-search-prototype-production.replicate.workers.dev; frame-ancestors 'self'; report-to csp-endpoint; 1
script-src 'unsafe-inline' 'unsafe-eval' *.alicdn.com *.aliyun.com *.alyasset.com *.alcasset.com *.alipay.com log.mmstat.com ynuf.aliapp.org *.alipayobjects.com local.alipcsec.com:6691 appx appx-t2; style-src 'unsafe-inline' *.alicdn.com *.aliyun.com *.alipay.com *.alipayobjects.com; font-src data: *.alicdn.com *.aliyun.com *.alipayobjects.com; frame-src *.aliyun.com *.alicdn.com *.aliyuncs.com *.alipay.com *.taobao.com *.alibabacloud.com *.1688.com xstore.insights.1688.com; report-uri //www.aliyun.com/api/log/csp-report 1
default-src 'self'  https://*.wistia.net  https://*.wistia.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net https://analytics.sayprimer.com https://scripts.clarity.ms  https://js-de.sentry-cdn.com https://*.wistia.net  https://*.wistia.com   https://assets.production.linktr.ee     https://www.youtube.com     https://assets.calendly.com     https://growth.services.beekeeper.io     https://connect.facebook.net     https://a.omappapi.com     https://tracking.g2crowd.com     https://cdn-prod.eu.securiti.ai     https://www.beekeeper.io     https://*.zoominfo.com     https://*.zi-scripts.com     https://acsbapp.com     https://browser.sentry-cdn.com     https://js.sentry-cdn.com     https://fast.wistia.com     https://js.hsforms.net     https://forms.hsforms.com     https://hubspot-forms-static-embed.s3.amazonaws.com     https://boards.greenhouse.io     https://www.bugherd.com     https://sidebar.bugherd.com     https://cdn.cookielaw.org     https://fast.wistia.net     https://www.googletagmanager.com     https://www.google-analytics.com     https://snap.licdn.com     https://bat.bing.com     https://trk.techtarget.com     https://www.influ2.com     https://tags.srv.stackadapt.com     https://lltrck.com     https://www.clarity.ms     https://googleads.g.doubleclick.net     https://j.6sc.co     https://d10lpsik1i8c69.cloudfront.net     https://tracking.intentsify.io     https://pi.pardot.com     https://a.usbrowserspeed.com     https://a.remarketstats.com     https://i.liadm.com     https://a.clickcertain.com     https://static.cloudflareinsights.com     https://www.google.com/recaptcha/     https://*.hotjar.com     https://content.p3nd0.beekeeper.io     https://www.gstatic.com     https://dev.visualwebsiteoptimizer.com     https://js.hs-analytics.net     https://js.hsadspixel.net     https://js.hs-scripts.com     https://js.hs-banner.com     https://js.hscollectedforms.net     https://js.hsleadflows.net     https://js.usemessages.com     https://*.hubspot.com;    style-src 'self' 'unsafe-inline'   https://fast.wistia.com  https://assets.calendly.com     https://cdn-prod.eu.securiti.ai     https://a.omappapi.com     https://www.beekeeper.io     https://fonts.googleapis.com     https://d10lpsik1i8c69.cloudfront.net     https://tags.srv.stackadapt.com;    connect-src 'self' data: blob:  https://pagead2.googlesyndication.com https://n.clarity.ms  https://e.clarity.ms  https://*.litix.io https://*.wistia.com https://web-script.api.sayprimer.com https://*.wistia.net https://*.algolia.net wss://ws.hotjar.com     https://ltp.linktr.ee     https://calendly.com     https://fast.wistia.net     https://selfservice-java.beekeeper.io     http://pricing.services.beekeeper.io     https://stats.g.doubleclick.net     https://secure.adnxs.com     https://tracking-api.g2.com     https://app.securiti.ai     https://api.omappapi.com     https://app.eu.securiti.ai     https://cdn-prod.eu.securiti.ai     https://analytics.google.com     https://forms.hubspot.com     https://*.zoominfo.com     https://*.zi-scripts.com     https://acsbapp.com     https://*.acsbapp.com     https://notify.bugsnag.com     https://sidebar.bugherd.com/binoculars     wss://ws-mt1.pusher.com     https://sockjs.pusher.com     https://fg8vvsvnieiv3ej16jby.litix.io     https://forms-na1.hubspot.com     https://forms.hsforms.com     https://hubspot-forms-static-embed.s3.amazonaws.com     https://*.influ2.com     https://c.6sc.co     https://sessions.bugsnag.com     https://cdn.cookielaw.org     https://geolocation.onetrust.com     https://*.wistia.com     https://yoast.com     https://www.google-analytics.com     https://ipv6.6sc.co     https://tags.srv.stackadapt.com     https://settings.luckyorange.net     https://px.ads.linkedin.com     https://ibc-flow.techtarget.com     https://t.clarity.ms     https://static.cloudflareinsights.com     https://o8540.ingest.sentry.io     https://*.hotjar.io     wss://ws.hotjar.com/api     https://*.hubspot.com     https://forms.hscollectedforms.net     https://api.hubapi.com     https://region1.analytics.google.com     https://www.google.com;    font-src 'self' data:  https://*.wistia.com   https://fast.wistia.com     https://fonts.gstatic.com     https://t.influ2.com     https://www.google.com;    frame-src 'self' data: blob:  https://fast.wistia.com https://fast.wistia.net   https://www.google.com     https://calendly.com     http://pricing.services.beekeeper.io     https://www.youtube.com     https://privacy-central.eu.securiti.ai     https://forms.hsforms.com     https://www.youtube-nocookie.com     https://boards.greenhouse.io     https://*.bugherd.com     https://*.wistia.com     https://*.wistia.net     https://open.spotify.com     https://td.doubleclick.net     https://www.google.com/recaptcha     https://iab-eu-tcf.securiti.ai     https://job-boards.greenhouse.io     https://privacy-central.eu.securiti.ai     https://www.googletagmanager.com;    img-src 'self' data: https://*.wistia.net  https://*.wistia.com   https://www.google.de     https://plugin-updates.wpengine.com     https://assets.calendly.com     https://lh7-us.googleusercontent.com     https://f.hubspotusercontent10.net     https://www.linkedin.com     https://www.googletagmanager.com     https://www.facebook.com     https://sidebar.bugherd.com     https://bugherd-attachments.s3.amazonaws.com     https://d2iiunr5ws5ch1.cloudfront.net     https://i.ytimg.com     https://fast.wistia.com     https://embed-ssl.wistia.com     https://forms-na1.hsforms.com     https://cdn.cookielaw.org     https://ps.w.org     https://s.w.org     https://secure.adnxs.com     https://ib.adnxs.com     https://t.influ2.com     https://px.ads.linkedin.com     https://www.google.com     https://bat.bing.com     https://www.google-analytics.com     https://lltrck.com     https://b.6sc.co     https://px4.ads.linkedin.com     blob:     https://c.clarity.ms     https://c.bing.com     https://dev.visualwebsiteoptimizer.com     https://track.hubspot.com     https://*.hsforms.com/embed/;    media-src 'self' blob:     https://fast.wistia.com  https://*.wistia.net  https://embed-cloudfront.wistia.com;    worker-src 'self' blob:     https://beeke25stg.eight25.xyz;    frame-ancestors 'self'     https://www.google.com     https://privacy-central.eu.securiti.ai     https://open.spotify.com     https://adgen-dev.spotify.com     https://local.spotify.net     https://*.spotify.net     https://*.spotify.com; report-to csp-violation-report-endpoint ; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.ch *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.ch *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.ch *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv27.%7Dh%3Fg7-19cf9c5b0dc-0x2704#pd 1
default-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KSSWtq3EZD6o8nGmzIQByVybBRAznkoXtC_MMS_4R6o-1773717957-1.0.1.1-OaKrtPhghk_lVEhozmBtjrGb3VNPIwimC5ooeWlMn3pvz9Zc5bQDZeGgZBbMs1nSMbhl.._fWjCz4kU4hm7RDJdLeTrG_SJyS.ISrROojaGouJr9pjQ7Fyka5aU0V16_gGPgXg359UQUpEJ_iIgStZTYTBQS.o7H.JjsjVxpaDjh57rBgpV0OAJsjHcOYx5_K0TEcV5W87dJD6ok.ks.xQ; report-to cf-mpddlxgghogzdfxf 1
default-src 'self' media1.jpc.de www.jpc.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de www.jpc.de 'nonce-8FH0dny2pnFwAhxoikLSdcpDige+uKtlzRizUhNH68GzuHy8ELJBMx/KLCA2OGElO1Y6kmj+qfBY+u9ANuzWJA==' 'report-sample'; style-src 'self' media1.jpc.de www.jpc.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de www.jpc.de; img-src 'self' media1.jpc.de www.jpc.de data:; connect-src 'self' media1.jpc.de www.jpc.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'nonce-njvbcX711zch+OW4L1157A==' 'unsafe-eval' cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net analytics.google.com vimeo.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.youtube.com www.paypal.com www.sandbox.paypal.com sidefx.bamboohr.com https://hcaptcha.com https://*.hcaptcha.com forms.copper.com; frame-src 'self' data: static.sidefx.com media.sidefx.com www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com maps.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com www.sandbox.paypal.com www.paypal.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' cdn.sidefx.com static.sidefx.com d2wvmrjymyrujw.cloudfront.net media.sidefx.com fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com fonts.gstatic.com; img-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.googleapis.com i.ytimg.com *.vimeocdn.com www.paypal.com t.paypal.com www.paypalobjects.com placekitten.com http://dummyimage.com resources.bamboohr.com connect.facebook.com connect.facebook.net placehold.co *.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; connect-src 'self' *.google-analytics.com *.google.com *.googletagmanager.com stats.g.doubleclick.net www.facebook.com ig.instant-tokens.com graph.instagram.com vimeo.com www.sandbox.paypal.com www.paypal.com sidefx.bamboohr.com https://hcaptcha.com https://*.hcaptcha.com forms.copper.com; media-src www.sidefx.com cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net; report-uri /csp-report/ 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'report-sample' 'nonce-FHI29uuG/V9LPtg9vj7kwg==' https: 'self' https://*.moneylion.com https://*.moneylion.dev https://www.googletagmanager.com; 1
default-src 'self' https://*.firstcitizens.com;                 script-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://assets.adobedtm.com https://acrobatservices.adobe.com https://cds-sdkcfg.onlineaccess1.com https://www.googletagmanager.com https://s.go-mpulse.net https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://js-cdn.dynatrace.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://www.googleadservices.com https://px.ads.linkedin.com https://edge.adobedc.net https://www.facebook.com https://px4.ads.linkedin.com https://siteimproveanalytics.com https://www.clarity.ms https://www.google.com https://google.com https://2884.global.siteimproveanalytics.io https://c.go-mpulse.net https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com https://t.contentsquare.net https://munchkin.marketo.net https://siteintercept.qualtrics.com https://296-cpx-295.mktoresp.com https://894-itd-344.mktoresp.com https://284-lbb-572.mktoresp.com https://151-fhs-046.mktoresp.com https://412-tmw-562.mktoresp.com https://u.clarity.ms https://c.contentsquare.net https://173bf10e.akstat.io https://k-aus1.contentsquare.net https://trial-eum-clientnsv4-s.akamaihd.net https://eyaqbbekafz5ajqacqnryaaabbtmzouy-p2jke9-59ac193c4-clienttons-s.akamaihd.net https://daaisiixzsmj6zwmxkma-p2jke9-1aa48d9c7-clientnsv4-s.akamaihd.net https://assets.sitescdn.net https://answers.yext-pixel.com https://analytics.google.com https://embed-ssl.wistia.com https://pipedream.wistia.com https://js.sentry-cdn.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://srm.bf.contentsquare.net https://www.gstatic.com https://app.fintelconnect.com https://browser.sentry-cdn.com https://*.cit.com https://answers-embed.firstcitizens.com.pagescdn.com https://info.onewestbank.com https://rum.hlx.page https://script.crazyegg.com https://js.adsrvr.org https://bat.bing.com https://scripts.clarity.ms https://dvract3a1itr1.cloudfront.net https://c.amazon-adsystem.com https://s.amazon-adsystem.com https://ad.doubleclick.net;                 connect-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://analytics.google.com https://answers.yext-pixel.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://adobedc.demdex.net https://viewlicense.adobe.io https://www.google.com https://www.google-analytics.com https://dpm.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://cds-sdkcfg.onlineaccess1.com https://prod-cdn.us.yextapis.com https://ipapi.co https://api.openweathermap.org https://296-cpx-295.mktoutil.com https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://insight.adsrvr.org https://dayintegrationintern.tt.omtrdc.net https://www.googleadservices.com https://business.linkedin.com https://openknowledge.worldbank.org https://acrobatservices.adobe.com https://assets.sitescdn.net https://bat.bing.com https://scripts.clarity.ms https://smetrics.firstcitizens.com https://browser.sentry-cdn.com https://mpc-prod-2-1053047382554.us-central1.run.app https://demo-1.conversionsapigateway.com https://graph.facebook.com https://c.amazon-adsystem.com https://s.amazon-adsystem.com https://fls.doubleclick.net https://api.ipdata.co https://6jk6d9jp92.execute-api.us-east-2.amazonaws.com https://ara.paa-reporting-advertising.amazon;                 worker-src 'self';                 style-src 'self' https://*.firstcitizens.com https://fonts.googleapis.com https://assets.sitescdn.net;                 style-src-elem 'self' https://*.firstcitizens.com https://assets.sitescdn.net https://*.cit.com https://info.onewestbank.com https://fonts.googleapis.com https://www.googletagmanager.com;                 img-src 'self' https://*.firstcitizens.com https://cdn.cookielaw.org https://2884.global.siteimproveanalytics.io px.ads.linkedin.com https://px4.ads.linkedin.com https://cm.everesttech.net https://dpm.demdex.net https://www.linkedin.com https://www.googletagmanager.com https://www.facebook.com https://googleads.g.doubleclick.net https://*.cit.com https://www.google.com https://google.com https://info.onewestbank.com https://siteintercept.qualtrics.com https://fonts.gstatic.com https://ad.doubleclick.net https://insight.adsrvr.org https://ib.adnxs.com https://cm.g.doubleclick.net https://match.adsrvr.org https://pixel.rubiconproject.com https://www.googleadservices.com https://c.amazon-adsystem.com https://s.amazon-adsystem.com https://fls.doubleclick.net;                 frame-src 'self' https://*.firstcitizens.com https://acrobatservices.adobe.com https://td.doubleclick.net https://firstcitizens.demdex.net https://www.google.com https://www.citrail.com https://answers-embed.firstcitizens.com.pagescdn.com https://*.cit.com https://info.onewestbank.com https://www.googletagmanager.com https://insight.adsrvr.org https://privacyportaluat.onetrust.com https://privacyportal.onetrust.com https://match.adsrvr.org https://fintactix.com https://14741597.fls.doubleclick.net https://fast.wistia.net https://15758689.fls.doubleclick.net https://ad.doubleclick.net;                 frame-ancestors 'self' https://www.google.com https://9808-sbx.btbanking.com https://*.firstcitizens.com https://*.fcbint.net;                 media-src 'self';                 font-src 'self'; 1
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubff54dddb981c8cd140e740408494c84d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'none'; default-src 'self' www.firefox.com; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.firefox.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.firefox.com www.mozilla.org; frame-src 'self' accounts.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; img-src 'self' data: www.firefox.com www.google-analytics.com www.googletagmanager.com www.mozilla.org; base-uri 'none'; connect-src 'self' basket.mozilla.org cdn.transcend.io gtm.firefox.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.ingest.us.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com; object-src 'none'; font-src 'self' www.firefox.com; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io s.ytimg.com tagmanager.google.com transcend-cdn.com www.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org 1
object-src 'none';base-uri 'self';script-src 'nonce-6zEbX4SQJg3_jQLo2g_rkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-LwimhRE-7E16nvx_4vj1IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5tvo_Mt2M1cITW7ZJOXY7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';; script-src 'self' 'nonce-sDwHIqawx30QL6UjKRsxlxDrqyzELN4b5Qn0hOJSSds=' 'strict-dynamic' 'unsafe-inline' https: http:;; base-uri 'self' https://*.qbrick.com/;; connect-src 'self' https://cdn.cookielaw.org https://*.datablocks.se https://geolocation.onetrust.com https://*.in.applicationinsights.azure.com; report-uri /api/csp/report/; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; font-src 'self' https: http:; connect-src 'self' https: http:; frame-src 'self' https: http:; object-src 'none'; base-uri 'self'; form-action 'self' https: http: 1
connect-src 'self' https://checkoutshopper-live.adyen.com https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://*.mparticle.com https://beacon.krxd.net https://*.tre.se https://vercel.live https://api.usabilla.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.customersaas.com https://vc.hotjar.io wss://ws.hotjar.com https://cdn.linkedin.oribi.io https://adservice.google.com https://fonts.gstatic.com https://content.hotjar.io https://*.optimizely.com https://region1.google-analytics.com wss://ws-us3.pusher.com; default-src 'self' https://*.tre.se; font-src 'self' data: https://static.customersaas.com https://vercel.live https://assets.vercel.com; frame-src 'self' https://checkoutshopper-live.adyen.com https://6142836.fls.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://widget.trustpilot.com https://d6tizftlrpuof.cloudfront.net https://vercel.live https://www.youtube.com https://cdn.krxd.net https://cloud.epost.tre.se https://coverage.tre.se https://cdn.jobylon.com/ https://tre.workbuster.com https://vars.hotjar.com https://td.doubleclick.net; img-src 'self' data: https://checkoutshopper-live.adyen.com https://6142836.fls.doubleclick.net https://www.facebook.com https://clients1.google.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://beacon.krxd.net https://*.tre.se https://d6tizftlrpuof.cloudfront.net https://vercel.live http://images.ctfassets.net https://images.ctfassets.net https://jslog.krxd.net/ https://t.co https://w.usabilla.com https://www.google-analytics.com/collect https://www.google.se https://www.google.dk https://i.ytimg.com https://img.youtube.com https://new-collect.albacross.com https://d35v9wsdymy32b.cloudfront.net https://px.ads.linkedin.com https://ad.doubleclick.net https://vercel.com blob:; manifest-src 'self'; media-src 'self' https://videos.ctfassets.net; object-src 'none'; report-uri https://www.tre.se/logger/csp-report; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.customersaas.com https://clients1.google.com https://www.googleoptimize.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://*.hotjar.com https://*.mparticle.com https://widget.trustpilot.com https://d6tizftlrpuof.cloudfront.net https://vercel.live https://www.youtube.com https://*.adtr.io https://*.krxd.net https://adtr.io https://analytics.twitter.com https://api.usabilla.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://bat.bing.com https://cdn.bannerflow.com https://cdn.tre.se https://cdnn.tre.se https://connect.facebook.net https://cse.google.com https://gtm.adt313.net/jsTag  https://hi3gscriptbucket.blob.core.windows.net https://rules.quantcount.com https://s.ytimg.com https://secure.quantserve.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://w.usabilla.com/ https://www.google-analytics.com https://www.googleadservices.com https://serve.albacross.com https://tre.workbuster.com https://region1.analytics.google.com https://cdn.amplitude.com https://treva.boost.ai; style-src 'report-sample' 'self' 'unsafe-inline' https://static.customersaas.com https://www.google.com https://d6tizftlrpuof.cloudfront.net https://vercel.live https://d1r5etm691cejh.cloudfront.net; 1
base-uri 'self';  default-src 'self';  img-src 'self' data: https:  img.part-kom.ru mc.yandex.ru;  font-src 'self' data: https:;  style-src 'self' 'unsafe-inline' https:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' http: mc.yandex.ru yastatic.net;  connect-src 'self' https: wss: mc.yandex.ru livechatv2.chat2desk.com;  media-src 'self' https: livechatv2.chat2desk.com;  frame-src 'self' https: wss: b2b.part-kom.ru mc.yandex.ru smartcaptcha.yandexcloud.net;  report-uri https://part-kom.ru/-/reporting-api/;  report-to default; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-web.zinio.com https://js-agent.newrelic.com https://*.nr-data.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.zdassets.com https://*.zendesk.com https://*.smooch.io https://*.twilio.com wss://*.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com https://zinio-sjc.gravityrd-services.com https://*.zopim.com https://recaptcha.net https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://app.vwo.com https://apis.google.com https://accounts.google.com/gsi/client https://*.kaptcha.com;style-src 'self' 'unsafe-inline' https://*.audiencemedia.com data: https://app.vwo.com https://use.fontawesome.com https://accounts.google.com/gsi/style;img-src 'self' data: blob: https://*.ziniopro.com https://*.audiencemedia.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.paypal.com https://*.braintreegateway.com https://static.zdassets.com https://*.zendesk.com https://media.smooch.io https://*.zdusercontent.com https://v2assets.zopim.io https://discover.zinio.com https://sleeknotestaticcontent.sleeknote.com https://analytics.sleeknote.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://*.kaptcha.com;media-src 'self' https://static.zdassets.com;connect-src 'self' webpack: https://*.audiencemedia.com https://*.ziniopro.com https://*.nr-data.net https://googleads.g.doubleclick.net https://adservice.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://cdn.jsdelivr.net https://*.braintree-api.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.paypal.com wss://widget-mediator.zopim.com https://*.zdassets.com https://*.zendesk.com https://*.smooch.io https://*.twilio.com wss://*.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://*.googletagmanager.com https://collector.datacloud.zinio.com https://www.facebook.com https://cdnjs.cloudflare.com https://analytics.sleeknote.com https://fonts.googleapis.com https://images.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://sleeknotecustomerscripts.sleeknote.com https://dev.visualwebsiteoptimizer.com https://sdk.iad-07.braze.com https://use.fontawesome.com https://accounts.google.com/gsi/ https://*.kaptcha.com collector.datacloud.zinio.com;font-src 'self' https://*.audiencemedia.com https://fonts.gstatic.com https://sleeknotestaticcontent.sleeknote.com https://use.fontawesome.com;frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://*.paypal.com https://*.braintreegateway.com https://recaptcha.net https://www.facebook.com https://web.facebook.com https://*.sleeknote.com https://app.vwo.com https://accounts.google.com/gsi/;frame-ancestors 'none';child-src 'self' https://*.kaptcha.com 1
object-src 'none';base-uri 'self';script-src 'nonce-sPXPmwQuxliVVoxxDqEqmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.pl *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.pl *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.pl *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv73%3B(dumhd-19cf9c61840-0x1803#pd 1
default-src 'self' https://www.madavi.de; font-src 'self' data: https://www.madavi.de; img-src 'self' insecure.madavi.de https://www.madavi.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ampproject.org https://www.madavi.de; style-src 'self' 'unsafe-inline' https://www.madavi.de; report-uri https://www.madavi.de/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=47d235866d 1
default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com *.clarity.ms accessibilityserver.org *.userway.org *.tryamped.com *.pinimg.com *.ads-twitter.com *.amped.io *.visualwebsiteoptimizer.com *.amazon-adsystem.com blob:; style-src * 'unsafe-inline' data: blob:; connect-src *; frame-src *; img-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; media-src * blob:; object-src 'none'; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' app.contentsquare.com t.contentsquare.net *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org ep2.adtrafficquality.google blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=odO0heLqv0JX980NOK4k106HOllCsgXTC0DrsTDfHsk-1773718764-1.0.1.1-FlAWa37hum.S_V9cfjcJyZGdW.jhGOCG3K0oBqVpmB684rQen63cvj3x.XE6PXSEIV_79HZXxDrcaH6mYrPf2otcM8RNQXeF6GMxFJmTXXEwzPmFvA13HPY4CWyzQ2rC7NQyj2fMQveweGc.oiuVWmvCBKDMzoPWt7t2WEvNXYknFOofvOZGVr.rpkIEarX1; report-to cf-csp-endpoint 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=hkQ2XUQcv93Rh0X9F.ksbjP.XKHhAGJInGxfyddp4s0-1773709384-1.0.1.1-Osw72ty4ZA5ugnRIz1nvLDf4WYv6ffJixw6EHB4RolkWlZv5X4loUKs4v9ilUt7pTwVvCCKHZ8OBsZuIV1eLoVacEWRR9Zzb3GdXsc9qyXu6zqi_ozP6ViaJlsWD2m9X1pktaMnDo0xtjp2DQ55wp0HH2q1UrXNzGkhWcVJF.d4kRbBcmvMMvbmk5oWfxm6FoPHqMqPif08IFzL3YzGGNQ; report-to cf-csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://*.mczbf.com https://*.kdukvh.com https://*.emjcd.com https://*.jdoqocy.com https://*.dotomi.com https://*.cj.com https://*.sjwoe.com https://*.clarity.ms https://onelinksmartscript.appsflyer.com https://*.apple-mapkit.com https://embed.reddit.com https://static.zdassets.com https://platform.twitter.com https://www.instagram.com https://widget.trustpilot.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.googleoptimize.com https://*.googletagmanager.com https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.jsdelivr.net https://*.cloudflare.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://storage.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://purecatamphetamine.github.io http://purecatamphetamine.github.io https://www.facebook.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://*.googleusercontent.com https://storage.googleapis.com https://secure.gravatar.com https://*.apple-mapkit.com https://syndication.twitter.com https://s0.wp.com https://*.bing.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://s0.wp.com https://applepay.cdn-apple.com; worker-src 'self'; frame-src 'self' https://www.youtube.com https://*.googletagmanager.com https://embed.reddit.com https://platform.twitter.com https://www.instagram.com https://widget.trustpilot.com; connect-src 'self' https://cdn.jsdelivr.net https://*.cloudflare.com https://lown4qvbisme2qafgzvjetqzzy0tbyyr.lambda-url.us-west-2.on.aws https://analytics.google.com https://*.analytics.google.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.mczbf.com https://*.kdukvh.com https://*.emjcd.com https://*.jdoqocy.com https://*.dotomi.com https://*.cj.com https://*.sjwoe.com https://www.facebook.com https://*.clarity.ms https://*.apple-mapkit.com https://*.mydnsip.com https://www.googleadservices.com https://engagements.appsflyer.com https://meta.veepn.com https://ekr.zdassets.com; media-src 'self'; frame-ancestors 'self'; object-src 'none'; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' 'nonce-liSnrsAM3tgz48ZhXbGBwg==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.fr *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.fr; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-5NE23fEENNX4iaI6QXf6IQ==' 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=130-7588157-2633037:rid=M6V4XS1PV2XHX0TJQNB7:sn=www.acx.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-YqaIKQIlzd32agtVywWXFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artforum.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; frame-src 'self' https://datawrapper.dwcdn.net https://js.chargebee.com https://js.stripe.com https://datawrapper-test.chargebee.com https://youtube-nocookie.com https://platform.twitter.com; worker-src blob:; connect-src 'self' data: https://ifconfig.me/ip wss://ws.datawrapper.de https://pwk.datawrapper.de https://js.chargebee.com https://*.cloudfront.net https://*.sentry.io https://*.gstatic.com https://static.dwcdn.net https://datawrapper.dwcdn.net https://comments.datawrapper.de https://staging-chart-tests.s3.eu-central-1.amazonaws.com https://fonts.googleapis.com/ https://app.datawrapper.de https://api.fontsource.org/v1/fonts/ https://i.datawrapper.de  app.datawrapper.de ; font-src 'self' data: https://static.dwcdn.net https://fonts.gstatic.com https://fonts.dwcdn.net ; img-src * data: blob:; media-src * data:; script-src 'self' 'unsafe-eval' https://appsforoffice.microsoft.com https://datawrapper.dwcdn.net https://pwk.datawrapper.de 'nonce-IJvN/jnNjRYcbiSn35QLTw=='; script-src-elem 'self' https://pwk.datawrapper.de https://js.chargebee.com https://js.stripe.com https://appsforoffice.microsoft.com https://platform.twitter.com https://pt.dwcdn.net https://datawrapper.dwcdn.net/ https://pwk.datawrapper.de https://app.datawrapper.de https://comments.datawrapper.de  'nonce-IJvN/jnNjRYcbiSn35QLTw=='; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://datawrapper.dwcdn.net https://static.dwcdn.net https://pt.dwcdn.net; style-src-elem 'self' 'unsafe-inline' https://static.dwcdn.net https://js.chargebee.com https://fonts.googleapis.com https://pt.dwcdn.net https://datawrapper.dwcdn.net https://js.chargebee.com/assets/; report-uri %%CSP_REPORT_URI%% 1
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.wgprod.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.stackadapt.com https://*.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.com.ua https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.com https://content-wg.gcdn.co https://api.worldoftanks.com https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self';img-src 'self' data: https://flickr.com https://*.flickr.com https://s.gravatar.com https://s.gravatar.com/avatar https://secure.gravatar.com/avatar https://i1.wp.com/cdn.auth0.com/avatars https://cdn.auth0.com/avatars https://g.stripe.com/ https://ssl.google-analytics.com https://pagead2.googlesyndication.com https://pbs.twimg.com/profile_images/ https://farm66.static.flickr.com https://www.google-analytics.com https://tpc.googlesyndication.com https://pbs.twimg.com https://securepubads.g.doubleclick.net https://*.amazon-adsystem.com https://fundingchoicesmessages.google.com https://*.3lift.com https://ams-pageview-public.s3.amazonaws.com https://www.google.com https://syndication.twitter.com https://image8.pubmatic.com https://googleads.g.doubleclick.net https://*.googleusercontent.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';frame-src https://js.stripe.com https://platform.twitter.com/ https://syndication.twitter.com/ https://tpc.googlesyndication.com/ https://*.safeframe.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/;connect-src 'self' https: https://securepubads.g.doubleclick.net/pagead/ppub_config https://bam.nr-data.net/events/1/cb925c8058;object-src none;script-src 'self' 'unsafe-inline' report-sample https://js.stripe.com/v3/ https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-3.4.1.slim.min.js https://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/validate.js/0.13.1/validate.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/list.js/1.5.0/list.min.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/ https://ssl.google-analytics.com/ga.js https://js-agent.newrelic.com/nr-spa-1184.min.js https://fundingchoicesmessages.google.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://www.googletagservices.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://cdn.jsdelivr.net/npm/clipboard@2.0.8/dist/clipboard.min.js https://platform.twitter.com/widgets.js https://cdnjs.cloudflare.com/ajax/libs/howler/2.1.1/howler.min.js https://cdnjs.cloudflare.com/ajax/libs/validator/10.9.0/validator.min.js https://*.safeframe.googlesyndication.com/ https://*.googlesyndication.com/ https://platform.twitter.com/js/ https://cdn.ampproject.org http://www.google-analytics.com https://adservice.google.be https://adservice.google.ca https://adservice.google.co.id https://adservice.google.co.mz https://adservice.google.co.th https://adservice.google.co.uk https://adservice.google.co.za https://adservice.google.com.au https://adservice.google.com.ec https://adservice.google.com.hk https://adservice.google.com.ng https://adservice.google.com.np https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.de https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.lk https://adservice.google.lt https://adservice.google.nl https://adservice.google.no https://adservice.google.rs https://googleads.g.doubleclick.net;script-src-attr none;style-src 'self' https: 'unsafe-inline' report-sample;report-uri https://5f9d927665d1a16209ba908c.endpoint.csper.io 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=132-6495360-9961344:rid=Q67CC4S7NNQD5W2EGAC3:sn=kdp.amazon.com 1
object-src 'none';base-uri 'self';script-src 'nonce-uvANtC1hlgLR4qEEq3-oUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audiusa.com/api/csp-report; report-to csp-endpoint 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' https: 'report-sample'; script-src 'self' https: 'report-sample'; connect-src 'self' https:; frame-src 'self' https:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' addevent.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://polyfill-fastly.io static.addtoany.com; style-src 'self' addtocalendar.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com 1
default-src data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vtbbo.ru; style-src data: blob: 'unsafe-inline' https://*; img-src data: blob: https://*; connect-src blob: 'self' https://*.vtbbo.ru wss://*.vtbbo.ru https://*.vtbbo.ru wss://chat7.vtb.ru https://chat7.vtb.ru; object-src blob: 'self' https://*; font-src data: blob: 'self' https://*; worker-src blob: 'self' https://*.vtbbo.ru; media-src data: blob: filesystem: 'self' https://*; manifest-src 'self' 1
style-src 'self' 'unsafe-inline' https://*.assets.post.at https://*.azureedge.net https://bpanel.streamdiver.com https://webcast.a1.net https://*.gstatic.com; report-to default; 1
default-src https://www.honeybadger.io; connect-src 'self' data: https://*.savvycal.com/ https://*.frontapp.com/ https://*.fontawesome.com/ https://*.typekit.net/ https://*.honeybadger.io https://*.convertkit.com/ https://*.convertexperiments.com/ https://*.profitwell.com https://*.usefathom.com/ https://*.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://embedwistia-a.akamaihd.net/ https://cdnjs.cloudflare.com; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://*.fontawesome.com; frame-src https://savvycal.com/ https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gstatic.com/ https://*.savvycal.com/ https://*.frontapp.com/ https://*.fontawesome.com/ https://*.typekit.net/ https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://*.convertexperiments.com/ https://gist.github.com https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://*.gstatic.com/ https://*.fontawesome.com https://*.typekit.net https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com; media-src 'self' data: https://embedwistia-a.akamaihd.net https://*.wistia.com; manifest-src https://www.honeybadger.io ; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
object-src 'none';base-uri 'self';script-src 'nonce-BSLDtT_gZrYDcA6Nlio3Dw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-59MzNBvfy0vaIgvH3W1ZLZbG' 'strict-dynamic'; base-uri 'self'; object-src 'none'; 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
script-src 'nonce-TEsPe6xQty1g0VA8+xC92g==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=8e38ccdf-d9f6-48f9-811f-f7c16a15f45d; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.narvar.com *.narvar.qa *.sitevibes.com sitevibes.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.acquiadam.net *.acquiadamcdn.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sitevibes.com sitevibes.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.google.com flexreceipts.go2cloud.org 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.sitevibes.com sitevibes.com *.trustpilot.com *.yotpo.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.acquiadam.net *.acquiadamcdn.net https://community.511tactical.com/ https://locator.511tactical.com/ *.doubleclick.net *.liadm.com assets.bounceexchange.com flexreceipts.go2cloud.org https://tally.so/ *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://s3.amazonaws.com/idme/ https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.narvar.com *.narvar.qa *.sitevibes.com sitevibes.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.dynamicyield.com *.riskified.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.acquiadam.net *.acquiadamcdn.net *.511tactical.com *.usablenet.com *.cookielaw.org *.bing.com *.googlesyndication.com *.contextweb.com *.creativecdn.com *.bouncex.net *.pippio.com *.nextdoor.com *.linkedin.com *.twitter.com *.x.com t.co *.lightboxcdn.com *.cdnwidget.com *.attentivemobile.com *.cartfulsolutions.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://api.unifaun.com *.sitevibes.com sitevibes.com *.trustpilot.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.dynamicyield.com *.riskified.com https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.acquiadam.net *.acquiadamcdn.net *.googleapis.com https://unpkg.com *.cookielaw.org https://rum.hlx.page *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.bing.com *.boomtrain.com *.bounceexchange.com *.rezync.com *.nextdoor.com *.attn.tv events.attentivemobile.com *.pinterest.com s.pinimg.com *.liadm.com *.lightboxcdn.com *.usablenet.com *.wknd.ai *.cartfulsolutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.sitevibes.com sitevibes.com *.trustpilot.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://oc-cdn-ocprod.azureedge.net/livechatwidget/ *.acquiadam.net *.acquiadamcdn.net *.typekit.net *.googletagmanager.com https://tagmanager.google.com *.bounceexchange.com *.lightboxcdn.com *.cartfulsolutions.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa *.acquiadam.net *.acquiadamcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.sitevibes.com sitevibes.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.dynamicyield.com *.riskified.com *.trustpilot.com *.acquiadam.net *.acquiadamcdn.net *.googleapis.com *.cookielaw.org *.clarity.ms bam.nr-data.net *.bing.org *.bing.com *.boomtrain.com *.creativecdn.com *.attn.tv *.attentivemobile.com *.tiktokw.us *.linkedin.com *.pinterest.com *.spotify.com *.cartfulsolutions.com 'self' 'unsafe-inline'; child-src flexreceipts.go2cloud.org http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a4f7e632-ca01-49b1-9c8a-cdf130c36284.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.hotjar.com https://snap.licdn.com https://js.monitor.azure.com https://js.qualified.com https://cdn.hockeystack.com https://*.marketo.com https://*.bizible.com https://*.vwo.com https://*.drift.com https://*.demandbase.com https://*.conductor.com https://*.seismic.com; connect-src 'self' https://*.marketo.com https://*.bizible.com https://*.google-analytics.com https://*.hotjar.com https://*.qualified.com https://*.demandbase.com https://*.vwo.com https://*.hockeystack.com https://*.drift.com https://*.conductor.com https://*.seismic.com; img-src 'self' data: https://*.googleusercontent.com https://*.gravatar.com https://*.marketo.com https://*.bizible.com https://*.qualified.com https://*.hockeystack.com https://*.conductor.com https://*.seismic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'nonce-jwN1hGByXyBpzH0QV4ERyg==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
frame-ancestors 'self' https://stage.lovdata.no https://smia.lovdata.no/ 1
object-src 'none';base-uri 'self';script-src 'nonce-nFvH3MgFHIrLxPcgPVehwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.flybreeze.com https://googleads.g.doubleclick.net https://connect.facebook.net https://growthbook-production.flybreeze.com https://dx.mountain.com https://gs.mountain.com https://px.mountain.com https://www.googletagmanager.com https://cdn.gladly.com https://pixel.mathtag.com https://js.adsrvr.org https://cdn.uplift-platform.com https://tag.uplift.com https://cdn.uplift.com https://analytics.tiktok.com https://script.hotjar.com https://static.hotjar.com https://bat.bing.com https://pixel.byspotify.com https://s.pinimg.com https://ct.pinterest.com https://cdnjs.cloudflare.com https://www.gstatic.com https://ads.nextdoor.com https://www.redditstatic.com https://app.termly.io https://script.gethovr.com https://www.securitytrfx.com https://socialladder.rkiapps.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://*.flybreeze.com https://*.nr-data.net https://www.googletagmanager.com https://www.redditstatic.com https://cdn.gladly.com https://flybreeze.gladly.com https://socialladder.rkiapps.com; img-src 'self' https://*.flybreeze.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.gstatic.com https://cdn.gladly.com https://flybreeze.gladly.com https://www.redditstatic.com https://s.pinimg.com https://pixel.mathtag.com https://analytics.tiktok.com https://bat.bing.com https://pixel.byspotify.com https://ct.pinterest.com https://script.hotjar.com https://static.hotjar.com https://www.securitytrfx.com; object-src 'none'; media-src 'self'; frame-src 'self' https://*.flybreeze.com https://www.googletagmanager.com https://www.redditstatic.com https://www.securitytrfx.com; frame-ancestors 'self' https://go.flybreeze.dev https://crewapp-staging.flybreeze.team https://clerk.docs.flybreeze.dev https://docs.flybreeze.dev https://flight-info.flybreeze.team; manifest-src 'self'; report-uri https://csp-flybreeze.domdog.io/report-uri/flybreeze.com/1/1-4; report-to csp-endpoint; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-5s1UCPQTqKWc18lk0CbkMG0IYokX1utP9ZMQQYiuwXk=' 'sha256-G5NvPksjkp09uU+DikUdTcBXp0UV/362J6blwWczw5I=' 'sha256-HLwLpFPvuHKI0X/UFMhOHQNt1eedIdJGTPML3b+GfWo=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-OifdWXgFw+IPMAs6Nnr1te5UDPoRIbkDLB1lXZmmRP8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.containers.piwik.pro https://*.wistia.com https://*.wistia.net https://maps.google.com https://maps.googleapis.com https://src.litix.io https://use.typekit.net;  script-src-elem 'self' 'report-sample' https: *.containers.piwik.pro *.wistia.com *.wistia.net maps.google.com maps.googleapis.com src.litix.io use.typekit.net 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.typekit.net fonts.googleapis.com fast.wistia.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' https: blob: *.wistia.net *.wistia.com maps.google.com maps.googleapis.com uwhealth.formstack.com; child-src 'self' blob:; img-src 'self' data: blob: *.wistia.net *.wistia.com *.typekit.net *.gstatic.com *.ggpht.com *.googleapis.com embedwistia-a.akamaihd.net images.ctfassets.net maps.google.com maps.googleapis.com res.cloudinary.com swedishamericanmychart.org i.ytimg.com; font-src 'self' data: *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com res.cloudinary.com use.typekit.net; connect-src 'self' microservices.uwhealth.dev microservices.uwhealth.org *.wistia.com *.typekit.net *.litix.io *.cloud.coveo.com embedwistia-a.akamaihd.net fonts.googleapis.com fonts.gstatic.com fast.wistia.net images.ctfassets.net maps.google.com maps.googleapis.com noembed.com res.cloudinary.com uwhealth.piwik.pro pnapi.invoca.net; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net res.cloudinary.com; prefetch-src 'self'; worker-src 'self' blob:; report-to testing 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-B4iLVQFX-i3-St7Qr66KFg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'unsafe-inline' 'nonce-93a0f5493643c9f2a932e352b3085383' *.fontawesome.com *.klaviyo.com connect.facebook.com analytics.tiktok.com www.youtube.com 1
default-src 'self' https://fonts.googleapis.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https:// connect.facebook.net/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://api.sardine.ai https://static.zdassets.com/ https://ekr.zdassets https://ekr.zendesk.com https://*.zopim.com wss://demonifty.zendesk.com wss://*.zopim.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://edge.fullstory.com/s/ https://static.ads-twitter.com/uwt.js https://sc-static.net/ https://googleads.g.doubleclick.net/ https://tr.snapchat.com;        style-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://fonts.googleapis.com *.live-video.net;        script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://api.dev.sardine.ai https://edge.fullstory.com https://www.googletagmanager.com/gtag/js https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://sc-static.net/scevent.min.js https://www.google.com/recaptcha/ https://static.zdassets.com/ https://www.gstatic.com/recaptcha/ https://tr.snapchat.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.sardine.ai https://unpkg.com/@google/model-viewer/dist/model-viewer.min.js https://www.youtube.com https://www.googleoptimize.com https://www.clarity.ms *.live-video.net;        img-src https: blob: data:;        connect-src https://browser-intake-datadoghq.com https://www.niftygateway.com https://niftygateway.com https://analytics.google.com https://*.clarity.ms https://niftygateway.zendesk.com https://api.niftygateway.com https://odysseymarket.niftygateway.com https://api.sandbox.niftygateway.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com https://www.clarity.ms wss://widget-mediator.zopim.com https://nifty-qa100.service.aws-qa.sd.gem.link https://demonifty.zendesk.com https://ekr.zdassets.com https://encrypted-tbn0.gstatic.com/images https://lh3.googleusercontent.com https://tr.snapchat.com https://eth-goerli.alchemyapi.io https://search-api-staging.s-niftygateway-001-use1.svc.gem.link https://search-api.niftygateway.com https://search-api-dev.d-niftygateway-001-use1.svc.gem.link https://ipfs.io https://rs.fullstory.com https://session-replay.browser-intake-datadoghq.com https://eth-mainnet.alchemyapi.io https://api.cloudinary.com/v1_1/nifty_gateway/auto/upload https://openseauserdata.com https://rum.browser-intake-datadoghq.com https://api.x.immutable.com https://i.seadn.io https://cdn.optimizely.com https://img.seadn.io https://storage.opensea.io https://api.opensea.io https://sdk.iad-03.braze.com *.live-video.net ;        font-src https://fonts.gstatic.com https://use.typekit.net/ 'self';        object-src 'self';        media-src https://media.niftygateway.com https://static.zdassets.com https://openseauserdata.com https://storage.opensea.io https://res.cloudinary.com blob:;        frame-src https://js.stripe.com https://www.google.com https://api.sardine.ai https://api.dev.sardine.ai https://tr.snapchat.com/ https://www.youtube.com https://webusprd01.ihsmtaxsolutions.com/Nifty/ https://td.doubleclick.net/;        frame-ancestors 'self';        worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-x0YXaYuUGth1YwkHZVtnKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-inline' https://challenges.cloudflare.com https://cdnjs.cloudflare.com; style-src https: 'unsafe-inline'; frame-src https: https://challenges.cloudflare.com; connect-src https: https://challenges.cloudflare.com https://*.hubspot.com https://*.hsforms.com https://*.hs-scripts.com https://*.hubapi.com; 1
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://*.stripe.com https://*.braintreegateway.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.youtube.com https://s.ytimg.com https://*.weeecdn.com https://*.weeecdn.net https://*.tiktok.com https://*.clarity.ms https://*.cloudfront.net https://*.awswaf.com https://*.unpkg.com https://*.paypal.com; frame-src https://*.stripe.com https://hooks.stripe.com https://assets.braintreegateway.com https://*.youtube.com https://*.google.com https://*.facebook.com https://*.tiktok.com https://*.cookielaw.org https://*.mathtag.com https://*.paypal.com https://*.braintreegateway.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.sayweee.com https://*.sayweee.net; img-src 'self' data: https: https://*.masgusto.com https://*.googletagmanager.com https://*.sayweee.com https://*.sayweee.net https://*.weeecdn.com https://*.weeecdn.net; report-uri https://api.sayweee.net/ec/bff/report/csp-violation; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wellhub.com *.amplitude.com https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://widget-mediator.zopim.com https://js-na1.hs-scripts.com https://static.zdassets.com https://sdk.inbenta.io https://chatbot.backoffice.gympass-staging.com/chatbot-site-gympass-com.js https://cdn.optimizely.com https://maps.googleapis.com https://x.clearbitjs.com https://js.hscollectedforms.net https://connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com cdn.cookielaw.org/ cdn.segment.com bat.bing.com/bat.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdn.optimizely.com/js/ cdn.segment.com/analytics.js/ cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js code.jquery.com/jquery-3.6.0.min.js connect.facebook.net/en_US/fbevents.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ j.6sc.co/6si.min.js js.driftt.com/include/ js.hs-analytics.net/analytics/ js.hs-banner.com/ js.hs-scripts.com/ js.hsadspixel.net/fb.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js js.usemessages.com/conversations-embed.js rum-static.pingdom.net/ s.yimg.com/wi/ytc.js script.hotjar.com/ snap.licdn.com/li.lms-analytics/ static.hotjar.com/c/ static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js tag.clearbitscripts.com/v1/ tpc.googlesyndication.com/ unpkg.com/blip-chat-widget https://js.qualified.com/ https://*.salesloft.com/ clarity.ms/tag/uet/ *.clarity.ms/tag/uet/ x.clearbitjs.com/v2/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.js https://bat.bing.com/p/action/ https://connect.facebook.net/signals/config/ https://js.hubspot.com/web-interactives-embed.js https://analytics.tiktok.com/ https://www.clarity.ms/s/ https://static.xingcdn.com/xingtrk/index.js; style-src 'self' 'unsafe-inline' https://sdk.inbenta.io fonts.googleapis.com https://www.googletagmanager.com/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.css; object-src 'none'; base-uri 'self'; connect-src 'self' *.wellhub.com https://app.qualified.com/ wss://*.qualified.com https://unleash-edge-mep.gympass.com https://unleash-edge-mep.gympass.com/api/frontend/ https://traces.observability.prd.us.gympass.cloud/collect https://ext-otel.mep.prd.us.gympass.cloud/collect https://sdk.iad-03.braze.com/api/v3/data cdn.cookielaw.org/ *.onetrust.com inbenta.io *.inbenta.io https://api.inbenta.io wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.zendesk.com zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://maps.googleapis.com https://unlogged.users.gympass-staging.com https://mpc2-prod-23-is5qnl632q-ue.a.run.app https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://analytics-ipv6.tiktokw.us https://demo-1.conversionsapigateway.com https://translate.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com google.com googleadservices.com https://www.google.com.br/ google.com.br googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ api.hubapi.com hubspot.com *.hubspot.com api.segment.io app.clearbit.com bat.bing.com cdn.segment.com epsilon.6sense.com *.optimizely.com optimizely.com forms.hsforms.com in.hotjar.com ipv6.6sc.co js.hs-banner.com *.clarity.ms rum-collector-2.pingdom.net s.yimg.com stats.g.doubleclick.net unlogged.users.gympass.com https://play.ht/api/v2/ https://places.geo.us-east-1.amazonaws.com https://*.cloudfront.net https://px.ads.linkedin.com https://analytics.tiktok.com/ api.reclameaqui.com.br https://browser-intake-datadoghq.com/api/v2/ https://rum.browser-intake-datadoghq.com/api/v2/ https://www.facebook.com/ https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.io/ https://o4504963224764416.ingest.us.sentry.io/api/ https://www.xing.com/xas/api/tracking_pixel_verification; font-src 'self' data: https://cdn.inbenta.io fonts.gstatic.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://script.hotjar.com/ https://s3.amazonaws.com/play-plugin/build/font https://js.qualified.com; frame-src 'self' https://gympass.chat.blip.ai https://app.qualified.com/ optimizely.com *.cdn.optimizely.com googleadservices.com bid.g.doubleclick.net forms.hsforms.com js.driftt.com meetings.hubspot.com tpc.googlesyndication.com vars.hotjar.com facebook.com https://www.facebook.com/ www.googletagmanager.com/ https://www.youtube.com/ https://td.doubleclick.net; img-src 'self' data: https://s3.amazonaws.com/raichu-beta/ https://assets-cdn.gympass-staging.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://images.partners.gympass.com/ https://tmp-images.partners.gympass.com/ https://p.adsymptotic.com https://www.googletagmanager.com https://translate.google.com cdn.cookielaw.org/ *.inbenta.com inbenta.com https://gympass-staging-images-us.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://analytics.tiktok.com/ https://connect.facebook.net *.clarity.ms/ cloudfront.net *.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ b.6sc.co bat.bing.com https://c.bing.com/ forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ px.ads.linkedin.com sp.analytics.yahoo.com track.hubspot.com facebook.com https://www.google-analytics.com google.com google.com.br www.google.com.br https://www.google.co.uk/ https://www.google.com.ar/ https://www.google.com.mx/ https://www.google.de/ https://www.google.es/ https://www.google.cl/ https://www.google.it/ https://www.facebook.com/ https://fonts.gstatic.com/ https://px4.ads.linkedin.com/collect https://www.linkedin.com/px/ https://ads01.groovinads.com/ https://perf-na1.hsforms.com/embed/v3/counters.gif; manifest-src 'self'; media-src 'self' https://static.zdassets.com https://*.qualified.com; worker-src 'self' *.gympass-staging.com blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-8HQc4rbbLZ7oms2D1U30yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
report-uri /upload/csp/csp.php; report-to csp-endpoints 1
default-src 'self';  base-uri 'self';  object-src 'none';  form-action 'self';  frame-ancestors 'self' https://app.contentstack.com https://*.contentstack.com;  script-src 'report-sample' 'self'    https://api.datasteam.io    https://bas.my.site.com    https://bat.bing.com    https://bigassfans.jotform.com    https://cdn-scripts.signifyd.com    https://cdn-widgetsrepository.yotpo.com    https://cdn.optimizely.com    https://cdn1.affirm.com    https://fast.wistia.com    https://googleads.g.doubleclick.net    https://h64.online-metrix.net    https://imgs.signifyd.com    https://js.adsrvr.org    https://maps.googleapis.com    https://schedule.zoominfo.com    https://static.klaviyo.com    https://static.zip.co    https://tags.clickagy.com    https://ws-assets.zoominfo.com    https://www.google.com    https://www.googletagmanager.com    https://www.gstatic.com;  style-src 'report-sample' 'self'    https://bas.my.site.com    https://fonts.googleapis.com    https://p.typekit.net    https://static.klaviyo.com    https://use.typekit.net;  img-src 'self' data:    https://aorta.clickagy.com    https://arttrk.com    https://baf-components.vercel.app    https://bat.bing.com    https://c.az.contentsquare.net    https://cdn-assets.affirm.com    https://fast.wistia.com    https://googleads.g.doubleclick.net    https://imgs.signifyd.com    https://insight.adsrvr.org    https://maps.gstatic.com    https://p.yotpoapi.com    https://w2txo5aay72edbfvk5vttw2iroublbcesxwkwjodcca70f743d31d725sac.d.aa.online-metrix.net    https://www.facebook.com    https://www.google.com    https://www.googletagmanager.com    https://www.gstatic.com;  connect-src 'self'    https://a.klaviyo.com    https://ad.doubleclick.net    https://analytics.google.com    https://aorta.clickagy.com    https://api-cdn.yotpo.com    https://bam.nr-data.net    https://bas.my.salesforce-scrt.com    https://bat.bing.com    https://c.az.contentsquare.net    https://cdn-assets.affirm.com    https://distillery.wistia.com    https://dp.signifyd.com    https://embed-cloudfront.wistia.com    https://fast.a.klaviyo.com    https://fast.wistia.com    https://featureassets.org    https://imgs.signifyd.com    https://insight.adsrvr.org    https://logx.optimizely.com    https://pay.google.com    https://pipedream.wistia.com    https://pixels.spotify.com    https://prodregistryv2.org    https://static-forms.klaviyo.com    https://statsigapi.net    https://ws.zoominfo.com    https://www.affirm.com    https://www.google.com    https://www.googleadservices.com    https://www.googletagmanager.com    https://www.paypal.com;  frame-src 'self'    https://a27947990225.cdn.optimizely.com    https://bas.my.site.com    https://h.online-metrix.net    https://imgs.signifyd.com    https://insight.adsrvr.org    https://match.adsrvr.org    https://www.affirm.com    https://www.facebook.com    https://www.google.com    https://www.googletagmanager.com    https://www.paypal.com    https://*.fls.doubleclick.net    https://*.doubleclick.net;  font-src 'self' data: https://use.typekit.net;  media-src 'self';  manifest-src 'self';  worker-src 'self';  report-to csp-endpoint; 1
default-src 'self' https://*.googleapis.com https://*.google.com https://google.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://*.hubspot.com https://app.hubspot.com https://api.hubspot.com https://*.hs-scripts.com https://js-na1.hs-scripts.com https://*.hs-banner.com https://js.hs-banner.com https://*.hscollectedforms.net https://forms.hscollectedforms.net https://*.hs-analytics.net https://*.hsadspixel.net https://*.website-files.com https://cdn.prod.website-files.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://assets.calendly.com https://*.linkedin.com https://get.geojs.io https://api.hubapi.com https://api.murf.ai https://login.murf.ai https://murf.ai https://d3e54v103j8qbb.cloudfront.net https://www.googletagmanager.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://tracking-api.g2.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://api.factors.ai https://app.factors.ai https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://www.google-analytics.com https://connect.facebook.net https://www.gstatic.com https://cdn.embedly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googleapis.com https://*.google.com https://google.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://*.hubspot.com https://app.hubspot.com https://*.hs-scripts.com https://js-na1.hs-scripts.com https://*.website-files.com https://cdn.prod.website-files.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://assets.calendly.com https://*.linkedin.com https://login.murf.ai https://d3e54v103j8qbb.cloudfront.net https://www.googletagmanager.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://www.googleadservices.com https://app.factors.ai https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://www.gstatic.com https://cdn.embedly.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://accounts.google.com https://*.website-files.com https://cdn.prod.website-files.com https://assets.calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.embedly.com; font-src 'self' data: https:; img-src 'self' data: https: blob:; media-src 'self' data: blob: https://murf.ai; connect-src 'self' blob: data: https://*.googleapis.com https://*.google.com https://google.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://*.hubspot.com https://app.hubspot.com https://api.hubspot.com https://*.hs-scripts.com https://*.hs-banner.com https://js.hs-banner.com https://*.hscollectedforms.net https://forms.hscollectedforms.net https://*.linkedin.com https://get.geojs.io https://api.hubapi.com https://api.murf.ai https://login.murf.ai https://murf.ai https://cdn.prod.website-files.com https://tracking-api.g2.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://api.factors.ai https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://www.google-analytics.com https://connect.facebook.net https://cdn.embedly.com https://webflow.com; frame-src 'self' https://*.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.hubspot.com https://app.hubspot.com https://assets.calendly.com https://calendly.com https://login.murf.ai https://cdn.embedly.com; report-uri https://o4504603155759104.ingest.us.sentry.io/api/4509798552305664/security/?sentry_key=05d6eb750229178df61a908e1a0ed8fd; report-to csp-endpoint 1
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.stripe.com apis.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.googletagmanager.com *.stripe.com https://apis.google.com/ accounts.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com challenges.cloudflare.com; worker-src blob: data:; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com *.google-analytics.com *.stripe.com accounts.google.com maps.googleapis.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com risk.clearbit.com login.microsoftonline.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' accounts.google.com *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com s3-sa-east-1.amazonaws.com *.google.com.mx *.bing.com *.collect.igodigital.com https://static.elfsight.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com utt.impactcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.equalweb.com *.sandbox.my.site.com/ *.sandbox.my.salesforce-scrt.com/ *.facebook.net *.tiktok.com/ *.cardinalcommerce.com *.ccdc02.com unpkg.com cdn.jsdelivr.net *.g.doubleclick.net commerce.adobe.net magento-recs-sdk.adobe.net *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com *.braintreegateway.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.tiktok.com *.clarity.ms *.bing.com *.collect.igodigital.com *.amazon.com https://cdn.equalweb.com https://static.elfsight.com https://unicomer.my.site.com https://code.buywithprime.amazon.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.sandbox.my.site.com/ *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com unpkg.com cdn.jsdelivr.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com *.g.doubleclick.net analytics.google.com www.googletagmanager.com use.typekit.net *.adobe.io *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com js.braintreegateway.com c.paypal.com pay.google.com *.braintreegateway.com *.equalweb.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.facebook.net *.tiktok.com *.clarity.ms https://unicomer.my.site.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.adobedc.net *.equalweb.com *.sandbox.my.salesforce-scrt.com/ *.sandbox.my.site.com/ *.tiktok.com/ *.adobedtm.com *.adobe.com *.ccdc02.com unpkg.com cdn.jsdelivr.net commerce.adobedtm.com *.g.doubleclick.net use.typekit.net t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com localhost:8082 www.gstatic.com www.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com *.braintreegateway.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.facebook.net *.tiktok.com *.clarity.ms *.bing.com https://cdn.equalweb.com https://static.elfsight.com https://access.equalweb.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; connect-src 'self' dev-5847984.okta.com dev-5847984-admin.okta.com sso.app.elationemr.com *.oktacdn.com *.mixpanel.com *.mapbox.com dev-5847984.kerberos.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com; frame-src 'self' dev-5847984.okta.com dev-5847984-admin.okta.com sso.app.elationemr.com login.okta.com *.vidyard.com; img-src 'self' dev-5847984.okta.com sso.app.elationemr.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' dev-5847984.okta.com sso.app.elationemr.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://elationemr.com 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=gXpvT6gmQeO0ckViwGYLpQMLb8z7tCZ96hi3NpwPlsE-1773714730-1.0.1.1-_E8pF5x2KvIyhik6fKBNHFH8X4yQCC4qUVmcYI2eLjr4X6yAMska0OBtnkm3pzySk_vkgFx4Sh.Lbtaj4z0sjCRN7gjiG0OAnUgAxKwM7jR0GGLLFMAgq6cjP6NrJtQvv5cz4R4lY8AlGOoqyafHQgWFtGgR1X2w65vafNwaHebYhz7d_Y5ZfKCCSo00uyF9; report-to cf-csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.bambuser.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com *.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pixlee.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.googleapis.com https://*.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.bambuser.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://fonts.googleapis.com/ display.ugc.bazaarvoice.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com * *.adyen.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.bambuser.com api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.flx1.com/ https://jamie.g.shortest-route.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://inbound-analytics.pixlee.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://87a2b74d-7ec7-4aa0-9269-eab6629cdda1.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; report-to csp-endpoint; report-uri https://csp-report.goglobal.travel/v1/csp-report; 1
default-src 'self';  connect-src  'self'  https://go.taxjar.com https://cdn.segment.com/v1/projects/ https://api.segment.io/v1/ https://k.clarity.ms  https://e.clarity.ms/collect https://q.clarity.ms/collect https://px.ads.linkedin.com  https://bat.bing.com https://806-qbe-674.mktoresp.com https://806-qbe-674.mktoutil.com https://consent.trustarc.com https://www2.profitwell.com https://services.postcodeanywhere.co.uk/Capture/Interactive/ https://taxjar.netlify.app https://yoast.com https://js.zi-scripts.com https://ws.zoominfo.com https://taxjar.widget.insent.ai https://fast.wistia.com/embed/captions/ https://fast.wistia.com/embed/medias/ https://embed-cloudfront.wistia.com/deliveries/ https://distillery.wistia.com/x https://pipedream.wistia.com/mput https://fg8vvsvnieiv3ej16jby.litix.io wss://ws.hotjar.com https://vc.hotjar.io/sessions/ https://browser.sentry-cdn.com https://www.google.com/ccm/collect https://www.google-analytics.com/j/collect https://analytics.google.com/g/collect https://www.google.com/pagead/form-data/975686394 https://www.google.com/ccm/form-data/975686394 https://stats.g.doubleclick.net/g/collect; font-src  'self'  https://fonts.googleapis.com  https://fonts.gstatic.com  https://consent.trustarc.com  https://fast.wistia.com; frame-src  'self'  https://*.taxjar.com https://www.googletagmanager.com https://clarity.microsoft.com https://consent-pref.trustarc.com https://taxjar.widget.insent.ai https://privacy-central.securiti.ai; img-src  'self'  blob: https://www.facebook.com  https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect https://consent.trustarc.com  https://www.google.com/pagead/1p-user-list/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975686394/ https://bat.bing.com https://c.bing.com https://embed-ssl.wistia.com/deliveries/ https://fast.wistia.com/assets/images/ https://secure.gravatar.com; media-src 'self'  blob:; script-src  'self'  'unsafe-inline' 'unsafe-eval' blob: https://go.taxjar.com https://www.clarity.ms/tag/ https://scripts.clarity.ms/ https://*.cloudfront.net/js/profitwell.js https://cdn.segment.com/analytics.js/ https://cdn.segment.com/analytics-next/ https://cdn.segment.com/next-integrations/ https://public.profitwell.com  https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js  https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975686394/  https://snap.licdn.com  https://munchkin.marketo.net  https://my.hellobar.com  https://static.hotjar.com  https://script.hotjar.com https://bat.bing.com https://consent.trustarc.com https://browser.sentry-cdn.com https://api.addressy.com/js/ https://code.jquery.com https://fast.wistia.com/embed/medias/853xo00tjc.jsonp https://fast.wistia.com/embed/medias/yu81g7udgk.jsonp https://fast.wistia.com/embed/medias/hcgep638gh.jsonp https://fast.wistia.com/embed/medias/oehrrl4f31.jsonp https://fast.wistia.com/embed/medias/3how0hex6q.jsonp https://fast.wistia.com/embed/medias/z87muv02ls.jsonp https://fast.wistia.com/assets/external/E-v1.js https://fast.wistia.com/assets/external/captions.js https://fast.wistia.com/assets/external/playPauseLoadingControl.js https://fast.wistia.com/assets/external/interFontFace.js https://fast.wistia.com/assets/external/engines/hls_video.js https://fast.wistia.com/assets/external/vulcanV2Player/video/ui_components/Storyboard.js https://fast.wistia.com/assets/external/vulcanV2Player/video/controls/SettingsControl/dialog.js https://fast.wistia.com/assets/external/vulcanV2Player/video/controls/VolumeSliderControl/VolumeSliderControl.js https://fast.wistia.com/assets/external/vulcanV2Player/TouchEvents.js https://fast.wistia.com/assets/external/wistia-mux.js https://js.zi-scripts.com ws-assets.zoominfo.com https://taxjar.widget.insent.ai https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/374982569515249 https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/select2.js; style-src 'self'  'unsafe-inline' https://fonts.googleapis.com https://go.taxjar.com; 1
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 1
default-src 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://banrisul.com.br/ https://*.clarity.ms;     script-src 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://banrisul.com.br/ https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.securiti.ai/ https://*.google.com.br/ads/ https://*.clarity.ms;     script-src-elem 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://www.googletagmanager.com https://*.securiti.ai/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google.com.br/ads/ https://analytics.google.com https://*.google-analytics.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://ct.pinterest.com/ https://*.clarity.ms https://www.splash-screen.net/;     img-src 'self' data: https://*.banrisul.com.br/ https://*.google.com.br/ads/ https://*.facebook.com https://ct.pinterest.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.clarity.ms;     font-src 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://fonts.gstatic.com/ https://*.clarity.ms;     style-src 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://banrisul.com.br/ https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;     style-src-elem 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://banrisul.com.br/ https://*.securiti.ai/ https://*.clarity.ms https://www.youtube.com/iframe_api;     connect-src 'self' https://*.banrisul.com.br https://*.securiti.ai/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br https://ct.pinterest.com https://*.clarity.ms;     frame-src 'self' 'unsafe-inline' https://*.banrisul.com.br/ https://www.youtube.com/ https://finansite-a.ae.com.br/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://assets.pinterest.com https://ct.pinterest.com https://*.clarity.ms https://td.doubleclick.net/;     frame-ancestors 'self' https://*.corp.banrisul.com.br/;      1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://polyfill.io https://www.youtube.com https://iframe.dacast.com https://vimeo.com https://player.vimeo.com https://cdn.usefathom.com/script.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://analytics.ahrefs.com/analytics.js https://wttc.activehosted.com 'nonce-I5VYuKmbkKNaJl3DvgNw5jsSKDFA9e/kLqupo8Ci11Y='; img-src 'self' https:; connect-src 'self' https:; frame-src 'self' https://www.google.com https://www.youtube.com https://iframe.dacast.com https://vimeo.com https://player.vimeo.com https://gtm-knbshpt-zmy5y.uc.r.appspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2 https://use.typekit.net https://p.typekit.net https://fonts.bunny.net; font-src 'self' https: data: 1
object-src 'none';base-uri 'self';script-src 'nonce-aZ361-cq4GKdzeYXm6Oh8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-5190695a27224e2b9d1536c44c2b843d'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-5190695a27224e2b9d1536c44c2b843d'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=137-7495706-0808661:rid=91E1A62687FB498CBADC:sn=www.amazongamestudios.com 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://o4507018827071488.ingest.us.sentry.io/api/4510343205421056/security/?sentry_key=1faef7d9a5760350ce11e10419c510e3&sentry_release=v0.1.9; report-to csp-endpoint-v2 1
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem 'self' https: 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline' data: blob:; style-src-elem 'self' https: 'unsafe-inline' data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob: chrome-extension: moz-extension: ms-browser-extension: safari-extension:; connect-src 'self' https: data: wss: blob: https://analytics.formassembly.com; frame-ancestors 'self'; form-action 'self' https:; worker-src 'self' blob:; report-uri /api_v2/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://pi.pardot.com https://cdn.pardot.com https://snap.licdn.com https://connect.facebook.net https://widget.instabot.io https://widgetapi.instabot.io https://addevent.com https://cdn.addevent.com https://cookie-cdn.cookiepro.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://cdn.evgnet.com https://d2i34c80a0ftze.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://www.youtube.com https://player.vimeo.com https://tag.demandbase.com https://amd.sellingsimplified.net https://explore.parexel.com https://lottie.host https://assets2.lottiefiles.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.clarity.ms https://clarity.ms https://bat.bing.com https://sidebar.bugherd.com https://www.bugherd.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://translate.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://d2iiunr5ws5ch1.cloudfront.net https://form.asana.com https://lottie.host https://assets2.lottiefiles.com; img-src 'self' data: blob: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://*.linkedin.com https://*.licdn.com https://*.facebook.com https://*.fbcdn.net https://*.ytimg.com https://*.youtube.com https://*.twitter.com https://*.twimg.com https://cookie-cdn.cookiepro.com https://static.instabot.io https://tag.demandbase.com https://*.demandbase.com https://lottie.host https://*.lottiefiles.com https://d2iiunr5ws5ch1.cloudfront.net https://*.bugherd.com https://*.amazonaws.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://d2iiunr5ws5ch1.cloudfront.net https://at.alicdn.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://pagead2.googlesyndication.com https://www.google.com https://*.google.com https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.nl https://*.google.co.jp https://*.google.com.au https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://widget.instabot.io https://widgetapi.instabot.io https://static.instabot.io https://chat.instabot.io https://livechat.instabot.io wss://chat.instabot.io https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://tag.demandbase.com https://tag-logger.demandbase.com https://segments.company-target.com https://api.company-target.com https://amd.sellingsimplified.net https://st.fullcircleinsights.com https://*.clarity.ms https://ipinfo.io https://geodata.solutions https://maps.googleapis.com https://sessions.bugsnag.com https://notify.bugsnag.com https://www.bugherd.com wss://ws-mt1.pusher.com wss://ws.pusherapp.com https://lottie.host https://assets2.lottiefiles.com https://cdn.jsdelivr.net https://ka-p.fontawesome.com https://cloudflareinsights.com https://static.cloudflareinsights.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://insight.adsrvr.org https://td.doubleclick.net https://s.company-target.com https://vars.hotjar.com https://www.podbean.com https://player.simplecast.com https://form.asana.com https://content.cdntwrk.com https://explore.parexel.com https://lottie.host https://sidebar.bugherd.com https://d1eoo1tc6rr5e.cloudfront.net; media-src 'self' https://download-video.akamaized.net https://player.vimeo.com https://mcdn.podbean.com https://www.youtube.com https://lottie.host https://assets2.lottiefiles.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://pi.pardot.com https://explore.parexel.com; base-uri 'self'; upgrade-insecure-requests 1
frame-ancestors 'self'; base-uri 'none'; report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://cdn.prod.website-files.com https://www.googletagmanager.com https://widget.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com https://global.localizecdn.com https://js.intercomcdn.com https://js.refiner.io https://embed.lu.ma https://app.posthog.com https://static.cloudflareinsights.com https://smartpass.instatus.com; style-src 'self' https://cdn.prod.website-files.com https://embed.lu.ma https://fonts.googleapis.com https://rsms.me/inter/ 'unsafe-inline'; font-src 'self' https://rsms.me/inter/font-files/ https://fonts.gstatic.com; img-src 'self' data: https://smartpass.app https://*.smartpass.app https://cdn.prod.website-files.com https://storage.googleapis.com/sp-img-cdn/ https://global.localizecdn.com https://www.googletagmanager.com https://widget.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com; connect-src 'self' https://smartpass.app wss://smartpass.app https://global.localizecdn.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://*.ingest.sentry.io https://cdn.prod.website-files.com https://www.googletagmanager.com https://*.intercom.io wss://*.intercom.io https://smartpass.referralrock.com https://js.navattic.com https://js.hs-scripts.com  https://*.refiner.io https://api.instatus.com; frame-src 'self' https://js.refiner.io 1
default-src 'self' motul.com *.cdninstagram.com *.elfsightcdn.com; script-src 'self' 'unsafe-eval' *.axept.io *.elfsight.com https://*.googletagmanager.com *.hotjar.com *.facebook.net 'unsafe-inline' *.googleapis.com *.channelsight.com js.monitor.azure.com *.explorify.com *.elfsightcdn.com *.youtube.com; img-src 'self' staging-cms.motul.com axeptio.imgix.net www.google.com *.gstatic.com data: *.elfsight.com *.facebook.com *.elfsightcdn.com *.googleapis.com *.hotjar.com *.cdninstagram.com *.motul.com *.amazonaws.com *.channelsight.com cscoreproweustor.blob.core.windows.net motul.incony.de *.explorify.com https://i.ytimg.com/ https://*.googleusercontent.com/places https://*.google-analytics.com https://*.googletagmanager.com; child-src 'self' motul.com *.hotjar.com *.youtube.com https://*.googletagmanager.com *.youtube-nocookie.com;; style-src 'self' 'unsafe-inline' *.elfsight.com *.googleapis.com *.channelsight.com *.explorify.com; font-src 'self' *.gstatic.com *.hotjar.com *.channelsight.com *.explorify.com data:; report-uri /api/v2/security-headers; connect-src 'self' *.axept.io axeptio.imgix.net *.spinque.com *.elfsight.com *.facebook.net https://*.google-analytics.com https://*.analytics.google.com  https://*.googletagmanager.com https://*.google.com *.hotjar.com *.googleapis.com *.azurewebsites.net *.motul.com *.hotjar.io wss://ws4.hotjar.com *.channelsight.com https://cms.motul.com/search/api; frame-ancestors 'self' *.motul.com 1
font-src fonts.gstatic.com use.typekit.net *.googleadservices.com *.googleapis.com *.fontawesome.com *.gstatic.com *.rezync.com *.nothingbundtcakes.com tags-prod.nothingbundtcakes.com *.toasttab.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.rezync.com *.googleadservices.com *.doubleclick.net *.vimeo.com *.facebook.com *.nothingbundtcakes.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleadservices.com *.google.com *.google.com.ca *.google.com.co *.googleapis.com *.gstatic.com *.vimeo.com *.cdn-apple.com *.cookielaw.org *.usablenet.com *.usablenet.dev *.doubleclick.net *.contentsquare.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.amazonaws.com *.cognitivlabs.com *.reddit.com *.facebook.com *.adnxs.com *.magentosite.cloud *.monetate.net *.rfihub.com *.eyeota.net *.rezync.com *.attn.tv *.yimg.com *.boomtrain.com *.linkedin.com *.yahoo.com *.pubmatic.com *.openx.net *.media.net *.rtactivate.com *.casalemedia.com *.rlcdn.com *.addthis.com *.tremorhub.com *.bidswitch.net *.adsrvr.org *.prf.hn prf.hn *.taggrs.io taggrs.io *.ml314.com ml314.com *.tapad.com tapad.com tags-prod.nothingbundtcakes.com *.toasttab.com images.unsplash.com plus.unsplash.com *.cloudinary.com *.cloudfront.net *.imgix.net cdn.bfldr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.attn.tv events.attentivemobile.com *.googleadservices.com *.googleapis.com *.cdn-apple.com *.cookielaw.org *.usablenet.com *.usablenet.dev *.contentsquare.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.tiktok.com *.bttrack.com *.adsrvr.org *.pinterest.com *.facebook.com *.magentosite.cloud *.monetate.net *.appboycdn.com *.rfihub.com *.everesttech.net *.eyeota.net *.rezync.com *.yimg.com *.boomtrain.com *.yahoo.com *.kargo.com *.licdn.com *.inpwrd.net bttrack.com *.adnxs.com *.rfihub.net cdn.bttrack.com tags-prod.nothingbundtcakes.com *.toasttab.com https://gateway.moneris.com https://gatewayt.moneris.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleadservices.com *.googleapis.com *.fontawesome.com *.usablenet.com *.usablenet.dev *.rezync.com *.nothingbundtcakes.com tags-prod.nothingbundtcakes.com *.toasttab.com https://gateway.moneris.com https://gatewayt.moneris.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.attn.tv events.attentivemobile.com *.googleadservices.com *.googleapis.com *.vimeo.com *.cdn-apple.com *.cookielaw.org *.onetrust.com *.usablenet.com *.usablenet.dev *.contentsquare.net *.doubleclick.net *.nothingbundtcakes.com *.pmg.com *.pinimg.com *.adroll.com *.facebook.net *.bing.com *.redditstatic.com *.tiktok.com *.bttrack.com *.adsrvr.org *.amazonaws.com *.cognitivlabs.com *.reddit.com *.pinterest.com *.facebook.com *.adnxs.com *.gstatic.com *.rlcdn.com *.magentosite.cloud *.monetate.net *.everesttech.net *.eyeota.net *.rezync.com *.yimg.com *.boomtrain.com *.yahoo.com *.kargo.com *.linkedin.com tags-prod.nothingbundtcakes.com *.toasttab.com images.unsplash.com plus.unsplash.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.bg *.betano.bg betano.com *.betano.com betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com creativecdn.com *.creativecdn.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com sportradarserving.com *.sportradarserving.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery google-analytics.com *.google-analytics.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=UzGzflzUOFuaokVDYHJ_w2q15hGgBpe.AvIplzW7E58-1773718783-1.0.1.1-RYML6yd5DHtzzfUCbKZykVLVr9PPXAfUogiVPTUiPiYW3nxAqD1pdvXUQeZHGRKxnynxtKzPRlsRLiqnSKadiSHWh5vGzIXHuJdFZVXzaoM6QeFYrQtn3QyR5cJMzABVXMoDkzrvllNdnmQHf862.4CKBH9hxSMIg2PVxjhsHQuK.yI7wGBy.._9ce8ozXJHcv6pQnUBMPYEUmaGxmWEVQ; report-to cf-gogsejbciqifsvmw 1
default-src 'self' blob: data: https://*.rerrkvifj.com https://*.ccchch.com https://*.lbank.com https://*.lbk.pub https://*.lbank.info https://*.lturkey.com https://*.lbkpro.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-eval' https://cdn.jsdelivr.net https://*.alicdn.com https://*.livechatinc.com https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://js.admediasales.com https://accounts.google.com https://appleid.cdn-apple.com https://*.gstatic.com https://*.googleapis.com https://*.geetest.com https://*.google.com https://sepolia.drpc.org https://*.cloudflareinsights.com https://*.geevisit.com https://*.adjust.com https://*.gsensebot.com https://*.facebook.net https://*.forter.com https://*.simplex.com https://telegram.org https://developers.kakao.com https://*.rerrkvifj.com https://*.lbank.com https://risk.checkout.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.alicdn.com https://fonts.googleapis.com https://accounts.google.com https://*.gstatic.com https://*.geetest.com https://*.rerrkvifj.com https://*.lbank.com https://*.lbank.net https://*.lbank.zone; font-src 'self' data: https://*.alicdn.com https://fonts.gstatic.com https://accounts.google.com https://cdnjs.cloudflare.com https://migaku-public-data.migaku.com https://gw.alipayobjects.com https://use.typekit.net https://cdn.jsdelivr.net https://www.slant.co https://cdn.scite.ai https://*.aliyuncs.com https://cdn.megabonus.com https://cdn.fastdic.com https://*.rerrkvifj.com https://*.lbank.com https://*.rerrkvifj.com; img-src 'self' data: https: blob: android-webview-video-poster: https://*.google-analytics.com https://accounts.google.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.geetest.com https://testqrc.bitgetapp.com https://*.lbank.com https://*.lbank.net https://*.lbank.zone https://*.ierpifvid.com https://*.rerrkvifj.com; connect-src 'self' blob: data: https://aladdin.lbkpro.net https://*.livechatinc.com wss://*.livechatinc.com https://*.google-analytics.com https://analytics.google.com https://sensors-data-access.lbkwork.com https://*.forter.com https://accounts.google.com https://appleid.cdn-apple.com https://stats.g.doubleclick.net https://*.googleapis.com https://eth.merkle.io https://region1.google-analytics.com https://region1.analytics.google.com https://*.geetest.com https://cdnjs.cloudflare.com https://*.alicdn.com https://binance.llamarpc.com https://js.admediasales.com https://track.uc.cn https://*.google.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.oss-cn-hongkong.aliyuncs.com https://adscool.net https://api.trongrid.io https://arb1.arbitrum.io https://infragrid.v.network https://eth.llamarpc.com https://*.hongnuoyy.com https://*.bitunix.com https://*.okx.com https://mainnet.base.org https://rpc.genesys.network https://*.adjust.com https://*.adjust.world https://eth-mainnet.nodereal.io https://ethereum-rpc.publicnode.com https://go.getblock.io https://www.tradingview.com https://*.googletagmanager.com https://siteperformancetest.net https://wtp.siteperformancetest.net https://flagcdn.com https://*.telegram.org https://mainnet.helius-rpc.com https://sentry-uit.line-apps.com https://1rpc.io https://*.lbkwork.com wss://*.lbkwork.com https://*.lbank.com wss://*.lbank.com https://*.lbank.zone https://*.rerrkvifj.com uuapi.rerrkvifj.com wss://*.rerrkvifj.com https://*.ierpifvid.com wss://*.ierpifvid.com https://*.lbank.zone https://*.rrrhhr.com https://*.ccchch.com; worker-src 'self' blob:; frame-src 'self' blob: https://secure.livechatinc.com https://tracking.nexxustrk.pro https://auctera.gotrackier.com https://www.youtube.com https://accounts.google.com https://appleid.cdn-apple.com https://cdn.jsdelivr.net https://*.google.com https://media.openxglobal.com https://api.sumsub.com https://social.rockettrack.pro https://playsala.com https://data.trckr.pro https://*.simplex.com https://*.simplexcc.com https://risk.checkout.com https://*.telegram.org https://*.lbank.com https://*.lbank.zone https://*.lbktech.com https://www.lbankwidgets.com; object-src 'none'; media-src 'self' blob: data: https://*.rerrkvifj.com https://*.ierpifvid.com https://*.lbank.com; base-uri 'self'; form-action 'self' https://checkout.simplexcc.com; report-uri https://aladdin.lbkpro.net/h5/submit/csp-report; 1
default-src 'nonce-8df8c9fff4768b18204ec4af7c9df039' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
default-src 'self'; connect-src 'self' *.hotjar.com *.hotjar.io c.amazon-adsystem.com *.wistia.net *.wistia.com js.monitor.azure.com snap.licdn.com www.googletagmanager.com www.google.com *.doubleclick.net analytics.google.com *.givchariot.com d.adroll.com dc.services.visualstudio.com insight.adsrvr.org *.linkedin.com s.amazon-adsystem.com doublethedonation.com js.monitor.azure.com; font-src 'self' data: cdn.givechariot.com fast.wistia.net doublethedonation.com; frame-src 'self' *.adsrvr.org *.adroll.com www.googletagmanager.com www.gstatic.com *.doubleclick.net *.wistia.net *.ceros.com wwp.mysalesforce-sites.com www.careerarc.com www.google.com www.youtube.com wwp.my.salesforce-sites.com; img-src 'self' data: *.adroll.com *.doubleclick.net *.lightboxcdn.com *.wistia.com *.wistia.net ad.ipredictive.com analytics.twitter.com bat.bing.com cdn.givechariot.com cdn.jsdelivr.net doublethedonation.com fast.wistia.net *.adsrvr.org media.sabio.us *.collect.igodigital.com p1.parsely.com px.adentifi.com *.linkedin.com t.co um.simpli.fi woundedwarriorprojectsite.secure.force.com wwp.my.salesforce-sites.com www.facebook.com *.google.com www.googleadservices.com www.googletagmanager.com x.bidswitch.net media.sabio.us aa.agkn.com ads.stickyadstv.com analytics.twitter.com attrk.com bat.bing.com bcp.crwdcntrl.net ce.lijit.com cs.admanmedia.com dsum-sec.casalemedia.com eb2.3lift.com fei.pro-market.net ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com loadm.exelator.com ml314.com *.igodigital.com pippio.com pixel.locker2.com pixel.rubiconproject.com pixel.tapad.com ps.eyeota.net px.adentifi.com s.ad.smaato.net simplifi.partners.tremorhub.com sync.1rx.io sync.bfmio.com sync.intentiq.com sync.outbrain.com sync.taboola.com trkn.us ups.analytics.yahoo.com us-u.openx.net arttrk.com media.sabio.us um.simpli.fi; script-src 'self' *.hotjar.com bat.bing.com *.salesforceliveagent.com cdn.givechariot.com connect.facebook.net *.wistia.com *.wistia.net *.adroll.com tag.simpli.fi www.google.com www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.lightboxcdn.com  www.youtube.com *.collect.igodigital.com aa.trkn.us browser.sentry-cdn.com cdn.c212.net cdn.parsely.com doublethedonation.com *.doubleclick.net js.adsrvr.org js.monitor.azure.com script.crazyegg.com snap.licdn.com tags.wdsvc.net *.ceros.com www.gstatic.com www.youtube.com; style-src 'self' cdn.givechariot.com *.wistia.com *.wistia.net js.adsrvr.org s.adroll.com www.googletagmanager.com www.lightboxcdn.com doublethedonation.com; 1
script-src 'nonce-5frz0oZQukGkl6xxkIiKiA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=900d2548-befb-43e3-93a8-1cd531fc6455; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src 'none'; font-src 'self' fonts.gstatic.com data:; img-src * 'self' data: https: https://*.usepylon.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d3vl36l12sfx26.cloudfront.net; script-src 'self' 'unsafe-inline' *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* clickhouse.com discover.clickhouse.com statuspage.incident.io www.recaptcha.net recaptcha.net munchkin.marketo.net www.google.com google.com *.googletagmanager.com *.licdn.com www.gstatic.com js.stripe.com *.fullstory.com vercel.live https://widget.usepylon.com; style-src 'self' 'unsafe-inline' clickhouse.com discover.clickhouse.com fonts.googleapis.com vercel.live https://*.usepylon.com; object-src 'none'; worker-src 'self' blob:; connect-src 'self' 'unsafe-inline' clickhouse.com discover.clickhouse.com wss: *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* statuspage.incident.io www.recaptcha.net recaptcha.net *.us-east-2.amazonaws.com *.google-analytics.com *.linkedin.oribi.io *.mktoresp.com s3.eu-west-1.amazonaws.com *.fullstory.com *.auth0.com vercel.live https://*.usepylon.com wss://*.pusher.com; frame-src *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* clickhouse.com discover.clickhouse.com www.recaptcha.net recaptcha.net https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://player.vimeo.com *.auth0.com vercel.live; frame-ancestors 'none'; 1
frame-ancestors 'self'; report-uri https://www.vogue.com.au/csp-reports 1
default-src 'self' *.booztlet.com; script-src 'self' data: blob: bat.bing.com t.contentsquare.net geolocation.onetrust.com *.datadoghq.eu *.g.doubleclick.net cdn.taggstar.com cdn.cookielaw.org www.googletagmanager.com chat.kindlycdn.com *.sleeknote.com www.google.com *.hotjar.com www.snapengage.com 7276579.collect.igodigital.com *.trustpilot.com static.cloudflareinsights.com *.liveshopper.net sleeknotestaticcontent.sleeknote.com cdn.avo.app *.criteo.com track.adform.net *.klarnacdn.net *.criteo.net connect.facebook.net maps.googleapis.com *.hotjar.io cdn.noibu.com www.googleoptimize.com *.datadog.eu *.booztcdn.com *.kronor.io www.datadoghq-browser-agent.com *.google-analytics.com www.googleadservices.com s2.adform.net dev.visualwebsiteoptimizer.com svht.tradedoubler.com sdk.privacy-center.org analytics.tiktok.com sleeknotecustomerscripts.sleeknote.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.booztcdn.com fonts.gstatic.com *.booztlet.com *.booztx.com chat.kindlycdn.com fonts.googleapis.com data: ; img-src optimize.google.com https: data: blob: 'unsafe-inline'; connect-src 'self' data: *.visualwebsiteoptimizer.com *.datadoghq.eu *.kronor.io wss://*.kronor.io *.google-analytics.com www.googleadservices.com www.googleoptimize.com api.mkmediaworks.com www.googletagmanager.com api.taggstar.com bat.bing.com *.contentsquare.net kronor.io api.liveshopper.net analytics.tiktok.com cdn.avo.app wss://kronor.io input.noibu.com *.hotjar.com www.google.com www.googleadservices.com stats.g.doubleclick.net www.facebook.com geolocation.onetrust.com *.datadog.eu cdn.cookielaw.org *.hotjar.io *.hotjar.com browser-intake-datadoghq.eu wss://input.noibu.com pagead2.googlesyndication.com *.booztlet.com *.sleeknote.com *.klarnacdn.net *.trustpilot.com *.g.doubleclick.net www.snapengage.com ws.hotjar.com chat.kindlycdn.com *.booztcdn.com www.datadoghq-browser-agent.com *.booztlet.com *.browser-intake-datadoghq.eu dev.visualwebsiteoptimizer.com; child-src 'self' www.googletagmanager.com *.freshchat.com fpt.booztlet.com *.google-analytics.com *.criteo.net www.booztlet.com www.facebook.com *.trustpilot.com blob: ; frame-src 'self' *.kronor.io *.criteo.com *.criteo.com *.sleeknote.com www.googletagmanager.com www.facebook.com *.trustpilot.com *.klarnacdn.net *.hotjar.com connect.facebook.net; style-src 'self' *.sleeknote.com *.booztlet.com cdn.taggstar.com *.booztcdn.com *.kronor.io chat.kindlycdn.com data: blob: 'unsafe-inline'; manifest-src 'self' *.booztlet.com; media-src 'self' data: *.booztcdn.com *.booztlet.com storage.googleapis.com; frame-ancestors 'self' ; report-uri /csp-report/; report-to csp-reports 1
script-src 'nonce-xDD1bduuDPV9oKBOLvLUNQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; connect-src 'self' *.thuisarts.nl *.readspeaker.com https://bynder.nhg.org https://*.ingest.de.sentry.io; font-src 'self' data: https://themes.googleusercontent.com; frame-src 'self' *.readspeaker.com; img-src 'self' data: *.thuisarts.nl *.readspeaker.com https://bynder.nhg.org; media-src 'self' *.thuisarts.nl *.readspeaker.com; script-src 'self' 'report-sample' *.readspeaker.com *.thuisarts.nl *.cloudfront.net cdn-eu.readspeaker.com; style-src * 'report-sample' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action 'self' *.thuisarts.nl https://nhglsk-staging.netlify.app; frame-ancestors 'self' *.asterisque.nl *.cnsconnect.nl *.crsinternet.nl *.curasoft.nl *.dataleaf.eu *.eposzilos.nl *.extenzo.nu *.healthconnected.nl *.omnihis.nl *.oscarecd.nl *.portavita.eu *.portavita.nl *.promedico-asp.aw *.promedico-asp.nl *.topicus-hap.nl *.prescriptor.nl *.digitalis.nl *.clinicalrules.nl *.caresharing.eu *.vandenhoogenhoff.com *.brickshuisarts.nl *.promedico-huisarts.nl brickshuisarts.nl 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com https://a.quora.com https://static.ads-twitter.com https://analytics.tiktok.com https://tags.srv.stackadapt.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fullstory.com https://cdn.segment.com https://edge.fullstory.com https://js.partnerstack.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.optimizely.com https://region1.google-analytics.com https://analytics.tiktok.com https://partnerlinks.io ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.optimizely.com ; frame-ancestors * ; object-src 'none' ; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: https://www.googletagmanager.com maxcdn.bootstrapcdn.com apps.mypurecloud.com use.typekit.net *.silencershop.com *.klaviyo.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.credova.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.credova.com * *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.youtube.com https://c.paypal.com/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.silencershop.com *.signifyd.com *.online-metrix.net/ data.adxcel-ec2.com engine.gettopple.com trkn.us *.cloudfront.net *.klaviyo.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.credova.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.jsdelivr.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.silencershop.com apps.usw2.pure.cloud *.signifyd.com delivery.gettopple.com *.online-metrix.net d14jnfavjicsbe.cloudfront.net sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com sec.webeyez.com widget.trustpilot.com *.klaviyo.com *.fontawesome.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com apps.mypurecloud.com use.typekit.net p.typekit.net *.silencershop.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://www.google-analytics.com *.credova.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.silencershop.com *.signifyd.com invitejs.trustpilot.com send.webeyez.com sec.webeyez.com *.klaviyo.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-HGtQGPEZzCnhuEeLEw164AuL'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
default-src 'self'; style-src 'self'; script-src 'self' https://maps.googleapis.com https://googletagmanager.com https://munchkin.marketo.net https://script.crazyegg.com https://www.influ2.com https://bat.bing.com https://ws.zoominfo.com https://www.clickcease.com https://tracking.g2crowd.com https://go.qgenda.com https://cdn.bizible.com https://j.6sc.co https://googleads.g.doubleclick.net; connect-src 'self' https://maps.googleapis.com https://script.crazyegg.com https://761-yjz-981.mktoresp.com https://www.google-analytics.com https://t.influ2.com https://c.6sc.co https://ipv6.6sc.co https://stats.g.doubleclick.net  https://tracking.g2crowd.com https://ws.zoominfo.com https://realtime.ramblechat.com;  img-src 'self'  https://www.google.com https://bat.bing.com;  font-src 'self'  https://fonts.gstatic.com;  frame-src 'self' https://td.doubleclick.net;  object-src 'self'; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.lge.co.kr https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.criteo.com *.creativecdn.com *.naver.net *.pstatic.net *.daangn.com *.stclab.com *.google.com *.creativecdn.com *.google-analytics.com *.simpli.fi *.sauceflex.com *.facebook.com *.google.co.kr  *.widerplanet.com *.daumcdn.net *.useinsider.com *.attractt.com *.criteo.net; connect-src 'self' *.lge.co.kr https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.criteo.com *.creativecdn.com *.naver.net *.pstatic.net *.daangn.com *.stclab.com *.google.com *.creativecdn.com *.google-analytics.com *.simpli.fi *.sauceflex.com *.facebook.com *.google.co.kr *.widerplanet.com *.daumcdn.net *.useinsider.com *.attractt.com *.criteo.net; 1
script-src 'self' *.adyen.com *.allsaints.com *.bing.com *.cquotient.com *.forter.com *.g.doubleclick.net *.global-e.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.klarnaservices.com *.parcellab.com *.pcapredict.com *.scarabresearch.com *.squarecdn.com *.tribalfusion.com *.yotpo.com access.myunidays.com ajax.cloudflare.com allsaints.api.highstreetapp.com analytics.tiktok.com api.soreto.com appleid.cdn-apple.com assets.ntcacdn.net cdn-ukwest.onetrust.com cdn.jsdelivr.net cdn.optimizely.com cdnapisec.kaltura.com challenges.cloudflare.com chat.digitalgenius.com code.jquery.com connect.facebook.net ct.pinterest.com d.ratepay.com dnn0yrbagrg.cloudfront.net duvgq8bw.cloudfront.net edge.eu.fullstory.com js-agent.newrelic.com js.klarna.com lottingem.com platform.communicatorcorp.com player.vimeo.com rgneujpc.micpn-eu.com s.pinimg.com sc-static.net secured-pixel.com services.postcodeanywhere.co.uk static.cloudflareinsights.com statse.webtrendslive.com t.contentsquare.net tag.rmp.rakuten.com tags.creativecdn.com tr.snapchat.com tracker.marinsm.com unpkg.com widgets.trustedshops.com www.googletagmanager.com www.paypal.com www.recaptcha.net www.redditstatic.com x.klarnacdn.net; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=iwoJ.5HzhUse3SFtEXxVzbfqxzC23hDaeWK6Pvb0ipQ-1773715045-1.0.1.1-ca2npPj4QEKk8o1UpQi72VCAT1F5NojFRZkdNYCcdte.pro5B9Pd1Pcqnms_c0PukZxcavZUpDmasI0K6k_P6vZ2HLcbSECVQ4w3AbA9n8EwuzHqYlTJJN8a2AL1ZgM4sFCYbfg3yQ3S8bSuI94065tSmlJbzW3ae5UmnQ09kSIDAloHahWuId1.pq6AENPJkLfP2inFes8kl7OEqieTnw; report-to cf-mwyznqavsxpgoxnv 1
worker-src blob:; sandbox *.425.degree *.425degree.com 425degree.com www.425degree.com https://www.facebook.com *.facebook.com *.facebook.net *.tiktok.com https://browser-intake-datadoghq.com *.datadoghq.com; font-src *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com https://browser-intake-datadoghq.com *.datadoghq.com *.googleapis.com https://www.gstatic.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action www.facebook.com https://browser-intake-datadoghq.com *.datadoghq.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.doubleclick.net *.infogram.com *.facebook.com *.googleadservices.com *.googlesyndication.com https://www.google.co.th *.kasikornbank.com *.googletagmanager.com *.pinterest.com *.425.degree *.425degree.com https://browser-intake-datadoghq.com *.datadoghq.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://www.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.cloudflare.com https://cdn.klarna.com *.425degree.com *.425.degree https://www.trustmarkthai.com/ https://t.co https://www.google.co.th *.doubleclick.net *.facebook.com *.pinterest.com https://www.googletagmanager.com/ *.googleadservices.com *.paypal.com *.vimeocdn.com https://s.ytimg.com *.usercentrics.eu *.clarity.ms www.clarity.ms *.bing.com https://browser-intake-datadoghq.com *.datadoghq.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com https://www.trustmarkthai.com/ https://chimpstatic.com/ *.twitter.com *.ads-twitter.com *.425.degree *.425degree.com https://googleads.g.doubleclick.net *.infogram.com *.facebook.com *.newrelic.com *.nr-data.net *.pinimg.com www.google-analytics.com *.googlesyndication.com *.trustedshops.com *.usercentrics.eu *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com https://browser-intake-datadoghq.com *.datadoghq.com www.googleadservices.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.kasikornbank.com www.facebook.com graph.facebook.com business.facebook.com twitter.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://browser-intake-datadoghq.com *.datadoghq.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.425.degree *.425degree.com https://browser-intake-datadoghq.com *.datadoghq.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.cloudflare.com *.pinterest.com *.paypal.com *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com https://browser-intake-datadoghq.com *.datadoghq.com https://www.trustmarkthai.com/ https://t.co *.425.degree *.nr-data.net www.facebook.com www.google-analytics.com *.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://cdn.curator.io/ https://www.juicer.io/ https://www.google-analytics.com/ https://js.hsforms.net/ https://cdn.cookielaw.org/ https://js.adsrvr.org/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://snap.licdn.com/ cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://cdn.curator.io/ https://www.juicer.io/ https://www.google-analytics.com/ https://js.hsforms.net/ https://cdn.cookielaw.org/ https://js.adsrvr.org/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://snap.licdn.com/ cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://cdn.curator.io/ https://www.juicer.io/ https://www.google-analytics.com/ https://js.hsforms.net/ https://cdn.cookielaw.org/ https://js.adsrvr.org/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://snap.licdn.com/ cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://fonts.googleapis.com/ https://cdn.curator.io/ https://www.juicer.io/ https://www.google-analytics.com/ https://js.hsforms.net/ https://cdn.cookielaw.org/ https://js.adsrvr.org/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://snap.licdn.com/ 1
object-src 'none';base-uri 'self';script-src 'nonce-DUBJ-dTZxUfHk-sWHqpzxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'strict-dynamic' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://analytics.google.com 'nonce-49f7d4539ec49acb'; connect-src 'self' https://*.googletagmanager.com https://*.google.com https://*.google.ch https://*.google.rs https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://www3.doubleclick.net https://www.googleadservices.com https://*.googlesyndication.com https://ep1.adtrafficquality.google https://adservice.google.com https://bing.com https://bat.bing.com https://ui.ads.microsoft.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://cdn.cookielaw.org https://search.ch https://fullstory.com https://edge.eu1.fullstory.com https://rs.eu1.fullstory.com https://ch.eu1.fullstory.com https://eu-data.kameleoon.eu https://kameleoon.com https://*.kameleoon.io https://app.formbricks.com https://*.onetrust.com https://cookie-cdn.cookiepro.com https://connect.facebook.net https://www.facebook.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://search.ch https://cdnjs.cloudflare.com https://cdn.ringier-advertising.ch; img-src 'self' data: https://*.googletagmanager.com https://*.google.com https://*.google.rs https://*.google.ch https://*.google-analytics.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://cdn.cookielaw.org https://bat.bing.com https://ui.ads.microsoft.com https://servedby.ipromote.com https://ep1.adtrafficquality.google https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.local.ch https://search.ch https://web.staticlocal.ch/; font-src 'self' https://search.ch data:; frame-src https://www.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://ep2.adtrafficquality.google https://www.google.com https://cdn.cookielaw.org https://bookingwidget.beta.local.ch https://bookingwidget.local.ch https://localch-fe-68cb68ff4b-tcwtp:3000; object-src 'none'; base-uri 'self'; report-uri /api/csp-report; report-to csp-endpoint 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com data:; img-src 'self' https://files.bikeindex.org https://uploads.bikeindex.org https://bikebook.s3.amazonaws.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://translate.google.com https://www.facebook.com https://connect.facebook.net https://pbs.twimg.com https://syndication.twitter.com data: blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.bikeindex.org https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://connect.facebook.net https://platform.twitter.com https://api.mapbox.com https://cdn.jsdelivr.net https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://api.mapbox.com; connect-src 'self' https://bikebook.herokuapp.com https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://translate.googleapis.com https://www.facebook.com https://api.mapbox.com https://events.mapbox.com https://*.tiles.mapbox.com https://cdn.jsdelivr.net https://api.honeybadger.io; worker-src 'self' blob:; frame-src 'self' https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.com.au https://www.google.com.br https://www.google.de https://www.google.es https://www.google.fr https://www.google.it https://www.google.nl https://www.google.co.in https://www.google.co.jp https://www.google.com.mx https://www.recaptcha.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.facebook.com https://web.facebook.com https://m.facebook.com https://platform.twitter.com https://js.stripe.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_7wRYq2T3cL841lfUt6urubEW6wF8Ky2u10Zf&report_only=true&env=production&context[user_id]= 1
object-src 'none';base-uri 'self';script-src 'nonce-j2Tq87oDXJ3ofZdVEMX8kQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-ancestors 'self' https://app.datadoghq.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubce3f3f19a3c7fcb81c0e6b27dbde95e1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Agrow-monolith-prod; report-to csp-endpoint 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://s7.addthis.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' data: https://www.google.com https://widgets.guidestar.org https://googleads.g.doubleclick.net https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google.com; object-src 'none'; frame-src https://www.googletagmanager.com https://googleads.g.doubleclick.net; base-uri 'self'; 1
frame-ancestors 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* *.google.com *.cybersource.com up.cybersource.com;         frame-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* *.googletagmanager.com *.google.com *.signifyd.com *.cookiebot.com *.online-metrix.net *.paypal.com *.facebook.com *.fls.doubleclick.net *.clinch.co *.cloudflare.com *.xanderdev.com showmetheparts.com *.showmetheparts.com www.youtube.com *.jasonindustrial.com *.listrak.com *.quantummetric.com *.tractorsupply.com *.countingdownto.com *.cybersource.com;         default-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* blob: *.google.com um.simpli.fi d.adroll.com www.ruralking.com *.ruralking.com *.quantummetric.com *.cybersource.com;         child-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* *.google.com *.quantummetric.com blob:;         script-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* 'unsafe-inline' 'unsafe-eval' *.cnstrc.com cnstrc.com *.sezzle.com *.bazaarvoice.com *.signifyd.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.quantummetric.com *.cookiebot.com *.listrakbi.com *.flippenterprise. *.smg.com *.gleamjs.io *.curalate.com polyfill-fastly.net *.polyfill-fastly.net *.lt02.net *.listrak.com *.online-metrix.netnet analytics.freespee.com beacon.krxd.net cm.g.doubleclick.net dpm.demdex.net in.treasuredata.com io.narrative.io lex.33across.com ml314.com pixel.tapad.com s-cs.send.microad.jp stags.bluekai.com us-u.openx.net barracuda.com *.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com *.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com *.pubmatic.com snap.licdn.com sync.outbrain.com *.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.cloudflareinsights.com *.online-metrix.net *.paypal.com *.bing.com *.hotjar.com *.google.com *.simpli.fi *.amplitude.com *.zdassets.com *.clinch.co *.googlesyndication.com *.clarity.ms *.gleam.io *.cloudflare.com blob: *.flippenterprise.net *.adnxs.com *.certcapture.com *.ruralking.com gleam.io www.ruralking.com *.zendesk.com *.kyc.red *.jquery.com *.cloudfront.net *.bootstrapcdn.com *.tiles.mapbox.com *.cybersource.com testup.cybersource.com;         connect-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* 'unsafe-inline' 'unsafe-eval' *.cnstrc.com cnstrc.com *.sezzle.com *.bazaarvoice.com *.signifyd.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.quantummetric.com *.cookiebot.com *.listrakbi.com *.smg.com *.gleamjs.io *.curalate.com polyfill-fastly.net *.polyfill-fastly.net *.lt02.net *.listrak.com *.online-metrix.netnet analytics.freespee.com beacon.krxd.net cm.g.doubleclick.net dpm.demdex.net in.treasuredata.com io.narrative.io lex.33across.com ml314.com pixel.tapad.com s-cs.send.microad.jp stags.bluekai.com us-u.openx.net barracuda.com *.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com *.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com *.pubmatic.com snap.licdn.com sync.outbrain.com *.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.cloudflareinsights.com *.online-metrix.net *.paypal.com *.bing.com *.hotjar.com *.google.com *.simpli.fi *.amplitude.com *.zdassets.com *.clinch.co *.googlesyndication.com *.clarity.ms *.gleam.io *.cloudflare.com blob: *.flippenterprise.net *.adnxs.com *.certcapture.com *.ruralking.com *.googleadservices.com *.zendesk.com *.bf.dynatrace.com *.doubleclick.net *.bing.net *.hotjar.io *.flippback.com *.flipp.com www.ruralking.com um.simpli.fi wss://*.hotjar.com wss://pod-13-sunco-ws.zendesk.com wss://*.zendesk.com *.cloudfront.net *.mapbox.com;         style-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* *.googleapis.com *.googletagmanager.com 'unsafe-inline' *.cdnfonts.com *.listrakbi.com *.gleam.io *.flippenterprise.net *.quantummetric.com app.certcapture.com *.cloudfront.net *.jsdelivr.net *.tiles.mapbox.com;         font-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* *.gstatic.com *.cdnfonts.com *.smg.com *.bazaarvoice.com *.cloudflare.com *.walmartimages.com *.amazonaws.com *.espssl.com data: *.cloudfront.net *.jsdelivr.net;         img-src 'self' aws.ruralking.cloud:* *.aws.ruralking.cloud:* https: data:; 1
default-src *.quikr.com *.kuikr.com ;script-src *.quikr.com *.kuikr.com *.google-analytics.com *.facebook.net *.facebook.com 'unsafe-inline' cdnjs.cloudflare.com *.google.com securepubads.g.doubleclick.net csi.gstatic.com *.googletagservices.com adservice.google.co.in cdn.ampproject.org adservice.google.com *.googletagmanager.com www.gstatic.com www.googleadservices.com bam.nr-data.net googleads.g.doubleclick.net ;style-src *.quikr.com *.kuikr.com 'unsafe-inline' ;img-src * ;frame-src https://*.doubleclick.net https://www.google.com https://www.googletagmanager.com https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://*.facebook.com https://www.googleadservices.com ;connect-src *.quikr.com *.kuikr.com www.google-analytics.com securepubads.g.doubleclick.net csi.gstatic.com wss://chat.kuikr.com:5291 ;script-src-elem *.quikr.com *.kuikr.com *.google-analytics.com *.facebook.net *.facebook.com 'unsafe-inline' cdnjs.cloudflare.com *.google.com securepubads.g.doubleclick.net csi.gstatic.com *.googletagservices.com adservice.google.co.in cdn.ampproject.org *.google.com *.googletagmanager.com http://*.kuikr.com www.gstatic.com www.googleadservices.com bam.nr-data.net googleads.g.doubleclick.net ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wA3wCO8k1uroL1M9sKdh4G6kkZQ4LqYMkbLFK951UEA-1773716743.772713-1.0.1.1-DBejHK2npV4Esxr9Hy0WmCn0E_NN.bGnUOdOTLvU0tMKUZOBjcPn.Ai0AgkyIr45YWnRjX6XrqpjMVoDbSal1uhGthzdAU8rP3ii8hNUIWh7Z8rLaMI39wb_SKgRfocmsy3Qc.ksmNE6wu3BdowiHSVlsTM63IuCRPPUHugkCdicdzaYJ0EWqkQGTnPSev2x; report-to cf-gqegugwdxwypszic 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.forbes.pl::TST_REF 1
default-src 'self' https://3sspw4l2.tinifycdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://3sspw4l2.tinifycdn.com https://a.plerdy.com https://challenges.cloudflare.com https://connect.facebook.net https://d.plerdy.com https://googleads.g.doubleclick.net https://js.stripe.com https://maps.googleapis.com https://notifications.nic.ua https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com; script-src-elem 'self' 'unsafe-inline' blob: https://3sspw4l2.tinifycdn.com https://a.plerdy.com https://challenges.cloudflare.com https://connect.facebook.net https://d.plerdy.com https://js.stripe.com https://maps.googleapis.com https://notifications.nic.ua https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://googleads.g.doubleclick.net *.nicnames.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://3sspw4l2.tinifycdn.com; style-src-elem 'self' 'unsafe-inline' https://3sspw4l2.tinifycdn.com https://fonts.googleapis.com https://pt.wisernotify.com https://themes.googleusercontent.com https://www.gstatic.com; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://3sspw4l2.tinifycdn.com https://cdn.megabonus.com *.nicnames.com https://static.hsappstatic.net; img-src * data: blob:; connect-src 'self' https://3sspw4l2.tinifycdn.com https://api.locize.app https://api.nicnames.com wss://d.plerdy.com https://d.plerdy.com https://jexi.ai https://maps.googleapis.com https://nicnames.com https://ns.wisermapp.com https://overbridgenet.com https://region1.google-analytics.com https://strapi.nicnames.com https://ts-wn-log-bmggb9bcacbsd6df.westus-01.azurewebsites.net https://www.facebook.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.paypal.com; frame-src 'self' https://assets.braintreegateway.com https://challenges.cloudflare.com https://c.paypal.com https://js.stripe.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.paypal.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://nicnames.com/csp-reports; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betano.de *.betano.de betgenius.com *.betgenius.com bing.com *.bing.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com optimove.net *.optimove.net sportradar.com *.sportradar.com sportradarserving.com *.sportradarserving.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery clarity.ms *.clarity.ms lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=1_c0YCqmQFlpvxjhdrUWj9OseultVmPDnOB4ZB9GgPE-1773717556-1.0.1.1-o4n12lbGuTXh1QUi10mJ4s5lW2hgzfUtdSPoc54luIpBgSNl2fuaWY2UonyuAIdzlQZ.m_7d9.UJ7J5jun51GJMNoH3Xh22Z3rMVDF0NEOSzjEqBQwPvDxxAoGXJu6h4Ef9bDCzPCFnv03myxFX4hR6DPrDI8Dxequi9KOb_0GYNw.H0dEIxhnydTB.9dDLB4uzYb3Hxn4fjptPgtd19BQ; report-to cf-ltxcfwltixxtaxwx 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com  *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' https://*.appzen.com; img-src 'self' https://*.appzen.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent.com https://*.hsforms.com https://*.hsappstatic.net https://c.clarity.ms https://*.ads.linkedin.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://www.googletagmanager.com https://googletagmanager.com https://c.bling.com https://*.6sc.co data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.hsappstatic.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hubspot.com https://js.qualified.com https://js.zi-scripts.com https://*.sentry-cdn.com https://connect.facebook.net https://platform.linkedin.com https://platform.twitter.com https://snap.licdn.com https://www.googletagmanager.com https://googletagmanager.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.clarity.ms https://tracking.g2crowd.com https://*.6sc.co https://static.oktopost.com https://okt.to https://s3-us-west-2.amazonaws.com https://tag.unifyintent.com blob:; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.hsappstatic.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hubspot.com https://js.qualified.com https://js.zi-scripts.com https://*.sentry-cdn.com https://connect.facebook.net https://platform.linkedin.com https://platform.twitter.com https://snap.licdn.com https://www.googletagmanager.com https://googletagmanager.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.clarity.ms https://tracking.g2crowd.com https://*.6sc.co https://static.oktopost.com https://okt.to https://s3-us-west-2.amazonaws.com https://tag.unifyintent.com blob:; style-src 'self' 'unsafe-inline' https://*.appzen.com https://*.hubspot.com https://*.hsappstatic.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://cdn2.hubspot.net https://*.hubspot.com https://*.hsappstatic.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://*.appzen.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent.com https://fonts.gstatic.com data:; connect-src 'self' https://*.appzen.com https://*.hubspot.com https://*.hubapi.com https://*.hubspotapi.com https://*.hsappstatic.net https://*.hsforms.com https://js.hs-banner.com https://js.hsforms.net https://js.zi-scripts.com https://app.qualified.com wss://ws1.qualified.com https://*.clarity.ms https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://googletagmanager.com https://*.googleadservices.com https://*.ads.linkedin.com https://tracking-api.g2.com https://*.6sc.co https://*.6sense.com https://ws.zoominfo.com https://*.sentry.io https://api.unifyintent.com https://tag.unifyintent.com https://pagead2.googlesyndication.com; frame-src 'self' https://*.appzen.com https://*.hubspot.com https://*.hs-sites.com https://*.hubspotvideo.com https://*.vidyard.com https://app.qualified.com https://platform.twitter.com https://www.google.com https://www.googletagmanager.com; media-src 'self' https://*.hubspotvideo.com https://*.vidyard.com https://app.qualified.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent.com https://*.hsappstatic.net blob: data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-bxvEcAgUZDOT-D6XrFPbkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src viz.tools.investis.com irs.tools.investis.com www.youtube.com www.youtube-nocookie.com; report-uri /report-csp-violation 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-c9e27d56dd63d81eb5161d3e' 'strict-dynamic' 'report-sample'  https://*.criteo.com https://static.criteo.net  https://*.facebook.com https://connect.facebook.net  https://*.hotjar.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com *.googletagmanager.com ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/about_youtube 1
object-src 'none';base-uri 'self';script-src 'nonce-KJxv_2ZyngcSUsicoDb1mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-plOKZfe9us7LRP1PpceI4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' dropbox.okta.com *.oktacdn.com; connect-src 'self' dropbox.okta.com dropbox-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com dropbox.kerberos.okta.com dropbox.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-qMs44pVPyHv8kTU_mVWjow' 'unsafe-eval' 'self' 'report-sample' dropbox.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-qMs44pVPyHv8kTU_mVWjow' 'self' 'report-sample' dropbox.okta.com *.oktacdn.com; frame-src 'self' dropbox.okta.com dropbox-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-37ec43d7.duosecurity.com; img-src 'self' dropbox.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' dropbox.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://app.dropboxer.net 1
default-src *.kuajingmaihuo.com *.cdnfe.com wss://seller.kuajingmaihuo.com *.jumio.ai blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri /api/sec-csp/110000010/report 1
object-src 'none';base-uri 'self';script-src 'nonce-BS77s_xY1CIEy9tW1q5DSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src 'self' web-analytics.intelliscapesolutions.com analytics.intelliscapesolutions.com; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src 'self' web-analytics.intelliscapesolutions.com analytics.intelliscapesolutions.com; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com analytics.intelliscapesolutions.com www.google.com www.gstatic.com cdn.jsdelivr.net static.cloudflareinsights.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com analytics.intelliscapesolutions.com www.google.com www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://intelliscape.report-uri.com/r/d/csp/wizard 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://werbung.leipzig.de/ https://data.leipzig.de/ https://static.leipzig.de/ https://www.gstatic.com/images/; script-src 'self' 'unsafe-inline' https://cdn.captchafox.com/ https://www.leipzig.de/ https://static.leipzig.de/ https://werbung.leipzig.de/delivery/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/ https://dev.lehst.de/ https://static.conword.io/; style-src 'self' 'unsafe-inline' https://cdn.captchafox.com/ https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player/styles/ https://dev.lehst.de/; font-src 'self' https://static.leipzig.de/ https://fonts.gstatic.com/; media-src 'self' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/; connect-src 'self' https://api.captchafox.com/ https://cdn.captchafox.com/ https://vrweb15.linguatec.org/VoiceReaderWeb15WebService/ https://dev.lehst.de/ https://www.leipzig.de/; frame-src https://www.youtube-nocookie.com/embed/ https://tnv.leipzig.de https://s-leipzig.maps.arcgis.com https://geoportal.leipzig.de https://www.blitzvideoserver.de https://tportal.toubiz.de https://kwis-web.leipzig.de; frame-ancestors 'self' https://*.leipzig.de/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.cloudflare.com https://*.slotor777.com.ua https://test2.slotor777.com https://*.clarity.ms https://r.clarity.ms https://www.google-analytics.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://pwa.slotor777.com.ua https://chat.slotor777.com.ua https://static.cloudflareinsights.com https://auth.slotor777.com.ua https://js-agent.newrelic.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.cloudflare.com https://*.slotor777.com.ua https://test2.slotor777.com https://*.clarity.ms https://r.clarity.ms https://www.google-analytics.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://pwa.slotor777.com.ua https://chat.slotor777.com.ua https://static.cloudflareinsights.com https://auth.slotor777.com.ua https://js-agent.newrelic.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://*.google-analytics.com https://*.doubleclick.net https://www.google.com.ua https://www.google.pl https://www.google.kz https://test2.slotor777.com https://*.googletagmanager.com https://*.cloudflare.com https://*.slotor777.com.ua https://*.clarity.ms https://www.google.com https://www.google.fr https://www.facebook.com https://translate.google.com https://c.clarity.ms https://fonts.gstatic.com https://*.google.cz https://*.google.co.uk; object-src 'none'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.clarity.ms https://www.google.com.ua https://www.google.pl https://www.google.kz https://chat.slotor777.com.ua https://socket.slotor777.com.ua wss://socket.slotor777.com.ua https://td.doubleclick.net https://test2.slotor777.com https://*.googletagmanager.com https://www.google.fr https://www.google.com https://auth.slotor777.com.ua https://test2.slotor777.com.ua https://*.nr-data.net https://bam.eu01.nr-data.net https://www.facebook.com https://google.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://chat.slotor777.com.ua https://dototo.net https://cdn4.endorphina.network https://nrgs-b2b-atbr.greentube.com https://td.doubleclick.net https://test2.slotor777.com https://www.google.com https://www.google.fr https://auth.slotor777.com.ua https://*.etr-op-133-adfr1.com https://www.facebook.com https://www.googletagmanager.com https://slotor777ua.games.amusnet.io https://betman.c4.3oaks.com https://gameseu.kaga88.com https://gamelaunch.voltent.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://slotor777.com.ua/ru/finance/create-payment https://www.facebook.com; report-uri https://reporting.slotor777.com.ua/api/csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.doubleclick.net *.facebook.com *.bing.com *.bing.net *.abtasty.com *.alicdn.com *.bootstrapcdn.com *.cdnfonts.com *.fontawesome.com *.googleusercontent.com *.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com *.zip.co *.qantas.com unpkg.com *.cloudflare.com *.totaltools.com.au *.afterpay.com *.zipmoney.com.au *.zohocdn.com *.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com *.googletagmanager.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.abtasty.com *.adroll.com *.adsrvr.org *.bing.com *.clarity.ms *.googleusercontent.com *.online-metrix.net *.openstreetmap.org *.quantcount.com *.quantserve.com *.signifyd.com *.unbxdapi.com *.zip.co *.afterpay.com *.tapad.com *.rubiconproject.com x.bidswitch.net pixel.tapad.com *.rlcdn.com *.openx.net *.yahoo.com *.pubmatic.com s3.amazonaws.com *.casalemedia.com *.adnxs.com *.amazon-adsystem.com *.stackadapt.com *.spotify.com *.sharethis.com *.bluekai.com *.contextweb.com *.kargo.com *.twitter.com *.addthis.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.nr www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vu www.google.ws link.totaltools.com.au render.barcodes.systems *.bing.net www.google.ad www.google.as www.google.co.mz www.google.com.cu www.google.com.vn www.google.cv www.google.dj www.google.ga www.google.gl www.google.gm www.google.ht www.google.sh www.google.td zip.co *.microsofttranslator.com *.totaltools.com.au 127.0.0.1 www.google.cf www.google.com.af www.google.com.gi www.google.com.ng www.google.com.ni www.google.com.tj www.google.dm www.google.fm www.google.gg *.baidu.com *.crwdcntrl.net *.google-analytics.com *.googleadservices.com *.jquery.com *.linksynergy.com *.paypalobjects.com *.scorecardresearch.com *.ytimg.com google.com www.google.nu *.alicdn.com *.imgur.com www.google.bi www.google.li www.google.ne www.google.pn www.google.sm www.google.st static.zdassets.com ttonlinehelp.zendesk.com *.jsdelivr.net *.adform.net *.agkn.com *.amazon.com *.bidr.io *.clickagy.com *.criteo.com *.everesttech.net *.exelator.com *.icons8.com *.lijit.com *.linkedin.com *.mathtag.com *.rezync.com *.rfihub.com *.simpli.fi *.sitescout.com *.taboola.com t.zip.co static.zipmoney.com.au static.zip.co www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.plugins.emarsys.net *.scarabresearch.com https://maps.googleapis.com https://player.vimeo.com *.disqus.com https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://platform.cloud.coveo.com https://api.cloud.coveo.com https://search.cloud.coveo.com cdn-4.convertexperiments.com *.abtasty.com *.addthis.com *.adroll.com *.adsrvr.org *.bing.com *.clarity.ms d21gpk1vhmjuf5.cloudfront.net d3mewz86hy02zo.cloudfront.net *.emarsys.net *.online-metrix.net *.pricespider.com *.quantcount.com *.quantserve.com *.signifyd.com *.wufoo.com *.zip.co *.zdassets.com nexuspublications.com.au *.jsdelivr.net https://unpkg.com *.cloudflare.com *.microsofttranslator.com *.totaltools.com.au 127.0.0.1 googletagmanager.com unpkg.com *.fullstory.com *.googleadservices.com *.hotjar.com *.zipmoney.com.au sc-static.net rum.hlx.page translate.google.cn nominatim.openstreetmap.org api.smooch.io *.smooch.io assets.zendesk.com ttonlinehelp.zendesk.com *.coveo.com *.segment.com localhost *.cloudflareinsights.com *.nosto.com *.trackedlink.net https://hosted.mastersoftgroup.com/harmony/rest/v2/address/find https://hosted.mastersoftgroup.com/harmony/rest/au/generateID static.zipmoney.com.au static.zip.co zip.co www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://cdn.jsdelivr.net assets.braintreegateway.com *.abtasty.com *.fontawesome.com *.typekit.net *.zip.co *.bing.com https://unpkg.com unpkg.com *.totaltools.com.au 127.0.0.1 *.bigcommerce.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.zdassets.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.google-analytics.com *.facebook.com *.facebook.net *.scarabresearch.com *.eservice.emarsys.net https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com connect.facebook.net graph.facebook.com business.facebook.com https://platform.cloud.coveo.com https://api.cloud.coveo.com https://search.cloud.coveo.com *.abtasty.com *.addthis.com *.adroll.com *.adsrvr.org *.amplitude.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.emarsys.net *.gstatic.com *.pricespider.com *.quantcount.com *.quantserve.com *.samsung.com *.typekit.net *.unbxd.io *.zipmoney.com.au *.zip.co d21gpk1vhmjuf5.cloudfront.net d3mewz86hy02zo.cloudfront.net *.mastersoftgroup.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.ca www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.it www.google.jo www.google.kg www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.nr www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.tl www.google.to www.google.tt www.google.vu *.zdassets.com nominatim.openstreetmap.org www.google.bf www.google.by www.google.cd www.google.cm www.google.co.ao www.google.co.bw www.google.co.ls www.google.co.mz www.google.co.vi www.google.co.zw www.google.com.ag www.google.com.bh www.google.com.bz www.google.com.cu www.google.com.do www.google.com.lb www.google.com.mt www.google.com.sl www.google.com.vc www.google.dj www.google.dz www.google.gm www.google.hn www.google.ki www.google.kz www.google.la www.google.sh www.google.sk www.google.sr www.google.tg www.google.ws zip.co 127.0.0.1 www.google.ad www.google.com.ng www.google.com.tj www.google.ga www.google.is www.google.ml www.google.rw www.google.sc www.google.sn www.google.so www.google.tn *.alicdn.com *.googleadservices.com *.hotjar.com *.jquery.com www.google.as www.google.co.uz www.google.com.af www.google.com.ly www.google.com.ni www.google.com.py www.google.dm www.google.ht www.google.je www.google.nu www.google.ps *.openstreetmap.org *.signifyd.com *.totaltools.com.au rum.hlx.page www.google.bi www.google.fm www.google.gg www.google.li www.google.ne www.google.sm www.google.td *.baidu.com *.gstatic-cache.com *.coveo.com *.linkedin.com *.mixpanel.com *.segment.com *.segment.io localhost www.google.com.gi www.google.cv totaltoolsnonproduction1b9a600cn.org.coveo.com totaltoolsproduction1tptz1hbe.org.coveo.com totaltoolsnonproduction1b9a600cn.analytics.org.coveo.com totaltoolsproduction1tptz1hbe.analytics.org.coveo.com platform-au.cloud.coveo.com wss://ttonlinehelp.zendesk.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.adroll.com *.clarity.ms *.doubleclick.net *.google.com 'self' 'unsafe-inline'; report-uri https://f4c824ea-9c0b-4131-a2e2-886e99df7154.sansec.watch/; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' www.youtube.com vimeo.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com; frame-ancestors 'self' 1
connect-src analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' wss:;default-src 'self' 'unsafe-inline' wss:;form-action 'self' 'unsafe-inline' wss:;frame-src *.soundcloud.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;img-src *.siteimproveanalytics.io analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;object-src 'none';script-src *.googletagmanager.com siteimproveanalytics.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com 'self' 'unsafe-inline' wss: 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.pushpushgo.com *.klevu.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.constructor.com *.constructor.dev 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.pushpushgo.com *.klevu.com *.constructor.com *.constructor.dev data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://browser.sentry-cdn.com *.pushpushgo.com *.klevu.com *.constructor.com *.constructor.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io *.constructor.com *.constructor.dev *.cnstrc.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.bing.com https://www.google.at https://www.google.de https://*.search.yahoo.com; report-uri https://tudorwatch.com/csp-reports/?req_id=45415282 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://www.googletagmanager.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://sc.lfeeder.com https://video.helloretail.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; frame-src https://capture.navattic.com https://www.youtube-nocookie.com https://video.helloretail.com https://consent.cookiebot.com; connect-src 'self' https://api.hsforms.com https://forms-eu1.hsforms.com; object-src 'none'; base-uri 'self' 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.com.sg *.ebay.sg *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.com.sg *.ebay.sg *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.com.sg *.ebay.sg *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce0%3F%3Ccjvehu%60t~sigsejtjt%60d4.3%3F%3E%60%3D2d%60f%2Bsfvu67%3D%2Bka%7Fkq-19cf99bb769-0x2704#pd 1
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.paddle.com connect.facebook.net mc.yandex.com mc.yandex.ru quantcast.mgr.consensu.org rules.quantcount.com secure.quantserve.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com cmp.auslogics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.paddle.com use.fontawesome.com www.iubenda.com translate.googleapis.com; img-src 'self' data: cms.quantserve.com mc.webvisor.org mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.uz pixel.quantcount.com pixel.quantserve.com ssl.google-analytics.com ssl.gstatic.com translate.google.com translate.googleapis.com www.facebook.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.gh *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.jo *.google.kg *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.sn *.google.sr *.google.tn *.google.tt *.google.td *.google.je *.google.ws *.google.rw *.google.co.mz *.google.sc *.google.tm *.google.ga *.google.tg *.google.com.ag *.google.co.in *.google.ad *.google.ml *.google.cg www.google-analytics.com www.googletagmanager.com www.gstatic.com yastatic.net; connect-src 'self' audit-tcfv2.quantcast.mgr.consensu.org code.jquery.com mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz quantcast.mgr.consensu.org translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net est.quantcast.mgr.consensu.org *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.gh *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.jo *.google.kg *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.sn *.google.sr *.google.tn *.google.tt *.google.td *.google.je *.google.ws *.google.rw *.google.co.mz *.google.sc *.google.tm *.google.ga *.google.tg *.google.com.ag *.google.co.in *.google.ad *.google.ml *.google.cg cmp.auslogics.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' m.youtube.com mc.yandex.com web.facebook.com www.facebook.com *.google.com www.googletagmanager.com www.youtube.com youtube.com; child-src 'self' www.facebook.com; worker-src 'self'; manifest-src 'self'; report-uri /secure-headers/report/r/d/csp/enforce; block-all-mixed-content; upgrade-insecure-requests 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.liqui-moly.com liquimoly.cloudimg.io *.twofour.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.liqui-moly.com walls.io *.walls.io *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com *.cloudimg.io *.liqui-moly.com liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com *.twofour.dev data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com liquimoly.cloudimg.io *.scaleflex.it *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.liqui-moly.com walls.io *.walls.io *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com googleapis.com connect.facebook.net service.liqui-moly.de *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.liqui-moly.com walls.io *.walls.io liquimoly.cloudimg.io *.twofour.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.liqui-moly.com walls.io *.walls.io *.cookiebot.com *.analytics.google.com *.twofour.dev 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: https://data.stbuttons.click/data https://challenges.cloudflare.com https://vod-progressive-ak.vimeocdn.com https://cdn.simplecast.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://apps.sitecore.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com http://ajax.googleapis.com https://maps.googleapis.com https://geoip-js.com https://www.google-analytics.com https://cdn.siteimprove.net https://player.simplecast.com https://cdnjs.cloudflare.com https://my2.siteimprove.com https://id.siteimprove.com https://unpkg.com https://platform-api.sharethis.com https://l.sharethis.com/ https://player.vimeo.com https://extend.vimeocdn.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://cdn.yoshki.com https://download-video-ak.vimeocdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://61281927.global.siteimproveanalytics.io/ https://cdn.yoshki.com https://61281927.global.siteimproveanalytics.io/ https://l.sharethis.com; style-src 'self' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://buttons-config.sharethis.com https://challenges.cloudflare.com https://cdn.cookielaw.org https://www.googletagmanager.com https://maps.googleapis.com https://js.maxmind.com https://cdnjs.cloudflare.com/polyfill/ https://siteimproveanalytics.com https://www.google-analytics.com https://platform-api.sharethis.com https://extend.vimeocdn.com https://cdn.siteimprove.net http://ajax.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://unpkg.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://cdn.cookielaw.org https://l.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://data.stbuttons.click/data https://region1.google-analytics.com/g/collect https://www.googletagmanager.com/td; frame-ancestors 'self' https://www.independentsector.org; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-pwMif549cUDge8qV24-IQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cactusvpn.com www.cactusvpn.com billing.cactusvpn.com; report-uri https://75943a29954faa0d1b365a52c248c905.report-uri.com/r/d/csp/reportOnly; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: js.datadome.co ct.captcha-delivery.com *.onetrust.com *.googletagmanager.com *.cookielaw.org *.qualtrics.com *.salesforce.com *.en25.com *.segment.com *.amplitude.com *.salesforceliveagent.com *.sandbox.my.site.com reuters.my.site.com; script-src-elem 'self' 'unsafe-inline' blob: www.datadoghq-browser-agent.com *.thomsonreuters.com reuters.my.site.com *.sandbox.my.site.com *.cookielaw.org *.amplitude.com *.segment.com *.googletagmanager.com js.datadome.co js.zuora.com ssl.p.jwpcdn.com ct.captcha-delivery.com; connect-src 'self' api-js.datadome.co *.onetrust.com *.cookielaw.org wss://*.rcp-api.reutersconnect.com *.reuters.com *.reutersconnect.com *.qualtrics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.segment.io *.amplitude.com *.thomsonreuters.com *.segment.com browser-intake-datadoghq.com *.sandbox.my.salesforce-scrt.com reuters.my.salesforce-scrt.com cdn.jwplayer.com drmtd540xpi1f.cloudfront.net d3cgfqae8o6oiw.cloudfront.net d1qvkrpvk32u24.cloudfront.net d2tpo79pi2fb76.cloudfront.net d1uprxlryo4sfl.cloudfront.net d1s0weg9xjt2n5.cloudfront.net *.token.awswaf.com cdn.flagship.io events.flagship.io; frame-src 'self' geo.captcha-delivery.com *.onetrust.com *.salesforce.com *.sandbox.my.site.com reuters.my.site.com *.thomsonreuters.com d1hbvbum0y1xmw.cloudfront.net *.reuters.com player.vimeo.com; worker-src 'self' blob: https://*.reutersconnect.com; report-uri https://reuters.report-uri.com/r/t/csp/reportOnly; report-to report-uri 1
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.surveymonkey.com *.criteo.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com *.onetrust.com *.pangle-ads.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fast.wistia.com https://*.wistia.com https://js.hsforms.net https://statuspal.io https://connect.facebook.net https://bat.bing.com https://tracking.g2crowd.com https://www.redditstatic.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com https://snap.licdn.com https://a.burly.io https://j.6sc.co https://cdn.stat-track.com https://*.zoominfo.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://fast.wistia.com https://*.wistia.com https://forms.hsforms.com https://statuspal.io; img-src 'self' https: data: https://www.facebook.com https://static.xx.fbcdn.net https://*.wistia.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://bat.bing.com; connect-src 'self' https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bat.bing.com https://tracking.g2crowd.com https://forms.hsforms.com https://*.hubspot.com https://statuspal.io https://*.wistia.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com https://px.ads.linkedin.com https://a.burly.io https://j.6sc.co https://cdn.stat-track.com https://*.zoominfo.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com 1
object-src 'none';base-uri 'self';script-src 'nonce-eJ_tUnbPuWQTd8ffS13cZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://5b99b19026a35ad04db5bcf778a03938.report-uri.com/r/d/csp/reportOnly 1
default-src blob: data: https: 'self'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: data: https: 'self'; connect-src blob: data: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self'; script-src blob: 'unsafe-eval' 'unsafe-inline' 'self' https://*.adform.net/ https://*.hotjar.com/ https://*.go-mpulse.net https://*.outbrain.com/  https://*.volvo.com/ https://*.volvotrucks.com/ https://ajax.googleapis.com/ajax/libs/jquery https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://connect.facebook.net/ https://documentservices.adobe.com/ https://googleads.g.doubleclick.net/ https://*.scene7.com/ https://script.e-space.se/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googletagmanager.com/ https://www.youtube.com/; report-to csp-endpoint; report-uri https://knxzhhty06.execute-api.eu-west-1.amazonaws.com/prod/browser-reporting/csp; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: play.google.com admin.google.com accounts.google.com www.google.com drive.google.com translate.google.com translate.googleapis.com www.edmonton.ca edmonton.ca data.edmonton.ca maps.edmonton.ca gis.edmonton.ca transforming.edmonton.ca webdocs.edmonton.ca portal-onecity.edmonton.ca coewebops.com www.youtube.com edmonton.box.com edmonton.app.box.com edmonton.box.com cdn01.boxcdn.net api.box.com public.boxcloud.com www.boxcdn.net www.boxcloud.com maps.googleapis.com fonts.googleapis.com www.googletagmanager.com cdn.ckeditor.com cdn.rawgit.com cdn.datatables.net cdn.siteimprove.net www.siteimprove.com my2.siteimprove.com identity.siteimprove.com cdnjs.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net momentjs.com connect.facebook.net www.facebook.net unpkg.com www.google-analytics.com *.youtube.com fonts.gstatic.com maps.gstatic.com www.gstatic.com maxcdn.bootstrapcdn.com www.pingdom.net siteimproveanalytics.com www.siteimproveanalytics.com script.crazyegg.com code.jquery.com pagestates-tracking.crazyegg.com tracking.crazyegg.com assets-tracking.crazyegg.com www.escribemeetings.com www.tfaforms.com api.recollect.net assets.ca.recollect.net recollect-images.global.ssl.fastly.net recollect.a.ssl.fastly.net prismjs.net prismjs.com cdn.curator.io api.curator.io curator-assets.b-cdn.net www.facebook.com www.youtube-nocookie.com www.escribemeetings.com www.ytimg.com media1.giphy.com wdi-prod.yellowdev.net www.datatables.net visionservicerequests.rehrigpacific.com cdn.honey.io player.vimeo.com walkinto.in pwm-image.trendmicro.com ajax.aspnetcdn.com calendar.google.com portal.edmonton.ca infird.com www.google.ca feedback.coewebops.com region1.google-analytics.com w.soundcloud.com stackpath.bootstrapcdn.com www.global.siteimproveanalytics.io public.tableau.com edmonton.maps.arcgis.com cdn-uicons.flaticon.com overbridgenet.com ka-p.fontawesome.com use.fontawesome.com kit.fontawesome.com 550744.global.siteimproveanalytics.io ajax.googleapis.com sheets.googleapis.com curatorio.s3.amazonaws.com assets.us.recollect.net pub-edmonton.escribemeetings.com sc-static.net i.ytimg.com api.privacy-protector-adblocker.com dl.boxcloud.com *.global.siteimproveanalytics.io cdn.toolszen.com 3001.scriptcdn.net www.slant.co cdn.megabonus.com api.mapbox.com; report-uri /report-csp-violation 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1cQVPEQOJrw4XJJTOrLq_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com google.com *.tiktok.com *.bing.com *.jsdelivr.net *.scarabresearch.com *.facebook.net *.storyblok.com *.vercel-scripts.com *.vercel.app *.ggmgastro.com *.ggmgastro.cz *.ggmgastro.xyz *.ggmgastro.fyi *.ggmgastro.dev *.vercel.com *.vercel.live vercel.live vercel.app *.cookiefirst.com *.beslist.nl *.pinterest.com *.smarketer.de *.doubleclick.net *.intercomcdn.com *.googleapis.com *.kk-resources.com *.pinimg.com *.intercom.io *.clarity.ms googletagmanager.com *.googletagmanager.com *.google-analytics.com *.paypal.com *.adyen.com unpkg.com *.unpkg.com *.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiefirst.com *.adyen.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.google.com google.com *.googleadservices.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com google.com *.googleadservices.com *.doubleclick.net *.tiktok.com *.tiktokw.us wss://*.intercom.io *.intercom.io *.ggmgastro.com *.ggmgastro.cz *.ggmgastro.xyz *.ggmgastro.fyi *.ggmgastro.dev *.adyen.com *.cookiefirst.com *.beslist.nl *.pinterest.com *.algolia.net *.algolia.io *.bing.net *.smarketer.de *.googleapis.com *.clarity.ms *.scarabresearch.com *.googlesyndication.com *.google.com *.google.de *.google-analytics.com *.analytics.google.com googletagmanager.com *.googletagmanager.com *.paypal.com *.bing.com *.kelkoogroup.net *.facebook.com *.emarsys.net; font-src 'self' 'unsafe-inline' data:; frame-src 'self' *; img-src 'self' data: *.ggmgastro.com *.ggmgastro.cz *.ggmgastro.xyz *.ggmgastro.fyi *.ggmgastro.dev *.cookiefirst.com *.adyen.com *.bynder.com ggm.bynder.com *.orbitvu.co *.youtube.com *.ytimg.com *.twgdns.com *.gstatic.com *.bing.net *.facebook.com *.facebook.net *.google.com google.com *.google.de *.paypalobjects.com *.storyblok.com *.doubleclick.net googletagmanager.com *.googletagmanager.com *.intercomcdn.com *.intercomassets.com *.bing.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-ancestors 'self' https://app.storyblok.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.gpb.org https://ping.chartbeat.net https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://ep1.adtrafficquality.google https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://*.pbs.org https://*.cdn.pbs.org https://image.isu.pub https://www.googletagmanager.com https://ads.adventive.com https://assets.adventivecdn.com https://cdn.wisepops.com data:; media-src 'self' https: http://cpa.ds.npr.org; font-src 'self' https://www.gpb.org https://fonts.gstatic.com data:; connect-src 'self' https://ping.chartbeat.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://script.crazyegg.com https://securepubads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://wisepops.net https://*.wisepops.net https://www.google-analytics.com https://activity.wisepops.com https://ep1.adtrafficquality.google https://www.googleadservices.com https://onesignal.com https://*.crazyegg.com https://*.ingest.sentry.io https://bam.nr-data.net https://csi.gstatic.com https://tracking.wisepops.com; worker-src 'self' blob: https://script.crazyegg.com ; report-uri /report-csp-violation 1
frame-ancestors 'self'; report-uri /scapi/danskespil/security/csp/testreport; 1
object-src 'none';base-uri 'self';script-src 'nonce-WHJG6UnsK3MwS7OXPglj0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io assets.traveljoy.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com editor.unlayer.com canny.io; style-src 'self' https: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com; base-uri 'self'; worker-src 'self' blob:; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com assets.traveljoy.com bam.nr-data.net sandbox-assets.tjoy.io api.us.nylas.com maps.googleapis.com placehold.co hare-media-cdn.tripadvisor.com s3-dev.traveljoy.com s3-assets.traveljoy.com api.unlayer.com canny.io 'self' wss://nexus-websocket-a.intercom.io/ https://ekr.zdassets.com/ https://global.ketchcdn.com/ https://traveljoy.zendesk.com/ https://api-js.mixpanel.com/ https://bam.nr-data.net/ https://api-iam.intercom.io/ https://www.google-analytics.com/ https://api.smooch.io wss://api.smooch.io; frame-src js.stripe.com connect-js.stripe.com *.visualwebsiteoptimizer.com app.vwo.com cdn.plaid.com checkout.stripe.com *.youtube.com *.youtu.be *.recaptcha.net editor.unlayer.com canny.io htp.tokenex.com 1
font-src *.cloudflare.com *.googleapis.com *.gstatic.com *.reviews.io *.slant.co *.klarnacdn.net *.media-amazon.com chat.digitalgenius.com data: 'self' 'unsafe-inline'; form-action * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src * 'self' 'unsafe-inline'; img-src *.holzkern.com *.bing.com *.bing.net *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.ggpht.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.kameleoon.com *.experimentation.dev *.luckyorange.com *.payments-amazon.com *.pinterest.com *.reviews.io *.twitter.com d10lpsik1i8c69.cloudfront.net t.co x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com a.twiago.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com sync.1rx.io sync.targeting.unrulymedia.com collector-45613.tvsquared.com public-prod-dspcookiematching.dmxleo.com aa.agkn.com *.reviews.co.uk *.paypalobjects.com *.media-amazon.com *.klarnacdn.net *.paypal.com safesly.com *.klarna.com *.klarnaevt.com dpm.demdex.net *.vimeocdn.com *.adyen.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tm www.google.tn www.google.to www.google.tt www.google.vu www.google.ws data: 'self' 'unsafe-inline'; script-src *.holzkern.com *.addthis.com *.ads-twitter.com *.bing.com *.boxx.ai *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cnd-motionmedia.de *.criteo.com *.doubleclick.net *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.kameleoon.com *.kameleoon.eu *.experimentation.dev *.netcoresmartech.com *.payments-amazon.com *.pinimg.com *.pinterest.com *.reviews.io *.snapchat.com *.sovendus.com *.vimeo.com d10lpsik1i8c69.cloudfront.net sc-static.net js.klarna.com collector-45613.tvsquared.com *.reviews.co.uk *.newrelic.com *.nr-data.net *.paypal.com *.stripe.com *.qstatic.com *.braintreegateway.com *.klarna.com *.klarnacdn.net *.gstatic.com *.cdn-apple.com *.cardinalcommerce.com *.paypalobjects.com chat.digitalgenius.com *.dgdeepai.com *.klarnaservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.holzkern.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.kameleoon.com *.experimentation.dev *.reviews.io *.vimeocdn.com *.klarnacdn.net d10lpsik1i8c69.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.bing.com *.google.com *.gstatic.com *.vimeocdn.com 'self' 'unsafe-inline'; manifest-src *.netcoresmartech.com 'self' 'unsafe-inline'; connect-src * 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.vimeo.com 'self' 'unsafe-inline'; report-uri https://68687097-c7e3-4199-ac7f-b76294254f77.sansec.watch/; report-to report-endpoint; 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-b0c2ba692a53e3a40c137cf25993d0ac-argus' 'strict-dynamic'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.fontawesome.com *.picsum.photos picsum.photos *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com *.siteimproveanalytics.io; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net; style-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com *.fontawesome.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com theta360.com *.tiktok.com *.googletagmanager.com siteimproveanalytics.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n ka-p.fontawesome.com; frame-src 'self' *.livestream.com *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com theta360.com; frame-ancestors 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://salesiq.zohopublic.com https://static.zohocdn.com https://js.zohocdn.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; report-uri /csp-violation-report-endpoint/ 1
base-uri 'self'; connect-src 'self' *.repco.com.au *.repco.co.nz *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com.au *.googleadservices.com *.doubleclick.net *.curalate.com *.adobedtm.com *.facebook.net *.facebook.com *.zip.co *.dxpapi.com api.edq.com *.hotjar.io *.hotjar.com bam-cell.nr-data.net bat.bing.com *.mktoutil.com *.cloudfront.net *.paypal.com *.braintree-api.com *.zipmoney.com.au gpc.d2.sc.omtrdc.net *.mktoresp.com *.marketo.com dpm.demdex.net *.bazaarvoice.com *.google.com google.com *.clarity.ms *.optimizely.com *.ibosscloud.com *.zdassets.com bam.nr-data.net *.zendesk.com wss://ws.hotjar.com wss://*.zendesk.com *.braintreegateway.com *.azurewebsites.net *.mouseflow.com *.adsrvr.org *.forter.com *.cdn.forter.com *.cardinalcommerce.com *.bing.net wss://*.forter.com siteperformancetest.net *.cardinaltrusted.com *.afterpay.com; default-src 'self'; font-src *.repco.com.au *.repco.co.nz 'self' fonts.gstatic.com data: *.zip.co *.mouseflow.com *.hotjar.com *.bazaarvoice.com; frame-src 'self' *.repco.com.au *.repco.co.nz cashrewards.go2cloud.org *.ibosscloud.com *.zip.co *.cybersource.com *.demdex.net *.doubleclick.net static.addtoany.com *.paypal.com *.hotjar.com *.youtube.com *.facebook.com nexuspublications.com.au *.bazaarvoice.com *.googletagmanager.com *.cdn.optimizely.com *.adsrvr.org *.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com; img-src 'self' *.atdmt.com *.repco.com.au *.repco.co.nz *.doubleclick.net *.youtube.com *.googleapis.com maps.gstatic.com *.zip.co *.afterpay.com *.ibosscloud.com www.paypalobjects.com i.ytimg.com *.curalate.com salefinder.co.nz *.salefinder.co.nz p.brsrvr.com dpm.demdex.net *.facebook.com *.facebook.net *.google.com.au *.google-analytics.com px.ads.linkedin.com *.google.com gpc.d2.sc.omtrdc.net *.bing.com cm.everesttech.net *.pinterest.com *.bazaarvoice.com data: *.zipmoney.com.au *.clarity.ms *.googletagmanager.com *.zendesk.com *.googleadservices.com *.google.co.nz *.paypal.com *.cloudfront.net *.bing.net *.optimizely.com; manifest-src 'self'; media-src 'self' *.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamiccatalogue.com.au *.mouseflow.com bat.bing.com www.gstatic.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.doubleclick.net *.google.com *.google.com.au *.zipmoney.com.au *.cybersource.com *.laybuy.com *.hotjar.com mpsnare.iesnare.com *.afterpay.com www.paypalobjects.com nexuspublications.com.au *.adobedtm.com *.marketo.com *.marketo.net cdn.brcdn.com cdn.jsdelivr.net *.facebook.net *.curalate.com bam-cell.nr-data.net *.cloudflare.com *.bazaarvoice.com *.youtube.com static.addtoany.com *.cloudfront.net js-agent.newrelic.com *.mktoutil.com *.salefinder.co.nz assets.pinterest.com data.stats.tools *.zip.co *.braintreegateway.com *.paypal.com *.googletagmanager.com *.optimizely.com *.clarity.ms *.ibosscloud.com *.zdassets.com *.zendesk.com *.repco.com.au *.repco.co.nz *.adsrvr.org *.preezie.com *.forter.com *.cdn4.forter.com *.cardinalcommerce.com static.client.cardinaltrusted.com hbiq.net; style-src 'unsafe-inline' 'self' *.googleapis.com *.cloudflare.com cdn.jsdelivr.net *.marketo.com *.bazaarvoice.com *.salefinder.co.nz *.zip.co; worker-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=3QFrQIpjgRTBV5RkyMXMozsGaxRI6TUpuXIppHFQ.bY-1773711371.2002332-1.0.1.1-DV_2p6D5NAYrnXVP3TeMU56i.ktjqxrY9EcudbJwMT5eSP4tX43TM9t.IQA_bOcFAnc1jRat4D_uWffUq8.yyTv3BGp6AYziXSPq9SkON2fovC5WKBW_8o69qUd2jGoAlPonphYjmFotjS9kOWwDwfPDjfhquvf5LDPaCQXZdfQpE4dg3T27GWgooe9b5FQd; report-to cf-ikxsovtubqxbszon 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.cookiebot.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.feedaty.com https://firebasestorage.googleapis.com *.gumlet.io *.cookiebot.com *.google.it stileo.it *.adnxs.com *.sharethrough.com *.doubleclick.net *.bidswitch.net *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.media.net *.mediavine. *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.teads.tv *.tremorhub.com *.ivitrack.com *.3lift.com *.yieldlab.net ad.360yield.com id5-sync.com sync.1rx.io sync-criteo.ads.yieldmo.com *.emxdgt.com *.servenobid.com *.unrulymedia.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.feedaty.com *.avada.io *.shopify.com https://widget.feedaty.com https://insights.algolia.io *.cookiebot.com *.dwin1.com *.criteo.com glamipixel.com *.cookieless-data.com *.cloudfront.net *.datnova.com *.sddan.com fonts.googleapis.com consent.cookiebot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.feedaty.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widget.feedaty.com *.cloudflare.com *.cookiebot.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com insights.algolia.io *.feedaty.com https://get.geojs.io *.avada.io https://widget.feedaty.com *.cookiebot.com wss://ws.salecycle.com *.salecycle.com *.criteo.com *.doubleclick.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; connect-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com *.oktacdn.com *.mixpanel.com *.mapbox.com primericaonline.kerberos.okta.com primericaonline.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; style-src 'unsafe-inline' 'self' 'report-sample' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; frame-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com login.okta.com *.vidyard.com com-okta-authenticator: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; img-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io blob:; font-src 'self' primericaonline.okta.com login.primericaonline.com data: *.oktacdn.com fonts.gstatic.com *.primerica.com *.primericaonline.com cdn.cookielaw.org kit.fontawesome.com *.contentstack.io; frame-ancestors 'self' https://mob.primericaonline.com https://*.primericaonline.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation 1
prefetch-src *.bing.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.fontawesome.com *.alicdn.com *.bootstrapcdn.com *.cdnfonts.com *.googleapis.com *.rockler.com *.slant.co data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cordialdev.com *.cordial.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com *.certcapture.com *.cordialdev.com *.cordial.com *.cordial.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * photos.pixlee.co https://photos.pixlee.co landofcoder.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.disqus.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com wac.edgecastcdn.net *.lightboxcdn.com https://hello.zonos.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.1rx.io *.360yield.com *.3lift.com *.adnxs.com *.ad-stir.com *.alicdn.com *.amazon-adsystem.com *.attentivemobile.com *.attn.tv *.bidr.io *.bing.com *.bing.net *.casalemedia.com *.clarity.ms *.cookiebot.com *.cordial.com *.crazyegg.com *.creativecdn.com d3cgm8py10hi0z.cloudfront.net *.facebook.net *.ggpht.com *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vu www.google.ws google.com *.googlesyndication.com *.gumgum.com *.inmobi.com *.liadm.com *.lijit.com *.media.net *.mountain.com *.nexx360.io *.openx.net *.opera.com *.outbrain.com *.pinimg.com *.pinterest.com *.pubmatic.com *.rakuten.com rockler.com *.rockler.com *.rubiconproject.com *.searchspring.io *.searchspring.net *.sharethrough.com *.shop.pe shop.pe *.smaato.net *.smartadserver.com *.sonobi.com *.taboola.com *.teads.tv *.turnto.com yastatic.net *.yieldmo.com *.ytimg.com *.zonos.com user-sync.fwmrm.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.attn.tv events.attentivemobile.com *.certcapture.com *.cordialdev.com *.cordial.com track.cordial.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com utt.impactcdn.com *.disqus.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com https://cdn.searchspring.net *.turnto.com https://checkoutshopper-test.adyen.com *.lightboxcdn.com *.news.rockler.com https://hello.zonos.com cdn.searchspring.net https://widgets.turnto.com we.turnto.com landofcoder.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net addshoppers.s3.amazonaws.com *.bing.com *.blackfire.io *.clarity.ms *.cookiebot.com *.crazyegg.com *.creativecdn.com d2mjzob2nc713b.cloudfront.net *.googlesyndication.com *.gstatic.com *.impactcdn.com *.liadm.com *.mountain.com *.pinimg.com *.pinterest.com *.rockler.com *.searchspring.io *.searchspring.net *.shop.pe shop.pe *.tiktokcdn-us.com *.vimeo.com *.zonos.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.certcapture.com *.gstatic.com *.googleapis.com *.fontawesome.com assets.braintreegateway.com *.turnto.com cdn.searchspring.net https://widgets.turnto.com *.tagmanager.google.com *.googletagmanager.com *.attn.tv *.bootstrapcdn.com *.crazyegg.com *.lightboxcdn.com *.rockler.com *.searchspring.net *.tiktokcdn-us.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.googleapis.com *.google.com *.gstatic.com *.mountain.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com *.attn.tv events.attentivemobile.com *.certcapture.com *.cordialdev.com *.cordial.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.turnto.com apay-us.amazon.com *.google-analytics.com https://hello.zonos.com https://*.a.searchspring.io https://cdn-ws.turnto.com landofcoder.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.rockler.com 100.20.58.101 18.210.229.244 *.1rx.io 3.212.39.155 34.215.155.61 35.160.46.251 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 *.adnxs.com *.alicdn.com *.attentivemobile.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.crazyegg.com *.creativecdn.com *.facebook.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vu *.googlesyndication.com *.gstatic.com *.gumgum.com *.inmobi.com *.liadm.com *.lightboxcdn.com *.lijit.com *.mountain.com *.nexx360.io *.opera.com *.pinterest.com *.pubmatic.com *.rakuten.com *.rubiconproject.com *.safeopt.com *.searchspring.io *.searchspring.net *.sharethrough.com *.shop.pe shop.pe *.smaato.net *.sonobi.com *.zonos.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri rockler.com *.rockler.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://a5cc4e91-2050-4411-835a-70713844fbf7.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net js.stripe.com www.gstatic.com *.googleapis.com ws.zoominfo.com www.google.com www.googletagmanager.com compilers.widgets.sphere-engine.com kit.fontawesome.com d34s7xanp5e5sf.cloudfront.net; connect-src 'self' api.stripe.com *.googleapis.com *.fontawesome.com wss://push.piazza.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org js.stripe.com; report-uri /security/csp_report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.fontawesome.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.adp.com *.googleapis.com data: *.espssl.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.burpee.com *.criteo.net *.criteo.com *.freshchat.com *.doubleclick.net *.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.adyen.com https://*.gstatic.com https://images.unsplash.com guarantee-cdn.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.clarity.ms *.doubleclick.net *.bing.com *.alocdn.com *.google-analytics.com *.google.com.br *.google.com *.google.com.ua *.google.de www.facebook.com *.rlcdn.com *.criteo.com *.espssl.com *.burpee.com *.listrakbi.com *.linksynergy.com *.securedvisit.com *.bazaarvoice.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.mollie.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: https://maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com js-agent.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com *.googleapis.com https://maps.googleapis.com *.cloudflare.com guarantee-cdn.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.jsdelivr.net *.adp.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.rapidspike.com *.facebook.com *.googleoptimize.com *.listrakbi.com *.rkdms.com *.amplitude.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com data: *.bing.com *.criteo.net *.rmtag.com *.facebook.net *.doubleclick.net *.linksynergy.com *.clarity.ms *.datadome.co *.datadome.com *.criteo.com *.rakuten.com *.freshchat.com *.securedvisit.com *.burpee.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.fontawesome.com display.ugc.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.listrakbi.com *.trustpilot.com *.googleapis.com data: *.freshchat.com *.espssl.com *.cloudflare.com *.adp.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.facebook.com *.listrakbi.com *.paypalobjects.com *.clarity.ms *.rapidspike.com *.google-analytics.com *.doubleclick.net data: *.algolia.io *.revcontent.com *.datadome.co *.datadome.com *.adp.com *.amplitude.com *.bing.com *.bazaarvoice.com *.burpee.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /csp-report.php; 1
base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src https://js.intercomcdn.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.hotjar.com https://fonts.gstatic.com *.klarnacdn.net https://widgets.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es * *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com https://www.salesmanago.pl https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.vimeo.com *.oct8ne.com * *.cookiebot.com *.cookiebot.eu *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.klarna.com shein.m2e.cloud *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.trustedshops.com *.bynder.com analytics.tiktok.com *.clerk.io assets.atida.com connect.facebook.net *.cookiebot.eu efarma-supercraft.s3.eu-south-1.amzonaws.com dwin1.com facebook.com google.com google.it googletagmanager.com *.doubleclick.net yotpo.com *.zdassets.com gastatic.com *.yotpo.com *.analytrix-tool.it *.convalytrix.it *.efarma.dna-ai.dnafactory.it *.atida.com *.dosfarma.com *.facebook.com *.zenaps.com *.awin1.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co t.co *.twitter.co *.twitter.com *.cloudfront.net *.byspotify.com *.cookiebot.com *.googlesyndication.com *.syndigo.com *.assets.efarma.com efarma-supercraft.s3.eu-south-1.amazonaws.com *.efarma.com *.bing.net *.usercentrics.eu *.hotjar.com *.content.aimatch.com *.efarma.req-api.cruxo.io *.mastercard.com *.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.ggpht https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.clerk.io *.cloudfront.net *.zdassets.com *.zendesk.com *.api.smooch.io *.connectif.cloud *.atida.com *.dosfarma.com *.newrelic.com *.nr-data.net *.dwin1.com *.pinimg.com *.ads-twitter.com *.tiktok.com *.kk-resources.com *.bing.com *.creativecdn.com *.facebook.net *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.pinterest.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.cookiebot.eu stapecdn.com *.efarma.com *.hotjar.com *.content.aimatch.com *.efarma.req-api.cruxo.io *.mastercard.com *.visa.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.scalapay.com b2c-cdn.scalapay.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.analytrix-tool.it *.convalytrix.it *.caast.tv *.efarma.dna-ai.dnafactory.it *.googletagmanager.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.hotjar.com *.mastercard.com *.visa.com unsafe-inline assets.braintreegateway.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com *.klarnacdn.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.google.com/pay *.analytrix-tool.it *.convalytrix.it *.clerk.io *.caast.tv *.efarma.dna-ai.dnafactory.it *.api.smooch.io *.zdassets.com *.zendesk.com *.connectif.cloud *.atida.com *.dosfarma.com *.algolia.io *.cookiebot.com *.cookiebot.eu *.nr-data.net google.com *.googlesyndication.com *.awin1.com *.zenaps.com *.facebook.com *.wepowerconnections.com *.sciencebehindecommerce.com *.reskyt.com *.bing.com *.pinterest.com *.creativecdn.com *.tiktok.com *.t.co *.twitter.co *.doubleclick.net t.co *.twitter.com *.byspotify.com *.syndigo.com *.bing.net *.efarma.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.content.aimatch.com *.efarma.req-api.cruxo.io *.mastercard.com *.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.com.hk *.ebay.hk *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.com.hk *.ebay.hk *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.com.hk *.ebay.hk *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv7%3F2(~%7Fdha-19cf9a4f0b3-0x705#pd 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.42chat.com *.api.42chat.com ads.aae.org *.ads.aae.org www.actox.org *.www.actox.org adobedtm.com *.adobedtm.com adroll.com *.adroll.com ads-twitter.com *.ads-twitter.com adtrafficquality.google *.adtrafficquality.google ajax.googleapis.com *.ajax.googleapis.com chatbase.co *.chatbase.co clarity.ms *.clarity.ms doubleclick.net *.doubleclick.net cookiebot.com *.cookiebot.com eventscribe.net *.eventscribe.net facebook.net *.facebook.net feathr.co *.feathr.co google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com licdn.com *.licdn.com logwork.com *.logwork.com magnetmail.net *.magnetmail.net marketo.net *.marketo.net mycadmium.com *.mycadmium.com osano.com *.osano.com realmagnet.land *.realmagnet.land revive-adserver.net *.revive-adserver.net scriptcdn.net *.scriptcdn.net snapengage.com *.snapengage.com snoball.it *.snoball.it stackadapt.com *.stackadapt.com storage.googleapis.com *.storage.googleapis.com pages.thenationalcouncil.org *.pages.thenationalcouncil.org www.tickcounter.com *.www.tickcounter.com translate.googleapis.com *.translate.googleapis.com twitter.com *.twitter.com unpkg.com *.unpkg.com vimeo.com *.vimeo.com youtube.com *.youtube.com zdassets.com *.zdassets.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ayAWtAovU3QR0r1JLkmlL.wxYyIk4OqgYE7r5r8bgzc-1773715959.659321-1.0.1.1-GkkvstyVJvCdauh2ST60g07qd4TVe31nJj0tdbYj71FAfcVP4wcH2Fv_vMlCpqK9wavVbeOIkZKQ0bKexBdt22NDNtDf2OZXMQukrN02_ea3SjvCH3VnW1jxzvJNidxNm79iWExrY59C47nKgDuKrwCrYLwqP.z3oAiIruupF5zCkHY3Y.CsoVok5Lk8aEeRnPCnMO.3Rl7aTd8FfAExhw; report-to cf-wacddvsjtezwhxdl 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-50kwGJkR2gAmVMyzQZVSJwY2d' 'strict-dynamic' 'report-sample'; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'nonce-ZTc2ZjgyODQtNDljMy00NjliLWEzYzItYjQ5MmQ4YWMwYmZk' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com https://www.googletagmanager.com https://d10lpsik1i8c69.cloudfront.net https://use.fontawesome.com 'unsafe-inline'; img-src 'self' https://storage.googleapis.com/bfile-prod-assets-img/ https://storage.googleapis.com/bfile-prod-assets-orig/ https://docserv.bstock.com https://*.bstock.com https://bstock.com https://*.bstock.com:443 https://bstock.com:443 https://liquidations.walmart.com https://liquidations.walmart.com:443 https://facebook.com https://www.facebook.com https://www.google.com https://*.google-analytics.com https://*.google-analytics.com:443 https://www.googletagmanager.com https://*.googlesyndication.com https://*.googlesyndication.com:443 https://*.linkedin.com https://bat.bing.com https://bat.bing.com:443 https://d10lpsik1i8c69.cloudfront.net https://*.cookielaw.org https://data.pendo.bstock.com data:; connect-src 'self' https://listing.bstock.com https://risk.bstock.com https://account.bstock.com https://contract.bstock.com https://docserv.bstock.com https://erp.bstock.com https://bapi.bstock.com https://saved-search.bstock.com https://order.bstock.com https://shipment.bstock.com https://auction.bstock.com https://ingestion.bstock.com https://subscription.bstock.com https://dispute.bstock.com https://search.bstock.com https://payments-methods.bstock.com https://payments-transactions.bstock.com https://order-process.bstock.com https://auth.bstock.com https://location.bstock.com https://notification.bstock.com https://bridge.bstock.com https://offering.bstock.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.launchdarkly.com https://*.bstock.com https://*.bstock.com:443 https://liquidations.walmart.com https://liquidations.walmart.com:443 https://use.fontawesome.com https://api.segment.io https://cdn.segment.com https://checkout-v2.sandbox.getbalance.com https://*.getbalance.com https://content-discoveryengine.googleapis.com https://www.google.com https://www.google.com:443 https://*.google-analytics.com https://*.google-analytics.com:443 https://analytics.google.com https://*.analytics.google.com https://www.googleadservices.com https://*.googlesyndication.com https://*.googlesyndication.com:443 https://px.ads.linkedin.com https://*.doubleclick.net https://*.doubleclick.net:443 https://bat.bing.com https://bat.bing.com:443 https://*.luckyorange.net https://*.luckyorange.com https://pubsub.googleapis.com https://*.nice-incontact.com https://*.mktoresp.com https://*.mktoutil.com ws://visitors.live ws://*.visitors.live https://sdk.iad-07.braze.com https://*.pusher.com ws://*.pusher.com https://data.pendo.bstock.com https://api.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://*.cookielaw.org https://*.onetrust.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com:443 https://use.fontawesome.com; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://*.getbalance.com https://checkout-v2.sandbox.getbalance.com https://*.nice-incontact.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com; report-uri /home-portal/api/csp-report; report-to csp 1
default-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; connect-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com *.oktacdn.com *.mixpanel.com *.mapbox.com aipoweredmarketer.kerberos.okta.com aipoweredmarketer.mtls.okta.com https://oinmanager.okta.com data: www.acoustic.com app.goacoustic.com consent.trustarc.com *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; style-src 'unsafe-inline' 'self' 'report-sample' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com www.acoustic.com app.goacoustic.com consent.trustarc.com; frame-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com login.okta.com *.vidyard.com www.acoustic.com app.goacoustic.com consent.trustarc.com; img-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: www.acoustic.com app.goacoustic.com consent.trustarc.com blob:; font-src 'self' aipoweredmarketer.okta.com login.goacoustic.com data: *.oktacdn.com fonts.gstatic.com www.acoustic.com app.goacoustic.com consent.trustarc.com; frame-ancestors 'self' 1
font-src https://cdn.checkout.com *.gstatic.com cdn.userway.org cdn.tamara.co *.klevu.com *.ksearchnet.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com https://js.checkout.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.paytabs.com checkout.tabby.ai www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com * blob: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://cdn.checkout.com *.klarnacdn.net http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://app.sandbox.midtrans.com/snap/snap.js https://app.midtrans.com/snap/snap.js *.ads-twitter.com *.onetrust.com *.pcapredict.com *.userway.org *.online-metrix.net *.tamara.co maps.googleapis.com *.postcodeanywhere.co.uk *.googlesyndication.com *.signifyd.com analytics.tiktok.com *.clarity.ms platform.twitter.com cdn.mxpnl.com bat.bing.com tr.snapchat.com cdn.ometria.com sc-static.net *.zdassets.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.zuko.io js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.userway.org *.postcodeanywhere.co.uk *.googleapis.com www.gstatic.com www.googletagmanager.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://js.checkout.com *.klarnaevt.com https://api-js.mixpanel.com/ https://snap-web-raccoon-integration.gojekapi.com/api/v1/events https://snap-web-raccoon.gojekapi.com/api/v1/events * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://4f47d90d026886f4f2c8f9d27c3a376f.report-uri.com/r/t/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' http: https: wss: data: blob: 'unsafe-inline'; connect-src 'self' *.mypurecloud.com.au lifeline.payments2us.com *.typeform.com stockist.co *.youtube.com *.spotify.com *.vimeo.com vimeo.com cdn.usefathom.com *.hotjar.com *.clarity.ms *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com connect.facebook.net lifeline.serviceseeker.com.au us-central1-stockist-prod.cloudfunctions.net *.bugherd.com; report-uri /report-csp-violation 1
font-src traxxas.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * traxxas.com fonts.gstatic.com zonos.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com traxxas.com assurance.sysnetgs.com i1.createsend1.com i2.createsend1.com i3.createsend1.com i4.createsend1.com i5.createsend1.com i6.createsend1.com i7.createsend1.com i8.createsend1.com i9.createsend1.com i10.createsend1.com fonts.gstatic.com hn.inspectlet.com hello.zonos.com connect.facebook.net www.facebook.com facebook.com https://maps.googleapis.com https://maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com traxxas.com support.traxxas.com assurance.sysnetgs.com cdn.inspectlet.com fonts.gstatic.com s7.addthis.com zonos.com cdn.jsdelivr.net route.elements.zonos.com js-agent.newrelic.com connect.facebook.net https://maps.googleapis.com https://maps.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com traxxas.com fonts.googleapis.com fonts.gstatic.com zonos.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com download-video-ak.vimeocdn.com player.vimeo.com vod-progressive-ak.vimeocdn.com vimeocdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com traxxas.com fonts.gstatic.com hn.inspectlet.com wss://ws.inspectlet.com zonos.com hello.zonos.com cdn.jsdelivr.net route.elements.zonos.com js-agent.newrelic.com connect.facebook.net cdn.inspectlet.com assurance.sysnetgs.com https://maps.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://webcachex-eu.datareporter.eu; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org blob: https://youtube.com https://*.youtube.com https://liwest.at/ https://*.liwest.at/ https://*.hubspot.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://*.hsforms.com https://alb.reddit.com bat.bing.com https://www.google.at https://www.google.de https://www.googletagmanager.com https://maps.wien.gv.at https://fonts.gstatic.com https://webcache-eu.datareporter.eu https://webcachex-eu.datareporter.eu https://maps.googleapis.com https://*.econda-monitor.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.frcapi.com/ https://*.liwest.at/ https://liwest-penalty-shootout.supernice.games https://liwest-qots.web.app https://liwest-tron.web.app https://*.google.com https://liwest-spendenaktion.web.app https://www.googletagmanager.com https://liwest.speedtestcustom.com https://forms-eu1.hsforms.com https://aax-eu.amazon-adsystem.com; connect-src 'self' data: https://*.openstreetmap.org https://*.friendlycaptcha.eu https://*.datareporter.eu https://*.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.econda-monitor.de https://px.ads.linkedin.com https://analytics.tiktok.com https://*.hubapi.com https://bat.bing.com https://bat.bing.net https://*.hubspot.com https://pixel-config.reddit.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pixels.spotify.com https://*.etracker.com https://*.etracker.de https://analytics-ipv6.tiktokw.us https://www.google.com https://www.google.at https://l.ecn-ldr.de https://www.facebook.com https://connect.facebook.net https://maps.wien.gv.at https://api.opendkm.at https://static.hsappstatic.net https://www.googletagmanager.com https://api.ipgeolocation.io https://srv.doris.at https://maps.googleapis.com https://c.amazon-adsystem.com https://aax-eu.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon; script-src-elem 'self' 'report-sample' 'unsafe-inline' inline https://youtube.com https://*.youtube.com https://*.datareporter.eu https://*.webcachex-eu.datareporter.eu https://cdnjs.cloudflare.com https://*.googletagmanager.com https://*.hsforms.net https://*.vimeo.com https://tracknet.twyn.com https://l.ecn-ldr.de https://api.ipify.org https://connect.facebook.net https://bat.bing.com https://analytics.tiktok.com https://js-eu1.hsadspixel.net https://googleads.g.doubleclick.net https://*.etracker.com https://*.etracker.de https://pixel.byspotify.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://static.hsappstatic.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.net https://js-eu1.hubspot.com https://snap.licdn.com https://www.redditstatic.com https://maps.googleapis.com https://*.econda-monitor.de https://c.amazon-adsystem.com; style-src 'self' 'report-sample' https://*.datareporter.eu; worker-src blob: 'report-sample'; font-src 'self' data: https://fonts.gstatic.com; style-src-elem 'self' 'report-sample' 'unsafe-inline' inline https://webcache.datareporter.eu https://webcache-eu.datareporter.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com; report-uri https://www.liwest.at/@http-reporting?csp=report&requestTime=1773713676603776&requestHash=16ff9e9f9677d2d5dbc077607050dd77461af4cd 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'nonce-MjA2YjBjMGMtYWQyNC00NTczLThkMDUtMDVjYTViN2Y1OGRm' https://status.livepix.gg https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.intercomcdn.com https://widget.intercom.io https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com; img-src 'self' https://static.livepix.gg https://cdn.livepix.gg https://www.googletagmanager.com https://downloads.intercomcdn.com https://static.intercomassets.com https://js.intercomcdn.com https://messenger-apps.intercom.io https://i.ytimg.com; frame-src 'self' https://checkout.livepix.gg https://rlgrjlrv2czy.statuspage.io https://www.googletagmanager.com https://intercom-sheets.com https://www.google.com https://www.youtube.com; connect-src 'self' https://webservice.livepix.gg https://unleash.livepix.gg https://fingerprint.livepix.gg https://fp.livepix.gg https://livia.livepix.gg https://www.google.com https://www.google-analytics.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://o4508013286391808.ingest.us.sentry.io; manifest-src 'self' https://static.livepix.gg; media-src 'self' blob: https://static.livepix.gg https://js.intercomcdn.com 1
default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-src * 'self'; default-src *; connect-src * 'self'; font-src * data: 'self'; img-src * blob: data: 'self'; object-src 'none'; form-action * 'self'; worker-src * blob: 'self'; script-src * data: wasm-eval: 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline' 'self' data:; child-src * blob:; upgrade-insecure-requests; report-uri https://o166208.ingest.sentry.io/api/1238795/security/?sentry_key=eebe259ebaa846d39aaae0e3404505ab&sentry_environment=production 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://static.hotjar.com/c/hotjar-913278.js https://script.hotjar.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-HZYPmbOw3wprFNDmUM8ELA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.hotjar.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net challenges.cloudflare.com data: *.hotjar.com *.gstatic.com *.doubleclick.net *.facebook.com *.brand-display.com *.sitescout.com *.addthis.com *.metalocator.com *.googletagmanager.com *.medallia.com *.adsrvr.org *.ipredictive.com *.spotify.com *.byspotify.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.magentocommerce.com *.facebook.com *.doubleclick.net *.google.com *.brand-display.com *.sitescout.com *.googletagmanager.com *.googleapis.com *.analytics.yahoo.com *.ktxlytics.io *.adnxs.com *.metalocator.com *.scooterscoffee.com *.kampyle.com *.ipredictive.com *.spotify.com *.byspotify.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.disqus.com *.avada.io *.shopify.com *.authorize.net challenges.cloudflare.com *.bluecore.com *.facebook.net *.googleapis.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.brand-display.com *.cloudflare.com *.sitescout.com up.pixel.ad *.xg4ken.com *.usersnap.com chimpstatic.com data: *.ktxlytics.io *.app-us1.com *.amazonaws.com *.addthis.com *.addthisedge.com trackcmp.net *.moatads.com *.metalocator.com *.jsdelivr.net *.medallia.com *.snapchat.com *.trackedweb.net *.appboycdn.com sc-static.net *.adsrvr.org *.ipredictive.com *.spotify.com *.byspotify.com *.braze.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.mailchimp.com *.typekit.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com https://get.geojs.io *.avada.io *.authorize.net *.bluecore.com *.googleapis.com *.hotjar.com *.hotjar.io *.doubleclick.net *.ktxlytics.io *.medallia.com *.snapchat.com *.trackedweb.net *.appboycdn.com sc-static.net *.kampyle.com *.ipredictive.com *.spotify.com *.byspotify.com *.braze.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterscoffee.com/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; connect-src 'self' https:; frame-src https:; frame-ancestors 'none':; base-uri 'self'; form-action https:; object-src 'none'; upgrade-insecure-requests; report-uri https://api.fwicloud.com/common/v1/csp-reports; report-to csp-endpoint 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://static.hotjar.com https://script.hotjar.com https://js.adsrvr.org https://connect.facebook.net https://siteimproveanalytics.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://psb.taboola.com https://snap.licdn.com https://munchkin.marketo.net https://widget.tagembed.com https://cdn.tagembed.com https://cdn.theaccessplatform.com https://code.jquery.com https://platform.twitter.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.tagembed.com https://widget.tagembed.com https://cdn.theaccessplatform.com;object-src 'none';base-uri 'self';connect-src 'self' https://delivery-cqucontenthub.stylelabs.cloud https://fb.cqu.edu.au https://www-search.cqu.edu.au https://dxp-au-search.funnelback.squiz.cloud https://www.google-analytics.com https://analytics.google.com https://www.google.com.au https://google.com https://www.googletagmanager.com https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://pips.taboola.com https://cds.taboola.com https://622-hhc-246.mktoresp.com https://622-hhc-246.mktoutil.com https://www.facebook.com https://trc-events.taboola.com https://s3.us-west-1.wasabisys.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://psb.taboola.com https://api.theaccessplatform.com https://munchkin.marketo.net https://api.intentiq.com https://cdn.taboola.com https://region1.analytics.google.com https://widget.tagembed.com https://metrics.hotjar.io https://web.tagembed.com https://analytics.cqu.edu.au https://insight.adsrvr.org https://www.googleadservices.com;font-src 'self' data https://fonts.gstatic.com https://use.typekit.net https://cdn.theaccessplatform.com https://cdn.tagembed.com;frame-src 'self' https://www.googletagmanager.com https://insight.adsrvr.org https://9389440.fls.doubleclick.net https://www.youtube.com https://td.doubleclick.net https://www.facebook.com https://platform.twitter.com https://match.adsrvr.org https://tsdtocl.com https://player.vimeo.com https://eap.ascentone.com;img-src 'self' https://staff-profiles.cqu.edu.au https://delivery-cqucontenthub.stylelabs.cloud https://www.google-analytics.com https://www.google.com.au https://www.google.com https://www.googletagmanager.com https://www.google.com.co https://www.google.com.pe https://www.google.com.bd https://www.google.co.in https://www.google.com.ng https://www.google.com.np https://www.google.lk https://www.google.co.uk https://www.google.com.sg https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.twitter.com https://px.ads.linkedin.com https://www.facebook.com https://78858.global.siteimproveanalytics.io https://t.co https://www.linkedin.com https://i.ytimg.com https://aumejtoqen.cloudimg.io https://ui-avatars.com https://fs.theambassadorplatform.com https://sync.intentiq.com https://cdn.taboola.com https://media.tagembed.com https://au-gmtdmp.mookie1.com https://secure.adnxs.com https://analytics.google.com https://i.vimeocdn.com https://stats.g.doubleclick.net https://connect.facebook.net;manifest-src 'self';media-src 'self' https://delivery-cqucontenthub.stylelabs.cloud;worker-src 'none';report-uri https://wwwcqu.report-uri.com/r/d/csp/reportOnly; 1
connect-src 'self' https://nx.nav.com https://www.google.com https://px.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://analytics.tiktok.com https://app.launchdarkly.com https://consentcdn.cookiebot.com https://events.launchdarkly.com https://*.intercom.io wss://*.intercom.io https://*.bugsnag.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://www.facebook.com https://pagead2.googlesyndication.com https://www.buzzsprout.com https://clientstream.launchdarkly.com https://analytics.ahrefs.com https://customerioforms.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; font-src 'self' https://design-assets.nav.com https://nav-web-static.nav.com https://fonts.googleapis.com https://fonts.gstatic.com *.intercomcdn.com; frame-src 'self' *.nav.com https://www.googletagmanager.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.youtube.com https://job-boards.greenhouse.io https://www.buzzsprout.com https://www.google.com https://flo.uri.sh; script-src-elem 'self' 'strict-dynamic' 'unsafe-eval' https://nav-web-static.nav.com https://consentcdn.cookiebot.com https://px.mountain.com https://connect.facebook.net https://*.clarity.ms https://bat.bing.com https://www.buzzsprout.com 'nonce-df002579463930914688110326695d1c'; style-src 'self' 'unsafe-inline' https://nav-web-static.nav.com https://fonts.googleapis.com; media-src 'self' https://nav-web-static.nav.com https://design-assets.nav.com https://nav-cms-assets.nav.com; base-uri 'none'; img-src * data: blob:; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce--VBN21WjAsoPhi2oOtEALQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-dYAYc5GbbTAcI876ztgM4w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'self' 'nonce-1FRwU3Xc4T64Ar6vuCtKGw==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'none';font-src 'self' data: https:;form-action 'self' https:;frame-ancestors https:;frame-src https: blob:;img-src 'self' blob: data: https: http:;manifest-src 'none';media-src 'self' https: blob:;object-src 'self' https://djtflbt20bdde.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' https://zenkit.com https://*.zenkit.com;report-uri /csp-report;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=kTbmnb4PzsXyPV8sXLgd.IG6ZUN.ZHnynnyXt2R4NDc-1773710285.923406-1.0.1.1-6b0bo2bl0bsyFvFKp0XbU36ifrvsP7uCgut4ISvOL8gSFOopOYnkbCtAtMSTGbVXTedGG1zlz7MZVUg42MJtPUMNDm.XOHmLI9RtoauSeq5L9XQkajelTwqDfr9bqXbW5xvXfY.lJVsmmvFFDtGx5MV99QO28b6GnVm1aUsIRPKBktgUXVoXImUdyw0IYtQD; report-to cf-qdkxryzhwxfaqvrf 1
connect-src 'self' https://www.google-analytics.com https://muneer.cx; base-uri 'self' *.mindrocketsapis.com cdn.mindrocketsapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://www.googleadservices.com https://translate.google.com https://translate.googleapis.com https://apis.google.com https://*.doubleclick.net https://connect.facebook.net https://*.usercentrics.eu https://wa.s-cloud.fi https://service.giosg.com https://globalcdn.interactiondesigner.giosg.com https://*.s-cloud.fi https://*.voikukka.fi https://*.ingest.sentry.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://cdn.s-cloud.fi https://images.ctfassets.net https://res.cloudinary.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://translate.google.com https://ade.googlesyndication.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://*.facebook.com https://connect.facebook.net https://*.usercentrics.eu https://uct.service.usercentrics.eu https://*.giosgusercontent.com https://fonts.gstatic.com https://sryhma.sharepoint.com https://*.s-cloud.fi https://*.s-kaupat.fi https://*.s-kanava.fi; font-src 'self' data: https://fonts.gstatic.com https://*.giosgusercontent.com; connect-src 'self' data: https://api.s-kaupat.fi https://authorization.voikukka.fi https://cdn.s-cloud.fi https://wa.s-cloud.fi https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://translate.googleapis.com https://translate-pa.googleapis.com https://*.doubleclick.net https://ad.doubleclick.net https://www.facebook.com https://*.facebook.com https://*.facebook.net https://*.usercentrics.eu https://service.giosg.com https://api.giosg.com https://sentry.int.giosg.com https://*.giosgusercontent.com https://*.retailmediatools.com https://*.ingest.sentry.io https://images.ctfassets.net https://cdn.contentful.com https://*.s-cloud.fi https://*.voikukka.fi https://*.s-ryhma.fi https://*.s-kaupat.fi; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://safeframe.googlesyndication.com https://*.usercentrics.eu https://service.giosg.com https://*.s-cloud.fi https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com https://s-feedback.herokuapp.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; upgrade-insecure-requests; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' data: https://images.ctfassets.net; report-uri https://www.s-kaupat.fi/api/csp-report; report-to csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.google.com *.googletagmanager.com *.googleapis.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.shop.pe shop.pe *.juicer.io *.cloudfront.net v2.zopim.com data: *.bootstrapcdn.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com www.facebook.com *.amazonaws.com *.juicer.io shop.pe *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.certcapture.com www.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.criteo.com assets.bounceexchange.com vars.hotjar.com www.facebook.com imgs.signifyd.com h.online-metrix.net vendor1.leasestation.com amc.demdex.net nsg.symantec.com *.paypalobjects.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.pinterest.com https://nl.fatquartershop.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.ddlnk.net *.certcapture.com *.google.com *.googletagmanager.com *.googleapis.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.fatquartershop.com pixel.voltn.com v2.zopim.com www.google.co.in *.pinterest.com www.facebook.com *.cdnwidget.com u.cdnwidget.com bat.bing.com nsg.symantec.com events.bouncex.net pippio.com p.brsrvr.com connect.facebook.net imgs.signifyd.com events.cdnwidget.com api.bounceexchange.com amc.demdex.net *.e.aa.online-metrix.net match.adsrvr.org yotpo-editor-production.s3.amazonaws.com *.cdninstagram.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms *.rqtrk.eu *.dynamicyield.com https://chat-assets.cdn.gladly.com https://chat-assets.cdn.gladly.qa maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.certcapture.com https://cnstrc.com/js/cust/fat-quarter-shop_Orxy5R.js www.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com addshoppers.s3.amazonaws.com *.juicer.io *.traversedlp.com *.pinimg.com v2.zopim.com *.shop.pe shop.pe *.criteo.net *.criteo.com *.zdassets.com/ loader.wisepops.com *.cloudfront.net fatquartershop-com-dev.ecomm-nav.com connect.facebook.net vendor1.quickspark.com nsg.symantec.com script.crazyegg.com bat.bing.com tag.bounceexchange.com assets.bounceexchange.com cdn.brcdn.com imgs.signifyd.com cdns.brsrvr.com bam.nr-data.net js-agent.newrelic.com mc.s10.exacttarget.com *.hotjar.com bam-cell.nr-data.net *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com https://nl.fatquartershop.com *.rqtrk.eu *.clarity.ms *.dynamicyield.com *.zendesk.com https://cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://cdnjs.cloudflare.com https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa d2mjzob2nc713b.cloudfront.net fatquartershop.cdn1.safeopt.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net maps.googleapis.com https://www.fatquartershop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.google.com *.googletagmanager.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe events.bouncex.net stats.g.doubleclick.net www.google-analytics.com *.cloudfront.net *.addshoppers.com *.bootstrapcdn.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'unsafe-inline' data: 'unsafe-inline' blob: *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com *.zdassets.com/ https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.certcapture.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com bat.bing.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe ekr.zdassets.com script.crazyegg.com *.pinterest.com stats.g.doubleclick.net wss: www.google-analytics.com manager.eu.smartlook.cloud in.hotjar.com staging-core.dxpapi.com core.dxpapi.com imgs.signifyd.com bt.signifyd.com:11103 data.cdnbasket.net ids.cdnwidget.com pd.cdnwidget.com page.cdnbasket.net/ view.cdnbasket.net bam.nr-data.net vc.hotjar.io bam-cell.nr-data.net api.traversedlp.com *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms *.dynamicyield.com *.zendesk.com zendesk-eu.my.sentry.io *.cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://api.us-1.gladly.chat wss://ws.us-1.gladly.chat https://chat-assets.cdn.gladly.com https://chat-sdk.cdn.gladly.com https://api.us-uat.gladly.chat wss://ws.us-uat.gladly.chat https://chat-assets.cdn.gladly.qa https://chat-sdk.cdn.gladly.qa webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net maps.googleapis.com places.googleapis.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-30Mm7u9BjmGJI+iqGtZEQ+RGtslNT/OX' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' cdn.bizible.com; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/ https://*.qualified.com; font-src 'self' kit.fontawesome.com https://ka-p.fontawesome.com/ https://fast.wistia.com/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob: mediastream: https://*.qualified.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.casepeer.com/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/ https://*.qualified.com; child-src https://*.qualified.com; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
default-src 'self' 'report-sample'; connect-src 'self' https://matomo.psi.ch/; font-src 'self' data: player.podigee-cdn.net assets.brevo.com; frame-src 'self' *.ddev.site *.psi.ch player.vimeo.com www.youtube-nocookie.com feeds.sirop.org maps.google.com www.jove.com player.podigee-cdn.net cdnapisec.kaltura.com www.google.com www.srf.ch www.youtube.com psi.mediaspace.cast.switch.ch; img-src 'self' data: gfa-status.web.psi.ch share.web.psi.ch webcam.switch.ch; media-src 'self' *.ethz.ch data:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com https://matomo.psi.ch/; script-src-elem 'self' 'unsafe-inline' test-t6dnbai-3bjapdgtwdrsg.eu-2.platformsh.site www.gstatic.com *.psi.ch www.google.com player.podigee-cdn.net sibforms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' www.gstatic.com player.podigee-cdn.net sibforms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self' www.google.com; frame-ancestors 'self'; report-uri https://www.psi.ch/de/log-report-uri/reportOnly 1
default-src * data: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.pubnub.com www.googletagmanager.com cdn.sift.com scripts.clarity.ms www.clarity.ms unpkg.com *.clarity.ms googleads.g.doubleclick.net www.gstatic.com ssljscdn.airbrake.io www.google.com cdn.debugbear.com cdn.jsdelivr.net/npm/tinymce@5.4.1/ static.ads-twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com womp.me www.gstatic.com cdn.jsdelivr.net netdna.bootstrapcdn.com; img-src * 'self' data: blob:; font-src 'self' data: fonts.gstatic.com wompme.blob.core.windows.net netdna.bootstrapcdn.com use.typekit.net img1.wsimg.com; connect-src 'self' analytics.google.com clarity.ms *.clarity.ms www.google.com pndsn.com *.pndsn.com www.googletagmanager.com region1.analytics.google.com stats.g.doubleclick.net fu-tango.niteflirt.com www.google-analytics.com forum.niteflirt.com files.niteflirt.com api.airbrake.io www.google.ca www.google.co.uk data.debugbear.com fu-sierra.niteflirt.com maps.googleapis.com ps1.pndsn.com y.clarity.ms analytics.twitter.com t.co nf-prod-3yf9blsl.livekit.cloud; media-src * 'self'; frame-src 'self' www.googletagmanager.com platphorm.zendesk.com support.niteflirt.com t.niteflirt.com www.google.com j3lme1u30b.execute-api.us-west-2.amazonaws.com www.youtube.com; worker-src 'self' blob:; report-uri https://siteuri.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; child-src 'self'; connect-src 'self' cdnjs.cloudflare.com *.algolia.net *.algolianet.com *.flickr.com *.googleapis.com *.google-analytics.com *.gstatic-cache.com *.typekit.com *.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://o15468.ingest.sentry.io/api/6068037/envelope/; font-src 'self' cdnjs.cloudflare.com *.typekit.net fonts.gstatic.com app.everviz.com/static/fonts/; frame-src 'self' maps.google.com *.typekit.net player.vimeo.com translate.googleapis.com *.twitter.com www.google.com www.googletagmanager.com *.youtube.com; img-src 'self' data: cdnjs.cloudflare.com *.staticflickr.com *.twitter.com *.typekit.net *.googletagmanager.com fonts.gstatic.com translate.google.com production-new-commonwealth-files.s3.eu-west-2.amazonaws.com staging-new-commonwealth-files.s3.eu-west-2.amazonaws.com testing-new-commonwealth-files.s3.eu-west-2.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' production-new-commonwealth-files.s3.eu-west-2.amazonaws.com staging-new-commonwealth-files.s3.eu-west-2.amazonaws.com testing-new-commonwealth-files.s3.eu-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com code.highcharts.com connect.facebook.net embedr.flickr.com player.vimeo.com unpkg.com www.googletagmanager.com www.gstatic.com app.everviz.com/resources/js/ app.everviz.com/inject cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com player.vimeo.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; style-src 'self' 'unsafe-inline' code.highcharts.com *.typekit.net *.googleapis.com unpkg.com www.gstatic.com app.everviz.com/static/fonts/ app.everviz.com/resources/css/ cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://nomoredirectory.org https://unpkg.com; frame-ancestors 'self'; report-uri https://thecommonwealth.org/log-report-uri/reportOnly 1
frame-src https://www.google.com/ https://optimize.google.com https://*.paddle.com https://www.recaptcha.net/; report-uri /api/v1/reports; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://docs.staticstream.org https://*.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleoptimize.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://*.paddle.com https://*.zopim.com https://*.zdassets.com https://browser.sentry-cdn.com https://*.ingest.sentry.io https://cdn.jsdelivr.net https://code.jquery.com,; connect-src 'self' https://docs.staticstream.org https://*.google-analytics.com https://*.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com https://*.ingest.sentry.io https://bash.ws/ https://*.bash.ws/; 1
base-uri 'self'; connect-src 'self' https://*.fontawesome.com/ https://*.formassembly.com/ https://*.promedica.app/ https://*.vercel-storage.com/ https://*.vercel.app/ https://analytics.google.com/ https://api.stadiamaps.com/ https://cdn.cookielaw.org/ https://cm.pmdt-jss.localhost/ https://maps.googleapis.com/ https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net/ https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net/ https://pagead2.googlesyndication.com/ https://pcl-staging.promedica.org/ https://pcl.promedica.org/ https://promedica.matomo.cloud/ https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; default-src 'self' https://*.promedica.app/ https://*.vercel.app/; font-src 'self' data: https://*.fontawesome.com/ https://*.promedica.app/ https://*.vercel.app/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: http://dummyimage.com https://*.promedica.app https://*.qualtrics.com https://*.vercel.app https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net https://pcl-staging.promedica.org https://pcl.promedica.org https://www.google-analytics.com https://www.google.com.ec https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' data: https://pcl.promedica.org/ https://pcl-staging.promedica.org/; object-src 'none'; report-uri https://6480f3f9bf4bdd8c5cde6f2b.endpoint.csper.io/?v=1; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://*.promedica.app/ https://*.vercel.app/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://kit.fontawesome.com/ https://maps.googleapis.com/ https://promedica.tfaforms.net/ https://siteintercept.qualtrics.com/ https://unpkg.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ https://zn86cv25rplysllsr-promedica.siteintercept.qualtrics.com/SIE/; style-src 'report-sample' 'unsafe-inline' 'self' https://*.promedica.app/ https://*.vercel.app/ https://fonts.googleapis.com/ https://promedica.tfaforms.net/; worker-src 'self' blob: 1
default-src 'self' *.antpedia.com v.antwebinar.com hmcdn.baidu.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.qhres2.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; frame-src https://*.qq.com https://*.antpedia.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com webcompt:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/families_google 1
default-src 'self'; script-src 'self' https://trusted-scripts.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://trusted-images.com; font-src 'self'; frame-src 'self' https://forms.office.com; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://your-reporting-endpoint.com/report-csp; 1
frame-ancestors https://*.facebook.com https://*.youtube.com https://*.cleverwebserver.com https://*.graphic.com.gh https://*.x.com; 1
frame-ancestors *.sbazar.cz 'self' *.seznam.cz *.sdn.cz https://pay.google.com https://connect-js.stripe.com https://js.stripe.com; script-src *.sbazar.cz 'self' 'unsafe-inline' 'unsafe-eval' *.seznam.cz *.sdn.cz *.szn.cz *.pszn.cz *.im.cz *.mapy.cz *.mapy.com https://gacz.hit.gemius.pl https://scz.hit.gemius.pl https://ls.hit.gemius.pl https://login.szn.cz https://notifikace.seznam.cz https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.packeta.com https://connect-js.stripe.com https://js.stripe.com *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net id5-sync.com/gm/v3 dis.criteo.com tracker.adnami.io script.adnami.io macro.adnami.io assets.adnami.io functions.adnami.io directive.adnami.io rmb.adnami.io https://www.sbazar.cz https://c.imedia.cz https://im.cz https://chat.sbazar.cz *.seznam.dev.dszn.cz *.seznam.test.dszn.cz; report-uri https://sentry.pszn.cz/api/232/security/?sentry_key=c74f7db661ae4cad8d94282c184d08f9 1
frame-ancestors 'self'; report-uri https://transilien.report-uri.com/r/d/csp/enforce; report-to https://transilien.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://grow.clearbitjs.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://js.usemessages.com https://sc.lfeeder.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api.hubapi.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://forms.hubspot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.br; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://app.hubspot.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://20650649.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://i.ytimg.com https://perf-na1.hsforms.com https://pulsus.mobi https://px.ads.linkedin.com https://px4.ads.linkedin.com https://tr-rc.lfeeder.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com.br; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-F6U8dVMigZVUgwzq2R4ZeQ1/szxoofr2' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' cdn.bizible.com; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/ https://*.qualified.com; font-src 'self' kit.fontawesome.com ka-p.fontawesome.com https://fast.wistia.com/ https://fast.wistia.net/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob: mediastream: https://*.qualified.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.lawpay.com/ https://gtm.mycase.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/ https://*.qualified.com; child-src https://*.qualified.com; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
object-src 'none';base-uri 'self';script-src 'nonce-wAFMoU5LZ_hCUm3GamXQuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-v74hoqsXLk24HcVu9htN2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DTPvndtajvKuhb7kfXgRAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebay.com.my *.ebay.my *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebay.com.my *.ebay.my *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebay.com.my *.ebay.my *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv27.nnp5o-19cf9b7237a-0x1702#pd 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kadaster.nl https://cdn.bluebillywig.com https://apps.mypurecloud.de https://hetkadaster.bbvms.com https://kadasterbv.piwik.pro/ppms.js https://kadasterbv.containers.piwik.pro https://siteimproveanalytics.com https://bat.bing.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.kadaster.nl; img-src 'self' data: blob: https://*.kadaster.nl https://hetkadaster.bbvms.com https://stats.bluebillywig.com https://kadasterbv.containers.piwik.pro https://kadasterbv.piwik.pro https://service.pdok.nl https://www.toegankelijkheidsverklaring.nl https://6052693.global.siteimproveanalytics.io; font-src 'self' https://kadasterbv.containers.piwik.pro https://*.kadaster.nl; connect-src 'self' https://*.kadaster.nl https://hetkadaster.bbvms.com https://api.mypurecloud.de https://api-cdn.mypurecloud.de https://kadasterbv.containers.piwik.pro https://kadasterbv.piwik.pro https://api.pdok.nl https://service.pdok.nl https://bat.bing.net https://cdn.bluebillywig.com wss://webmessaging.mypurecloud.de/v1; media-src 'self' data: blob: https://*.kadaster.nl https://cdn.bluebillywig.com https://hetkadaster.bbvms.com https://d17w22xdcwd6zx.cloudfront.net/hetkadaster/; frame-src 'self' https://apps.mypurecloud.de; frame-ancestors 'self'; report-uri https://kadasternl.report-uri.com/r/t/csp/reportOnly; report-to report-uri-com 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-ZM617yMPEWfS4pbkcCC7QQ==' 1
default-src 'self' *.rgi.net *.rgfi.net; script-src 'self' *.rgi.net *.rgfi.net 'unsafe-inline'; img-src 'self' *.rgi.net *.rgfi.net; frame-src 'self' *.rgi.net www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.data-line.de *.rgi.net; object-src 'none'; report-uri https://gindat.report-uri.com/r/d/csp/reportOnly 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro *.google.com www.googletagmanager.com *.googletagmanager.com facebook.com *.prefixbox.com *.tiktok.com *.jsdelivr.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.instagram.com *.gigya.com *.carrefour.ro carrefour.ro facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.cookiebot.com *.google.com *.gigya.com *.carrefour.ro carrefour.ro *.krxd.net *.hotjar.com *.jsdelivr.net *.btdirect.ro *.tiktok.com *.prefixbox.com facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.googletagmanager.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com blob: *.3lift.com *.adnxs.com *.adsrvr.org *.bluekai.com *.casalemedia.com *.ck-ie.com *.contextweb.com *.cookielaw.org *.dotomi.com *.eyeota.net *.flavedo.io *.flix360.com *.flix360.io *.flixcar.com *.google.ro *.google-analytics.com *.googleadservices.com *.kargo.com *.lijit.com *.media.net *.mediaplex.com *.openx.net *.paypal.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com servedbyadbutler.com *.sharethrough.com *.shopogen.ro *.stickyadstv.com *.streamtheworld.com *.tremorhub.com *.yahoo.com *.gigya.com 'unsafe-inline' data: *.carrefour.ro carrefour.ro facebook.com *.krxd.net *.google.com www.googletagmanager.com *.tiktok.com *.prefixbox.com *.jsdelivr.net *.newrelic.com bam.eu01.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cloudflare.com *.cookiebot.com *.dotomi.com *.flix360.com *.flix360.io *.flixcar.com *.flixfacts.com *.googleapis.com *.instagram.com *.jsdelivr.net *.newrelic.com *.paypal.com *.pingdom.net servedbyadbutler.com *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro chimpstatic.com www.googletagmanager.com *.krxd.net *.prefixbox.com *.tiktok.com *.cookielaw.org *.hotjar.com facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.shopogen.ro *.twitter.com *.typekit.net *.gigya.com 'unsafe-inline' data: *.carrefour.ro carrefour.ro *.jsdelivr.net *.prefixbox.com *.tiktok.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.citrusad.com *.doubleclick.net *.flix360.io *.flixcar.com *.googleapis.com *.googlesyndication.com *.instagram.com *.onetrust.com *.paypal.com *.pingdom.net *.shopogen.ro *.gigya.com *.carrefour.ro carrefour.ro *.cookielaw.org *.krxd.net *.hotjar.com *.jsdelivr.net *.prefixbox.com *.newrelic.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /csp-report-endpoint.php 1
script-src 'nonce-WgsdmutTuBZ1rhQ3q+wOZQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=b59d54d2-cab5-4a14-b134-c483bcbdda99; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gfiber-static-marketing-jt-team 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-6i2IvfHIfji2wit4tLFARg==' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://managewp.com https://orion.managewp.com https://s42013.pcdn.co https://db0hcalplzljl.cloudfront.net/ https://*.google.com api.w.org https://*.googleapis.com ogp.me https://www.facebook.com *.google-analytics.com api.w.org *.googletagmanager.com tags.tiqcdn.com use.typekit.net s.w.org https://secure.gravatar.com https://connect.facebook.net https://p.typekit.net https://www.googleadservices.com https://fonts.gstatic.com https://www.gstatic.com  https://*.g.doubleclick.net https://player.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googlevideo.com https://*.ytimg.com data:;  img-src * data:;  object-src 'none'; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
connect-src *.affirm.com https://tracker.affirm.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ *.datadoghq.com *.browser-intake-us5-datadoghq.com https://browser-intake-us5-datadoghq.com https://session-replay.browser-intake-us5-datadoghq.com/api/v2/replay https://experiments.gametime.co https://gametimesf.github.io https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://ipv4.podscribe.com/ https://d34r8q7sht0t9k.cloudfront.net *.pusher.com https://sockjs-mt1.pusher.com wss://ws-mt1.pusher.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ *.sentry.io *.ingest.sentry.io *.ingest.us.sentry.io api.statsig.com api.statsigcdn.com assetsconfigcdn.org beyondwickedmapping.org cdn.console.statsig.com cloudflare-dns.com console.statsig.com console.statsigcdn.com events.statsigapi.net featureassets.org featuregates.org idliststorage.blob.core.windows.net prodregistryv2.org statsigapi.net https://*.tiktok.com https://*.tiktokw.us *.amazonaws.com https://api.buttercms.com https://pixels.spotify.com bat.bing.com *.cloudfront.net *.doubleclick.net https://gametime.hnyj8s.net *.gametime.co/ https://boards-api.greenhouse.io/v1/boards/gametimeunited/departments https://global.ketchcdn.com *.mparticle.com *.riskified.com 'self';default-src 'self';font-src 'self' data: https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ https://fp.affirm-stage.com https://use.fontawesome.com;form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/;frame-src https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://sandbox.affirm.com https://sandbox.affirm.com/fonts https://www.sandbox.paypal.com/ bytedance: https://player.vimeo.com/ https://www.affirm.com sslocal: *.doubleclick.net 'self';img-src 'self' data: blob: *.gametime.co/ https://*.tiktok.com https://*.tiktokw.us *;manifest-src 'self' *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/;script-src *.affirm.com https://tracker.affirm.com https://assets.braintreegateway.com *.braintreegateway.com *.braintree-api.com *.braze.com https://sdk.iad-05.braze.com/api/v3/data/ https://experiments.gametime.co https://gametimesf.github.io https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ *.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net *.google.com https://www.google.com https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.gstatic.com https://www.google.com.mx https://www.googletagmanager.com https://google.com/pay https://adservice.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://analytics.google.com https://fonts.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net/ *.gr4vy.app https://paypal.com https://www.paypal.com/sdk/js https://checkout.paypal.com https://www.paypalobjects.com *.paypal.com https://ipv4.podscribe.com/ https://d34r8q7sht0t9k.cloudfront.net *.sentry.io *.ingest.sentry.io *.ingest.us.sentry.io https://*.tiktok.com https://*.tiktokw.us https://app.link https://cdn.ketchjs.com https://cdn.sift.com/s.js https://utt.impactcdn.com https://applepay.cdn-apple.com bat.bing.com blob: https://global.ketchcdn.com *.mparticle.com 'report-sample' *.riskified.com 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://www.googletagmanager.com;worker-src 'self' blob: 1
object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; report-to csp-violation-endpoint; report-uri /cgi-bin/report_csp_violation.py 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com; script-src 'self' https://*.smallcase.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://*.razorpay.com https://*.gateway-tt.in https://cdn.segment.com https://cdn.amplitude.com https://cdn.moengage.com https://stackpath.bootstrapcdn.com https://a.quora.com https://q.quora.com 'unsafe-eval' 'unsafe-inline' https://appleid.cdn-apple.com https://optimize.google.com https://www.googleoptimize.com https://*.googlesyndication.com https://partner.googleadservices.com https://www.googletagservices.com https://adservice.google.com https://adservice.google.co.in https://*.tickertape.in https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://www.gstatic.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net https://cms.stag.smallcase.com https://tally.so/widgets/embed.js https://www.clarity.ms https://bfin.creditcase.in; img-src 'self' data: https://*.tickertape.in http://*.tickertape.in https://*.smallcase.com https://*.cloudfront.net https://s3.ap-south-1.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com https://cdn.razorpay.com https://d36bckgfrodyym.cloudfront.net https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://via.placeholder.com https://q.quora.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://www.dspim.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://dummyimage.com https://*.dummyimage.com https://*.coolbootsmedia.com https://*.pubmatic.com https://*.ergadx.com https://*.criteo.com https://*.themediagrid.com https://*.Pubmatic.com https://*.openx.com https://*.rubiconproject.com https://*.colombiaonline.com https://*.teads.tv https://*.rubiconproject.com https://*.triplelift.com; connect-src https://*.tickertape.in http://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://stag.use.smallcase.com https://beta.use.smallcase.com https://production.use.smallcase.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://surveystats.hotjar.io https://stats.g.doubleclick.net https://graph.facebook.com https://*.razorpay.com https://cdn.segment.com https://api.segment.io https://api.amplitude.com/ https://s3.ap-south-1.amazonaws.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://d36bckgfrodyym.cloudfront.net https://*.s3.ap-south-1.amazonaws.com https://analytics.google.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://*.vmax.com https://*.amplitude.com:* https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.facebook.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net https://cms.stag.smallcase.com https://bfin.creditcase.in; frame-src https://sdk.stag.use.smallcase.com https://sdk-beta.use.smallcase.com https://sdk.use.smallcase.com https://stag.use.smallcase.com https://beta.use.smallcase.com https://production.use.smallcase.com https://connect.smallcase.com https://stag-use.smallcase.com/ https://connect.smallca.se https://gateway.smallca.se/ https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://api.razorpay.com https://*.gateway-tt.in https://cdn.moengage.com https://optimize.google.com https://tpc.googlesyndication.com https://*.googlesyndication.com/ https://*.tenor.com https://googleads.g.doubleclick.net https://smallcase.zerodha.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://securepubads.g.doubleclick.net https://bfin.creditcase.in; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.smallcase.com; object-src 'none' 1
default-src 'self'; font-src 'self' https://d1mnljovdqnw4e.cloudfront.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cdn.logr-ingest.com https://bat.bing.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com wss://*.campspot.com https://*.rollout.io; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.campspot.com; frame-src 'self' https://www.googletagmanager.com; 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.onetrust.com assets.adobedtm.com script.hotjar.com *.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.hotjar.com assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com static.hotjar.com *.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' *.googleapis.com; style-src-elem 'self' 'unsafe-inline' cdn.honey.io *.googleapis.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: mdm-assets.integration.costacoffee.com *.demdex.net *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com *.onetrust.com cm.everesttech.net *.googleapis.com; font-src 'self' *.gstatic.com; connect-src 'self' web.costa-loyalty-platform.com ws://ws27.hotjar.com *.hotjar.com *.hotjar.io *.onetrust.com *.go-mpulse.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net costalimited.tt.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com *.techlab-cdn.com login.costa.co.uk *.google-analytics.com wss://ws.hotjar.com; frame-ancestors 'self'; frame-src costalimited.demdex.net *.hotjar.com; report-uri https://costa.report-uri.com/r/t/csp/reportonly; report-to default 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com clarity.ms cdn.jsdelivr.net https://cdn.jsdelivr.net https://platform.twitter.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' http://*.googleapis.com js.hs-analytics.net/ js-agent.newrelic.com cloud.typography.com/ js.hs-banner.com/ js.hs-scripts.com/ https://*.clarity.ms/ w.recruiterbox.com public.tableau.com http://*.googletagmanager.com/ http://connect.facebook.net/ http://gstatic.com http://*.gstatic.com/ http://*.jsdelivr.net player.vimeo.com http://*.vimeocdn.com/ http://cdn-cookieyes.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://platform.twitter.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com js.hs-scripts.com clarity.ms js-agent.newrelic.com cloud.typography.com w.recruiterbox.com cdn.jsdelivr.net; frame-ancestors 'self' www.ustravel.org 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: https://*.stripe.com; object-src 'none'; script-src 'self' https: https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://maps.googleapis.com 'nonce-VNbHRqGQQNdf7dc811Q0WQ=='; style-src 'self' https: 'nonce-VNbHRqGQQNdf7dc811Q0WQ=='; style-src-attr 'unsafe-inline'; frame-src 'self' https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://maps.googleapis.com; report-uri /systems/csp_report 1
default-src 'self' www.google-analytics.com www.youtube.com cdn.cookielaw.org *.onetrust.com *.gstatic.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com cdn.jsdelivr.net cdn.cookielaw.org img03.en25.com *.youtube.com *.google.com *.gstatic.com *.google-analytics.com embed.vev.page *.vev.design *.googleapis.com discover.hdrinc.com *.cloudflare.com unpkg.com; style-src 'self' 'unsafe-inline' cloud.typography.com cdn.jsdelivr.net *.googleapis.com www.hdrinc.com unpkg.com *.cloudflare.com; img-src 'self' data: *; media-src film.vev.design cdn.vev.design; frame-src 'self' *.google.com *.youtube.com *.vimeo.com discover.hdrinc.com *.doubleclick.net player.blubrry.com e.issuu.com caupneif01 *.youtube-nocookie.com *.googletagmanager.com *.cloudflare.com; child-src 'self' *.google.com *.youtube.com; font-src 'self' data: cloud.typography.com cdn.vev.design *.gstatic.com www.hdrinc.com cdn.scite.ai use.typekit.net fonts.vev.design; connect-src 'self' *.googleapis.com *.google-analytics.com *.cookielaw.org *.onetrust.com analytics.google.com *.doubleclick.net region1.analytics.google.com *.google.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-TS68WBZRNJsrioSezWGyRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https://*.mediaflow.com https://mfstatic.com https://matomo.malmo.se https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; font-src 'self' data: https://mfstatic.com; frame-src 'self' https://stadsatlas.malmo.se https://*.mediaflow.com https://www.youtube.com; img-src 'self' data: https://devenemang.malmo.se https://test-devenemang.malmo.se https://assets.malmo.se https://malmo.se https://metrics.brightcove.com https://*.prod.boltdns.net https://assets.mediaflowpro.com https://*.brightcovecdn.com https://*.inviewer.se https://i.ytimg.com; media-src 'self' https://*.brightcovecdn.com https://*.mediaflow.com blob:; script-src 'self' 'nonce-d4615ce0-21af-11f1-a59b-f317d1f24450' https://matomo.malmo.se https://players.brightcove.net 'strict-dynamic' 'unsafe-eval'; script-src-elem 'self' 'nonce-d4615ce0-21af-11f1-a59b-f317d1f24450' https://matomo.malmo.se https://www.google.com/recaptcha https://players.brightcove.net https://mfstatic.com https://www.youtube.com; style-src 'self' https://malmo.se https://mfstatic.com 'unsafe-inline' data:; 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'sha256-UeZ0R36qQ5kcoJ4QcT9JHYwgL70p9095Vm9jdRGAKSc=' 'nonce-cvcznvh6bklxdg';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'sha256-UeZ0R36qQ5kcoJ4QcT9JHYwgL70p9095Vm9jdRGAKSc=' 'nonce-cvcznvh6bklxdg'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.craft.cloud https://tlt-cdn.prd.teamleader.eu https://cdn.segment.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscta.net https://js.usemessages.com https://fast.wistia.com; style-src 'self' 'unsafe-inline' https://cdn.craft.cloud; font-src 'self' https://cdn.craft.cloud; img-src 'self' data: blob: https://cdn.craft.cloud https://fast.wistia.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://track.hubspot.com https://forms.hsforms.com; connect-src 'self' https://tlt-cdn.prd.teamleader.eu https://api.segment.io https://cdn.segment.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://js.hsforms.net https://api.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://js.hs-analytics.net https://js.usemessages.com https://fast.wistia.com https://embedwistia-a.akamaihd.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://fast.wistia.com https://js.hsforms.net https://forms.hsforms.com https://meetings.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' blob:; media-src 'self' https://fast.wistia.com https://embedwistia-a.akamaihd.net blob:; manifest-src 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hubspot.com https://forms.hsforms.com; upgrade-insecure-requests ; report-uri https://teamleader.uriports.com/reports/report; report-to default; 1
default-src 'self'; style-src 'self' 'unsafe-inline' googletagmanager.com tagmanager.google.com fonts.googleapis.com; script-src 'self' www.google.com *.googletagmanager.com *.gstatic.com; img-src 'self' googletagmanager.com *.gstatic.com * data:; frame-src 'self' www.youtube.com www.google.com blob:;frame-ancestors 'none'; form-action 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src 'self';base-uri 'none';font-src m.media-amazon.com;frame-src 'self' www.facebook.com audible.demdex.net td.doubleclick.net www.googletagmanager.com;connect-src 'self' unagi-fe.amazon.com m.media-amazon.com dpm.demdex.net audible.tt.omtrdc.net audible.sc.omtrdc.net fls-fe.amazon.com unagi.amazon.com unagi-na.amazon.com fls-na.amazon.com;frame-ancestors 'self';style-src 'self' 'unsafe-inline' images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com d2nttevkh1mtzs.cloudfront.net;media-src 'self' m.media-amazon.com;object-src 'none';script-src 'self' 'unsafe-inline' d2nttevkh1mtzs.cloudfront.net images-na.ssl-images-amazon.com d1g3myji5lplsh.cloudfront.net connect.facebook.net audible.sc.omtrdc.net;img-src 'self' m.media-amazon.com images-na.ssl-images-amazon.com images-fe.ssl-images-amazon.com fls-na.amazon.com www.facebook.com fls-fe.amazon.comwww.google.com 1
object-src 'none';base-uri 'self';script-src 'nonce-9Fe_SzD9a5a3L-bs1yZbDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.fontawesome.com *.oct8ne.com https://cdnjs.cloudflare.com *.gstatic.com https://sandbox.sequracdn.com/ *.reskyt.com/ https://cdn.doofinder.com/* data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.oct8ne.com https://plumrocket.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.trustpilot.com *.paypalobjects.com/ *.flyde.io/ *.redintelligence.net/ *.reskyt.com/ *.sequrapi.com/ *.klarnacdn.net/ *.doubleclick.net/ *.google.com/ https://www.facebook.com *.amazonaws.com/* https://myadsplatform-prod.s3.eu-central-1.amazonaws.com/ https://static.criteo.net https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com cdn.doofinder.com magefan.com cm.magefan.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.padelnuestro.com https://www.google.ie *.googleapis.com *.gstatic.com https://www.google.es/ads/ *.googletagmanager.com/ https://www.emjcd.com/ https://cj.dotomi.com/ *.cloudfront.net *.bing.com/ *.adform.net/ *.facebook.com/ *.reskyt.com/ *.connectif.cloud/ *.doubleclick.net/ *.google.com/ *.placeholder.com https://grwapi.net *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.adyen.com cdn.doofinder.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com https://cdnjs.cloudflare.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.trustpilot.com https://sdk.privacy-center.org https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.gstatic.com https://www.mczbf.com/ https://cdn.connectif.cloud/ *.cloudfront.net https://commerce.adobedtm.com/ *.bing.com/ *.adform.net/ *.jsdelivr.net/ *.flyde.io/ *.facebook.net/ *.tiktok.com/ *.klarnacdn.net/ *.reskyt.com/ *.quantummetric.com/ blob *.klarna.com/ *.sequrapi.com/ *.clarity.ms/ *.google.com/ https://grwapi.net https://unpkg.com https://eu1-config.doofinder.com/* *.doofinder.com/* https://eu1-config.doofinder.com/2.x/d0f0ef47-8a08-4c9c-9f1f-3c43a3aa757c.js *.usermaven.com/* *.creativecdn.com/* *.woopra.com/* https://static.woopra.com/ https://www.woopra.com/ https://tags.creativecdn.com/ https://ams.creativecdn.com/ https://f.creativecdn.com/ https://sync.outbrain.com/ *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.doofinder.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.trustpilot.com *.googletagmanager.com/ *.reskyt.com/ *.googleapis.com https://grwapi.net *.doofinder.com/* https://cdn.doofinder.com/* https://cdn.doofinder.com/livelayer/1/css/2/common.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io qa-api.magedevteam.com *.sentry.io *.adyen.com *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://pre.wayletlabs.com/* https://pro.waylet.es/* https://region1.google-analytics.com https://api.privacy-center.org *.doubleclick.net https://bam.nr-data.net *.googleapis.com *.gstatic.com *.google.com https://www.mczbf.com/ *.connectif.cloud/ *.flyde.io/ *.tiktok.com/ *.facebook.com/ *.reskyt.com/ *.quantummetric.com/ *.googlesyndication.com/ *.klarna.com/ *.klarnacdn.net/ *.clarity.ms https://grwapi.net https://track.adform.net https://google.com *.woopra.com/ *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-gSmLPdgjMU5+tk5HVXdfbg==' 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com http://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googleadservices.com *.paypal.com *.google-analytics.com https://l.clarity.ms/collect  *.paypal.com  https://get.geojs.io  https://js-agent.newrelic.com  https://royaloak-dev.codilar.in https://mcstaging.royaloakindia.com  https://royaloakindia.com  https://bam.nr-data.net https://f.clarity.ms https://sdk-01.moengage.com/ https://mcprod.royaloakindia.com https://cdnjs.cloudflare.com https://commerce.adobedtm.com https://js-agent.newrelic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://cdnjs.cloudflare.com https://js-agent.newrelic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.googleadservices.com *.paypal.com *.google-analytics.com https://l.clarity.ms/collect  *.paypal.com  https://get.geojs.io  https://js-agent.newrelic.com  https://royaloak-dev.codilar.in  https://mcstaging.royaloakindia.com  https://royaloakindia.com  https://bam.nr-data.net https://f.clarity.ms https://sdk-01.moengage.com/ https://mcprod.royaloakindia.com https://cdnjs.cloudflare.com https://commerce.adobedtm.com https://js-agent.newrelic.com api.razorpay.com www.youtube-nocookie.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://x.nitrocommerce.ai https://x.nitrocommerce.ai http://t.makehook.ws https://t.makehook.ws c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com testourcode.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleadservices.com *.paypalobjects.com *.google-analytics.com https://l.clarity.ms/collect  *.paypal.com  https://get.geojs.io  https://js-agent.newrelic.com  https://royaloak-dev.codilar.in  https://mcstaging.royaloakindia.com  https://royaloakindia.com  https://bam.nr-data.net https://f.clarity.ms https://sdk-01.moengage.com/ https://mcprod.royaloakindia.com https://cdnjs.cloudflare.com https://commerce.adobedtm.com https://js-agent.newrelic.com cdn.razorpay.com magefan.com cm.magefan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://x.nitrocommerce.ai https://x.nitrocommerce.ai http://t.makehook.ws https://t.makehook.ws www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com assets.snapmint.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleadservices.com *.paypal.com *.google-analytics.com https://l.clarity.ms/collect  *.paypal.com  https://get.geojs.io  https://js-agent.newrelic.com  https://royaloak-dev.codilar.in  https://mcstaging.royaloakindia.com  https://royaloakindia.com  https://bam.nr-data.net https://f.clarity.ms https://sdk-01.moengage.com/ https://mcprod.royaloakindia.com https://cdnjs.cloudflare.com https://commerce.adobedtm.com https://js-agent.newrelic.com checkout.razorpay.com *.googleapis.com *.google.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://x.nitrocommerce.ai https://x.nitrocommerce.ai http://t.makehook.ws https://t.makehook.ws js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com api.snapmint.com assets.snapmint.com sandboxapi.snapmint.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com http://x.nitrocommerce.ai https://x.nitrocommerce.ai http://t.makehook.ws https://t.makehook.ws http://fonts.googleapis.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleadservices.com *.paypal.com *.google-analytics.com https://l.clarity.ms/collect  *.paypal.com  https://get.geojs.io  https://js-agent.newrelic.com  https://royaloak-dev.codilar.in  https://mcstaging.royaloakindia.com  https://royaloakindia.com  https://bam.nr-data.net https://f.clarity.ms https://sdk-01.moengage.com/ https://mcprod.royaloakindia.com https://cdnjs.cloudflare.com https://commerce.adobedtm.com https://js-agent.newrelic.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com www.youtube.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com http://x.nitrocommerce.ai https://x.nitrocommerce.ai http://t.makehook.ws https://t.makehook.ws api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YApVbsPyU5s9ntbSpPfeyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
media-src *; default-src 'none'; style-src 'unsafe-inline' *; worker-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-o4uvPvU8wd9BG/15Gy2O3Q=='; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; img-src blob: data: *; font-src 'self' data: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; style-src 'report-sample' 'self' data: 'unsafe-inline' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; img-src 'self' data: ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com www.gstatic.com 127.0.0.1:18623 *.plex.com; font-src 'self' *.plex.com data: *.plexus-online.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.plexonline.com at.alicdn.com use.typekit.net; connect-src 'self' web-sdk.aptrinsic.com esp.aptrinsic.com *.plex.com pcn-move.plexdev.io cdnma.cdnservice.space cdnma.global-cache.online cdnmb.global-cache.online 127.0.0.1:18623 js.authorize.net tablet.sigwebtablet.com:47290; media-src 'self' *.plex.com; object-src 'self'; child-src 'self'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self' www.plexonline.com www.plexus-online.com; form-action 'self' *.plexus-online.com *.plexonline.com *.plex.com; base-uri 'self'; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' web-sdk.aptrinsic.com www.gstatic.com *.plexonline.com *.plex.com js.authorize.net jstest.authorize.net *.google-analytics.com www.pagespeed-mod.com *.plexus-online.com www.gstatic.com; style-src-elem 'unsafe-inline' *.plexonline.com web-sdk.aptrinsic.com www.gstatic.com maxcdn.bootstrapcdn.com *.plex.com *.plexus-online.com; report-uri https://csp.security.plex.com/csp/reporting 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com *.cookielaw.org *.getblueshift.com *.onetrust.org *.typekit.net *.vercel-scripts.com bat.bing.com connect.facebook.net static.hotjar.com script.hotjar.com vercel.live *.chatbot.com *.clarity.ms crux-api-onerhino.vercel.app unpkg.com cwv.onerhino.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.typekit.net vercel.live;img-src 'self' blob: data: *.buzzsprout.com *.cookielaw.org *.ctfassets.net *.facebook.com *.internationalliving.com *.nodebb.com *.youtube.com *.ytimg.com *.vercel.com vercel.com *.bing.com *.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;connect-src wss://*.pusher.com 'self' *.cookielaw.org api.getblueshift.com *.onetrust.com *.hotjar.io vercel.live *.chatbot.com bat.bing.com *.clarity.ms crux-api.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' *.typekit.net vercel.live;frame-src 'self' *.buzzsprout.com *.typeform.com *.youtube-nocookie.com *.youtube.com fast.wistia.net player.vimeo.com td.doubleclick.net vimeo.com vercel.live *.chatbot.com *.googletagmanager.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none' 1
frame-ancestors 'self' https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch; base-uri 'self'; connect-src * data: 'self'; default-src 'self' https:; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https:; img-src * data: blob: 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' https: * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; require-trusted-types-for 'script'; worker-src 'self' 1
default-src 'self' https: data: streamable.com; www.youtube.com; script-src 'none' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https: www.googletagmanager.com; www.youtube.com;; style-src-elem 'self' 'unsafe-inline' https: cdn.lineicons.com; fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https:; img-src 'self' https: data: cmefnbespa.cloudimg.io; forms-eu1.hsforms.com;; connect-src 'self' 'none' https: data: www.google.com; forms-eu1.hsforms.com; forms-eu1.hscollectedforms.net; text/plain; media-src 'self' https: www.youtube.com; frame-src 'self' https: www.youtube.com; streamable.com; www.google.com; sandbox allow-same-origin 1
object-src 'none';base-uri 'self';script-src 'nonce-DlsN3vkK_NapAqw9wIKA0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://accessibilityserver.org https://amplify.outbrain.com https://bam.nr-data.net https://bat.bing.com https://c.lytics.io https://cdn.segment.com https://cdn.taboola.com https://cdn.userway.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://platform.twitter.com https://qmod.quotemedia.com https://s.yimg.com https://script.hotjar.com https://securepubads.g.doubleclick.net https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://static.hotjar.com https://tr.outbrain.com https://trc.taboola.com https://www.dwin1.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://c.lytics.io https://cdnjs.cloudflare.com https://fonts.googleapis.com https://qmod.quotemedia.com https://static.c1.quotemedia.com; img-src 'self' data: https://alb.reddit.com https://analytics.twitter.com https://bat.bing.com https://c.lytics.io https://cdn.userway.org https://data.dianomi.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://q.quora.com https://secure.gravatar.com https://sp.analytics.yahoo.com https://syndication.twitter.com https://t.co https://tr.outbrain.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.quotemedia.com; connect-src 'self' https://api.segment.io https://api.userway.org https://app.quotemedia.com https://bam.nr-data.net https://ca.foolpitches.com https://cdn.segment.com https://cdn.userway.org https://cds.taboola.com https://csi.gstatic.com https://in.hotjar.com https://pips.taboola.com https://s.yimg.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://to.getnitropack.com https://trc-events.taboola.com https://vc.hotjar.io https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://static.c1.quotemedia.com; frame-src https://gum.criteo.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com; report-uri https://csp.feroot.com/a5814c59-63d2-4c2f-8d39-70a4fbe37b03/a068f8b4-0865-4c32-bd31-375a39409b87/collect; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-QV52Pmi9SfmCiiMHIuVrMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src *; img-src * data:; script-src 'nonce-0q5vVsMjaKkiAPAtk+QYIeHKau3BBazg' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' cdn.bizible.com; style-src 'self' 'unsafe-inline' https://404-tpa-276.mktoweb.com/ https://*.qualified.com; font-src 'self' kit.fontawesome.com https://ka-p.fontawesome.com/ https://fast.wistia.com/ data:; form-action 'self'; object-src 'none'; media-src 'self' blob: mediastream: https://*.qualified.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net/ https://gtm.docketwise.com/ https://www.youtube.com/ https://insight.adsrvr.org/ https://app.netlify.com/ https://404-tpa-276.mktoweb.com/ https://*.qualified.com; child-src https://*.qualified.com; frame-ancestors demo.affinipay.com ka-p.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /.netlify/functions/__csp-violations 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betano.cz *.betano.cz betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery google-analytics.com *.google-analytics.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ct3MNq97twd.HeekqTfhNw_L1K4uS0rLpcT4uEhWvn8-1773717756-1.0.1.1-W_0NwM6JVPVHqRkCRPJxYBYjXGVi9wRbSZazLDKIRg1h1QIvxlA0VWbGJ06D6SxWBr.KIYOdqxGQzj7y6einGJbcNzIkqK8_C5uWx37zi9E_WI68AeT5HAoe7MQpGNnat5g4q84cCnchfxJCCPqyAJ9bw.WipSqKicEc.c2s_sziP.kMeDCXnVspcNKsZu_5gBdR_jnDtzNmBr0mNFnWRw; report-to cf-aeoexipdbviapkym 1
object-src 'none';base-uri 'self';script-src 'nonce-yc_VG3dGv0bxkAwUX0iiqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://*.contentsquare.net https://*.contentsquare.com https://analytics.tiktok.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://*.contentsquare.net https://*.contentsquare.com https://www.google.nl https://www.google.de https://bat.bing.com https://match.sharethrough.com https://cm.g.doubleclick.net https://criteo-partners.tremorhub.com https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://ad.yieldlab.net https://ps.eyeota.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://eb2.3lift.com https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dis.criteo.com https://sync.1rx.io https://analytics.tiktok.com https://*.reskyt.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://rum.hlx.page https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com https://*.gstatic.com *.getflowbox.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com connect.getflowbox.com t.contentsquare.net static.hotjar.com https://*.contentsquare.net https://app.contentsquare.com https://*.cookiefirst.com https://*.noibu.com https://cdn-4.convertexperiments.com https://s.pinimg.com https://static.criteo.net https://www.dwin1.com https://bat.bing.com https://ct.pinterest.com https://cdn.watchtower.graindata.com https://script.hotjar.com https://lantern.roeyecdn.com https://sslwidget.criteo.com https://cdn.segmentify.com https://*.prenatal.nl https://analytics.tiktok.com https://*.reskyt.com https://app.aiden.cx 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://*.cookiefirst.com https://cdn.segmentify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com https://*.google.com payments-eu.amazon.com *.googleapis.com *.getflowbox.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://*.contentsquare.net https://*.contentsquare.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.cookiefirst.com https://pipeline.prenatal.nl https://region1.google-analytics.com https://www.google.nl https://ct.pinterest.com https://measurement-api.criteo.com https://vc.hotjar.io https://gandalf-eu.segmentify.com https://*.convertexperiments.com https://*.noibu.com wss://*.noibu.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.mastercontrol.com mastercontrol.service-now.com; object-src 'none'; form-action 'self' https://*.mastercontrol.com *.rise.com *.service-now.com mastercontrol.influitive.com gateway.zscloud.net mastercontrol.uservoice.com https://*.facebook.com https://connect.facebook.net; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
default-src 'self'; script-src 'self' 'nonce-CKv2EsKHWegzEK5h486cvQ==' https://www.google-analytics.com https://widget.trustpilot.com http://widget.trustpilot.com https://*.sentry.io https://*.firebase.googleapis.com https://static.zdassets.com https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com/li.lms-analytics/insight.min.js ; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' https://content-api.changenow.io https://widget.trustpilot.com https://changenow.io https://explorer-api.walletconnect.com https://alb.reddit.com/rp.gif; connect-src 'self' https://l.changenow.org https://*.zdassets.com https://www.google-analytics.com https://vip-api.changenow.io https://content-api.changenow.io https://changenow.io https://affiliate-backend.changenow.io https://api.changenow.io https://explorer-api.walletconnect.com https://verify.walletconnect.com https://changenow.zendesk.com https://px.ads.linkedin.com/collect ; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://widget.trustpilot.com http://widget.trustpilot.com https://changenow.io https://youtube.com https://verify.walletconnect.com https://www.youtube.com ; report-uri https://l.changenow.org/api/3/security/?sentry_key=caf1b4c4d55fac9fb827b0fc4c20f664 1
default-src 'self'; script-src 'self' 'nonce-kum99qYjb3qCHpQbYw+P3w==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.es *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.es; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://maps.googleapis.com https://s3-eu-west-1.amazonaws.com https://script.hotjar.com https://static.hotjar.com https://static.inteliwise.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.recaptcha.net https://*.recaptcha.net https://*.google.com https://*.doubleclick.net https://*.googleusercontent.com https://*.youtube.com https://*.facebook.net https://*.hotjar.com https://*.inteliwise.com https://bat.bing.com https://pixel.wp.pl https://www.clarity.ms https://scripts.clarity.ms https://*.clarity.ms https://analytics.tiktok.com https://static.ads-twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://microsoft.com https://perfo.salestube.pl https://sandbox.przelewy24.pl https://browser-update.org https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3-eu-west-1.amazonaws.com https://*.hotjar.com https://*.inteliwise.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://www.gstatic.com https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://inteliwise-eu.s3.amazonaws.com https://maps.googleapis.com https://s3-eu-west-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.recaptcha.net https://*.hotjar.com https://*.inteliwise.com https://pixel.wp.pl https://rail-publisher.app.inteliwi.se https://ad.doubleclick.net https://*.clarity.ms wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://www.facebook.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://bat.bing.com https://unpkg.com https://vc.hotjar.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://microsoft.com https://perfo.salestube.pl https://sandbox.przelewy24.pl https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; frame-src 'self' https://10798259.fls.doubleclick.net https://9049979.fls.doubleclick.net https://s3-eu-west-1.amazonaws.com https://vars.hotjar.com https://www.google.com https://www.recaptcha.net https://*.google.com https://*.hotjar.com https://*.inteliwise.com https://www.googletagmanager.com https://td.doubleclick.net https://*.youtube.com https://*.vimeo.com https://player.vimeo.com https://www.youtube.com https://www.wp.pl https://tenantpluginapiserver1.eloacc.warta.pl; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://*.hotjar.com https://*.inteliwise.com https://pixel.wp.pl https://ad.doubleclick.net https://bat.bing.com https://*.clarity.ms https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://c.bing.com https://t.co https://analytics.twitter.com https://fonts.gstatic.com https://*.ytimg.com https://*.vimeocdn.com https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; manifest-src 'self'; media-src 'self' https://tenantpluginapiserver1.eloacc.warta.pl https://public-api-sessionserver1.eloacc.warta.pl; worker-src 'self' blob:; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self';  font-src 'self'    https://static.sanitas.es    https://maxcdn.bootstrapcdn.com    https://s3.lightboxcdn.com    https://fonts.gstatic.com    https://sanitaspre.herokuapp.com;  style-src 'self' 'unsafe-inline'    https://static.sanitas.es    https://sanitaspre.herokuapp.com    https://forms.zetaglobal.net    https://fonts.googleapis.com    https://maxcdn.bootstrapcdn.com;  img-src 'self'    data:    https://www.sanitas.es    https://static.sanitas.es    https://www.bupa.pt    https://cdn.cookielaw.org    https://sanitassociedadanonimade.data.adobedc.net    https://www.googletagmanager.com    https://www.google.com    https://forms.zetaglobal.net    https://sanitaspre.herokuapp.com    https://maps.gstatic.com    https://maps.googleapis.com    https://lh3.googleusercontent.com    https://www.google.es;  script-src 'self' 'unsafe-inline' 'unsafe-eval'    https://static.sanitas.es    https://www.googletagmanager.com    https://x.empathy.co    https://sanitaspre.herokuapp.com    https://assets.adobedtm.com https://cdn.cookielaw.org    https://static.hotjar.com https://euhosted.live.rezync.com    https://googleads.g.doubleclick.net    https://cdnjs.cloudflare.com    https://www.lightboxcdn.com    https://script.hotjar.com    https://forms.zetaglobal.net    https://d30o4d63vvluug.cloudfront.net    https://maps.googleapis.com    https://assets.exatom.io    https://cdn.eu.zetaglobal.net;  connect-src 'self'    https://api.sanitas.es    https://sanitassociedad.tt.omtrdc.net    https://cdn.cookielaw.org    https://onsiterecs.api.eu.zetaglobal.net    https://sanitaspre.herokuapp.com    https://events.api.eu.zetaglobal.net    https://content.hotjar.io    https://people.api.eu.zetaglobal.net    https://api.eu.zetaglobal.net    https://jsonplaceholder.typicode.com    https://maps.googleapis.com    https://assets.exatom.io    https://dpm.demdex.net    https://ad.doubleclick.net    https://www.google.com    wss://sanitaspre.herokuapp.com    wss://ws.hotjar.com;  frame-src 'self'    https://sania.chat    https://www.sania.chat    https://8508277.fls.doubleclick.net    https://sanitassociedadanonimade.demdex.net; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betano.ng *.betano.ng cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.io *.kameleoon.io optimove.net *.optimove.net sportradar.com *.sportradar.com sportradarserving.com *.sportradarserving.com cloudflareinsights.com *.cloudflareinsights.com ads-twitter.com *.ads-twitter.com app.delivery *.app.delivery lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=45E2Tv4JXWqwoYxdKe_luQNXTECEr4Ixn4QJ_FLTfLc-1773710773-1.0.1.1-SGDbYop_bmazk9fZ6OdOOrYWKnJkNGXuiiJkJdqeKyo5capmB9JEj6gukp3mOYAKfzje9wHd.MoWmX3QnKzuKPevUn8Umx.ggce5SunCcbfYK8Z68qievCdvdiOkfLTZ1XwmGfz7OoAQ2VdN1Jd_B40uAWPbrH99Bd52E_0A5moRAmgig9SwFYwCCDgjl9fz2nMlUVl4Q.i3Ux8B4cn7AA; report-to cf-lqwrcuxvzejazape 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://app.storyblok.com; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://st.anyip.io https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://*.googleadservices.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://ph.anyip.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://www.redditstatic.com https://valley-intent.nyc3.digitaloceanspaces.com https://d-code.liadm.com https://*.clarity.ms https://bat.bing.com https://static.cloudflareinsights.com https://snap.licdn.com https://static.ads-twitter.com https://app.factors.ai https://code.upscope.io https://js.upscope.io https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com; media-src 'self' https://js.intercomcdn.com; connect-src 'self' https: wss:; frame-src 'self' https://st.anyip.io https://*.googletagmanager.com https://*.google.com https://*.recaptcha.net https://*.intercom.io https://*.liadm.com https://widget.trustpilot.com https://*.trustpilot.com; form-action 'self'; worker-src 'self' blob:; report-uri /_csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-lev449efna6aHgvR-LyPsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uQjc8CTvVHlLkgtjKCE0NA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-6622ccd5599b7b52a82f25ed680b5332';object-src 'none';base-uri 'none';frame-src 'self' https://paywall.imoje.pl https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://wchat.freshchat.com https://*.webpush.freshchat.com https://www.youtube.com https://youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com https://www.facebook.com https://open.spotify.com/embed/ https://podcasters.spotify.com/pod/show/ https://player.vimeo.com/video/ https://td.doubleclick.net https://platform.twitter.com/ https://www.googletagmanager.com/ https://www.wp.pl;report-uri https://o160244.ingest.sentry.io/api/1798165/security/?sentry_key=22e91a43970d40cdae6153ad3feb9951;report-to csp-endpoint 1
font-src fonts.gstatic.com;frame-ancestors 'self' *.dev-emotive.com https://setup-shop.emotiveapp.co *.myshopify.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emotivecdn.io *.dev-emotive.com https://www.googletagmanager.com;img-src 'self' data:;style-src 'self' 'unsafe-inline' https://emotivecdn.io *.dev-emotive.com fonts.googleapis.com;frame-src ;default-src 'self';connect-src 1
font-src *.klevu.com *.ksearchnet.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.gstatic.com https://pos.snapscan.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.paygate.co.za/payweb3/process.trans https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src *.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com https://ipinfo.io *.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src data:text fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.criteo.com *.krxd.net *.chatlayer.ai assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com *.google.com *.gstatic.com https://*.googleapis.com https://*.googleusercontent.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com https://pos.snapscan.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.incredible.co.za *.chatlayer.ai assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com *.klevu.com *.ksearchnet.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xbhrzQ_RK9yuNhOj4qFuhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 1
default-src 'self' https:; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://hsselite.zendesk.com; connect-src 'self' https: wss: https://*.zendesk.com https://*.zdassets.com https://*.onesignal.com https://api.onesignal.com; img-src 'self' https: data:; font-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https://static.zdassets.com https://*.onesignal.com https://*.zendesk.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cmp.osano.com https://static.ada.support https://cdn.onesignal.com https://www.googletagmanager.com https://js.go2sdk.com 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'nonce-exGcKK8Y0GnpW+zrM0c6+AEvMqqwXh1K3GAHJ3Bk1Ck=' 'strict-dynamic' https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js https://ak.sail-horizon.com/spm/spm.v1.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://bat.bing.com/bat.js https://cdn-ukwest.onetrust.com/scripttemplates/202503.1.0/otBannerSdk.js https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js https://connect.facebook.net/en_US/fbevents.js https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la3-c1-cdg.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d16fk4ms6rqz1v.cloudfront.net/capture/mrandmrssmith.js https://dv4m25lzcyglc.cloudfront.net/3.0.0/gh7rnghq.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/726324624/ https://js.stripe.com/v2/ https://js.stripe.com/v3/ https://checkout.stripe.com/checkout.js https://js.stripe.com/basil/stripe.js https://mrandmrssmith.my.salesforce.com/embeddedservice/5.0/esw.min.js https://api.feefo.com/api/javascript/mr-mrs-smith https://register.feefo.com//feefo-widget-v2/js/feefo-widget.js https://api.feefo.com/feefo-widgets-data/loader/widgets/mr-mrs-smith https://register.feefo.com/feefo-widgets-app/feefo_widgets_loader.js https://register.feefo.com/feefo-widget-v2/js/loader/pop-up-reviews.bundle.js https://se.monetate.net/js/2/a-58d4210d/p/mrandmrssmith.com/entry.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://static.mention-me.com/dist/static/js/async/bootloader-init.v2.b874a4b9.js https://t.contentsquare.net/uxa/cea2376851edf.js https://tag.mention-me.com/api/v2/refereefind/mm2133a6f1 https://tag.rmp.rakuten.com/111651.ct.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.googletagmanager.com/gtag/destination https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://maps.googleapis.com/maps/api/js https://assets.pinterest.com/js/pinit.js https://cdnjs.cloudflare.com/ajax/libs/svgxuse/1.2.6/svgxuse.min.js https://cdn.firebase.com/js/client/1.1.2/firebase.js https://code.jquery.com/jquery-migrate-1.2.1.js https://js.braintreegateway.com/web/3.0.1/js/client.min.js https://js.braintreegateway.com/web/3.0.1/js/apple-pay.min.js https://api.skyscanner.net/api.ashx https://translate.google.com/translate_a/element.js https://static-eu.payments-amazon.com/OffAmazonPayments/uk/lpa/js/Widgets.js https://www.googleadservices.com/pagead/conversion.js https://0.r.msn.com/scripts/microsoft_adcenterconversion.js http://e.monetate.net/js/3/a-58d4210d/d/mms-monetate.mmsmith.info/t1640009934/2cbacf4e5b15a1ac/custom.js http://f.monetate.net/trk/4/s/a-58d4210d/d/mms-monetate.mmsmith.info/ https://mrandmrssmith--chatsand.sandbox.my.salesforce.com/embeddedservice/5.0/esw.min.js https://tag-demo.mention-me.com/api/v2/referreroffer/mm2133a6f1 https://static-demo.mention-me.com/dist/static/js/async/bootloader-init.v2.b874a4b9.js https://se.monetate.net/js/3/a-58d4210d/d/mms-monetate.mmsmith.info/t1640009934/2cbacf4e5b15a1ac/custom.js https://service.force.com/embeddedservice/5.0/utils/common.min.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js https://d.la3-c1-cdg.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://service.force.com/embeddedservice/5.0/utils/inert.min.js https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://register.feefo.com/badge-ui/feefo_adaptive_badges.js https://tag-demo.mention-me.com/api/v2/refereefind/mm2133a6f1 https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-rtl-text/v0.2.0/mapbox-gl-rtl-text.js http://register.feefo.com//feefo-widget-v2/js/feefo-widget.js https://register.feefo.com//feefo-widget-v2/js/feefo-widget.js http://se.monetate.net/js/2/a-58d4210d/d/mms-monetate.mmsmith.info/entry.js https://se.monetate.net/js/2/a-58d4210d/d/mms-monetate.mmsmith.info/entry.js http://c.webtrends-optimize.com/acs/accounts/f0fa8f35-66f6-474c-87f7-6947403a3fd3/js/wt.js https://c.webtrends-optimize.com/acs/accounts/f0fa8f35-66f6-474c-87f7-6947403a3fd3/js/wt.js; style-src * 'unsafe-inline' 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.onetrust.com https://*.feefo.com https://*.analytics.google.com https://*.google-analytics.com https://*.mapbox.com https://*.contentsquare.net https://maps.googleapis.com https://api.sail-personalize.com https://google.com https://i.salecycle.com https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google.co.uk https://www.google.com https://tag-demo.mention-me.com http://ots.webtrends-optimize.com https://ots.webtrends-optimize.com https://analytics.tiktok.com https://*.mrandmrssmith.com wss://ws.salecycle.com; font-src 'self' data: https://www.mrandmrssmith.com https://use.typekit.net https://fonts.gstatic.com https://fonts.feefo.com https://mrandmrssmith.com; frame-src 'self' https://js.stripe.com https://s.salecycle.com https://service.force.com https://widget.trustpilot.com https://www.googletagmanager.com https://demo.mention-me.com https://accounts.google.com https://form.typeform.com https://tags.rd.linksynergy.com; img-src 'self' data: https://www.mrandmrssmith.com https://*.mrandmrssmith.com https://api.feefo.com https://api.mapbox.com https://cdn-ukwest.onetrust.com https://public.feefo.com https://s3-eu-west-1.amazonaws.com https://www.google.co.uk https://www.googletagmanager.com https://mrandmrssmith-res.cloudinary.com https://f.monetate.net https://bat.bing.com https://c.contentsquare.net https://www.facebook.com https://www.google.com https://consent.linksynergy.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data: blob:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-9Sqihk7uvEhTwzaQ7Abb/Q=='; report-uri /csp_violations 1
default-src 'self' 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://accounts.google.com https://analytics.google.com https://*.analytics.google.com https://*.sentry.io https://*.google-analytics.com https://*.gstatic.com https://google-analytics.com https://*.leadinfo.net https://*.leadinfo.com https://*.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.de https://*.google.fr https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.co.uk ; font-src 'self' 'unsafe-inline' https://*.fontawesome.com https://fonts.gstatic.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://accounts.google.com/gsi/ https://*.google-analytics.com https://js.mollie.com https://cdn.leadinfo.net/ ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://accounts.google.com/gsi/ https://*.google-analytics.com https://js.mollie.com https://cdn.leadinfo.net/ ; frame-src 'self' https://*.doubleclick.net/ https://accounts.google.com/ https://*.mollie.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.de https://*.google.fr https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.co.uk ; img-src 'self' https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net blob: data: https://tile.openstreetmap.org https://*.google.com https://*.google.be https://*.google.de https://*.google.fr https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.co.uk ;  report-to csp-endpoint; report-uri  https://www.companyweb.be/cspviolation 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; worker-src 'self' blob:; child-src 'self' blob:; block-all-mixed-content; report-uri /csp_reports 1
default-src 'self'; script-src 'self' 'nonce-r2GwCdcBJlw5iBLdyK84DHeKwZuMv666tfX6lt1B2vNDWRNztxwXwQ' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'nonce-r2GwCdcBJlw5iBLdyK84DHeKwZuMv666tfX6lt1B2vNDWRNztxwXwQ' 'report-sample'; report-uri https://typo3.com/@http-reporting?csp=report&requestTime=1773709364989032&requestHash=e58d5054e4ed9bf8242945c125ff9e11a4b6aa85 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com 'sha256-F+QMJISS2IIkRUd2a+c+u1owMqMSoidCaHFDAmzUgOo=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-yZHeusBmoqYSsqdm5ylf993dfqVyosFaYa5gueKZDsA=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-NoWu+BuWxBsWAc9iEH0HnQQP7HC05AcUDK7axdIDjwo=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-xC28eeoipXuMfsEi0Pp3OxhT4I3rTrzN9uK2FB94ze4=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-Xr7tFjKXkiF47o9/dlJ+izWVWEtr67XyWOK085/Y43E=' 'sha256-qcT/R0HkWUs2DMxvtvcMobUms6Z5/fPtfgUe2hN67gE='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com https://sourcemap.devowl.io https://sourcemap.devowl.io/real-media-library/4.22.47/adb9a2f4ef22d5d85978840bd322bf76/index.js.map www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://my.mediahub.bnpparibas/AssetLink/1cwfu8n4ki414p6d240ff18r41ver00j.mp4 https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com blob: https://fxplus.bnpparibas.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://jadlog.com.br https://www.jadlog.com.b; script-src 'self' https://static.zdassets.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com https://code.jquery.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://pod-27-sunco-ws.zendesk.com; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://static.zdassets.com https://cdn.cookielaw.org; img-src 'self' data: https://*.tile.openstreetmap.org https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://cdn.cookielaw.org https://ekr.zdassets.com https://jadloglogsticahelp.zendesk.com https://pod-27-sunco-ws.zendesk.com https://www.googletagmanager.com https://www.google.com https://cloudflareinsights.com; frame-src 'self' https://www.google.com https://jadlog.force.com https://jadloglogsticahelp.zendesk.com; report-uri https://service.jadlog.com.br/csp-report-endpoint; report-to csp-endpoint 1
default-src 'self'; base-uri 'none'; object-src 'none'; form-action https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: data: blob:; media-src 'self' https: data:; worker-src 'self' blob:; frame-src https:; manifest-src 'self' https:; 1
default-src 'self'; script-src 'self' 'nonce-N6Z0c8vV/jI7BMAbVBog4w==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.it *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.it; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self';    script-src 'self' 'unsafe-inline' https: http: https://vercel.live https://vercel.com https://*.posthog.com *.clerk.accounts.dev https://cdn.mux.com https://mux.com https://*.mux.com https://stream.mux.com https://*.gleap.io/ https://translate.google.com/ https://translate.googleapis.com/ https://www.gstatic.com/ https://*.google.com/;    style-src 'self' 'unsafe-inline' https://vercel.live/ https://*.mux.com;    img-src 'self' blob: data: https: *.thenational.academy/ thenational.academy/;    font-src 'self' gstatic-fonts.thenational.academy/ fonts.gstatic.com/ data: https://vercel.live/ https://assets.vercel.com;    object-src 'self' *.google.com;    base-uri 'self';    form-action 'self';    frame-ancestors 'self' *.google.com/;    connect-src *.thenational.academy thenational.academy https://vercel.live/ https://vercel.com *.pusher.com *.pusherapp.com *.hubspot.com *.hsforms.com *.cloudinary.com/ https://eu.i.posthog.com *.posthog.com https://api.avo.app/ *.clerk.accounts.dev clerk-telemetry.com https://mux.com https://*.mux.com https://stream.mux.com https://inferred.litix.io *.gleap.io wss://*.gleap.io *.google.com *.bugsnag.smartbear.com *.bugsnag.com;    media-src 'self' blob: *.thenational.academy/ https://res.cloudinary.com/ https://oaknationalacademy-res.cloudinary.com/ https://*.cloudinary.com/ https://*.mux.com/ https://stream.mux.com/ https://*.gleap.io/ https://ssl.gstatic.com;    frame-src 'self' *.thenational.academy/ https://vercel.live/ https://vercel.com https://challenges.cloudflare.com https://www.avo.app/ https://stream.mux.com https://*.mux.com https://*.gleap.io/ *.google.com/;    worker-src 'self' blob: *.thenational.academy/;    child-src blob:;    report-uri https://ph-eu-api.thenational.academy/report/?token=phc_LCrtgEAumOz4qgXuJNqMK2xisQ4mGaApixHEPXeRRoN&sample_rate=0.05&v=1;    report-to posthog 1
default-src 'self'; script-src 'self' 'nonce-PFe1FAwMpcbsAH73WMU8Vw==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.disonsdemain.fr *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.disonsdemain.fr; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss://ws.salecycle.com; object-src 'none'; style-src 'self' https: 'unsafe-hashes' 'unsafe-inline' https://*.aircaraibes.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https://*.aircaraibes.com https://aircaraibes.qualifioapp.com https://www.googletagmanager.com/ https://*.salecycle.com https://*.pinterest.com https://*.criteo.com https://*.cloudfront.net; frame-ancestors 'self' https://www.liligo.com https://www.liligo.fr https://checkin.si.amadeus.net https://*.aircaraibes.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.finchatbot.com; connect-src 'self' https: wss://ws.salecycle.com; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-pjs2s_JcF04lVGyMRe2Ymw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gls.com *.szybkapaczka.pl *.gls-poland.com/ https://*.easypack24.net https://fonts.bunny.net fonts.googleapis.com https://*.typekit.net https://font.static.useinsider.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com https://parcelshop.dhl.pl https://pudofinder.dpd.com.pl https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.gls-poland.com/ https://*.dpd.com.pl/ https://*.dpd.cz/ https://consentcdn.cookiebot.com https://*.livechatinc.com https://secure-fra.livechatinc.com https://creativecdn.com https://martes.api.useinsider.com https://ams.creativecdn.com https://*.doubleclick.net https://*.criteo.com https://martes.api.useinsider.com/ https://*.criteo.net https://www.facebook.com https://*.avin1.com https://*.packeta.com https://api.dpd.cz/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com https://*.sysadvisors.pl *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ *.gls-poland.com.pl/ https://*.easypack24.net https://*.inpost.pl https://trustmate.io magefan.com cm.magefan.com https://firebasestorage.googleapis.com quickchart.io img.youtube.com https://fitanu.com https://*.paynow.pl https://*.cookiebot.com https://*.glami.pl https://*.bing.com https://google.pl https://*.useinsider.com https://*.google.pl https://log.api.useinsider.com https://*.adnxs.com https://cm.g.doubleclick.net https://*.creativecdn.com https://*.udmserve.net https://*.rubiconproject.com https://*.wp.pl https://*.teads.tv https://*.taboola.com https://*.adscale.de https://*.3lift.com https://*.outbrain.com https://*.smartadserver.com https://*.yieldmo.com https://*.openx.net https://*.360yield.com https://*.33across.com https://*.seedtag.com https://sync.go.sonobi.com https://*.nexx360.io https://*.clarity.ms https://*.casalemedia.com https://*.lijit.com https://*.omnitagjs.com https://*.media.net https://*.loopme.me https://onetag-sys.com https://*.mgid.com https://*.ad.smaato.net https://*.rmp.rakuten.com https://*.visx.net http://*.credit-agricole.pl https://*.facebook.com https://*.bidswitch.net https://*.zdusercontent.com https://*.criteo.com https://*.1rx.io https://*.emxdgt.com https://*.yieldlab.net https://*.tremorhub.com https://*.sharethrough.com https://*.pubmatic.com https://*.postrelease.com https://*.mediavine.com https://*.ivitrack.com https://id5-sync.com https://*.zendesk.com https://*.dmxleo.com https://*.facebook.net https://*.avin1.com https://*.unrulymedia.com https://sklepmartes.pl https://*.packeta.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure.payu.com secure.snd.payu.com https://*.sysadvisors.pl *.snrbox.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://*.mapbox.com https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ https://unpkg.com https://cdn.jsdelivr.net https://*.easypack24.net https://trustmate.io https://cz.im9.cz https://sk.im9.cz *.avada.io *.shopify.com https://*.paynow.pl https://*.intum.com https://*.demoup.com https://cdn.intum.com https://*.cookiebot.com https://*.clarity.ms https://*.azureedge.net https://*.livechatinc.com https://*.wp.pl https://*.dmdi.pl https://*.savecart.pl https://*.goadservices.com https://*.bing.com https://*.dwin1.com https://glamipixel.com https://trafficscanner.pl https://*.cloudflareinsights.com https://martes.api.useinsider.com https://tags.creativecdn.com https://script.ar-mtch1.com https://eitri.api.useinsider.com https://*.allekurier.pl https://*.luigisbox.tech https://*.criteo.com https://*.facebook.net https://*.tiktok.com https://*.avin1.com https://*.martessport.eu https://*.packeta.com https://*.sklepmartes.pl https://cdn.thulium.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.sysadvisors.pl *.snrcdn.net https://*.mapbox.com *.szybkapaczka.pl *.gls-poland.com/ https://cdn.jsdelivr.net https://*.easypack24.net https://trustmate.io https://fonts.bunny.net fonts.gstatic.com https://assets.api.useinsider.com https://*.luigisbox.tech https://*.sklepmartes.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.szybkapaczka.pl *.gls-poland.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ secure.payu.com merch-prod.snd.payu.com https://*.sysadvisors.pl *.snrbox.com https://api.mapbox.com https://events.mapbox.com https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ https://*.easypack24.net https://trustmate.io https://get.geojs.io *.avada.io https://*.demoup.com https://mycliplister.com https://*.google-analytics.com https://*.livechatinc.com https://googleads.g.doubleclick.net https://ams.creativecdn.com https://lt.ar-mtch1.com https://*.cookiebot.com https://*.useinsider.com https://*.clarity.ms https://*.bing.com https://*.inpost.pl https://*.luigisbox.tech https://*.tiktok.com https://*.sklepmartes.pl https://*.criteo.com https://*.keys.adm-services.goog https://*.facebook.com https://*.googlesyndication.com https://*.packeta.com https://pixel.wp.pl/ https://cdn.thulium.com/ https://*.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.typekit.net *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.yotpo.com www-wp.silencercentral.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net www-wp.silencercentral.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com https://elements.sandbox.fortis.tech https://elements.fortis.tech *.authorize.net *.yotpo.com www-wp.silencercentral.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com store.paradoxlabs.com maps.gstatic.com https://*.ipredictive.com https://www.googletagmanager.com *.gleamjs.io *.gleam.io *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ code.jquery.com cdnjs.cloudflare.com *.authorize.net maps.googleapis.com https://js.ipredictive.com *.gleamjs.io *.gleam.io *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www-wp.silencercentral.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.certcapture.com https://static.klaviyo.com cdnjs.cloudflare.com *.typekit.net *.yotpo.com dhv2ziothpgrr.cloudfront.net www-wp.silencercentral.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www-wp.silencercentral.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www-wp.silencercentral.com 'self' 'unsafe-inline'; child-src www-wp.silencercentral.com http: https: blob: 'self' 'unsafe-inline'; default-src www-wp.silencercentral.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; report-uri https://nearpod.report-uri.com/r/t/csp/reportOnly 1
connect-src 'self' https://analytics.tiktok.com https://api.hubspot.com https://app.clearbit.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://content.hotjar.io https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://px.ads.linkedin.com https://script.crazyegg.com https://www.google-analytics.com https://www.google.com https://edge.api.brightcove.com https://bat.bing.com/ https://manifest.prod.boltdns.net https://sdl.brightcovecdn.com https://logx.optimizely.com https://*.optimizely.com; default-src 'self'; font-src 'self' data: https://use.typekit.net https://*.optimizely.com; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://www.facebook.com https://calendly.com https://forms.hsforms.com https://a5098497884553216.cdn.optimizely.com https://a5098497884553216.cdn-pci.optimizely.com; img-src 'self' data: https://bat.bing.com https://forms-na1.hsforms.com https://ib.adnxs.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://secure.adnxs.com https://track.accountinsight.cloud https://track.hubspot.com https://www.facebook.com https://www.google.com https://www.google.com.ua https://metrics.brightcove.com https://www.googletagmanager.com https://cf-images.us-east-1.prod.boltdns.net https://cdn.optimizely.com https://app.optimizely.com; media-src 'self' blob:; script-src 'self' 'nonce-Sw+OFP/XnZ/OlanvU8+/Zw==' https://a.dpmsrv.com https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://cm.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net https://ib.adnxs.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hubspot.com https://js.usemessages.com https://s.dpmsrv.com https://script.crazyegg.com https://script.hotjar.com https://serve.nrich.ai https://snap.licdn.com https://st.getsitecontrol.com https://static.hotjar.com https://tag.clearbitscripts.com https://widgets.getsitecontrol.com https://www.googletagmanager.com https://x.clearbitjs.com https://assets.calendly.com https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://players.brightcove.net wss://ws.hotjar.com/ https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://assets.calendly.com https://*.optimizely.com https://app.optimizely.com; worker-src 'self' blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/tv_google 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ubgVk2FvtTRToUzO3PCfdzQS3Tld6ju3qEuVEMO2L8s-1773716917.656824-1.0.1.1-vph9Zvdxx2FhSclSCo2atduMeB52SyfEKa4DCwflzWf3LFNZjOdjR2x4PD1MuGRaBjt4vckTGRWfPjnaR35Yn0.D0Oufk7qCUASnZVZxOTi3Lrf0tJtv3Ao0mjuP1yC1IeughgOSeuVicm_kRYCegKGm304.Iw83o0__.SOISXRkNUQtv86OV_0mnostj2zu; report-to cf-csp-endpoint 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.googlesyndication.com *.clarity.ms *.google.com *.facebook.com  'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.youtube-nocookie.com www.google.com *.tbibank.ro consentcdn.cookiebot.com *.google.ro *.facebook.com *.weltpixel.com  https://*.sameday.ro *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.tbicp.com *.tbibank.ro imgsct.cookiebot.com *.google.ro *.clarity.ms *.bing.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.selfawb.ro https://firebasestorage.googleapis.com flagpedia.net t.themarketer.com cdn1.themarketer.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.tbicp.com *.tbibank.ro consentcdn.cookiebot.com *.cookiebot.com *.google.ro *.clarity.ms *.aqurate.ai *.themarketer.com *.avada.io t.themarketer.com cdn1.themarketer.com https://*.sameday.ro *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.google.ro *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com t.themarketer.com cdn1.themarketer.com https://*.sameday.ro *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.google.ro *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com consentcdn.cookiebot.com *.googlesyndication.com *.clarity.ms *.google.com google.com *.facebook.com *.aqurate.ai *.themarketer.com https://ecommerce.fancourier.ro https://nominatim.openstreetmap.org https://api.fancourier.ro https://get.geojs.io *.avada.io www.gstatic.com t.themarketer.com cdn1.themarketer.com  *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://251703a9-46ab-4e4f-ab25-1de6ee452399.sansec.watch/; report-to report-endpoint; 1
default-src   'self'; script-src   'self'   'unsafe-inline'   'unsafe-eval'   https://analytics-eu.clickdimensions.com   https://www.googletagmanager.com   https://maps.googleapis.com   https://www.jscache.com   https://www.youtube.com   https://www.google.com   https://www.riddle.com   https://p.teads.tv   https://webservices.data-8.co.uk   https://www.eventbrite.co.uk   https://connect.facebook.net   https://acdn.adnxs.com   https://c0.adalyser.com   https://static.hotjar.com   https://script.hotjar.com   https://k.r66net.com   https://www.tripadvisor.com   https://www.tripadvisor.co.uk   https://static.tacdn.com; style-src   'self'   'unsafe-inline'   https://use.typekit.net   https://p.typekit.net   https://cdnjs.cloudflare.com   https://webservices.data-8.co.uk   https://static.tacdn.com   https://fonts.googleapis.com; img-src   'self'   data:   https://ntswebstorage01.blob.core.windows.net   https://www.tripadvisor.co.uk   https://ciim-data.nts.org.uk   https://nts-production.imgix.net   https://nts-staging-test.imgix.net   https://t.teads.tv   https://ib.adnxs.com   https://www.facebook.com   https://maps.gstatic.com   https://maps.googleapis.com; font-src   'self'   https://www.nts.org.uk   https://use.typekit.net   https://static.tacdn.com   https://fonts.gstatic.com; connect-src   'self'   https://maps.googleapis.com   https://googleads.g.doubleclick.net   https://ciim-data.nts.org.uk   https://analytics-eu.clickdimensions.com   https://nts-production.imgix.net   https://p.typekit.net   https://use.typekit.net   https://*.hotjar.com   wss://*.hotjar.com; frame-src   'self'   https://www.youtube.com   https://www.youtube-nocookie.com   https://www.googletagmanager.com   https://www.riddle.com   https://w.soundcloud.com   https://*.doubleclick.net   https://*.hotjar.com   https://www.eventbrite.co.uk media-src   'self'   https://ntswebstorage01.blob.core.windows.net; object-src   'none'; frame-ancestors   'self'; base-uri   'self'; form-action   'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=3cfe2XLhKWMi_d9gAR2l2BGzgetriFajOzW2OA0_swQ-1773710322.3498003-1.0.1.1-bNfJ.tIcQJzEauqJxWYFPIy6p_o9WtvN5i8Q8znHCotja5Dk8lQ9RDAvmL26WC9JyBcvEdjURjamarCWXH.iBEcXOajnMSj1Md1rkgpkb4cFFtr7Y.JgE.lmlIWpNJ1j.9aKd.1HwjNV0gfU2yqYLv.b38oHmrr3ujwfPnqwvv7YiuxFEm_yR2DZpDoi388x; report-to cf-fslrbresymwehsdc 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.fi https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net https://relay.prod.nntech.io https://api-poc.prod.nntech.io; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.fi; frame-src 'self' https://analytics.nordnet.fi https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://www.google.com https://t.email.nordnet.fi https://dashboard.fundrella.com; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://api.prod.nntech.io data: blob: https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogi.nordnet.fi; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.fi https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-618c5a0e-699d-4652-9f84-555ced4e3df6' https://analytics.nordnet.fi https://cdn.prod.nntech.io https://files.nordnet.fi https://www.recaptcha.net https://www.google.com; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.fi; worker-src 'none'; base-uri 'none'; form-action 'self' https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
frame-ancestors 'self' https://www.nwcg.gov 1
script-src 'sha256-FWZwGKYS+SsixN/2YkjQ01lMH76+CQ9D0gOB03tBVSE=' 'self' self unsafe-eval; style-src self unsafe-eval; report-uri https://d302fc2a-dd34-416c-a079-e29edadd0fcf.sansec.watch/ 1
object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.mercdn.net https://www.google.com https://*.adtrafficquality.google https://*.g.doubleclick.net https://analytics.tiktok.com https://b99.yahoo.co.jp https://bat.bing.com https://*.smartnews-ads.com https://connect.facebook.net https://ct.pinterest.com https://d.line-scdn.net https://dmp.im-apps.net https://dynamic.criteo.com https://h.accesstrade.net https://s.pinimg.com https://s.yimg.jp https://*.criteo.com https://static.ads-twitter.com https://statics.a8.net https://*.blob.core.windows.net https://trj.valuecommerce.com https://*.google-analytics.com https://*.forter.com; style-src 'self' 'unsafe-inline' https://*.mercdn.net https://fonts.googleapis.com; font-src https://fonts.gstatic.com; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-_VBoSHdHFXdrkSW2nMABMA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.no https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net https://relay.prod.nntech.io https://api-poc.prod.nntech.io; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.no; frame-src 'self' https://analytics.nordnet.no https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://www.google.com https://t.email.nordnet.no https://dashboard.fundrella.com; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://api.prod.nntech.io data: blob: https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogg.nordnet.no; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.no https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-7286cdeb-fde6-4e9f-9bb2-a57ba2a9dd10' https://analytics.nordnet.no https://cdn.prod.nntech.io https://files.nordnet.no https://www.recaptcha.net https://www.google.com; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.no; worker-src 'none'; base-uri 'none'; form-action 'self' https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://static.dhlecommerce.nl https://maps.googleapis.com * 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.fontawesome.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com * 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-JYYUL6QY1mTXDgFAdVaANQ==' 'strict-dynamic' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://files.any.run; media-src 'self' blob: https://files.any.run; font-src 'self' data:; connect-src 'self' https://analytics.any.run https://sentry.any.run https://api-gb.any.run; frame-src 'self' https://challenges.cloudflare.com; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://files.any.run; upgrade-insecure-requests; report-uri /api/csp-report/create 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.dk https://www.googletagmanager.com https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net https://relay.prod.nntech.io https://api-poc.prod.nntech.io; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.dk; frame-src 'self' https://analytics.nordnet.dk https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://www.google.com https://t.email.nordnet.dk https://dashboard.fundrella.com; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk https://api.prod.nntech.io data: blob: https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blog.nordnet.dk; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.dk https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-97e4d681-46a6-4021-a272-e61b9cf3dc4f' https://analytics.nordnet.dk https://cdn.prod.nntech.io https://files.nordnet.dk https://www.recaptcha.net https://www.google.com; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.dk; worker-src 'none'; base-uri 'none'; form-action 'self' https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com; 1
base-uri https://*.adnami.io; worker-src blob: data: 1
default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.atyarisi.com wss://*.atyarisi.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com tjktv.ercdn.net *.tjk.org *.broadage.com *.media.net *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.nsoft-cdn.com *.stg-digi.com *.rlcdn.com *.crwdcntrl.net *.dengage.com *.nr-data.net *.taboola.com *.tiktok.com *.dengagecdn.com *.sisalsanstech.com *.ondigitalocean.app *.millipiyangoonline.com *.rsc.cdn77.org *.clarity.ms scripts.clarity.ms *.tiktokw.us *.tiktokv.com *.byteoversea.com; img-src * data:; report-uri /csp/cspreport/ 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.instagram.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.instagram.com cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.doofinder.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
connect-src 'self' ws: data: https://builder.io https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js.map https://motionind.leadmethod.com https://cdn.builder.io https://cdn.cookielaw.org wss://centralus.stt.speech.microsoft.com https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://hit.uptrendsdata.com https://api.stripe.com https://r.stripe.com https://js.stripe.com https://www.googletagmanager.com https://fonts.gstatic.com https://fonts.googleapis.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://ka-p.fontawesome.com https://kit.fontawesome.com https://privacyportal-cdn.onetrust.com https://privacyportal.onetrust.com https://*.onelink-edge.com https://px.ads.linkedin.com https://f.monetate.net https://*.klaviyo.com https://dpm.demdex.net https://api9761.d41.co https://surveystats.hotjar.io https://content.hotjar.io https://vc.hotjar.io https://gpc.d2.sc.omtrdc.net https://google.com https://motion.groupbycloud.com https://*.signifyd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.merchant-center-analytics.goog https://stats.g.doubleclick.net https://app.launchdarkly.com https://events.launchdarkly.com https://clientsdk.launchdarkly.com https://clientstream.launchdarkly.com https://otel.observability.app.launchdarkly.com https://pub.observability.app.launchdarkly.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.stripe.com https://www.googletagmanager.com https://imgs.signifyd.com https://h.online-metrix.net https://genuinepartscompany.demdex.net https://fonts.googleapis.com/ https://www.google-analytics.com https://privacyportal.onetrust.com https://privacyportal-cdn.onetrust.com https://apis.google.com/ https://appleid.cdn-apple.com/ https://js.stripe.com https://fonts.gstatic.com https://cdn.builder.io https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://ka-p.fontawesome.com https://privacyportal-cdn.onetrust.com https://static.klaviyo.com https://script.hotjar.com https://marketer.monetate.net https://*.signifyd.com https://*.klaviyo.com; form-action 'self' https://www.facebook.com; frame-src https://h.online-metrix.net https://motionindustries.navigator.traceparts.com https://www.traceparts.com https://js.stripe.com https://hooks.stripe.com https://www.google.com/ https://*.partcommunity.com https://motionnonttpn.navigator.traceparts.com/ https://genuinepartscompany.demdex.net https://www.youtube.com/ https://www.facebook.com https://td.doubleclick.net https://imgs.signifyd.com https://www.3dcontentcentral.com https://www.googletagmanager.com http://hubcity-ps.com https://*.monetate.net https://*.mi-labs.gcp https://*.motion.com https://motion.com https://www.product-config.net https://*.product-config.net; frame-ancestors 'self'; img-src * data:; manifest-src 'self' https://www.motion.com https://motionzt.cloudflareaccess.com/*; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.builder.io https://js.stripe.com https://tracking.moe-labs.com https://maps.googleapis.com https://cdn.cookielaw.org https://*.onelink-edge.com https://*.signifyd.com https://*.klaviyo.com 'sha256-7IQaH0GHL0i/NYRSpNhetf7bsLAdUb5plCa1zopomqQ=' 'sha256-jxr65fElPSBOghVMG86Oa+1MMueF5XrrNnKBxrSKNR4=' 'sha256-mq0FQ38XiRVr8QBX1KWMstgu+w2sSU0yJOISOMT8uCA=' 'sha256-rCc5T4hQqAV0Ug7xq3ex3dQHIz6POkm/UAbJBZKjH+g=' 'sha256-VMTg7GC0NsngXmVSkIYGrQXa4b320SA4uhCcc0puRdg=' 'sha256-Lpmug5Bj24IpRX9Ndaoigbig9HRqpXJOrVZkeXku0fM=' 'sha256-FGRuJhIHLNoCAfw5Kb9S2FSdJKk8WPbpY/kZTaHh3RM=' 'sha256-5LPe4p9xSNM/leeaQEH1Z6wPUud4wMVL0PbL8PeIC3M=' 'sha256-kpnnNmp+MLPg+Fjda/K7AJtULAgN7iidJ1ewzp/ohBk=' 'sha256-PCj4vgYYXM6VCEdc7heJLgTfFOaKiVZJpsxI5ZWd5t4=' 'sha256-oCs8W0eDmzWleSViR3QwoMmlWyVgfU55OcbOiHEcE8g=' 'sha256-o71Ig/I5ECDOBZ54K2HqrJog5oqNKbqyJ9dc1zd2tdQ=' 'sha256-uCmRe/UYuP3cioaYZgsPXxUxokNm74UQWm9/O2C1G9I=' 'sha256-VKjuplJ1QRySkDbQrgh+0biogvxxD0UbXrTrqHmLgOU=' 'sha256-8Dv4Ja24qJrfu3I7r6TOPLbHAlB63DbiDG6u+uwkn+U=' 'sha256-UttWgMmPrRk26GokTFwrZEv32kNSsOJflEfLjZmm+/I=' 'sha256-B81/WPg1m3H90Y0sm5oAXDNqUD8QLQ1EjR14JwA/b1Q=' 'sha256-19itzSn0e8zLc9z8nCE1IARl1X32ifhCpJMRpbAA16M=' 'sha256-Ew22nQRMcWa1Ibq+bAd4+6TFPN/tie3sLoyc6m6okfM=' 'sha256-eO3mn8/oi3ZTPuPqtur4mQyP0kjkGJ/UfhL4woUedgY=' https://static.cloudflareinsights.com/ https://kit.fontawesome.com https://assets.adobedtm.com https://connect.facebook.net https://api9761.d41.co https://cdn-0.d41.co https://snap.licdn.com https://se.monetate.net https://marketer.monetate.net https://id.rlcdn.com https://f.monetate.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://static.ads-twitter.com https://static.hotjar.com https://script.hotjar.com https://privacyportal-cdn.onetrust.com https://www.googletagmanager.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com https://fonts.googleapis.com https://marketer.monetate.net https://www.googletagmanager.com https://*.typekit.net; worker-src 'self' blob: https://localhost:8443 https://*.moe-labs.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8RvzQ0eyLSfLEzeJXhQkl14A4s3jmDPJWaFI1ORc6Ww-1773716967.3640735-1.0.1.1-jSGIBNeOW7ZyjZJlIu8BNf57NJkx8Rnak3dQmryJ.LckA3myGq5hjchlq87Y7a34YxjXcdUH9uNl8OJqTUKd31KsdTiNDyBW6HhVPUNli0nT8BG4AApRQFWyxMtIgr9bLUM.4UuQoDzv2Q0qIpwGNbu38sOQHSV2dII5sWWv.oUFjmsCXiX0bV34soVUcL2O; report-to cf-pdqnglxuearawjwj 1
report-uri https://www.dropbox.com/csp_log?policy_name=dash&report_only=true; default-src 'none'; img-src 'self' data: https://*; font-src 'self' data:; object-src 'none'; frame-src https://www.dropbox.com https://snippet.meticulous.ai https://*.dropboxusercontent.com https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' blob: https://*.dropbox.com https://*.logs.datadoghq.com https://*.logs.datadoghq.eu https://*.sentry.io https://api.dropboxapi.com https://content.dropboxapi.com https://cdn.dropboxexperiment.com https://api.sprig.com https://cognito-identity.us-west-2.amazonaws.com https://user-events-v3.s3-accelerate.amazonaws.com https://*.dropboxusercontent.com https://cfl.dropboxstatic.com https://edge.fullstory.com https://rs.fullstory.com https://browser.sentry-cdn.com https://s2.googleusercontent.com https://paper.dropboxstatic.com https://app.dropboxer.net https://cdn.prod.website-files.com; media-src 'self' https://*.dropbox.com https://*.dropboxusercontent.com blob:; script-src 'self' 'report-sample' 'sha256-Ug+Tt6thCsOMMEscVE3D3ynGMA/+AqEnDh5MqhLRPMY=' https://www.dropbox.com https://browser.sentry-cdn.com https://snippet.meticulous.ai https://cfl.dropboxstatic.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.cloudfront.net *.googleapis.com *.webformatlabs.com *.pu.subcom.it *.passionebeauty.com https://fonts.gstatic.com *.zdassets.com *.zopim.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://forms-eu1.hsforms.com *.zdassets.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.passionebeauty.com cloudfront.net self https: *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com self https: integration.api.scalapay.com api.scalapay.com consentcdn.cookiebot.com www.paypalobjects.com *.hipay-tpp.com *.hipay.com *.facebook.com www.youtube.com www.twitter.com *.nr-data.net *.criteo.net/ *.criteo.com/ *.hotjar.com https://optimize.google.com https://*.adform.net https://cdn.smooch.io/ *.hsforms.com *.hubspot.com https://*.hs-sites-eu1.com *.zdassets.com *.zopim.com https://app-eu1.hubspot.com *.typeform.com https://passione-toolkit.replit.app/ *.cloudfront.net *.passionebeauty.com *.firework.com *.omtrdc.net *.demdex.net assets.adobedtm.com cm.everesttech.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net data: https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com asset.fwcdn2.com *.asset.fwcdn2.com asset.fwcdn1.com *.asset.fwcdn1.com fireworktv.com *.fireworktv.com p2.fwpixel.com *.p2.fwpixel.com integration.api.scalapay.com api.scalapay.com www.sandbox.paypal.com *.hipay-tpp.com *.hipay.com *.cloudfront.net *.googleadservices.com *.google-analytics.com https://www.googletagmanager.com www.google.it *.google.com *.webformatlabs.com *.pu.subcom.it *.passionebeauty.com *.criteo.net/ *.criteo.com/ *.facebook.com https://s.thebrighttag.com https://beacon.krxd.net https://ad.yieldlab.net https://matching.ivitrack.com https://visitor.omnitagjs.com https://*.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://exchange.mediavine.com https://contextual.media.net https://ad.360yield.com https://ib.adnxs.com https://dis.criteo.com https://cm.g.doubleclick.net https://x.bidswitch.net https://r.casalemedia.com https://sync.outbrain.com https://match.sharethrough.com https://id5-sync.com https://criteo-partners.tremorhub.com https://sync-criteo.ads.yieldmo.com *.hsforms.com *.hubspot.com https://track.hubspot.com https://perf-eu1.hsforms.com https://cta-eu1.hubspot.com https://js-eu1.hubspot.com https://static.hubspot.com *.hsappstatic.net https://optimize.google.com *.googleapis.com *.etrusted.com https://analytics.tiktok.com https://cdn.qapla.it https://s.pinimg.com *.zdassets.com *.zopim.com https://imgsct.cookiebot.com https://c.clarity.ms *.postrelease.com app.passionebeauty.test fireworkapi1.com asset.fwcdn3.com fireworkadservices1.com asset.fwbiz1.com asset.fwpub1.com asset.fwadcdn1.com cdn1.fireworkn.com fireworkanalytics.com *.agora.io *.sd-rtn.com business.firework.com api.firework.com ig-importer.firework-prod.com cdn.fw-assets1.com *.execute-api.us-west-2.amazonaws.com *.omtrdc.net *.demdex.net 'self' blob: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com commerce.adobe.io geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com asset.fwcdn1.com *.asset.fwcdn1.com asset.fwcdn3.com *.asset.fwcdn3.com asset.fwcdn2.com *.asset.fwcdn2.com https://cdnjs.cloudflare.com integration.api.scalapay.com api.scalapay.com *.paypal.com *.cloudfront.net *.fontawesome.com *.google-analytics.com googletagmanager.com *.gstatic.com js-agent.newrelic.com *.webformatlabs.com *.pu.subcom.it *.passionebeauty.com consent.cookiebot.com consentcdn.cookiebot.com bam.eu01.nr-data.net https://www.googleoptimize.com https://optimize.google.com *.criteo.net/ *.criteo.com/ *.hotjar.com s7.addthis.com *.hipay-tpp.com *.hipay.com zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com www.recaptcha.net *.facebook.com *.doubleclick.net https://*.adform.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hubspot.com *.hubspotfeedback.com https://www.googleanalytics.com https://cdn.logico3c.com *.webgains.io *.solocpm.com *.tangooserver.com https://api.qapla.it *.googleapis.com *.onyourmap.com *.mapbox.com https://analytics.tiktok.com *.euh.stape.io *.euh.stape.net https://ajax.googleapis.com https://s.pinimg.com *.zdassets.com *.zopim.com *.clarity.ms https://js-eu1.usemessages.com https://pagead2.googlesyndication.com https://app-eu1.hubspot.com https://rum.hlx.page *.goaffpro.com *.hsadspixel.net *.typeform.com *.impactcdn.com cdn.jsdelivr.net/npm/photoswipe/ player.vimeo.com *.omtrdc.net *.demdex.net cm.everesttech.net bat.bing.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com integration.api.scalapay.com api.scalapay.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.hipay-tpp.com *.hipay.com *.paypal.com *.cloudfront.net *.gstatic.com js-agent.newrelic.com *.webformatlabs.com *.pu.subcom.it *.passionebeauty.com *.facebook.com https://optimize.google.com *.etrusted.com https://api.qapla.it *.zdassets.com *.zopim.com https://webgains.io *.typeform.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn4.fireworktv.com *.cdn4.fireworktv.com 'self' data: blob: * *.passionebeauty.com 'self' 'unsafe-inline'; manifest-src *.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com p2.fwpixel.com *.p2.fwpixel.com fireworkapi1.com *.fireworkapi1.com fireworkadservices1.com *.fireworkadservices1.com fireworkanalytics.com *.fireworkanalytics.com consentcdn.cookiebot.com api-staging.oney.io api.oney.io integration.api.scalapay.com api.scalapay.com *.hipay-tpp.com *.hipay.com *.cloudfront.net consent.cookiebot.com *.doubleclick.net *.pu.subcom.it *.webformatlabs.com *.passionebeauty.com bam.eu01.nr-data.net pagead2.googlesyndication.com *.facebook.com zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com www.recaptcha.net *.hotjar.com commerce.adobe.io *.criteo.net/ *.criteo.com/ *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://*.adform.net *.webgains.io *.googleapis.com *.onyourmap.com *.mapbox.com api.qapla.it https://analytics.tiktok.com *.euh.stape.io *.euh.stape.net https://s.pinimg.com *.zendesk.com https://passionebeauty-it.zendesk.com *.zdassets.com *.zopim.com *.clarity.ms https://rum.hlx.page *.hubapi.com *.pinterest.com *.typeform.com passionebeauty.sjv.io *.fireworktv.com wss://fireworkapi1.com asset.fwcdn3.com *.live-video.net asset.fwcdn1.com asset.fwcdn2.com asset.fwbiz1.com asset.fwpub1.com asset.fwadcdn1.com cdn1.fireworkn.com *.agora.io *.sd-rtn.com business.firework.com api.firework.com ig-importer.firework-prod.com cdn.fw-assets1.com *.execute-api.us-west-2.amazonaws.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com cm.everesttech.net cdn.scalapay.com bat.bing.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' *.engagement.coremedia.cloud *.byside.com wss://*.engagement.coremedia.cloud wss://*.byside.com; script-src 'self' *.engagement.coremedia.cloud 'unsafe-inline'; style-src 'self' *.engagement.coremedia.cloud 'unsafe-inline'; img-src 'self' *.engagement.coremedia.cloud data:; 1
font-src *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.authorize.net https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.authorize.net https://plumrocket.com *.hotjar.com *.addthis.com *.libsyn.com *.locally.com *.sheerid.com *.wayin.com *.newtonsoftware.com https://recruitingbypaycor.com/ *.curalate.com *.formstack.com *.trackcmp.net *.google-analytics.com *.nr-data.net data: *.typeform.com *.pagescdn.com *.yextpages.net *.googleapis.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com store.paradoxlabs.com *.disqus.com *.google.com *.mageside.com mageside.com *.bc0a.com *.curalate.com *.s3.amazonaws.com *.amazonaws.com *.leupold.com *.googleapis.com *.gstatic.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.b0e8.com https://img.youtube.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://developer.adobe.com https://assets.armanet.us *.kaptcha.com *.disqus.com *.google.com *.gstatic.com *.authorize.net *.hotjar.com *.curalate.com *.app-us1.com *.avmws.com *.acsbapp.com acsbapp.com *.googleapis.com *.googletagmanager.com *.paypalobjects.com *.sheerid.com *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.cloudfront.net *.locally.com *.wayin.com *.activehosted.com *.newtonsoftware.com recruitingbypaycor.com *.leupold.com *.trackcmp.net *.google-analytics.com trackcmp.net *.vimeo.com *.apptrian.com *.facebook.com *.typeform.com *.sitescdn.net *.yextpages.net *.pagescdn.com *.b0e8.com *.bc0a.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sheerid.com *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.sitescdn.net *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://srv.armanet.us https://assets.armanet.us *.kaptcha.com *.authorize.net *.bc0a.com *.hotjar.com wss://*.hotjar.com *.addthis.com *.googleapis.com *.acsbapp.com *.curalate.com *.hotjar.io *.trackcmp.net *.google-analytics.com *.g.doubleclick.net *.typeform.com *.pagescdn.com *.yext.com *.yext-pixel.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' http://*.uqtr.uquebec.ca http://*.uqtr.ca data: https: blob:; base-uri 'self' http://*.uqtr.ca; form-action 'self' https: javascript: inline:; report-to csp-endpoint; report-uri https://webservice.uqtr.ca/prod/nginx/csp_api/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com  https://*.migracion.gob.do https://cdn.userway.org https://eticket.migracion.gob.do https://personal.migracion.gob.do https://cdn.jsdelivr.net https://connect.facebook.net https://www.google-analytics.com https://challenges.cloudflare.com https://static.cloudflareinsights.com; worker-src https://migracion.gob.do blob:; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://cdn.userway.org https://fonts.gstatic.com https://cdn.jsdelivr.net; media-src https://cdn.userway.org; img-src 'self' https://secure.gravatar.com https://s.w.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: https://cdn.userway.org https://*.migracion.gob.do https://cdn.jsdelivr.net https://www.google-analytics.com; connect-src 'self' https://cdn.userway.org https://api.userway.org https://*.migracion.gob.do https://www.google-analytics.com https://challenges.cloudflare.com; frame-src 'self' https://cdn.userway.org https://www.facebook.com https://www.youtube.com https://be.nortic.ogtic.gob.do https://eticket.migracion.gob.do https://challenges.cloudflare.com; object-src 'self'; base-uri 'self'; form-action 'self' https://*.migracion.gob.do; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://report-uri.migracion.gob.do/api/reports; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; 1
font-src https://*.hotjar.com https://*.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com business.facebook.com landofcoder.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com api-static.mercadopago.com *.doubleclick.net http://*.twitter.com https://maps.googleapis.com https://maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://*.paypal.com *.sandbox.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://cm.everesttech.net https://*.adobe.com https://widgets.magentocommerce.com https://t.paypal.com https://fpdbs.paypal.com https://fpdbs.sandbox.paypal.com https://*.ftcdn.net https://*.behance.net https://*.vimeocdn.com https://i.ytimg.com https://d3sbl0c71oxeok.cloudfront.net https://dhkkzdfmpzvap.cloudfront.net https://d2bpzs5y44q6e0.cloudfront.net https://d37shgu97oizpd.cloudfront.net https://d1zlqll3enr74n.cloudfront.net https://d1jynp0fpwn93a.cloudfront.net https://d2cb3tokgpwh3v.cloudfront.net https://d1re8bfxx3pw6e.cloudfront.net https://d35u8xwkxs8vpe.cloudfront.net https://d13s9xffygp5o.cloudfront.net https://d388nbw0dwi1jm.cloudfront.net https://d11p2vtu3dppaw.cloudfront.net https://d3r89hiip86hka.cloudfront.net https://dc7snq0c8ipyk.cloudfront.net https://d5c7kvljggzso.cloudfront.net https://d2h8yg3ypfzua1.cloudfront.net https://d1b556x7apj5fb.cloudfront.net https://draz1ib3z71v2.cloudfront.net https://dr6hdp4s5yzfc.cloudfront.net https://d2bomicxw8p7ii.cloudfront.net https://d3aypcdgvjnnam.cloudfront.net https://d2a3iuf10348gy.cloudfront.net https://*.ssl-images-amazon.com https://*.ssl-images-amazon.co.uk https://*.ssl-images-amazon.co.jp https://*.ssl-images-amazon.it https://*.ssl-images-amazon.fr https://*.ssl-images-amazon.es https://*.ssl-images-amazon.de https://*.media-amazon.com https://*.media-amazon.co.uk https://*.media-amazon.co.jp https://*.media-amazon.it https://*.media-amazon.fr https://*.media-amazon.es https://*.media-amazon.de https://www.facebook.com https://connect.facebook.net https://graph.facebook.com https://business.facebook.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com https://sandbox-assets.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://thm.visa.com https://cdn.aplazo.mx https://*.mercadopago.com https://*.mercadolivre.com https://*.mercadolibre.com https://*.mercadolibre.com.br https://*.mercadopago.com.br https://*.mlstatic.com https://*.mercadolivre.com.br https://*.mercadolibre.com.mx https://*.mercadolibre.com.ar https://*.mercadopago.com.mx https://b.stats.paypal.com https://dub.stats.paypal.com https://assets.braintreegateway.com https://c.paypal.com https://checkout.paypal.com https://*.sandbox.paypal.com https://*.yotpo.com https://*.steren.com.mx https://*.ocularsolution.com https://0.s3.envato.com https://*.hsforms.com https://*.hubspot.com/ https://bat.bing.com https://maps.googleapis.com https://maps.gstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com business.facebook.com landofcoder.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.bootstrapcdn.com https://*.hotjar.com https://*.fontawesome.com https://*.ocularsolution.com https://diffuser-cdn.app-us1.com https://*.liveperson.net https://*.omappapi.com http://js-na1.hs-scripts.com https://prism.app-us1.com http://*.twitter.com https://*.googleapis.com https://static.cloudflareinsights.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://calidad.steren.com.mx https://maps.googleapis.com https://maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net https://*.hotjar.com https://*.fontawesome.com https://use.fontawesome.com https://*.omappapi.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com thm.visa.com business.facebook.com landofcoder.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ocularsolution.com https://*.googleapis.com https://*.omappapi.com https://*.hubspot.com https://*.hscollectedforms.net https://bat.bing.com https://analytics.google.com https://analytics.tiktok.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://static.klaviyo.com https://cdn.jsdelivr.net https://*.adobe.com https://fonts.googleapis.com https://*.doubleclick.net https://*.facebook.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.bunny.net https://fonts.static.com https://*.nosto.com https://*.nos.to https://assets.braintreegateaway.com https://*.cloudfront.net https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com https://fonts.bunny.net fonts.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.innoship.ro *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://www.googletagmanager.com https://consentcdn.cookiebot.eu https://event.2performant.com https://ams.creativecdn.com https://www.gstatic.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org * https://www.magezon.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com quickchart.io img.youtube.com *.nosto.com *.nos.to www.google.com.ua preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://ss.otter.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com cdn.jsdelivr.net *.tiktok.com * *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com https://www.gstatic.com/ *.avada.io *.shopify.com *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com https://cdn.otter.ro https://ss.otter.ro 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.adobe.com fonts.googleapis.com *.googleapis.com https://*.doubleclick.net https://*.facebook.com *.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com *.tiktok.com https://*.fontawesome.com maxcdn.bootstrapcdn.com https://*.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://fonts.bunny.net fonts.gstatic.com https://*.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.static.com https://*.nos.to https://assets.braintreegateaway.com https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.facebook.com *.facebook.net https://www.google.com/ *.doubleclick.net *.googlesyndication.com *.tiktok.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro static.klaviyo.com cdn.jsdelivr.net https://tezyo.zendesk.com https://ekr.zdassets.com https://*.zendesk.com https://*.zdassets.com https://event.2performant.com https://tidytracking.com https://ss.otter.ro 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-SDPwLeWNN_s34p58zEvYwg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.co *.betano.co betgenius.com *.betgenius.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kameleoon.io *.kameleoon.io optimove.net *.optimove.net sportradar.com *.sportradar.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery cloudflare.com *.cloudflare.com lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=v7zqMkARGq4QGtNsj0ZPuu9WPElaYDQ.OxHcxvGVASU-1773714697-1.0.1.1-CpGyUmVaugjp2MS0eP2vWbPd_czxl1keZh6FTOEyssVjri4zUbMa.qjbrgvlXobnaEFcdrt6d3E9FY9aWeQNHGdaIsKyYeUzFFqcQc5yC49Zz9C6bsNWS.bWzH3domNz7nqKaLswTjAGE.5H7gL7cYTG.7I9riLznckZdpAV6OuoV3TfeVrMNDs4QgPKOjDsh4vjYkftwPvnOsNw9nBUTA; report-to cf-kbjxjmsminkhjtwk 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudflare.com *.twitter.com *.facebook.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.fontawesome.com *.mncdn.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.zopim.com *.zopim.io *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com www.rossmann.com.tr *.snapchat.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr *.vimeo.com *.snapchat.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.twitter.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr cdn.rossmann.com.tr rossmann.api.useinsider.com td.doubleclick.net ams.creativecdn.com *.snapchat.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.mncdn.com *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.bing.com *.zopim.com *.zopim.io *.google.co.in *.mastercard.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.media.net *.360yield.com *.outbrain.com *.rubinproject.com *.sharethrough.com *.smartadserver.net *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.omnitagjs.com *.sync.com *.ivitrack.com *.mediavine.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.semasio.net *.krxd.net *.thebrighttag.com *.smartadserver.com *.yahoo.com https://id5-sync.com *.rubiconproject.com www.rossmann.com.tr cdn.rossmann.com.tr web-image.useinsider.com image.useinsider.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co www.facebook.com *.snapchat.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.avada.io *.mncdn.com *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.openx.net *.sharethis.com *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.bing.com *.zopim.com *.zdassets.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.rossmann.com.tr www.rossmann.com.tr rossmann.api.useinsider.com connect.facebook.net tags.creativecdn.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com embeds.ipaper.io static.hotjar.com cdn.rossmann.com.tr eitri.api.useinsider.com analytics.tiktok.com script.hotjar.com ams.creativecdn.com *.snapchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.fontawesome.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.mncdn.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.bing.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com www.rossmann.com.tr cdn.rossmann.com.tr maxcdn.bootstrapcdn.com assets.api.useinsider.com *.snapchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com https://stats.g.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io https://get.geojs.io *.avada.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr https://mnemos-api.ahtapot.ai *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com https://buysoci.al *.agkn.com *.a.run.app *.clarity.ms sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com *.cloudflareinsights.com *.cookiespool.com *.tiktokw.us *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://*.amazonaws.com *.criteo.com *.rossmann.com.tr www.rossmann.com.tr cdn.rossmann.com.tr rossmann.api.useinsider.com aryuder.api.useinsider.com hit.api.useinsider.com ams.creativecdn.com recommendationv2.api.useinsider.com *.snapchat.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.ingage.tech *.pinterest.com *.pinimg.com *.connectad.io *.opera.com *.gumgum.com *.rakuten.com *.smaato.net *.adtarget.com *.mgid.com *.onetag-sys.com *.adscale.com *.loopme.me *.smilewanted.com *.wawlabs.com *.dmxleo.com *.cloudfront.net *.openx.net *.sharethis.com *.google.com.tr *.googlesyndication.com *.buysoci.al *.agkn.com *.a.run.app sc-static.net jadserve.postrelease.com sync.1rx.io sync.targeting.unrulymedia.com www.rossmann.com.tr cdn.rossmann.com.tr *.clarity.ms googleads.g.doubleclick.net analytics.tiktok.com *.snapchat.com *.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.de https://www.myheritage.de  'unsafe-eval' 'nonce-e808fb1fd37eebd3d26df4bbd7c16025' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
script-src https://ajax.googleapis.com static.cloudflareinsights.com https://widget.surveymonkey.com https://www.google.com 'unsafe-inline' https://*.googletagmanager.com https://js-agent.newrelic.com https://static.zdassets.com https://googleads.g.doubleclick.net https://challenges.cloudflare.com https://www.googletagmanager.com http://static-assets https://assets.zendesk.com https://tagmanager.google.com https://googletagmanager.com 'self' https://www.googleadservices.com *.addgene.org; frame-src https://www.youtube.com https://challenges.cloudflare.com https://www.googletagmanager.com https://www.surveymonkey.com https://td.doubleclick.net 'self' https://bid.g.doubleclick.net *.addgene.org; connect-src *.nr-data.net https://addgene.zendesk.com https://*.googletagmanager.com https://*.analytics.google.com https://ekr.zdassets.com https://zendesk-eu.my.sentry.io https://*.google.com cloudflareinsights.com 'self' https://*.google-analytics.com https://*.g.doubleclick.net *.addgene.org; style-src https://fonts.googleapis.com 'unsafe-inline' http://static-assets https://tagmanager.google.com https://googletagmanager.com 'self' *.addgene.org; img-src data: https://ssl.gstatic.com https://google.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com *.addgene.org.s3.amazonaws.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://*.google.com http://static-assets https://googletagmanager.com 'self' https://*.google-analytics.com https://*.g.doubleclick.net *.addgene.org; font-src data: http://static-assets https://fonts.gstatic.com 'self' *.addgene.org; default-src 'self' *.addgene.org; report-uri /csp-reporting/ 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com https://d22j4fzzszoii2.cloudfront.net *.typekit.net https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com payments.amazon.de * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.palaisdesthes.com *.palaisdesthes.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.sharethis.com *.certcapture.com * https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.sharethis.com *.certcapture.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.agkn.com *.360yield.com *.3lift.com *.abtasty.com *.adform.net *.adnxs.com *.avis-verifies.com *.bidswitch.net *.bing.com *.bing.net *.casalemedia.com *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.emxdgt.com *.exelator.com *.facebook.com *.google.fr *.google.ch *.googleapis.com *.gstatic.com *.rlcdn.com *.ivitrack.com *.klarna.com *.media.net *.mediavine.com *.mmtro.com https://mmtro.com *.omnitagjs.com *.outbrain.com *.palaisdesthes.com *.palaisdesthes.co.uk *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.stickyadstv.com *.taboola.com *.teads.tv *.weborama.fr *.yahoo.com *.yieldlab.net *.yieldmo.com *.zebestof.com *.zdassets.com *.zendesk.com *.adscale.de *.id5-sync.com https://id5-sync.com *.liadm.com *.smartclip.net *.tremorhub.com *.krxd.net *.thebrighttag.com *.amazon-adsystem.com *.contentsquare.net *.privacy-center.org *.postrelease.com *.sc-trc.com *.surveyjs.io *.1rx.io *.join-stories.com *.parcellab.com *.opecloud.com *.zopim.io https://shareasale.com *.google.com *.unrulymedia.com *.hsforms.com *.hubspot.com *.hscollectedforms.net *.adsrvr.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://rum.hlx.page *.sharethis.com *.googleapis.com *.certcapture.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.abtasty.com *.acdn.adnxs.com *.avtm.fr *.amazon-adsystem.com *.bing.com *.bing.net *.capadresse.com ws2.capadresse.com:7455 ws2.capadresse.com:7456 *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.effiliation.com *.facebook.net *.mmtro.com https://mmtro.com *.privacy-center.org *.static-sb.com *.tradedoubler.com *.zdassets.com *.zendesk.com *.mouseflow.com *.servedby.flashtalking.com https://servedby.flashtalking.com *.secure.adnxs.com/ https://secure.adnxs.com/ *.tag.zebestof.com https://tag.zebestof.com *.contentsquare.com *.contentsquare.net *.thank-you.io *.tiktok.com *.palaisdesthes.com *.palaisdesthes.co.uk *.optimalpeople.fr https://d16fk4ms6rqz1v.cloudfront.net *.dwin1.com *.skeepers.io *.surveyjs.io *.amcharts.com *.parcellab.com *.zopim.io *.adnxs.com *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.billetweb.fr *.brevo.com https://sibautomation.com *.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com p.teads.tv google.com recaptcha.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ palais-des-thes.my.join-stories.com *.get-potions.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.certcapture.com fonts.googleapis.com unpkg.com fonts.gstatic.com *.parcellab.com assets.braintreegateway.com *.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zendesk.com *.join-stories.com *.zopim.io blob: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.sharethis.com *.googleapis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.certcapture.com maps.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.abtasty.com *.clarity.ms *.analytics.google.com *.googlesyndication.com *.palaisdesthes.com *.palaisdesthes.co.uk *.privacy-center.org *.social-sb.com *.zendesk.com *.zopim.io wss://widget-mediator.zopim.com *.mouseflow.com *.zdassets.com *.contentsquare.net *.thank-you.io *.tiktok.com *.zebestof.com *.doubleclick.net *.optimalpeople.fr *.criteo.com *.salecycle.com wss://ws.salecycle.com *.surveyjs.io http://127.0.0.1:63342 *.bing.com *.bing.net *.stories.studio *.parcellab.com *.algolia.io *.adnxs.com *.hsforms.com *.s3.amazonaws.com *.hscollectedforms.net *.hubspot.com *.skeepers.io *.brevo.com *.braintreegateway.com *.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.join-stories.com *.teads.tv http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.googleapis.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-q5yh5lhP0tEHyKvfbLoHZWIE' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://decagon.ai https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
object-src 'none'; script-src 'self' chosen.jquery.js https://polyfill-fastly.io https://unpkg.com; script-src-attr 'self'; style-src 'self' chosen.css https://use.typekit.net; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' blob: data: https://insights.algolia.io https://rules.atgsvcs.com https://*.b2clogin.com https://bat.bing.com https://*.boltdns.net https://*.brightcove.com https://*.brightcovecdn.com https://*.dynatrace.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://forms.hscollectedforms.net https://*.hsforms.com https://*.hubspot.com https://pixel.mathtag.com https://*.monetate.net https://*.optimizely.com https://*.corp.ecom-dev.pattersoncompanies.dev https://*.pattersoncompanies.dev https://cdn.cloud.pattersoncompanies.com https://tags.srv.stackadapt.com https://t.co https://consent.trustarc.com https://analytics.twitter.com https://use.typekit.net https://siteintercept.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.atgsvcs.com https://bat.bing.com blob: https://players.brightcove.net https://*.custhelp.com https://googleads.g.doubleclick.net https://*.dynatrace.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://*.hsforms.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hubspot.com https://pixel.mathtag.com https://*.monetate.net https://cdn.optimizely.com https://cdn.cloud.pattersoncompanies.com https://*.pattersoncompanies.com https://*.pattersoncompanies.dev https://*.corp.ecom-dev.pattersoncompanies.dev https://zn5olgkd5yakidb2l-pattersondental.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://vsvipac01.rightnowtech.com https://tags.srv.stackadapt.com https://consent.trustarc.com https://static.ads-twitter.com https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://cdn.cloud.pattersoncompanies.com https://*.pattersoncompanies.dev https://tags.srv.stackadapt.com https://*.typekit.net; style-src-elem 'self' 'unsafe-inline' https://cdn.cloud.pattersoncompanies.com https://*.pattersoncompanies.dev https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.typekit.net; connect-src 'self' https://rules.atgsvcs.com https://bat.bing.com https://edge.api.brightcove.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://googleads.g.doubleclick.net https://*.dynatrace.com https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://forms.hscollectedforms.net https://forms.hsforms.com https://*.hubspot.com https://logx.optimizely.com https://billpay.pattersondental.com https://content.pattersondental.com https://gw.pattersoncompanies.com https://siteintercept.qualtrics.com https://tags.srv.stackadapt.com https://consent.trustarc.com; script-src-elem 'self' 'unsafe-inline' https://static.atgsvcs.com https://bat.bing.com https://players.brightcove.net https://pattersonsupport.custhelp.com https://pattersonsupport.widget.custhelp.com https://js-cdn.dynatrace.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://js.hubspot.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-scripts.com https://pixel.mathtag.com https://*.monetate.net https://billpay.pattersondental.com https://content.pattersondental.com https://cdn.cloud.pattersoncompanies.com https://gw.pattersoncompanies.com https://cdn.optimizely.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://*.rightnowtech.com https://tags.srv.stackadapt.com https://consent.trustarc.com https://static.ads-twitter.com https://vjs.zencdn.net; frame-src https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://pixel.mathtag.com https://*.cdn.optimizely.com https://billpay.pattersondental.com https://content.pattersondental.com https://gw.pattersoncompanies.com; frame-ancestors 'self' https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://*.pattersoncompanies.com https://*.pattersoncompanies.dev https://rs.fullstory.com https://edge.fullstory.com; img-src 'self' https://bat.bing.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://billpay.pattersondental.com https://content.pattersondental.com https://gw.pattersoncompanies.com https://tags.srv.stackadapt.com; font-src 'self' https://edge.fullstory.com https://www.google.com https://www.googleadservices.com https://gw.pattersoncompanies.com https://consent.trustarc.com https://use.typekit.net; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src https: wss: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 1
font-src fonts.gstatic.com use.typekit.net https://cdn.checkout.com *.bglobale.com *.global-e.com https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.bglobale.com *.global-e.com https://www.googletagmanager.com/ js.mollie.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.youtube.com/ *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.afd.co.uk https://images.unsplash.com *.brsrvr.com *.bloomreach.cloud sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com *.afd.co.uk https://maps.googleapis.com cdn.brcdn.com https://*.checkout.com *.klarnacdn.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net cdn.jsdelivr.net *.exponea.com *.cookiepro.com *.mention-me.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://cdn.checkout.com *.bglobale.com *.global-e.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afd.co.uk https://maps.googleapis.com https://player.vimeo.com *.dxpapi.com https://js.checkout.com *.klarnaevt.com thm.visa.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnauserservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org experiments-api.fabric-analytics.com *.exponea.com *.noibu.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://correspondent.report-uri.com https://static.cdn-decorrespondent.nl https://useruploads.cdn-decorrespondent.nl https://decorrespondent.matomo.cloud https://o206126.ingest.sentry.io https://space-corre.video-dns.com; media-src 'self' https://static.cdn-decorrespondent.nl https://traffic.omny.fm https://*.mc.tritondigital.com https://useruploads.cdn-decorrespondent.nl blob: https://space-corre.video-dns.com; form-action 'self' https://www.mollie.com https://pay.ideal.nl https://www.paypal.com; report-uri https://correspondent.report-uri.com/r/d/csp/reportOnly; report-to csp-report-only-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.youtube.com https://form.typeform.com *.criteo.com *.hotjar.com *.facebook.com *.simply-jobs.fr https://plumrocket.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.bird.eu *.trackedlink.net *.ddlnk.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr magefan.com cm.magefan.com *.disqus.com *.thebrighttag.com *.avis-verifies.com *.adform.net id5-sync.com *.liadm.com *.google.com *.google.fr *.kameleoon.eu *.nr-data.net *.metaffiliation.com *.facebook.com *.d-bi.fr *.adnxs.com *.omnitagjs.com *.casalemedia.com *.dmxleo.com *.360yield.com *.criteo.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.advertising.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rlcdn.com *.smartclip.net *.tremorhub.com *.twiago.com *.krxd.net *.bing.com *.bidswitch.net *.doubleclick.net *.googletagmanager.com *.googleapis.com *.monnaiedeparis.fr blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.disqus.com *.kameleoon.eu *.google.fr *.facebook.net *.d-bi.fr *.hotjar.com *.serving-sys.com *.criteo.com *.criteo.net *.monnaiedeparis.fr *.metaffiliation.com *.eulerian.net *.doubleclick.net *.bing.com *.soundclound.com *.soundcloud.com *.piwik.pro *.gstatic.com *.clarity.ms ipinfo.io *.addtoany.com *.googletagmanager.com *.m1by1.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.monnaiedeparis.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com *.googleapis.com *.addtoany.com 'self' data: *.typekit.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com http://dpm.demdex.net *.google-analytics.com *.g.doubleclick.net *.kameleoon.eu *.google.fr *.hotjar.com *.serving-sys.com *.criteo.com *.criteo.net *.monnaiedeparis.fr *.metaffiliation.com *.eulerian.net *.piwik.pro * payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://fonts.googleapis.com; report-to report-endpoint; 1
font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bing.com *.google-analytics.com *.googleadservices.com *.google.co.uk *.googletagmanager.com *.expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.feefo.com *.adobedtm.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.ometria.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.pbffinancecalculator.info cdn.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bing.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.noibu.com https://www.noibu.com https://cdn.noibu.com *.facebook.net https://cdn.jsdelivr.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.dixa.io x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk https://api.ometria.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bing.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com maps.googleapis.com expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.advancedcommerce.services *.algolia.net https://cdn.noibu.com wss://input.noibu.com https://input.noibu.com *.noibu.com *.facebook.net https://cdn.jsdelivr.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.dixa.io x.klarnacdn.net *.klarnaservices.com https://get.geojs.io *.avada.io *.staging-pbffinancecalculator.info *.pbffinancecalculator.info wss://*.staging-pbffinancecalculator.info wss://*.pbffinancecalculator.info *.paybyfinance.co.uk https://api.ometria.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.es/api/csp-report; report-to csp-endpoint 1
default-src 'self' *.apsiyon.com; style-src 'self' 'unsafe-inline' analytics.tiktok.com analytics.tiktok.com/api/v2/monitor cdn.apsiyon.com cdnjs.cloudflare.com translate.googleapis.com fonts.googleapis.com *.apsiyon.com wchat.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apsiyon.com www.google.com www.clarity.ms cdn.apsiyon.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.analytics.tiktok.com/api/v2/monitor connect.facebook.net www.googledservices.com www.googleadservices.com code.jquery.com cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com  www.google-analytics.com googleads.g.doubleclick.net cdn.taboola.com trc.taboola.com  www.gstatic.com wchat.freshchat.com  snap.licdn.com; frame-src 'self' www.googletagmanager.com www.googleadservices.com connect.facebook.net web.facebook.com *.apsiyon.com m.facebook.com  www.google.ro www.youtube.com youtube.com httpsapsiyoncom.webpush.freshchat.com www.google.com bid.g.doubleclick.net wchat.freshchat.com www.facebook.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor; img-src data: * ; connect-src 'self' 'unsafe-inline' localhost:51192 analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.google.bg www.google.li www.google.com.bd www.google.ro www.google.com.hk www.google.co.jp www.google.tm www.google.ps www.google.pl www.google.ba www.google.co.za www.google.cz www.google.md www.google.com.ua www.google.com.qa www.google.ba www.google.com.et www.google.jo www.google.hu www.google.ph stats.g.doubleclick.net www.google.at www.google.com.cy www.google.nl www.google.kz www.google.co.in www.google.com.sa www.google.es www.google.kg  www.google.co.id www.google.dk www.google.com.kw www.google.co.kr www.google.cn www.google.co.th www.google.co.uz www.google.co.uk www.google.ae www.google.ch www.google.az www.google.lu www.google.it www.google.com.pk www.google.be www.google.fi www.google.no www.google.sn www.bing.com www.google.se www.google.iq www.google.ie www.google.fr www.googleanalytics.com www.google.de www.google.ru *.taboola.com www.google.co.il  www.facebook.com  www.google.com.tr *.clarity.ms  *.apsiyon.com  analytics.google.com www.google-analytics.com; font-src 'self' data: fonts.googleapis.com use.fontawesome.com themes.googleusercontent.com *.apsiyon.com themes.googleusercontent.com static3.avast.com cdnjs.cloudflare.com fonts.gstatic.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-iiWXI1moCcGjxc_93o0SGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.mziq.com; script-src-elem 'self' https://*.mziq.com 'sha256-kQ7PZqRD+DW+OLPgGpzeit+ne5Q32Q7r0bNZq//y0Rw=' 'sha256-2L+nOGxRAxUhUjVdJf/7Wl9Y9CJvuXyNSb7gUk9APMU=' https://www.googletagmanager.com https://*.tinymce.com https://*.tiny.cloud; style-src 'self' 'unsafe-inline' https://*.mziq.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tinymce.com https://*.tiny.cloud; style-src-elem 'self' 'unsafe-inline' https://*.mziq.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tinymce.com https://*.tiny.cloud; font-src 'self' data: https://*.mziq.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tinymce.com https://*.tiny.cloud; connect-src 'self' https://*.mziq.com wss://*.mziq.com https://www.google.com https://www.google.com.br https://analytics.google.com https://www.google-analytics.com https://*.tinymce.com https://*.tiny.cloud https://mz-prd-pub-filemanager-external.s3.us-east-1.amazonaws.com https://mz-prd-pub-mziq-cdn.s3.us-east-1.amazonaws.com https://browser-intake-datadoghq.com blob:; img-src 'self' data: polygon: https://*.mziq.com https://www.google.com https://www.google.com.br https://*.tinymce.com https://*.tiny.cloud blob:; object-src 'none'; base-uri 'self'; report-uri https://csp-report.mziq.com/csp-report; report-to csp-endpoint; 1
frame-ancestors https://*.prace.cz https://my.teamio.com https://*.facebook.com https://*.jobs.cz https://*.topjobs.sk; report-uri /csp-reports/ 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com https://applepay.cdn-apple.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com www.promessedefleurs.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com p.monetico-services.com www.promessedefleurs.com 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com api-qa.payplug.com secure-qa.payplug.com www.promessedefleurs.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat cl.avis-verifies.com bat.bing.com s.pinimg.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com https://cdn.payplug.com https://cdn-qa.payplug.com https://unpkg.com/pwacompat *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com www.promessedefleurs.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org *.arcgis.com *.doubleclick.net www.promessedefleurs.com 'self' 'unsafe-inline'; child-src www.promessedefleurs.com http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.tomandco.uk *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: *.gstatic.com *.googleapis.com *.typekit.net *.elev.io *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.oliverbonas.com *.tomandco.uk *.typekit.net *.onetrust.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.marker.io *.worldpay.com *.convertexperiments.com *.gocertify.me blob: *.klevu.com *.vimeo.com vimeo.com *.exponea.com *.curalate.com *.sagepay.com *.ksearchnet.com *.dixa.io *.bing.com *.rmtag.com *.doubleclick.net *.pinterest.com *.contentsquare.com *.contentsquare.net *.facebook.net *.pinimg.com *.skimresources.com *.pingdom.net *.elev.io *.matomo.cloud *.equalweb.com *.ads-twitter.com *.fullstory.com *.tiktok.com *.googlesyndication.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.oliverbonas.com *.oliverbonas.com *.tomandco.uk *.typekit.net *.onetrust.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.google.com *.marker.io *.gocertify.me *.vimeo.com vimeo.com *.sagepay.com *.ksearchnet.com *.doubleclick.net *.contentsquare.com *.contentsquare.net *.exponea.com *.fullstory.com *.pinterest.com *.elev.io *.equalweb.com *.tiktok.com *.pingdom.net *.bing.com *.googlesyndication.com *.convertexperiments.com *.curalate.com *.klevu.com *.dixa.io *.tiktokw.us *.addressy.com *.googleadservices.com *.bing.net *.facebook.com *.amazonaws.com; frame-src 'self' * *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.typekit.net *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action www.facebook.com ecommerce.raiffeisenbank.rs *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.jasmin.rs *.cookiebot.com *.hotjar.com *.googletagmanager.com www.gstatic.com 'self'; frame-src www.facebook.com bid.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.jasmin.rs *.yandex.com *.yandex.md *.doubleclick.net *.cookiebot.com *.googletagmanager.com *.yango.com fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com stats.g.doubleclick.net www.google.com www.google.rs www.facebook.com www.googletagmanager.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.yandex.ru https://yandex.ru *.yandex.com *.yandex.md *.cookiebot.com *.yads.tech *.sharethis.com *.ymmobi.com *.doubleclick.net *.opera.com *.jasmin.rs jasmin.b-cdn.net kickoffcrm.com *.google.ru *.yango.com *.facebook.net *.linkedin.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.paypal.com *.typekit.net www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.googleapis.com *.gstatic.com *.googletagmanager.com www.google-analytics.com connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.hotjar.com *.yandex.ru *.yandex.com *.cookiebot.com *.jasmin.rs mc.yango.com jasmin.sales-snap.com *.licdn.com *.tiktok.com assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.disqus.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.jasmin.rs jasmin.sales-snap.com *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.b-cdn.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com google.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net *.facebook.com dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.cardinalcommerce.com vimeo.com ekr.zdassets.com get.geojs.io *.avada.io *.hotjar.com *.hotjar.io wss://ws.hotjar.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.yandex.ru *.yandex.com yandex.com *.yandex.md *.doubleclick.net *.jasmin.rs *.googlesyndication.com *.yango.com jasmin.sales-snap.com *.linkedin.com *.cookiebot.com *.tiktok.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io *.paypal.com *.braintreegateway.com *.braintree-api.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://get.geojs.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src none blob: data: gap:; script-src 'self' 'nonce-PbmP3WScVPvyg25THmp1wIobpi_yA5PhbvuBRyObGfwFXrkrSFQLsQ' 'strict-dynamic' https://www.utrecht.nl https://www.utrecht.nl.internal https://accept.utrecht.typocloud.nl data: https://virtuele-gemeente-assistent.nl https://siteimproveanalytics.com https://cdn-eu.readspeaker.com formulieren.digitaal.utrecht.nl stats.utrecht.nl 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://translate.google.com https://stats.utrecht.nl https://www.toegankelijkheidsverklaring.nl https://nieuwsbrieven.utrecht.nl https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://web.archive.org *.6006206.global.siteimproveanalytics.io https://6006206.global.siteimproveanalytics.io/image.aspx https://www.utrecht.nl https://www.utrecht.nl.internal https://accept.utrecht.typocloud.nl https://*.siteimproveanalytics.io https://virtuele-gemeente-assistent.nl https://*.siteimproveanalytics.com; base-uri none; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://kaarten.utrecht.onatlas.nl https://subsidie-checker.nl https://sdk.companywebcast.com https://infogram.com https://nieuwsbrieven.utrecht.nl *.google.com *.gu-geo.maps.arcgis.com https://infogram-download-eu.s3.eu-west-1.amazonaws.com https://app-eu.readspeaker.com https://sketchfab.com https://utrecht-kaarten-review-acc-skda4g.delta10-review.nl https://e.infogram.com https://vttts-eu.readspeaker.com https://www.utrecht.nl https://www.utrecht.nl.internal https://accept.utrecht.typocloud.nl https://www.youtube-nocookie.com; style-src-elem 'self' 'nonce-PbmP3WScVPvyg25THmp1wIobpi_yA5PhbvuBRyObGfwFXrkrSFQLsQ' https://formulieren.digitaal.utrecht.nl https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://www.gstatic.com https://formulieren.digitaal.utrecht.nl/static/sdk/open-forms-sdk.css https://fonts.gstatic.com https://fonts.googleapis.com *.formulieren.digitaal.utrecht.nl *.mijn.virtuele-gemeente-assistent.nl *.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl/static/css/widget-v25.3.1-base.css https://virtuele-gemeente-assistent.nl/static/css/widget-v25.3.1-custom.css https://mijn.virtuele-gemeente-assistent.nl/utrecht/_styling https://cdn.honey.io/css/empty.css *.www.gstatic.com https://v.kcmg.nl/surveyembedding/assets/css/standard_controls_inline.css https://v.kcmg.nl/surveyembedding/assets/css/ng-survey.component.css https://v.kcmg.nl/surveyembedding/assets/css/bootstrapslider.css https://v.kcmg.nl/surveyembedding/assets/css/surveyjs-readded-csp-styles.css https://v.kcmg.nl https://v.kcmg.nl/surveyembedding/assets/css/surveyjs-defaultv2css@1.12.23/defaultV2.fontless.min.css *.v.kcmg.nl https://v.kcmg.nl/surveyembedding/assets/css/survey.component.css https://openstad-cdn.nl 'sha256-JQEHXnSrj4DJZ2DOwDDXtfkDs5+y7/1gFxshQP2KBoA=' https://*.utrecht.nl https://viewer.kcmg.nl 'report-sample'; connect-src 'self' https://public.pandosearch.com https://www.utrecht.nl wss://virtuele-gemeente-assistent.nl https://formulieren.digitaal.utrecht.nl *.google.com https://*.googleapis.com https://*.gstatic.com blob: data: https://translate.googleapis.com https://mijn.virtuele-gemeente-assistent.nl https://api.kcmg.nl https://viewerapi.kcmg.nl/StartSurvey https://viewerapi.kcmg.nl *.viewerapi.kcmg.nl https://api.utrecht.openstad.dev *.obi4wan.com *.readspeaker.com *.pandosearch.com https://stats.utrecht.nl https://chatapi.obi4wan.com/api https://cloudstatic.obi4wan.com/api https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl/socket.io/ wss://ws-eu.pusher.com/app https://cdn-eu.readspeaker.com; font-src 'self' https://formulieren.digitaal.utrecht.nl https://www.utrecht.nl https://fonts.gstatic.com https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-brands-400.ttf https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-regular-400.woff https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-solid-900.woff https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-regular-400.ttf https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-regular-400.svg https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-brands-400.eot https://v.kcmg.nl/surveyembedding/assets/webfonts/Radnika-Medium.otf https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-solid-900.svg https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-solid-900.woff2 https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-regular-400.woff2 https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-solid-900.eot https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-solid-900.ttf https://v.kcmg.nl/surveyembedding/assets/webfonts/fa-brands-400.woff2 https://v.kcmg.nl *.v.kcmg.nl https://openstad-cdn.nl https://cdn.faceworks.nl data: https://cdn-eu.readspeaker.com; script-src-elem 'self' 'nonce-PbmP3WScVPvyg25THmp1wIobpi_yA5PhbvuBRyObGfwFXrkrSFQLsQ' https://stats.utrecht.nl https://formulieren.digitaal.utrecht.nl https://virtuele-gemeente-assistent.nl https://siteimproveanalytics.com https://e.infogram.com https://infogram.com 'strict-dynamic' https: 'unsafe-eval' blob: https://www.utrecht.nl https://formulieren.digitaal.utrecht.nl/static/sdk/open-forms-sdk.js *.virtuele-gemeente-assistent.nl https://www.utrecht.nl/templates/js/wijkvoorkeuren-wijzigen.js https://www.utrecht.nl/templates/js/eventtracking.js *.www.utrecht.nl https://www.utrecht.nl/fileadmin/open-forms.js https://virtuele-gemeente-assistent.nl/static/js/widget.js *.formulieren.digitaal.utrecht.nl https://www.utrecht.nl.internal https://accept.utrecht.typocloud.nl data: https://cdn-eu.readspeaker.com formulieren.digitaal.utrecht.nl stats.utrecht.nl https://viewer.kcmg.nl 'report-sample'; worker-src 'self' 'nonce-PbmP3WScVPvyg25THmp1wIobpi_yA5PhbvuBRyObGfwFXrkrSFQLsQ' blob:; style-src none blob: data: gap: 'self' *.obi4wan.com *.readspeaker.com https://www.utrecht.nl https://www.utrecht.nl.internal https://accept.utrecht.typocloud.nl https://redactie-acceptatie.utrecht.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://cdn-eu.readspeaker.com formulieren.digitaal.utrecht.nl 'report-sample'; form-action 'self' https://action.spike.email https://app-eu.readspeaker.com; media-src none blob: data: gap: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com; object-src none; report-uri https://www.utrecht.nl/@http-reporting?csp=report&requestTime=1773713326875911&requestHash=60f114c9d1346f9d5e6e16a5f3e67c07884eb7fe 1
media-src 'self' blob: data: https://bayer04.stream41.radiohost.de https://bayer04.do-not-publish.com http://bayer04-live.cast.addradio.de https://*.cdninstagram.com; default-src 'self' https://*.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.b04itpg.de https://*.bayer04.de https://*.usercentrics.eu https://*.facebook.net https://*.wt-safetag.com https://*.flockler.com https://*.sportradar.com; script-src-elem 'self' 'unsafe-inline' https://*.bayer04.de https://www.bayer04.de https://cdn-werkself-prod.bayer04.de https://*.usercentrics.eu https://www.gstatic.com https://*.facebook.net https://*.wt-safetag.com https://*.cdn.flockler.com https://*.flockler.com https://avplayer-cdn.sportradar.com https://*.sportradar.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://*.b04itpg.de https://*.bayer04.de https://b04-ep-media-prod.azureedge.net https://*.flockler.com https://*.sportradar.com; font-src 'self' https://*.b04itpg.de https://*.bayer04.de data:; img-src 'self' data: https://*.b04itpg.de https://*.bayer04.de https://www.bayer04.de https://cdn-werkself-prod.bayer04.de https://*.usercentrics.eu https://*.facebook.com https://*.ytimg.com https://*.youtube.com https://*.facebook.net https://b04-ep-media-prod.azureedge.net https://*.flockler.com https://flockler.com https://*.flocklr.com https://*.cdninstagram.com https://*.twimg.com https://*.fbcdn.net https://*.raxcdn.com; connect-src 'self' data: https://*.sentry.io wss://*.b04itpg.de https://*.b04itpg.de https://*.bayer04.de https://*.usercentrics.eu https://*.wt-safetag.com https://*.facebook.com https://*.facebook.net https://b04-ep-media-prod.azureedge.net https://*.flockler.com https://spottvod.akamaized.net https://*.youborafds01.com https://ls.readertracking.com https://eu-api.friendlycaptcha.eu; frame-src 'self' https://my.matterport.com https://*.flockler.com https://www.google.com https://www.youtube-nocookie.com; frame-ancestors 'none'; manifest-src https://*.bayer04.de; report-uri https://o4508738008186880.ingest.de.sentry.io/api/4510279136837712/security/?sentry_key=453d974898eaf8cbcad7111d916a5b22; report-to csp-endpoint 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 1
default-src 'self' https:; font-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; worker-src 'self' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: www.googletagmanager.com; connect-src 'self' https: ws: wss:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf68dfe1092b9b71f30b0f8123a55b7f0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=project%3Ask%2Cenv%3Aproduction&service=sk 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com data: *.bic.com *.shopbic.com *.bazaarvoice.com *.googleusercontent.com *.slant.co *.aws.projects.clever-age.net *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.wlp-acs.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.bic.com *.shopbic.com *.adsrvr.org *.amazon-adsystem.com *.criteo.com *.doubleclick.net *.googletagmanager.com *.pinterest.com *.sitescout.com *.snapchat.com *.tradedoubler.com *.wlp-acs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.adsrvr.org *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.ipredictive.com *.linkedin.com *.outbrain.com *.privacy-center.org *.sitescout.com *.tiktok.com s3.amazonaws.com www.google.ca www.google.es www.google.fr www.google.it www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.abtasty.com *.adsrvr.org *.amazon-adsystem.com *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.googletagmanager.com *.licdn.com *.noibu.com *.outbrain.com *.pinimg.com *.pinterest.com *.pixel.ad *.privacy-center.org *.skeepers.io *.snapchat.com *.tiktok.com sc-static.net targetemsecure.blob.core.windows.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.certcapture.com display.ugc.bazaarvoice.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.bazaarvoice.com *.googletagmanager.com *.typekit.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bic.com *.shopbic.com *.bing.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.bic.com *.shopbic.com *.aws.projects.clever-age.net *.abtasty.com *.adsrvr.org *.amazon-adsystem.com *.bazaarvoice.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.gstatic.com *.linkedin.com *.noibu.com *.outbrain.com *.paa-reporting-advertising.amazon *.pinterest.com *.privacy-center.org *.samsung.com *.skeepers.io *.slgnt.eu *.snapchat.com *.tiktok.com *.typekit.net www.google.ca www.google.es www.google.fr www.google.it www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b5d2d853-cb54-412f-93ec-9e1c49a8e581.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-QC5qD6yxKce1RXk1PEbz5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-YTgPK23TjXRdXEfrrGgnPw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.trustindex.io dev-hellowork.com *.dev-hellowork.com; img-src 'self' data: https://www.google.tg https://www.googleadservices.com https://www.netreviews.eu c.clarity.ms lh3.googleusercontent.com phosphor.utils.elfsightcdn.com i.ytimg.com googleusercontent.com https://cdn.trustindex.io f.maformation.fr hellowork.com *.hellowork.com dev-hellowork.com *.dev-hellowork.com googletagmanager.com *.googletagmanager.com google.com *.google.com *.google.fr *.google.ie *.google.be *.google.co.uk *.google.co.id googlesyndication.com *.googlesyndication.com cl.avis-verifies.com *.dmcdn.net linkedin.com *.linkedin.com *.bing.com *.facebook.com *.facebook.net *.smartadserver.com *.bidswitch.net *.doubleclick.net *.casalemedia.com *.criteo.com *.criteo.net id5-sync.com *.id5-sync.com *.360yield.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.1rx.io *.demdex.net *.unrulymedia.com *.agkn.com *.taboola.com *.dmxleo.com joko-mobile-app-media.s3.eu-west-1.amazonaws.com; font-src 'self' https://cdn.trustindex.io https://fonts.gstatic.com; connect-src 'self' https://analytics-ipv6.tiktokw.us https://safesearchinc.com sslwidget.criteo.com *.clarity.ms hellowork.com *.hellowork.com dev-hellowork.com *.dev-hellowork.com hellowork-group.com *.hellowork-group.com infra-hellowork.com *.infra-hellowork.com regionsjob.com *.regionsjob.com https://*.google.com https://*.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com abtasty.com *.abtasty.com aticdn.net *.aticdn.net bing.com *.bing.com linkedin.com *.linkedin.com facebook.com *.facebook.com *.tiktok.com analytics-ipv6.tiktokw.us *.skeepers.io *.doubleclick.net trustindex.io *.trustindex.io *.elfsight.com; frame-src https://form.typeform.com cl.avis-verifies.com widget.trustpilot.com youtube-nocookie.com *.youtube-nocookie.com dailymotion.com *.dailymotion.com player.vimeo.com *.player.vimeo.com googletagmanager.com *.googletagmanager.com google.com *.google.com criteo.com *.criteo.com *.criteo.net *.doubleclick.net facebook.com *.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; report-to csp-endpoint; report-uri /csp-report 1
style-src-elem maps.gstatic.com maps.googleapis.com fonts.googleapis.com *.gstatic.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com *.gstatic.com data: https://fonts.bunny.net https://www.google.com https://www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com 'self' *.doubleclick.net *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.google.com *.examedi.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.facebook.com *.sharethis.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://firebasestorage.googleapis.com *.mitec.com.mx *.bird.eu *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.googleapis.com maps.google.com *.gstatic.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.avada.io *.mitec.com.mx www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.jscrambler.com *.examedi.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com maps.gstatic.com maps.googleapis.com *.gstatic.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.bunny.net *.googleapis.com *.addtoany.com *.mitec.com.mx *.google.com https://www.chopo.com.mx 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.googleapis.com maps.google.com *.gstatic.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.mitec.com.mx https://www.google.com https://www.gstatic.com *.jscrambler.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ABVEXH0Wk7FQNoW942dw' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: https://fonts.intercomcdn.com https://*.yotpo.com https://*.typekit.net https://*.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://*.facebook.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://www.google.com https://track.hubspot.com https://*.intercom.io https://static.intercomassets.com https://*.intercomcdn.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com https://www.google.co.uk https://heapanalytics.com https://*.yotpo.com https://content-faculty.blueprintprep.com https://redchamps.com www.xtento.com cdn.xtento.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://js.hubspot.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.usemessages.com https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.yotpo.com https://*.heapanalytics.com https://*.greenhouse.io https://*.amplitude.com https://*.sentry-cdn.com https://unpkg.com/@lottiefiles/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com https://*.typekit.net https://*.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com https://*.trustpilot.com https://*.litix.io wss://*.hotjar.com https://*.yotpo.com https://*.google.com https://*.hscollectedforms.net https://*.pfx.io https://edge.adobedc.net https://*.greenhouse.io https://smetrics.blueprintprep.com https://*.amplitude.com https://*.linkedin.com https://px.ads.linkedin.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' 1
script-src 'nonce-5mXGX+fhA/R5KVElBF4KpA==' 'self' cdn.orsted.com *.googletagmanager.com *.app.cookieinformation.com cdn.appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net;       style-src 'nonce-5mXGX+fhA/R5KVElBF4KpA==' 'self' cdn.orsted.com fonts.googleapis.com;       style-src-attr 'unsafe-inline' cdn.orsted.com;       img-src 'self' data: cdn.orsted.com *.azureedge.net *.youtube.com *.23video.com delivery.twentythree.com www.googletagmanager.com *.lfeeder.com *.linkedin.com *.doubleclick.net *.pardot.com;       media-src 'self' blob: cdn.orsted.com *.youtube.com *.23video.com delivery.twentythree.com;       font-src 'self' data: fonts.gstatic.com cdn.orsted.com;       frame-src *.app.cookieinformation.com *.youtube.com *.23video.com delivery.twentythree.com *.google.com *.google.nl *.googletagmanager.com *.doubleclick.net *.pardot.com;       connect-src *.app.cookieinformation.com *.euroland.com *.eum-appdynamics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.crazyegg.com *.linkedin.com orsted.piwik.pro *.pardot.com;       worker-src 'self'; 1
script-src 'strict-dynamic' 'nonce-VcTYg4PuhAZgC4fNrvlxVg==' 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.com *.betano.com betano.dk *.betano.dk betgenius.com *.betgenius.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com optimove.net *.optimove.net sportradar.com *.sportradar.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_Ns8VG5uoANVG43LpsZTh54G25Q6GwyHlOkY1tZujQI-1773710317-1.0.1.1-T3w4kXX2mHnZKg9coKFdv8g_46XWXe7nEyPumvymVyxXHzqjSrdg8CehD8pjudxQJOYFIBHol5Be2DSfuyRgh38.4OzZjxGg0A5Pk4F1dxigjcKk93yz4xItfpPBCSSyyqFLT2rQ0Qmxn7k2lvuvLPSskDQqdImRNtVXopMrszs51SK9SMucr1DeCu4o1eoYaic45XH6cBQNq0cBOs2E3A; report-to cf-fmdsojkqywhnsket 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://premier.trustcommerce.com;script-src 'nonce-1e9c4564cd2e4c6181ad866d334894bd' https://www.novantmychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.novantmychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.transbank.cl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://construmart-help.freshchat.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://www.clarity.ms https://c.clarity.ms https://construmart-help.freshchat.com https://www.construmart.cl https://bat.bing.com https://c.bing.com https://www.facebook.com https://www.google.com.ar *.pubmatic.com maps.gstatic.com maps.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://www.clarity.ms https://scripts.clarity.ms https://construmart-help.freshchat.com https://bat.bing.com https://connect.facebook.net https://scripts.icommkt.online https://web-sdk.smartlook.com *.pubmatic.com www.google.com www.gstatic.com maps.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://construmart-help.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://construmartpro.cl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.clarity.ms https://scripts.clarity.ms https://l.clarity.ms https://construmart-help.freshchat.com *.doubleclick.net *.facebook.com *.smartlook.cloud *.pubmatic.com maps.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.oct8ne.com *.salesforce-sites.com *.lightning.force.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; style-src *.doofinder.com *.salesforce-sites.com *.lightning.force.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.lightning.force.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://www.facebook.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com cdn.doofinder.com *.oct8ne.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com www.googletagmanager.com *.storyblok.com data: 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com https://www.google.com https://www.facebook.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.oct8ne.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com www.googletagmanager.com 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com/ https://ui.swogo.net/ https://www.googletagmanager.com https://connect.facebook.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com cdn.doofinder.com *.oct8ne.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https://analytics.tiktok.com/ https://tracking.swogo.net/ https://api.swogo.net/ https://api.trustedshops.com/ https://www.googletagmanager.com https://www.google.com https://www.facebook.com https://connect.facebook.net www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.doofinder.com wss://*.doofinder.com *.oct8ne.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co www.googletagmanager.com 'self' 'unsafe-inline'; 1
default-src 'self' https: *.channel.io *.channel.app *.cdninstagram.com; font-src 'self' https: data:; img-src 'self' https: data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.channel.io *.cdninstagram.com *.with.is; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://connect.facebook.net https://platform.twitter.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://www.google-analytics.com *.channel.io *.sentry-cdn.com https://static.ads-twitter.com https://js-agent.newrelic.com *.with.is; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https://api.stripe.com https://analytics.twitter.com https://www.facebook.com https://support.with.is *.channel.io *.channel.app *.sentry.io wss://*.channel.io wss://*.desk-ws.channel.io wss://*.front-ws.channel.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.co.jp https://*.google.com wss://ntjp.mieru-ca.com https://bam.nr-data.net *.with.is; frame-src 'self' https://js.stripe.com https://www.facebook.com https://www.youtube.com https://cdn.d2-apps.net https://10252404.fls.doubleclick.net https://www.google.com https://with-1923.firebaseapp.com; report-uri /csp-violation-report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.searchspring.net seoab.io *.cloudmaestro.com *.googleapis.com *.nr-data.net *.pcapredict.com carlsgolf.resultspage.com carlsgolf.resultsdemo.com *.bronto.com *.userway.org *.cloudflare.com container.pepperjam.com *.newrelic.com *.carlsgolfland.com sealserver.trustwave.com *.yotpo.com usrwy.com *.google.com www.googleoptimize.com www.gstatic.com *.rackcdn.com bat.bing.com *.sli-spark.com *.facebook.net *.doubleclick.net *.hotjar.com *.appspot.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.signifyd.com *.paypal.com www.paypalobjects.com js.authorize.net js.braintreegateway.com services.postcodeanywhere.co.uk *.resultspage.com secure.wufoo.com widget.modernretail.com www.trustedsite.com g.microsoft.com cdn.ywxi.net static.wufoo.com web-assets.stylitics.com assets.adobedtm.com apps.golfstixvalueguide.com apps.bazaarvoice.com c.tvpixel.com srd.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com mpsnare.iesnare.com www.smarterlessons.com *.bazaarvoice.com www.ascendpartner.com convertexperiences.com *.convertexperiments.com www.youtube.com/iframe_api www.youtube.com/s/player/9d15588c/www-widgetapi.vflset/www-widgetapi.js www.youtube.com rp.liadm.com rp4.liadm.com idx.liadm.com d-code.liadm.com i.liadm.com *.listrakbi.com *.listrak.com *.online-metrix.net h64.online-metrix.net recscont.listrakbi.com s.listrakbi.com s1.listrakbi.com s2.listrakbi.com sca1.listrakbi.com sca2.listrakbi.com st.listrakbi.com product.listrakbi.com oc.listrakbi.com cdn.listrakbi.com at1.listrakbi.com al1.listrakbi.com recs.listrakbi.com onescript-recscont.listrakbi.com m1.listrakbi.com idx.listrakbi.com bl.listrakbi.com barcode.listrakbi.com da1.listrakbi.com fp.listrakbi.com webhooks.listrakbi.com cntrecsprd.listrakbi.com 2ndswing.com https://www.clarity.ms/ https://cdn1.affirm.com/js/v2/affirm.js cdn.noibu.com *.noibu.com m.media-amazon.com www.carlsgolfland.com carlsgolfland.com pre-prod.carlsgolfland.com app.convert.com blob: www.carlsgolfland.com cdn.userway.org apis.google.com cdn.searchspring.net connect.facebook.net *.amazon-adsystem.com *.truevaultcdn.com wss://input.noibu.com www.facebook.com/tr/ www.facebook.com/sandbox/; report-uri /.webscale/csp-report 1
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net www.google.co.uk https://analytics.google.com https://vc.hotjar.io https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com metrics.hotjar.io wss://ws.hotjar.com surveystats.hotjar.io https://feeds.trac.jobs sentry.issuu.com stats.g.doubleclick.net translate.googleapis.com *.onetrust.com cdn-ukwest.onetrust.com adservice.google.com https://ask.hotjar.io www.googleadservices.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; frame-src 'self' https://www.google.com  https://www.youtube.com https://vars.hotjar.com www.googletagmanager.com e.issuu.com *.recaptcha.net td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://feeds.trac.jobs feeds.trac.jobs 'nonce-4G+ioAq0OctCDHH5dgCMeA=='; img-src 'self' data: *.gosh.nhs.uk *.google-analytics.com *.googletagmanager.com i.ytimg.com *.cqc.org.uk *.gstatic.com *.google.com stats.g.doubleclick.net feeds.trac.jobs https://static.trac.jobs static.trac.jobs healthjobsuk.com services.postcodeanywhere.co.uk dx4nr741tfc02.cloudfront.net www.healthjobsuk.com 'sha384-YephmBv2489Q13yLaARSHqhDtSlHeIs5DEiq8I1fyh4aQcG+nRoz5Y6eWndd5cVz' *.onetrust.com cdn-ukwest.onetrust.com script.hotjar.com survey-images.hotjar.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; media-src 'self' gosh.shorthandstories.com cdn.plyr.io data: media.gosh.nhs.uk ssl.gstatic.com *.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com  script.hotjar.com https://fonts.googleapis.com data:; object-src 'none'; style-src 'self' 'report-sample' 'unsafe-inline' services.postcodeanywhere.co.uk fonts.googleapis.com feeds.trac.jobs www.cqc.org.uk www.gstatic.com; base-uri 'self'; manifest-src 'self' *.gosh.nhs.uk; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' *.gosh.nhs.uk www.gosh.nhs.uk feeds.trac.jobs *.googletagmanager.com www.cqc.org.uk e.issuu.com 'nonce-4G+ioAq0OctCDHH5dgCMeA=='; default-src 'self' *.gosh.nhs.uk; report-uri https://o516378.ingest.sentry.io/api/5622733/security/?sentry_key=c5f8a650e74b48a889ccadeaa5014261&sentry_environment=production 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' oqvestir.com.br *.oqvestir.com.br wake-components.fbitsstatic.net oqvestir.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.g.doubleclick.net *.doubleclick.net oqvestir.fbitsstatic.net *.criteo.com *.clarity.ms capig.shop2gether.com.br q.clarity.ms static.criteo.net clarity.ms sslwidget.criteo.com dynamic.criteo.com googleads.g.doubleclick.net gum.criteo.com bat.bing.com google.com.br googleadservices.com tags.creativecdn.com apigate.shop2gether.com.br o.clarity.ms *.creativecdn.com *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com n8n.icommgroup.com.br wake.koin.com.br *.icommgroup.com.br *.pinterest.com paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.api.useinsider.com *.useinsider.com *.secureacs.com *.crmbonus.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.sizebay.technology *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com recommendationv2.api.useinsider.com wake-commerce-scripts.omni.chat trackings.nemu.com.br openfpcdn.io ipinfo.io api.ipify.org api.bigdatacloud.net firebase.googleapis.com *.googleapis.com d1vrnvkozosezy.cloudfront.net *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.internalsizebay.com *.pagoexpress.com.br *.infraicommgroup.com src.mastercard.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.oqvestir.com.br oqvestir.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://epic.integration.gateway.patientco.com https://epic.production.paymentfusion.com https://epic.sandbox.paymentfusion.com https://pay.instamed.com https://premier.trustcommerce.com https://stagepremier.trustcommerce.com;script-src 'nonce-1294b6f2dd114f4a8eedd2127fa6130f' https://mychart.et0965.epichosted.com 'self';img-src https://* 'self' blob: data: http://altondoctors.com http://doctors.bjc.org;connect-src 'self' epichttp:;style-src https://mychart.et0965.epichosted.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self' http://127.0.0.1 https://localhost.lambdatest.com https://mychart-np.et0965.epichosted.com https://scheduling-dev.bjc.org https://scheduling-test.bjc.org https://scheduling.bjc.org https://www.mypatientchart.org;media-src https://* 'self' blob:; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.es https://www.myheritage.es  'unsafe-eval' 'nonce-2534ece75e1dd50036708a668fc22100' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' shop2gether.com.br *.shop2gether.com.br wake-components.fbitsstatic.net shop2gether.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gstatic.com *.fbits.store *.adyen.com *.criteo.com *.criteo.net *.g.doubleclick.net *.google.com.br *.googleadservices.com static.zdassets.com clarity.ms assets.zendesk.com *.creativecdn.com *.zdassets.com shop2gether.zendesk.com widget-mediator.zopim.com *.clarity.ms td.doubleclick.net icomm-public.s3.amazonaws.com *.pagar.me *.mundipagg.com *.getnet.com.br vm.icommgroup.com.br:3005 *.icommgroup.com.br:3005 *.icommgroup.com.br s3.sa-east-1.amazonaws.com *.sa-east-1.amazonaws.com *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.adyen.com *.pagbank.com *.infraicommgroup.com:3005 *.infraicommgroup.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br n8n.icommgroup.com.br *.azurewebsites.net *.hotjar.com *.fbits.net koin-custom-conector-gateway.fbits.net *.koin.com.br static.hotjar.com static.fbits.net payments.koin.com.br *.pinterest.com paypal-wake.s3.us-east-1.amazonaws.com *.useinsider.com *.api.useinsider.com nocodb.infraicommgroup.com:8080 nocodb.infraicommgroup.com *.cardinalcommerce.com *.secureacs.com *.crmbonus.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.varify.io *.3dsecure.io *.sizebay.technology *.wepowerconnections.com *.sciencebehindecommerce.com *.zenaps.com *.awin1.com *.dwin1.com recommendationv2.api.useinsider.com wake-commerce-scripts.omni.chat viacep.com.br nominatim.openstreetmap.org trackings.nemu.com.br openfpcdn.io api.ipify.org api.bigdatacloud.net firebase.googleapis.com cdn.jsdelivr.net appleid.cdn-apple.com *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.internalsizebay.com src.mastercard.com api.fpjs.io *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.shop2gether.com.br shop2gether.com.br; report-uri https://pub-csp.fbits.net/07cfd532-6bef-4f3b-855c-83d548c8a2c5; report-to https://pub-csp.fbits.net/07cfd532-6bef-4f3b-855c-83d548c8a2c5; worker-src 'self' blob:; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.fr https://www.myheritage.fr  'unsafe-eval' 'nonce-36c6006ce647ffec9daceb22da834ba1' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.fr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.vaude.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.criteo.com *.klarna.com js.mollie.com td.doubleclick.net app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu *.outtra.com *.googletagmanager.com *.fls.doubleclick.net *.amazon-adsystem.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com https://img.youtube.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.vaude.com vaude.localhost https://vaude.localhost/ www.google.de app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu uct.service.usercentrics.eu *.equalweb.com *.weglot.com ad.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://dynamic.criteo.com https://sslwidget.criteo.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com *.abtasty.com ion.vaude.com id.vaude.com analytics.vaude.com js-agent.newrelic.com vaude.matomo.cloud app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu *.equalweb.com cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://vaude.homepagerecruiter.de https://cdn.tailwindcss.com https://production.neocomapp.com *.weglot.com *.outtra.com *.amazon-adsystem.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.googleapis.com *.gstatic.com *.equalweb.com *.weglot.com *.outtra.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://measurement-api.criteo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.abtasty.com analytics.vaude.com bam.nr-data.net pagead2.googlesyndication.com vaude.matomo.cloud app.usercentrics.eu web.cmp.usercentrics.eu v1.api.service.cmp.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu *.equalweb.com cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://prompts.api.production.neocomapp.com *.weglot.com https://cdn-api-weglot.com *.outtra.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com 'self' data: static.sensefuel.live data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sips-services.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.truefitcorp.com *.weltpixel.com https://form.typeform.com *.sagepay.com *.opayo.eu.elavon.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.afd.co.uk t.powerreviews.com assets-manager.abtasty.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://www.magezon.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afd.co.uk cdn.jsdelivr.net js-agent.newrelic.com party.spockee.io app.ekoo.co ui.powerreviews.com *.truefitcorp.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.proximis.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com  tag.search.sensefuel.live pdata.damart.fr try.abtasty.com                  'self' 'unsafe-eval' 'nonce-cXd4cWhqbGtjNXFwMjYydm5jMTVhOXFrOXZ0YTI0Z3c=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net ui.powerreviews.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com tag.search.sensefuel.live 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afd.co.uk *.getalma.eu *.almapay.com api.spockee.io backoffice-api.spockee.io ui.powerreviews.com display.powerreviews.com app.ekoo.co maps.googleapis.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.sagepay.com *.opayo.eu.elavon.com *.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com c.search.sensefuel.live 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://cancercarespecialists.org/mychart/;frame-src https://* 'self' epichttp: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://*.zipnosis.com/ https://d2y285dhddzdli.cloudfront.net https://integrations-core.fabrichealth.com https://integrations-core.stage.fabrichealth.com https://mychart-stg.personapay.com https://mychart.personapay.com https://pay.instamed.com https://premier.trustcommerce.com https://s3.amazonaws.com/assets.gyant.com/ https://securecheckout-test.onplanprocessing.com https://securecheckout.onplanprocessing.com https://stagepremier.trustcommerce.com wss://*.gyantts.com/;script-src 'nonce-e856ef61c48446d588602a2a7385a651' https://www.osfmychart.org 'self' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ https://siteimproveanalytics.com/ wss://*.gyantts.com/;img-src https://* 'self' blob: data: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;connect-src 'self' epichttp: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;style-src https://www.osfmychart.org 'self' 'unsafe-inline' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;manifest-src 'self' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;worker-src 'self' blob: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;child-src 'self' blob: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;font-src 'self' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;object-src 'self' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;form-action https://central.mychart.org/MyChart/ 'self' https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://*.zipnosis.com/ https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/;media-src https://* 'self' blob: https://*.appcues.com https://*.dermengine.com https://*.gyantts.com/ https://*.intranet.osfnet.org/ https://*.kyruus.com/ https://*.mixpanel.com https://*.neurotrack.com/ https://*.neurotrack.io/ https://*.osfhealthcare.org/ https://*.skin.app https://*.stripe.com https://d2y285dhddzdli.cloudfront.net https://s3.amazonaws.com/assets.gyant.com/ wss://*.gyantts.com/; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ambitojuridico.com www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net  *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline'  'unsafe-eval' https://www.ambitojuridico.com https://ambitojuridico.com use.fontawesome.com lablegis.azurewebsites.net legislab.legis.com.co www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' blob:  https://www.ambitojuridico.com cdn2.iconfinder.com is1-ssl.mzstatic.com lh3.googleusercontent.com cdn3.iconfinder.com lablegis.azurewebsites.net px.ads.linkedin.com www.facebook.com googleads.g.doubleclick.net www.linkedin.com track.hubspot.com forms.hsforms.com www.google.com.co data: www.google.com www.google-analytics.com pautas.legis.com.co www.ambitojuridico.com www.googletagmanager.com prepautas.legis.com.co legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net ambitojuridico.com; media-src 'self'; frame-src 'self' https://www.ambitojuridico.com static.addtoany.com widget.spreaker.com www.googletagmanager.com platform.twitter.com *.youtube.com es.surveymonkey.com https://www.facebook.com/ td.doubleclick.net legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://formulariocontactenos.legis.com.co; frame-ancestors 'self' https://silvia.legis.co https://prd-silvia-front.azurewebsites.net https://prd-silvia-services.azurewebsites.net https://presilvia.legis.com.co:444 https://presilvia.legis.com.co https://prebacksilviacp.legis.com.co https://pregestionhumana.legis.com.co https://www.gestionhumana.com presilvia.legis.com.co:444 https://presilviacp.legis.com.co; child-src 'self'; font-src 'self' https://www.ambitojuridico.com use.fontawesome.com lablegis.azurewebsites.net stackpath.bootstrapcdn.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.gstatic.com https://presilvia.legis.com.co:444 https://presilvia.legis.com.co https://prebacksilviacp.legis.com.co ; connect-src 'self' https://www.ambitojuridico.com lablegis.azurewebsites.net pautas.legis.com.co bam.nr-data.net www.google.com analytics.google.com www.google-analytics.com px.ads.linkedin.com forms.hscollectedforms.net www.google.com forms.hubspot.com prepautas.legis.com.co legislab.legis.com.co www.google.com stats.g.doubleclick.net www.facebook.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net vc.hotjar.io wss:; upgrade-insecure-requests 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.cdn-apple.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.playground.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.facebook.com *.bing.com *.coccinelle.com stileo.it *.cookiebot.com *.google.it *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.klarnaevt.com *.worldline-solutions.com *.secured-by-ingenico.com https://firebasestorage.googleapis.com *.webtrekk.net *.wt-eu02.net https://fbc.wcfbc.net https://*.flx1.com/ https://dmp.adform.net/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de kit.fontawesome.com *.cookiebot.com *.jsdelivr.net *.facebook.net *.clarity.ms *.bing.com glamipixel.com *.coccinelle.com *.rakuten.com *.rmtag.com *.criteo.com *.adobedtm.com *.cardinalcommerce.com *.doubleclick.net *.google.com *.r-data.net *.accelasearch.io *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com x.klarnacdn.net *.cdn-apple.com *.avada.io https://responder.wt-safetag.com https://*.flx1.com/ https://www.googletagmanager.com https://*.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.gstatic.com *.fontawesome.com *.googleapis.com *.google.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cookiebot.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.coccinelle.com *.criteo.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net x.klarnacdn.net *.klarna.com *.worldline-solutions.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://*.flx1.com/ https://*.gstatic.com https://jamie.g.shortest-route.com https://*.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-JY5NPXwlinfFp6l7O0JSqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'nonce-bDUNLaJ7DYtWSbMToYuz/Q==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=a9b0004e-078f-4628-9d70-3bc72387dc1d; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
script-src 'nonce-phLB7fBGK1TQ29HPhmF7G4ExgEM2KfFk' 'strict-dynamic' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.nl https://www.myheritage.nl  'unsafe-eval' 'nonce-d6b22a97f3568bbc6626a8f63c87c9ae' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.nl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-15X7-KWPFWo-Cp-GdrGk6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src https: wss: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri /__vsctcspreport__ 1
object-src 'none';base-uri 'self';script-src 'nonce-XbhGU5dsdvb4M_ExzeC56g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' puravida.com.br *.puravida.com.br wake-components.fbitsstatic.net puravida.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com static.traycheckout.com.br *.traycheckout.com.br *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.2listen.com.br *.googleadservices.com *.trackcmp.net *.soclminer.com.br static.hotjar.com *.hotjar.com cdn.convertbox.com googleadservices.com wss://ws11.hotjar.com wss://ws9.hotjar.com wss://ws3.hotjar.com wss://ws18.hotjar.com wss://ws21.hotjar.com wss://ws1.hotjar.com wss://ws13.hotjar.com wss://ws20.hotjar.com wss://ws23.hotjar.com *.hotjar.io vars.hotjar.com wss://ws4.hotjar.com wss://ws16.hotjar.com wss://ws8.hotjar.com wss://ws15.hotjar.com wss://ws5.hotjar.com wss://ws12.hotjar.com wss://ws14.hotjar.com wss://ws22.hotjar.com wss://ws10.hotjar.com wss://ws19.hotjar.com wss://ws6.hotjar.com wss://ws25.hotjar.com wss://ws17.hotjar.com wss://ws7.hotjar.com wss://ws2.hotjar.com wss://ws24.hotjar.com dzpxyxks1bfmb.cloudfront.net *.getblue.io *.criteo.com *.criteo.net *.g.doubleclick.net *.cloudfront.net *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com artfut.com *.artfut.com *.pinimg.com *.bing.com *.metaffiliation.com *.2eb4a95jq.de ws.puravida.com.br *.doubleclick.net *.rdstation.com.br googleoptimize.com smct.co browser.sentry-cdn.com *.sentry.io *.bambuser.com *.btg360.com.br *.smct.co *.smct.io *.amazonaws.com *.reclameaqui.com.br *.pinterest.com *.socialminer.com *.gstatic.com *.dsspn.com *.afftrack.pro *.clarity.ms *.cloudflare.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com samuraiexpertsstorage.blob.core.windows.net recorrencia-samurai.azurewebsites.net analytics.tiktok.com *.googleoptimize.com *.oli.live mautic.puravida.com.br signalrcore.fbits.net wss://signalrcore.fbits.net survey.solucx.com.br *.cloudfront.net service.smarthint.co *.useinsider.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.licdn.com *.appspot.com *.purplemetrics.com.br *.fbitsstatic.net *.linkedin.com *.google.com.br *.googleapis.com *.unpkg.com *.fbits.store *.puravida.com.br *.adyen.com *.jsdelivr.net cdn.jsdelivr.net *.pagar.me *.mundipagg.com pvecommercefiles.blob.core.windows.net *.blob.core.windows.net *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.datadoghq-browser-agent.com *.datadoghq.com *.browser-intake-us3-datadoghq.com browser-intake-us3-datadoghq.com *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.specialone.io unpkg.com wake.koin.com.br temp-puravidalabs-backend-pvclub-black-friday-production.azurewebsites.net paypal-wake.s3.us-east-1.amazonaws.com puravidalabs-backend-ecommerce-optin-service-p.azurewebsites.net *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.crmback.io *.crmback.dev *.crmback.com x.cbstatus.net *.3dsecure.io *.cookielaw.org *.googlesyndication.com puravidalabs-backend-ecommerce-orders-api-production.azurewebsites.net puravida-br.mais.social trackings.nemu.com.br *.openfpcdn.io *.ipinfo.io api.ipify.org api.bigdatacloud.net *.visualwebsiteoptimizer.com app.vwo.com puravidalabs-backend-ecommerce-customers-api-production.azurewebsites.net *.visa.com openfpcdn.io *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.puravida.com.br puravida.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'none'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' bam.nr-data.net links.services.disqus.com cdn.cookielaw.org api.segment.io *.mapbox.com *.mux.com analytics.google.com www.google-analytics.com geolocation.onetrust.com wss: bat.bing.com *.clarity.ms wahoofitness-us.attn.tv wahoofitness.attn.tv events.attentivemobile.com stats.g.doubleclick.net region1.analytics.google.com www.google.com privacyportal.onetrust.com api.rudderstack.com vc.hotjar.io region1.google-analytics.com www.google.cz www.google.au cdn.segment.com fonts.googleapis.com cdn.wahooligan.com www.google.no *.wahooligan.com; font-src 'self' cdn.wahooligan.com fonts.gstatic.com moz-extension data:; form-action 'self' www.wahooligan.com *.wahoofitness.com wahoofitness.zendesk.com api.wahooligan.com www.facebook.com bat.bing.com n.clarity.ms analytics.google.com wahoofitness.centercode.com api.wahooligan.com/oauth/authorize api.staging.wahooligan.com/oauth/authorize *.wahooligan.com; frame-ancestors 'self' *.zendesk.com *.wahooligan.com *.wahoofitness.com; frame-src 'self' disqus.com metabase.wahooligan.com www.youtube-nocookie.com js.stripe.com www.googletagmanager.com td.doubleclick.net www.facebook.com; img-src * data: blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wahooligan.com www.google-analytics.com api.tiles.mapbox.com code.jquery.com cdn.segment.com cdnjs.cloudflare.com js.stripe.com js-agent.newrelic.com bam.nr-data.net bam.nr-data.com *.zendesk.com static.zdassets.com cdn.cookielaw.org c.disquscdn.com optanon.blob.core.windows.net www.gstatic.com www.googletagmanager.com cdn.rudderlabs.com data: *.wahooligan.com; script-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com code.jquery.online code.jquery.com cdn.cookielaw.org cdn.segment.com bam.nr-data.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com optanon.blob.core.windows.net assets.zendesk.com static.zdassets.com www.google-analytics.com api.tiles.mapbox.com cdnjs.cloudflare.com geolocation.onetrust.com www.gstatic.com js.stripe.com cdn.rudderlabs.com cdn.attn.tv *.zendesk.com www.clarity.ms script.hotjar.com static.hotjar.com resources.xg4ken.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net n.clarity.ms analytics.google.com *.wahooligan.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com cdn.cookielaw.org fonts.googleapis.com api.tiles.mapbox.com cdn.wahooligan.com c.disquscdn.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com cdn.cookielaw.org assets.zendesk.com api.tiles.mapbox.com fonts.googleapis.com www.gstatic.com connect.facebook.net cdnjs.cloudflare.com; report-uri https://www.wahooligan.com/csp_reports 1
default-src 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://i.ytimg.com; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://www.youtube.com; media-src 'self' https://www.youtube.com 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://cdn.consentmanager.net https://delivery.consentmanager.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com https://plumrocket.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com https://applepay.cdn-apple.com landofcoder.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com *.bw-online-shop.com lantern.roeye.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.clickcease.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ https://*.src.mastercard.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.klarnacdn.net https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.youpilot.org *.fact-finder.de https://cdn.consentmanager.net https://delivery.consentmanager.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ https://*.src.mastercard.com landofcoder.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://*.gopersonal.ai *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.gopersonal.ai https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com https://*.gopersonal.ai *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://assets.emarsys.net https://cdn.scarabresearch.com https://*.gopersonal.ai https://*.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://production-tailoy-repo-magento-statics.s3.us-east-2.amazonaws.com https://*.gopersonal.ai *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com https://recommender.scarabresearch.com https://*.gopersonal.ai https://*.goshops.ai https://*.googleapis.com https://*.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; style-src 'self'; img-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; font-src 'self' d1re4mvb3lawey.cloudfront.net *.bibliu.co *.bibliu.com; frame-src 'self' *.bibliu.co *.bibliu.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://api-maps.yandex.ru/2.1/ https://bitrix.info/ba.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://mc.yandex.ru/metrika/watch.js https://yastatic.net/s3/front-maps-static/maps-front-jsapi-v2-1/2.1.79-16700290/out/release/full-eab6f8e3ccfa741c06508cb710c0ae92a2a0c8ac.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bitrix.info https://mc.yandex.ru; font-src 'self'; frame-src 'self' https://mc.yandex.ru; img-src 'self' data: https://api-maps.yandex.ru; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://cdn.clerk.io *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://api.clerk.io https://cdn.clerk.io *.klarna.com *.klarnacdn.net *.klarnaservices.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data: https://use.typekit.net https://p.typekit.net; img-src 'self' https: data: http://www.googleadservices.com; object-src 'none'; base-uri 'self'; style-src 'self' https: 'unsafe-inline' https://use.typekit.net https://cdn.consentmanager.net; script-src 'self' https: unsafe-inline unsafe-eval strict-dynamic https://use.typekit.net http://connect.facebook.net http://b-code.liadm.com https://js.intercomcdn.com https://static.intercomcdn.com https://widget.intercom.io https://app.intercom.io 'nonce-BfEQ+6IBGiaSv6qhMWweTQ=='; connect-src 'self' https: wss://nexus-websocket-a.intercom.io 1
default-src 'self';    object-src 'none';    base-uri 'self';    frame-ancestors 'none';    form-action 'self';    script-src 'self'      https://cdn.cookielaw.org      https://www.googletagmanager.com      https://www.google-analytics.com      https://assets.convertflow.com      https://cdn.jsdelivr.net      https://snap.licdn.com      https://pi.pardot.com      https://stats.g.doubleclick.net      https://region1.google-analytics.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    font-src 'self' https://fonts.gstatic.com;    img-src 'self' data:      https://www.google-analytics.com     .https://stats.g.doubleclick.net      https://cdn.cookielaw.org      https://cdn.convertflow.com      https://px.ads.linkedin.com      https://pi.pardot.com;    connect-src 'self'      https://www.google-analytics.com      https://analytics.google.com      https://region1.google-analytics.com      https://stats.g.doubleclick.net      https://api.convertflow.com      https://app.convertflow.co      https://cdn.cookielaw.org      https://geolocation.onetrust.com      https://snap.licdn.com      https://px.ads.linkedin.com      https://pi.pardot.com;    frame-src 'self'      https://www.googletagmanager.com      https://app.convertflow.co      https://pi.pardot.com;    upgrade-insecure-requests;    report-to csp-endpoint;    report-uri reporting URL/report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com 'self' data: static.sensefuel.live data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sips-services.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.truefitcorp.com *.weltpixel.com https://form.typeform.com *.sagepay.com *.opayo.eu.elavon.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.afd.co.uk t.powerreviews.com assets-manager.abtasty.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://www.magezon.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afd.co.uk cdn.jsdelivr.net js-agent.newrelic.com party.spockee.io app.ekoo.co ui.powerreviews.com *.truefitcorp.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.proximis.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com  tag.search.sensefuel.live pdata.damart.fr try.abtasty.com                  'self' 'unsafe-eval' 'nonce-Zmgyd3lrcTJlZmJzNXV0OGxqa3hmdmh2aGdhbnp3eTQ=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net ui.powerreviews.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.sagepay.com *.opayo.eu.elavon.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com tag.search.sensefuel.live 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afd.co.uk *.getalma.eu *.almapay.com api.spockee.io backoffice-api.spockee.io ui.powerreviews.com display.powerreviews.com app.ekoo.co maps.googleapis.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.sagepay.com *.opayo.eu.elavon.com *.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com c.search.sensefuel.live 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://*.kaltura.com https://mychart.personapay.com;script-src 'nonce-9dad44ae34e449dd9d2ec1470f208e06' https://mywvuchart.com 'self' https://dev-doctors.wvumedicine.org https://dev-doctors.wvumedicine.org:8084 https://doctors.wvumedicine.org https://localhost:44385 https://wvumedicine.org https://www.wvumedicine.org;img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mywvuchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com https://www.nominette.com https://demo.nominette.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com https://www.nominette.com https://demo.nominette.nl 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com www.google.com *.hotjar.com *.hotjar.io *.weltpixel.com https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com maps.gstatic.com maps.googleapis.com *.google.com *.google.be *.googleapis.com *.gstatic.com *.google-analytics.com *.magentocommerce.com *.trustprofile.io bat.bing.com *.facebook.com https://www.nominette.com https://demo.nominette.nl maps.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com maps.googleapis.com *.google.com www.gstatic.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.hotjar.io *.voyado.com https://www.nominette.com bat.bing.com *.clarity.ms *.realytics.io *.realytics.net connect.facebook.net https://demo.nominette.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.googleapis.com https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.google.be *.google-analytics.com *.googleapis.com *.nr-data.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.voyado.com *.exatom.io bat.bing.com *.clarity.ms *.realytics.io *.stape.cc 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self' 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com www.redwolfairsoft.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com airwallex.com *.airwallex.com google.com *.google.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.redwolfairsoft.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com www.redwolfairsoft.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ static-demo.airwallex.com pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com imgs.signifyd.com airwallex.com *.airwallex.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://www.google.com www.redwolfairsoft.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net/ checkout.airwallex.com imgs.signifyd.com checkout-demo.airwallex.com airwallex.com *.airwallex.com google.com *.google.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.redwolfairsoft.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ static-demo.airwallex.com static.airwallex.com cdn-scripts.signifyd.com bws-demo.airwallex.com bws.airwallex.com imgs.signifyd.com h64.online-metrix.net airwallex.com *.airwallex.com google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://www.google.com https://www.gstatic.com www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com www.redwolfairsoft.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.redwolfairsoft.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ bws-demo.airwallex.com bws.airwallex.com api-demo.airwallex.com api.airwallex.com imgs.signifyd.com airwallex.com *.airwallex.com google.com *.google.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.redwolfairsoft.com 'self' 'unsafe-inline'; child-src airwallex.com *.airwallex.com www.redwolfairsoft.com http: https: blob: 'self' 'unsafe-inline'; default-src airwallex.com *.airwallex.com www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' data: https://www.motonet.fi https://graphql.datocms.com https://*.doubleclick.net https://www.instagram.com https://*.broman.group https://*.litix.io https://vimeo.com https://*.klarna.com https://*.klarnaevt.com/v1/ https://*.adyen.com/checkoutanalytics/ https://*.adyen.com/checkoutshopper/ https://api.postmarkapp.com https://www.youtube.com https://api.videoly.co https://js.testfreaks.com https://api.testfreaks.com https://reviews.testfreaks.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://api.custobar.com/js/v1/custobar.js https://*.google-analytics.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://*.googlesyndication.com https://*.adform.net https://*.creativecdn.com https://connect.facebook.net https://browser-intake-datadoghq.eu https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.fi https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com/ https://src.freshmarketer.eu/mas; img-src 'self' data: https://www.datocms-assets.com https://i.ytimg.com https://image.mux.com https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.fi; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://js.playground.kustom.co https://osm.klarnaservices.com/ https://*.adyen.com/ https://*.vimeo.com https://app.ecoonline.com https://www.maston.fi https://websds.volvo.com https://policy.app.cookieinformation.com/ https://*.criteo.com https://*.adform.net https://*.creativecdn.com https://www.facebook.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.broman.group https://maps.googleapis.com https://js.playground.kustom.co https://js.klarna.com https://js.klarna.com/web-sdk/ https://api.videoly.co/1/quchbox/0/299/quch.js https://www.paypal.com/sdk/js https://dapi.videoly.co https://www.youtube.com https://*.vimeo.com https://policy.app.cookieinformation.com https://api.custobar.com/js/v1/custobar.js https://*.criteo.net https://*.criteo.com https://*.adform.net https://connect.facebook.net https://tags.creativecdn.com https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; object-src data:; worker-src 'self' blob:; 1
font-src *.lafoirfouille.fr use.typekit.net fonts.gstatic.com static.sensefuel.live data: 'self' 'unsafe-inline'; form-action *.lafoirfouille.fr sogecommerce.societegenerale.eu 'self' 'unsafe-inline'; frame-src *.lafoirfouille.fr www.google.com sogecommerce.societegenerale.eu 'self' 'unsafe-inline'; img-src *.lafoirfouille.fr www.googletagmanager.com cdn-cookieyes.com tag.beyable.com data: 'self' 'unsafe-inline'; script-src *.lafoirfouille.fr front.activation.beyable.com tag.search.sensefuel.live tag.search.sensefuel.com tag.beyable.com www.gstatic.com www.google.com www.googletagmanager.com cdn-cookieyes.com static.target2sell.com *.socloz.com beyableprodrt.blob.core.windows.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.lafoirfouille.fr fonts.googleapis.com use.typekit.net p.typekit.net tag.search.sensefuel.com *.search.sensefuel.live tag.beyable.com 'self' 'unsafe-inline'; manifest-src *.lafoirfouille.fr 'self' 'unsafe-inline'; connect-src *.lafoirfouille.fr *.snoophome.com cdn-cookieyes.com *.cookieyes.com *.target2sell.com *.search.sensefuel.live *.ingest.de.sentry.io *.google-analytics.com beyableprodrt.blob.core.windows.net www.googletagmanager.com www.google.com 'self' 'unsafe-inline'; media-src *.lafoirfouille.fr *.search.sensefuel.live 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.lafoirfouille.fr/ https://api.cqeq65dd63-ffdigital1-d1-public.model-t.cc.commerce.ondemand.com https://api.cqeq65dd63-ffdigital1-s1-public.model-t.cc.commerce.ondemand.com https://api.cqeq65dd63-ffdigital1-p1-public.model-t.cc.commerce.ondemand.com https://v.calameo.com 'self'; object-src data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com https://applepay.cdn-apple.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com applepay.cdn-apple.com https://*.123elec.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://*.123elec.com https://inrecruitingfr.intervieweb.it *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.twitter.com *.google.com api-qa.payplug.com secure-qa.payplug.com https://*.123elec.com https://inrecruitingfr.intervieweb.it *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://assets.fintecture.com https://secure-magenta.dalenys.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.googleapis.com *.gstatic.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://*.123elec.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com apis.google.com *.google.com *.doofinder.com *.avada.io *.shopify.com https://cdnjs.cloudflare.com applepay.cdn-apple.com https://cdn.payplug.com https://cdn-qa.payplug.com https://inrecruitingfr.intervieweb.it api.payplug.com https://msr.123elec.com https://*.123elec.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://secure-magenta.dalenys.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doofinder.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.123elec.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.doofinder.com wss://eu1-b-layer.doofinder.com https://get.geojs.io *.avada.io https://*.123elec.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-'; base-uri 'none'; frame-ancestors 'self' 1
default-src 'none'; report-uri /api/sec-csp/110000764/report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com nitropack.io *.nitrocdn.com *.cakebox.com fonts.googleapis.com cdn.jsdelivr.net *.klaviyo.com cdnjs.cloudflare.com *.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.addthis.com *.trustpilot.com *.twitter.com *.vimeo.com *.doubleclick.net nitropack.io *.weltpixel.com *.adobedtm.com widget.trustpilot.com vars.hotjar.com app.involve.me ssl.kaptcha.com *.onetrust.com js.ryft.com embedded.ryftpay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.cookiebot.com imgsct.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.contentsquare.net nitropack.io *.nitrocdn.com *.adobedtm.com s.ytimg.com services.postcodeanywhere.co.uk bat.bing.com *.facebook.com *.google.co.in lantern.roeye.com static-tracking.klaviyo.com *.cloudfront.net *.cakebox.com *.cookiepro.com *.googletagmanager.com *.wepowerconnections.com *.zenaps.com ad.doubleclick.net cm.g.doubleclick.net *.google.com *.google.com.vn *.google.co.uk *.onetrust.com *.adroll.com x.bidswitch.net ml314.com pixel.tapad.com dsum-sec.casalemedia.com dsync.rlcdn.com pixel.rubiconproject.com *.openx.net sync.outbrain.com idsync.rlcdn.com *.pubmatic.com sync.taboola.com ib.adnxs.com eb2.3lift.com match.adsrvr.org *.stickyadstv.com *.sitescout.com *.springserve.com *.ipredictive.com *.turn.com *.mdhv.io dsp.360yield.com www.eggfreecake.co.uk *.usercentrics.eu https://www.ryft.com embedded.ryftpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.cookiebot.com consent.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.addthis.com *.cloudflare.com *.fontawesome.com *.google-analytics.com googletagmanager.com graph.facebook.com *.moatads.com *.trustpilot.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net cdn.tailwindcss.com cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.adobedtm.com *.cardinalcommerce.com unpkg.com *.paypal.com *.livechatinc.com *.pcapredict.com storage.googleapis.com maps.google.com services.postcodeanywhere.co.uk bat.bing.com *.hotjar.com s.pinimg.com c3.adalyser.com connect.facebook.net rum-static.pingdom.net ct.pinterest.com lantern.roeyecdn.com *.soakandsleep.com cdn.bronto.com dynamic.criteo.com *.apptrian.com *.dwin1.com paperplaneslive.com *.cloudfront.net *.cookiepro.com *.googletagmanager.com stats.g.doubleclick.net *.amplitude.com *.sovendus.com *.zenaps.com www.google.com *.involve.me *.onetrust.com *.adroll.com www.subconvertize.com js-agent.newrelic.com *.googlesyndication.com *.config-security.com *.triplewhale.com *.cookiebot.eu *.ryftpay.com https://embedded.ryftpay.com/v2/ryft.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.gstatic.com *.twitter.com cdn.tailwindcss.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com cdn.jsdelivr.net *.trustpilot.com tagmanager.google.com static-tracking.klaviyo.com *.soakandsleep.com services.postcodeanywhere.co.uk www.google.com *.typekit.net *.cdn-apple.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.contentsquare.net *.nitrocdn.com nitropack.io https://www.google-analytics.com *.adobedtm.com *.adobe.com *.gstatic.com *.telemetry-dev.adobe.io services.postcodeanywhere.co.uk ct.pinterest.com rum-collector-2.pingdom.net api.livechatinc.com paperplaneslive.com *.cloudfront.net *.trustpilot.com api2.amplitude.com *.googletagmanager.com *.onetrust.com invitejs.trustpilot.com *.sovendus.com *.cookiepro.com *.bing.com www.google.com stats.g.doubleclick.net *.involve.me *.adroll.com bam.nr-data.net *.hotjar.* wss://ws.hotjar.com content.hotjar.io *.config-security.com *.ryftpay.com https://embedded.ryftpay.com/v2/ryft.min.js.map embedded.ryftpay.com smp-paymentservices.apple.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com ajax.googleapis.com js.pusher.com use.fontawesome.com sdk.amazonaws.com app-rsrc.getbee.io loader.getbee.io localhost:3000 localhost:8080 127.0.0.1:3000 127.0.0.1:8080; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' secure.gravatar.com cartstack.s3.amazonaws.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' api.cartstack.com ws-us3.pusher.com wss://ws-us3.pusher.com bee-auth.getbee.io bee-utils.getbee.io bee-stats.getbee.io bee-sentry.beefree.io bee-bumper.getbee.io localhost:3000 localhost:8080 ws://localhost:3000 ws://localhost:8080; frame-src 'self' app.getbee.io; default-src 'none'; object-src 'none'; media-src 'self'; worker-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /csp-report.php 1
object-src 'none';base-uri 'self';script-src 'nonce-m2PNnxYtipIm1rVIOFRczg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https:; style-src 'self' https:; report-uri https://csp-collector-qt0v.onrender.com/csp-report 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com converse.com.br https://magento.com *.converse.com.br *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * www.google.com https://gum.criteo.com/ api.sunset.systems targeting.voxus.tv https://springmedia.go2cloud.org/ https://googleads.g.doubleclick.net/ https://www.google.com.br/ https://tpc.googlesyndication.com/ https://static.criteo.net/ td.doubleclick.net https://fledge.us.criteo.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net * converse.com.br www.facebook.com https://mcstaging.converse.com.br www.google.com.br conectiva.io https://s.ad.smaato.net https://simage2.pubmatic.com https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://x.bidswitch.net/ https://cm.g.doubleclick.net https://ib.adnxs.com/ secure.adnxs.com https://pixel.rubiconproject.com/ https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com/ https://criteo-sync.teads.tv https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://tg.socdm.com/ https://visitor.omnitagjs.com https://gum.criteo.com https://r.casalemedia.com https://ads.stickyadstv.com https://ad.360yield.com https://matching.ivitrack.com https://i.liadm.com/ https://exchange.mediavine.com https://c.bing.com/ https://trends.revcontent.com https://criteo-partners.tremorhub.com/ https://secure.adnxs.com https://contextual.media.net https://dis.criteo.com https://tags.bluekai.com https://cm.adgrx.com https://sync.outbrain.com bat.bing.com https://device.clearsale.com.br https://c.clarity.ms https://rsp.servername.net http://rsp.servername.net https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://idsync.rlcdn.com/ https://*.rakuten.com https://*.linksynergy.com https://*.nxtck.com https://*.xg4ken.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br *.converse.com.br http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://adobe.com/ www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net https://amcglobal.sc.omtrdc.net/ commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://adyen.com pay.google.com *.payments-amazon.com http://www.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ converse.com.br js-agent.newrelic.com js.go2sdk.com tag.rmp.rakuten.com ads01.groovinads.com img.metaffiliation.com https://assets.adobedtm.com/ https://secure.authorize.net/ https://test.authorize.net/ https://js.braintreegateway.com/ https://unpkg.com/ https://commerce.adobe.net/ https://use.typekit.net/ https://t.paypal.com https://s.ytimg.com https://magento-ds.com www.facebook.com connect.facebook.net https://graph.facebook.com/ https://business.facebook.com/ https://google.com.br/ https://gstatic.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://www.paypalobjects.com https://www.googleoptimize.com https://static.zdassets.com/ https://device.clearsale.com.br https://dynamic.criteo.com www.rtb123.com conectiva.io analytics.tiktok.com cdn.targeting.voxus.com.br https://app.cartstack.com.br bat.bing.com https://static.hotjar.com https://service.maxymiser.net https://widget-mediator.zopim.com https://sslwidget.criteo.com https://bat.bing.com www.clarity.ms targeting.voxus.com.br https://script.hotjar.com/ https://tpc.googlesyndication.com https://*.rakuten.com https://*.linksynergy.com https://*.nxtck.com https://*.xg4ken.com https://*.googletagmanager.com *.converse.com.br *.collect.igodigital.com graph.facebook.com business.facebook.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://adobe.com fonts.googleapis.com *.cash.app converse.com.br https://fonts.googleapis.com https://magento.com *.fontawesome.com https://gstatic.com use.typekit.net p.typekit.net *.converse.com.br *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ *.converse.com.br http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io * fcmregistrations.googleapis.com firebaseinstallations.googleapis.com k.clarity.ms bam.nr-data.net converse.com.br https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.google-analytics.com https://commerce.adobedtm.com https://commerce.adobedc.net https://*.snplow.net https://api.magento.com https://*.adobe.io https://performance.typekit.net https://www.sandbox.paypal.com https://www.paypalobjects.com https://www.paypal.com https://pilot-payflowlink.paypal.com https://commerce.adobe.io https://commerce.adobe.net https://qa-api.magedevteam.com https://*.sentry.io https://*.adyen.com http://magento.com https://magento.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com www.facebook.com https://connect.facebook.net https://graph.facebook.com https://business.facebook.com https://t.elasticsuite.io https://analytics.google.com/ https://ekr.zdassets.com/ https://conscooper.zendesk.com wss://widget-mediator.zopim.com https://analytics.tiktok.com targeting.voxus.com.br api.performa.ai https://www.google.com.br https://bat.bing.com/ https://api.ipify.org logs-01.loggly.com https://api.voxus.tv https://conectiva.io https://coopershoes.zendesk.com/ https://*.clarity.ms/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://measurement-api.criteo.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br *.converse.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src converse.com.br bat.bing.com k.clarity.ms www.google.com commerce.adobedc.net analytics.tiktok.com *.converse.com.br *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.geisinger.edu https://*.geisinger.org https://*.mycarecompass.edu https://*.mycarecompass.org https://*.mygeisinger.org https://geisinger.org https://www.geisinger.org;frame-src https://* 'self' epichttp: https://*.geisinger.edu https://pay.instamed.com https://paymentsafe.experianhealth.com;script-src https://mychart.mycarecompass.org 'self' 'unsafe-eval' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.google.com https://*.googleapis.com https://*.gyantts.com https://*.jquery.com https://*.mycarecompass.org https://*.virtualearth.net https://ajax.microsoft.com https://mycarecompass.org https://twemoji.maxcdn.com https://unpkg.com https://www.gstatic.com;img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://*.amazonaws.com https://*.gyantts.com wss://web.production.gyantts.com wss://web2.dev.gyantts.com wss://web2.production.gyantts.com;style-src https://mychart.mycarecompass.org 'self' 'unsafe-inline' https://*.geisinger.edu https://*.geisinger.org https://*.gyantts.com https://*.mycarecompass.org https://mycarecompass.org https://s3.amazonaws.com;worker-src 'self' blob:;child-src 'self' blob:;font-src 'self' https://*.gyantts.com https://s3.amazonaws.com;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
script-src 'self' 'report-sample' https://static.mycasavi.com 'sha256-HqcrltV/add35ktFKnghPtUZD86xFk2tNSOVuSxlxZI=' 'sha256-nP0EI9B9ad8IoFUti2q7EQBabcE5MS5v0nkvRfUbYnM=' https://app.eu.pendo.io https://cdn.eu.pendo.io https://pendo-eu-static.storage.googleapis.com https://pendo-eu-static-5744612903485440.storage.googleapis.com https://browser.sentry-cdn.com https://widget.moin.ai https://cdn.crowdin.com https://crowdin.com https://cdn-a.cumul.io https://static.hotjar.com https://script.hotjar.com https://maps.googleapis.com https://cdn.segment.com https://agent.b4u-cloud.de 'nonce-GeYECSwl9jlwLJVbjzrcCQ==';worker-src 'self' blob: https://static.mycasavi.com;frame-ancestors 'self';report-uri /csp-report;base-uri 'self';object-src 'none';script-src-attr 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-tMSXfMSuJrBhsajrkjxLjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.it/api/csp-report; report-to csp-endpoint 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline' data:; style-src-elem * 'unsafe-inline' data:; frame-src * data: blob:; media-src * data: blob:; object-src *; frame-ancestors 'none'; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.hotjar.com *.mavenoid.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa *.onetrust.com www.worx.com worx.com *.signifyd.com *.onlineada.workers.dev maxaccess-api.onlineada.workers.dev *.maxaccess.io *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com s.amazon-adsystem.com *.hotjar.com www.facebook.com *.pinterest.com www.paypalobjects.com *.amc.demdex.net *.demdex.net *.cardinalcommerce.com *.authorize.net *.vimeo.com www.google.com *.ugc.bazaarvoice.com *.bazaarvoice.com *.api.bazaarvoice.com *.amazon-adsystem.com *.weltpixel.com mcstaging.worx.com tst.kaptcha.com *.adsrvr.org www.worx.com worx.com *.dap.akadns.net *.signifyd.com *.monetate.net ssl.kaptcha.com *.online-metrix.net *.captcha-delivery.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bing.com *.adsrvr.org x.bidswitch.net pixel.advanseads *.fg8dgt.com www.facebook.com *.tremorhub.com *.reson8.com *.mathtag.com *.bluekai.com sync.search.spotxchange.com thrtle.com sync.go.sonobi.com *.demdex.net www.livehelpnow.net *.rubiconproject.net *.g.doubleclick.net tapestry.tapad.com segments.company-target.com simage2.pubmatic.com dsum.casalemedia.com ads.altitude-arena.com i.liadm.com *.listrakbi.com *.adobedtm.com *.sc.omtrdc.net *.everesttech.net *.magentocommerce.com *.sandbox.paypal.com *.ytimg.com *.swagger.io *.cloudfront.net *.bazaarvoice.com *.ugc.bazaarvoice.co *.rlcdn.com *.bfmio.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa www.sandbox.paypal.com *.stats.paypal.com *.braintreegateway.com www.google.co.in *.cookielaw.org *.dap.akadns.net *.espssl.com *.s3.us-east-2.amazonaws.com *.pinterest.com *.hotjar.com www.emjcd.com *.dotomi.com *.worx.com worx.com *.five9.com *.nextdoor.com s3.amazonaws.com *.googleapis.com *.facebook.net *.eu.worx.com pippio.com *.adsymptotic.com *.openx.net *.agkn.com *.audrte.com *.krxd.net *.videohub.tv *.adxns.com *.media6degrees.com *.ads.linkedin.com *.scorecardresearch.com *.netseer.com *.us1.dyntrk.com *.insightexpressai.com *.mediawallahscript.com *.t.domdex.com *.services.xg4ken.com trkn.us *.mmsho.com *.narrative.io *.postrelease.com *.ispot.tv *.crsspxl.com *.bnmla.com *.acxiomapac.com *.y-medialink.com *.shopping.rakuten.com *.rtbiq.com *.ib-ibi.com *.signifyd.com *.monetate.net *.srv.stackadapt.com *.spotify.com *.rd.linksynergy.com um.simpli.fi cs.media.net *.addthis.com sync.ipredictive.com lrp.mxptint.net pixel.tapad.com epiv.cardlytics.com secure.adnxs.com www.entitytag.co.uk px.owneriq.net bttrack.com ssum.casalemedia.com usersync-b3.videoamp.com *.maxaccess.io *.online-metrix.net s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js-agent.newrelic.com bam.nr-data.net blueacornici.atlassian.net *.monetate.net www.livehelpnow.net js.klevu.com *.listrakbi.com *.facebook.net *.steelhousemedia.com *.adacado.com *.hotjar.com *.amazon-adsystem.com *.rlcdn.com *.adsrvr.org *.bidswitch.net *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.paypal.com *.ytimg.com *.bazaarvoice.com *.nexus.bazaarvoice.co *.ugc.bazaarvoice.com *.api.bazaarvoice.com *.iesnare.com *.atlassian.net polyfill.io *.fg8dgt.com *.ksearchnet.com *.sandbox.braintreegateway.com *.bing.com *.tiktok.com www.mczbf.com *.cookielaw.org *.maxaccess.io *.five9.com *.r.bidswitch.net *.dstillery.com *.media6degrees.com *.onlineada.workers.dev *.fullstory.com s.pinimg.com *.mavenoid.com *.cloudfront.net mcstaging.worx.com www.worx.com worx.com *.orderwave.com *.googleapis.com get.geojs.io *.g.doubleclick.net *.nextdoor.com code.jquery.com dap-dist.akamaized.net serviceconnection.pro *.blob.core.windows.net kalicube.pro *.jsdelivr.net *.dap.akadns.net sjwoe.com www.sjwoe.com *.narvar.com *.ads.linkedin.com www.googleoptimize.com *.signifyd.com *.datadome.co *.captcha-delivery.com *.schemaapp.com ct.pinterest.com cdnjs.cloudflare.com *.online-metrix.net kenwheeler.github.io maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com display.ugc.bazaarvoice.com *.googleapis.com *.listrakbi.com *.mavenoid.com *.five9.com *.espssl.com *.typekit.net serviceconnection.pro *.onetrust.com www.worx.com worx.com *.signifyd.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.worx.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.onetrust.com bam.nr-data.net *.listrakbi.com *.listrak.com *.hotjar.io *.g.doubleclick.net *.demdex.net *.sc.omtrdc.net *.cardinalcommerce.com *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.amazonservices.de *.bazaarvoice.com *.api.bazaarvoice.com *.klevu.com *.ksearchnet.com *.sandbox.braintreegateway.com *.tiktok.com *.cookielaw.org *.onlineada.workers.dev *.cloudfront.net *.execute-api.us-east-2.amazonaws.com *.five9.com *.fullstory.com www.mczbf.com *.pinterest.com *.ingest.sentry.io *.mavenoid.com *.googleapis.com surveystats.hotjar.io serviceconnection.pro kalicube.pro *.blob.core.windows.net www.facebook.com *.jsdelivr.net *.dap.akadns.net sjwoe.com www.sjwoe.com www.worx.com worx.com *.ads.linkedin.com www.googleoptimize.com www.livehelpnow.net *.signifyd.com *.monetate.net *.datadome.co *.cloudfunctions.net *.bing.com *.schemaapp.com *.google.co.in *.maxaccess.io s.amazon-adsystem.com ara.paa-reporting-advertising.amazon maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-FL6GViouSrJe3e78r5EDZss185Q=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.merkur-static.si cdn.jsdelivr.net cdn.cnj.si omara.cdn-cnj.si ka-p.fontawesome.com media.flixfacts.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://firebasestorage.googleapis.com cdn.jsdelivr.net *.nosto.com *.merkur-static.si *.fontawesome.com img.cdn-cnj.si www.merkur-static.si thumbs.nosto.com media.flixcar.com media.flixfacts.com logo.flix360.io rt.flix360.com maps.gstatic.com *.visualwebsiteoptimizer.com *.google.si *.facebook.com *.iprom.net *.hubspot.com inpref.com 536003278.recs.igodigital.com maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.cartfox.io https://app.cartfox.io *.avada.io *.shopify.com *.merkur-static.si cdn.jsdelivr.net unpkg.com *.pushpushgo.com *.fontawesome.com *.nosto.com *.smind.si kit.fontawesome.com inte.searchnode.io connect.nosto.com cpx.smind.si media.flixfacts.com media.flixcar.com maps.googleapis.com *.cloudfront.net *.iprom.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.facebook.net *.videoly.co 536003278.recs.igodigital.com 536003278.collect.igodigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.merkur-static.si cdn.jsdelivr.net media.flixcar.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://api.cartfox.io https://app.cartfox.io https://get.geojs.io *.avada.io *.merkur-static.si unpkg.com *.pushpushgo.com *.nosto.com *.fontawesome.com region1.google-analytics.com kit.fontawesome.com ka-p.fontawesome.com connect.nosto.com media.flixcar.com maps.googleapis.com *.visualwebsiteoptimizer.com inpref.com *.doubleclick.net *.iprom.net 536003278.recs.igodigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src media.flixcar.com rt.flix360.com 536003278.recs.igodigital.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d045c69f-01fa-46bf-a2b1-87c1c2bb7952.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://acsbapp.com https://bat.bing.com https://widget.us.criteo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://pagead2.googlesyndication.com https://*.flos.com https://*.salesforce.com https://service.force.com https://*.cquotient.com https://*.hotjar.com https://*.vimeo.com https://*.contentful.com https://*.clarity.ms https://a.omappapi.com https://api.omappapi.com https://*.optimonk.com https://*.contentsquare.net https://*.outbrain.com https://dev.visualwebsiteoptimizer.com https://consent.cookiebot.com https://*.cookiebot.com https://d.la1-c2-fra.salesforceliveagent.com https://d.la11-core1.sfdc-3d0u2f.salesforceliveagent.com https://maps.googleapis.com https://dev.flos.com https://pay.google.com https://www.paypal.com https://d.ratepay.com https://*.collect.igodigital.com https://dynamic.criteo.com https://sslwidget.criteo.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://snap.licdn.com https://acdn.adnxs.com https://analytics.webgains.io https://googleads.g.doubleclick.net; connect-src 'self' https://*.flos.com https://cdn.acsbapp.com https://bat.bing.com https://cdn-renderer.optimonk.com https://*.paypal.com https://*.salesforce.com https://service.force.com https://api.omappapi.com https://*.google.com/pagead/ https://*.adyen.com https://*.contentful.com https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms https://front.optimonk.com https://cdn-account.optimonk.com https://cdn-limit.optimonk.com https://jfapiprod.optimonk.com https://pagead2.googlesyndication.com https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://google.com/pay https://www.google.com/pay https://pay.google.com/about/redirect/ https://pay.google.com/gp/p/ https://pay.google.com/gp/p/payment_method_manifest.json https://www.sandbox.paypal.com/xoplatform/logger/api/logger https://checkoutanalytics-test.adyen.com https://www.google.com/ccm/collect https://*.googleadservices.com https://www.googleadservices.com https://amplify.outbrain.com https://tr.outbrain.com https://ib.adnxs.com https://px.ads.linkedin.com https://ct.pinterest.com https://measurement-api.criteo.com https://consentcdn.cookiebot.com; img-src 'self' data: blob: https://*.flos.com https://*.dam.flos.net https://bat.bing.com https://x.bidswitch.net https://cm.g.doubleclick.net https://simage4.pubmatic.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://contextual.media.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://aa.agkn.com https://editor-upload-cdn.optimonk.com https://cdn-content.optimonk.com https://dam.flos.net https://*.adyen.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googleadservices.com https://*.clarity.ms https://c.bing.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://maps.gstatic.com https://mapsresources-pa.googleapis.com https://www.paypalobjects.com https://www.gstatic.com https://tau.collect.igodigital.com https://px.ads.linkedin.com https://www.facebook.com https://connect.facebook.net https://ib.adnxs.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.it https://pagead2.googlesyndication.com https://www.googleadservices.com https://imgsct.cookiebot.com; frame-src 'self' https://*.adyen.com https://*.facebook.com https://*.paypal.com https://*.googletagmanager.com https://*.salesforce.com https://*.vimeo.com https://*.cookiebot.com https://*.criteo.com https://*.pinterest.com https://pay.google.com https://service.force.com https://dev.visualwebsiteoptimizer.com https://www.sandbox.paypal.com; style-src 'self' 'unsafe-inline' https://cdn-content.optimonk.com https://*.googleapis.co https://*.adyen.com https://*.salesforce.com https://a.omappapi.com https://service.force.com https://cdn-asset.optimonk.com https://*.googleapis.com https://*.adyen.com https://*.salesforce.com https://a.omappapi.com https://service.force.com https://cdn-asset.optimonk.com; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://cdn-content.optimonk.com https://cdn-custom.optimonk.com https://*.flos.com data:; worker-src 'self' blob: https://maps.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=VMzgOW1MSZZKE5JH0PnzEjQkzU3vLpCCQBsixq1hrJo-1773710436.9906678-1.0.1.1-jj7q31J37U_Yx8UvE2XMbQqN2071MnY4Vy3AtrHyH3kfx69qgyM7Kpwb6nUfkbDjDkrq.Mz_Fpbw3AMNiEaSgd2LZVUO9PpOtV_C5zaqGfC_Z5Tcoh4J3XKFyEBJ43aueU9mIDdRn3gkkM71gN5AjPjVNhdg025_8Z10pmkGzea9aQxcmVeDa3.tFl1C6ygG; report-to cf-cngicnvtxxncwzgl 1
connect-src 'self' *.google.com *.google.cz *.leady.com *.google-analytics.com *.facebook.net connect.facebook.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'nonce-N2JjODhmNmMxYzlkZTMyMw==' *.google.com *.google.cz *.leady.com *.google-analytics.com *.facebook.net connect.facebook.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net 'sha256-Ry5VVOTX8NJGEP4t9KtV/jWVgiv7ZcNmtZxCQScUTlk=' 'sha256-8iiJTU1Hf/vwORdni3nM30l8Ko0NMb8bqvTfGeIbIA4='; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com/ https://*.google.cz/ https://*.googleusercontent.com https://ct.leady.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.expats.cz/csp-report 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.easypack24.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.oct8ne.com https://*.channelize.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://cdn.clerk.io *.connectif.cloud *.feedaty.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.easypack24.net *.inpost.pl *.inpost.com *.openstreetmap.org *.klarna.com *.klarnaevt.com *.klarnacdn.net intpaye.netsgroup.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.clarity.ms https://*.bing.com https://*.awin1.com https://*.scalapay.com https://*.anticafarmaciaorlandi.it https://*.oct8ne.com https://*.google.it https://*.channelize.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.channelize.io https://api.clerk.io https://cdn.clerk.io https://*.connectif.cloud *.feedaty.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.inpost.pl *.inpost.it *.easypack24.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io https://*.clerk.io https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.facebook.net https://*.feedaty.com https://*.cloudflare.com https://*.clarity.com https://*.clarity.ms https://*.outbrain.com https://*.onesignal.com https://*.dwin1.com https://*.gestpay.net https://*.scalapay.com https://*.iubenda.com https://*.oct8ne.com https://*.getblue.io https://*.channelize.io https://*.bing.com https://*.cookieless-data.com https://*.sddan.com https://*.airtable.com https://*.awin1.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com www.gstatic.com beacon.riskified.com tracking.trovaprezzi.it www.trovaprezzi.it tps.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.doofinder.com downloads.mailchimp.com geowidget.easypack24.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.feedaty.com https://*.cloudflare.com https://*.scalapay.com https://*.channelize.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.channelize.io https://*.connectif.cloud *.feedaty.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.inpost.pl *.inpost.it *.easypack24.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.paypal.com https://*.accessiblyapp.com https://*.accessibly.app https://*.dnafactory.it https://*.dnalab.online https://*.google.com https://google.com https://*.google-analytics.com https://*.feedaty.com https://*.cloudflare.com https://*.outbrain.com https://*.clarity.ms https://*.amplitude.com https://*.bing.com https://*.scalapay.com https://*.iubenda.com https://*.oct8ne.com https://*.channelize.io https://*.wepowerconnections.com https://*.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' https://*.coromant.com https://*.coromant.cn https://d6tizftlrpuof.cloudfront.net https://oc-cdn-public-eur.azureedge.net https://*.marketo.com https://*.googletagmanager.com https://static.experimentation.dev https://*.google.com https://*.adyen.com https://videos.sandvik.coromant.com; style-src 'self' 'unsafe-inline' https://*.bing.com https://oc-cdn-public-eur.azureedge.net https://*.marketo.com https://*.googletagmanager.com https://*.googleapis.com https://static.experimentation.dev https://*.adyen.com; script-src 'self' blob: 'unsafe-eval' 'nonce-8DTrrblRgShCbZ-F2-Fmp7eQD0tpia6q' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.recaptcha.net https://cdn.cookielaw.org https://*.onetrust.com https://hm.baidu.com https://*.googletagmanager.com https://*.kameleoon.eu https://*.marketo.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.virtualearth.net https://oc-cdn-public-eur.azureedge.net https://*.coromant.com https://*.coromant.cn https://*.clarity.ms https://connect.facebook.net https://*.facebook.net https://snap.licdn.com https://*.linkedin.com https://*.marketo.com https://*.mopinion.com https://static.experimentation.dev https://*.adyen.com; connect-src 'self' https://*.coromant.com https://*.coromant.cn https://eu-mobile.events.data.microsoft.com https://*.kameleoon.eu https://cdn.cookielaw.org https://*.mktoresp.com https://*.googletagmanager.com https://*.google.com https://eu-data.kameleoon.io https://widget-api.lifeinside.io https://*.bing.com https://*.clarity.ms https://*.mopinion.com https://*.linkedin.com https://*.marketo.com https://*.virtualearth.net https://*.experimentation.dev https://*.adyen.com https://sigr-cor-products-use-prod.service.signalr.net wss://sigr-cor-products-use-prod.service.signalr.net https://sigr-tibp-cor-services-we-prod.service.signalr.net wss://sigr-tibp-cor-services-we-prod.service.signalr.net https://sigr-tibp-cor-commonsignalr-euw-prod.service.signalr.net wss://sigr-tibp-cor-commonsignalr-euw-prod.service.signalr.net; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'none' 1
default-src 'self' https://exlibris.ch https://*.exlibris.ch https://*.sentry.io; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://exlibris.ch https://*.exlibris.ch https://googletagmanager.com https://*.googletagmanager.com https://epoq-systems.de http://epoq-systems.de https://*.epoq-systems.de http://*.epoq-systems.de https://epoq.de http://epoq.de https://*.epoq.de http://*.epoq.de https://connect.facebook.net https://google.com https://*.google.com https://googleanalytics.com https://*.googleanalytics.com https://google-analytics.com https://*.google-analytics.com https://googlesyndication.com https://*.googlesyndication.com https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://googleadservices.com https://*.googleadservices.com bat.bing.com https://*.hotjar.com https://*.hotjar.io https://datatrans.com https://*.datatrans.com https://googleads.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://*.sentry.io analytics.tiktok.com analytics-ipv6.tiktokw.us http://ads.tiktok.com; worker-src 'self' blob:; connect-src 'self' https://exlibris.ch https://*.exlibris.ch exlibris.azureedge.net exlibris.blob.core.windows.net https://epoq.de https://*.epoq.de http://epoq-systems.de https://epoq-systems.de *.facebook.com https://migros.ch https://www.google.at https://*.google.ba https://*.migros.ch https://*.google.de https://*.google.ch https://*.google.com https://www.google.fr https://*.google.it https://*.google.li https://*.google.tn https://*.google.co.uk https://*.google.com.sa https://www.googleadservices.com https://google-analytics.com https://*.google-analytics.com https://google-analytics.ch https://*.google-analytics.ch https://google.com https://*.google.com https://analytics.google.com https://*.analytics.google.com https://analytics.google.ch https://*.analytics.google.ch https://googleapis.com https://*.googleapis.com https://googlesyndication.com https://*.googlesyndication.com https://*.googletagmanager.com bat.bing.com bat.bing.net https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://onetrust.io https://*.onetrust.io https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://hotjar.com https://*.sentry.io analytics.tiktok.com analytics-ipv6.tiktokw.us http://ads.tiktok.com https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://exlibris.ch https://*.exlibris.ch https://googleapis.com https://*.googleapis.com https://google.com https://*.google.com https://googletagmanager.com https://tagmanager.google.com fast.fonts.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de; img-src 'self' dhttps data: *.facebook.com https://exlibris.ch https://*.exlibris.ch exlibris.azureedge.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://*.google.at https://*.google.ch https://*.google.de https://*.google.dz https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.li https://*.google.lu https://*.google.nl https://*.google.sc https://*.google.si https://*.google.co.uk https://*.google.co.in https://*.google.com https://*.google.com.pa https://*.google.com.ph https://*.google.com.gh https://*.google.com.tr https://*.google.com.br https://*.google.com.cy https://www.googleadservices.com https://googletagmanager.com https://*.googletagmanager.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io bat.bing.com https://cookielaw.org https://*.cookielaw.org optanon.blob.core.windows.net exlibris.blob.core.windows.net https://migros.ch https://*.migros.ch analytics.tiktok.com analytics-ipv6.tiktokw.us http://ads.tiktok.com https://ytimg.com https://*.ytimg.com; media-src 'self' data https://exlibris.ch https://*.exlibris.ch exlibris.blob.core.windows.net https://*.phononet.de/ exlibris.azureedge.net; frame-src 'self' bytedance: sslocal: https://exlibris.ch https://*.exlibris.ch https://google.de https://*.google.de https://google.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://googlesyndication.com https://*.googlesyndication.com https://youtube.com https://*.youtube.com https://datatrans.com https://*.datatrans.com https://*.fls.doubleclick.net https://bic-media.com https://*.bic-media.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://doubleclick.net https://*.doubleclick.net https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://tradedoubler.com https://*.tradedoubler.com https://blickinsbuch.de https://*.blickinsbuch.de https://book2look.com https://*.book2look.com https://postfinance.ch https://*.postfinance.ch https://viseca.ch/ https://*.viseca.ch/ https://bonuscard.ch/ https://*.bonuscard.ch/ https://3ds.bonuscard.ch/ https://*.3ds.bonuscard.ch/ https://arcot.com/ https://*.arcot.com/ https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://3d.datatrans.com https://3d.sandbox.datatrans.com; font-src 'self' data: https://exlibris.ch https://*.exlibris.ch https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io; manifest-src 'self' https://exlibris.ch https://*.exlibris.ch; frame-ancestors 'self' https://exlibris.ch https://*.exlibris.ch; report-uri /loc/csp-report 1
font-src *.gstatic.com *.fontawesome.com * *.googleapis.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.paypal.com https://www.googletagmanager.com https://www.google.com https://www.vimeo.com https://f.vimeocdn.com https://adyen.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://amazon.com https://www.yotpo.com https://int-ecommerce.nexi.it *.kasanova.com * https://www.googletagmanager.com/ www.google.com www.gstatic.com apis.google.com accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com https://cdn.clerk.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.gstatic.com https://www.vimeo.com https://f.vimeocdn.com *.googleapis.com *.ggpht https://ecommerce.nexi.it *.cloudfront.net *.kasanova.com * https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com https://f.vimeocdn.com *.gstatic.com https://googleads.g.doubleclick.net *.clerk.io https://int-ecommerce.nexi.it *.kasanova.com https://assets.livestory.io https://js-agent.newrelic.com *.consentcdn.cookiebot.com/ * http://www.googletagmanager.com/ https://www.googletagmanager.com/ accounts.google.com cdn.jsdelivr.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.googleapis.com * *.fontawesome.com *.google.com *.gstatic.com accounts.google.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://assets.livestory.io https://api.livestory.io https://www.google-analytics.com https://int-ecommerce.nexi.it *.kasanova.com *.googleapis.com * http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com accounts.google.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.payu.in https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' *.payu.in www.facebook.com *.apitest.payu.in *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.payu.in 'self'; frame-src fast.amc.demdex.net https://*.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.demdex.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.facebook.com *.criteo.com/ *.sandbox.paypal.com *.paypalobjects.com *.criteo.net *.apitest.payu.in https://fast.amc.demdex.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://bid.g.doubleclick.net https://*.youtube-nocookie.com https://www.paypal.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://www.paypalobjects.com https://player.vimeo.com https://www.google.com https://*.braintreegateway.com https://*.paypal.com https://www.googletagmanager.com https://*.criteo.com https://*.criteo.net https://*.apitest.payu.in https://*.payu.in https://api.razorpay.com https://*.pickrr.com https://*.shiprocket.in https://cdn.lightwidget.com cdn.lightwidget.com 'self' *.payu.in api.razorpay.com *.pickrr.com *.shiprocket.in 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.muftijeans.in *.google.co.in *.google.com *.bing.com *.pinterest.com *.criteo.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.socdm.com *.casalemedia.com *.adingo.jp *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.clmbtech.com *.3lift.com *.1rx.io *.media.net *.unrulymedia.com *.www.googleadservices.com *.www.google.com *.facebook.com *.cloudfront.net *.dmxleo.com *.facebook.net *.agkn.com cdn.lightwidget.com https://firebasestorage.googleapis.com flagpedia.net *.payu.in cdn.razorpay.com maps.gstatic.com *.pickrr.com *.netlify.app aa.agkn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.gstatic.com *.facebook.com *.criteo.com *.criteo.net https://www.google.com/recaptcha/api2/webworker.js *.muftijeans.in *.hotjar.com https://static.hotjar.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.vimeo.com https://www.googletagmanager.com *.smartlook.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.google.co.in *.www.google.co.in *.facebook.net cdn.lightwidget.com *.avada.io *.shopify.com maps.googleapis.com *.payu.in checkout.razorpay.com *.pickrr.com *.netlify.app *.shiprocket.in connect.facebook.net sc-static.net tr.snapchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.coolzcloud.com *.amazonaws.com *.googletagmanager.com cdn.lightwidget.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.payu.in *.pickrr.com *.netlify.app https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.muftijeans.in *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.muftijeans.in 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.doubleclick.net *.facebook.com *.googleapis.com *.criteo.com *.pinterest.com *.facebook.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.sandbox.paypal.com *.paypalobjects.com *.google.co.in *.www.google.co.in https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.payu.in lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.pickrr.com *.netlify.app *.fastrr.com *.shiprocket.in https://cred.club *.razorpay.com tr.snapchat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googleadservices.com *.cdnwebcloud.com https://apis.google.com https://www.googleoptimize.com https://connect.facebook.net https://www.gstatic.com *.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com *.womtp.com https://api.ipify.org https://maps.googleapis.com *.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com *.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ads.profilemkt.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com *.womtp.com *.walmeric.com *.google.com; img-src 'self' data: *.azureedge.net *.gstatic.com *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.womtp.com *.walmeric.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://imagenes.solvia.es *.google.com https://www.google.es https://sb.scorecardresearch.com https://ceres-tk3f2sxfca-ey.a.run.app *.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com https://px.ads.linkedin.com *.googletagmanager.com; font-src 'self' *.googleapis.com *.gstatic.com; connect-src 'self' *.solvia.es https://dc.services.visualstudio.com *.hotjar.com *.linkedin.com *.cdnwebcloud.com *.google.com *.googleapis.com *.googlesyndication.com *.indigitall.com *.doubleclick.net *.google-analytics.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp www.facebook.com *.googletagmanager.com *.google.co.in flagpedia.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net tpc.googlesyndication.com www.google.com www.google.co.in s7.addthis.com *.gstatic.com maps.googleapis.com https://player.vimeo.com https://www.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com stats.g.doubleclick.net ekr.zdassets.com/ www.gstatic.com maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com lumberjack-cx.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com x.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.adobedtm.com dev.visualwebsiteoptimizer.com *.exacttarget.com google.it/pagead/1p-conversion self data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cardinalcommerce.com *.authorize.net *.ccdc02.com *.googleadservices.com *.paypalobjects.com  *.braintreegateway.com   *.paypal.com   *.ytimg.com www.gstatic.com/recaptcha www.google.com/recaptcha *.js-agent.newrelic.com unpkg.com/@googlemaps/markerclusterer/dist/index.min.js self *.criteo.com *.yandex.com *.yandex.ru *.teads.tv *.mainadv.com *.bing.com *.clarity.ms *.pinterest.com *.tiktok.com *.amazon-adsystem.com *.quantserve.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com service.force.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.adobe.com assets.adobedtm.com *.googletagmanager.com *.authorize.net *.ccdc02.com *.googleadservices.com *.paypalobjects.com  *.braintreegateway.com   *.paypal.com   *.ytimg.com *.vimeocdn.com www.gstatic.com/recaptcha www.google.com/recaptcha *.google.bg *.doubleclick.net unpkg.com/@googlemaps/markerclusterer/dist/index.min.js unpkg.com/@googlemaps/markerclusterer/dist/* self consentcdn.cookiebot.com *.googlesyndication.com dev.visualwebsiteoptimizer.com js.klarna.com na.klarnaevt.com trustpilot.com googleads.g.doubleclick.net bam.nr-data.net *.criteo.com *.yandex.com *.yandex.ru *.teads.tv *.mainadv.com *.bing.com *.clarity.ms *.pinterest.com *.tiktok.com *.amazon-adsystem.com *.quantserve.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' data:; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com stackpath.bootstrapcdn.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.instinet.com stackpath.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-Wy8ma25B3TWGGnC2_0yzEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-c93mCJ8XMH/kZXTWKYc9BA==' https://cdn-cookieyes.com https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://stats.xovis.com https://www.youtube.com; style-src 'self' 'nonce-c93mCJ8XMH/kZXTWKYc9BA=='; style-src-attr 'unsafe-inline'; img-src 'self' data: blob: https://www.googletagmanager.com https://cdn-cookieyes.com https://api.xovis.com; media-src 'self' data: https://api.xovis.com; font-src 'self' data:; connect-src 'self' https://*.google-analytics.com https://stats.xovis.com https://*.hotjar.io https://cdn-cookieyes.com https://*.cookieyes.com https://api.xovis.com; frame-src 'self' http://iframely.net https://go.xovis.com https://www.youtube-nocookie.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /csp-report 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com https://premier.trustcommerce.com;script-src 'nonce-0dffe8e5c04b403fbb4572c2d553439d' https://essentiamychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://essentiamychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-m-ZgOotcNjVLQCNQ1yYBtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.simyo.es *.typekit.net *.sumup.com *.opentech.com *.consorsbank.de *.bkm.com.tr *.micb.md *.capitecbank.co.za *.asseco-see.hr *.ing.com *.privatbank.ua *.n26.com *.six-group.com *.seglan.com *.monext.fr *.rsa3dsauth.com *.papara.com *.sibs.pt *.bpcbt.com *.capitalone.com *.bpcprocessing.com *.kapital24.uz *.alignet.io *.revolut.com *.wlp-acs.com *.mycardplace.com *.emlpayments.com *.abanca.com *.viseca.ch *.edb.com *.arca.am *.modirum.com *.redsys.es *.marqeta.com *.vinea.es *.cardinalcommerce.com;  script-src-elem 'self' 'unsafe-inline' *.redsys.es *.cardinalcommerce.com *.googleapis.com *.pinterest.com bat.bing.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.amazon-adsystem.com *.pinimg.com *.taboola.com amplify.outbrain.com jgb8.simyo.es analytics.tiktok.com *.weborama.fr connect.facebook.net foodin.site sc-static.net *.hotjar.com *.mathtag.com *.appboycdn.com *.google-analytics.com *.useinsider.com *.criteo.com *.jsdelivr.net *.cardinalcommerce.com *.google.com www.google.com/recaptcha *.xizumubama.com *.thetto.com *.roterf.com *.snapchat.com *.appsflyer.com *.bazaarvoice.com *.bimien.com;  script-src 'self' 'unsafe-inline' https: 'unsafe-eval' *.typekit.net *.redsys.es *.cardinalcommerce.com *.googletagmanager.com bat.bing.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.yandex.net yastatic.net blob:;  img-src 'self' *.redsys.es *.simyo.es *.google.es *.doubleclick.net *.weborama.fr *.facebook.com *.cardinalcommerce.com bat.bing.com *.google-analytics.com analytics.tiktok.com *.typekit.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com  *.googleusercontent.com *.vimeocdn.com data: *.360yield.com *.doubleclick.net *.stickyadstv.com *.yieldmo.com *.bing.com blob: bttrack.com *.shoppiday.es *.goin.cloud *.honey.io *.media.net *.camarabilbao.com *.adxcel-ec2.com *.mediavine.com *.weborama.fr *.criteo.com *.liadm.com *.adnxs.com *.rlcdn.com *.postrelease.com *.roeye.com *.ggpht.com *.sharethrough.com *.yandex.ru *.veritone-ce.com *.mediawallahscript.com *.rubiconproject.com *.casalemedia.com *.smartadserver.com *.pubmatic.com *.yahoo.com *.igstatic.com *.taboola.com *.1rx.io *.outbrain.com *.revcontent.com *.omnitagjs.com webkit-masked-url://hidden *.facebook.com *.google.ad *.google.al *.google.at *.google.be *.google.bg *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.co.cr *.google.co.id *.google.co.in *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.br *.google.com.co *.google.com.do *.google.com.ec *.google.ba *.google.co.uz *.google.bf *.google.ci *.google.com.gi *.google.com.gt *.google.com.ni *.google.com.np *.google.com.eg *.google.com.hk *.google.com.mt *.google.com.mx *.google.com.my *.google.com.pe *.google.com.py *.google.com.qa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.com.gh *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.co.ao *.google.co.il *.google.co.ug *.google.com.bo *.google.com.bz *.google.com.na *.google.com.sv *.google.md *.google.mw *.google.iq *.google.am *.google.fi *.google.cv *.google.dz *.google.ge *.google.hn *.google.kz *.google.lk *.google.lv *.google.rs *.google.sn *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.lt *.google.lu *.google.ae *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.cm *.google.co.ke *.google.co.nz *.google.com.pa *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.me *.google.mv *.google.tn *.bidswitch.net *.groovinads.com *.clarity.ms *.ytimg.com mikkiload.com *.prfrm-ads.com *.charleskeith.co.th *.barclays.co.uk *.snapchat.com *.adentifi.com *.amazonaws.com *.discordapp.com *.yandex.com *.productfruits.com *.discordapp.net *.profileengine.com *.phncdn.com *.leanlibrary.app *.ibb.co *.facebook.net *.css-tricks.com *.ipredictive.com *.line.me *.reskyt.com *.marca.com *.baidu.com *.huffingtonpost.es *.eficads.net;  frame-src *.simyo.es *.redsys.es simyospain.speedtestcustom.com *.weborama.fr buybutwhere.com hipodi.com *.awin1.com *.googleapis.com cookieaquila.com *.mycardplace.com *.cardinalcommerce.com bat.bing.com *.pinterest.com *.amazon-adsystem.com *.doubleclick.net mapacob.aptica.es *.google.com *.socialmediaserver.es *.vimeo.com *.n26.com *.abanca.com *.borica.bg *.emlpayments.com *.nexigroup.com *.sebkort.com *.vinea.es *.cardcenter.ch 3dsecure-vrp.de acestream.tv *.modirum.com *.3dsecure.no *.apata.io *.edb.com *.bpcbt.com *.revolut.com *.targobank.de *.modirum.com acs2.arca.am *.bgpb.by *.marqeta.com *.wlp-acs.com *.opendns.com bnext.areq.mpts.modirum.com:9702 *.icard.com ebanking1.ccb.com.cn emet.live emet.news gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net *.criteo.com *.rsa3dsauth.com *.moz.com sas.mc.redsys.es:9731 *.dkb.de *.arcot.com * *.criteo.net tdschded.monext.fr visa2.acs.cmbchina.com *.facebook.com *.googletagmanager.com *.pluscard.de *.pkobp.pl *.sia.eu *.alignet.io *.bpcprocessing.com *.sibs.pt *.swedbank.se *.useinsider.com *.boc.cn *.cloudfront.net *.kaspersky-labs.com *.micb.md *.merck.com *.zscalerthree.net *.secureacs.com *.bankserv.co.za *.gpesecure.com *.adsrvr.org *.ing.de *.viseca.ch *.icbc.com.cn *.netsgroup.com *.jysanbank.kz *.ukrsibbank.com *.monzo.com *.securesuite.net *.capitalone.com *.mtbank.by:8043 *.hitrust.com:9750 *.ajgirona.org *.creditagricole.ma *.mycardsecure.com *.google.com skytraf.xyz acs.hitrust-us.com:9750 securegw1.micb.md:6444 *.groovinads.com *.danskebank.com *.seglan.com *.useinsider.com div.show *.consorsbank.de *.co.uk *.indra-netplus.com *.firstdata.de *.snapchat.com *.sparkasse.at securesuite.net *.wibmo.com *.citibank.com *.zscaler.com *.bog.ge noop.style *.3dsacs.net *.bunq.com *.cihbank.ma *.ukrgasbank.com *.acdcproc.com *.privatbank.ua *.csi-processing.com *.placetopay.com *.s-id-check-sparkassen.de *.eewosecure.com *.cm-cic.com *.gc.ge *.sinnad.com.bh *.mercurypaymentservices.it ;  font-src 'self' *.simyo.es *.redsys.es *.affilitizer.com *.escribelo.ai *.cdnfonts.com *.googleusercontent.com *.bootstrapcdn.com *.cardinalcommerce.com *.fontawesome.com fonts.gstatic.com *.typekit.net *.goin.cloud *.scite.ai *.cloudflare.com *.windows.net *.migaku.com *.slant.co *.alicdn.com *.faceworks.nl *.zohocdn.com yastatic.net ray.st chrome-extension moz-extension ms-browser-extension data:;  connect-src 'self' *.adblockertool.com *.adfreevision.com *.amcreativemedia.com *.bttrack.com *.blackcrow.ai *.yimg.com *.browsekeeper.com *.creativecdn.com *.mczbf.com *.highdataanalytics.com *.uniswap.org *.kaspersky-labs.com infragrid.v.network *.dbankcloud.cn *.overbridgenet.com *.googlesyndication.com *.facebook.com *.simyo.es *.redsys.es ara.paa-reporting-advertising.amazon *.cardinalcommerce.com bat.bing.com *.taboola.com analytics.tiktok.com *.amazon-adsystem.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.googleapis.com *.google.com *.google.com.ar *.google.com.co *.google.com.do *.google.com.mx *.google.com.pe *.google.com.tr *.google.com.uy *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.lt *.google.pt *.google.kz *.google.ro *.google.ae *.google.at *.google.ca *.google.ch *.google.cl *.google.co.ma *.google.co.uk *.google.co.ve  *.google.be *.google.cm *.google.co.jp *.google.co.nz *.google.com.br *.google.cz *.google.fi *.google.com.pk *.google.com.pr *.google.com.sg *.google.com.gi *.google.ad *.google.by *.google.ba *.google.gr *.google.hu *.google.nl *.google.no *.google.rs *.google.sk *.google.se *.google.ru *.google.sn *.google.tn *.google.co.il *.google.com.pa *.google.com.qa *.google.dk *.google.me *.google.com.au *.google.com.gt *.google.com.hk *.google.co.cr *.gstatic.com *.googleadservices.com *.mplxtms.com *.yandex.ru *.cdn77.org *.adtonus.com *.fbanalytics.org *.mkmediaworks.com *.ultimateaderaser.com *.zendesk.com *.jquery.com *.zdassets.com meetlookup.com *.amazonaws.com rbtds.net *.clarity.ms zone1-services-cdn.com *.socialsolutionapp.com *.awesomeblocker.com *.global-data-lab.com *.range-offer.com *.report-uri.com *.pangle-ads.com *.adblocking247.com *.blocksly.org *.crystal-blocker.com *.datacloudstat.com *.software-downloading.com cubox.pro *.vimeocdn.com *.typekit.net *.vimeo.com *.reskyt.com *.braze.com *.criteo.com *.snapchat.com *.yandex.net *.yandex.com *.productfruits.com *.hotjar.io *.appsflyer.com *.onelink.me *.googletagmanager.com ya.ru *.socialmediaserver.es data: blob:;  style-src-elem 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.scriptcdn.net *.tiktok.com *.webgains.io *.bing.com blob: bttrack.com *.amazon-adsystem.com *.taboola.com *.trackmytarget.com *.facebook.net *.weborama.fr *.pinterest.com *.eligrop.com *.hicloud.com *.kaspersky-labs.com *.doubleclick.net infimv.com *.blackcrow.ai *.simyo.es *.roeyecdn.com *.yandex.ru *.acestream.net *.pinimg.com *.yimg.com *.mplxtms.com *.criteo.net *.creativecdn.com *.dwin1.com *.google.com *.googleadservices.com *.googletagmanager.com *.mczbf.com *.opera-mini.net *.honey.io *.gstatic.com *.groovinads.com *.cloudflare.com  *.useinsider.com *.line-scdn.net *.vulapo.com *.cloudfront.net *.mediarithmics.com hublosk.com *.adsrvr.org jullyambery.net *.adguard.org mikkiload.com *.prfrm-ads.com *.zdassets.com *.charleskeith.co.th *.eficads.net *.artfut.com *.clarity.ms *.reskyt.com *.bootstrapcdn.com *.fontawesome.com lonelyfix.com data:;  style-src-attr 'unsafe-inline' *.typekit.net;  style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.google.com *.reskyt.com *.gstatic.com *.googleadservices.com;  media-src data:;  worker-src blob:; 1
default-src 'none'; connect-src googleads.g.doubleclick.net our.umbraco.com stats.g.doubleclick.net www.google-analytics.com www.google.com cdn.linkedin.oribi.io region1.analytics.google.com iwfsecurity.report-uri.com consentcdn.cookiebot.com translate.googleapis.com 'self';  font-src fonts.gstatic.com use.typekit.net 'self'; manifest-src 'self'; object-src 'self'; frame-src vimeo.com donorbox.org www.buzzsprout.com player.vimeo.com www.googletagmanager.com www.youtube.com consentcdn.cookiebot.com www.google.com indd.adobe.com 'self'; frame-ancestors 'self'; img-src data: t.co analytics.twitter.com fonts.gstatic.com www.google.co.uk our.umbraco.com www.gravatar.com www.googletagmanager.com www.linkedin.com www.facebook.com px4.ads.linkedin.com www.google-analytics.com px.ads.linkedin.com gtranslate.net p.typekit.net www.gstatic.com dashboard.umbraco.com i.vimeocdn.com www.google.com translate.googleapis.com translate.google.com bat.bing.com *.cookiebot.com 'self'; media-src data: 'self' vimeo.com player.vimeo.com *.akamaized.net; script-src 'self' 'unsafe-eval' bat.bing.com static.ads-twitter.com vimeo.com www.vimeo.com ajax.aspnetcdn.com www.google.com connect.facebook.net www.googleadservices.com www.gstatic.com www.google-analytics.com snap.licdn.com translate-pa.googleapis.com consent.cookiebot.com use.typekit.net translate.google.com translate.googleapis.com consentcdn.cookiebot.com use.typekit.net dev.iwf.org.uk www.googletagmanager.com *.iwf.org.uk *.cookiebot.com *.typekit.net cdn.veritonic.com inline: 'unsafe-inline' 'unsafe-eval' 'self'; style-src translate.googleapis.com  www.gstatic.com inline: 'self' 'unsafe-inline'; report-uri https://iwfsecurity.report-uri.com/r/d/csp/enforce; 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-1pcT3LOistjUWlxelWM3nQ==' 1
default-src 'self' 'unsafe-inline' www.uscc.gov www.google.com analytics.google.com fonts.googleapis.com www.googletagmanager.com www.gstatic.com fonts.gstatic.com use.fontawesome.com s7.addthis.com www.senate.gov; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://*.marketo.com https://*.marketo.net https://*.mktoresp.com; upgrade-insecure-requests; img-src 'self' data: blob: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://*.marketo.net https://*.marketo.com https://*.mktoresp.com; connect-src 'self' https: https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.marketo.net https://*.marketo.com https://*.mktoresp.com 1
object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com cdn3.theuaelottery.ae cdn3.uat-uaenl.ae www.gstatic.com;report-uri https://muddy-meadow-fb56.swang-203.workers.dev/csp-report 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss:; frame-src https:; media-src 'self' blob: https:; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://ddwl4m2hdecbv.cloudfront.net https://b-code.liadm.com https://rp.liadm.com https://idx.liadm.com; connect-src 'self' https://pro.ip-api.com https://alocdn.com https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://pay-staging.instamed.com https://pay.instamed.com;script-src 'nonce-bf2831c6782e4a259e0ed85458e4fb0e' https://myhealthatvanderbilt.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://myhealthatvanderbilt.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://epic.gateway.patientco.com https://pay.instamed.com;script-src 'nonce-3f00b5db48954f09934aab61cd2da69a' https://www.mylvhn.org 'self' https://www.google.com/reCaptcha/enterprise.js;img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://www.google.com;style-src https://www.mylvhn.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'nonce-ce79737d0558e9a4d609935859582d63' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.grafana.net *.sentry.io *.hotjar.com *.hotjar.io *.api.useinsider.com *.useinsider.com *.qualtrics.com *.siteintercept.qualtrics.com *.px-cloud.net *.px-cdn.net *.pxchk.net *.px-client.net *.perimeterx.net *.appcues.com *.appcues.net *.youtube.com *.cloudfront.net *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.appcues.com *.api.useinsider.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.googletagmanager.com; font-src 'self' data: *.gstatic.com *.gstatic.cn *.cloudfront.net *.hotjar.com *.cdnfonts.com *.appcues.com *.cloudflare.com *.useinsider.com; img-src 'self' data: blob: *.dhmedia.io *.cloudfront.net *.deliveryhero.io *.amazonaws.com *.useinsider.com *.openstreetmap.org *.appcues.com *.restaurant-partners.com *.portal.restaurant *.mapbox.com leafletjs.com *.youtube.com *.adobe.com *.qualtrics.com *.pedidosya.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.googletagmanager.com; media-src 'self' data: *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.googletagmanager.com; frame-src 'self' blob: *.qualtrics.com *.usehurrier.com accounts.google.com *.pedidosya.com *.youtube.com *.px-cloud.net *.portal.restaurant *.google.com; worker-src 'self' blob: chrome-extension: *.px-cloud.net; object-src 'none'; base-uri 'self'; form-action 'self' *.qualtrics.com; frame-ancestors 'self' *.restaurant-partners.com; connect-src * data:;; report-uri https://o516780.ingest.us.sentry.io/api/4507300079796224/security/?sentry_key=e1e196e276372428a5ecb141664aae68; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com.mx *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com dbschile.api.useinsider.com *.queue-it.net *.clarity.ms *.getblue.io *.gorgias.chat *.mouseflow.com www.googleoptimize.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.yango.com *.clarity.ms *.gorgias.chat *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-qzzIfxThxm9Vt_oV1puP0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-PGkSxehJPFuyPgdR9fmeGw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'sha256-f9ms/4u9WrRYV3p93xXv88VDowcvTVxabxYcmCxoxBE=' https://connect.facebook.net https://accounts.google.com https://www.googletagmanager.com https://cdn.jifo.co https://s.infogram.com https://www.youtube.com https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.google.co.in https://www.gstatic.com https://securepubads.g.doubleclick.net https://bat.bing.com https://www.clarity.ms https://play.google.com https://can.canstar.com.au https://graph.canstar.com.au https://jnn-pa.googleapis.com https://logx.optimizely.com https://identitytoolkit.googleapis.com https://sso.canstar.com.au https://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://sdk-02.moengage.com https://metrics.hotjar.io https://siteintercept.qualtrics.com https://collector-px58c3a4zy.perimeterx.net https://platform.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://gfonts.jifo.co https://cdn.jifo.co https://themes.jifo.co https://accounts.google.com https://graph.canstar.com.au https://platform.twitter.com; style-src-attr 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline' https://cns-angular-content-uat-2.freetls.fastly.net https://cns-angular-content-prod-1.freetls.fastly.net https://cns-angular-content-prod-2.freetls.fastly.net; img-src 'self' data: blob: https://graph.canstar.com.au https://snapshots.uat.canstar.com.au https://snapshots.canstar.com.au https://www.youtube.com https://i.ytimg.com https://yt3.ggpht.com https://images.jifo.co https://www.google.com https://www.google.com.au https://www.google.co.in https://www.gstatic.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://bat.bing.com https://www.clarity.ms https://play.google.com https://can.canstar.com.au https://graph.canstar.com.au https://jnn-pa.googleapis.com https://logx.optimizely.com https://identitytoolkit.googleapis.com https://sso.canstar.com.au https://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://sdk-02.moengage.com https://fonts.gstatic.com https://themes.jifo.co https://gfonts.jifo.co https://cdn.jifo.co https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://www.canstarblue.com.au https://www.canstar.com.au https://secure.gravatar.com https://ep1.adtrafficquality.google https://adtrafficquality.google; font-src 'self' https://fonts.gstatic.com https://themes.jifo.co https://gfonts.jifo.co https://cdn.jifo.co https://script.hotjar.com; frame-src 'self' https://www.youtube.com https://accounts.google.com https://e.infogram.com https://www.googletagmanager.com http://www.googletagmanager.com https://10445216.fls.doubleclick.net https://10420344.fls.doubleclick.net https://can.canstar.com.au https://can.canstarblue.com.au https://securepubads.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com https://a25480140109.cdn.optimizely.com; connect-src 'self' https://graph.canstar.com.au https://can.canstar.com.au https://can.canstarblue.com.au https://jnn-pa.googleapis.com https://www.google-analytics.com https://bat.bing.com https://www.clarity.ms https://sdk-02.moengage.com https://connect.facebook.net https://www.facebook.com https://accounts.google.com https://www.googletagmanager.com https://cdn.jifo.co https://s.infogram.com https://www.youtube.com https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.google.co.in https://www.gstatic.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://play.google.com https://logx.optimizely.com https://identitytoolkit.googleapis.com https://sso.canstar.com.au https://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://clerk.canstar.com.au https://vital-wasp-63.clerk.accounts.dev https://faithful-gannet-95.clerk.accounts.dev https://clerk-telemetry.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://metrics.hotjar.io https://surveystats.hotjar.io https://siteintercept.qualtrics.com https://collector-px58c3a4zy.perimeterx.net https://ep1.adtrafficquality.google https://adtrafficquality.google https://cns-angular-content-uat-2.freetls.fastly.net https://cns-angular-content-prod-1.freetls.fastly.net https://cns-angular-content-prod-2.freetls.fastly.net; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; report-uri https://graph.canstar.com.au/csp-report; 1
default-src   'self' 'unsafe-inline';  img-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.karte.io *.line.me *.revico.jp *.visumo.io *.visumo.jp ajax.googleapis.com analytics.tiktok.com analytics.twitter.com aw.dw.impact-ad.jp b98.yahoo.co.jp b99.yahoo.co.jp bat.bing.com bat.bing.net cdn.jsdelivr.net connect.facebook.net d1r147hdvhiup1.cloudfront.net d1y1ejsnfr35ye.cloudfront.net googleads.g.doubleclick.net id5-sync.com images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com img-karte-io.s3.amazonaws.com io.repro-booster.com m.media-amazon.com maihada.jp maison.kose.co.jp masvc-prod-function-outside-accesslog.azurewebsites.net players.brightcove.net production-image-proxy.reproio.com promolayer-images.b-cdn.net px.a8.net s3-ap-northeast-1.amazonaws.com sekkisei.jp stats.g.doubleclick.net sdk.hellouniweb.com static-fe.payments-amazon.com static-na.payments-amazon.com t.co uncn.jp universe.send.microad.jp www.addiction-beauty.com www.decorte.com www.facebook.com www.google.ca www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.com www.google.com.au www.google.com.hk www.google.com.my www.google.com.sg www.google.com.tw www.google.com.vn www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.googleadservices.com www.googletagmanager.com www.jillstuart-floranotisjillstuart.com data:;  font-src   'self' 'unsafe-inline' *.karte.io *.revico.jp assets.payments-amazon.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net data:;  connect-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.karte.io *.line.me *.revico.jp *.visumo.io *.visumo.jp a.promolayer.io ac.fanp.me analytics.google.com analytics.tiktok.com analytics-ipv6.tiktokw.us anymindgroup.go2cloud.org apac.account.amazon.com api.amazon.co.jp api.amazon.com apm.yahoo.co.jp ara.paa-reporting-advertising.amazon audiencedata.im-apps.net bat.bing.com bat.bing.net booster.reproio.com bs.nakanohito.jp c.amazon-adsystem.com cdn.microad.jp dc.services.visualstudio.com diagnostics.id5-sync.com displayscdn.promolayer.io dm.slim02.jp dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com edge.api.brightcove.com googleads.g.doubleclick.net id5-sync.com lb.eu-1-id5-sync.com lbs.eu-1-id5-sync.com liffsdk.line-scdn.net lightning-recommend.io mws.amazonservices.com mws.amazonservices.jp o4506773005533184.ingest.sentry.io payments-fe.amazon.com payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net production-dual-proxy.reproio.com region1.analytics.google.com region1.google-analytics.com s.amazon-adsystem.com stats.g.doubleclick.net sdk.hellouniweb.com ufoyaxubucivumen.conversion.jp.zeals.ai uncn.jp universe.send.microad.jp www.facebook.com www.google.ca www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.com www.google.com.au www.google.com.hk www.google.com.my www.google.com.sg www.google.com.tw www.google.com.vn www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google-analytics.com www.googleadservices.com www.googletagmanager.com blob:;  frame-src   'self' *.revico.jp cache.send.microad.jp img.ak.impact-ad.jp payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net recaptcha.google.com s.amazon-adsystem.com static-fe.payments-amazon.com static-na.payments-amazon.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com;  media-src   'self' *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.media.brightcove.com *.visumo.io *.visumo.jp blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.ebis.ne.jp *.karte.io *.mul-pay.jp *.revico.jp *.visumo.io *.visumo.jp ac.fanp.me adebisns.decorte.com ajax.googleapis.com analytics.tiktok.com as.uncn.jp assets.payments-amazon.com b98.yahoo.co.jp b99.yahoo.co.jp bat.bing.com booster.reproio.com c.amazon-adsystem.com cdn.credit.gmo-ab.com cdn.id5-sync.com cdn.jsdelivr.net cdn.microad.jp cdnjs.cloudflare.com connect.facebook.net cs.nakanohito.jp d.line-scdn.net dmp.im-apps.net fraud-buster.appspot.com fspark-ap.com googleads.g.doubleclick.net img.ak.impact-ad.jp js.go2sdk.com lightning-recommend.io masvcuploadprodstorage.blob.core.windows.net modules.promolayer.io penta.a.one.impact-ad.jp players.brightcove.net s.yimg.jp s.yjtag.jp static.jp.zeals.ai static.line-scdn.net statics.a8.net sdk.hellouniweb.com static.ads-twitter.com static-fe.payments-amazon.com static-na.payments-amazon.com vjs.zencdn.net www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com blob:;  style-src   'self' 'unsafe-inline' *.karte.io *.revico.jp *.visumo.jp ajax.googleapis.com assets.payments-amazon.com cdn.jsdelivr.net d1r147hdvhiup1.cloudfront.net fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net;  worker-src   'self' blob:;  report-to   csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-17wHV3DrCGFtt-tARRVctQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://cdnapisec.kaltura.com https://pay.instamed.com;script-src 'nonce-42abfdc8983b41b792aa3db1320d57fb' https://www.mylghealth.org 'self' http://fad.Lghealth.org https://cdc.gov https://patientportal.natera.com https://www.healthwise.net https://www.lancastergeneralhealth.org;img-src https://* 'self' blob: data: http://fad.lghealth.org https://fad.lghealth.org;connect-src 'self' epichttp: https://acrobat.adobe.com;style-src https://www.mylghealth.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-sUvZengWahkxZWUKsSnIhQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' *.irsn.fr *.asnr.fr; script-src 'self' *.irsn.fr *.asnr.fr cdn.ckeditor.com embed.api.video static.doubleclick.net unpkg.com vod.api.video www.google.com www.gstatic.com www.youtube.com www.youtube-nocookie.com e.infogram.com matomo.asnr.fr; object-src 'none'; style-src 'self' 'unsafe-inline'  *.irsn.fr *.asnr.fr fonts.googleapis.com unpkg.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data:  *.irsn.fr *.asnr.fr i.ytimg.com yt3.ggpht.com *.tile.openstreetmap.org; media-src 'self'  *.irsn.fr *.asnr.fr; frame-src 'self'  *.irsn.fr *.asnr.fr embed.api.video www.youtube.com www.youtube-nocookie.com irsn.libcast.com e.infogram.com irsn.libcast.com; frame-ancestors 'self'  *.irsn.fr *.asnr.fr; child-src 'self'  *.irsn.fr *.asnr.fr embed.api.video www.youtube.com www.youtube-nocookie.com; font-src 'self' data:  *.irsn.fr *.asnr.fr embed.api.video fonts.gstatic.com themes.googleusercontent.com; connect-src 'self'  *.irsn.fr *.asnr.fr collector.api.video googleads.g.doubleclick.net jnn-pa.googleapis.com vod.api.video www.youtube.com www.youtube-nocookie.com; report-uri /sa-report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.adtrafficquality.google https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://adservice.google.com https://www.gstatic.com https://www.googleapis.com https://apis.google.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https: https://gifftme-pull.b-cdn.net; font-src 'self' data: https://fonts.gstatic.com https://www.gstatic.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.firebaseio.com https://*.firebasedatabase.app https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firebaseinstallations.googleapis.com https://firebaseappcheck.googleapis.com https://firestore.googleapis.com https://api.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://gifftme-pull.b-cdn.net; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://*.google.com https://*.adtrafficquality.google https://*.doubleclick.net https://*.googlesyndication.com; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' blob: https: https://gifftme-pull.b-cdn.net; form-action 'self' https://checkout.stripe.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://live.decidir.com/ *.despegar.com *.koin.com.br *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com https://maps.googleapis.com live.decidir.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.snplow.net commerce.adobedc.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.despegar.com *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.decidir.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * sibautomation.com *.criteo.com *.gelproximity.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.elfsight.com *.elfsightcdn.com *.trustpilot.com *.trustpilot.net *.doofinder.com *.google.com *.google.it *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv eb2.3lift.com *.yahoo.com *.adform.net *.criteo.com *.popupsmart.com *.onesignal.com upstream.heidipay.com sbx-upstream.heidipay.io *.casalemedia.com id5-sync.com *.360yield.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.1rx.io *.agkn.com *.unrulymedia.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.elfsight.com *.doofinder.com sibautomation.com *.iubenda.com *.popupsmart.com *.criteo.com *.onesignal.com onesignal.com *.gelproximity.com *.clerk.io *.hotjar.com www.google.com www.gstatic.com beacon.riskified.com tracking.trovaprezzi.it tps.trovaprezzi.it www.trovaprezzi.it *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com https://static.klaviyo.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.doofinder.com onesignal.com *.popupsmart.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.onesignal.com onesignal.com *.popupsmart.com *.elfsight.com *.doofinder.com wss://*.doofinder.com *.brevo.com *.iubenda.com *.doubleclick.net *.criteo.com *.google-analytics.com www.google.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src *.gstatic.com *.google.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com cdn1.stamped.io stamped.io *.zdassets.com 'self' 'unsafe-inline'; font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.typekit.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net cdn1.stamped.io stamped.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src *.googleapis.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com *.gstatic.com s.yimg.com in.visitors.live dsp-trk.eskimi.com dsp-ap.eskimi.com sslwidget.criteo.com wss://in.visitors.live analytics.tiktok.com/* portal.immerss.live *.linkedin.com *.creativecdn.com wss://ws.hotjar.com *.istore.co.za *.tiktok.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com sandbox-api.layup.co.za layup.co.za https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com oppwa.com *.oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com vsb111.tawk.to ekr.zdassets.com app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src *.google.com ams.creativecdn.com portal.immerss.live *.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com pixel.rubiconproject.com cm.g.doubleclick.net r.casalemedia.com eb2.3lift.com simage2.pubmatic.com contextual.media.net sync-t1.taboola.com exchange.mediavine.com s.ad.smaato.net match.sharethrough.com jadserve.postrelease.com c.bing.com sync.outbrain.com rtb-csync.smartadserver.com secure.adnxs.com ib.adnxs.com ads.yahoo.com ups.analytics.yahoo.com dis.criteo.com *.doubleclick.net *.linkedin.com *.tribalfusion.com sync.go.sonobi.com istore.co.za cm.adform.net ams.creativecdn.com bh.contextweb.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com cdn1.stamped.io stamped.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.google.com *.googleapis.com *.gstatic.com capitracking.istore.co.za s.yimg.com platform2.cloud-iq.com static.ads-twitter.com rookdsp.com dsp-media.eskimi.com portal.immerss.live snap.licdn.com tags.creativecdn.com *.tiktok.com *.tribalfusion.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.oppwa.com oppwa.com *.peachpayments.com cdn1.stamped.io stamped.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com datadoghq-browser-agent.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com *.experticity.com 10974823.collect.igodigital.com *.collect.igodigital.com *.bazaarvoice.com gore-rebrand-fonts.surge.sh viev-fonts.surge.sh googleads.g.doubleclick.net envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com track.sv.rkdms.com sync.crwdcntrl.net *.hotjar.com widget-mediator.zopim.com aorta.clickagy.com *.searchspring.net *.googlesyndication.com *.liadm.com *.abtasty.com appclip.loopid.com noembed.com *.klarnaevt.com *.usablenet.com *.usablenet.dev *.gorewear.com *.rebrand.gorewear.com rebrand.gorewear.com www.sandbox.paypal.com cdn.sand.us.zip.co localhost:* *.origin.gorewear.com origin.gorewear.com 1
font-src fonts.gstatic.com use.typekit.net self data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://store.plumrocket.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com self *.doubleclick.net *.criteo.com *.easydmp.net *.snapchat.com https://store.plumrocket.com https://accounts.google.com checkoutshopper-test.adyen.com pal-test.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com self *.bing.com *.paypal.com *.google.fr *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.cookielaw.org *.snapchat.com checkoutshopper-test.adyen.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com self sc-static.net *.abtasty.com *.jsdelivr.net *.gstatic.com *.facebook.net *.tiktok.com *.googleapis.com *.easydmp.net *.vzbl.eu *.aticdn.net *.m1by1.com *.woosmap.com *.doubleclick.net *.cookielaw.org *.snapchat.com *.valiuz.com *.mediarithmics.com *.prediggo.services https://accounts.google.com checkoutshopper-test.adyen.com 'self' 'unsafe-eval' 'nonce-NDI5cXFnOGxra3czdDhlbGF3Zmh1ZW81amdxM2pqaGs=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com self *.gstatic.com *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.snapchat.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com self *.snapchat.com *.cookielaw.org *.abtasty.com *.googleapis.com *.vzbl.eu *.criteo.com *.easydmp.net *.xiti.com *.valiuz.com *.doubleclick.net *.mediarithmics.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.bing.com *.criteo.net *.snapchat.com *.netvigie.com *.xiti.com *.valiuz.com *.googletagmanager.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://api-gw-v4.dev.gokwik.io https://sandbox.pdp.gokwik.co https://pdp.gokwik.co *.adobe.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com api.razorpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com https://api-gw-v4.dev.gokwik.io https://sandbox.pdp.gokwik.co https://pdp.gokwik.co *.adtrafficquality.google *.clarity.ms *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com cdn.razorpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com http://sp-kf-collector.dev.gokwik.io https://api-gw-v4.dev.gokwik.io https://sandbox.pdp.gokwik.co https://pdp.gokwik.co *.lightwidget.com *.artfut.com *.adtrafficquality.google *.googlesyndication.com s3-ap-southeast-1.amazonaws.com *.cloudflare.com *.clarity.ms *.vimeo.com *.mxpnl.com *.bing.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com cdn.jsdelivr.net checkout.razorpay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com http://sp-kf-collector.dev.gokwik.io https://api-gw-v4.dev.gokwik.io https://sandbox.pdp.gokwik.co https://pdp.gokwik.co *.onedirect.in *.adtrafficquality.google *.clarity.ms *.mixpanel.com *.adobe.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.jsdelivr.net unpkg.com *.kapturecrm.com *.wizzy.ai *.gozayaan.com *.googletagmanager.com *.supabase.co *.hotjar.com swopstore.com script.google.com *.facebook.net *.matomo.cloud *.soch.com *.bing.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com wss://sockets.wizzy.ai *.wizsearch.in wss://sockets.wizsearch.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hubspotusercontent.com https://*.hubspotusercontent-eu1.net https://js.hs-analytics.net https://js.hsforms.net https://api.hsforms.com https://api.hubapi.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hs-web-analytics.net https://static.hsappstatic.net https://cdn2.hubspot.net https://cdn.hubspot.com https://*.cloudfront.net https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://www.youtube.com; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-src 'self' https: data:; connect-src 'self' https: wss: https://www.cadburydessertscorner.com; media-src 'self' https: data: blob:; worker-src 'self' https: blob:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self' https://*.hubspot.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-DRncgf2YiNrjmxXmsRw04A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com *.yotpo.com *.userway.org *.klarnacdn.net *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widget.nfusionsolutions.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net *.typeform.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://*.scalebus.com https://scalebus.com *.userway.org *.listrakbi.com magefan.com cm.magefan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.abtasty.com https://*.scalebus.com https://scalebus.com widget.nfusionsolutions.com *.northbeam.io i.govmint.com *.userway.org *.yotpo.com *.cloudfront.net *.listrakbi.com *.gstatic.com *.cloudflare.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bootstrapcdn.com *.userway.org *.yotpo.com *.listrakbi.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.abtasty.com api.experianaperture.io https://*.scalebus.com https://scalebus.com *.northbeam.io i.govmint.com *.userway.org *.listrakbi.com bam.nr-data.net *.launchdarkly.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src *.force.com https://content.instrumentation.getconga.com slack-imgs-mil-dev.com https://www.linkedin.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://payments.salesforce.com/icons/ https://cdn.cookielaw.org https://login.salesforce.com/icons/ https://*.forethought.ai https://acquia--full--c.sandbox.vf.force.com https://*.springcm.com http://adn.acquia.com https://www.gstatic.com https://status.widen.com *.slack-edge-gov.com *.my-salesforce.com https://feeds.feedburner.com *.cloudinary.com https://dev-adn.acquia.com https://app.launchdarkly.com https://services.congamerge.com https://d3mvpbun2t0ap6.cloudfront.net https://calendar.google.com https://usa326.sfdc-yfeipo.salesforce.com/icons/ blob: https://sentry.io slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://data.instrumentation.getconga.com *.widencollective.com https://ssl.gstatic.com *.twimg.com https://agent.acquia.net https://api.mixpanel.com *.slack.com https://www.paypal.com https://gateway.gainsightcloud.com https://acquia.gainsightcloud.com *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://dev-agent.acquia.net *.salesforce-experience.com https://acquia.file.force.com https://fonts.gstatic.com slack-imgs-gov-dev.com https://acquia.my.site.com *.slack-edge.com https://aq112111s.searchunify.com https://aq142201p.searchunify.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ slack-mil-dev.com https://tagmanager.google.com https://acquia.my.salesforce.com https://www.gstatic.com/recaptcha/ https://geolocation.onetrust.com https://*.congamerge.com https://sfapi-sandbox.formstack.io https://status.acquia.com https://embed.widencdn.net https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://www.acquia.com https://api.forethought.ai https://acquia.widen.net https://i.vimeocdn.com https://www.googletagmanager.com https://www.equusoft.com https://www.widen.com https://d1z9ryalr1cz6s.cloudfront.net https://www.google-analytics.com *.salesforce.com https://*.adyen.com https://widen.widen.net slack-imgs.mil https://sfapi.formstack.io data:; report-to sfdc-csp-ep; report-uri https://acquia.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D6g000003vCaM&networkId=0DM6g000000eGOT&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-X1Hrz7rmNW2oeFJ1B-hWLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-oGztWE-z-Nc8Mu0-CeNaJg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=28454&v=v1.0&payload=X1Vv5gpSF-IrQx0t0bm4ppveVy2sLF1XJsypBj-jx3yIyvwaORppxAdMgdf8SQrmPSTdUEofMP8V00e-Mm3YWMMAwDCk1XkIJIH9Xwo-xKFZpmYs8Efs5U056XzkVvWv2Yefh5b-MbfMVQkwO3qy0BHZdIMBhWwAHTbFqCaZkg9xgdDF8aVWJ7Z4bO5anGHGYDVi-klVXZwm5jxeOMSyHg==; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.alicdn.com *.cloudflare.com *.faceworks.nl *.font.im ncspublicasset.s3.eu-west-3.amazonaws.com *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.multisafepay.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.alicdn.com *.bing.com *.bing.net *.cookiebot.com europe-west1-maxlead-dwh-test.cloudfunctions.net *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tn www.google.to www.google.tt google.com *.googlesyndication.com *.licdn.com *.linkedin.com *.magento.cloud *.mailplus.nl s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com m17.mailplus.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 9292.nl *.bing.com *.clarity.ms *.cloudflare.com *.cookiebot.com *.cookiebot.eu *.googleadservices.com *.googlesyndication.com *.hotjar.com *.ipify.org *.licdn.com *.mailplus.nl *.marker.io *.oribi.io *.pinimg.com *.pinterest.com *.thinglink.me *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.mailplus.nl *.typekit.net *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.sharethis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.multisafepay.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 9292.nl *.alicdn.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.doubleclick.net *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tn www.google.tt *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.linkedin.com *.marker.io *.pinterest.com s3.ap-east-1.amazonaws.com s3.eu-west-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://95b39a76-7377-449c-a715-7f75d8431eb4.sansec.watch/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.facebook.com *.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.authorize.net *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.se https://www.myheritage.se  'unsafe-eval' 'nonce-25d69811d74688b80eebd856d0cfc308' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.se;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com https://plumrocket.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com *.googleapis.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.trackedlink.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.cookielaw.org *.facebook.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.instagram.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://paul-marius.my.join-stories.com *.hsforms.net *.hsforms.com https://genki.paulmarius.fr https://genki.paulmarius.de https://genki.paulmarius.es https://genki.paulmarius.it https://genki.paulmarius.nl https://genki.paulmarius.com https://genki.paulmarius.us https://genki.paulmarius.co.uk *.bing.com *.clarity.ms https://js.klarna.com *.trustpilot.com *.cookielaw.org *.cookieless-data.com *.paulmarius.fr *.googlesyndication.com *.doubleclick.net *.apicit.net *.clickintext.net *.facebook.net *.googletagmanager.com apicit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://x.klarnacdn.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.googleapis.com maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cookielaw.org *.googlesyndication.com *.db-ip.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.uestra.de https://cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://img.youtube.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://cloud.ccm19.de https://elma.gvh.de https://www.facebook.com; base-uri 'self' https://*.uestra.de; frame-src 'self' blob: https://*.youtube.com/ https://gvh.demo.hafas.cloud https://gvh.hafas.de https://abo.gvh.de https://cloud.ccm19.de https://deutschlandticket.gvh.de https://transport.novafind.eu/; media-src 'self' blob:; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cloud.ccm19.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://stats.uestra.de 'report-sample'; font-src 'self' data: https://fonts.gstatic.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://stats.uestra.de https://elma.gvh.de; connect-src 'self' https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://stats.uestra.de https://elma.gvh.de https://www.facebook.com; object-src 'self' blob: https://*.uestra.de; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://relaunch.uestra.de https://*.webit.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://connect.facebook.net 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://www.uestra.de https://relaunch.uestra.de https://stats.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://elma.gvh.de 'report-sample'; frame-ancestors 'self' https://*.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de; form-action 'self'; report-uri https://www.uestra.de/@http-reporting?csp=report&requestTime=1773711778591067&requestHash=dedf3577776fb45d19e0aa326d058929f8d1fae3 1
object-src 'none';base-uri 'self';script-src 'nonce-NVPCZUG6zuQ3ymMpPGeBcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://buy.cycletrader.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com https://*.dev-octanelisting.com https://*.octanelisting.com; worker-src 'self' blob:; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.googleapis.com maps.gstatic.com 'self' data: gpsfarma.com www.afip.gob.ar www.google.com.ar https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.mlstatic.com *.mercadopago.com maps.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolibre.com maps.googleapis.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:  blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self'  https: blob:; font-src 'self' https: ; connect-src 'self' https: wss:; object-src 'none'; 1
default-src 'self'; img-src 'self' *.taiko-p.jp data: https://www.googletagmanager.com/ https://www.google.co.jp/ https://cdn-au.onetrust.com/; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-69b8c30a21374' */gtm.js https://www.googletagmanager.com/ https://cdn-au.onetrust.com/; connect-src */ajax/ https://stats.g.doubleclick.net/ https://cdn-au.onetrust.com/ https://www.google-analytics.com https://geolocation.onetrust.com/ https://privacyportal-au.onetrust.com/ https://analytics.google.com/ https://www.google.co.jp/; report-uri csp_report.php; 1
script-src 'self' *.fallcoweb.it fallcoweb.it *.portalenotarile.it portalenotarile.it 'unsafe-eval' 'nonce-rADRnmj7jKdVtf/6xfjjOxVHBNGMrR1Vnl8kUxjEiZk=' 'strict-dynamic' 'report-sample';  script-src-attr 'unsafe-inline' 'report-sample';  img-src http: https: data: blob: ;  object-src 'self' firma.fallcoweb.it firma-test.fallcoweb.it;  base-uri 'self';  frame-ancestors 'self' *.fallcoweb.it fallcoweb.it *.portalenotarile.it portalenotarile.it;  report-uri https://o4510754677194752.ingest.de.sentry.io/api/4510872859639888/security/?sentry_key=67749a8c401880af5dd5dacefaff505d; 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com https://ct.pinterest.com/ https://static.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net *.despegar.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com *.online-metrix.net https://www.google.com/pagead/ https://www.google.com.br/pagead/ https://apps.mypurecloud.com https://td.doubleclick.net https://event.getblue.io https://app-indecx.com https://ct.pinterest.com/ https://web-modules-de-na1.niceincontact.com/ https://h.online-metrix.net/* *.despegar.com/ *.braintreepayments.com assets.braintreegateway.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://h.online-metrix.net *.d.aa.online-metrix.net https://cdnjs.cloudflare.com https://res.cloudinary.com https://vlibras.gov.br https://www.vlibras.gov.br https://lumisfera.com.br https://cdn.cookielaw.org https://cdn.jsdelivr.net https://p.afilio.com.br https://bat.bing.com https://www.facebook.com/ https://static.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ *.adobedtm.com *.googleadservices.com *.google.com *.googletagmanager.com facebook.com.br/* https://connect.facebook.net/en_US/fbevents.js https://c.bing.com/ *.clarity.ms/ www.google.com/* www.google.com.br/* ct.pinterest.com/* *.despegar.com/ *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://h.online-metrix.net *.cardinalcommerce.com *.online-metrix.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://vlibras.gov.br https://www.vlibras.gov.br *.mypurecloud.com https://surveydynamix.com https://cdn.mouseflow.com https://bat.bing.com https://analytics.tiktok.com https://event.getblue.io https://widget.getblue.io https://www.clarity.ms https://js.braintreegateway.com https://static.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://viacep.com.br/* https://*.sc.omtrdc.net/ https://*.facebook.net/ facebook.com.br/* https://*.adobedtm.com/ www.googleadservices.com.br *.google.com *.google.com.br https://www.google.com/pagead/ https://www.google.com.br/pagead/ https://connect.facebook.net/en_US/fbevents.js https://s.pinimg.com https://ct.pinterest.com/* https://web-modules-de-na1.niceincontact.com https://cdnjs.cloudflare.com/ https://h.online-metrix.net/* *.despegar.com/ *.paypal.com *.pagseguro.com.br *.pagseguro.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://cdnjs.cloudflare.com https://cdn-prod.securiti.ai https://cdn.cookielaw.org/* https://web-modules-de-na1.niceincontact.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobedc.net *.demdex.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://dev.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://api-cdn.mypurecloud.com https://content.hotjar.io https://analytics.tiktok.com https://t.clarity.ms https://indecx.com https://geolocation.onetrust.com *.cardinalcommerce.com www.googleadservices.com.br *.google.com *.google.com.br www.googletagmanager.com.br wss://*.hotjar.com/ https://static.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ facebook.com.br/* https://connect.facebook.net/en_US/fbevents.js https://viacep.com.br https://stats.g.doubleclick.net/g/* *.clarity.ms/ https://ct.pinterest.com/* stats.g.doubleclick.net ct.pinterest.com https://vlibras.gov.br https://www.vlibras.gov.br *.despegar.com/ *.braintree-api.com *.pagseguro.com.br *.pagseguro.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' plenitudedistribuidora.com.br *.plenitudedistribuidora.com.br wake-components.fbitsstatic.net plenitudedistribuidora.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.googleadservices.com *.tawk.to k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.ebit.com.br *.cartstack.com wss://vsb31.tawk.to *.cartstack.com.br *.smarthint.co app.cartstack.com.br *.datafrete.app *.getblue.io *.targeting.voxus.com.br cdn.targeting.voxus.com.br googleads.g.doubleclick.net *.g.doubleclick.net *.voxus.tv *.voxus.com.br *.loggly.com targeting.voxus.com.br *.clearsale.com.br accounts.google.com *.facebook.net connect.facebook.net *.facebook.com facebook.com *.conectiva.io *.sunset.systems *.performa.ai *.cupom.social *.conectiva.app conectiva.app api.performa.ai valid.performa.ai cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai *.google.com.br *.google.com *.googletagmanager.com translate.googleapis.com google.com *.trustvox.com.br rate.trustvox.com.br *.google-analytics.com apis.google.com app.cartstack.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com conectiva.io trustvox.com.br *.goadopt.io googletagmanager.com google-analytics.com gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.tiktok.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com td.doubleclick.net *.doubleclick.net integration-hub.mailclick.me *.fbits.store *.adyen.com google.co.jp google.com.bo google.co.uk google.com.uy google.pt google.com.py google.es google.it google.fr google.al google.nl google.be *.pagar.me *.mundipagg.com *.rdstation.com.br *.getnet.com.br *.clarity.ms *.stape.co sa.stape.co clarity.ms *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.google.pt *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br *.monitfy.com cdn.monitfy.com *.fpcs-monitor.com.br web.fpcs-monitor.com.br paypal-wake.s3.us-east-1.amazonaws.com newimgebit-a.akamaihd.net youtube.com yampi-vitrine-digital-prod.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.mailbiz.one *.jsdelivr.net *.3dsecure.io *.visa.com s.pinimg.com *.pinimg.com mpc-prod-18-s6uit34pua-uc.a.run.app ct.pinterest.com *.pinterest.com *.youtube.com demo-1.conversionsapigateway.com *.conversionsapigateway.com analytics-ipv6.tiktokw.us *.tiktokw.us *.wake.tech *.appmax.com.br *.tunagateway.com static.zdassets.com mpc2-prod-25-is5qnl632q-wl.a.run.app mbiz.mailclick.me collector.mailbiz.one cdn.jsdelivr.net *.pagoexpress.com.br viacep.com.br *.viacep.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.plenitudedistribuidora.com.br plenitudedistribuidora.com.br; report-uri https://pub-csp.fbits.net/9c22f94f-211f-4e29-a42a-e91687d5a87a; report-to https://pub-csp.fbits.net/9c22f94f-211f-4e29-a42a-e91687d5a87a; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.sandbox.paypal.com *.paypalobjects.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io *.ftcdn.net *.behance.net *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com julio.com *.scene7.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.braintreegateway.com mcusercontent.com www.google.com.co *.sharethis.com *.aplazo.mx *.api.useinsider.com *.sandbox.paypal.com *.paypalobjects.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.bing.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.connect.facebook.net https://smetrics.julio.com *.julio.com *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.bolt.com *.commerce-quick-checkout.com *.online-metrix.net *.cybersource.com *.sharethis.com *.pingdom.net *.hotjar.com *.zdassets.com *.useinsider.com *.usizy.es usizy.com *.cloudflare.com *.sandbox.paypal.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com julio.com https://smetrics.julio.com *.demdex.net *.cardinalcommerce.com *.snplow.net *.pingdom.net *.woorank.com *.adobedc.net *.youtube.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com *.bolt.com *.magento-ds.com *.sharethis.com *.zdassets.com grupojulio.zendesk.com *.usizy.es usizy.com *.hotjar.io *.api.useinsider.com *.useinsider.com *.g.doubleclick.net *.crwdcntrl.net *.sandbox.paypal.com *.paypalobjects.com www.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src julio.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://www.googleadservices.com https://static.ads-twitter.com https://*.google.com https://*.google.be https://*.cloudflareinsights.com https://*.freshworks.com https://*.tiktok.com https://*.tiktokw.us https://*.zzgtech.com https://*.facebook.net https://widget.trustpilot.com https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://cdn.jsdelivr.net https://kit.fontawesome.com https://*.pinimg.com https://ct.pinterest.com 'unsafe-inline'; img-src 'self' data: https://*.zzgtech.com https://*.pinterest.com https://*.tiktok.com https://*.tiktokw.us https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://t.co https://*.google.com https://*.google.be; font-src 'self' https://*.bootstrapcdn.com https://*.sc-static.net https://*.googleapis.com https://*.gstatic.com https://*.fontawesome.com; style-src 'self' https://*.freshworks.com https://*.signalsight.io https://signalsight.io https://*.fontawesome.com https://*.bootstrapcdn.com https://*.googleapis.com 'unsafe-inline'; connect-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.freshworks.com https://*.zzgtech.com https://*.tiktok.com https://*.tiktokw.us https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://*.fontawesome.com https://*.pinterest.com https://*.google.com https://*.google.be https://analytics.twitter.com https://t.co; frame-src 'self' https://www.googleadservices.com https://widget.trustpilot.com https://www.googletagmanager.com https://*.zzgtech.com https://*.pinterest.com https://*.google.com https://*.google.be; form-action 'self'; frame-ancestors *.signalsight.io; 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ data: https://maps.gstatic.com https://credomatic.compassmerchantsolutions.com/ *.core.windows.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ https://www.facebook.com/ https://almaceneselrey.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://maps.gstatic.com https://fonts.googleapis.com/ https://credomatic.compassmerchantsolutions.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.core.windows.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://connect.facebook.net/ https://applepay.cdn-apple.com https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://maps.gstatic.com https://fonts.googleapis.com/ https://credomatic.compassmerchantsolutions.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.core.windows.net secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://credomatic.compassmerchantsolutions.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://secure.networkmerchants.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://maps.gstatic.com unsafe-inline assets.braintreegateway.com *.core.windows.net secure.nmi.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://credomatic.compassmerchantsolutions.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://www.facebook.com/ https://places.googleapis.com/ https://www.google.co.cr https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://maps.gstatic.com https://fonts.googleapis.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.core.windows.net secure.nmi.com secure.networkmerchants.com collectcheckout.com  'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://t.ushipcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.googleadservices.com https://www.youtube.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.optimizely.com https://logx.optimizely.com https://rum.optimizely.com https://eum.instana.io https://eum-red-saas.instana.io https://app-sj21.marketo.com https://544-zar-489.mktoresp.com https://munchkin.marketo.net https://js.stripe.com https://bat.bing.com https://www.bing.com https://bat.bing.net https://edge.fullstory.com https://rs.fullstory.com https://d.adroll.com https://ipv4.d.adroll.com https://s.adroll.com https://aorta.clickagy.com https://hemsync.clickagy.com https://tags.clickagy.com https://pixels.spotify.com https://file-paa.zoom.us https://log-gateway.zoom.us https://us01apizva.zoom.us https://us01campaign.zoom.us https://us01ccistatic.zoom.us https://p.yotpo.com https://staticw2.yotpo.com https://unpkg.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://vjs.zencdn.net https://static.cloudflareinsights.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://pixel.byspotify.com https://ct.pinterest.com https://d.impactradius-event.com https://d.impct.site https://fast.ssqt.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://lex.33across.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://tags.tiqcdn.com https://collect.tealiumiq.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://js.zi-scripts.com https://ws.zoominfo.com https://widget.trustpilot.com https://player.vimeo.com https://app-sj21.marketo.com https://ekr.zdassets.com https://static.zdassets.com https://ushipaibot.zendesk.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://t.ushipcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com https://p.yotpo.com https://staticw2.yotpo.com https://unpkg.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://vjs.zencdn.net https://static.cloudflareinsights.com https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://t.ushipcdn.com https://s.ushipcdn.com https://resources.awsuship.com https://d2i7mi0re7cgbq.cloudfront.net https://proof-of-delivery-prod.s3.us-east-1.amazonaws.com https://uship-legacy-resources-prod.s3.us-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.youtube.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.optimizely.com https://logx.optimizely.com https://rum.optimizely.com https://eum.instana.io https://eum-red-saas.instana.io https://bat.bing.com https://www.bing.com https://bat.bing.net https://edge.fullstory.com https://rs.fullstory.com https://d.adroll.com https://ipv4.d.adroll.com https://s.adroll.com https://aorta.clickagy.com https://hemsync.clickagy.com https://tags.clickagy.com https://p.yotpo.com https://staticw2.yotpo.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://pixel.byspotify.com https://ct.pinterest.com https://d.impactradius-event.com https://d.impct.site https://fast.ssqt.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://lex.33across.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://*.online-metrix.net https://cdn.sanity.io https://notify.bugsnag.com https://app.jazz.co https://t.vibe.co; font-src 'self' data: https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://t.ushipcdn.com https://p.yotpo.com https://staticw2.yotpo.com https://fonts.gstatic.com https://use.fontawesome.com https://unpkg.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://vjs.zencdn.net https://static.cloudflareinsights.com https://api.radar.io https://static.radar.com; connect-src 'self' https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://t.ushipcdn.com https://proof-of-delivery-prod.s3.us-east-1.amazonaws.com https://uship-legacy-resources-prod.s3.us-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.googleadservices.com https://www.youtube.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.optimizely.com https://logx.optimizely.com https://rum.optimizely.com https://eum.instana.io https://eum-red-saas.instana.io https://app-sj21.marketo.com https://544-zar-489.mktoresp.com https://munchkin.marketo.net https://bat.bing.com https://www.bing.com https://bat.bing.net https://edge.fullstory.com https://rs.fullstory.com https://d.adroll.com https://ipv4.d.adroll.com https://s.adroll.com https://aorta.clickagy.com https://hemsync.clickagy.com https://tags.clickagy.com https://pixels.spotify.com https://file-paa.zoom.us https://log-gateway.zoom.us https://us01apizva.zoom.us https://us01campaign.zoom.us https://us01ccistatic.zoom.us https://p.yotpo.com https://staticw2.yotpo.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://pixel.byspotify.com https://ct.pinterest.com https://d.impactradius-event.com https://d.impct.site https://fast.ssqt.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://lex.33across.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://tags.tiqcdn.com https://collect.tealiumiq.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://js.zi-scripts.com https://ws.zoominfo.com https://api.radar.io https://static.radar.com https://ekr.zdassets.com https://static.zdassets.com https://ushipaibot.zendesk.com; media-src 'self' data: https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud; frame-src 'self' https://www.uship.com https://api.uship.com https://api-web.uship.com https://login.uship.com https://about.uship.com https://api-reviews.uship.com https://collect.uship.com https://content.uship.com https://go.uship.com https://help.uship.com https://ship.uship.com https://static.uship.com https://tm.uship.com https://track.uship.com https://login.okta.com https://www.ushipcdn.cloud https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.optimizely.com https://logx.optimizely.com https://rum.optimizely.com https://js.stripe.com https://connect.stripe.com https://bat.bing.com https://www.bing.com https://bat.bing.net https://aorta.clickagy.com https://hemsync.clickagy.com https://tags.clickagy.com https://file-paa.zoom.us https://log-gateway.zoom.us https://us01apizva.zoom.us https://us01campaign.zoom.us https://us01ccistatic.zoom.us https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://pixel.byspotify.com https://ct.pinterest.com https://d.impactradius-event.com https://d.impct.site https://fast.ssqt.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://lex.33across.com https://insight.adsrvr.org https://js.adsrvr.org https://match.adsrvr.org https://*.online-metrix.net https://widget.trustpilot.com https://player.vimeo.com https://app-sj21.marketo.com; worker-src 'self' blob:; child-src 'self'; manifest-src 'self' https://www.ushipcdn.cloud; object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://uship.report-uri.com/r/t/csp/reportOnly; report-to csp 1
script-src 'nonce-OdkubZ-qQeQQYCx6eeQsig' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl; base-uri 'none' 1
default-src 'self' https://*.ototoy.jp; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.ototoy.jp https://bccks.jp https://cdnjs.cloudflare.com/ajax/libs/jquery.bootstrapvalidator/ https://connect.facebook.net https://platform.instagram.com https://www.instagram.com https://code.jquery.com https://scdn.line-apps.com https://d.line-scdn.net https://embed.nicovideo.jp https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://platform.vine.co https://static-fe.payments-amazon.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.ototoy.jp https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/jquery.bootstrapvalidator/ https://fonts.googleapis.com; img-src 'self' data: blob: *; font-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com; connect-src 'self' data: blob: https://*.ototoy.jp https://payments-fe.amazon.com https://api3.veritrans.co.jp https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://bandcamp.com https://m.facebook.com https://mobile.facebook.com https://web.facebook.com https://www.facebook.com https://www.instagram.com https://social-plugins.line.me https://embed.nicovideo.jp https://w.soundcloud.com https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube.com https://secure2.arcot.com https://secure4.arcot.com https://dig-acs2.cafis-paynet.jp https://dig3ds.cafis-paynet.jp https://geoissuer.cardinalcommerce.com https://acs-jcn.dnp-cdms.jp https://api.veritrans.co.jp https://*.google.com https://td.doubleclick.net; report-uri /csp-report.php?v=3 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://site-bundle.chibbis.ru; script-src-elem 'self' 'unsafe-inline' blob: data: https://widget.me-talk.ru wss://widget.me-talk.ru https://mc.yandex.ru https://mc.yandex.com https://smartcaptcha.yandexcloud.net https://api-maps.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://lcab.talk-me.ru https://checkout.cloudpayments.ru https://site-static.chibbis.ru https://site-bundle.chibbis.ru https://sentry.chibbis.ru; style-src 'self' data: 'unsafe-inline' https://site-bundle.chibbis.ru https://site-static.chibbis.ru; img-src 'self' data: https://static-featured-set-actual-production.chibbis.ru https://static-actual-production.chibbis.ru https://scdn.chibbis.ru https://static.chibbis.ru https://static.me-talk.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.by https://qr.nspk.ru https://pic.me-talk.ru https://site-static.chibbis.ru; font-src 'self' https://site-static.chibbis.ru; manifest-src 'self' https://site-static.chibbis.ru; media-src 'self' https://widget.me-talk.ru; frame-src 'self' *; connect-src 'self' https://mc.yandex.ru https://mc.yandex.com wss://mc.yandex.ru wss://mc.yandex.com https://mc.yandex.kz https://mc.yandex.by https://mc.yandex.md https://yandex.ru https://yastatic.net https://log.api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://geocode-maps.yandex.ru https://static.me-talk.ru https://lcab.talk-me.ru https://widget.me-talk.ru wss://widget.me-talk.ru https://checkout.cloudpayments.ru https://api.cloudpayments.ru https://sentry.chibbis.ru; worker-src 'self' 'unsafe-inline' blob: data: https://widget.me-talk.ru wss://widget.me-talk.ru https://mc.yandex.ru https://mc.yandex.com https://smartcaptcha.yandexcloud.net https://api-maps.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://lcab.talk-me.ru https://checkout.cloudpayments.ru https://site-static.chibbis.ru https://site-bundle.chibbis.ru https://sentry.chibbis.ru; base-uri 'self'; report-uri /health/csp; report-to default 1
frame-src 'self' td.doubleclick.net youtube.com *.youtube.com oneconnect.opendigitaleducation.com google.com www.google.com *.doubleclick.net www.googletagmanager.com; report-to /infra/monitoring/csp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' https://*.funnel.io https://funnel.io https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net 'nonce-oBYJhBElV4KhVTw8M+p5kw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hubspotusercontent-na1.net https://cdn2.hubspot.net https://*.hsappstatic.net https://www.gstatic.com https://cdnjs.cloudflare.com https://funnel.io https://lf16-tiktok-web.tiktokcdn-us.com https://sf16-website-login.neutral.ttwstatic.com https://googletagmanager.com https://tagmanager.google.com; style-src-attr 'unsafe-inline'; connect-src 'self' https://*.funnel.io https://funnel.io https://*.sentry.io https://*.convertexperiments.com/ https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com https://rs.fullstory.com https://*.fullstory.com https://edge.fullstory.com https://api.claydar.com https://collector.funnel.io https://idm-api.access.us.funnel.io https://resolver.confidence.dev https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://fk801pfnx8.execute-api.eu-west-1.amazonaws.com https://js.hsforms.net/ https://tr.snapchat.com https://tr6.snapchat.com https://bat.bing.com https://ct.pinterest.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://connect.facebook.net https://*.tiktok.com https://*.tiktokw.us https://analytics.tiktok.com https://*.byteoversea.com https://js.hs-banner.com http://hero.localhost https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com; img-src 'self' data: https:; frame-src 'self' https://collector.funnel.io https://*.hubspot.com https://*.hubspot.net https://*.hubspotvideo.com https://*.hsforms.com https://*.googletagmanager.com https://safeframe.googlesyndication.com https://www.youtube.com https://www.instagram.com https://ct.pinterest.com https://tr.snapchat.com https://www.facebook.com https://www.tiktok.com https://player.vimeo.com https://platform.twitter.com https://www.linkedin.com https://funnel.storylane.io https://www.google.com https://open.spotify.com https://app.convert.com https://*.clients6.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.funnel.io https://funnel.io https://*.hubspotusercontent-na1.net https://static.hsappstatic.net; media-src 'self' data: https://funnel.io; base-uri 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-hO4wKM8qJYlhFH2jBI31TA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' experian-nor-b2b.okta.com auth.nor.secure.experian.com *.oktacdn.com; connect-src 'self' experian-nor-b2b.okta.com experian-nor-b2b-admin.okta.com auth.nor.secure.experian.com *.oktacdn.com *.mixpanel.com *.mapbox.com experian-nor-b2b.kerberos.okta.com experian-nor-b2b.mtls.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' experian-nor-b2b.okta.com auth.nor.secure.experian.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' experian-nor-b2b.okta.com auth.nor.secure.experian.com *.oktacdn.com; frame-src 'self' experian-nor-b2b.okta.com experian-nor-b2b-admin.okta.com auth.nor.secure.experian.com login.okta.com; img-src 'self' experian-nor-b2b.okta.com auth.nor.secure.experian.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: blob:; font-src 'self' experian-nor-b2b.okta.com auth.nor.secure.experian.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-HELa6kbg-qNQ8Y0N6cojyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.paypal.com https://*.paypal.com https://*.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://tr.lfeeder.com https://*.lfeeder.com https://www.google.by https://*.google.by https://media.aheadworks.com https://*.aheadworks.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.paypal.com https://*.paypal.com https://*.paypalobjects.com https://browser.sentry-cdn.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 1
script-src 'self' 'nonce-doF+dco+FfaK+MU7u5dBviZ+voYOFcTyotY8FcyIPMY=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src  'none'; script-src 'nonce-ysKWAGf/BGrFLlfnOxbM7b5+HIu1yQTi' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.googletagmanager.com https://assets.adobedtm.com https://cdn.cookielaw.org https://swa.regiobank.nl https://www.google-analytics.com https://player.vimeo.com https://d6tizftlrpuof.cloudfront.net https://snsbank.demdex.net https://api.usabilla.com https://tagmanager.google.com https://w.usabilla.com https://connect.facebook.net https://cdn.tt.omtrdc.net static.regiobank.nl; connect-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://snsbank.tt.omtrdc.net https://stats.g.doubleclick.net https://swa.regiobank.nl https://api.usabilla.com https://dpm.demdex.net https://upload.snsbank.nl https://snsbank.sc.omtrdc.net https://*.advieskeuze.nl static.regiobank.nl; font-src 'self' data: https: https://fonts.gstatic.com; frame-src 'self' https://snsbank.demdex.net https://player.vimeo.com https://d6tizftlrpuof.cloudfront.net; img-src 'self' 'report-sample' data: https: https://googleads.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net https://px.ads.linkedin.com/collect/ https://www.facebook.com https://snsbank.demdex.net https://www.google-analytics.com https://swa.regiobank.nl https://w.usabilla.com https://i.vimeocdn.com https://www.google.nl https://www.google.com https://www.linkedin.com https://bat.bing.com https://cdn.cookielaw.org https://www.google.be https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google.co.uk https://www.googletagmanager.com https://www.google.de https://www.google.pl https://secure.adnxs.com https://www.google.fr https://www.google.es https://translate.google.com https://www.google.gr https://www.google.fi https://www.google.lu https://www.google.ik https://www.google.ru https://charting.vwdservices.com; manifest-src 'self'; media-src 'self' data:; style-src 'self' 'unsafe-inline' data: https: https://fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; object-src 'none'; worker-src blob:; frame-ancestors 'self'; base-uri 'self' https://d6tizftlrpuof.cloudfront.net; form-action 'self' https://www.solease.nl; report-uri /web/reportreceiver; 1
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=website-grader-ui/static-1.7936/html/public-en.html&cfRay=9dd9195b9e5bcc7e-IAD 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.rab.equipment magento2.docker *.intervieweb.it *.algolia.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com magento2.docker *.intervieweb.it *.rentle.io *.twitter.com *.google.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.hub-box.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.gstatic.com https://images.unsplash.com magento2.docker *.clarity.ms *.rab.equipment *.intervieweb.it *.rentle.io *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.co.uk *.paypal.com *.twitter.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.adobedtm.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://*.avln.me/t.js https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ magento2.docker *.rab.equipment *.rentle.io *.intervieweb.it *.klarnaservices.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.algolia.com *.algolia.io *.locally.com *.outtra.com *.cookiefirst.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com apis.google.com feather.rab.equipment gtm.rab.equipment gtm.mcstaging.rab.equipment *.polyfill-fastly.io polyfill-fastly.io *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.youtube.com player.vimeo.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.rab.equipment magento2.docker *.intervieweb.it *.rentle.io *.algolia.com *.outtra.com *.locally.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.cookiefirst.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment *.storyblok.com cc-cdn.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.intervieweb.it magento2.docker *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com 'self' data: *.rab.equipment *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ magento2.docker *.intervieweb.it *.rentle.io *.klarnaevt.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.io *.locally.com *.outtra.com wss://mpsnare.iesnare.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.cookiefirst.com *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com feather.rab.equipment www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.hub-box.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com cdn.plyr.io noembed.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://static.cloudflareinsights.com https://cdn-cookieyes.com https://directory.cookieyes.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://static.hsappstatic.net https://boards.eu.greenhouse.io https://job-boards.cdn.greenhouse.io https://js.qualified.com https://app.qualified.com https://snap.licdn.com https://px.ads.linkedin.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://sc.lfeeder.com https://ws.zoominfo.com https://tag.demand-genius.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.jsdelivr.net/npm/swiper@8.4.7/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://cdnjs.cloudflare.com/ajax/libs/waypoints/3.0.0/jquery.waypoints.min.js https://unpkg.com/swiper@8/swiper-bundle.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://static.addtoany.com https://app.markup.io https://weatherwidget.io/w/ https://eleos.health/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://js.hubspot.com https://www.google.com https://cdn.propensity.com https://*.cookieyes.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://static.cloudflareinsights.com https://cdn-cookieyes.com https://directory.cookieyes.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://static.hsappstatic.net https://boards.eu.greenhouse.io https://job-boards.cdn.greenhouse.io https://js.qualified.com https://app.qualified.com https://snap.licdn.com https://px.ads.linkedin.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://sc.lfeeder.com https://ws.zoominfo.com https://tag.demand-genius.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.jsdelivr.net/npm/swiper@8.4.7/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://cdnjs.cloudflare.com/ajax/libs/waypoints/3.0.0/jquery.waypoints.min.js https://unpkg.com/swiper@8/swiper-bundle.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://static.addtoany.com https://app.markup.io https://weatherwidget.io/w/ https://eleos.health/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://js.hubspot.com https://www.google.com https://cdn.propensity.com https://*.cookieyes.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://*.cookieyes.com; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://*.cookieyes.com; style-src-attr 'unsafe-inline'; img-src 'self' data: https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net https://s.w.org https://www.linkedin.com https://cdn-cookieyes.com https://forms-na1.hsforms.com https://forms.hsforms.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://secure.gravatar.com https://tr.lfeeder.com https://track.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://images.unsplash.com https://s3-spotlightr-output.b-cdn.net https://videos.cdn.spotlightr.com https://*.cookieyes.com; connect-src 'self' data: https://*.hubspot.com https://*.hsforms.com https://*.hscollectedforms.net https://api.hubapi.com https://forms.hsforms.com https://forms.hscollectedforms.net https://static.hsappstatic.net https://cdn-cookieyes.com https://directory.cookieyes.com https://log.cookieyes.com https://app.clearbit.com https://x.clearbitjs.com https://app.markup.io https://app.qualified.com wss://ws.qualified.com wss://ws5.qualified.com https://px.ads.linkedin.com https://ws.zoominfo.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://api.spotlightr.com https://analytics.propensity.com https://analytics.propensity-abm.com https://o209747.ingest.us.sentry.io https://api.demand-genius.com https://*.cookieyes.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' data: https://videos.cdn.spotlightr.com https://s3-spotlightr-output.b-cdn.net https://assets.qualified.com https://app.qualified.com; report-uri https://682f45bb819d722f2bc72340.endpoint.csper.io?builder=true&v=2; object-src 'none'; frame-src 'self' https://forms.hsforms.com https://www.youtube.com https://app.qualified.com https://job-boards.eu.greenhouse.io https://job-boards.cdn.greenhouse.io https://static.addtoany.com https://td.doubleclick.net https://videos.cdn.spotlightr.com https://www.google.com https://www.googletagmanager.com https://weatherwidget.io/w/ https://*.cookieyes.com; worker-src 'self' blob:; manifest-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src *.pharm24.gr *.skroutz.gr static.zdassets.com data:; frame-src *.pharm24.gr virtual-assistants.gr *.googletagmanager.com *.skroutz.gr *.hotjar.com *.checkout.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' 'unsafe-inline' *.pharm24.gr *.skroutz.gr *.google.com *.debugbear.com virtual-assistants.gr secure.dcomodo.net *.vc-portal.com *.skroutz.gr *.gstatic.com *.checkout.com salesmanago.com *.salesmanago.com *.saleago.com bat.bing.com *.clarity.ms *.adman.gr *.hotjar.com *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.shareaholic.net *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com cdn-cfdnp.nitrocdn.com 'unsafe-inline' 'unsafe-eval' blob: data: gap:; style-src 'self' *.googleapis.com *.pharm24.gr *.vc-portal.com *.bootstrapcdn.com cdn-cfdnp.nitrocdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com blob: data: gap:; font-src 'self' *.hotjar.com *.stats.pharm24.gr *.pharm24.gr *.vc-portal.com *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com cdn-cfdnp.nitrocdn.com data:; connect-src *.debugbear.com google.com *.checkout.com *.cookiebot.com *.zendesk.com *.saleago.com *.salesmanago.com *.salesmanago.pl *.getnitropack.com *.adman.gr *.hotjar.com *.googlesyndication.com *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.zopim.com bat.bing.com a.clarity.ms *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com wss://ws6.hotjar.com/api/v2/client/ws 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://static.contactlab.it https://ingestion.webanalytics.italia.it https://www.youtube.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://static.cineca.it; img-src 'self' data: https:; media-src 'self'; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: https://static.cineca.it; connect-src 'self' https://static.cloudflareinsights.com https://ingestion.webanalytics.italia.it https://www.youtube.com; report-uri /report-csp-violation 1
default-src 'self' blob: data: *.massport.com *.prod.acquia-sites.com ; script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.newrelic.com bam.nr-data.net *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.pointr.cloud *.bing.com *.pinimg.com *.facebook.net *.teads.tv *.aocadp.com; object-src 'self' *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.massport.com *.prod.acquia-sites.com; img-src 'self' 'unsafe-inline' *.gstatic.com *.massport.com data: *.prod.acquia-sites.com bos.resources.aocdms.com *.googleapis.com *.google.com *.bing.com *.teads.tv *.pinterest.com *.facebook.com *.facebook.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.massport.com *.prod.acquia-sites.com *.youtube-nocookie.com; frame-src 'self' *.google.com *.atlassian.net *.prod.acquia-sites.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.items.aero *.pinterest.com; child-src 'self' *.massport.com *.prod.acquia-sites.com ; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: *.massport.com *.prod.acquia-sites.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com analytics.google.com *.googleapis.com bam.nr-data.net mbta-proxy.bos.aocadp.com gtfs.bos.aocadp.com *.prod.acquia-sites.com *.nr-data.net *.pointr.cloud *.bing.com *.teads.tv *.pinterest.com; report-uri https://browser-intake-ddog-gov.com/api/v2/logs?dd-api-key=pubae3d9e4f547e5d8888b052206ca0205e&dd-evp-origin=content-security-policy&ddsource=csp-report; upgrade-insecure-requests 1
font-src fonts.gstatic.com data: likeme.com.co *.likeme.com.co maxcdn.bootstrapcdn.com s3.amazonaws.com *.fontawesome.com *.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com gum.criteo.com likeme.com.co *.likeme.com.co *.criteo.com fledge.criteo.com app.zinrelo.com www.youtube.com *.addi.com td.doubleclick.net *.mercadolibre.com *.blob.core.windows.net/* *.mercadopago.com *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://ibang-webviews.ibang.ai https://app.zinrelo.com https://vars.hotjar.com https://static.criteo.net http://static.criteo.net https://td.doubleclick.net https://fledge.us.criteo.com https://fledge.eu.criteo.com 'self' 'unsafe-inline'; img-src https://assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.likeme.com.co *.cloudfront.net www.google.cl www.google.com.uy www.google.com.ar www.google.com.co dis.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com d1qbqkkh49kht1.cloudfront.net zinrelo-notification-images.s3.amazonaws.com *.addi.com *.clarity.ms *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: https://ibangblob.blob.core.windows.net www.mercadolivre.com http://imgmp.mlstatic.com https://cdn.stickyadstv.com https://www.google.com.ar https://www.mercadopago.com.co http://img.mlstatic.com https://pixel.rubiconproject.com https://likeme.com.co https://*.g.doubleclick.net https://*.smartadserver.com https://*.cloudfront.net https://sync.outbrain.com https://contextual.media.net https://ad.360yield.com https://r.casalemedia.com https://cm.adform.net https://x.bidswitch.net https://match.sharethrough.com https://ads.stickyadstv.com https://exchange.mediavine.com https://sync-t1.taboola.com https://sync-criteo.ads.yieldmo.com https://c.bing.com https://e1.emxdgt.com https://s.ad.smaato.net https://i.liadm.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://secure.adnxs.com https://ib.adnxs.com https://sp.analytics.yahoo.com https://dis.criteo.com https://i6.liadm.com https://simage2.pubmatic.com https://eb2.3lift.com https://jadserve.postrelease.com https://www.google.com.co https://criteo-sync.teads.tv https://tg.socdm.com https://visitor.omnitagjs.com https://gum.criteo.com https://matching.ivitrack.com https://trends.revcontent.com https://ade.clmbtech.com https://idsync.rlcdn.com https://tags.bluekai.com https://s3.amazonaws.com https://criteo-partners.tremorhub.com https://hb.yahoo.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com dynamic.c static.criteo.net dynamic.criteo.com sslwidget.criteo.com fast.amc.demdex.net widget.eu.criteo.com likeme.com.co *.likeme.com.co *.cloudfront.net *.zinrelo.com cdnjs.cloudflare.com www.googleoptimize.com www.clarity.ms analytics.tiktok.com *.embluemail.com s3.amazonaws.com cdn.addi.com www.youtube.com static.doubleclick.net www.google.com ajax.googleapis.com connect.nosto.com *.taboola.com *.hotjar.com *.mlstatic.com *.mercadopago.com *.google.com https://maps.googleapis.com *.blob.core.windows.net/* www.facebook.com graph.facebook.com business.facebook.com *.gstatic.com https://www.google.com https://cdn.zinrelo.com http://cdn.zinrelo.com https://www.wheelofpopups.com https://*.cloudfront.net https://app.zinrelo.com https://www.googleoptimize.com https://cdn.embluemail.com https://widgets-static.embluemail.com https://script.hotjar.com https://static.hotjar.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.mailmunch.com https://widgets-api.embluemail.com https://analytics.tiktok.com https://www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co likeme.com.co *.likeme.com.co use.fontawesome.com *.cloudfront.net maxcdn.bootstrapcdn.com www.youtube.com *.fontawesome.com *.mercadopago.com *.mlstatic.com *.googleapis.com *.gstatic.com https://trazosvisuales.com https://trazosvisuales.info https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.comapi.com bam.nr-data.net likeme.com.co *.likeme.com.co maxcdn.bootstrapcdn.com gum.criteo.com s.clarity.ms app.zinrelo.com www.youtube.com channels-public-api.addi.com www.google.cl www.google.com.uy www.google.com.ar www.google.com.co *.google.com *.clarity.ms mug.criteo.com connect.nosto.com googleads.g.doubleclick.net jnn-pa.googleapis.com *.mercadopago.com *.mercadolibre.com *.sistecredito.com/* *.blob.core.windows.net/* *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://trazosvisuales.info https://maxcdn.bootstrapcdn.com https://trazosvisuales.com https://measurement-api.criteo.com/ https://analytics.tiktok.com/ https://v.clarity.ms https://pagead2.googlesyndication.com/ https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net s.clarity.ms *.google.com www.google-analytics.com analytics.tiktok.com likeme.com.co *.likeme.com.co *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.thomascook.in https://*.sotc.in; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.curator.io *.elfsight.com *.hotjar.com *.facebook.net *.cloudfront.net *.micpn.com *.searchstax.com *.wisepops.com wisepops.com *.wisepops.net wisepops.net *.sentry-cdn.com *.thehotelsnetwork.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.fonts.net *.myfonts.net *.doubleclick.net *.curator.io; img-src 'self' data: blob: *.google.co.uk *.facebook.com *.doubleclick.net *.google-analytics.com *.micpn.com *.googleapis.com *.gstatic.com *.cloudfront.net *.curator.io *.tripadvisor.com; connect-src 'self' *.bing.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.micpn.com *.facebook.com *.mapbox.com *.curator.io *.wisepops.net *.wisepops.com wisepops.net wisepops.com *.thehotelsnetwork.com; font-src 'self' data: *.fonts.net *.myfonts.net *.gstatic.com; worker-src 'self' blob:; child-src 'self' blob: *.google.com *.googleapis.com *.googletagmanager.com *.doubleclick.net; frame-src 'self' *.google.com *.doubleclick.net *.facebook.com; media-src 'self'; object-src 'none'; base-uri 'self'; report-uri https://3chillies.report-uri.com/r/d/csp/reportOnly; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://api.systempay.fr/static/ https://applepay.cdn-apple.com *.fontawesome.com https://cdnjs.cloudflare.com applepay.cdn-apple.com *.gstatic.com 'self' data: *.avis-verifies.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ https://plumrocket.com *.facebook.com *.facebook.net *.sutunam.info 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ www.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ *.payplug.com *.dalenys.com https://applepay.cdn-apple.com https://www.googletagmanager.com/ https://plumrocket.com *.facebook.com *.facebook.net hcaptcha.com *.hcaptcha.com api-qa.payplug.com secure-qa.payplug.com https://accounts.google.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ *.openstreetmap.fr unpkg.com *.openstreetmap.org https://secure-magenta.dalenys.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.facebook.com *.facebook.net *.hsforms.net *.hsforms.com 'self' data: *.avis-verifies.com *.sutunam.info cdn-cookieyes.com placehold.co *.google.fr data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ unpkg.com/leaflet@1.9.4/dist/leaflet.js https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js *.facebook.com *.facebook.net *.avada.io https://cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com applepay.cdn-apple.com https://cdn-qa.payplug.com https://accounts.google.com https://www.gstatic.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.skeepers.io *.avis-verifies.com cdn-cookieyes.com *.hotjar.com *.payplug.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com https://api.systempay.fr/static/ unpkg.com/leaflet@1.9.4/dist/leaflet.css https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com https://accounts.google.com https://www.gstatic.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.getalma.eu *.almapay.com https://maps.googleapis.com https://player.vimeo.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io hcaptcha.com *.hcaptcha.com https://accounts.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.skeepers.io/ *.netreviews.eu api-adresse.data.gouv.fr cdn-cookieyes.com *.cookieyes.com *.google.com google.com *.hotjar.io *.jsdelivr.net unpkg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.searchanise.com *.searchserverapi.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.searchanise.com *.searchserverapi.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pagar.me searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.pagar.me https://viacep.com.br https://www.viacep.com.br api.amplitude.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vHNB8Inu0lhO6VabsARlWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hubspotusercontent.com https://*.hubspotusercontent-eu1.net https://js.hs-analytics.net https://js.hsforms.net https://api.hsforms.com https://api.hubapi.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hs-web-analytics.net https://static.hsappstatic.net https://cdn2.hubspot.net https://cdn.hubspot.com https://*.cloudfront.net https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://www.youtube.com; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-src 'self' https: data:; connect-src 'self' https: wss: https://www.tayyarijeetki.in; media-src 'self' https: data: blob:; worker-src 'self' https: blob:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self' https://*.hubspot.com; 1
script-src 'none'; script-src-elem 'none'; script-src-attr 'none'; report-uri https://csp-report.apptrana.com/csp/report/11447 1
script-src 'self' 'unsafe-eval' assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com https://www.skynettechnologies.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' answers-embed.cooper.edu.pagescdn.com buttons-config.sharethis.com cdn.unibuddy.co chimpstatic.com mx.technolutions.net traffic-drivers.unibuddy.co www.google-analytics.com www.googletagmanager.com www.youvisit.com www.youtube.com cooper.us10.list-manage.com s3.amazonaws.com t.sharethis.com js-agent.newrelic.com www.skynettechnologies.com assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com https://www.skynettechnologies.com; style-src 'self' fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn-images.mailchimp.com fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; frame-ancestors 'self' cooper.edu; report-uri https://cooper.report-uri.com/r/d/csp/wizard 1
default-src 'self' data: *.wroclaw.pl *.cookiebot.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.facebook.com *.fbcdn.net *.googleusercontent.com fonts.gstatic.com https://unpkg.com *.curator.io https://curator-assets.b-cdn.net *.amazonaws.com https://api.mapbox.com https://callme360.com *.doubleclick.net https://cdn.jsdelivr.net *.googlesyndication.com *.openstreetmap.org *.cloudflare.com https://cdn.gravitec.net *.crazyegg.com *.gemius.pl *.criteo.com *.criteo.net *.optad360.net *.google.pl *.cloudflareinsights.com *.clarity.ms *.newrelic.com *.gravitec.media *.crwdcntrl.net *.openxcdn.net *.nr-data.net *.optad360-video.com optad360-video.com *.adtrafficquality.google *.googleadservices.com *.2mdn.net *.facebook.net *.slideshare.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.wroclaw.pl *.googleapis.com *.cookiebot.com *.google.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net https://unpkg.com *.juicer.io *.curator.io https://api.mapbox.com *.jsdelivr.net *.cloudflare.com *.highcharts.com *.statsforads.com *.optad360.io *.doubleclick.net https://callme360.com *.gstatic.com https://cdn.gravitec.net *.crazyegg.com *.gemius.pl *.criteo.com *.criteo.net *.cloudflareinsights.com *.clarity.ms *.newrelic.com *.gravitec.media *.crwdcntrl.net *.openxcdn.net *.nr-data.net *.adtrafficquality.google *.googleadservices.com *.googlesyndication.com *.2mdn.net; style-src 'self' 'unsafe-inline' *.wroclaw.pl *.googleapis.com *.google.com https://unpkg.com *.curator.io https://api.mapbox.com https://callme360.com *.cloudflare.com *.jsdelivr.net https://cdn.jsdelivr.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-JhxnB2av3c7gzlN4h8r3kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self';img-src 'self' data: https://pixel.wp.com  http://esc.vn  https://secure.trust-provider.com  https://www.facebook.com  https://www.google.com.vn  https://www.google.com.my  https://c.clarity.ms  https://www.googletagmanager.com  https://en.wordpress.com  https://www.google.com.sg  https://www.gstatic.com  https://www.google.com.kh  https://fonts.gstatic.com  https://vietit.vn  https://www.google.be  https://vnnic.vn  https://www.google.de  https://www.google.com.tw  https://www.google.nl  https://stats.g.doubleclick.net  https://i-sohoa.vnecdn.net  https://smarttrain.edu.vn  https://www.google.bs  https://www.google.co.jp  https://encrypted-tbn0.gstatic.com  https://cafefcdn.com  https://www.google.com.au  https://image.thanhnien.vn  https://c.bing.com  https://www.google.com.et  https://www.google.co.za  https://png.pngtree.com  https://www.paypalobjects.com  https://t.paypal.com  https://www.google.com.hk  https://www.google.com.pk  https://i.ytimg.com  https://translate.google.com  https://ws.com.vn  https://www.google.co.zw  https://cdn.24h.com.vn  https://woocommerce.com  https://updates.themepunch-ext-b.tools  https://www.google.co.uk  https://storage.googleapis.com  https://s3.envato.com  https://really-simple-ssl.com  https://anhsangvacuocsong.vn  https://vneconomy.mediacdn.vn  https://www.google.at  https://www.google.la  https://www.google.co.kr  https://www.google.com.tr  https://www.google.ch  https://www.google.com.ph  https://www.google.no  https://www.google.com.ng  https://www.google.com.br  https://www.google.co.in  https://googleads.g.doubleclick.net  https://www.google.ie  https://baovemoitruong.org.vn  https://tenmien.vn  https://adservice.google.com  https://www.google.cz  https://new.esc.vn  blob:  https://www.google.fr  https://www.google.ru  https://static-images.vnncdn.net  https://www.google.se  https://www.google.hu  https://translate.googleapis.com  https://vtv1.mediacdn.vn  https://pos.baidu.com  file  https://www.google.ca  https://www.google.co.uz  https://www.google.ae  https://www.google.al  https://d5nxst8fruw4z.cloudfront.net  https://www.google.iq  https://www.google.co.id  https://ictvietnam.mediacdn.vn  https://www.activesearchresults.com  https://www.google-analytics.com  https://www.google.co.ma  https://www.google.pl  https://cafebiz.cafebizcdn.vn  https://www.google.fi  https://www.google.dk  https://www.google.com.mm  https://connect.facebook.net  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://stats.wp.com  https://yoast.com  https://secure.trust-provider.com  https://s0.wp.com  https://www.googletagmanager.com  https://connect.facebook.net  https://www.clarity.ms  https://cdnjs.cloudflare.com  https://maps.googleapis.com  https://www.portotheme.com  https://translate.google.com  https://widgets.wp.com  https://www.paypal.com  https://translate.googleapis.com  blob:  https://www.youtube.com  https://translate-pa.googleapis.com  https://infirc.com  https://d31qbv1cthcecs.cloudfront.net  http://code.jquery.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com  https://cdn.mxpnl.com  https://player.vimeo.com  https://googleads.g.doubleclick.net  http://ajax.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.onesignal.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://stats.wp.com  https://yoast.com  https://secure.trust-provider.com  https://s0.wp.com  https://www.googletagmanager.com  https://connect.facebook.net  https://www.clarity.ms  https://cdnjs.cloudflare.com  https://maps.googleapis.com  https://www.portotheme.com  https://translate.google.com  https://widgets.wp.com  https://www.paypal.com  https://translate.googleapis.com  blob:  https://www.youtube.com  https://translate-pa.googleapis.com  https://infirc.com  https://d31qbv1cthcecs.cloudfront.net  http://code.jquery.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com  https://cdn.mxpnl.com  https://player.vimeo.com  https://googleads.g.doubleclick.net  http://ajax.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.onesignal.com ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://s0.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://www.gstatic.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://netdna.bootstrapcdn.com ; style-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://s0.wp.com  https://gc.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://www.gstatic.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://netdna.bootstrapcdn.com ; font-src 'self' https://fonts.gstatic.com  https://use.fontawesome.com  https://s0.wp.com  https://s1.wp.com  chrome-extension  http://fonts.gstatic.com  null  data:; frame-src 'self' https://widgets.wp.com  https://wordpress.com  https://www.facebook.com  https://m.facebook.com  https://www.youtube.com  https://td.doubleclick.net  https://maps.google.com  https://web.facebook.com  https://www.google.com  null  https://www.paypal.com  https://mozbar.moz.com  https://app.stylar.com  https://www.youtube-nocookie.com  data:  https://www.googletagmanager.com  wvjbscheme://__wvjb_queue_message__  https://auth.ztsa-iag-int.trendmicro.com  https://gateway.zscalerthree.net  blob:; connect-src 'self' https://f.clarity.ms  https://analytics.google.com  https://o.clarity.ms  https://adservice.google.com  https://q.clarity.ms  https://stats.g.doubleclick.net  https://t.clarity.ms  https://translate.googleapis.com  https://w.clarity.ms  https://maps.googleapis.com  https://r.clarity.ms  https://z.clarity.ms  https://x.clarity.ms  https://www.google.com.vn  https://l.clarity.ms  https://e.clarity.ms  https://www.googleadservices.com  https://u.clarity.ms  https://p.clarity.ms  https://h.clarity.ms  https://s.clarity.ms  https://v.clarity.ms  https://www.facebook.com  https://b.clarity.ms  https://i.clarity.ms  https://www.google.com.hk  https://d.clarity.ms  https://a.clarity.ms  https://region1.analytics.google.com  https://m.clarity.ms  https://www.clarity.ms  https://www.google-analytics.com  https://www.google.com.sg  https://j.clarity.ms  https://www.google.com.kh  https://yoast.com  wss://gc.kis.v2.scr.kaspersky-labs.com  https://y.clarity.ms  https://infragrid.v.network  https://www.google.de  https://www.google.com.au  https://www.paypal.com  https://widgets.wp.com  https://overbridgenet.com  https://k.clarity.ms  properties  https://n.clarity.ms  https://www.google.co.jp  https://gc.kis.v2.scr.kaspersky-labs.com  https://api-js.mixpanel.com  https://me.kis.v2.scr.kaspersky-labs.com  https://woocommerce.com  https://www.google.co.uk  http://localhost  https://www.google.com.ph  https://www.google.co.kr  https://www.google.com.tw  data:  https://www.google.fr  https://www.google.ru  wss://me.kis.v2.scr.kaspersky-labs.com  https://translate-pa.googleapis.com  https://api.blocksly.org  http://ad.doubleclick.net  https://www.google.co.id  https://www.google.ca  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google.co.ma  https://www.google.se  https://www.google.co.in  wss://ff.kis.v2.scr.kaspersky-labs.com  ws://localhost;  media-src 'self' https://sw-themes.com  data:  https://updates.themepunch-ext-b.tools;  worker-src 'self' blob:;  report-uri https://esc.vn/wp-json/rsssl/v1/csp?rsssl_apitoken=293818460; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-d7074aeaf1224e15b29e5b427ecac677' https://portal.mydh.org 'self';img-src https://* 'self' blob: data:;style-src https://portal.mydh.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
script-src 'nonce-vUzJ6N8qPsKLGyUa6GcF6xkUQLQ6xRmm' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self' disqo.okta.com *.oktacdn.com; connect-src 'self' disqo.okta.com disqo-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com disqo.kerberos.okta.com disqo.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-XEjzQ-GknA05U0tQyRiDNA' 'unsafe-eval' 'self' 'report-sample' disqo.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-XEjzQ-GknA05U0tQyRiDNA' 'self' 'report-sample' disqo.okta.com *.oktacdn.com; frame-src 'self' disqo.okta.com disqo-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' disqo.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' disqo.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.disqotech.com 1
default-src 'self'; script-src 'self' 'nonce-jgHU1eGcpPUhTzQAVgj60w==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.zweisam.de *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.zweisam.de; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; script-src 'self' https://code.jquery.com https://www.googletagmanager.com https://pxl-csumbedu.terminalfour.net https://static.hotjar.com https://script.hotjar.com https://cbe.capturehighered.net https://s.adroll.com https://d.adroll.com https://www.google.com https://cse.google.com https://www.gstatic.com https://siteimproveanalytics.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://pxl-csumbedu.terminalfour.net https://www.google.com https://www.csuci.edu 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://pxl-csumbedu.terminalfour.net data:; img-src 'self' https://www.csuci.edu https://pxl-csumbedu.terminalfour.net https://40230.global.siteimproveanalytics.io data:; media-src 'self' https://player.vimeo.com https://vimeocdn.com https://download-video-ak.vimeocdn.com; connect-src 'self' https://region1.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io; frame-src 'self' https://www.google.com; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.se https://www.googletagmanager.com https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://www.google.com https://storage.googleapis.com https://www.recaptcha.net https://relay.prod.nntech.io https://api-poc.prod.nntech.io; font-src 'self' https://cdn.prod.nntech.io https://files.nordnet.se; frame-src 'self' https://analytics.nordnet.se https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://www.google.com https://t.email.nordnet.se https://dashboard.fundrella.com; img-src 'self' https://www.googletagmanager.com https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se https://api.prod.nntech.io data: blob: https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://blogg.nordnet.se; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://files.nordnet.se https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'nonce-0c7c91d0-ba1d-409a-8e59-3df835af3d87' https://analytics.nordnet.se https://cdn.prod.nntech.io https://files.nordnet.se https://www.recaptcha.net https://www.google.com; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://files.nordnet.se; worker-src 'none'; base-uri 'none'; form-action 'self' https://pvu.nets.no https://pvu.avtalegiro.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi https://kirjaudu.aktia.fi https://ebank.aktia.fi; frame-ancestors 'self' https://app.contentful.com https://app.sigmastocks.com; 1
default-src 'self' data:; frame-ancestors *.weirdfish.co.uk *.adyen.com *.amazon.com *.paypal.com *.google.com *.exponea.com *.monetate.net; connect-src * data:; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; 1
frame-ancestors 'self' https://www.lbma.org.uk; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com *.clickdimensions.com https://prices.lbma.org.uk/precious-metal-prices/js/app.js https://prices.lbma.org.uk/precious-metal-prices/js/chunk-vendors.js player.vimeo.com https://cdn.jsdelivr.net/npm/fuse.js@6.4.3 https://code.jquery.com/jquery-3.5.1.min.js *.cookiebot.com https://34izj6oc0dlymb5gp-1.a1.typesense.net/multi_search?x-typesense-api-key=y1IXs7qGDfspINU7Kg8j2qMClmtP1qLy https://lbma.ddev.site:3001; style-src 'self' 'unsafe-inline' *.typekit.net https://p.typekit.net *.lbma.org.uk https://code.highcharts.com/css/highcharts.css *.googleapis.com https://cdn.jsdelivr.net/npm/instantsearch.css@8.5.1/themes/satellite-min.css https://lbma.ddev.site:3001; worker-src 'self' blob:; img-src 'self' data: cdn.lbma.org.uk *.ads.linkedin.com *.doubleclick.net *.vod-progressive.akamaized.net  *.googletagmanager.com lbma.ams3.digitaloceanspaces.com i.vimeocdn.com *.cookiebot.com; media-src 'self' *.vimeo.com *.youtube.com  *.vod-progressive.akamaized.net *.lbma.org.uk; connect-src 'self' *.google-analytics.com px.ads.linkedin.com *.lbma.org.uk *.lpmcl.com *.crazyegg.com *.cookiebot.com 34izj6oc0dlymb5gp-1.a1.typesense.net; frame-src 'self' *.vimeo.com *.youtube.com *.doubleclick.net https://www.google.com/ cdn.lbma.org.uk https://cdn.knightlab.com *.cookiebot.com; font-src 'self' use.typekit.net fonts.gstatic.com prices.lbma.org.uk; 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com * *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io https://*.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-6X2qPOAVP82njqcJdJboAg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yzDp1QEnJOCGdSVbrow_1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://d3e54v103j8qbb.cloudfront.net https://api.google.com https://*.clarity.ms https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.redditstatic.com https://cdn.tailwindcss.com https://*.sentry.io https://js.stripe.com; style-src 'self' 'unsafe-inline' https://unpkg.com; img-src 'self' blob: data: https://*.clarity.ms https://c.bing.com https://cdn.prod.website-files.com https://js.intercomcdn.com https://static.intercomassets.com https://static.intercomassets.eu https://static.au.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://www.redditstatic.com https://alb.reddit.com https://ui-avatars.com; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com https://unpkg.com; connect-src 'self' https://*.clarity.ms https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://alb.reddit.com https://pixel-config.reddit.com https://*.ingest.sentry.io https://api.stripe.com; media-src 'self' https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; frame-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.googletagmanager.com https://js.stripe.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-ancestors 'self'; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.marvimundo.es *.marvimundo.com *.asesorcoloracion.es *.asesordecuidado.es *.diadermine.es *.ekomi.es *.jebbit.com *.reskyt.com *.cookiebot.com *.facebook.com *.doubleclick.net *.sequrapi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com www.xtento.com js.monei.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com *.ggpht blob: *.marvimundo.com *.ekomiapps.de cdn.doofinder.com *.clarity.ms *.rawgit.com *.jsdelivr.net *.doubleclick.net *.connectif.cloud *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.nr-data.net *.facebook.net *.bing.com *.googlesyndication.com blob: *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.facebook.com *.clarity.ms *.doofinder.com *.connectif.cloud *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com maps.googleapis.com www.xtento.com cdn.xtento.com js.monei.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.ekomiapps.de *.doofinder.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.nr-data.net *.cookiebot.com *.googlesyndication.com *.bing.com *.marvimundo.com *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.doofinder.com wss://*.doofinder.com *.clarity.ms *.connectif.cloud *.facebook.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com eu1-search.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com api.monei.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wzFuxDKV_LTKPoGub2UPfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv7%3F2(d1g3%7C-19cf9528f45-0x1603#pd 1
default-src https://*.s4c.cymru https://s4c.cymru; img-src 'self' data: https://*.s4c.cymru https://s4c.cymru https://cdn-cookieyes.com https://i.ytimg.com https://*.google.com/cse https://clients1.google.com https://*.gstatic.com; font-src 'self' data: https://*.s4c.cymru https://s4c.cymru https://fonts.gstatic.com https://cloud.typography.com; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://*.googletagmanager.com https://*.google.com/cse https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cloud.typography.com https://*.s4c.cymru https://s4c.cymru https://*.google.com/cse; connect-src https://*.s4c.cymru https://s4c.cymru https://cdn-cookieyes.com https://log.cookieyes.com https://*.google-analytics.com; object-src 'none'; frame-ancestors 'none'; frame-src 'self' https:; report-uri https://csp.s4c.cymru/report; report-to csp-endpoint; 1
default-src 'none'; connect-src 'self' https://*.icfcdn.com https://www.google.com https://cdn.plyr.io https://*.gstatic.com; script-src 'nonce-54f8985e38dfcf763448ccd809acf8282a7facae92a25bc84aefeb09c3e22bf5' 'strict-dynamic' 'report-sample' 'self' https://*.icfcdn.com https://www.google.com https://www.gstatic.com https://*.googleapis.com; style-src 'self' 'nonce-54f8985e38dfcf763448ccd809acf8282a7facae92a25bc84aefeb09c3e22bf5' 'report-sample' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; style-src-attr 'unsafe-inline' 'report-sample'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' blob: https://*.gstatic.com https://*.nsimg.net https://*.icfcdn.com; media-src 'self' data: https://cdn.plyr.io https://*.nsimg.net https://live.metamediafonts.com; frame-src https:; frame-ancestors 'self'; base-uri 'self'; report-to report-only; report-uri /reporting/cspReport?reportOnly 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-90d8121cb0e246f89ea8c174a928c778' https://www.maisa.fi 'self' https://apomato.maisa.fi/matomo/matomo.js;img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://apomato.maisa.fi/matomo/matomo.js https://apomato.maisa.fi/matomo/matomo.php;style-src https://www.maisa.fi 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self' https://testi.apro.tunnistus.fi https://tunnistautuminen.suomi.fi https://www.terveyskyla.fi;media-src https://* 'self' blob:; 1
base-uri 'self'; connect-src 'self' wss://localhost:9500 https://matomo-web.chuv.ch https://prompts.maze.co https://*.infomaniak.cloud https://*.axept.io https://*.facil-iti.app; default-src 'self'; font-src 'self' data: https://localhost:9500 https://fonts.gstatic.com; frame-ancestors 'self' https://*.chuv.ch; frame-src 'self' https://www.medigo.ch https://pro.medigo.ch https://player.vimeo.com https://www.youtube-nocookie.com https://challenges.cloudflare.com https://*.facil-iti.app; img-src 'self' data: https://*.infomaniak.cloud https://fonts.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://favicons.axept.io https://axeptio.imgix.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' inline 'unsafe-eval' https://challenges.cloudflare.com https://cdn.facil-iti.app https://matomo-web.chuv.ch https://snippet.maze.co https://challenges.cloudflare.com https://*.axept.io; script-src-attr 'self' 'unsafe-inline' inline; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:9500 https://cdn.facil-iti.app https://matomo-web.chuv.ch https://snippet.maze.co https://challenges.cloudflare.com https://*.axept.io https://www.youtube.com https://connect.facebook.net; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; worker-src 'none'; report-uri /CspReportLogger.php 1
object-src 'none';base-uri 'self';script-src 'nonce-oex8QEGJChORYHfeyN2xNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
font-src fonts.gstatic.com *.kueskipay.com *.gstatic.com *.zotabox.com https://*.tawk.to *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.kueskipay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com https://hotjar.com https://fast.amc.demdex.net https://secure.authorize.net https://static.addtoany.com https://www.googletagmanager.com https://td.doubleclick.net https://*.creativecdn.com https://*.mercadopago.com https://*.mercadopago.com.mx *.mercadolibre.com *.google.com/ *.sandbox.paypal.com *.paypalobjects.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.google.com *.google.com.mx *.facebook.com *.zotabox.com *.mercadolibre.com *.mercadolivre.com *.swagger.io *.akamai.net *.dico.com.mx https://bat.bing.com https://*.tawk.to https://www.googletagmanager.com https://*.mercadopago.com.mx *.mlstatic.com *.mercadopago.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.sandbox.paypal.com *.paypalobjects.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com https://connect.facebook.net graph.facebook.com https://business.facebook.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.addtoany.com https://*.hotjar.com https://*.zotabox.com *.facebook.net *.tawk.to *.mailchimp.com *.pinterest.com *.tumblr.com *.tumblr.cb1 *.doubleclick.net https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://graph.facebook.com https://*.kueskipay.com https://*.doubleclick.net https://*.tawk.to https://*.hotjar.io https://*.mercadolibre.com https://*.google-analytics.com https://*.hsforms.com https://*.dico.com.mx *.google.com https://*.mercadopago.com https://*.sandbox.paypal.com *.paypalobjects.com https://t.elasticsuite.io https://*.hsforms.net https://*.creativecdn.com https://bat.bing.com https://analytics.tiktok.com https://www.googleoptimize.com *.mlstatic.com *.mercadopago.com *.sandbox.paypal.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline downloads.mailchimp.com https://static.klaviyo.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.googleapis.com *.tawk.to *.fontawesome.com *.addtoany.com maxcdn.bootstrapcdn.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com https://connect.facebook.net graph.facebook.com https://business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.doubleclick.net https://dpm.demdex.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://graph.facebook.com https://*.kueskipay.com https://*.doubleclick.net https://*.tawk.to https://*.hotjar.com https://*.hotjar.io https://*.zotabox.com https://*.mercadolibre.com *.google-analytics.com https://*.hsforms.com https://*.dico.com.mx https://*.google.com https://*.mercadopago.com https://*.sandbox.paypal.com *.paypalobjects.com t.elasticsuite.io https://*.hsforms.net wss://*.tawk.to https://*.creativecdn.com https://analytics.tiktok.com https://google.com *.mercadopago.com *.mercadolibre.com http://dpm.demdex.net *.sandbox.paypal.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-NYg4pp_GBLyUKUCcqO-k6g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-AXwRBYpNbjLyg0j4L-uvvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://use.typekit.net     https://cdn.jsdelivr.net     https://www.googletagmanager.com     https://www.google-analytics.com     https://b.6sc.co     https://j.6sc.co     https://ajax.googleapis.com     https://js.navattic.com     https://cdn.cookielaw.org     https://static.ads-twitter.com     https://unpkg.com     https://js.hsforms.net     https://js.hs-scripts.com     https://js.hs-banner.com     https://js.hs-analytics.net     https://js.hsadspixel.net     https://js.hubspot.com     https://snap.licdn.com     https://www.google.com     https://www.gstatic.com     https://googleads.g.doubleclick.net     https://boards.greenhouse.io     https://fireblocks.chilipiper.com     https://tracking.g2crowd.com     https://cdnjs.cloudflare.com     https://fast.wistia.com     https://fast.wistia.net     https://browser.sentry-cdn.com     https://d3js.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     https://use.typekit.net     https://cdn.jsdelivr.net     https://www.googletagmanager.com     https://www.google-analytics.com     https://b.6sc.co     https://j.6sc.co     https://ajax.googleapis.com     https://js.navattic.com     https://cdn.cookielaw.org     https://static.ads-twitter.com     https://unpkg.com     https://js.hsforms.net     https://js.hs-scripts.com     https://js.hs-banner.com     https://js.hs-analytics.net     https://js.hsadspixel.net     https://js.hubspot.com     https://snap.licdn.com     https://www.google.com     https://www.gstatic.com     https://googleads.g.doubleclick.net     https://boards.greenhouse.io     https://fireblocks.chilipiper.com     https://tracking.g2crowd.com     https://cdnjs.cloudflare.com     https://fast.wistia.com     https://fast.wistia.net     https://browser.sentry-cdn.com     https://d3js.org; style-src 'self' 'unsafe-inline'     https://fonts.googleapis.com     https://use.typekit.net     https://p.typekit.net     https://cdn.cookielaw.org     https://code.jquery.com; img-src 'self' data: https:     https://www.google-analytics.com; font-src 'self' data:     https://fonts.gstatic.com     https://use.typekit.net     https://p.typekit.net     https://fast.wistia.com     https://fast.wistia.net; connect-src 'self'     https://www.google-analytics.com     https://b.6sc.co     https://c.6sc.co     https://ipv6.6sc.co     https://analytics.google.com     https://www.google.com     https://cdn.cookielaw.org     https://forms.hsforms.com     https://api.hubapi.com     https://cta-service-cms2.hubspot.com     https://px.ads.linkedin.com     https://tracking-api.g2.com     https://stats.g.doubleclick.net     https://fast.wistia.com     https://fast.wistia.net     https://embed-cloudfront.wistia.com     https://distillery.wistia.com     https://pipedream.wistia.com     https://cdn.jsdelivr.net     wss:; frame-src 'self'     https://www.youtube.com     https://fast.wistia.net     https://forms.hsforms.com     https://app.hubspot.com     https://www.googletagmanager.com     https://td.doubleclick.net     https://fireblocks.chilipiper.com     https://www.google.com     https://capture.navattic.com     https://job-boards.greenhouse.io     https://lottie.host; media-src 'self' blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com; upgrade-insecure-requests; 1
object-src 'none';base-uri 'self';script-src 'nonce-6OLuZGKAM6tP4oucPjFfzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'https://checkout.shopflo.co' https://js.boxx.ai https://p.cquotient.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://www.googletagmanager.com https://cdn.cquotient.com https://code.jquery.com https://*.gokwik.co https://*.netcoresmartech.com https://*.shopflo.com https://swopstore.com 'unsafe-inline' 'unsafe-eval';  script-src-elem 'self' https://checkout.shopflo.co https://js.boxx.ai https://p.cquotient.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://www.googletagmanager.com https://cdn.cquotient.com https://code.jquery.com https://*.gokwik.co https://*.netcoresmartech.com https://*.shopflo.com https://swopstore.com 'unsafe-inline'; style-src 'self' https://unpkg.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://www.facebook.com https://www.google.com https://www.google-analytics.com https://*.shopflo.com https://*.gokwik.co https://d1pdzcnm6xgxlz.cloudfront.net https://*.salesforce.com data:; connect-src 'self' https://checkout.shopflo.co https://api.shopflo.co https://loki.boxx.ai https://wdc.netcoresmartech.com https://p.cquotient.com https://www.google-analytics.com https://*.shopflo.com https://*.gokwik.co https://*.netcoresmartech.com https://d1pdzcnm6xgxlz.cloudfront.net https://swopstore.com https://*.facebook.com https://*.facebook.net; font-src 'self' https://unpkg.com https://fonts.gstatic.com data:; manifest-src 'self' https://checkout.shopflo.co https://wdc.netcoresmartech.com; media-src 'self' https://*.shopflo.com https://*.gokwik.co https://*.netcoresmartech.com https://d1pdzcnm6xgxlz.cloudfront.net https://swopstore.com; frame-src 'self' https://*.shopflo.com https://*.gokwik.co https://*.netcoresmartech.com https://d1pdzcnm6xgxlz.cloudfront.net https://swopstore.com; report-uri /on/demandware.store/Sites-MIRAI-Site/default/CSP-Report; 1
object-src 'none';base-uri 'self';script-src 'nonce-TrhQvCAXFTIsKYdiZZwkBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2QkFTo6ktK5Q6oNvcFYzTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.alothemes.com *.magepow.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://cdn.attn.tv https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com downloads.mailchimp.com assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' *.artfut.com *.bootstrapcdn.com *.clarity.ms *.cloudfront.net *.criteo.com *.facebook.com *.fullstory.com *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.jsdelivr.net *.livechatinc.com *.moengage.com *.onetrust.com *.razorpay.com *.tatadigital.com *.trackier.com *.unbxdapi.com c.amazon-adsystem.com connect.facebook.net googleads.g.doubleclick.net sc-static.net tr.snapchat.com www.googleadservices.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.onetrust.com www.gstatic.com; img-src 'self' data: https:; connect-src 'self' aax-eu.amazon-adsystem.com ad.doubleclick.net analytics.google.com api.fastrackeyewear.com apac-recommendations.unbxd.io ara.paa-reporting-advertising.amazon connect.facebook.net d3995ea24pmi7m.cloudfront.net google.com *.amazon.in *.clarity.ms *.criteo.com *.facebook.com *.fullstory.com *.google.com *.googleapis.com *.livechatinc.com *.moengage.com *.onetrust.com *.paytm.in *.phonepe.com *.razorpay.com *.tatadigital.com *.titaneyeplus.com *.unbxdapi.com s.amazon-adsystem.com search.unbxd.io secure.paytmpayments.com stats.g.doubleclick.net tr.snapchat.com tr6.snapchat.com www.google-analytics.com www.google.co.in www.google.com www.googleadservices.com; font-src 'self' *.amazon-adsystem.com *.gstatic.com *.google.co.in *.onetrust.com *.unbxd.io ad.doubleclick.net ara.paa-reporting-advertising.amazon google.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com; frame-src 'self' *; report-uri https://admin.titaneyeplus.com/csp.php; 1
frame-ancestors 'self' localhost  *.nexpart.com nexpart.com *.pacecomputer.com *.lordco.com prostockautoparts.com *.shopcontroller.com *.lankar.com lankar-customer-sandbox.azurewebsites.net *.nexpartqa.com nexpartqa.com *.nexpartuat.com nexpartuat.com www.davesmith.com s1.ariba.com acdelco-catalog.dstcloud.com nexcat.com www.nexcat.com usglobalautomotive.com deets.feedreader.com *.networktoolcat.com; report-uri https://www.nexpart.com/csp_violation.php  1
object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1
default-src 'self';media-src 'self' blob: data: https:// *.onnetwork.tv *.tvp.pl;worker-src 'self' blob: data: *.sadeczanin.info;script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://weatherwidget.io *.weatherwidget.io *.google.com *.g.doubleclick.net *.instagram.com *.googlesyndication.com *.twitter.com  *.openxcdn.net *.4dex.io *.criteo.net tags.crwdcntrl.net *.creativecdn.com cdn.id5-sync.com cdn.prod.uidapi.com *.onnetwork.tv *.googleapis.com *.jsdelivr.net *.facebook.net *.2mdn.net *.google-analytics.com *.optad360.io *.script.ac *.ampproject.org; img-src 'self' https: data: blob: http://api.sadeczanin.info; style-src 'self' 'unsafe-inline' www.fonts.googleapis.com *.googleapis.com *.onnetwork.tv *.google.com; font-src 'self' data:  *.fonts.googleapis.com *.onnetwork.tv *.gstatic.com; frame-src 'self' https://weatherwidget.io *.weatherwidget.io https://instagram.com *.instagram.com https://twitframe.com *.twitframe.com *.twitter.com *.facebook.com *.googlesyndication.com *.google.com *.g.doubleclick.net *.googleadservices.com *.youtube.com *.youtu.be https://youtube.com https://youtu.be https://zrzutka.pl *.zrzutka.pl *.criteo.com *.onnetwork.tv *.googleapis.com *.aztv.pl *.casalemedia.com *.openx.net *.quantumdex.io *.adxbid.info *.openx.net *.quantumdex.io https://adxbid.info *.adxbid.info https://onetag-sys.com *.onetag-sys.com *.openx.net *.smartadserver.com *.wp.pl *.rubiconproject.com *.pubmatic.com *.a-mo.net *.indexww.com *.adnxs.com *.3lift.com https://hdsystem.pl https://www.hdsystem.pl *.richaudience.com; connect-src 'self' *.google-analytics.com *.sadeczanin.info pagead2.googlesyndication.com *.google.com *.g.doubleclick.net *.gstatic.com bcp.crwdcntrl.net id5-sync.com *.criteo.com *.criteo.net *.onnetwork.tv *.jsdelivr.net *.openx.net *.adnxs.com *.quantumdex.io *.wp.pl *.rubiconproject.com https://dnacdn.net *.dnacdn.net *.onetag-sys.com https://onetag-sys.com *.a-mo.net *.casalemedia.com *.pubmatic.com *.smartadserver.com *.adform.net *.creativecdn.com *.vidoomy.com *.4dex.io *.adxpremium.services *.adsrvr.org *.richaudience.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self'; report-uri https://www.themercury.com.au/csp-reports 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.trustedshops.com *.bootstrapcdn.com https://display.ugc.bazaarvoice.com 'self' data: *.vortexoptics.com https://vortexoptics.com/static https://*.userway.org/ *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/tr/ https://mcstaging.vortexoptics.com/ https://mcstaging.vortexgolf.com/ https://vortexoptics.com/ https://vortexgolf.com/ https://*.userway.org/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://amc.demdex.net/ https://www.facebook.com/ https://*.doubleclick.net/ https://*.userway.org/ *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net http://amcglobal.sc.omtrdc.net/ widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.meetanshi.com https://mcstaging.vortexoptics.com/ *.cloudflare.com https://cdn.klarna.com *.ytimg.com *.usercentrics.eu https://www.google.com/ https://facebook.com/  https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.facebook.com/ https://connect.facebook.net/ *.bazaarvoice.com/ https://contentorigin.bazaarvoice.com/ https://vortexoptics.widen.net/ *.gettopple.com/ https://bam.nr-data.net/ *.kaltura.com/ https://*.userway.org/ https://yotpo-media-temporary.s3.amazonaws.com/ www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js *.cloudflare.com *.trustedshops.com *.usercentrics.eu https://chimpstatic.com *.zdassets.com https://www.google.com https://www.gstatic.com https://geoip.nekudo.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://connect.facebook.net/ https://widget-mediator.zopim.com https://googleads.g.doubleclick.net/ *.gettopple.com/ https://mpsnare.iesnare.com/ *.vortexoptics.com https://vortexoptics.com/static/ https://klear.com/ https://cdnapisec.kaltura.com/ https://*.userway.org/ wss://pod-13-sunco-ws.zendesk.com *.maxmind.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bazaarvoice.com *.bootstrapcdn.com *.vortexoptics.com https://vortexoptics.com/static https://*.userway.org/ https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com https://mpsnare.iesnare.com/ https://*.userway.org/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.meetanshi.com *.gstatic.com *.cloudflare.com https://rum.hlx.page *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://in.hotjar.com http://amcglobal.sc.omtrdc.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://www.facebook.com/ https://*.hotjar.com https://maps.googleapis.com *.bazaarvoice.com wss://*.hotjar.com https://*.hotjar.io wss://mpsnare.iesnare.com/star wss://pod-13-sunco-ws.zendesk.com https://*.googlesyndication.com *.vortexoptics.com https://vortexoptics.com/static https://insights.algolia.io https://klear.com/ https://*.userway.org/ *.mmapiws.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.air.org; child-src 'self' *.air.org; connect-src 'self' *.sharethis.com *.air.org https://analytics.google.com https://fd.cleantalk.org https://www.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://data.stbuttons.click https://moderate.cleantalk.org https://region1.analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://views.unsplash.com https://gateway.shorthand.com https://www.google.co.in https://use.fontawesome.com; font-src 'self' *.typekit.net *.fontawesome.com *.gstatic.com *.air.org; frame-src 'self' *.air.org https://www.googletagmanager.com https://www.youtube.com https://job-boards.greenhouse.io https://player.vimeo.com https://public.tableau.com https://www.google.com https://support.google.com https://w.soundcloud.com https://experience.arcgis.com https://iframely.shorthand.com *.softr.app; img-src 'self' *.sharethis.com *.knightlab.com *.air.org https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://air-workspace.shorthandstories.com https://www.googleadservices.com https://public.tableau.com data:; manifest-src 'self'; media-src 'self' *.air.org https://air-workspace.shorthandstories.com; script-src 'self' *.sharethis.com *.air.org https://www.googletagmanager.com https://fd.cleantalk.org https://googleads.g.doubleclick.net https://www.youtube.com https://boards.greenhouse.io cdn.jsdelivr.net cdnjs.cloudflare.com chosen.js https://cdn.ckeditor.com https://cdn.jsdelivr.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://moderate.cleantalk.org https://unpkg.com https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.sharethis.com *.typekit.net *.knightlab.com *.air.org https://googleads.g.doubleclick.net https://fd.cleantalk.org https://www.youtube.com https://boards.greenhouse.io https://app.icontact.com https://air-workspace.shorthandstories.com https://public.tableau.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://analytics.shorthand.com https://platform-api.sharethis.com https://iframely.shorthand.com https://www.googletagmanager.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://moderate.cleantalk.org cdn.jsdelivr.net cdnjs.cloudflare.com chosen.js https://cdn.ckeditor.com https://cdn.jsdelivr.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' *.air.org cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com use.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.knightlab.com *.air.org https://app.icontact.com cdn.jsdelivr.net cdnjs.cloudflare.com chosen.css fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com use.typekit.net; webrtc 'block'; base-uri 'self' *.air.org; form-action 'self' *.air.org https://app.icontact.com; frame-ancestors 'self' https://www.air.org https://air.org; report-uri https://air.org/log-report-uri/reportOnly; block-all-mixed-content; trusted-types 'none' 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.ccpsx.com/api/v1/errors/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com *.cloudflare.com *.force.com *.adsrvr.org *.bing.com *.clickcease.com *.connect.facebook.net *.cookielaw.org *.doubleclick.net *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.gtm.prosci.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.net *.hubspot.com *.hubspotusercontent-na1.net *.hsadspixel.net *.js.usemessages.com *.jsdelivr.net *.kit.fontawesome.com *.luckyorange.com *.prosci.com *.linkedin.com *.licdn.com *.hsappstatic.net *.hubapi.com *.cloudflare *.fontawesome.com *.hsleadflows.net *.hs-analytics.net js.usemessages.com js.hs-banner.com *.google.com *.google.pl *.bing.net js.hubspotfeedback.com *.facebook.net *.googleapis.com *.sentry-cdn.com *.hubspot.net;   style-src 'self' 'unsafe-inline' *.cloudflare.com *.adsrvr.org *.bing.com *.clickcease.com *.connect.facebook.net *.cookielaw.org *.doubleclick.net *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.gtm.prosci.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.net *.hubspot.com *.hubspotusercontent-na1.net *.hsadspixel.net *.js.usemessages.com *.jsdelivr.net *.kit.fontawesome.com *.luckyorange.com *.prosci.com *.linkedin.com *.licdn.com *.hsappstatic.net *.hubapi.com *.cloudflare *.fontawesome.com  *.hsleadflows.net  *.hs-analytics.net js.usemessages.com js.hs-banner.com *.google.pl *.bing.net *.google.com *.facebook.net *.googleapis.com *.sentry-cdn.com *.hubspot.net;   img-src 'self' data: blob: *.cloudflare.com *.adsrvr.org *.bing.com *.clickcease.com *.connect.facebook.net *.cookielaw.org *.doubleclick.net *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.gtm.prosci.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.net *.hubspot.com *.hubspotusercontent-na1.net *.hsadspixel.net *.js.usemessages.com *.jsdelivr.net *.kit.fontawesome.com *.luckyorange.com *.prosci.com *.linkedin.com *.licdn.com *.hsappstatic.net *.hubapi.com *.cloudflare *.fontawesome.com  *.hsleadflows.net  *.hs-analytics.net js.usemessages.com js.hs-banner.com *.google.pl *.bing.net *.google.com *.facebook.net *.googleapis.com *.sentry-cdn.com *.hubspot.net;   frame-src *.force.com *.adsrvr.org *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.hs-sites.com *.hsforms.net *.hubspot.com *.googletagmanager.com *.doubleclick.net gtm.prosci.com;   connect-src 'self' *.cloudflare.com *.adsrvr.org *.bing.com *.clickcease.com *.connect.facebook.net *.cookielaw.org *.doubleclick.net *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.gtm.prosci.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.net *.hubspot.com *.hubspotusercontent-na1.net *.hsadspixel.net *.js.usemessages.com *.jsdelivr.net *.kit.fontawesome.com *.luckyorange.com *.prosci.com *.linkedin.com *.licdn.com *.hsappstatic.net *.hubapi.com *.cloudflare *.fontawesome.com  *.hsleadflows.net  *.hs-analytics.net js.usemessages.com js.hs-banner.com *.google.pl *.bing.net *.google.com *.facebook.net *.googleapis.com *.sentry-cdn.com *.hubspot.net;   font-src 'self' data: *.cloudflare.com *.adsrvr.org *.bing.com *.clickcease.com *.connect.facebook.net *.cookielaw.org *.doubleclick.net *.facebook.com *.wistia.com *.hsforms.com *.forms-na1.hsforms.com *.gtm.prosci.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.net *.hubspot.com *.hubspotusercontent-na1.net *.hsadspixel.net *.js.usemessages.com *.jsdelivr.net *.kit.fontawesome.com *.luckyorange.com *.prosci.com *.linkedin.com *.licdn.com *.hsappstatic.net *.hubapi.com *.cloudflare *.fontawesome.com  *.hsleadflows.net  *.hs-analytics.net js.usemessages.com js.hs-banner.com *.google.pl *.bing.net *.google.com *.facebook.net *.googleapis.com *.sentry-cdn.com *.hubspot.net; 1
worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com *.kxcdn.com https://fonts.cdnfonts.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://secure.asxgw.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.fbcdn.net blob: ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://verify.etrustmark.rs https://rs.beosport.com maps.gstatic.com *.ggpht https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://asxgw.com https://asxgw.paymentsandbox.cloud https://secure.asxgw.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://s-eu-1.pushpushgo.com form.beosport.rs/static_files/js/form.widget.js https://maps.googleapis.com https://cdnjs.cloudflare.com *.avada.io s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-eval' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8=' 'sha256-OIkmMoDWrMET+9yYXfy4kYiZBSGdTuH3/LGJwXz4dbQ=' 'sha256-sA4VQiCGZ0SoC9lRUhrksOsX2gyXQEuHg4kSBIW0NEE=' 'sha256-c0lCqfyjzjX/z/E3XbnFt91p2H29aTfAgw8EjWp/fZI=' 'sha256-vEvkWASy62ASaFxwu/PJbHplao3U4RHMscHIG0WJ/Bk=' 'sha256-kcLwbkMxoYXD1+pfTCjKcZiKwrSg1OvWbfrbGCEKCJk=' 'sha256-jFhMjIj2mk11gJ73zMfIxd2bY7KD+ytCtZ/D9ManRc8=' 'sha256-6ixR+oMcnzgWfqUMhTzL7wXbLD5XOuFMHNcTSt5qov0=' 'sha256-LDIYwFJ02I7TUBglvosPtK0tPqIZkCRZMbWutdyCCAQ=' 'sha256-nf8KOhKoAdxPSwpv2RidJS8ZZzJhFY7WlN7FC+qdWc8=' 'sha256-3WKFMY9tUFN5N13PAP/JYO8r7IKSLJh0/tgh/V9MkRQ=' 'sha256-T3EuRb1GGbNmQ0vw9RUrW9VEstcYOrsXAoxvhYdOvIk=' 'sha256-coL0pEv1rb+grF9AzX+5ontRniER4BFzra+DqTYSAis=' 'sha256-5C79GT8eq2lLXsap6ckT7RIW2BBB6xceZxo8HZDjwyE=' 'sha256-Kj8xM4xKFKZOhkroQhn0wDm7HLvSMJ5jjXf4wDD9kLQ=' 'sha256-kDNtJT2efDxEQCDHPhzf12/6ZKrOJgpR7ze4tIpOkzg=' 'sha256-Y0D3AiTZ5scvOayGpk638SU9EGZdZCxmdS81i5h7sR0=' 'sha256-bpKe9LdxDRMgKSQ0H1JxXAYFf/zUg/V89o4nC7fFLIM='; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.google.com *.kxcdn.com downloads.mailchimp.com https://fonts.cdnfonts.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://asxgw.com https://asxgw.paymentsandbox.cloud https://www.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://get.geojs.io *.avada.io ekr.zdassets.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://online.fliphtml5.com/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://fledge.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.grupomonge.tt.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com https://ws.cs.1worldsync.com *.cloudflare.com https://bam.nr-data.net *.connect.facebook.net *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://grupomongeecommerceprd.112.2o7.net http://fonts.cdnfonts.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.grupomonge.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com https://bam.nr-data.net *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://analytics.tiktok.com *.firaonlive.com https://smetrics.verdugotienda.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'nonce-b5aea179-1825-4b6c-8e0e-c37027832d00' 'self' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.aptrinsic.com https://*.bevylabs.com https://*.osano.com https://*.brainfi.sh; font-src 'self' data: https://*.bevylabs.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com https://*.brainfi.sh; img-src 'self' data: blob: https://unpkg.com https://*.aptrinsic.com https://*.bevylabs.com https://*.cloudinary.com https://*.facebook.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://storage.googleapis.com https://*.googleusercontent.com https://*.googletagmanager.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.startupgrind.com https://image.mux.com https://img.youtube.com https://i.ytimg.com https://*.vidyard.com https://i.vimeocdn.com https://cdn.bizible.com https://*.lrkt-in.com https://*.litix.io https://cdn.prod.website-files.com https://*.brainfi.sh https://*.adroll.com https://ml314.com https://x.bidswitch.net https://pixel.tapad.com https://pixel.rubiconproject.com https://ps.eyeota.net https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://sync.outbrain.com https://sync.taboola.com https://eb2.3lift.com https://image2.pubmatic.com https://ib.adnxs.com https://secure.adnxs.com https://match.adsrvr.org https://t.co https://*.twitter.com https://*.ads-twitter.com https://*.reddit.com https://*.redditstatic.com https://alb.reddit.com https://*.hubspot.com https://*.hubapi.com https://track.hubspot.com https://www.google.com.mx https://www.google.com.ph https://www.google.co.uk https://www.google.fr https://www.google.nl https://www.google.es https://www.google.it https://www.google.pt https://www.google.co.cr https://www.google.co.ke https://www.google.com.ar https://www.google.com.co https://www.google.com.eg https://www.google.com.pe https://www.google.sk https://www.google.kg; frame-src 'self' https://*.cloud.looker.com https://*.google.com https://*.osano.com https://*.youtube.com https://*.youtube-nocookie.com https://*.exceedlms.com https://embed-cdn.spotifycdn.com https://exceedlms.com https://js.stripe.com/ https://player.vimeo.com https://static.elfsight.com/platform/platform.js https://td.doubleclick.net/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.slideshare.net/ https://bevywidgets.com https://play.vidyard.com https://*.googletagmanager.com https://*.brainfi.sh; connect-src 'self' blob: data: wss: https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.aptrinsic.com https://*.bevylabs.com https://*.cloudinary.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.lr-ingest.io https://*.logrocket.io https://*.lrkt-in.com https://*.mux.com https://*.litix.io https://*.osano.com https://*.posthog.com https://*.rollbar.com https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.daily.co https://*.googleapis.com https://*.pluot.blue https://chat.stream-io-api.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.mktoresp.com https://*.fides-cdn.ethyca.com https://*.ethyca.com https://*.brainfi.sh wss://*.brainfi.sh https://*.reddit.com https://*.redditstatic.com https://*.hubspot.com https://*.hubapi.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hotjar.com https://*.hotjar.io https://*.googlesyndication.com https://www.google.com.mx https://www.google.com.ph https://www.google.co.uk https://www.google.fr https://www.google.nl https://www.google.es https://www.google.it https://www.google.pt https://www.google.co.cr https://www.google.co.ke https://www.google.com.ar https://www.google.com.co https://www.google.com.eg https://www.google.com.pe https://www.google.sk https://www.google.kg; media-src 'self' blob: https://*.mux.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.bevy.com; upgrade-insecure-requests; report-uri /api/csp-report/ 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data: blob:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-5c4+XUUWJZBzznnoYvCgzA=='; report-uri /csp_violations 1
frame-ancestors 'self'; report-uri https://www.ntnews.com.au/csp-reports 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.pinterest.com https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com *.weltpixel.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://ghirardelli.slgnt.us https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://optmize.google.com https://www.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com *.gstatic.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.upsellit.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com https://www.googletagmanager.com tagmanager.google.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com https://api.unifaun.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js https://click2cart.com https://ghirardelli.mycontactcenter.net/ https://pop1-apps.mycontactcenter.net/ https://form.jotform.com https://ghirardelli-pages.vercel.app https://form.jotform.com/jsform/250416509718156 https://form.jotform.com/250695600740152 https://api-js.datadome.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com tagmanager.google.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://cloud.typography.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io * *.adyen.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com https://www.google-analytics.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://cdn.linkedin.oribi.io https://vc.hotjar.io *.ghirardelli.com *.hotjar.io *.bing.com ws.hotjar.com wss://ws.hotjar.com sc-api.click2cart.com https://geolocation.onetrust.com https://bat.bing.com ghirardelli-pages.vercel.app https://ghirardelli-pages.vercel.app/api/synup https://ghirardelli-pages.vercel.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.irsn.fr *.asnr.fr; script-src 'self' *.irsn.fr *.asnr.fr cdn.ckeditor.com embed.api.video public.message-business.com static.doubleclick.net unpkg.com vod.api.video www.google.com www.gstatic.com www.youtube.com www.youtube-nocookie.com e.infogram.com; object-src 'none'; style-src 'self' 'unsafe-inline'  *.irsn.fr *.asnr.fr fonts.googleapis.com unpkg.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data:  *.irsn.fr *.asnr.fr i.ytimg.com yt3.ggpht.com *.tile.openstreetmap.org; media-src 'self'  *.irsn.fr *.asnr.fr; frame-src 'self'  *.irsn.fr *.asnr.fr embed.api.video www.youtube.com www.youtube-nocookie.com e.infogram.com; frame-ancestors 'self'  *.irsn.fr *.asnr.fr; child-src 'self'  *.irsn.fr *.asnr.fr embed.api.video www.youtube.com www.youtube-nocookie.com; font-src 'self' data:  *.irsn.fr *.asnr.fr embed.api.video fonts.gstatic.com themes.googleusercontent.com; connect-src 'self'  *.irsn.fr *.asnr.fr collector.api.video googleads.g.doubleclick.net jnn-pa.googleapis.com vod.api.video www.youtube.com www.youtube-nocookie.com; report-uri /sa-report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.brandhub.codered.net https://*.powertrain.codered.net;         media-src 'self' blob:;         script-src 'self' https://mb.etrackingserver.de https://*.scene7.com https://app.usercentrics.eu https://chatbot.codered.net/static/ 'unsafe-inline' 'unsafe-eval' blob:;         style-src 'self' 'unsafe-inline' https://*.scene7.com https://chatbot.codered.net/static/;         img-src 'self' https://js.api.here.com https://*.scene7.com https://*.usercentrics.eu https://dev.day.com blob: data:;         connect-src 'self' https://*.usercentrics.eu https://mb.etrackingserver.de https://*.scene7.com https://*.mercedes-benz-trucks.net https://*.hereapi.com https://*.api.here.com https://chatbot.codered.net blob:;         font-src 'self' https://js.api.here.com data:; 1
default-src 'self'; base-uri 'self'; object-src 'none';  script-src   'self'   'unsafe-inline'   'unsafe-eval'   https://www.googletagmanager.com   https://www.google-analytics.com   https://www.googleadservices.com   https://connect.facebook.net;  style-src   'self'   'unsafe-inline'   https://fonts.googleapis.com;  font-src   'self'   https://fonts.gstatic.com   data:;  img-src   'self'   data:   blob:   https://www.google-analytics.com   https://www.googletagmanager.com   https://www.facebook.com;  connect-src   'self'   https://www.google-analytics.com   https://analytics.google.com   https://www.facebook.com;  frame-src   'self'   https://www.googletagmanager.com   https://www.facebook.com;  frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://dig-aboprod.noncd.db.de https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://bildermangel.de https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://*.vvs.de https://vvsjobs.softgarden.io https://www.paperturn-view.com http://paperturn-view.com https://*.paperturn-view.com https://www.unserebroschuere.de https://dig-aboprod.noncd.db.de https://www.googletagmanager.com https://*.consentmanager.net; font-src 'self' https://dig-aboprod.noncd.db.de https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de; worker-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://dig-aboprod.noncd.db.de https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de https://*.vvs.de; connect-src 'self' https://apistaging.vvs.de https://*.vvs.de https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://region1.google-analytics.com https://abo.bahn.de https://dig-aboprod.noncd.db.de https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de; object-src 'none'; style-src 'self' https://dig-aboprod.noncd.db.de https://*.consentmanager.net https://web-assets-stage.dc.vvs.de https://web-assets-prod.dc.vvs.de https://www-assets.vvs.de 'unsafe-inline' 'report-sample'; form-action 'self' https://dig-aboprod.noncd.db.de https://abo.bahn.de; script-src-attr 'none' 'report-sample'; report-uri https://www.vvs.de/@http-reporting?csp=report&requestTime=1758610862619452&requestHash=37a59644ef9051c8efc5aa5fa70c9054b934deef 1
object-src 'none';base-uri 'self';script-src 'nonce-FsmqfEeoWl2HuhFjx1-5-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4RVtE18fdM9aCkNP0QUl3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://events.framer.com/script https://framer.com https://framerusercontent.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js;  style-src 'report-sample' 'self' 'unsafe-inline';  object-src 'none';  base-uri 'self';  connect-src 'self' https://events.framer.com https://lottie.host https://region1.google-analytics.com https://website-data-beta.vercel.app https://www.google-analytics.com;  font-src 'self' https://cdnjs.cloudflare.com https://framerusercontent.com;  frame-src 'self' https://embeds.beehiiv.com https://framer.com;  img-src 'self' data: https://framerusercontent.com https://www.googletagmanager.com https://yastatic.net;  manifest-src 'self';  media-src 'self' https://framerusercontent.com;  worker-src 'none';  frame-ancestors 'self';  report-uri https://68af03dee39705929f59b2eb.endpoint.csper.io?builder=true&v=9; 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ipv4check.ec-elements.com ipv6check.ec-elements.com data: 'unsafe-eval'; report-uri /csp-violation-report-endpoint/ 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-vusS66D_0vuesw7VVs3pnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.co.uk/api/csp-report; report-to csp-endpoint 1
style-src-elem 'unsafe-inline' sportofino.com *.sportofino.com *.snrcdn.net geowidget.easypack24.net fonts.googleapis.com cdn.luigisbox.tech; script-src-elem *.snrcdn.net *.etrusted.com https://widgets.trustedshops.com *.livechatinc.com geowidget.inpost.pl widget.packeta.com static.paynow.pl maps.googleapis.com www.googletagmanager.com js.braintreegateway.com ssl.ceneo.pl www.glami.cz www.ladenzeile.de x.klarnacdn.net c.paypal.com pay.google.com static.cloudflareinsights.com 'self' 'unsafe-inline' sportofino.com *.sportofino.com scripts.luigisbox.tech cdn.luigisbox.tech consent.cookiebot.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com bat.bing.com a.mgid.com connect.facebook.net cdn.tmtarget.com glamipixel.com tags.creativecdn.com library.startquestion.com pixel.wp.pl googleads.g.doubleclick.net dss.hybrid.ai web.snrbox.com st.hybrid.ai emd.hybrid.ai im9.cz googleadservices.com expandeco.daktela.com www.googleadservices.com analytics.tiktok.com www.clarity.ms scripts.clarity.ms; font-src *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com fonts.gstatic.com geowidget.easypack24.net https://widgets.trustedshops.com cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com sportofino.com *.sportofino.com *.gstatic.com *.googleapis.com *.ggpht.com *.paynow.pl www.glami.cz static.paynow.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com bat.bing.com pixel.wp.pl www.glami.pl www.facebook.com a.mgid.com dot.wp.pl stileo.it www.glami.ro sync.teads.tv www.google.pl sync.taboola.com ih.adscale.de eb2.3lift.com sync.outbrain.com ssp-csync.smartadserver.com ads.stickyadstv.com ads.yieldmo.com us-u.openx.net ad.doubleclick.net imgsct.cookiebot.com dss.hybrid.ai bat.bing.net ams.creativecdn.com cm.mgid.com www.fashiola.de www.fashiola.fr rt.udmserve.net www.heureka.cz ib.adnxs.com dsum-sec.casalemedia.com c1.adform.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl secure.payu.com secure.snd.payu.com 'self' 'unsafe-inline' sportofino.com *.sportofino.com library.startquestion.com bat.bing.com px.leadexpert.pl scripts.luigisbox.tech tags.creativecdn.com cdn.luigisbox.tech js-agent.newrelic.com bam.eu01.nr-data.net widgets.trustedshops.com www.snrcdn.net gstatic.com tck.snrbox.com proxy.snrbox.com connect.facebook.net creativecdn.com cdn.livechatinc.com *.inpost.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com reco.sportofino.com dss.hybrid.ai a.mgid.com consentcdn.cookiebot.com widget.packeta.com googleadservices.com expandeco.daktela.com glamipixel.com pixel.wp.pl consent.cookiebot.com cdn.tmtarget.com cdn.thulium.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com reco.sportofino.com geowidget.easypack24.net cdn.luigisbox.tech 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com akamaized.net download-video.akamaized.net cdnstrapi.sportofino.com cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.snrbox.com maps.googleapis.com widget.packeta.com reco.sportofino.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.luigisbox.tech pagead2.googlesyndication.com live.luigisbox.tech region1.google-analytics.com ct.pinterest.com consentcdn.cookiebot.com app.startquestion.com googleads.g.doubleclick.net pixel.wp.pl ams.creativecdn.com bat.bing.com bat.bing.net www.facebook.com www.google.pl stats.g.doubleclick.net expandeco.daktela.com cdn.thulium.com fcmregistrations.googleapis.com i.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sportofino.com/csp_reports; report-to report-endpoint; 1
default-src 'self'; child-src 'none'; connect-src 'self' https://*.bozar.be https://*.contentsquare.net https://*.facebook.com https://*.google-analytics.com https://*.onetrust.com https://*.recombee.com https://*.secutix.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://o419740.ingest.sentry.io/api/5336472/envelope/; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.googletagmanager.com https://*.google.com https://*.matterport.com https://*.soundcloud.com https://*.spotify.com https://*.vimeo.com https://*.youtube.com; img-src 'self' https://*.cookielaw.org https://*.facebook.com https://*.googletagmanager.com https://*.vimeocdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bozar.be https://*.hotjar.com https://*.cookielaw.org https://*.contentsquare.net https://*.googletagmanager.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://unpkg.com; script-src-elem 'self' 'unsafe-inline' https://*.bozar.be https://*.cookielaw.org https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://matomojs.trackify.info https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://*.bozar.be https://*.secutix.com; report-uri https://o419740.ingest.sentry.io/api/5336472/security/?sentry_key=352ab04e14224ad0804d381177289653&sentry_environment=master-7rqtwti&sentry_release=724a01d64d772103016201e95537cbab8768830f; block-all-mixed-content 1
default-src 'self'; script-src  'self' https:       'unsafe-inline' 'unsafe-eval'; style-src   'self' https:       'unsafe-inline'; font-src    'self' https: data: 'unsafe-inline'; img-src     'self' https: data:; connect-src 'self' https:; frame-src   'self' https://*.vipleiloes.com.br https://*.provedor.space https://streaming01.vplpar.com:5443; media-src   'self' https:; form-action 'self' https:; base-uri    'self'; frame-ancestors 'self' https://*.vipleiloes.com.br https://streaming01.vplpar.com:5443; object-src  'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GMIi-5t-0pLWUuNT8nnYzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.fi https://scout.us3.salesloft.com https://b.6sc.co https://www.google.com.eg https://j.6sc.co https://lh7-rt.googleusercontent.com https://www.google.be https://www.google.com.au https://www.google.es https://www.google.com.my https://www.google.co.za https://www.google.fr https://www.google.co.in https://*.hubspotfeedback.com https://www.google.com.ph https://www.google.com.sa https://www.google.co.uk https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://cdn-4.convertexperiments.com https://www.google.ae https://www.google.de https://www.google.it https://www.google-analytics.com https://ws.zoominfo.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google.co.uk https://cdn.trackjs.com https://js.hsforms.net https://cmp.osano.com https://tracking.g2crowd.com https://static.hotjar.com https://script.hotjar.com https://widget.intercom.io https://js.intercomcdn.com https://scout-cdn.salesloft.com https://js.hs-analytics.net https://js.hubspot.com https://js.hs-banner.com https://js.hsadspixel.net https://js-na1.hs-scripts.com https://snap.licdn.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://www.googletagmanager.com/gtm.js https://static.addtoany.com https://boards.greenhouse.io/embed/job_board/js https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com blob: 'nonce-a9b2987960d987db697496908d251cd7'; style-src 'self' 'unsafe-inline' https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com https://fonts.googleapis.com; img-src 'self' https://secure.gravatar.com https://scout.us3.salesloft.com https://b.6sc.co https://*.atl-paas.net https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh7-rt.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://js.hs-banner.com https://www.google.co.za https://www.google.com.au https://*.hubspotfeedback.com https://www.google.es https://www.google.be https://www.google.com.my https://www.google.fr https://www.google.co.in https://www.google.com.ph https://www.google.com.sa https://www.google.co.uk https://www.google.fi https://encrypted-tbn0.gstatic.com https://www.google.ae https://www.google.de https://www.google.it https://fonts.gstatic.com https://usage.trackjs.com https://forms-na1.hsforms.com https://perf-na1.hsforms.com https://js.intercomcdn.com https://www.googletagmanager.com https://t.co https://analytics.twitter.com https://www.google.com https://track.hubspot.com https://px.ads.linkedin.com https://www.google.com.eg https://*.google.co.uk https://downloads.intercomcdn.com https://static.intercomassets.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com data:; font-src 'self' https://fonts.gstatic.com https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com https://cdn.jsdelivr.net data:; connect-src 'self' https://ws.zoominfo.com https://cmp.osano.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.simscale.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.analytics.google.com https://www.google.com https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com https://fonts.googleapis.com https://scout.salesloft.com https://tracking-api.g2.com https://*.g.doubleclick.net https://static.hsappstatic.net https://api.hubapi.com https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com; frame-src 'self' https://www.googletagmanager.com https://app.hubspot.com https://demo.arcade.software; media-src 'self' https://frontend-assets.dev.simscale.com https://ws-long-dev.simscale.com https://frontend-assets.stg.simscale.com https://ws-long-staging.simscale.com https://frontend-assets.simscale.com https://ws-long.simscale.com; object-src 'none'; form-action 'self' https://*.hubspot.com https://*.hsforms.com https://*.greenhouse.io; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /csp-reports 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.useinsider.com https://www.gstatic.com https://fonts.gstatic.com https://*.typekit.net https://fonts.googleapis.com *.alicdn.com *.bazaarvoice.com *.googleusercontent.com *.homehardware.com.au *.hotjar.com *.hsappstatic.net *.slant.co *.zip.co *.alipayobjects.com *.cloudflare.com *.fontawesome.com *.fonts.net *.fontshare.com *.googleapis.com *.migaku.com *.mitre10.com.au *.qantas.com *.ziplyne.com *.crisp.chat *.bootstrapcdn.com *.shopback.com yastatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://app.contentful.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.useinsider.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.b0e8.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.mitre10.com.au https://*.openstreetmap.org https://scontent.cdninstagram.com https://tracker.unbxdapi.com *.dotomi.com *.eyeota.net *.googleapis.com *.mitre10.com.au *.openx.net *.pubmatic.com www.google.bf www.google.ca www.google.ch www.google.cm www.google.co.ck www.google.co.id www.google.co.in www.google.co.kr www.google.co.nz www.google.co.ug www.google.co.uk www.google.co.za www.google.co.zm www.google.com.au www.google.com.bd www.google.com.fj www.google.com.gh www.google.com.hk www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vn www.google.de www.google.dk www.google.es www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.nl www.google.pl www.google.rs www.google.se *.amazon-adsystem.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bt www.google.by www.google.ci www.google.cl www.google.co.bw www.google.co.cr www.google.co.il www.google.co.jp www.google.co.ke www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.th www.google.co.tz www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sb www.google.com.sl www.google.com.tr www.google.com.ua www.google.com.uy www.google.cz www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hn www.google.im www.google.iq www.google.jo www.google.ki www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mk www.google.mu www.google.mw www.google.no www.google.pt www.google.ro www.google.ru www.google.sc www.google.si www.google.sk www.google.sn www.google.tn www.google.tt www.google.vu www.google.ws zip.co *.afterpay.com *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.cursors-4u.net *.google.com *.googleusercontent.com *.pinterest.com *.qualtrics.com *.shopback.com *.snapchat.com *.zipmoney.com.au dakotaram.com s3.amazonaws.com web-cockroach.herokuapp.com www.google.ad www.google.al www.google.as www.google.az www.google.bj www.google.bs www.google.cd www.google.cg www.google.co.ao www.google.com.af www.google.com.ag www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.bz www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.mm www.google.com.ni www.google.com.om www.google.com.py www.google.com.sv www.google.com.vc www.google.cv www.google.dj www.google.fm www.google.ga www.google.gm www.google.gy www.google.ht www.google.is www.google.je www.google.kg www.google.kz www.google.me www.google.mg www.google.ml www.google.mn www.google.mv www.google.nr www.google.ps www.google.rw www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to yastatic.net *.alicdn.com *.googleadservices.com www.google.com.gi www.google.dm www.google.gl www.google.nu www.google.pn www.google.sh www.google.td *.ctfassets.net metcashgiftcards.com.au *.baidu.com *.bing.com *.google-analytics.com *.hotjar.com *.humm-group.com speechit.pro www.google.li www.google.sm www.google.st *.ivaws.com sevr.au www.xtento.com cdn.xtento.com t.zip.co static.zip.co *.hsforms.net *.hsforms.com https://images.ctfassets.net https://images.secure.ctfassets.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.b0e8.com *.bc0a.com *.plugins.emarsys.net *.scarabresearch.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://libraries.unbxdapi.com https://d21gpk1vhmjuf5.cloudfront.net https://s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js https://cdn.optimizely.com https://rum.optimizely.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.zip.co https://cdn.scarabresearch.com *.cloudflare.com *.dotomi.com *.googleapis.com *.newrelic.com *.unbxdapi.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.hotjar.com *.mitre10.com.au *.shophumm.com.au *.zip.co *.zipmoney.com.au d21gpk1vhmjuf5.cloudfront.net https://d3m8huu8gvuyn3.cloudfront.net/rex_template_content/unbxd_rex_template_sdk.js *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.instagram.com *.p-a.io *.particularaudience.com *.pinimg.com *.pinterest.com *.qualtrics.com *.snapchat.com *.tableau.com consentag.eu dakotaram.com googletagmanager.com nexuspublications.com.au sc-static.net *.crisp.chat *.walkme.com *.humm-au.com static.cloudflareinsights.com rum.hlx.page *.bootstrapcdn.com *.vimeo.com localhost yastatic.net *.disqometer.com *.dotdigital-pages.com static.client.cardinaltrusted.com www.xtento.com cdn.xtento.com static.zip.co zip.co *.hsforms.net *.hsforms.com https://cdn.jsdelivr.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com display.ugc.bazaarvoice.com *.useinsider.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com https://*.typekit.net https://maps.googleapis.com https://libraries.unbxdapi.com *.typekit.net *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co *.bazaarvoice.com *.fontawesome.com *.fonts.net *.mitre10.com.au *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.mitre10.com.au *.youtube.com *.globalshop.com.au *.bing.com *.paypal.com vimeo.com youtube.com *.ctfassets.net *.bondall.com https://videos.ctfassets.net https://videos.secure.ctfassets.net 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.sharethis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.scarabresearch.com *.eservice.emarsys.net *.useinsider.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://search.unbxd.io https://www.instagram.com https://graph.instagram.com https://*.sandbox.afterpay.com https://api.sandbox.zipmoney.com.au https://sand.merchant-api.com https://merchant-api.com https://api.zipmoney.com.au https://*.sandbox.zip.co https://*.zip.co *.googleapis.com *.nr-data.net *.typekit.net localhost www.google.co.id www.google.co.in www.google.co.nz www.google.co.za www.google.com.au www.google.com.bd www.google.com.fj www.google.com.hk www.google.com.ph www.google.com.sa www.google.com.sg www.google.de www.google.dk www.google.hu www.google.pt www.google.rs *.bazaarvoice.com *.crwdcntrl.net *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxd.io *.zip.co *.zipmoney.com.au www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bf www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pe www.google.com.pk www.google.com.qa www.google.com.sb www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.ie www.google.it www.google.jo www.google.la www.google.lk www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.ro www.google.ru www.google.se www.google.sk www.google.tn www.google.tt www.google.vu www.google.ws *.alicdn.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mitre10.com.au *.p-a.io *.particularaudience.com *.pinterest.com *.qualtrics.com *.snapchat.com *.stbuttons.click *.unbxdapi.com www.google.al www.google.az www.google.bg www.google.bs www.google.cd www.google.ci www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.il www.google.co.mz www.google.co.zm www.google.com.bh www.google.com.bn www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.om www.google.com.pa www.google.com.pg www.google.com.pr www.google.com.sv www.google.com.uy www.google.ga www.google.gm www.google.gy www.google.ht www.google.iq www.google.je www.google.kg www.google.kz www.google.lt www.google.lu www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mv www.google.mw www.google.nr www.google.ps www.google.rw www.google.sc www.google.si www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to zip.co *.crisp.chat www.google.as www.google.bj www.google.cg www.google.cm www.google.co.ls www.google.com.af www.google.com.bo www.google.com.gi www.google.com.py www.google.com.vc www.google.dm www.google.im www.google.is www.google.ki www.google.ml www.google.nu www.google.pn *.walkme.com d3mewz86hy02zo.cloudfront.net kg668dbov0.execute-api.us-east-1.amazonaws.com rum.hlx.page www.google.gl *.baidu.com *.bing.com *.cloudflare.com *.humm-au.com *.jquery.com consentag.eu sc-static.net www.google.ad www.google.com.ag www.google.com.ni www.google.com.sl www.google.cv www.google.dj www.google.li *.conversionsapigateway.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.ctfassets.net *.disqometer.com www.google.gg *.cardinaltrusted.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.useinsider.com a.tribalfusion.com aa.agkn.com ad.turn.com ads.dotomi.com ads.scorecardresearch.com ads.stickyadstv.com aorta.clickagy.com ap.lijit.com bh.contextweb.com bpi.rtactivate.com c1.adform.net capi.connatix.com ce.lijit.com cm.g.doubleclick.net cms.analytics.yahoo.com cms.quantserve.com contextual.media.net cookies.nextmillmedia.com crb.kargo.com creativecdn.com cs.admanmedia.com cs.openwebmp.com csync.loopme.me dclk-match.dotomi.com dm-us.hybrid.ai dmp.brand-display.com dp-sync.dotomi.com dpm.demdex.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com edgedl.me.gvt1.com eu-u.openx.net exchange-match.mediaplex.com gw-iad-bid.ymmobi.com i.liadm.com i.w55c.net i6.liadm.com ib.adnxs.com id.rlcdn.com idpix.media6degrees.com idsync.live.streamtheworld.com idsync.rlcdn.com image2.pubmatic.com image4.pubmatic.com image8.pubmatic.com login.dotomi.com login-ds.dotomi.com match.adsby.bidtheatre.com match.adsrvr.org match.deepintent.com match.justpremium.com match.prod.bidr.io match.sharethrough.com match.sync.ad.cpe.dotomi.com openx-ums.acuityplatform.com openx.adhaven.com openx2-match.dotomi.com oxp.mxptint.net p.rfihub.com partners.tremorhub.com pippio.com pixel-sync.sitescout.com pixel.adsafeprotected.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pmp.mxptint.net pr-bh.ybp.yahoo.com ps.eyeota.net pubmatic-match.dotomi.com px.ads.linkedin.com px.owneriq.net rtb-csync.smartadserver.com rtb.adentifi.com rtb.openx.net s.ad.smaato.net s.amazon-adsystem.com s.tribalfusion.com server.cpmstar.com simage2.pubmatic.com ssbsync.smartadserver.com stags.bluekai.com sync-tm.everesttech.net sync.1rx.io sync.bfmio.com sync.crwdcntrl.net sync.ipredictive.com sync.mathtag.com sync.search.spotxchange.com sync.smartadserver.com sync.srv.stackadapt.com sync.targeting.unrulymedia.com t.adx.opera.com tags.bluekai.com tr.blismedia.com u.openx.net um.simpli.fi ups.analytics.yahoo.com us-east.ads.audio.thisisdax.com us-u.openx.net us.ck-ie.com vop.sundaysky.com x.bidswitch.net yahoo-match.dotomi.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.braintreegateway.com *.googletagmanager.com *.paypal.com consentag.eu 'self' 'unsafe-inline'; report-uri https://87acbafe-91fb-446b-aa4c-62851bc12cb5.sansec.watch/; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: https://widgets.trustedshops.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.useinsider.com *.trackedlink.net *.ftz.io *.fitizzy.com *.xandres.com *.geojs.io *.cookiebot.com *.cookiebot.eu data: 'self' 'unsafe-inline'; form-action www.facebook.com sc-static.net *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net tr.snapchat.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com *.xandres.com *.geojs.io *.cookiebot.com *.cookiebot.eu 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com www.google.com *.weltpixel.com *.hotjar.com www.facebook.com *.criteo.com view.publitas.com sc-static.net *.eu.freshchat.com *.eu.webpush.freshchat.com static.criteo.net *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net tr.snapchat.com getflowbox.com app.acuityscheduling.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.pinterest.com *.mollie.com *.trackedlink.net *.ftz.io *.fitizzy.com xandres-help.freshchat.com *.xandres.com *.geojs.io *.adform.net *.cookiebot.com *.cookiebot.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://www.mollie.com https://api.mapbox.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.doubleclick.net *.cdninstagram.com www.google.be connect.facebook.net www.facebook.net connect.facebook.com www.facebook.com ct.pinterest.com *.pinterest.com *.adform.net *.yieldmo.com *.smaato.net *.rubiconproject.com *.outbrain.com *.bidswitch.net *.adnxs.com *.teads.tv *.yahoo.com *.casalemedia.com *.contextual.media.net *.smartadserver.com *.360yield.com *.openx.net *.pubmatic.com *.taboola.com *.3lift.com *.advertising.com *.adscale.de *.omnitagjs.com *.criteo.com *.socdm.com *.yieldlab.net *.mail.ru *.cloudfront.net *.mollie.com *.ivitrack.com *.media.net *.sharethrough.com ade.clmbtech.com cm.mgid.com sync.e-planning.net ads.stickyadstv.com i.liadm.com ad.sxp.smartclip.net pixel.tapad.com dpm.demdex.net tags.bluekai.com s.thebrighttag.com a.twiago.com sync-tm.everesttech.net idsync.rlcdn.com cdn.stickyadstv.com sync.ad-stir.com jadserve.postrelease.com *.onetrust.com *.useinsider.com *.cookiepro.com bat.bing.com tr.snapchat.com *.getflowbox.com *.wisepops.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.google-analytics.com *.analytics.google.com *.trackedlink.net *.xandres.com *.ftz.io *.fitizzy.com *.geojs.io *.cookiebot.com *.cookiebot.eu data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com *.disqus.com js.mollie.com *.google.com www.gstatic.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.elfsight.com connect.facebook.net connect.facebook.com *.hotjar.com *.pinimg.com *.trackedlink.net *.sumo.com *.criteo.net *.criteo.com *.wisepops.com view.publitas.com sc-static.net wchat.eu.freshchat.com assetscdn-wchat.eu.freshchat.com *.eu.webpush.freshchat.com *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net bat.bing.com embed.acuityscheduling.com *.getflowbox.com *.tiktok.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.mollie.com *.ftz.io *.fitizzy.com d5yoctgpv4cpx.cloudfront.net vimeo.com xandres-help.freshchat.com *.xandres.com *.geojs.io *.adform.net *.cookiebot.com *.cookiebot.eu connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com fonts.gstatic.com embed.acuityscheduling.com *.getflowbox.com *.useinsider.com *.wisepops.com wchat.eu.freshchat.com assetscdn-wchat.eu.freshchat.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com xandres-help.freshchat.com *.xandres.com *.geojs.io *.cookiebot.com *.cookiebot.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com https://maps.googleapis.com https://player.vimeo.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site apps.elfsight.com *.analytics.google.com maps.googleapis.com *.doubleclick.net ct.pinterest.com *.hotjar.com wss://*.hotjar.com *.hotjar.io sumo.com api.instacloud.io *.wisepops.com cicptqmkej.execute-api.eu-west-1.amazonaws.com *.onetrust.com *.useinsider.com *.cookiepro.com *.getflowbox.com *.tiktok.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com rkkck31tec.execute-api.eu-central-1.amazonaws.com *.xandres.com *.geojs.io *.adform.net *.cookiebot.com *.cookiebot.eu connect.getflowbox.com 9mn3sm7015.execute-api.eu-west-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: wss://ws.tsarvar.com wss://wst.tsarvar.com wss://wst2.tsarvar.com; script-src https: http: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data:; font-src https: http: data:; 1
default-src https://*.rsync.net:443 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com https://zy.si; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/2/security/?sentry_key=1caf1e883a1146c09085276ddd50841d 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-47de73b1-2061-44a2-81bc-5f5c3969769e'  *.aaui-879784980514.s3.us-east-2.amazonaws.com *.aauicdnva7.azureedge.net *.adform.net *.app.launchdarkly.com *.awaascicdprodva7.blob.core.windows.net *.d30ln29764hddd.cloudfront.net *.doubleclick.net *.euroland.com *.eurolandir.com *.googletagmanager.com *.jquery.com *.leaddesk.com *.linkedin.com *.omniture.com *.omtrdc.net *.services.adobe.com *.youtube.com http://maps.google.com/maps-api-v3/api/ http://maps.google.com/maps/api/ http://maps.googleapis.com/maps/api/ https://*.aptrinsic.com https://*.flockler.com https://adminconsole.adobe.com https://adobe.com https://adobe.io https://adobe.net https://adobeid-na1.services.adobe.com https://ajax.googleapis.com https://analytics-eu.clickdimensions.com https://api.emea01.idio.episerver.net https://app.powerbi.com https://assets.adobedtm.com https://assets.adobedtm.com https://assets2.adobe.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cloudui-emea01.profilestore.episerver.net https://connect.facebook.net https://cookie-cdn.cookiepro.com https://d1igp3oop3iho5.cloudfront.net/v2/YTCU__QFgA3N4sqa5K5xQA-eu1/zaius-min.js https://d1igp3oop3iho5.cloudfront.net/v2/buA6R3hGThUwo2b3jMhdjQ-eu1/zaius-min.js https://dl.episerver.net https://fl-cdn.scdn1.secure.raxcdn.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://js.monitor.azure.com/scripts/ https://kuula.co https://ld-webchat.s3.eu-north-1.amazonaws.com https://login.microsoftonline.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ https://research.innolink.fi https://s.emea01.idio.episerver.net/ https://snap.licdn.com https://sstats.adobe.com https://static.ads-twitter.com https://tpc.googlesyndication.com https://videolle.viewin360.co https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.gstatic.com/recaptcha/ https://youtube.com https://metsa-virtual-exhibition.netlify.app https://metsa-virtual-exhibition-two.netlify.app  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/  https://*.hotjar.com/ https://cxppeur1rdrect01sa02cdn.blob.core.windows.net/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://ct.pinterest.com ;  report-uri https://www.metsagroup.com/api/reporting/;  report-to csp-endpoint; 1
default-src 'self' 'unsafe-inline' *.gardners.com;         script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.gardners.com/ js.braintreegateway.com/ *.cardinalcommerce.com/ *.gardners.com/scripts/jquery-3.7.1.min.js *.google-analytics.com/ www.googletagmanager.com/ api.os.uk api.whichosmap.co.uk/ code.jquery.com/* maps-api-ssl.google.com/ songbird.cardinalcommerce.com/ whichosmap.co.uk/ www.gstatic.com/ rum-static.pingdom.net/ kg668dbov0.execute-api.us-east-1.amazonaws.com/ *.cardinaltrusted.com/ code.jquery.com/jquery-migrate-3.5.2.min.js;  style-src 'report-sample' 'self' 'unsafe-inline' *.gardners.com *.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.os.uk api.whichosmap.co.uk assets.braintreegateway.com stackpath.bootstrapcdn.com whichosmap.co.uk;  style-src-attr 'report-sample' 'self' 'unsafe-inline' *.gardners.com;  object-src 'none';  base-uri 'self';  connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gardners.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com www.googletagmanager.com *.google-analytics.com api.braintreegateway.com api2.smartrecruitonline.com client-analytics.braintreegateway.com maps.googleapis.com translate.googleapis.com *.cardinaltrusted.com rum-collector-2.pingdom.net www.paypal.com www.paypalobjects.com pay.google.com https://pay.google.com https://pay.google.com/about/redirect/ https://google.com/pay api.whichosmap.co.uk kg668dbov0.execute-api.us-east-1.amazonaws.com;  font-src 'report-sample' 'self' 'unsafe-inline' data: *.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.os.uk api.whichosmap.co.uk fonts.gstatic.com stackpath.bootstrapcdn.com *.paypal.com cdn.jsdelivr.net fonts.cdnfonts.com;  frame-src 'report-sample' 'self' *.cardinalcommerce.com www.rsa3dsauth.co.uk *.arcot.com channel-cards-html.lloydsbankinggroup.com verify.monzo.com 3dsecure.starlingbank.com acs.revolut.com acs-challenge.apata.io *.paypal.com api.whichosmap.co.uk assets.braintreegateway.com whichosmap.co.uk www.googletagmanager.com www.youtube.com;  img-src 'report-sample' 'self' blob: data: https: *.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.paypal.com *.youtube.com/ api.os.uk api.whichosmap.co.uk assets.braintreegateway.com jackets.dmmserver.com maps-api-ssl.google.com maps.gstatic.com www.googletagmanager.com;  manifest-src 'self';  media-src 'self';  worker-src 'none';  report-uri https://67917890e3f085153460661d.endpoint.csper.io?v=10; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.googleapis.com investors.danaher.com cdn.cookielaw.org *.onetrust.com *.marketingcloudfx.com *.leadmanagerfx.com *.usefathom.com *.decibelinsight.net *.decibel.com *.medallia.com; object-src *.oembed.com *.vimeo.com *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net *.jsdelivr.net maxcdn.bootstrapcdn.com investors.danaher.com *.onetrust.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com cdn.cookielaw.org *.vimeocdn.com *.usefathom.com; media-src *.vimeo.com *.youtube.com *.spotify.com *.vimeocdn.com 'self'; frame-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com vars.hotjar.com *.spotify.com *.vimeo.com player.vimeo.com; font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.onetrust.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com *.onetrust.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms privacyportal-de.onetrust.com *.marketingcloudfx.com  *.leadmanagerfx.com *.decibelinsight.net *.decibel.com *.medallia.com; report-uri /report-csp-violation 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://geowidget.easypack24.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dhl.pl https://geowidget-app.inpost.pl/ https://mapa.ecommerce.poczta-polska.pl secure.payu.com merch-prod.snd.payu.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.cookiebot.eu *.uniformix.pl *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.googleapis.com *.lizardlabs.pl *.trustedshops.com static.payu.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.google.pl *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://mapa.ecommerce.poczta-polska.pl *.cloudfront.net secure.payu.com secure.snd.payu.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com mapa.orlenpaczka.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.cookiebot.eu *.bing.com *.hotjar.com s.pinimg.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.cloudfront.net *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.googleapis.com secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com nominatim.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.cookiebot.eu *.uniformix.pl *.pinterest.com *.bing.com *.edrone.me 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; base-uri 'self'; form-action *; frame-ancestors 'self' 1
object-src  'none'; connect-src 'self' *.evilangel.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.evilangel.com join.gammasecure.com; script-src 'self' *.evilangel.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.evilangel.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-br9zjcq93Ai05TgtcraDwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/maps-tactile 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css siteimproveanalytics.com ; object-src 'none'; img-src *.siteimproveanalytics.io 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-8WuQU+o5wv0rFWzjWPQXgfSu' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://decagon.ai https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
default-src 'self';base-uri 'self';img-src 'self' assets.bounceexchange.com bat.bing.com cdn.media.amplience.net data: edge.curalate.com events.bouncex.net gateway.foresee.com idr.cdnwidget.com network-a.bazaarvoice.com pix.cdnwidget.com seescandies.a.bigcontent.io www.facebook.com www.googletagmanager.com sees-candies-pwa-production.mobify-storefront.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' action.dstillery.com api.bounceexchange.com apps.bazaarvoice.com assets.bounceexchange.com bat.bing.com blob: cas.zma.gs connect.facebook.net credit.klarnacdn.net ct.pinterest.com edge.curalate.com edge.fullstory.com gateway.foresee.com https://cdnjs.cloudflare.com/ajax/libs/crypto-js/ js.klarna.com js.zi-scripts.com ndn.statistinamics.com rs.fullstory.com s.pinimg.com sgtm.sees.com tag.wknd.ai tr2.smarterhq.io www.googletagmanager.com sees-candies-pwa-production.mobify-storefront.com https://runtime.commercecloud.com;style-src 'self' 'unsafe-inline' assets.bounceexchange.com cdn.c1.amplience.net;font-src 'self' data:;media-src 'self' data:;connect-src 'self' ad.doubleclick.net api.bazaarvoice.com bat.bing.com cas.zma.gs ct.pinterest.com edge.curalate.com edge.fullstory.com events.bouncex.net js.zi-scripts.com jsa-sees.domdog.io rs.fullstory.com seescandiesprod.cdn.content.amplience.net sgtm.sees.com ws.zoominfo.com www.google.com https://runtime.commercecloud.com;frame-src 'self' 10375605.fls.doubleclick.net assets.bounceexchange.com ct.pinterest.com sgtm.sees.com www.facebook.com;frame-ancestors 'self' https://runtime.commercecloud.com;worker-src 'self';form-action 'self' www.facebook.com;object-src 'none';manifest-src 'none';report-uri https://csp-sees.domdog.io/report-uri/sees.com/3/1-1 1
connect-src 'self' https://*.analytics.google.com https://*.aptrinsic.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sentry.io https://api.ipgeolocation.io https://api.triptease.io https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://content.hotjar.io https://data.flip.to https://dc.services.visualstudio.com https://fonts.googleapis.com https://google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://mc.yandex.com https://mc.yandex.ru https://messages.guest-experience.triptease.io https://metrics.corinthia.com https://metrics.hotjar.io https://onboard.triptease.io https://p.relay-t.io https://region1.analytics.google.com https://sa.flip.to https://scripts.affilired.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://stats.g.doubleclick.net https://sync.srv.stackadapt.com https://tags.srv.stackadapt.com https://vc.hotjar.io https://wl-suppliers.app.cvent.com https://www.dripuploads.com https://www.facebook.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.menumodo.com https://www.thehotelsnetwork.com wss://ws.hotjar.com; default-src 'self' https://*.adform.net https://*.adnxs.com https://*.sentry.io https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/barlow/ https://fonts.gstatic.com/s/lato/ https://fonts.gstatic.com/s/roboto/ https://static.tacdn.com https://use.typekit.net https://www.menumodo.com; frame-src 'self' https://*.adsrvr.org https://*.fls.doubleclick.net https://*.speedrfp.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://customs.affilired.com https://mc.yandex.com https://mc.yandex.ru https://onboard.triptease.io https://targeted-messages.triptease.io https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.youtube-nocookie.com; img-src 'self' blob: data: *.ggpht.com *.googleapis.com *.linkedin.com https://*.adform.net https://*.adnxs.com https://*.adsrvr.org https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ad.doubleclick.net https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cm.g.doubleclick.net/pixel https://cms.analytics.yahoo.com https://d1cmxvrarpztze.cloudfront.net https://dpm.demdex.net https://googletagmanager.com https://i.ytimg.com https://imgsct.cookiebot.com https://mc.yandex.com https://mc.yandex.ru https://metrics.corinthia.com https://pubads.g.doubleclick.net https://region1.analytics.google.com https://ssl.gstatic.com https://stackadapt.com https://static.tacdn.com https://stats.g.doubleclick.net https://storage.ghadiscovery.com https://sync.srv.stackadapt.com https://tags.srv.stackadapt.com https://tags.w55c.net https://www.facebook.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.gstatic.com https://www.menumodo.com https://www.pages04.net https://www.tripadvisor.co.uk maps.gstatic.com; manifest-src 'self'; media-src 'self'; script-src-elem 'self' 'unsafe-inline' *.licdn.com https://*.adsrvr.org https://*.aptrinsic.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ajax.googleapis.com https://api.getdrip.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.denomatic.com https://cdn.flip.to https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.0.6/ https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.otstatic.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://components.flip.to https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://contentz.mkt941.com https://customs.affilired.com https://d16fk4ms6rqz1v.cloudfront.net https://googleads.g.doubleclick.net https://integration.flip.to https://js.monitor.azure.com https://js.sentry-cdn.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/* https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://mc.yandex.com https://mc.yandex.ru https://navigator.ink-global.com https://onboard.triptease.io https://p.relay-t.io https://script.crazyegg.com https://script.hotjar.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://static.hotjar.com https://static.tacdn.com https://static.x-channel.triptease.io https://tag.getdrip.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://tags.srv.stackadapt.com/events.js https://targeted-messages.triptease.io https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.jscache.com https://www.menumodo.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.tripadvisor.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsrvr.org https://*.aptrinsic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.sojern.com https://*.speedrfp.com https://*.youtube.com https://ajax.googleapis.com https://api.getdrip.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.denomatic.com https://cdn.flip.to https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.0.6/ https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.otstatic.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://components.flip.to https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://contentz.mkt941.com https://customs.affilired.com https://d16fk4ms6rqz1v.cloudfront.net https://googleads.g.doubleclick.net https://googletagmanager.com https://integration.flip.to https://js.monitor.azure.com https://js.sentry-cdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://mc.yandex.com https://mc.yandex.ru https://navigator.ink-global.com https://onboard.triptease.io https://p.relay-t.io https://script.crazyegg.com https://script.hotjar.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.s3.eu-west-1.amazonaws.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://static.hotjar.com https://static.tacdn.com https://tag.getdrip.com https://tag.yieldoptimizer.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://targeted-messages.triptease.io https://wl-suppliers.app.cvent.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.jscache.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.tripadvisor.co.uk https://www.tripadvisor.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://p.typekit.net https://tags.srv.stackadapt.com/sa.css https://use.typekit.net https://www.menumodo.com; style-src 'self' 'unsafe-inline' data: https://*.aptrinsic.com https://*.googletagmanager.com https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://fonts.googleapis.com https://googletagmanager.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://p.typekit.net https://static.tacdn.com https://tagmanager.google.com https://use.typekit.net https://www.menumodo.com; script-src-attr https://www.menumodo.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.uxuy.one *.uxuy.com *.uxuy.me www.googletagmanager.com; worker-src blob: 'self' *.vercel.app *.uxuy.one *.uxuy.com; object-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9ZbKTzVL1-KehfpRmzvulQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://webalytix.th-nuernberg.de https://static.b-ite.com https://cs-assets.b-ite.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' https://webalytix.th-nuernberg.de data:; base-uri 'none'; frame-src https://webalytix.th-nuernberg.de https://virtuohm.ohmportal.de; connect-src 'self' https://webalytix.th-nuernberg.de https://jobs.b-ite.com; style-src 'self' 'unsafe-inline' data: 'report-sample'; object-src 'none'; font-src 'self' data:; report-uri https://www.th-nuernberg.de/@http-reporting?csp=report&requestTime=1773713969257256&requestHash=962deb479c072948bb18d10391f038726b5f20c0 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: https://www.surviocdn.com/ *.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.despegar.com *.koin.com.br *.googletagmanager.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.globalgetnet.com *.magerocket.com https://accounts.google.com *.despegar.com *.koin.com.br *.googletagmanager.com *.gocuotas.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com https://www.survio.com/ *.doubleclick.net *.pinterest.com *.getblue.io *.groovinads.com *.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.globalgetnet.com *.magerocket.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com *.gocuotas.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com *.google.com.ar *.doubleclick.net *.mercadolivre.com www.mailing.somosrex.com *.clarity.ms *.groovinads.com *.bing.com *.online-metrix.net img.survicate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.braindw.com https://live.decidir.com *.globalgetnet.com *.magerocket.com *.despegar.com *.koin.com.br *.googletagmanager.com *.gocuotas.com *.mlstatic.com https://www.google.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.convertexperiments.com *.wcx.cloud *.pinimg.com *.survicate.com *.clarity.ms *.mathtag.com *.tiktok.com *.getblue.io *.groovinads.com *.wcentrix.com *.cloudfront.net *.pinterest.com *.icommarketing.com *.decidir.com *.mercadopago.com *.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co https://accounts.google.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.braindw.com https://developers.decidir.com/ *.globalgetnet.com *.iesnare.com wss://mpsnare.iesnare.com *.magerocket.com https://accounts.google.com *.despegar.com *.googletagmanager.com *.gocuotas.com *.mercadopago.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.doubleclick.net notifications-icommkt.com track-icommkt.com *.clarity.ms *.pinterest.com *.tiktok.com *.convertexperiments.com *.decidir.com *.online-metrix.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.globalgetnet.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-Qt1Po44CXnPRacdGKftXaQ==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=d4817bb0-a83e-442d-8ceb-c1ba5251b658; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.conservadoresdigitales.cl www.google-analytics.com www.googletagmanager.com; script-src 'self' www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com ajax.googleapis.com analytics.google.com; style-src 'self' inline fonts.googleapis.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-tSlLQfTdPmvuLrH6iX7XxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' csp-id-produzione-v20; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.iubenda.com https://creditoemiliano.germany-2.evergage.com; img-src * data: blob:; script-src-elem 'self' 'unsafe-inline' blob: https://sslwidget.criteo.com https://ajax.googleapis.com https://www.googletagmanager.com https://maps.googleapis.com https://assets.adobedtm.com https://*.iubenda.com https://connect.facebook.net https://*.criteo.com https://cdn.evgnet.com https://secure.quantserve.com https://www.dwin1.com https://*.quantcount.com https://*.teads.tv https://tags.creativecdn.com https://apis.google.com https://platform.twitter.com https://maxcdn.bootstrapcdn.com  https://*.adform.net https://*.iubenda.com https://connect.facebook.net https://creditoemiliano.germany-2.evergage.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://credem.demdex.net https://cdn.iubenda.com https://apps.mypurecloud.de https://assets.adobedtm.com https://www.googletagmanager.com https://cdn.evgnet.com https://cs.iubenda.com https://www.dwin1.com https://tags.creativecdn.com https://dynamic.criteo.com https://p.teads.tv https://connect.facebook.net https://secure.quantserve.com https://rules.quantcount.com https://apis.google.com https://platform.twitter.com https://sslwidget.criteo.com https://*.adform.net https://maxcdn.bootstrapcdn.com; frame-src 'self' https://cdn.iubenda.com https://apps.mypurecloud.de https://*.fls.doubleclick.net https://gum.criteo.com https://credem.demdex.net https://accounts.google.com https://platform.twitter.com https://*.youtube.com https://static.criteo.net  https://*.adform.net https://documentcloud.adobe.com; connect-src 'self' https://idb.iubenda.com wss://aichatbot.youandemili.com https://aichatbot.youandemili.com https://credem.tt.omtrdc.net https://maps.googleapis.com https://api-cdn.mypurecloud.de https://creditoemiliano.germany-2.evergage.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://ad.doubleclick.net https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.teads.tv https://ams.creativecdn.com https://pixel.quantserve.com https://dpm.demdex.net https://www.google.com https://www.google.it https://www.google.de https://www.google.fr https://www.google.es https://www.google.co.uk https://www.google.ca https://www.google.pl https://www.google.be https://www.google.ch https://www.google.at https://www.google.nl https://www.google.pt https://www.google.se https://www.google.com.br https://www.google.com.mx https://www.google.co.jp https://www.google.com.au https://www.google.co.in https://www.google.co.kr https://www.google.com.sg https://www.google.gr https://www.google.ro https://www.google.dk https://www.google.no https://www.googleadservices.com https://cpl.iubenda.com https://www.googletagmanager.com https://sslwidget.criteo.com https://www.facebook.com https://pixel.quantcount.com  https://viewlicense.adobe.io https://translate.googleapis.com; font-src 'self' data: ms-browser-extension: chrome-extension: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=26980&v=v1.0&payload=OQqrUogt9k7lwV4dxklwb3ac73asuZ5HWxxXQytKO-nsZwVPi7K_pOJ3ScMEpUDjyj0Cv22sbP1nvHqr4GMar8tWSn6WarymHOZ0naip2ZkcwvLgxw_joKyf9EZz4RCrRtTWUeY4yhBprzS9nvySdWbK5ZWXs3PVuhtJyKamQBpTRF1mWZDy_ttLO6TrpsrXbrq5zQld2p4Qy9ZKXW3V5A==; 1
object-src 'none';base-uri 'self';script-src 'nonce-19GP5fLmaWrIAlfP_68jzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: https://*.stripe.com; object-src 'none'; script-src 'self' https: https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://maps.googleapis.com 'nonce-TgjyHm4k5aZ4AhnmTCoYjg=='; style-src 'self' https: 'nonce-TgjyHm4k5aZ4AhnmTCoYjg=='; style-src-attr 'unsafe-inline'; frame-src 'self' https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://maps.googleapis.com; report-uri /systems/csp_report 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://ws.sharethis.com https://www.google.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://32b97dac-2dc9-426f-bbe7-fbeb1b35a245.sansec.watch/; report-to report-endpoint; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.bg *.betano.bg betano.com *.betano.com betgenius.com *.betgenius.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org facebook.net *.facebook.net fullstory.com *.fullstory.com gmlinteractive.com *.gmlinteractive.com creativecdn.com *.creativecdn.com googletagmanager.com *.googletagmanager.com kaizengaming.com *.kaizengaming.com kameleoon.eu *.kameleoon.eu optimove.net *.optimove.net sportradar.com *.sportradar.com stoiximan.com.cy *.stoiximan.com.cy cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=9o_kzGM9F.kgbVbuqLTZVX6mQakUxRrzLbJSFrI6Qro-1773712128-1.0.1.1-RTyBDVAe3pkC6iN5rHL3l2KXYr2aR0Ps3AzasCDps1dFlzbcLBtFRmvmVhwtDP1JTcr91sPbwVzz2_5K5vJkp4VVZzOOXaEeTELWgprU7dxvONjXxCtGrzRB7WYsf2PwJMjTLuzJq9P3YYFIvsGodZc7i6GG5FKkV3HczZ56HgrnZeWXrHnYivpr0pkDb5jLqWWAt_Kc9kiy9NO.YJe37A; report-to cf-ybmybsrngnkaldtz 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com/ui/ https://src.mastercard.com/srci/integration/components/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/css/intlTelInput.css; script-src 'self' 'unsafe-eval' 'nonce-3d205f15cdd202a83ae2ca7e4e51025d' https://js.stripe.com/ https://g.stripe.com/ https://hosted.paysafe.com/request/ https://ajax.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://static.cloudflareinsights.com https://cdn.webrtc-experiment.com/DetectRTC.min.js https://code.jquery.com/ui/ https://maps.googleapis.com/maps/api/ https://challenges.cloudflare.com/turnstile/v0/api.js https://www.google.com/recaptcha/api.js https://www.datadoghq-browser-agent.com/datadog-logs-us.js https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js http://stats.pusher.com/timeline/v2/jsonp/ https://cdn.onesignal.com/ https://onesignal.com/api/v1/sync/ https://hpoint-cr-binaries-prod.s3.amazonaws.com/cloud/sdk/wrappers/js/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/js/intlTelInputWithUtils.min.js https://src.mastercard.com/ https://secure.checkout.visa.com/checkout-widget/resources/js/ https://qwww.aexp-static.com/akamai/remotecommerce/scripts/ https://webapp.src.discover.com/websdk/ https://content.discovercard.com/ https://js.verygoodvault.com/vgs-collect/ https://js3.verygoodvault.com/vgs-collect/ https://www.datadoghq-browser-agent.com/datadog-logs-v4.js; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://img.gotab.io/ https://static.gotab.io/ https://s3.amazonaws.com/gotabpublic/ https://s3.amazonaws.com/gotabpublic/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://i.vimeocdn.com/video/ https://src.mastercard.com/srci/integration/ https://content.discovercard.com/ https://cdn.jsdelivr.net/npm/intl-tel-input@25.3.1/build/img/ https://*.untappd.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/images/ https://checkoutshopper-live-us.adyen.com/ https://*.googleapis.com https://gotabpublic.s3.amazonaws.com/; media-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://gotabpublic.s3.amazonaws.com/; frame-src 'self' https://js.stripe.com/ https://metabase.gotab.io/ https://report.gotab.io/ https://www.google.com/ https://js.verygoodvault.com/vgs-collect/ https://content.discovercard.com/ https://src.mastercard.com/ https://srcdcf.americanexpress.com/ https://secure.checkout.visa.com/checkout-widget/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-live-us.adyen.com/ https://challenges.cloudflare.com/ https://chat.gotab.io/ https://loveychat.gotab.io/ https://app.opsi.io/; connect-src 'self' https://*.gotab.io/ wss://stats.gotab.io/ https://s3.amazonaws.com/gotabpublic/ https://s3.amazonaws.com/gotabpublic/ https://hosted.paysafe.com/request/api/ https://api.paysafe.com/request/api/ https://api.paysafe.com/request/api/v1/ https://checkoutshopper-live.adyen.com/checkoutshopper/ https://checkoutshopper-live-us.adyen.com/ https://*.logs.datadoghq.com/ https://*.browser-intake-datadoghq.com/ *.verygoodvault.com *.verygoodproxy.com https://maps.googleapis.com/maps/api/ https://cloud.handpoint.io/ https://cloud.handpoint.com/ ws://ws-mt1.pusher.com/app/ https://vimeo.com/api/ https://vgs-collect-keeper.apps.verygood.systems/vgs https://*.mastercard.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ https://*.visa.com/ https://*.staticv.me/ https://*.discover.com/ https://*.discovercard.com/ https://content.discovercard.com/ https://src.apis.discover.com/sdk/ https://www.google.com/maps/conversion/collect https://*.googleapis.com https://www.google.com/recaptcha/; worker-src 'self' blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4721f170b2076f8c4dce4d125ff9509d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=version%3A310%2Cservice%3Agotabnode%2Cenv%3Aproduction; report-to csp-report 1
default-src 'self'; script-src 'self' 'nonce-Thcvrf5N3dUdlAYjsaqFRQ==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.fi https://www.myheritage.fi  'unsafe-eval' 'nonce-286d63a52cc22427180b6b816feca2a3' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.fi;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-Y2yW1cmLoItdglGFCECA0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 1
default-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; connect-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com *.oktacdn.com *.mixpanel.com *.mapbox.com jhnet.kerberos.okta.com jhnet.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' jhnet.okta.com sso.jhnet.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' jhnet.okta.com sso.jhnet.com *.oktacdn.com; frame-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' jhnet.okta.com sso.jhnet.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://download.digiaccess.org https://download.digiaccess.org/digiaccess/tool https://*.digiaccess.org https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com; worker-src 'self' blob:; img-src 'self' https://download.digiaccess.org https://translate.google.com https://www.gstatic.com https://www.google.com https://fonts.gstatic.com https://translate.googleapis.com https://translate.googleapis.com/images https://*.digiaccess.org *.translate.googleapis.com data:; connect-src 'self' https://translate-pa.googleapis.com https://digiaccess.org https://download.digiaccess.org https://api.digiaccess.org https://api.digiaccess.org/subscriptions/active https://translate.googleapis.com; font-src 'self' https://api.digiaccess.org https://download.digiaccess.org; media-src 'self' *.4982.cdn.video.taxi; frame-src 'self' https://www.youtube-nocookie.com https://stadtatlas.darmstadt.de *.stadtatlas.darmstadt.de https://media.video.taxi *.media.video.taxi; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://www.gstatic.com https://download.digiaccess.org https://translate.google.com 'unsafe-inline' 'report-sample'; base-uri 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://api.systempay.fr/static/ *.fontawesome.com https://cdnjs.cloudflare.com *.googleusercontent.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ https://www.googletagmanager.com/ *.hs-sites.com *.hsforms.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org *.axept.io *.google.com *.googletagmanager.com *.googleusercontent.com *.hsforms.com *.hubspot.com *.imgix.net *.openstreetmap.org *.hsforms.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com *.axept.io *.facebook.net *.googletagmanager.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.net *.hubspot.com *.bing.com *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.systempay.fr/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googletagmanager.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://maps.googleapis.com https://nominatim.openstreetmap.org *.axept.io *.axeptio.tech *.google-analytics.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.hsforms.com *.hscollectedforms.net *.hubspot.com t.elasticsuite.io *.hsforms.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://76c33e6e-b3ed-47af-8820-21ea80415831.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.ccavenue.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.youtube-nocookie.com services.sheerid.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.authorize.net *.ccavenue.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com *.visualwebsiteoptimizer.com *.hsforms.com *.gstatic.com shareasale.com *.google.com.ua bat.bing.com *.facebook.com *.fs1.hubspotusercontent-na1.net track.hubspot.com t.co analytics.twitter.com/ bat.bing.net *.google.de services.sheerid.com *.cloudfront.net edge.marker.io store.paradoxlabs.com *.ccavenue.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com maps.googleapis.com *.visualwebsiteoptimizer.com *.hsforms.net *.dwin1.com *.amplitude.com js.hs-scripts.com bat.bing.com static.ads-twitter.com *.hotjar.com cdn.jsdelivr.net cdn.jst.ai tags.srv.stackadapt.com js.hubspot.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hubspotfeedback.com js.hsleadflows.net js.hs-analytics.net my.jst.ai *.clarity.ms aly.jst.ai smct.co edge.marker.io services.sheerid.com *.forethought.ai static-tracking.klaviyo.com api.marker.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.authorize.net *.ccavenue.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tags.srv.stackadapt.com services.sheerid.com *.klaviyo.com *.stripe.network *.stripecdn.com *.amazon.com https://static.klaviyo.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com v.ftcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com https://maps.googleapis.com https://player.vimeo.com forms.hsforms.com *.googleapis.com *.amplitude.com *.visualwebsiteoptimizer.com bat.bing.net bat.bing.com cta-service-cms2.hubspot.com api.hubapi.com *.hotjar.com *.hotjar.io forms.hscollectedforms.net *.clarity.ms tags.srv.stackadapt.com forms.hubspot.com smct.co aly.jst.ai wss://ws.hotjar.com/api/v2/client/ws api.marker.io ipapi.co static-tracking.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.authorize.net *.ccavenue.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.meetanshi.com meetanshi.com js.mollie.com *.trustpilot.com *.googletagmanager.com *.doubleclick.net 'self' data: cmp.osano.com td.doubleclick.net *.criteo.com www.googletagmanager.com static.criteo.net 23345742.hs-sites.com 'unsafe-inline' data: securemyrx.com creatives.attn.tv api.quizell.com app.quizell.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com https://redchamps.com *.klevu.com *.ksearchnet.com https://img.youtube.com *.meetanshi.com meetanshi.com https://www.mollie.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com www.google.co.in *.hubspot.com perf-na1.hsforms.com forms.hsforms.com www.facebook.com sync.1rx.io rtb-csync.smartadserver.com x.bidswitch.net cm.g.doubleclick.net ib.adnxs.com tg.socdm.com r.casalemedia.com cs.adingo.jp ads.stickyadstv.com ad.360yield.com idsync.rlcdn.com public-prod-dspcookiematching.dmxleo.com contextual.media.net *.criteo.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com sync-t1.taboola.com criteo-sync.teads.tv ade.clmbtech.com eb2.3lift.com dis.criteo.com aa.agkn.com cm.adgrx.com sync.targeting.unrulymedia.com sca1.listrakbi.com seal-utah.bbb.org s1.listrakbi.com *.pubmatic.com sync.ipredictive.com pixel-sync.sitescout.com sync.crwdcntrl.net pixel.tapad.com jelly.mdhv.io 1f2e7.v.fwmrm.net match.prod.bidr.io pr-bh.ybp.yahoo.com match.adsrvr.org pm.w55c.net et.resellerratings.com api.purechat.com *.purechat.com recs.listrakbi.com static.hsappstatic.net partner.mediawallahscript.com ap.lijit.com *.liadm.com exchange.mediavine.com jadserve.postrelease.com trends.revcontent.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.io px.ads.linkedin.com d.turn.com secure.adnxs.com i.liadm.com idsync.reson8.com match.deepintent.com ad.tpmn.co.kr thrtle.com *.analytics.yahoo.com obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com sync.mathtag.com *.tribalfusion.com events.attentivemobile.com live.rezync.com pippio.com data.adsrvr.org ce.lijit.com c1.adform.com um.simpli.fi mid.rkdms.com b1sync.outbrain.com b1sync.zemanta.com sync.srv.stackadapt.com ws.rqtrk.eu https://lantern.roeye.com https://*.listrakbi.com https://*.listrak.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com https://cdn.jsdelivr.net cdn.jsdelivr.net js.klevu.com *.ksearchnet.com *.meetanshi.com meetanshi.com js.mollie.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'unsafe-inline' data: js-agent.newrelic.com z.moatads.com cdn.listrakbi.com z.moatads.co bat.bing.com www.dwin1.com acsbapp.co cmp.osano.com app.purechat.com js.hs-scripts.com js.usemessages.com js.hs-banner.com js.hscollectedforms.net js.hubspot.com js.hs-analytics.net ajax.googleapis.com *.listrakbi.com https://rat3.listrakbi.com services.listrak.com prod.purechatcdn.com acsbapp.com 23345742.hs-sites.com www.resellerratings.com *.lunio.ai *.criteo.com player.vimeo.com cdn.noibu.com catpq.vitalitymedical.com static.cloudflareinsights.com conversionteam.s3.amazonaws.com api.quizell.com https://lantern.roeyecdn.com https://js.klevu.com/core/v2/klevu.js https://cdn.callrail.com/companies/694783136/19fe0fad69757295966b/12/swap.js https://cdn.id5-sync.com/api/1.0/id5-api.js https://*.listrakbi.com https://*.listrak.com https://js.klevu.com https://cdn.ksearchnet.com https://*.ksearchnet.com https://*.klevu.com https://prod.purechatcdn.com/assets/modern_initializer.13851.js https://cdn.attn.tv/vitalitymedical/dtag.js https://cdn.attn.tv/growth-tag-assets/client-configs/T33.js https://cdn.attn.tv/tag/4-latest/unified-tag.js https://acsbapp.com/apps/app/dist/js/app.js https://prod.purechatcdn.com/assets/modern_app.13851.js https://api.purechat.com https://*.purechat.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://cdn.jsdelivr.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com cdn.listrakbi.com api.quizell.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.meetanshi.com meetanshi.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' data: bam.nr-data.net cdn.acsbapp.com cmp.osano.com *.purechat.com api.hubspot.com cta-service-cms2.hubspot.com forms.hscollectedforms.net recs.listrakbi.com measurement-api.criteo.com tattle.api.osano.com stats.g.doubleclick.net consent.api.osano.com invitejs.trustpilot.com widget.trustpilot.com static.hsappstatic.net www.resellerratings.com conversions.lunio.ai *.noibu.com catpq.vitalitymedical.com cloudflareinsights.com wss://input.noibu.com/ api.quizell.com bat.bing.com id5-sync.com t.lt02.net https://*.listrakbi.com https://*.listrak.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.stripe.com data: *.alicdn.com *.clientgear.com *.pinterest.com *.doubleclick.net *.stripe.com *.googletagmanager.com *.bing.com *.pinimg.com *.taboola.com *.criteo.com *.criteo.net *.facebook.com omnisnippet1.com *.facebook.net *.soundestlink.com *.zdassets.com *.google-analytics.com *.pubmatic.com *.revcontent.com *.sharethrough.com *.smaato.net *.tremorhub.com *.clmbtech.com *.tpmn.co.kr *.vieldmo.com *.emxdgt.com *.bidswitch.net *.adnxs.com *.mediawallahscript.com contextual.media.net *.rubiconproject.com *.samrtadserver.com *.teads.tv *.31ift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.liadm.com *.tpmn.io *.mediavine.com *.postrelease.com *.outbrain.com *.tapad.com *.tapad.com *.yieldmo.com *.smartadserver.com *.demdex.net 'unsafe-eval' *.sentry.io *.imgdb.cn *.superbed.cn *.3lift.com *.rezync.com *.rfihub.com *.bluekai.com *.pippio.com *.turn.com *.zendesk.com *.google.com *.klaviyo.com *.googleadservices.com *.socdm.com *.adtdp.com *.dable.io *.adingo.jp *.rlcdn.com *.krxd.net *.yahoo.net *.recaptcha.net *.gstatic.com *.fridayparts.com *.tiktok.com *.paypal.com *.mczbf.com *.googleusercontent.com *.paypalobjects.com *.twitter.com *.ads-twitter.com *.omnisendlink.com *.impactcdn.com *.dotomi.com *.emjcd.com *.clarity.ms *.agkn.com *.adgrx.com *.aralego.com *.aralego.net *.targeting.unrulymedia.com *.1rx.io fridayparts.sjv.io *.jeeda.net *.bxtag.com *.youtube.com dev.visualwebsiteoptimizer.com 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net cdn.livechatinc.com mediacdn.espssl.com viewer.byondxr.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com https://*.ordergroove.com *.weltpixel.com app-wallee.com www.jsctool.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER https://optmize.google.com nytrng.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com app-wallee.com *.gstatic.com d.ratepay.com viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com https://mcstaging.russellstover.com https://mcstaging.lindtusa.com https://mcstaging.ghirardelli.com https://mcprod.lindtusa.com *.googleadservices.com *.yieldify.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-static.com *.bazaarvoice.com https://shopper.shop.pe i.liadm.com v2assets.zopim.io *.cloudfunctions.net partner.mediawallahscript.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.livechatinc.com *.serverdata.net *.tiktok.com *.ordergroove.com app-wallee.com https://www.googletagmanager.com tagmanager.google.com d.ratepay.com www.jsctool.com byondxr-viewer.byondxr.com web-apps.byondxr.com *.listrakbi.com *.listrak.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com *.mczbf.com https://api.unifaun.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://www.youtube.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.noibu.com/collect.js https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER *.yieldify.com *.fraud0.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://cdn.attn.tv https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js shop.pe *.shop.pe d3rr3d0n31t48m.cloudfront.net addshoppers.s3.amazonaws.com .traversedlp.com .voltn.com *.addshoppers.com static.traversedlp.com static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com tagmanager.google.com d.ratepay.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.trustpilot.com geowidget.inpost.pl widget.packeta.com https://cloud.typography.com https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com https://cdn.cookiepro.com/scripttemplates/*/assets 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io * *.adyen.com *.sharethis.com *.googleapis.com *.attn.tv events.attentivemobile.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com *.ordergroove.com https://www.google-analytics.com d.ratepay.com www.jsctool.com *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js *.fraud0.com *.lindtusa.com *.yieldify.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://lindt-us.attn.tv https://events.attentivemobile.com lindt.attn.tv cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://bat.bing.com shop.pe *.shop.pe  ekr.zdassets.com lindtusa.zendesk.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://viewer.byondxr.com https://web-apps.byondxr.com https://app.byondxr.com https://byondxr-viewer.byondxr.com https://app.byondvr.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' bam.nr-data.net sentry.io *.freshworksapi.com wss://*.freshworksapi.com www.google-analytics.com heapanalytics.com www.in-freshbots.ai *.pusher.com; font-src 'self' d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com heapanalytics.com; frame-src 'self' *.webpush.freshchat.com *.freshreports.com wchat.freshchat.com *.freshid.io *.freshworks360.io *.chargebee.com *.myfreshworks.dev *.freshworksweb.com freshdesk.com *.freshworks.com *.int.myfreshworks.dev; img-src https: data: blob: heapanalytics.com; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' accounts.freshworks.com bam.nr-data.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net js-agent.newrelic.com polyfill.io wchat.freshchat.com sentry.io js.chargebee.com www.google-analytics.com *.freshworksapi.com heapanalytics.com *.heapanalytics.com fonts.googleapis.com cdn.in-freshbots.ai stats.pusher.com cdn.inlinemanual.com fe-perf-assets.freshworks.com 'unsafe-inline'; style-src 'report-sample' 'self' 'unsafe-inline' accounts.freshworks.com d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net wchat.freshchat.com fonts.googleapis.com cdn.in-freshbots.ai heapanalytics.com; worker-src 'self'; report-uri https://vfm4r1o44m.execute-api.us-east-1.amazonaws.com/default/FreshreleaseCSPReport 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=437&v=v1.0&payload=rJeyhteK1R4ehvX19W96lNbaCGhFOwYEfK03vVIAbGSAqTMkAdvym88TbB6ZcVIk3BKtzXIrOm_KBfeoBaCjF8YqDlKIuzSUOtpoJ0j-vwgaz2GC5J_Hd6J5m4TCWNBCDtzJ-mEZElxNIwidCZc8K7p5SMBywhEOnd97s7u7IN-Uig0tLrh6t7wTYI4MsYe4qFnPUm2LtnKteE8uN2KfoA==; 1
default-src https: wss: blob:; connect-src https: wss: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data: blob:; object-src https: data:; media-src https: data: blob:; frame-ancestors 'none'; report-uri /security/csp_violations 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com cloud.taggbox.com stackpath.bootstrapcdn.com cdn.userway.org cloud.tagshop.ai cdn.tagshop.ai 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com accounts.accessibe.com mossberg.app.box.com *.taggbox.com platform.twitter.com td.doubleclick.net cdn.userway.org *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.googleapis.com *.gstatic.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com web1.acsbapp.com maps.gstatic.com *.ggpht.com resources.mossberg.com cdn.taggbox.com cdn.userway.org api.delivrabl.net aorta.clickagy.com cloud.tagshop.ai idsync.rlcdn.com c.clarity.ms c.bing.com aa.agkn.com d.agkn.com us-u.openx.net cm.g.doubleclick.net *.liadm.com track.hubspot.com forms.hsforms.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io *.shopify.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com acsbapp.com *.acsbapp.com cdn.userway.org cdn.userconsent.org maps.googleapis.com api.pinterest.com *.taggbox.com web.taggshop.io kit.fontawesome.com widget.tagshop.ai cloud.tagshop.ai platform.twitter.com tags.clickagy.com www.clarity.ms static.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.authorize.net *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com web.taggshop.io cloud.taggbox.com cdn.userway.org widget.tagshop.ai cloud.tagshop.ai cdn.tagshop.ai *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.tagshop.ai 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net cdn.acsbapp.com api.userway.org cdn.userway.org *.userway.org maps.googleapis.com graph.facebook.com api.taggbox.com resources.mossberg.com *.doubleclick.net api.ipdata.co web.taggshop.io widget.tagshop.ai aorta.clickagy.com hemsync.clickagy.com i.clarity.ms forms.hubspot.com *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mossberg.com; report-to report-endpoint; 1
script-src 'nonce-Vb5aM61AmLM0u0J6_mdMhQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://46455082-197a-43b3-bc26-d7a9c62189af.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.shoppingsheet.com https://connect.facebook.net https://bbox.blackbaudhosting.com https://www.youvisit.com https://*.google.com https://*.uwplatt.edu https://googleads.g.doubleclick.net https://8ab0a26cb0027939bcf5-49c99c3c0c9c98b3365b710757036e1b.ssl.cf5.rackcdn.com https://cdn.jsdelivr.net https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://fw.cdn.technolutions.net https://googleads.g.doubleclick.net https://libraryh3lp.com https://mx.technolutions.net https://partner.googleadservices.com https://s.yimg.com https://script.hotjar.com https://siteimproveanalytics.com https://slate-technolutions-net.cdn.technolutions.net https://slate-uwplatt-edu.cdn.technolutions.net https://slate.uwplatt.edu https://static.hotjar.com https://*.olark.com https://unpkg.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.youtube.com https://youtube.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.shoppingsheet.com https://connect.facebook.net https://bbox.blackbaudhosting.com https://www.youvisit.com https://*.google.com https://*.uwplatt.edu https://googleads.g.doubleclick.net https://8ab0a26cb0027939bcf5-49c99c3c0c9c98b3365b710757036e1b.ssl.cf5.rackcdn.com https://cdn.jsdelivr.net https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://fw.cdn.technolutions.net https://googleads.g.doubleclick.net https://libraryh3lp.com https://mx.technolutions.net https://partner.googleadservices.com https://s.yimg.com https://script.hotjar.com https://siteimproveanalytics.com https://slate-technolutions-net.cdn.technolutions.net https://slate-uwplatt-edu.cdn.technolutions.net https://slate.uwplatt.edu https://static.hotjar.com https://*.olark.com https://unpkg.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https://www.shoppingsheet.com https://www.google.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://static.olark.com https://static.hotjar.com https://script.hotjar.com; style-src-elem 'self' 'unsafe-inline' https://www.shoppingsheet.com https://slate-technolutions-net.cdn.technolutions.net https://static.olark.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.google.com https://*.uwplatt.edu https://ep2.adtrafficquality.google https://slate-uwplatt-edu.cdn.technolutions.net https://fw.cdn.technolutions.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://syndicatedsearch.goog https://www.google-analytics.com https://cdn-graphql.youvisit.com https://region1.analytics.google.com https://knrpc.olark.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://libraryh3lp.com https://6349506.global.r2.siteimproveanalytics.io https://analytics.google.com https://content.hotjar.io https://mx.technolutions.net https://s.yimg.com https://*.uwplatt.edu https://www.google.com https://www.googletagmanager.com https://slate-uwplatt-edu.cdn.technolutions.net https://ep1.adtrafficquality.google https://*.hotjar.com https://*.hotjar.io https://ws.hotjar.com wss://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://static.olark.com https://script.hotjar.com; frame-src 'self' https://signup.e2ma.net https://ww2.matchinggifts.com https://www.youvisit.com https://www.shoppingsheet.com https://app.e2ma.net https://cdn.yoshki.com https://cdn.youvisit.com https://www.youtube-nocookie.com https://static.olark.com https://libraryh3lp.com https://e.issuu.com https://www.googletagmanager.com https://ep2.adtrafficquality.google https://syndicatedsearch.goog https://www.youtube.com https://*.uwplatt.edu; img-src 'self' data: https://*.gstatic.com https://se-images.campuslabs.com https://www.googleadservices.com https://trck.youvisit.com https://googleads.g.doubleclick.net/ https://se-images.campuslabs.com https://id.ocelotbot.com https://image.isu.pub https://6349506.global.r2.siteimproveanalytics.io https://*.uwplatt.edu https://sp.analytics.yahoo.com https://trkn.us https://*.google.com https://log.olark.com https://www.googletagmanager.com https://syndicatedsearch.goog https://ep1.adtrafficquality.google https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; manifest-src 'self'; media-src 'self' https://static.olark.com; worker-src 'none'; frame-ancestors 'self' https://*.uwplatt.edu https://uwplatt.sharepoint.com; report-uri https://sentry.uwplatt.edu/api/5/security/?sentry_key=92e79271e0a535df88c88de202623cf3&sentry_environment=csp_reporting; report-to csp-endpoint; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri; report-uri https://cybersmart.report-uri.com/r/d/csp/wizard 1
child-src 'self' https://*.qualified.com; default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://*.qualified.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com wss://*.qualified.com https://*.qualified.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' mediastream: https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net https://*.qualified.com; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://*.qualified.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-J6C6d2G0yzfRJ5Fp9IXq/g=='; style-src 'self' https://square-fonts-production-f.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com 'unsafe-inline' https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com https://cdn.segment.com https://connect.facebook.net https://container.pepperjam.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://js.stripe.com https://maps.googleapis.com https://player.vimeo.com https://static.zdassets.com https://websdk.appsflyer.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.upsellit.com https://app.upsellit.com https://cdn.gbqofs.com/bluebottle/u/detector-dom.min.js https://cdn.optimizely.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://1wjcus8nhr-1.algolianet.com https://1wjcus8nhr-2.algolianet.com https://1wjcus8nhr-3.algolianet.com https://1wjcus8nhr-dsn.algolia.net https://www.googletagmanager.com https://adservice.google.com https://analytics.google.com https://api.honeybadger.io https://api.segment.io https://app.brightback.com https://banner.appsflyer.com https://bat.bing.com https://blue-bottle-coffee.assembly-api.com https://bluebottlecoffeesupport.zendesk.com https://cdn.segment.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://creatives-cdn.appsflyer.com https://dev.visualwebsiteoptimizer.com https://ekr.zdassets.com https://maps.googleapis.com https://pixel.quantcount.com https://region1.analytics.google.com https://region1.google-analytics.com https://report.nestle.gbqofs.io https://res.cloudinary.com https://stats.g.doubleclick.net https://umry56azoa.execute-api.us-east-1.amazonaws.com https://vimeo.com https://www.facebook.com https://adservice.google.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://logx.optimizely.com; font-src 'self' data: https://cdn.appsflyer.com https://res.cloudinary.com https://static.rakuten.com https://storage.googleapis.com; frame-src 'self' https://8721801.fls.doubleclick.net https://cdn.pbbl.co https://js.stripe.com https://player.vimeo.com https://t.pepperjamnetwork.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://a12600010354.cdn.optimizely.com/; img-src 'self' data: http://res.cloudinary.com https://ad.doubleclick.net https://bat.bing.com https://blue-bottle-cms.global.ssl.fastly.net https://chord-oms-production-public-web-assets.s3.amazonaws.com/bluebottlecoffee/ https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://res.cloudinary.com https://www.facebook.com https://www.google-analytics.com https://adservice.google.com https://www.googleadservices.com https://www.google.ae https://www.google.ca https://www.google.com.co https://www.google.com.mx https://www.google.com.in https://www.google.com.ng https://www.google.sr https://www.google.com.ph https://www.google.com.sa https://www.google.de https://www.google.cn https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.hk https://www.google.com.vn https://www.google.fr https://www.google.it https://www.google.nl https://www.google.no https://www.google.co.kr https://www.google.com.tw https://www.google.co.uk https://www.google.co.jp https://www.google.com.pa https://www.google.bg https://translate.google.com https://www.google.com.gt https://www.googletagmanager.com https://www.upsellit.com; manifest-src 'self'; media-src 'self' https://res.cloudinary.com; worker-src blob:; frame-ancestors https://studio.bluebottlecoffee.dev; report-uri https://6998a7fb68a97a37f8789b5c.endpoint.csper.io?v=0; 1
default-src 'self'; script-src 'self' 'unsafe-inline'   https://*.googlesyndication.com   https://*.doubleclick.net   https://googleads.g.doubleclick.net   https://pagead2.googlesyndication.com   https://tpc.googlesyndication.com   https://www.googletagmanager.com   https://www.google-analytics.com   https://*.google.com   https://adservice.google.com https://adservice.google.co.uk   https://challenges.cloudflare.com   https://www.gstatic.com https://www.recaptcha.net   https://static.cloudflareinsights.com   https://*.adtrafficquality.google; connect-src 'self' https:; img-src 'self' data: blob: https:; frame-src 'self'   https://*.doubleclick.net https://*.googlesyndication.com   https://googleads.g.doubleclick.net https://tpc.googlesyndication.com   https://fundingchoicesmessages.google.com   https://*.google.com https://www.gstatic.com https://www.recaptcha.net   https://challenges.cloudflare.com   https://*.adtrafficquality.google; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
script-src 'self' https://abtasty.com https://*.abtasty.com https://analytics.tiktok.com https://*.analytics.tiktok.com https://s.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net/ https://i.salecycle.com/ wss://ws.salecycle.com https://assets.sc-trc.com/ https://mymachine.salecycle.com:8080 https://media.beaverbrooks.co.uk https://media.loupe.co.uk https://*.amplience.net https://amplience.net https://*.amplience.com https://amplience.com https://*.staging.bigcontent.io https://*.bigcontent.io https://*.beaverbrooks.co.uk/ https://beaverbrooks.co.uk/ https://*.loupe.co.uk/ https://loupe.co.uk/ https://*.cookiebot.com/ https://cookiebot.com https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.trustpilot.com https://trustpilot.com https://*.appointedd.com https://appointedd.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.pixlee.com https://pixlee.com https://*.pixlee.co https://pixlee.co https://*.pxlecdn.com https://pxlecdn.com https://*.google-analytics.com https://google-analytics.com https://*.gstatic.com https://gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.doubleclick.net https://doubleclick.net https://*.googlesyndication.com https://googlesyndication.com https://*.dwin1.com https://dwin1.com https://*.awin1.com https://awin1.com https://*.roeyecdn.com https://roeyecdn.com https://*.roeye.com https://roeye.com https://*.zenaps.com https://zenaps.com https://*.wepowerconnections.com https://wepowerconnections.com https://*.tiktok.com https://tiktok.com https://*.pingdom.net https://pingdom.net https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.contentsquare.net https://contentsquare.net https://*.cybersource.com https://cybersource.com https://*.digicert.com https://digicert.com https://*.vee24.com https://vee24.com https://*.paypal.com https://paypal.com https://*.paypalobjects.com https://paypalobjects.com https://*.klarnacdn.net https://klarnacdn.net https://*.klarna.com https://klarna.com https://*.klarnaapi.com https://klarnaapi.com https://*.bing.com https://bat.bing.com https://*.bat.bing.com https://flex.atdmt.com https://*.flex.atdmt.com https://clarity.ms https://*.clarity.ms https://*.rolex.com https://rolex.com https://*.recaptcha.net https://recaptcha.net https://*.adobedtm.com https://adobedtm.com https://*.demdex.net https://demdex.net https://*.everesttech.net https://everesttech.net https://*.naver.com https://naver.com https://*.naver.net https://naver.net https://*.pstatic.net https://pstatic.net https://www.youtube.com https://player.vimeo.com https://*.googleapis.com https://googleapis.com https://*.google.com https://google.com https://*.google.pl https://google.pl https://*.google.co.uk https://google.co.uk https://*.google.md https://google.md https://google.ie https://*.jquery.com https://jquery.com https://*.givex.com https://givex.com https://*.sentry.io https://sentry.io https://*.ingest.sentry.io https://ingest.sentry.io https://*.sentry-cdn.com https://sentry-cdn.com https://*.exponea.com https://exponea.com https://*.pinterest.com https://pinterest.com https://*.pinimg.com https://pinimg.com https://unpkg.com/react-scan/dist/auto.global.js 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.googleapis.com https://googleapis.com https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.vee24.com https://vee24.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com 'unsafe-inline'; img-src 'self' https://ggpht.com https://*.ggpht.com https://abtasty.com https://*.abtasty.com https://googleads.g.doubleclick.net https://google.ie https://*.google.ie https://google.ae https://*.google.ae https://google.se https://*.google.se https://google.es https://*.google.es https://google.nl https://*.google.nl https://google.de https://*.google.de https://google.it https://*.google.it https://google.com.hk https://*.google.com.hk https://media.beaverbrooks.co.uk https://media.loupe.co.uk https://*.amplience.net https://amplience.net https://*.amplience.com https://amplience.com https://*.staging.bigcontent.io https://*.bigcontent.io https://*.beaverbrooks.co.uk/ https://beaverbrooks.co.uk/ https://*.loupe.co.uk/ https://loupe.co.uk/ https://*.cookiebot.com/ https://cookiebot.com https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.googleapis.com https://googleapis.com https://*.google.com https://google.com https://*.google.pl https://google.pl https://*.google.co.uk https://google.co.uk https://*.google.md https://google.md https://google.ie https://*.gstatic.com https://gstatic.com https://*.googleusercontent.com https://googleusercontent.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.dwin1.com https://dwin1.com https://*.awin1.com https://awin1.com https://*.roeyecdn.com https://roeyecdn.com https://*.roeye.com https://roeye.com https://*.zenaps.com https://zenaps.com https://*.wepowerconnections.com https://wepowerconnections.com https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.digicert.com https://digicert.com https://*.paypal.com https://paypal.com https://*.paypalobjects.com https://paypalobjects.com https://*.klarnacdn.net https://klarnacdn.net https://*.klarna.com https://klarna.com https://*.klarnaapi.com https://klarnaapi.com https://*.contentsquare.net https://contentsquare.net https://*.rolex.com https://rolex.com https://*.bing.com https://bat.bing.com https://*.bat.bing.com https://flex.atdmt.com https://*.flex.atdmt.com https://clarity.ms https://*.clarity.ms https://*.pixlee.com https://pixlee.com https://*.pixlee.co https://pixlee.co https://*.pxlecdn.com https://pxlecdn.com https://*.ytimg.com https://ytimg.com https://*.doubleclick.net https://doubleclick.net https://*.googlesyndication.com https://googlesyndication.com https://*.adobedtm.com https://adobedtm.com https://*.demdex.net https://demdex.net https://*.everesttech.net https://everesttech.net https://*.tiktok.com https://tiktok.com https://*.vee24.com https://vee24.com data:; frame-src 'self' https://pinterest.com https://*.pinterest.com https://s.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net/ https://i.salecycle.com/ wss://ws.salecycle.com https://assets.sc-trc.com/ https://mymachine.salecycle.com:8080 https://*.jotform.com/ https://jotform.com/ https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.trustpilot.com https://trustpilot.com https://*.cookiebot.com/ https://cookiebot.com https://*.pixlee.com https://pixlee.com https://*.pixlee.co https://pixlee.co https://*.pxlecdn.com https://pxlecdn.com https://www.youtube.com https://player.vimeo.com https://*.beaverbrooks.co.uk/ https://beaverbrooks.co.uk/ https://*.loupe.co.uk/ https://loupe.co.uk/ https://*.amplience.net https://amplience.net https://*.amplience.com https://amplience.com https://*.staging.bigcontent.io https://*.bigcontent.io https://*.appointedd.com https://appointedd.com https://*.vee24.com https://vee24.com https://*.cybersource.com https://cybersource.com https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.paypal.com https://paypal.com https://*.paypalobjects.com https://paypalobjects.com https://*.klarnacdn.net https://klarnacdn.net https://*.klarna.com https://klarna.com https://*.klarnaapi.com https://klarnaapi.com https://*.rolex.com https://rolex.com https://*.recaptcha.net https://recaptcha.net https://*.cardinalcommerce.com https://cardinalcommerce.com https://*.cardinaltrusted.com https://*.google.com https://google.com https://*.google.pl https://google.pl https://*.google.co.uk https://google.co.uk https://*.google.md https://google.md https://google.ie https://*.adobedtm.com https://adobedtm.com https://*.demdex.net https://demdex.net https://*.everesttech.net https://everesttech.net https://*.givex.com https://givex.com https://*.pinterest.com https://pinterest.com https://*.pinimg.com https://pinimg.com https://*.v12finance.com https://v12finance.com https://v12retailfinance.com/; frame-ancestors 'self' https://*.jotform.com/ https://jotform.com/ https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.trustpilot.com https://trustpilot.com https://*.cookiebot.com/ https://cookiebot.com https://*.pixlee.com https://pixlee.com https://*.pixlee.co https://pixlee.co https://*.pxlecdn.com https://pxlecdn.com https://www.youtube.com https://player.vimeo.com https://*.beaverbrooks.co.uk/ https://beaverbrooks.co.uk/ https://*.loupe.co.uk/ https://loupe.co.uk/ https://*.amplience.net https://amplience.net https://*.amplience.com https://amplience.com https://*.staging.bigcontent.io https://*.bigcontent.io https://*.appointedd.com https://appointedd.com https://*.vee24.com https://vee24.com https://*.cybersource.com https://cybersource.com https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.paypal.com https://paypal.com https://*.paypalobjects.com https://paypalobjects.com https://*.klarnacdn.net https://klarnacdn.net https://*.klarna.com https://klarna.com https://*.klarnaapi.com https://klarnaapi.com https://*.rolex.com https://rolex.com https://*.recaptcha.net https://recaptcha.net https://*.cardinalcommerce.com https://cardinalcommerce.com https://*.cardinaltrusted.com https://*.google.com https://google.com https://*.google.pl https://google.pl https://*.google.co.uk https://google.co.uk https://*.google.md https://google.md https://google.ie https://*.adobedtm.com https://adobedtm.com https://*.demdex.net https://demdex.net https://*.everesttech.net https://everesttech.net https://*.givex.com https://givex.com https://*.pinterest.com https://pinterest.com https://*.pinimg.com https://pinimg.com https://*.v12finance.com https://v12finance.com https://v12retailfinance.com/; form-action https://*.paypal.com https://paypal.com https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.cardinalcommerce.com https://cardinalcommerce.com https://*.cardinaltrusted.com 'self'; worker-src 'self' https://media.beaverbrooks.co.uk https://media.loupe.co.uk https://*.amplience.net https://amplience.net https://*.amplience.com https://amplience.com https://*.staging.bigcontent.io https://*.bigcontent.io https://*.beaverbrooks.co.uk/ https://beaverbrooks.co.uk/ https://*.loupe.co.uk/ https://loupe.co.uk/ https://*.cookiebot.com/ https://cookiebot.com https://vercel.live https://*.vercel-scripts.com https://vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.vercel.com https://vercel.com https://*.vercel.aws.beaverbrooks.co.uk https://*.aws.beaverbrooks.co.uk https://*.vercel.aws.loupe.co.uk https://*.aws.loupe.co.uk https://*.trustpilot.com https://trustpilot.com https://*.appointedd.com https://appointedd.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.pixlee.com https://pixlee.com https://*.pixlee.co https://pixlee.co https://*.pxlecdn.com https://pxlecdn.com https://*.google-analytics.com https://google-analytics.com https://*.gstatic.com https://gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.doubleclick.net https://doubleclick.net https://*.googlesyndication.com https://googlesyndication.com https://*.dwin1.com https://dwin1.com https://*.awin1.com https://awin1.com https://*.roeyecdn.com https://roeyecdn.com https://*.roeye.com https://roeye.com https://*.zenaps.com https://zenaps.com https://*.wepowerconnections.com https://wepowerconnections.com https://*.tiktok.com https://tiktok.com https://*.pingdom.net https://pingdom.net https://*.facebook.net https://facebook.net https://*.facebook.com https://facebook.com https://*.contentsquare.net https://contentsquare.net https://*.cybersource.com https://cybersource.com https://*.digicert.com https://digicert.com https://*.vee24.com https://vee24.com https://*.paypal.com https://paypal.com https://*.paypalobjects.com https://paypalobjects.com https://*.klarnacdn.net https://klarnacdn.net https://*.klarna.com https://klarna.com https://*.klarnaapi.com https://klarnaapi.com https://*.bing.com https://bat.bing.com https://*.bat.bing.com https://flex.atdmt.com https://*.flex.atdmt.com https://clarity.ms https://*.clarity.ms https://*.rolex.com https://rolex.com https://*.recaptcha.net https://recaptcha.net https://*.adobedtm.com https://adobedtm.com https://*.demdex.net https://demdex.net https://*.everesttech.net https://everesttech.net https://*.naver.com https://naver.com https://*.naver.net https://naver.net https://*.pstatic.net https://pstatic.net https://www.youtube.com https://player.vimeo.com https://*.googleapis.com https://googleapis.com https://*.google.com https://google.com https://*.google.pl https://google.pl https://*.google.co.uk https://google.co.uk https://*.google.md https://google.md https://google.ie https://*.jquery.com https://jquery.com https://*.givex.com https://givex.com https://*.sentry.io https://sentry.io https://*.ingest.sentry.io https://ingest.sentry.io https://*.sentry-cdn.com https://sentry-cdn.com https://*.exponea.com https://exponea.com https://*.pinterest.com https://pinterest.com https://*.pinimg.com https://pinimg.com https://unpkg.com/react-scan/dist/auto.global.js blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri /api/csp-report; report-to csp-endpoint; 1
script-src 'strict-dynamic' 'nonce-88aXS+BzfY1TQZnXWtkyEw==' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-FdmeycCwQ3ImThgDCpw63g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-AefS3l_m84Eq-vREW6x2sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; style-src 'unsafe-inline' *; default-src 'none'; worker-src 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; base-uri 'none'; media-src *; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-6W0o+60Mcdy98o9qqN5zxA=='; img-src blob: data: *; font-src 'self' data:; frame-ancestors 'none' 1
font-src *.force.com https://omt.honda.com https://owners.honda.com https://honda.demdex.net 'self' https://www.acura.com https://stats.g.doubleclick.net *.youtube-nocookie.com https://cm.everesttech.net https://cdn.cookielaw.org http://code.jquery.com https://uat2.sendyouropinions.com https://somt.honda.com https://ahfc--webproj1.my.salesforce.com https://www.gstatic.com https://consent-api.onetrust.com https://assets.adobedtm.com https://fonts.googleapis.com https://www.google.com https://analytics.google.com https://fonts.gstatic.com/ https://geolocation.onetrust.com https://dpm.demdex.net https://td.doubleclick.net https://automobiles.honda.com https://powersports.honda.com blob: https://survey2.sendyouropinions.com *.gstatic.com https://eshopping.americanhondafinance.com *.facebook.com *.youtube.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com data:; report-to sfdc-csp-ep; report-uri https://ahfc.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dj0000001oPqD&networkId=0DM5b000000wk5s&type=communities 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://www.synergie.fr; script-src 'self' https://cdn.synergie.fr https://www.googletagmanager.com https://chat-window.kmblabs.com http://static.axept.io https://js-agent.newrelic.com https://v2.synergie.intconv.kmblabs.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com 'nonce-/y4OYP+6LXoK9RBBa5Yltw=='; connect-src 'self' data: https://api.synergie.fr https://www.google-analytics.com https://chatwindow-v2.api.kmblabs.com https://client.axept.io https://api.axept.io https://bam.eu01.nr-data.net https://099bx3d09i.execute-api.eu-west-1.amazonaws.com https://maps.googleapis.com https://synergie-prod.alb.chatbot.kmblabs.com; img-src 'self' https://cdn.synergie.fr https://media.synergie.fr https://cdnjs.cloudflare.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.axept.io https://v2.synergie.intconv.kmblabs.com; font-src 'self' https://fonts.gstatic.com https://chat-window.kmblabs.com https://v2.synergie.intconv.kmblabs.com 1
object-src 'none';base-uri 'self';script-src 'nonce-yc3mDkue1QzVB_cDt_7NlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CnmBu3WYwy5e4XxlJoP6MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5vFxw9tHyMkNnZ4kFiRzhf4lX5wKzBavdVqTWIaTBv0-1773717989.9884927-1.0.1.1-Df3VFGdGOAZBgQa5caiA4rMZoyF.Y3vKazRsNLB5nED4.XKPoCV7ikJh4OqofXy34klrZto1P.FvxrLDpeXLKfbN5OffJyGtzD0fMDlyYKnyxkPJkHI8nRAzTJ4gXv1D8F9V81Gk5zUa7AdQPE2rUccP0NJA8ISmvtRShcDy6o1EY1G5M6NfMUlODuKbJILpXiomjsGj.cucunrG.RVswg; report-to cf-mbaconrwzpjsxtmk 1
default-src 'self' thumbtack.okta.com *.oktacdn.com; connect-src 'self' thumbtack.okta.com thumbtack-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com thumbtack.kerberos.okta.com thumbtack.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-pwzbg2W_RYMYQkspIOUEaQ' 'unsafe-eval' 'self' 'report-sample' thumbtack.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-pwzbg2W_RYMYQkspIOUEaQ' 'self' 'report-sample' thumbtack.okta.com *.oktacdn.com; frame-src 'self' thumbtack.okta.com thumbtack-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' thumbtack.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' thumbtack.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://idp.thumbtack.io 1
object-src 'none';base-uri 'self';script-src 'nonce-LmfZ-k2CwYhUOoL5AaeLfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.easyship.com td.doubleclick.net www.recaptcha.net *.linkedin.com storage.googleapis.com *.sentry.io *.hubspot.com analytics.google.com bat.bing.com;manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net js.stripe.com www.google-analytics.com browser.sentry-cdn.com js.sentry-cdn.com www.googletagmanager.com cdn-cookieyes.com snap.licdn.com bat.bing.com js.hs-scripts.com d.impactradius-event.com js.usemessages.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.google.com;font-src 'self' data: fonts.gstatic.com fonts.gstatic.cn fonts.googleapis.com fonts.google.com js.stripe.com 1
default-src 'self' cdnweb.sbermobile.ru; frame-src https://cdn.rutarget.ru/ https://api.flocktory.com https://mc.yandex.ru https://tag.rutarget.ru/ ; style-src 'unsafe-inline' 'self' fonts.googleapis.com cdnweb.sbermobile.ru; font-src 'self' cdnweb.sbermobile.ru data: fonts.gstatic.com ; connect-src 'self' https://yandexmetrica.com:*/ *.sbermarketing.ru uaas.yandex.ru ad.adriver.ru api.flocktory.com kraken.rambler.ru https://*.mc.yandex.ru/ https://stats.g.doubleclick.net/ https://suggestions.dadata.ru/ https://suggest-maps.yandex.ru/ https://ymetrica1.com/ https://www.google-analytics.com/ https://unpkg.com/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.sberbank.ru/ https://sa.online.sberbank.ru:8098/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnweb.sbermobile.ru *.yandex.net *.trbcdn.net  top-fwz1.mail.ru api.flocktory.com *.top100.ru *.adriver.ru px.adhigh.net cdn.rutarget.ru yastatic.net *.maps.yandex.net suggest-maps.yandex.ru api-maps.yandex.ru *.otm-r.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com *.mc.yandex.ru mc.yandex.ru nlb-clickstream.sberbank.ru sp.otm-r.com stats.g.doubleclick.net www.google-analytics.com www.google.ru www.googletagmanager.com ; img-src 'self' data: www.gstatic.com cdnweb.sbermobile.ru adservings.ru api.flocktory.com top-fwz1.mail.ru kraken.rambler.ru api-maps.yandex.ru *.maps.yandex.net *.mc.yandex.com *.mc.yandex.ru mc.yandex.ru *.googleusercontent.com www.googletagmanager.com www.google.ru www.google.com www.google-analytics.com *.otm-r.com yandex.ru; base-uri 'self' cdnweb.sbermobile.ru; form-action 'self'; frame-ancestors 'none' 1
frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com; 1
default-src 'self'; connect-src 'self' https://t.segger.com/; font-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline' data: ; img-src 'self' data: blob: https://t.segger.com/ https://kb.segger.com/ https://i.ytimg.com; script-src 'self' 'unsafe-inline' https://t.segger.com/; script-src-elem 'self' 'unsafe-inline' https://t.segger.com/ https://www.youtube.com/iframe_api; frame-src https://www.youtube-nocookie.com 'self'; object-src 'self' data: blob:; media-src 'self'; report-uri https://sentry.marketing-factory.de/api/23/security/?sentry_key=c95fa11bd7c34b6757a4f34eca12437f 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.thuis.nl *.camcammer.com *.sensemakers.com *.test.paysafe.com *.cloudflare.com *.exoclick.com cdn.pushcrew.com *.ingest.sentry.io *.paysafe.com *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.google-analytics.com stats.g.doubleclick.net *.doubleclick.net *.slack-edge.com *.googletagmanager.com analytics.sensemakers.nl *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.thuis.nl/ wss://*.sensemakers.com wss://ws.hotjar.com/ *.sensemakers.com stats.g.doubleclick.net *.ingest.sentry.io analytics.sensemakers.nl *.google.com *.google.nl *.google.sr *.google.be *.google.gr *.google.fr *.analytics.google.com stats.g.doubleclick.net *.hotjar.io *.hotjar.com *.test.paysafe.com *.paysafe.com *.thuis.nl *.google-analytics.com; img-src * 'self' data: https: blob: https; font-src * 'self' data:; report-uri https://analytics.sensemakers.nl/csp/ 1
default-src 'none';  connect-src 'self' embedr.flickr.com chat-us.libanswers.com resources.bepress.com playback.bepressaws.com cascade2.libchat.com visitor2.constantcontact.com distillery.wistia.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io yoast.com listgrowth.ctctcdn.com www.facebook.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.analytics.google.com *.googleapis.com;  font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com static.juicer.io fonts.bunny.net;  frame-src 'self' imsa.libanswers.com accounts.google.com admin.helperhelper.com community.imsa.edu v2.libanswers.com docs.google.com calendar.google.com www.youtube.com www.google.com www.facebook.com bbox.blackbaudhosting.com assets.bepress.com *.concept3d.com;  img-src 'self' connect.facebook.net *.gstatic.com live.staticflickr.com www.googletagmanager.com previews.dropbox.com www.google-analytics.com *.imsa.edu s.w.org ps.w.org theeventscalendar.com fast.wistia.com data: embedwistia-a.akamaihd.net cdnjs.cloudflare.com www.paypalobjects.com *.googleapis.com onpointplugins.com secure.gravatar.com cdn.datatables.net *.facebook.com bbox.blackbaudhosting.com cdn.weglot.com localist-images.azureedge.net *.cloudfront.net imsa.edu *.googleusercontent.com *.google.com *.ctctcdn.com *.ytimg.com *.imsa.edu blackfacts.com;  script-src data: 'self' 'unsafe-inline' 'unsafe-eval' assets.bepress.com blackfacts.com imsa.libanswers.com community.imsa.edu pi.pardot.com cdn.jsdelivr.net widget.intercom.io js.intercomcdn.com fast.wistia.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com static.ctctcdn.com connect.facebook.net www.facebook.com assets.juicer.io bbox.blackbaudhosting.com bbox.blackbaudhosting.com cdn.datatables.net connect.facebook.net www.google-analytics.com www.googletagmanager.com;  style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com static.ctctcdn.com assets.juicer.io bbox.blackbaudhosting.com cdn.datatables.net;  script-src-elem 'self' 'unsafe-inline' imsa.libanswers.com *.googleapis.com assets.bepress.com connect.facebook.net www.gstatic.com *.google.com cdnjs.cloudflare.com static.ctctcdn.com www.google-analytics.com cdn.datatables.net www.googletagmanager.com embedr.flickr.com widgets.flickr.com imsa.enterprise.localist.com *.imsa.edu blackfacts.com;  style-src-elem 'self' 'unsafe-inline' static.ctctcdn.com *.googleapis.com cdn.datatables.net www.gstatic.com *.imsa.edu fonts.bunny.net imsa.enterprise.localist.com;  media-src 'self' blob: ;  worker-src 'self' blob: ;  report-uri https://app.imsa.edu/connect/csp/report 1
default-src 'self' https://*.appreciatehub.com *.google-analytics.com *.cloudflare.com https://*.googleapis.com https://*.pendo.io https://*.alamoapp.octanner.io https://*.api.octanner.net https://*.salesforce.com *.cloudinary.com https://s3.amazonaws.com/oc-images-api/* *.doubleclick.net *.octanner.net *.gstatic.com *.jwpcdn.com *.recaptcha.net https://www.gstatic.com/recaptcha/releases/*  wss://*.fathomvoice.com *.fathomvoice.com *.fonticons.com *.fortawesome.com 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' www.google.com www.recaptcha.net https://res.cloudinary.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.3lift.com *.a47b.com *.acuityplatform.com *.ad-score.com *.adform.net *.adnxs.com *.ads.smartadserver.com *.adsafeprotected.com *.adsappier.com *.adsrvr.org *.adtrafficquality.google *.amazon-adsystem.com *.amazonaws.com *.ampproject.org *.azureedge.net *.b2c.com *.basis.net *.betrad.com *.bidr.io *.c3tag.com *.cdn.fastclick.net *.celtra.com *.cloudfront.net *.cog-tr3.com *.cog-tr4.com *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.evidon.com *.exelator.com *.eyeota.net *.flashtalking.com *.flx10.com *.fouanalytics.com *.ftstatic.com *.g.doubleclick.net *.getrockerbox.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gumgum.com *.id5-sync.com *.innovid.com *.jivox.com *.js7k.com *.jwplayer.com *.l-dsp.inmobicdn.net *.microsoft.com *.mxptint.net *.ns1p.net *.onedsp.inmobi.com *.p.jwpcdn.com *.peer-39.com *.polarcdn.com *.poupdate.pulsepoint.com *.puzzmo.com *.quantcount.com *.quantserve.com *.rendering.sharethrough.com *.rfihub.com *.rqtrk.eu *.rubiconproject.com *.rudderlabs.com *.scorecardresearch.com *.script.ac *.smadex.com *.srv.stackadapt.com *.trustarc.com *.truste.com *.turn.com *.update.adsrvr.org *.update.indexww.com *.update.rubiconproject.com *.update.wo.gumgum.com *.yabidos.com *.ybp.yahoo.com *.yimg.com adrta.com cdn-cookieyes.com htlbid.com openfpcdn.io *.insiad.com *.browsiprod.com *.enzymic.co *.intentiq.com *.ntv.io *.padsquad.com lottingem.com; connect-src 'self' *.3lift.com *.ad-score.com *.adform.net *.adnxs.com *.ads.smartadserver.com *.adsrvr.org *.adtrafficquality.google *.amazon-adsystem.com *.amazonaws.com *.appiersig.com *.b2c.com *.c.appier.net *.c3tag.com *.casalemedia.com *.cheilmedia.com *.cloudfront.net *.cog-tr101.com *.contextweb.com *.cookieyes.com *.dotomi.com *.doubleclick.net *.doubleverify.com *.eu-1-id5-sync.com *.eu-3-id5-sync.com *.eu-4-id5-sync.com *.flashtalking.com *.fouanalytics.com *.ftstatic.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gumgum.com *.id5-sync.com *.ingest.sentry.io *.innovid.com *.jwplayer.com *.liadm.com *.lynx.cognitivlabs.com *.ns1p.net *.openx.net *.peer-39.com *.poupdate.pulsepoint.com *.prod.na.adsqtungsten.a9.amazon.dev *.pubmatic.com *.puzzmo.com *.quantserve.com *.rubiconproject.com *.rudderstack.com *.srv.stackadapt.com *.tahoe-analytics.publishers.advertising.a2z.com *.update.adsrvr.org *.update.indexww.com *.update.rubiconproject.com *.update.wo.gumgum.com *.us-east-1.cxm-bcn.publisher-services.amazon.dev *.ybp.yahoo.com wss://*.puzzmo.com cdn-cookieyes.com id5-sync.com o1223952.ingest.sentry.io *.gstatic.com *.insiad.com *.googletagmanager.com data: sevendata.fun; form-action 'none'; report-to default 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-98f2d9b4-7339-42fa-a986-48c41b59784a' https: data: https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://siteintercept.qualtrics.com https://browser.sentry-cdn.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://cdn.jsdelivr.net https://more.suse.com; img-src 'self' https: data: https://fast.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://fast.wistia.net https://fast.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com; connect-src 'self' https: wss: https://cdn.cookielaw.org https://distillery.wistia.com https://siteintercept.qualtrics.com https://dc.services.visualstudio.com https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com wss://ws.qualified.com https://embed-ssl.wistia.com https://apple.dxcloud.episerver.net https://cdn.jsdelivr.net https://js.monitor.azure.com wss://ws.qualified.com; font-src 'self' https: data: https://fonts.gstatic.com https://fast.wistia.net; object-src 'none' ; media-src 'self' https: blob: ; frame-src 'self' https: ; form-action 'self' https://suselinux.fra1.qualtrics.com; frame-ancestors 'self' ; base-uri 'none' ;  report-uri https://www.suse.com/api/reporting/;  report-to csp-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-8K9jrYyo9Ax7O_YiYLgCYg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'self' https://polyfills.revolut.com https://applepay.cdn-apple.com https://js.hcaptcha.com https://newassets.hcaptcha.com https://pay.google.com 'sha256-38rWdkeoy40v9siKY45fUDqVZ5JgXBa/nLp3uavI6PA='; script-src-elem 'self' https://polyfills.revolut.com https://applepay.cdn-apple.com https://js.hcaptcha.com https://newassets.hcaptcha.com https://pay.google.com 'sha256-38rWdkeoy40v9siKY45fUDqVZ5JgXBa/nLp3uavI6PA='; report-uri https://o4508601944047696.ingest.de.sentry.io/api/4508602000474203/security/?sentry_key=d197da3ecdd744ddb15ab04807d0c9ac; style-src 'self' 'unsafe-inline' https://assets.revolut.com; img-src 'self' data: blob: https://assets.revolut.com https://storage.googleapis.com https://www.gstatic.com https://*.giphy.com; media-src 'self' data: https://assets.revolut.com; font-src 'self' data: https://assets.revolut.com; connect-src 'self' https://aqueduct.revolut.com https://assets.revolut.com https://o4508601944047696.ingest.de.sentry.io https://apple-pay-gateway.apple.com https://*.hcaptcha.com https://google.com/pay https://www.google.com/pay https://pay.google.com https://www.revolut.com/api/giphy/ https://pingback.giphy.com https://tails.revolut.com https://cpg.revolut.com; child-src 'self'; frame-src *; 1
default-src 'self' static.hebban.nl www.hebban.nl browser.sentry-cdn.com *.ingest.us.sentry.io www.google.com consentcdn.cookiebot.com analytics.ahrefs.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.aso1.net euc-widget.freshworks.com cpnb.freshdesk.com pagead2.googlesyndication.com scripts.simpleanalyticscdn.com;style-src *  'unsafe-inline'; img-src * 'self' data: ;font-src *; frame-src consentcdn.cookiebot.com *.doubleclick.net www.google.com www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' hebbandemo.nl www.hebbandemo.nl www.gstatic.com google.com www.google.com hebbanstatic.yunademo.nl static.hebban.nl consent.cookiebot.com consentcdn.cookiebot.com js.sentry-cdn.com browser.sentry-cdn.com hebban.yunademo.nl www.hebban.nl *.google-analytics.com *.googletagmanager.com *.chartbeat.com sb.scorecardresearch.com *.hotjar.com track.adform.net connect.facebook.net *.doubleclick.net analytics.ahrefs.com *.aso1.net euc-widget.freshworks.com scripts.simpleanalyticscdn.com;worker-src 'self' blob:;media-src *;frame-ancestors *; 1
default-src 'self';
      script-src 'self' 'unsafe-inline' 'unsafe-eval'
      		*.beaconforms.com
      		*.beaconproducts.co.uk
      		*.bootstrapcdn.com
      		*.calendly.com
      		calendly.com
      		*.cloudflare.com
      		*.doubleclick.net
      		*.facebook.net
      		*.fontawesome.com
      		*.google-analytics.com
      		*.google.com
      		*.googleadservices.com
      		*.googleapis.com
      		*.googletagmanager.com
      		*.gravatar.com
      		*.gstatic.com
      		*.myfonts.net
      		*.victimsupport.org.uk
      		*.w.org
      		*.wpdownloadmanager.com
      		*.yoast.com
      		js.stripe.com
      		yoast.com
      		*.youtube.com
      		cdn-cookieyes.com
      		s.ytimg.com;
      style-src 'self' 'unsafe-inline'
      		*.fontawesome.com
      		*.googleapis.com
      		*.gstatic.com
      		hello.myfonts.net
      		stackpath.bootstrapcdn.com
      		static.userback.io;
      img-src 'self' data:
      		*.beaconforms.com
      		*.beaconproducts.co.uk
      		*.bootstrapcdn.com
      		*.calendly.com
      		*.cloudflare.com
      		*.doubleclick.net
      		*.facebook.net
      		*.fontawesome.com
      		*.google-analytics.com
      		*.google.com
      		*.google.ro
      		*.google.co.uk
      		*.googleadservices.com
      		*.googleapis.com
      		*.googletagmanager.com
      		*.gravatar.com
      		*.gstatic.com
      		*.myfonts.net
      		*.victimsupport.org.uk
      		*.w.org
      		*.wpdownloadmanager.com
      		*.yoast.com
      		*.youtube.com
      		cdn-cookieyes.com
      		s.ytimg.com
      		www.facebook.com;
      font-src 'self' data:
      		*.fontawesome.com
      		*.googleapis.com
      		*.gstatic.com
      		static.userback.io;
      connect-src 'self'
      		*.beaconforms.com
      		*.beaconproducts.co.uk
      		*.bootstrapcdn.com
      		*.calendly.com
      		*.cloudflare.com
      		*.doubleclick.net
      		*.facebook.net
      		*.fontawesome.com
      		*.google-analytics.com
      		*.google.com
      		*.google.co.uk
      		*.googleadservices.com
      		*.googleapis.com
      		*.googletagmanager.com
      		*.gravatar.com
      		*.gstatic.com
      		*.myfonts.net
      		*.pagead2.googlesyndication.com
      		*.victimsupport.org.uk
      		*.w.org
      		*.wpdownloadmanager.com
      		*.yoast.com
      		*.youtube.com
      		*.browser-intake-datadoghq.com
      		*.browser-intake-datadoghq.eu
      		api.stripe.com 
      		api.userback.io
      		cdn-cookieyes.com
      		directory.cookieyes.com
      		graph.facebook.com
      		log.cookieyes.com
      		static.userback.io
      		www.facebook.com;
      frame-src 'self'
      		*.beaconforms.com
      		*.beaconproducts.co.uk
      		*.bootstrapcdn.com
      		*.calendly.com
      		*.cloudflare.com
      		*.doubleclick.net
      		*.facebook.net
      		*.fontawesome.com
      		*.google-analytics.com
      		*.google.com
      		*.googleadservices.com
      		*.googleapis.com
      		*.googletagmanager.com
      		*.gravatar.com
      		*.gstatic.com
      		*.myfonts.net
      		*.victimsupport.org.uk
      		*.w.org
      		*.wpdownloadmanager.com
      		*.yoast.com
      		*.youtube.com
      		calendly.com
      		cdn-cookieyes.com
      		js.stripe.com
      		s.ytimg.com
      		static.userback.io
      		yoast.com;
	report-uri /csp-report;
	report-to csp-endpoint;
       1
connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; frame-src https://www.google.com https://status.netservicesgroup.com; child-src https://status.netservicesgroup.com https://www.google.com https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-Pkt8j98M46glrPDzrqR9I9gac/h2nvberIdQkhIGySk=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://www.google.com https://www.gstatic.com https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-3ocR7726kV2Y3awnQx4u408K1Dxd7l3X9nvrC91J15k=' 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1
object-src 'none';base-uri 'self';script-src 'nonce-RZr32BGWqeQPx_XUdJajKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; report-uri https://13fc2e96c75baedc98bc60c37c2c93be.report-uri.com/r/d/csp/wizard; script-src 'strict-dynamic' 'nonce-kQa0L42luDAraQjPdJFGqA==' 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com cash-f.squarecdn.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com *.oct8ne.com oct8necdneu.azureedge.net blob: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * www.google.com *.certcapture.com www.xtento.com https://plumrocket.com js.mollie.com *.oct8ne.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ blob: www.xtento.com cdn.xtento.com https://maps.gstatic.com https://purecatamphetamine.github.io https://cdnjs.cloudflare.com https://www.mollie.com *.oct8ne.com static-eu.oct8ne.com oct8necdneu.azureedge.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://rum.hlx.page maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com js.mollie.com *.oct8ne.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.certcapture.com https://static.klaviyo.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adobedc.net *.demdex.net *.magento-datasolutions.com *.magento-ds.com * https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io/json *.oct8ne.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net sst.nonpaints.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src cdn.nonpaints.com data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.multisafepay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: https: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net t.paypal.com s.ytimg.com video.google.com vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com *.googleapis.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com cdn.xtento.com *.klevu.com *.ksearchnet.com *.avada.io *.trustpilot.com *.yotpo.com preferredliving.com *.preferredliving.com sportys.com *.sportys.com sportystoolshop.com *.sportystoolshop.com wright-bros.com *.wright-bros.com na-library.klarnaservices.com www.googleadservices.com bat.bing.com www.googletagmanager.com *.bc0a.com hello.zonos.com cdn.mouseflow.com secure.quantserve.com cdn.attn.tv *.datasteam.io googleads.g.doubleclick.net rules.quantcount.com aa.agkn.com *.cloudmaestro.com cdn.b0e8.com cdn.iglobalstores.com *.listrakbi.com www.google-analytics.com *.listrak.com widgets.turnto.com www.google.com www.gstatic.com widget.heymarket.com *.clarity.ms *.aviationgifts.com; report-uri /.webscale/csp-report 1
base-uri; default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://docs.teket.jp data:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://teket.zendesk.com https://zendesk-eu.my.sentry.io https://static.zdassets.com https://ekr.zdassets.com https://api.smooch.io wss://api.smooch.io https://s.clarity.ms https://docs.teket.jp; form-action; frame-src https://www.google.com/ https://p01.mul-pay.jp; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://teket.zendesk.com https://zendesk-eu.my.sentry.io https://static.zdassets.com https://ekr.zdassets.com https://api.smooch.io wss://api.smooch.io https://docs.teket.jp data:; object-src; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://teket.zendesk.com https://zendesk-eu.my.sentry.io https://static.zdassets.com https://ekr.zdassets.com https://api.smooch.io wss://api.smooch.io https://p01.mul-pay.jp 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://teket.zendesk.com https://zendesk-eu.my.sentry.io https://static.zdassets.com https://ekr.zdassets.com https://api.smooch.io wss://api.smooch.io https://www.clarity.ms https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net 'unsafe-inline' blob:; style-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://teket.zendesk.com https://zendesk-eu.my.sentry.io https://static.zdassets.com https://ekr.zdassets.com https://api.smooch.io wss://api.smooch.io 'unsafe-inline' 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'none'; worker-src blob:; connect-src * 'unsafe-inline'; img-src * blob: data: 'unsafe-inline'; object-src 'self' blob:; report-uri /cspapi/report/CspReport; 1
font-src cash-f.squarecdn.com *.gstatic.com data: *.googleapis.com cdnjs.cloudflare.com js-agent.newrelic.com api.map.baidu.com *.baidu.com *.bdimg.com *.mtcaptcha.com *.bglobale.com *.global-e.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * www.google.com *.bglobale.com *.global-e.com maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.smartpixels.fr c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://pay.google.com https://secure-test.worldpay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com goyard-marquage-webconf.smartpixels.fr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.bglobale.com *.global-e.com *.goyard.com *.smartpixels.fr goyard-marquage-test-we-appservice-webconf.azurewebsites.net sprint-7onpvba-jccxky3s5ebcw.us-a1.magentosite.cloud www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com cdnjs.cloudflare.com bam.nr-data.net mcstaging.goyard.com mcprod.goyard.com goyard.com js-agent.newrelic.com api.map.baidu.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.bglobale.com *.global-e.com *.goyard.com payments.worldpay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js *.payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app fonts.googleapis.com cdnjs.cloudflare.com *.googleapis.com *.baidu.com *.bdimg.com *.mtcaptcha.com downloads.mailchimp.com *.bglobale.com *.global-e.com unsafe-inline assets.braintreegateway.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.goyard.com *.goyard.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.googleapis.com api.map.baidu.com *.baidu.com *.bdimg.com api.privacy-center.org *.mtcaptcha.com *.goyard.com *.bglobale.com *.global-e.com *.nr-data.net *.smartpixels.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.goyard.com *.bglobale.com *.global-e.com *.nr-data.net *.smartpixels.fr payments.worldpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';   connect-src 'self' https://gvb-apim-service-prod2.azure-api.net https://gvb-app.matomo.cloud consentcdn.cookiebot.com https://dc.services.visualstudio.com/v2/track https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.dynamics.com https://*.azureedge.net ;   script-src 'strict-dynamic' 'nonce-HgsRPQ4I2mJHnwRLtlnk4q3fJX43DI6fCGAGkeIj1/U=' 'sha256-X9GtzORyUShRgrb5vBVwF3p8WtKom3jBuMyocEhfL3Q='  'self' https://cdn.matomo.cloud https://gvb-app.matomo.cloud consent.cookiebot.com consentcdn.cookiebot.com https://*.dynamics.com https://*.azureedge.net;   frame-src 'self' consentcdn.cookiebot.com https://*.tiqets.com;   base-uri 'self';   block-all-mixed-content;   font-src 'self' https: data:;   img-src * 'self' data: https;   object-src 'none';   script-src-attr 'none';   style-src 'self' https://gvb-apim-service-prod2.azure-api.net 'unsafe-inline'; 1
connect-src 'self' wss://*.fieldlevel.com:4000 https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.litix.io https://*.mux.com https://api.mapbox.com https://events.mapbox.com;font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com; 1
frame-ancestors 'none'; base-uri 'self'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'nonce-YTVmOTBkYTItYWZlZS00NTc5LTllOGEtZmZiODNlNWM3ODIx' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com *.oath.com https://*.hereapi.com https://*.youtube.com https://*.yahooapis.com blob: *.googletagmanager.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com; img-src 'self' data: blob: https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com *.here.com https://sb.scorecardresearch.com https://*.yahoo.net https://*.bing.net https://media.zenfs.com https://*.googletagmanager.com; media-src 'self' https://*.yimg.com https://*.yahoo.com https://*.yahoo.net https://media.zenfs.com blob:; object-src 'self' https://*.yimg.com; connect-src 'self' https://*.yahoo.com https://*.yahooapis.com https://*.yimg.com https://*.yahoo.net https://*.hereapi.com https://*.api.here.com https://*.oath.com https://sb.scorecardresearch.com https://quiz.yahoo.2mundos.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com wss://*.finance.yahoo.com blob:; font-src 'self' https://*.yimg.com data:; child-src blob:; report-uri https://csp.yahoo.com/beacon/csp?src=scout 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
script-src 'self' 'nonce-hSD+5k3pfF8/TDYx8JpODiiWENKZAUZ/L5cgOg35/P0=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src ws: wss: http: https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://app.cyberimpact.com/csp-violation-report/ 1
default-src 'self'; connect-src 'self' https://px.ads.linkedin.com https://*.linkedin.com https://*.zi-scripts.com https://ws.zoominfo.com https://*.hsforms.com https://js.hubspot.com https://cta-service-cms2.hubspot.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://www.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://o936403.ingest.sentry.io https://o936403.ingest.us.sentry.io https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.livechatinc.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://*.wistia.com https://*.wistia.net; frame-ancestors 'self'; frame-src 'self' blob: https://464431.hs-sites.com https://*.hsforms.com https://*.livechatinc.com; img-src 'self' data: blob: https://www.googletagmanager.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://*.linkedin.com https://cdn.livechat-static.com https://cdn.livechat-files.com https://cdn.files-text.com https://*.hsforms.com https://*.hubspot.com https://static.hsappstatic.net https://*.wistia.com https://*.wistia.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; media-src 'self' blob:; object-src 'self'; script-src 'strict-dynamic' 'nonce-0YR10JlygMc2+c3X7PT6VA==' 'report-sample'; script-src-elem 'strict-dynamic' 'nonce-0YR10JlygMc2+c3X7PT6VA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net; report-uri https://hesoedxbb6.execute-api.us-west-2.amazonaws.com/prod/report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.xtento.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.xtento.com cdn.xtento.com *.trackedlink.net *.ddlnk.net *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com flagpedia.net maps.googleapis.com maps.gstatic.com *.feefo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com maps.googleapis.com assets.shipperhq.com *.trustpilot.com *.feefo.com https://www.builderdepot.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com assets.shipperhq.com *.trustpilot.com *.feefo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.gstatic.com maps.googleapis.com rms.shipperhq.com https://rms.shipperhq.com wss://rms.shipperhq.com ovs.shipperhq.com *.feefo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com  *.google-analytics.com www.2checkout.com connect.facebook.net *.google.com www.googletagmanager.com www.gstatic.com *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: librarika.com covers.librarika.com:8443 storage101.lon3.clouddrive.com *.ssl.cf3.rackcdn.com *.media-amazon.com *.ssl-images-amazon.com *.amazon-adsystem.com *.amazon.com  *.gstatic.com *.google-analytics.com *.google.com; font-src 'self' data: fonts.gstatic.com; frame-src *.librarika.com www.2checkout.com *.facebook.com *.google.com *.amazon-adsystem.com *.youtube.com; connect-src 'self' *.google.com www.google-analytics.com; object-src 'none'; report-uri https://5e5aa7c5f482dc373380fd2db250ce83.report-uri.com/r/d/csp/enforce 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=x4OWRUV8qs3aeNWYtjc5OoiXpIHtI8gtmLkfguwLjv0-1773711453.8027463-1.0.1.1-Fgh6mFYiUP1aZ.DTFmifjczJfmBieHFCF_zO0anVc5_CcjCAu2ErNHsdmngxjf7bUjsnQWBwkrFwH248zvI8xv7.9VLJL8nF2BDv10PJJ6QnayvIaGzZBEvLJbnvOMuiGi5A4QgJ4WUeGbgf0Xcwuc.mckQwWymU0kedyA64YkA; report-to cf-csp-endpoint 1
default-src 'self'; font-src 'self' *.gstatic.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.pipedrive.com data:; img-src 'self' *.ch-aviation.com *.servedbyadbutler.com servedbyadbutler.com *.pipedrive.com *.secureprivacy.ai images.prismic.io *.googletagmanager.com googletagmanager.com *.googleapis.com *.google.com *.gstatic.com data:; script-src 'self' *.servedbyadbutler.com servedbyadbutler.com *.googleapis.com *.googletagmanager.com *.google.com *.pipedrive.com *.highcharts.com *.secureprivacy.ai wasm-unsafe-eval data:; script-src-elem 'self' *.secureprivacy.ai *.servedbyadbutler.com servedbyadbutler.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.google.com *.pipedrive.com *.pipedriveassets.com *.doubleclick.net *.highcharts.com *.secureprivacy.ai data: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' *.google.com *.gstatic.com *.servedbyadbutler.com servedbyadbutler.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.pipedrive.com *.doubleclick.net *.secureprivacy.ai *.sentry.io *.talentlyft.com data: 'unsafe-inline'; frame-src 'self' *.pipedrive.com *.doubleclick.net *.google.com; style-src 'self' *.fontawesome.com *.secureprivacy.ai *.googleapis.com 'unsafe-inline'; media-src 'self' data:; report-uri https://www.ch-aviation.com/csp-report-to 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Fi7rwhwN6caiI1KabWBwwR77YPN-QvUR'; base-uri 'none' 1
default-src 'self';font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://brandportal.uponor.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.linkedin.com https://*.stackadapt.com https://*.doubleclick.net https://*.teads.tv https://*.clarity.ms https://*.google-analytics.com https://*.adobe.io https://*.hotjar.io wss://*.hotjar.com https://*.bing.com https://uponorna.my.site.com https://*.lumoa.me https://*.sharethis.com https://pixel-config.reddit.com https://www.redditstatic.com https://*.google.ee https://*.google.de https://*.google.cz https://*.google.se https://salesviewer.org https://*.google.fi https://bat.bing.net https://*.facebook.com https://*.google.is https://*.google.pl https://*.google.sk; frame-src https://*.youtube.com https://*.googletagmanager.com https://*.doubleclick.net https://*.force.com https://*.google.com https://*.usercentrics.eu https://*.teads.tv https://*.adobe.com https://*.tfaforms.net https://*.facebook.com https://*.bimsmith.com https://go.eu.uponor.com https://*.transistor.fm https://go.uponor.info https://youtube.com https://locator.maplet.com/ https://uponorna.my.site.com/; script-src 'self' 'nonce-llX+7X1S8Gmby7SD65tjba5E8yzpfu2Gcd6B7DD5FiU=' 'strict-dynamic'; img-src 'self' data: https://brandportal.uponor.com https://*.usercentrics.eu https://*.facebook.com https://*.linkedin.com https://*.teads.tv https://bat.bing.com https://maps.gstatic.com https://*.google.com https://*.doubleclick.net https://d2csxpduxe849s.cloudfront.net https://*.googletagmanager.com https://*.clarity.ms https://img.youtube.com https://*.sharethis.com https://*.uponor.com https://googleapis.com https://*.krxd.net https://*.google.lt https://*.google.hu https://*.google.dk https://alb.reddit.com https://*.google.ca https://*.google.ee https://*.google.de https://*.google.cz https://*.google.se https://*.google.co.uk https://*.google.pt https://*.globenewswire.com https://*.google.pl https://*.google.nl https://*.google.es https://*.google.ba https://cdn.midas-network.com https://*.google.fr https://*.google.si https://*.google.com.uy https://*.google.fi https://*.google.sk https://*.google.co.in https://*.google.no https://*.google.ro; style-src 'self' 'unsafe-inline' https://*.force.com https://*.usercentrics.eu https://*.stackadapt.com https://*.googleapis.com; object-src 'self' https://*.usercentrics.eu;form-action 'self' https://*.uponor.com https://*.tfaforms.net https://*.facebook.com; base-uri 'self'; 1
default-src 'self'; img-src 'self' data: https://www.fundraisingregulator.org.uk https://bat.bing.net https://bat.bing.com https://ipt.arthritis-uk.org https://cdn-cookieyes.com https://www.google.co.uk https://www.google.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://img.youtube.com https://analytics.google.com https://www.facebook.com https://pagead2.googlesyndication.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://www.google.ie; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://maps.googleapis.com https://www.googletagmanager.com https://cloud.umami.is https://cdn.chatbot.com https://cdn-cookieyes.com https://bat.bing.com https://www.gstatic.com https://www.google.com https://cdn.openwidget.com https://api.openwidget.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com https://cdn.raygun.io https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://pagead2.googlesyndication.com https://maps.googleapis.com https://cdn.chatbot.com https://bat.bing.net https://api-gateway.umami.dev https://region1.google-analytics.com https://bat.bing.com https://ipt.arthritis-uk.org https://www.google.com https://log.cookieyes.com https://cdn-cookieyes.com https://tags.srv.stackadapt.com https://analytics.google.com https://content.hotjar.io https://directory.cookieyes.com https://googleads.g.doubleclick.net https://metrics.hotjar.io https://vc.hotjar.io https://www.googleadservices.com https://www.googletagmanager.com wss://ws.hotjar.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://cdn.openwidget.com https://ipt.arthritis-uk.org https://www.google.com; base-uri 'self'; object-src 'none'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=okxCWBJHplIq88tzwzL3Q 1
object-src 'none';base-uri 'self';script-src 'nonce-vPqGN2Hcau2VmdJVUKNCMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.com.br https://www.myheritage.com.br  'unsafe-eval' 'nonce-c857fdfbb14de5a6525b2ff72b7f06a0' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-PM7RYJbEO-IEVEfn9Rdl4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jBCcgkn1zvpZN7h38ZLo2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; report-uri https://dcc-cspreport.enovation.ie/csp-report-dccdrupal.php 1
default-src 'self'; style-src 'nonce-63d43bc5-0189-4871-b934-4d8acf9d11d8' https://accounts.google.com 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://*.dealoo.ch; script-src 'nonce-63d43bc5-0189-4871-b934-4d8acf9d11d8' https://challenges.cloudflare.com https://storage.googleapis.com https://portal.zakeke.com https://*.dealoo.ch; img-src 'self' https://www.apfelkiste.ch https://cms-data.apfelkiste.ch data: blob: https://i.ytimg.com https://i.vimeocdn.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google.ch https://www.google.fr https://*.dealoo.ch; worker-src 'self' blob:; connect-src 'self' https://devnull.apfelkiste.ch https://www.google.com https://accounts.google.com https://apis.google.com https://api.dealoo.ch https://rumdash.io https://api.zakeke.com https://*.dealoo.ch; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://challenges.cloudflare.com https://accounts.google.com https://www.google.com https://portal.zakeke.com/; object-src 'self'; font-src 'self'; media-src 'self' https://cms-data.apfelkiste.ch; child-src 'self' blob:; frame-ancestors 'self' https://cms.apfelkiste.ch; report-uri https://devnull.apfelkiste.ch/api/8/security/?sentry_key=291d0d843488451caadd66b48b4a6ae4 1
font-src https://fonts.gstatic.com userlike-cdn-umm.b-cdn.net *.gstatic.com data: *.cloudfront.net *.mey.com app.usercentrics.eu 'self' data: 'self' 'unsafe-inline';form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline';frame-ancestors https://*.etracker.com www.gstatic.com 'self';frame-src *.google.com vimeo.com player.vimeo.com charger-v2.trbo.com static.trbo.com track2.trbo.com collect.trbo.com https://www.googletagmanager.com https://td.doubleclick.net player.vimeo.com *.youtube-nocookie.com *.youtube.com https://collect.mey.com https://*.criteo.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com https://static.criteo.net *.zenaps.com *.awin1.com bid.g.doubleclick.net td.doubleclick.net ct.pinterest.com www.awin1.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de gum.criteo.com pixel.mathtag.comm pp.payengine.de pptest.payengine.de checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ 'self' 'unsafe-inline';img-src *.googleusercontent.com https://*.gstatic.com https://*.googleapis.com *.cdninstagram.com static.trbo.com track2.trbo.com collect.trbo.com https://*.google.nl https://*.google.be https://*.google.at https://*.google.ch https://*.google.it https://*.google.es https://*.google.fr https://*.google.dk https://*.google.lu https://*.google.ca https://*.google.ie https://*.google.pt https://*.google.si https://*.google.co.uk https://*.google.pl https://*.google.com.hk https://*.google.gr https://*.google.com.sg https://*.google.se https://*.google.no https://*.google.ad https://*.google.ru https://*.google.fi https://*.google.co.in https://*.google.com.ua https://*.google.hr https://*.google.hu https://*.google.com https://*.google.com.tr https://*.google.co.jp https://*.google.com.sa https://*.google.md https://*.google.com.br https://*.google.rs https://*.google.com.tw https://*.google.ee https://*.google.co.th https://*.google.jo https://*.google.com.qa https://*.google.kz https://*.google.com.ar https://*.google.tn https://*.google.li https://*.google.sk https://*.google.com.vn https://*.google.ae https://*.google.lv https://*.google.co.kr https://*.google.bf https://*.google.ro https://*.google.co.il https://google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com  https://googleads.g.doubleclick.net https://www.googletagmanager.com *.vimeocdn.com https://*.outbrain.com https://*.roeye.com https://www.wepowerconnections.com userlike-store-media-files.s3.amazonaws.com www.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com ct.pinterest.com bat.bing.com *.zenaps.com *.awin1.com googleads.g.doubleclick.net www.etracker.de id5-sync.com s.thebrighttag.com beacon.krxd.net *.google.de *.google.com ads.creative-serving.com *.uimserv.net *.adnxs.com ups.analytics.yahoo.com visitor.omnitagjs.com *.ad.smaato.net matching.ivitrack.com exchange.mediavine.com  *.taboola.com *.stickyadstv.com criteo-sync.teads.tv cm.adform.net sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.emxdgt.com criteo-partners.tremorhub.com sync.outbrain.com *.3lift.com *.smartadserver.com ads.yahoo.com *.casalemedia.com *.bidswitch.net *.twiago.com contextual.media.net match.sharethrough.com *.pubmatic.com cdn.stickyadstv.com *.adscale.de ad.360yield.com sp.analytics.yahoo.com ad.yieldlab.net cotads.adscale.de *.criteo.com *.liadm.com pixel.rubiconproject.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.awin1.com *.bing.com *.cloudfront.net stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com www.google.com www.google.de www.googletagmanager.com *.usercentrics.eu *.adfarm1.adition.com *.adition.com  *.pinterest.com pixel.mathtag.com *.adnxs.com checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ *.mey.com *.clarity.ms app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu 'self' data: 'self' 'unsafe-inline';script-src *.googleusercontent.com https://*.ggpht.com https://*.gstatic.com https://*.googleapis.com www.instagram.com platform.instagram.com player.vimeo.com charger-v2.trbo.com static.trbo.com api-v4.trbo.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net *.vimeocdn.com www.vimeo.com vimeo.com https://*.roeyecdn.com https://tagmanager.google.com https://googletagmanager.com https://www.googletagmanager.com https://*.outbrain.com ct.pinterest.com https://*.criteo.com *.zenaps.com *.awin1.com collect.mey.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cdn.polyfill.io www.googleoptimize.com browser.sentry-cdn.com *.etracker.de *.etracker.com *.google.de *.google.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googletagmanager.com *.adyen.com *.googleapis.com www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.adform.net *.amazon.com js.adsrvr.org www.awin1.com bat.bing.com *.dt51.net *.cloudfront.net googleads.g.doubleclick.net www.dwin1.com connect.facebook.net www.google.com *.google-analytics.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com static.shopgate.com the.sciencebehindecommerce.com tagmanager.google.com *.usercentrics.eu *.kuponacdn.de app.theadx.com browser-update.org pixel.mathtag.com pptest.payengine.de *.adnxs.com static.criteo.net s.pinimg.com sslwidget.criteo.com *.clarity.ms *.mey.com *.google.com *.gstatic.com app.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval';style-src https://fonts.googleapis.com static.trbo.com https://tagmanager.google.com https://googletagmanager.com https://www.googletagmanager.com *.adobe.com fonts.googleapis.com *.usercentrics.eu *.cloudfront.net *.mey.com *.googleapis.com *.gstatic.com app.usercentrics.eu 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline';media-src *.cdninstagram.com www.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net *.adobe.com blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src https://*.gstatic.com https://*.googleapis.com www.instagram.com platform.instagram.com *.cdninstagram.com vimeo.com player.vimeo.com data.trbo.com newsletter-api.trbo.com api-v4.trbo.com *.snplow.net commerce.adobedc.net *.adobe.io https://www.google.com https://google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://player.vimeo.com vimeo.com http://bat.bing.net https://*.outbrain.com www.userlike.com userlike-cdn-web.b-cdn.net umd.userlike.com wss://umd.userlike.com ct.pinterest.com https://*.etracker.de https://*.criteo.com https://*.wepowerconnections.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj  https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb  https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa  https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://collect.mey.com https://*.googletagmanager.com *.addressy.com maps.googleapis.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com sentry.mey.netz98.org eu-api.friendlycaptcha.eu www.etracker.de www.facebook.com www.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.g.doubleclick.net mey.dvinci-hr.com bam.eu01.nr-data.net the.sciencebehindecommerce.com *.usercentrics.eu aggregator.service.usercentrics.eu bat.bing.com *.pinterest.com *.google-analytics.com *.maps.googleapis.com *.mey.com *.cloudfront.net *.clarity.ms www.googletagmanager.com app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu blob: 'self' 'unsafe-inline';child-src userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com http: https: blob: 'self' 'unsafe-inline';default-src https://*.outbrain.com https://*.clarity.ms https://c.bing.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';base-uri 'self' 'unsafe-inline';report-uri https://sentry.mey.netz98.org/api/2/security/?sentry_key=81ac2c0efc304bedbb370dc8e745b346&sentry_environment=stage3;report-to csp-endpoint; 1
object-src 'none';; script-src 'self' 'nonce-cIbxeRmuTk2FiEnJzswIDV15AAxLrJsUv5vgH86PI80=' 'strict-dynamic' 'unsafe-inline' https: http:;; base-uri 'self' https://*.qbrick.com/;; connect-src 'self' https://cdn.cookielaw.org https://*.datablocks.se https://geolocation.onetrust.com https://*.in.applicationinsights.azure.com; report-uri /api/csp/report/; report-to csp-endpoint 1
default-src 'self'           *.ponycanyon.co.jp;         font-src 'self'           *.ponycanyon.co.jp           fonts.gstatic.com           data:;         form-action 'self'           *.ponycanyon.co.jp;         worker-src 'self'           blob:           *.ponycanyon.co.jp           cdnjs.cloudflare.com;         connect-src 'self'           *.ponycanyon.co.jp           *.google-analytics.com           *.analytics.google.com           *.googletagmanager.com           *.g.doubleclick.net           *.google.com           www.google.co.jp 	  *.clarity.ms;         frame-src 'self'           *.ponycanyon.co.jp           www.youtube.com           td.doubleclick.net 	  www.googletagmanager.com           open.spotify.com 	  embed-cdn.spotifycdn.com;         img-src *;         media-src 'self'           blob:           *.ponycanyon.co.jp;         script-src 'self'           'unsafe-inline'           *.ponycanyon.co.jp           ajax.aspnetcdn.com           cdn.jsdelivr.net           cdnjs.cloudflare.com           *.googletagmanager.com           *.google.com           www.google-analytics.com           ad.jp.ap.valuecommerce.com 	  *.clarity.ms 	  embed-cdn.spotifycdn.com;         style-src 'self'           'unsafe-inline'           *.ponycanyon.co.jp           cdn.jsdelivr.net           cdnjs.cloudflare.com           fonts.googleapis.com           tagmanager.google.com;         report-uri https://csp-log.ponycanyon.co.jp/; 1
default-src 'self'; img-src 'self' files.booktrust.org.uk; script-src 'self' 'nonce-Z2dodmFnampreHZvaXlmaGZhcmxxZWpncXFucnJwZ3d6dnpy' cdn.jsdelivr.net/npm/; style-src 'self' 'unsafe-inline'; connect-src 'self' *.algolia.io *.algolia.net; frame-src 'self' 'nonce-Z2dodmFnampreHZvaXlmaGZhcmxxZWpncXFucnJwZ3d6dnpy'; 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com 'self' data: cdnjs.cloudflare.com fonts.bunny.net cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ servicepoints.sendcloud.sc c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.googletagmanager.com widget.trustpilot.com www.google.com consentcdn.cookiebot.com www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com tacstack.com *.krale-wholesale.com *.krale.shop static.pay.nl 'self' data: www.snapengage.com lh3.ggpht.com imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.google.com www.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com embed.sendcloud.sc js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net servicepoints.sendcloud.sc widget.trustpilot.com storage.googleapis.com www.snapengage.com static.widget.trengo.eu consent.cookiebot.com consentcdn.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com assets.braintreegateway.com fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.snapengage.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com log.pinterest.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bam.nr-data.net bam-cell.nr-data.net www.snapengage.com api.widget.trengo.eu ws-eu.pusher.com consentcdn.cookiebot.com *.krale.shop 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.krale-wholesale.com *.krale.shop tacstack.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dJa0vTOjXeyZxo_ixrWrDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/wallet_google 1
worker-src blob: 'self'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.cloudinary.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.narvar.com *.narvar.qa *.abtasty.com cdnjs.cloudflare.com *.yottaa.net use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com cloudinary.com *.cloudinary.com 'self' facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com forms.hsforms.com globalshopex.com api.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.krxd.net *.attn.tv 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.klarna.com facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.certcapture.com forms.hsforms.com scrubsandbeyond.ytuz.net cdn.krxd.net ct.pinterest.com *.studentbeans.com globalshopex.com *.attn.tv *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com cloudinary.com *.cloudinary.com blob: *.klarna.com *.klarnaevt.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa *.ometria.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.certcapture.com *.abtasty.com aa.agkn.com *.amazonaws.com *.payments-amazon.com *.bing.com *.clarity.ms *.foregenix.com maps.gstatic.com maps.googleapis.com forms.hsforms.com track.hubspot.com nova.collect.igodigital.com logs-01.loggly.com www.ojrq.net scrubsandbeyond.ytuz.net beacon.krxd.net *.pinterest.com *.px-cloud.net track.sv.rkdms.com www.scrubsandbeyond.com track.securedvisit.com *.yottaa.net fonts.gstatic.com events.attentivemobile.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com unpkg.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.googleapis.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.certcapture.com *.abtasty.com bat.bing.com www.clarity.ms cnstrc.com maps.googleapis.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsforms.net *.hs-scripts.com *.igodigital.com utt.impactcdn.com d.impactradius-event.com *.krxd.net action.media6degrees.com js-agent.newrelic.com s.pinimg.com assets.pinterest.com cdn.roirevolution.com *.securedvisit.com seoab.io cdn.studentbeans.com *.yottaa.net rapid-cdn.yottaa.com *.yottaa-prod.com globalshopex.com cdn.noibu.com *.attn.tv *.yotpo.com swellrewards.com *.swellrewards.com platform.twitter.com *.ometria.com https://cdn.amplitude.com https://www.scrubsandbeyond.com https://tkzgz.scrubsandbeyond.com https://globalshopex.com https://cdn.ometria.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app cloudinary.com *.cloudinary.com *.googleapis.com unpkg.com *.klarnacdn.net *.fontawesome.com *.google.com *.gstatic.com assets.braintreegateway.com *.certcapture.com *.abtasty.com *.yottaa.net use.typekit.net p.typekit.net www.googletagmanager.com ometria.email *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com cloudinary.com *.cloudinary.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com/pay pay.google.com *.certcapture.com *.amazonaws.com *.abtasty.com bat.bing.com *.clarity.ms stats.g.doubleclick.net accounts.google.com fonts.googleapis.com maps.googleapis.com forms.hubspot.com forms.hsforms.com scrubsandbeyond.ytuz.net api.ipify.org www.iplocate.io *.ingest.sentry.io ct.pinterest.com *.px-cloud.net seoab.io storage.googleapis.com event-service-jtdpxp3bfa-ew.a.run.app *.yottaa.net https://*.cnstrc.com cdn.noibu.com input.noibu.com wss://input.noibu.com https://api.scrubsandbeyond.com/api/locations *.attn.tv events.attentivemobile.com tkzgz.scrubsandbeyond.com *.yotpo.com swellrewards.com *.swellrewards.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-d3T5JvxkRkuKsyH5Gpf5zg==' https://*.adyen.com https://*.adyenpayments.com https://*.bambuser.com https://*.cevoid.com https://*.contentsquare.net https://*.doubleclick.net https://*.klarna.com https://*.klarnacdn.net https://*.kustom.co https://*.taboola.com https://*.usercentrics.eu https://analytics.tiktok.com https://api.unifaun.com https://assets.voyado.com https://bat.bing.com https://chat.kindlycdn.com https://connect.facebook.net https://ct.pinterest.com https://gallery.cevoid.com https://google-analytics.com https://pay.google.com https://s.pinimg.com https://t.contentsquare.net https://tr.snapchat.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagservices.com https://ad.doubleclick.net https://modules.ecomid.com; style-src 'self' 'unsafe-inline' https: data:; connect-src 'self' https://*.az.contentsquare.net https://*.bambuser.com https://*.cevoid.com https://*.contentsquare.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://www.google.com https://*.google.se https://*.klarna.com https://*.kindly.ai https://*.kustom.co https://*.snapchat.com https://*.taboola.com https://*.tiktok.com https://*.usercentrics.eu https://*.kappahl.com https://*.newbie.com https://analytics-ipv6.tiktokw.us https://api.cevoid.com https://api.klarna.com https://api.raygun.io https://api.screen9.com https://api.unifaun.com https://assets.voyado.com https://bat.bing.com https://bat.bing.net https://bot.kindly.ai https://cdn.raygun.io https://chat.kindlycdn.com https://checkout-test.adyen.com https://checkout.adyen.com https://checkoutanalytics-test.adyen.com https://checkoutshopper-test.cdn.adyen.com https://checkoutshopper-test.cdn.adyen.com/ https://checkoutanalytics-live.adyen.com https://ct.pinterest.com https://dc.services.visualstudio.com https://gallery.cevoid.com https://google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pay.google.com https://qcdn.screen9.com https://qcnl.tv https://statsapi.screen9.com https://t.contentsquare.net https://t1.voyado.com https://wapi.lipscore.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.pinterest.com https://www.sandbox.paypal.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://modules.ecomid.com https://events.ecomid.com https://api.ecomid.com https://sockjs-eu.pusher.com; frame-src 'self' https://*.adyen.com https://*.adyenpayments.com https://*.bambuser.com https://*.doubleclick.net https://*.klarna.com https://*.klarnacdn.net https://*.kustom.co https://*.usercentrics.eu https://checkout.klarna.com https://ct.pinterest.com https://pay.google.com https://*.kappahl.com https://*.newbie.com https://tr.snapchat.com https://www.googletagmanager.com https://www.sandbox.paypal.com https://modules.ecomid.com https://www.facebook.com; img-src 'self' data: https: blob:; media-src 'self' blob: data: https:;font-src 'self' https: data:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; report-uri /csp-report; 1
default-src 'self'; script-src 'self' 'report-sample' 'strict-dynamic' https://ajax.googleapis.com/ https://api.tiles.mapbox.com/ https://cdn.nolt.io/ https://cdn.statuspage.io/ https://cdn.tiny.cloud/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://j1h014tryv29.statuspage.io/ https://static.zdassets.com/ https://www.googletagmanager.com/ 'nonce-YWJqRGsyd1RRaTItamt6WndFb2x1QUFBQUJV'; object-src 'none'; style-src 'self' 'report-sample' 'strict-dynamic' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'nonce-YWJqRGsyd1RRaTItamt6WndFb2x1QUFBQUJV'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; base-uri 'self'; img-src 'self' data: https://sp.tinymce.com https://api.tiles.mapbox.com; frame-src 'self' https://j1h014tryv29.statuspage.io; media-src 'self' https://static.zdassets.com; connect-src 'self' https://ekr.zdassets.com https://omnilert.zendesk.com wss://widget-mediator.zopim.com; report-uri https://afiwlxkn53.execute-api.us-east-1.amazonaws.com/latest/csp_reports; report-to https://afiwlxkn53.execute-api.us-east-1.amazonaws.com/latest/csp_reports; 1
default-src 'self' https://*.zorgdomein.nl; style-src 'self' 'unsafe-inline' https://*.zorgdomein.nl https://fonts.googleapis.com https://*.wootric.com https://*.wootric.eu; script-src 'self' 'nonce-958beb091f01174bf48737f447133d75' https://*.zorgdomein.nl https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.wootric.com https://*.wootric.eu https://*.googleapis.com; img-src https://* 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src https://*.zorgdomein.nl wss://*.zorgdomein.nl https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.wootric.com https://*.wootric.eu; frame-src 'self' https://*.zorgdomein.nl https://*.quicksight.aws.amazon.com *.google.com http: https:; report-uri /api/v1/report-uri; font-src 'self' https://*.zorgdomein.nl https://fonts.gstatic.com data:; base-uri 'self' 1
default-src 'self' https: data: wss: http: umbraco.tv packages.umbraco.org our.umbraco.org; block-all-mixed-content; form-action https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com umbraco.tv packages.umbraco.org our.umbraco.org code.jquery.com fonts.googleapis.com use.typekit.net unpkg.com cdn.jsdelivr.net ajax.aspnetcdn.com kit.fontawesome.com www.googletagmanager.com www.recaptcha.net www.google.com www.google-analytics.com www.gstatic.com js.authorize.net jstest.authorize.net;font-src 'self' https: data: fonts.gstatic.com use.typekit.net kit-pro.fontawesome.com;img-src 'self' https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net www.goole-analytics.com www.gstatic.com www.googletagmanager.com;media-src https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net;style-src 'self' 'unsafe-inline' https: data: use.typekit.net p.typekit.net fonts.googleapis.com kit-pro.fontawesome.com unpkg.com cdn.jsdelivr.net; 1
default-src 'nonce-37dce841d39df00841b8091ba5797f82' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.slant.co *.userway.org eadn-wc05-14712294.nxedge.io *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.instagram.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://td.doubleclick.net widget.usersnap.com *.googletagmanager.com *.doubleclick.net https://plumrocket.com landofcoder.com *.google.com/ *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.agkn.com *.doubleclick.net *.facebook.com *.google.com *.nexcesscdn.net *.pricespider.com *.sitescout.com *.userway.org *.pixel.ad eadn-wc05-14712294.nxedge.io *.reddit.com *.google-analytics.com *.googletagmanager.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nakanohito.jp/b3/bi.js *.addthis.com *.crazyegg.com *.doubleclick.net *.elfsight.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.klevu.com *.mapbox.com *.noibu.com *.pricespider.com *.userway.org d31qbv1cthcecs.cloudfront.net *.krxd.net *.pixel.ad *.sitescout.com *.owneriq.net eadn-wc05-14712294.nxedge.io widget.usersnap.com resources.usersnap.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com https://ajax.cloudflare.com *.kaptcha.com landofcoder.com *.avada.io *.google.com/ *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com assets.braintreegateway.com *.mapbox.com *.pricespider.com *.userway.org eadn-wc05-14712294.nxedge.io *.tagmanager.google.com *.googletagmanager.com *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net https://js.klevu.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.addthis.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com *.mapbox.com *.noibu.com wss://input.noibu.com *.pricespider.com *.userway.org *.pixel.ad *.agkn.com *.sitescout.com *.owneriq.net *.elfsight.com eadn-wc05-14712294.nxedge.io widget.usersnap.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com *.kaptcha.com landofcoder.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://86c8b4f9-cefc-4184-9926-360586b833fe.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.loginwithamazon.com https://*.doubleclick.net https://cdn-cookieyes.com https://js.hs-scripts.com https://js.hs-banner.com https://js.usemessages.com https://js.hsadspixel.net https://js.hs-analytics.net https://snap.licdn.com https://*.zdassets.com https://*.facebook.net https://*.c-ctrip.com https://*.quantummetric.com https://*.scriptcdn.net https://*.alipayobjects.com https://*.navahididi.com https://cdn.brightwrite.com https://cdn.brightwrite-staging.com https://*.fullstory.com https://fullstory.com https://*.xcover.com; connect-src 'self' https://*.sentry.io https://sentry.io https://*.amazonaws.com https://*.amazon.com https://*.google.com https://google.com https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.sv https://*.google.com.ph https://*.googleapis.com https://*.google-analytics.com https://*.google.ae https://*.google.at https://*.google.be https://*.google.ch https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.hu https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.co.id https://*.google.co.jp https://*.google.co.kr https://*.google.com.my https://*.google.com.tr https://*.google.com.tw https://*.google.co.uk https://*.google.co.za https://*.doubleclick.net https://*.linkedin.com https://*.hubapi.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.brightwrite.com https://brightwrite-data.com https://*.fullstory.com https://*.hubspot.com https://*.adyen.com https://*.zdassets.com https://*.xcover.com https://*.covergenius.biz https://*.zendesk.com https://*.hsforms.com blob: https://browser-intake-datadoghq.eu https://*.datadoghq.eu; img-src 'self' https: data:; font-src 'self' https: data:; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://*.amazon.com https://*.doubleclick.net https://*.adyen.com https://*.web.app https://*.xcover.com; upgrade-insecure-requests; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pube2daa5996f2fad21d085fd09ecccdd5d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Axcover-website%2Ccluster-group%3Axcover%2Cenv%3Aproduction 1
connect-src 'self' https://analytics.tiktok.com https://api.hubspot.com https://app.clearbit.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://content.hotjar.io https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://px.ads.linkedin.com https://script.crazyegg.com https://www.google-analytics.com https://www.google.com https://edge.api.brightcove.com https://bat.bing.com/ https://manifest.prod.boltdns.net https://sdl.brightcovecdn.com https://logx.optimizely.com https://*.optimizely.com; default-src 'self'; font-src 'self' data: https://use.typekit.net https://*.optimizely.com; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://www.facebook.com https://calendly.com https://forms.hsforms.com https://a5098497884553216.cdn.optimizely.com https://a5098497884553216.cdn-pci.optimizely.com; img-src 'self' data: https://bat.bing.com https://forms-na1.hsforms.com https://ib.adnxs.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://secure.adnxs.com https://track.accountinsight.cloud https://track.hubspot.com https://www.facebook.com https://www.google.com https://www.google.com.ua https://metrics.brightcove.com https://www.googletagmanager.com https://cf-images.us-east-1.prod.boltdns.net https://cdn.optimizely.com https://app.optimizely.com; media-src 'self' blob:; script-src 'self' 'nonce-uQeJTK4JyBd5w27qVuv6AA==' https://a.dpmsrv.com https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://cm.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net https://ib.adnxs.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hubspot.com https://js.usemessages.com https://s.dpmsrv.com https://script.crazyegg.com https://script.hotjar.com https://serve.nrich.ai https://snap.licdn.com https://st.getsitecontrol.com https://static.hotjar.com https://tag.clearbitscripts.com https://widgets.getsitecontrol.com https://www.googletagmanager.com https://x.clearbitjs.com https://assets.calendly.com https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://players.brightcove.net wss://ws.hotjar.com/ https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://assets.calendly.com https://*.optimizely.com https://app.optimizely.com; worker-src 'self' blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/sre_google 1
object-src 'none';base-uri 'self';script-src 'nonce-6Tv0uJhyAUGl7wFirndEVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securepubads.g.doubleclick.net https://*.doubleclick.net https://www.googletagmanager.com https://googletagmanager.com https://www.google.com https://www.gstatic.com https://static.hotjar.com https://*.hotjar.com https://connect.facebook.net https://us-assets.i.posthog.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' data: blob: https://firebasestorage.googleapis.com https://storage.googleapis.com https://*.join1440.com https://fourteen40stg.wpengine.com https://fourteen40dev1.wpenginepowered.com https://jqvdgh9urmxngnuf.public.blob.vercel-storage.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://*.doubleclick.net https://*.hotjar.com https://www.facebook.com; connect-src 'self' https://*.ingest.us.sentry.io https://us.i.posthog.com https://us-assets.i.posthog.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://securepubads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://recaptcha.google.com https://www.youtube.com https://*.doubleclick.net https://td.doubleclick.net https://vars.hotjar.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://o4506299638087680.ingest.us.sentry.io/api/45101541501%2082912/security/?sentry_key=dfba577501c8a15356facdc5f69a70df 1
object-src 'none';base-uri 'self';script-src 'nonce-30TpkHK5aDYFH_b8q7XMaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-qLAxO5fYTtNYSWdk2A1GdKBNsFDXrwkT' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.google.com https://*.logic.azure.com/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/   https://intelisearch.azurewebsites.net https://directline.botframework.com https://websearchproxy.azure-api.net wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https://www.googletagmanager.com; connect-src 'self' https: 1
frame-src 'self' *.adyen.com *.ingrid.com *.googletagmanager.com *.google.com *.consentmanager.net *.bigcontent.io *.cloudflare.com *.klarna.com *.facebook.com *.ahlens.se *.klarnaservices.com; script-src 'self' abtasty.com *.abtasty.com bing.com *.bing.com bloomreach.com *.bloomreach.com cdn-apple.com *.cdn-apple.com cloudflare.com *.cloudflare.com consentmanager.net *.consentmanager.net doubleclick.net *.doubleclick.net facebook.net *.facebook.net getflowbox.com *.getflowbox.com google.com *.google.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com ingrid.com *.ingrid.com klarnacdn.net *.klarnacdn.net maps.googleapis.com *.maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=SktD_3UylKNL3120v7Srf4h_ODEsa7ypkFrId1tkMfc-1773714812.123915-1.0.1.1-6gcOK4yluHyZtISjSkj2liukXTZelkghiDO94l2ooUKa8FHxog2QL7mr2Kp8_i.wGDDxLGIjvvks1yUSd7nOTm4oxCwtlymAQM2VJjdlEl3wA2c8qhyktWoHdlfSCkIwSnfusl1kWLGSVkBNLNtcfJ5ykGEjEKuHWmP7l2oj599CtPMukjJfttw6XuMkPcZW; report-to cf-vusqwqckujqxriwa 1
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vivapayments.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: https://www.google.gr https://www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com *.findbar.io magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.designer-images.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com upload.wikimedia.org cdn.octocom.ai data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com https://v2.zopim.com https://go.linkwi.se https://skroutza.skroutz.gr *.skroutz.gr https://static.zdassets.com *.addthis.com *.google-analytics.com https://*.octocom.ai cdn.stat-track.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.vivapayments.com *.findbar.io *.disqus.com *.avada.io *.stat-track.com polyfill.io *.moosend.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.octocom.ai fonts.googleapis.com *.findbar.io maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.moosend.com *.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com www.apptrian.com *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.zdassets.com https://ianos-chat.zendesk.com https://www.merchant-center-analytics.goog *.zopim.com widget-mediator.zopim.com https://region1.google-analytics.com/ wss://*.zopim.com wss://widget-mediator.zopim.com *.googlesyndication.com *.doubleclick.net https://*.octocom.ai www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com *.findbar.io https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com wss://*.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ogBK78a8HPUFAeFnkmhHuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https: policy.app.cookieinformation.com; font-src https:; frame-src https:; img-src 'self' data: https:; manifest-src 'self' https:; media-src 'self' https:; script-src 'unsafe-inline' https: maps.google.com; style-src 'unsafe-inline' https:; worker-src https:; base-uri https:; form-action https:; frame-ancestors 'self' https:; report-uri https://ing.dk/log-report-uri/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-or7L8lUWVbApaBlzJXSrAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-YHNMTNRcFAW3_M19aH0mlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-93x9xJt1DTKaUMPQhUOVMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-X_9_e_Q_z275gQQ-zKC2bA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'report-sample' 'self' 'unsafe-inline' data: blob: *.skeb.jp *.imgix.net challenges.cloudflare.com *.pay.jp *.s3.ap-northeast-1.amazonaws.com misskey.io *.misskeyusercontent.jp www.gravatar.com *.twimg.com t.co static.ads-twitter.com analytics.twitter.com analytics.google.com *.gstatic.com *.gstatic.cn fonts.googleapis.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.recaptcha.net *.sentry.io *.algolia.net *.algolianet.com cdn.plyr.io cdn.bsky.app *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;report-to csp-violation-report 1
object-src 'none'; script-src 'self' 'report-sample' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.recaptcha.net maps.googleapis.com; style-src 'self' 'report-sample' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobe.com *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.doubleclick.net *.hubspot.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.clickagy.com *.adsrvr.org *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.usemessages.com *.hubspotfeedback.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.adsrvr.org *.cloudfront.net js.authorize.net *.authorize.net 'self' * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.google.ca *.google.co.in *.adobe.com *.adobedtm.com *.crazyegg.com *.licdn.com *.facebook.net *.facebook.com *.zoominfo.com *.clickagy.com *.adsrvr.org *.linkedin.com *.hubspot.com *.hubapi.com *.trustpilot.com *.cloudfront.net js.authorize.net *.authorize.net *.4over.com 'self' t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self' https: wss: ws:; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/cross-storage@1.0.0/dist/hub.min.js https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://*.services.atlassian.com https://code.jquery.com/jquery-3.6.0.min.js https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://translate.googleapis.com/_/translate_http/_/js/ https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://js.intercomcdn.com https://widget.intercom.io/widget/ https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://js.stripe.com https://meet.jit.si https://bam.nr-data.net 'sha256-u8Qc9T1x0D5Z/CHTQ498yO/+i2ySExBMOwf4RL2t4WI=' 'sha256-FV4wGfcn2NrqSJwtGQUWZ2Ie5XrIVKqtnc6g2gmRRco=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-N6H1UNp6u4dhUx+FZUQMMcXz17KIEWQw+ZVCPp4d3Zo=' 'sha256-qyYeb40S0YW7zrzwvSX5SEThkjXxwfWSwDp+FlCY0ic=' 'sha256-XHhqFY/vlAF49XCJL4Eg+ttSAnGAobln30utBWOcPhU=' 'sha256-L8u6aiCFdh23FnTLOjO9T7p6zkSJPTaOzZoZUz9OnVQ=' 'sha256-ZMCyrJrkz95Pmv4GzcpT7uihWvUib4x2CFIKGfMsuYU=' 'sha256-ffGUIypjdVM8v7ybOzYmI52fKI8S9IVsUI1OqyrUw8Q=' 'sha256-4qVpzn2Bx0qK9KtIsF/n3VVomtjXD/qPqKpKFNRrMWY=' 'sha256-eETIIu3VZ7EA7inGoTk/IDe2GZACdmowaBuJOhm6Bik=' 'nonce-f290fd2019b04ceaa51be0b49496ed6b'; style-src 'self' 'unsafe-inline' https://*.opsgeni.us https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.googleapis.com/css2 data:; img-src 'self' data: https:; font-src 'self' https://og-frontend.stg-east.frontend.public.atl-paas.net/assets/ https://fonts.intercomcdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.app.opsgeni.us https://*.opsgeni.us https://*.atlassian.net chrome-extension://dmjofbngkpnmmiccjhikngiodkbofnpc chrome-extension://deejhllflojhohbeechaicbcofamcbkp; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/og-frontend; report-to csp-default-endpoint; connect-src 'self' https: wss: ws:; object-src 'none'; frame-src 'self' https://*.opsgeni.us https://intercom-sheets.com https://*.atlassian.com https://*.opsgenie.com https://js.stripe.com https://reporting.opsgenie.com https://www.google.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-H7FWeA1OkX6qa4mtpcFl_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://22c8dc48-d20f-4b81-a782-677a04e4a778.sansec.watch/; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://naver.github.io https://player.vimeo.com https://unpkg.com https://www.gstatic.com https://heritagefund.matomo.cloud/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://naver.github.io https://player.vimeo.com https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://code.highcharts.com https://naver.github.io; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net/ https://code.highcharts.com https://naver.github.io; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net api.mundipagg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page api.mundipagg.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.mundipagg.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src          'self'          'report-sample'          'unsafe-inline'          'unsafe-eval'               https://*.zohocdn.com          https://static.zohocdn.com.cn       https://*.zohostatic.com          https://*.zohowebstatic.com          https://*.zoho.com          https://salesiq.zoho.com          https://cdn.pagesense.io;         report-uri https://logsapi.zoho.com/csplog?service=creator; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.bootstrapcdn.com *.gstatic.com *.typekit.net *.hotjar.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.gstatic.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com *.doubleclick.net *.leasestation.com *.kaptcha.com *.google.com *.google.co.in *.networkmerchants.com *.paypalobjects.com *.cdn-btsg.com *.audioeye.com *.milwaukeetool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net *.ddlnk.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net *.ohiopowertool.com https://seal-centralohio.bbb.org *.google.com *.google.co.in *.bing.com *.clarity.ms *.amazonaws.com *.shareasale.com *.nexmart.com *.noibu.com *.cdn-btsg.com *.quickspark.com *.bazaarvoice.com https://arttrk.com/ *.hotjar.com *.userway.org *.ojrq.net *.linkedin.com https://cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com www.apptrian.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com utt.impactcdn.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox-assets.secure.checkout.visa.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://www.dwin1.com https://seal-centralohio.bbb.org *.bing.com *.quickspark.com *.doubleclick.net *.clarity.ms *.nr-data.net *.newrelic.com *.google.com *.networkmerchants.com *.milwaukeetool.com *.noibu.com *.cdn-btsg.com *.pricespider.com *.hotjar.com *.audioeye.com *.impactcdn.com *.online-metrix.net *.userway.org *.gstatic.com *.licdn.com https://cdn.cookielaw.org *.roeyecdn.com *.epigraph.cloud https://www.ohiopowertool.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com *.mailchimp.com *.bootstrapcdn.com *.quickspark.com *.networkmerchants.com *.gstatic.com *.googleapis.com *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com *.doubleclick.net *.clarity.ms *.nr-data.net *.networkmerchants.com *.bing.com *.noibu.com wss://*.noibu.com *.cdn-btsg.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.audioeye.com *.sjv.io *.userway.org *.linkedin.com https://cdn.cookielaw.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com strict-dynamic http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Px9paJ8yZuhjWhqgNokSOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'nonce-wTi88gY+Q9dtPhx0eHWrUg==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=5389f06e-4239-4c84-9757-fb77fb8fc5b5; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src 'self' http: https://*-chcf-wp.pantheonsite.io/ https://chcf-wp.ddev.site https://*.addthis.com https://*.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' http: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://*.addthis.com https://*.google-analytics.com https://*.ytimg.com https://*.moatads.com https://*.doubleclick.net https://*.addthisedge.com https://cdnjs.cloudflare.com; style-src 'unsafe-inline' http: https://*.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://*.youtube.com; img-src 'self' http: data: https://*.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.google-analytics.com; connect-src 'self' https://*.google-analytics.com https://*.bookingbug.com https://geolocation.onetrust.com https://*.cookielaw.org https://fonts.googleapis.com https://ajax.googleapis.com https://jnn-pa.googleapis.com *.addtoany.com; font-src 'self' data: fonts.gstatic.com use.typekit.net use.fontawesome.com bespoke.bookingbug.com; media-src 'self' *.youtube.com *.vimeo.com *.akamaized.net; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.soundcloud.com *.facebook.com *.vimeo.com *.addtoany.com *.infogram.com *.simplecast.com; worker-src 'self'; manifest-src 'self'; navigate-to 'self'; prefetch-src 'self'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-C3W5D3HnCphKlo4i82B7NQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors 'self'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src https://www.googletagmanager.com; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=gmb5DBSprDgSC..QWMkAWH0Tym48VgHzfc1PxZEt7mo-1773713310-1.0.1.1-.Je.CnQ8XDon2fb.8ggABJIUfzHZC8PO0.22yPRW8SyHx7kz1S_FdmE_ciEXutVpaY1GtZRL5uZzBkQm29W_9o3ODJAuiIpze_LRkTHbt8g7BS1do4hW1JZCA.ssovqQoX1Oc_o361BILYPAahvQj21ljMrSvvl8GglG5U50u12YOuHijrHvHUjAn45gSB.w; report-to cf-csp-endpoint 1
frame-src 'none' 1
script-src 'nonce-RxF7y8399OEw+He+o/nvhw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=b6a01339-77a1-4364-9b63-cb12f5d038d6; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
script-src-elem 'self' *.googletagmanager.com https://*.mopinion.com https://integration.occ7.mtel.eu https://connect.facebook.net https://snap.licdn.com https://www.clarity.ms https://c.clarity.ms/ https://www.youtube.com https://static.doubleclick.net https://api.evolveip.eu/ChatWebAzure/EipChat.js 'nonce-kUT5MexAg40aM1fw9mxnt1xlk//Q6zxnJGD3Y9SsadU='; script-src 'self' 'unsafe-eval' *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net 'sha256-TqjM/ocl9Ih4hsJxBuYJi9DiPkAJnBID1b5nkiBEnYI=' 'sha256-vemytl4W5Qmww8+4p7ijbNPmvDbs6GPIf7CXCwtOWgc=' 'nonce-kUT5MexAg40aM1fw9mxnt1xlk//Q6zxnJGD3Y9SsadU='; report-uri /umbraco/api/csp/report; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://cdn.faceworks.nl https://*.mopinion.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.mopinion.com https://edge.cookieconsent.io; img-src 'self' mijn.s-bb.nl *.googletagmanager.com px.ads.linkedin.com https://www.facebook.com https://edge.cookieconsent.io https://www.toegankelijkheidsverklaring.nl; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; frame-src 'self' youtube.com www.youtube.com; manifest-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.mopinion.com https://*.clarity.ms https://api.cookieconsent.io https://px.ads.linkedin.com https://connect.facebook.net https://api.evolveip.eu https://ukaz-web01f.ccaas.enghouse.cloud/scripts/ChatExtension.dll 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-kedgmId1DnyqTVs2kJm9r/65'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://*.ozmoapp.com https://*.modeaondemand.com https://*.contentsquare.net https://edge.api.flagsmith.com https://*.kaptcha.com https://*.ctfassets.net https://*.freedommobile.ca https://*.appdynamics.com https://*.contentful.com https://*.eum-appdynamics.com https://*.googleapis.com https://tags.tiqcdn.com https://*.lpsnmedia.net https://*.tealiumiq.com  https://*.qualtrics.com https://*.gstatic.com https://*.cardinalcommerce.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ca https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.t.co https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.adswizz.com https://*.exelator.com https://*.tapad.com https://*.spatialbuzz.com https://*.spatialbuzz.net https://*.niceincontact.com https://d31hajf7vfnsd2.cloudfront.net; frame-src 'self' https://quebecor.satmetrix.com https://www.googletagmanager.com https://cxone.niceincontact.com https://web-modules-de-ca1.niceincontact.com https://asset.gomoxie.solutions https://dnyepvvjamjdg.cloudfront.net https://www.youtube.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.freedommobile.ca https://*.lpsnmedia.net https://*.kaptcha.com https://*.spatialbuzz.com https://*.spatialbuzz.net; worker-src 'self' blob:; frame-ancestors 'self' https://*.freedommobile.ca; 1
default-src 'self' 'unsafe-inline' data: *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net unpkg.com *.wistia.net;upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-src https:; object-src 'none'; base-uri 'self'; 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
default-src https://*.hint.com 'self' https://static.hsappstatic.net; img-src 'self' https://*.hint.com https://www.facebook.com https://app.hubspot.com https://*.hsforms.com https://avatars.hubspot.net https://static.hsappstatic.net https://www.google.com https://www.google.com https://t.co https://www.google-analytics.com https://analytics.twitter.com https://facebook.com https://heapanalytics.com https://p.typekit.net https://px.ads.linkedin.com https://www.google.com/ads https://www.facebook.com/tr https://track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://313589.fs1.hubspotusercontent-na1.net https://platform.twitter.com https://platform.linkedin.com/in.js  https://js.hsleadflows.net https://script.hotjar.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://js.hs-scripts.com https://app.hubspot.com https://www.google-analytics.com https://static.ads-twitter.com https://cdn.heapanalytics.com https://connect.facebook.net https://my.hellobar.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsadspixel.net https://hsleadflows.net https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://static.hsappstatic.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com https://use.typekit.net https://cdn2.hubspot.net https://p.typekit.net https://fast.fonts.net https://px.ads.linkedin.com; object-src 'self'; font-src 'self' https://2562809.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://cdn2.hubspot.net https://use.typekit.net; connect-src 'self' https://forms.hscollectforms.net https://forms.hscollectforms.net https://js.hs-banner.com https://api.hubapi.com https://www.google-analytics.com https://*.hubspot.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net; frame-src https://platform.twitter.com https://www.google.com 1
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/lottie-web/5.8.1/lottie.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/player.js 'sha256-FSevH+aW1elUrWYqKfiu3xdrYlsrq1pzbI5VpKisyLM='; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://o969560.ingest.sentry.io https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; img-src https: data:; manifest-src 'self'; media-src 'self' https://assts.stories.sc https://player.vimeo.com https://*.vimeocdn.com; report-uri https://o969560.ingest.sentry.io/api/5920728/security/?sentry_key=e6ced77cc723478fad969f5f3ba00b06 worker-src 'none'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com https://www.google.com https://www.gstatic.com https://tags.tiqcdn.com; connect-src 'self'  https://api.www.homebank.ro https://api.homebank.ro https://cdn.ing.com https://*.googlevideo.com https://jnn-pa.googleapis.com https://analytics.homebank.ro https://ingbankromania.sc.omtrdc.net; img-src 'self' https://analytics.homebank.ro https://dealwise-static.homebank.ro https://dw-static.homebank.ro https://i.ytimg.com https://yt3.ggpht.com https://ing.ro https://www.ing.ro data: blob:; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://securepay.ing.ro; child-src 'self'; form-action 'self'; upgrade-insecure-requests; frame-src 'self' https:; media-src https://*.googlevideo.com blob:; 1
default-src 'self'; script-src 'self' https://agrilife.org; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://agrilife.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-HX8x1pXD46_Fe7jb-RrwKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.wgprod.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms s.yimg.jp cdn.taboola.com ; style-src 'self' 'unsafe-inline' *.wargaming.net *.wgprod.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.wgprod.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com s.yimg.jp https://*.worldoftanks.com https://*.worldoftanks.eu https://*.worldoftanks.asia https://*.wgcdn.co https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.com.ua https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms s.yimg.jp https://collect.worldoftanks.asia https://content-wg.gcdn.co https://api.worldoftanks.asia https://bat.bing.com ; font-src 'self' *.wargaming.net *.wgprod.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net *.wgprod.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net *.wgprod.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net *.wgprod.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Kz1G0ufRjC0trNIaRb9jZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' *.google.com *.nr-data.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io https://*.jquery.com https://*.google.com https://*.gstatic.com https://*.storage.googleapis.com https://js-agent.newrelic.com *.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: *.newrelic.com; script-src-elem 'self' https://*.pendo.io *.newrelic.com *.googleapis.com; img-src 'self' https://*.pendo.io https://myhealthrecord.com:9999 https://*.myhealthrecord.com:9999 https://*.greenwayhealth.com:9999 https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com blob data:; font-src 'self' https://fonts.gstatic.com https://*.greenwayhealth.com https://*.login.greenwayhealth.com https://*.authstagingpoc.aws.greenwayhealth.com https://*.gisdev.aws.greenwayhealth.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://*.storage.googleapis.com https://*.googleapis.com https://myhealthrecord.com:9999 https://*.myhealthrecord.com:9999 https://*.greenwayhealth.com:9999 https://pendo-static-4979136297566208.storage.googleapis.com *.googleapis.com https://*.pendo.io; style-src-elem 'self' *.googleapis.com https://pendo-static-4979136297566208.storage.googleapis.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.greenwayhealth.com:9004 https://*.myhealthrecord.com https://bam.nr-data.net https://bam-cell.nr-data.net *.nr-data.net https://phprod-patient-specific-documents.s3.amazonaws.com *.googleapis.com https://pendo-static-4979136297566208.storage.googleapis.com; frame-src 'self' https://*.instamed.com https://*.aws.greenwayhealth.com https://*.google.com https://*.pendo.io; report-uri https://api.myhealthrecord.com/PortalAPI/v1/CspReporting/LogCspReport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com wss://*.twilio.com *.snapchat.com media.twiliocdn.com flex-api.twilio.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com *.doubleclick.net connect.facebook.net sc-static.net *.snapchat.com media.twiliocdn.com flex-api.twilio.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com wss://*.twilio.com *.analytics.google.com *.google-analytics.com *.snapchat.com media.twiliocdn.com flex-api.twilio.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com *.doubleclick.net *.snapchat.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_test_environments_or_csp-report-only_header_in_live 1
frame-src *.force.com https://player.vimeo.com 'self' https://stats.g.doubleclick.net https://gmocloudcommunity.force.com *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://b99.yahoo.co.jp https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.co.jp *.cybersource.com *.youtube.es https://www.domainking.jp *.adis.ws https://www.wadax.ne.jp https://jpn160.sfdc-p1i6qd.salesforce.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://www.google.com https://pay.google.com https://analytics.google.com *.vimeo.com *.youtube.jp bcove.video *.youtube.fr https://altus.gmocloud.com https://*.a.forceusercontent.com https://player.cloudinary.com https://dnsck.gmocloud.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com *.youtube.nl https://service.force.com/embeddedservice/ https://faq.wadax.ne.jp https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://translation.googleapis.com *.youtube.com.br https://icl.dns.ishioka.xyz *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://gmogshd-ch.file.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net *.youtube.ca https://location.force.com *.vidyard.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://support.gmocloud.com https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://www.rapidsite.jp *.youtube.pl; report-to sfdc-csp-ep; report-uri https://gmogshd-ch.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D10000000Hq6P&networkId=0DM5F00000001rL&type=communities 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'   *.cloudflare.com   *.bing.com   *.rfihub.net   *.boomtrain.com   *.cookielaw.org   *.facebook.net   *.doubleclick.net   *.derbysoftsec.com   *.rezync.com   *.cdn.digitaloceanspaces.com   *.azds.com   *.sojern.com   *.quantcount.com   *.crazyegg.com   *.quantserve.com   *.cloudflareinsights.com   *.stackadapt.com   *.google-analytics.com   *.googletagmanager.com   *.tiqcdn.com   *.stripe.com   *.googleapis.com   *.gstatic.com   *.google.com   *.callrail.com   *.googleadservices.com   *.yimg.com   *.simpli.fi   *.matomo.cloud   plausible.io   *.umami.is   *.posthog.com   *.threatspike.com   *.qvdt3feo.com   *.montage.com;  script-src-elem 'self' 'unsafe-inline'   *.cloudflare.com   *.bing.com   *.rfihub.net   *.boomtrain.com   *.cookielaw.org   *.facebook.net   *.doubleclick.net   *.derbysoftsec.com   *.rezync.com   *.cdn.digitaloceanspaces.com   *.azds.com   *.sojern.com   *.quantcount.com   *.crazyegg.com   *.quantserve.com   *.cloudflareinsights.com   *.stackadapt.com   *.google-analytics.com   *.googletagmanager.com   *.tiqcdn.com   *.stripe.com   *.googleapis.com   *.gstatic.com   *.google.com   *.callrail.com   *.googleadservices.com   *.yimg.com   *.simpli.fi   *.montage.com   *.storage.googleapis.com   plausible.io   *.matomo.cloud   *.sc-static.net   *.posthog.com   *.threatspike.com   *.umami.is   *.infird.com   *.hotjar.com   *.upsellit.com   *.redditstatic.com   blob:;  connect-src 'self'   *.azds.com   *.boomtrain.com   *.callrail.com   *.cookielaw.org   *.crazyegg.com   *.doubleclick.net   *.facebook.com   *.g.doubleclick.net   *.google-analytics.com   google.com   *.google.com.mx   *.google.com   *.google.de   *.googleadservices.com   *.googletagmanager.com   *.googleapis.com   *.google.co.uk   *.onetrust.com   *.sojern.com   *.stackadapt.com   *.tiqcdn.com   *.myhotelshop.de   *.awsapprunner.com   *.run.app   *.letsway.com   *.bing.com   *.bing.net   *.googlesyndication.com   *.matomo.cloud   *.umami.dev   *.yimg.com   plausible.io   *.pendry.com   *.posthog.com   *.yoast.com   *.launchdarkly.com   *.geoedge.com   *.adsrvr.org   *.yoast.com   *.cloudfront.net   *.adform.net   *.adnxs.com   *.tiktokw.us   *.tiktok.com   *.browsekeeper.com   *.redditstatic.com   *.reddit.com   *.overbridgenet.com   *.montage.com   data:;  frame-src 'self'   *.doubleclick.net   *.facebook.com   *.googletagmanager.com   *.google.com   *.pcibooking.net   *.rfihub.net   *.rfihub.com   *.sojern.com   *.stripe.com   *.azds.com   *.zscalerthree.net   *.truetour.app   truetour.app   visitingmedia.com   *.vimeo.com   *.formcrafts.com   *.ibotta.com   *.contextall.com   *.canyonsdistrict.org   *.ggusd.us   *.menlosecurity.com   *.zscaler.net   *.snapchat.com   *.montage.com   blob:;  style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; media-src * 'self' data:; manifest-src * 'self'; worker-src 'self' blob:; child-src 'self' blob:;  report-uri https://cfe87652b26de6b69f71ed43bef9cf37.report-uri.com/r/d/csp/reportOnly; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Nj_LFfXo1_lwcPWTGeCDyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 1
frame-ancestors 'self' https://*.ispe.org https://*.ispefoundation.org https://*.platformsh.site; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';report-uri /csp-report 1
default-src 'self';base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/;connect-src 'self' https://api.cz.nl https://app.talkjs.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://czgroep.piwik.pro https://dev.visualwebsiteoptimizer.com https://js.monitor.azure.com https://westeurope-5.in.applicationinsights.azure.com;font-src 'self' data:;frame-src 'self' https://consentcdn.cookiebot.com https://overzicht.cz.nl;frame-ancestors 'self';img-src 'self' https://6005850.global.siteimproveanalytics.io https://d6tizftlrpuof.cloudfront.net https://dev.visualwebsiteoptimizer.com https://imgsct.cookiebot.com;manifest-src 'self';media-src 'self' https://cdn.talkjs.com;object-src 'self';script-src 'self' https://cdn.talkjs.com https://cdstatic-sc.cz.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com/consentconfig/ https://czgroep.containers.piwik.pro/ppms.js https://dev.visualwebsiteoptimizer.com https://inzicht.cz.nl/containers/ https://siteimproveanalytics.com/js/ https://w.usabilla.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdstatic-sc.cz.nl 'unsafe-inline';worker-src 'self' blob:; 1
frame-ancestors 'self' *.andrew.com; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.chaordicsystems.com *.useinsider.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://accounts.google.com https://www.facebook.com https://login.live.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.criteo.com *.criteo.net *.chaordicsystems.com *.googletagmanager.com *.doubleclick.net *.prospin.com.br *.facebook.com *.useinsider.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com.br *.prospin.com.br *.criteo.com *.freshchat.com *.bat.com *.bing.com *.linximpulse.net *.linximpulse.com *.chaordicsystems.com *.doubleclick.net *.smartadserver.com *.taboola.com *.tremorhub.com *.bidswitch.net *.media.net *.adnxs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.liadm.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.clmbtech.com *.3lift.com *.adgrx.com *.agkn.com *.unrulymedia.com *.teads.tv *.1rx.io *.wikimedia.org *.clarity.ms *.hotjar.com *.useinsider.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.googletagmanager.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.addtoany.com *.fw-cdn.com *.google.com *.google.com.br 'self' data: 'self' *.linximpulse.net *.prospin.com.br *.bing.com *.clarity.com *.clarity.ms *.criteo.com *.chaordicsystems.com *.doubleclick.net *.hotjar.com *.useinsider.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.useinsider.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.com.br *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.chaordicsystems.com *.linximpulse.net *.linximpulse.com *.prospin.com.br *.clarity.ms *.criteo.com *.hotjar.com *.hotjar.io *.useinsider.com *.merchant-center-analytics.goog *.facebook.com *.google-analytics.com https://ipinfo.io/json *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.chaordicsystems.com 'self' 'unsafe-inline'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-AGXGVRjxocpkgbxojhKqvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-w3TC1aMtUr4cx81KTomfGw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=13104ac4-55ba-4967-9584-69462d940f81; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
frame-ancestors 'self'; report-uri https://www.gq.com.au/csp-reports 1
form-action 'report-sample' 'self' 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'   https://www.googletagmanager.com   https://www.google-analytics.com   https://static.cloudflareinsights.com   https://cdn.onesignal.com   https://api.onesignal.com   https://accounts.google.com   https://cdn.apple-mapkit.com; connect-src 'self'   https://www.google-analytics.com   https://region1.google-analytics.com   https://feature-flag.fazwaz.tech   https://accounts.google.com   https://api.onesignal.com   https://cdn.apple-mapkit.com   https://gsp10.apple-mapkit.com; img-src 'self' data: https: https://img.fazwaz.com; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://cdn.fazwaz.com; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.p.zjptg.com https://www.dwin2.com https://www.googletagmanager.com https://www.google-analytics.com https://*.kqzyfj.com https://*.anrdoezrs.net https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' https://howtostartanllc.com https://logomakercdn.truic.com https://www.facebook.com https://*.pxf.io data:; frame-src https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; 1
connect-src  'unsafe-inline' https: https://chat.tendertech.ru  wss://chat.tendertech.ru:7272 https://blacklist.tendertech.ru https://storage.tendertech.ru 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-0no5F1sf4C0JZJDmwz7uKQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://mhi-uk.uriports.com/reports/report; report-to default 1
default-src 'self'; script-src 'self' 'nonce-0OkYqV6X_hnVkdd1knIXsEI_EXgj0I5vKQPCRAXUmRjWu0UC3QM3Dg' data: https://api-web.educagri.fr *.google-analytics.com https://www.googletagmanager.com https://analytics-sc.institut-agro.fr https://player.vimeo.com 'report-sample' https://ajax.googleapis.com/ https://analytics-sc.institut-agro.fr/; style-src-attr 'unsafe-inline' 'self' 'report-sample' data: https://api-web.educagri.fr https://use.fontawesome.com *.ckeditor.com; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://api-web.educagri.fr https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://www.youtube.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.data.sigea.educagri.fr *.dailymotion.com *.genially.com *.view.genial.ly https://view.genial.ly *.arteradio.com *.calameo.com *.facebook.com https://www.google.com https://fermewikisagro.fr *.francetv.fr; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://api-web.educagri.fr; connect-src 'self' data: https://api-web.educagri.fr *.google-analytics.com https://analytics-sc.institut-agro.fr https://analytics-sc.institut-agro.fr/; style-src 'self' 'report-sample' data: https://api-web.educagri.fr https://fonts.googleapis.com https://use.fontawesome.com; script-src-elem 'self' 'nonce-0OkYqV6X_hnVkdd1knIXsEI_EXgj0I5vKQPCRAXUmRjWu0UC3QM3Dg' data: https://api-web.educagri.fr *.google-analytics.com https://www.googletagmanager.com https://analytics-sc.institut-agro.fr https://player.vimeo.com 'report-sample'; report-uri https://cem.educagri.fr/api/csp/0/FE 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=88VvDpx0pIY.D_nvYcXb1OsDz2aSXooak.PjOxjfz5g-1773709285-1.0.1.1-SheQeLqJA3YumJ42.wYVuU5b8RCjT2LeY8vdXcr.V065Sdai9ONS2hi.Zxe.lf2cKpVZn4JtTPdClhCfqGam3o7IU8SZqIsCcY1LgXoCfOZdYNk12D5DRccY7L2G5sZiKXmyEdNn8If3EC0IHZOHpLBddQahpubgsaj5DP1P4ZI; report-to cf-csp-endpoint 1
font-src maxcdn.bootstrapcdn.com data: https://*.cloudflare.com *.typekit.net *.googleapis.com https://*.authorize.net https://*.cardinalcommerce.com https://*.trustedshops.com https://*.tawk.to https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.facebook.com/ https://ct.pinterest.com/ https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; frame-ancestors data: 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net js.stripe.com www.google.com https://www.youtube.com https://www.google.com https://www.google.ro https://www.google.bg https://www.facebook.com/ https://*.cardinalcommerce.com https://*.authorize.net https://*.paypal.com https://*.sandbox.paypal.com https://*.hotjar.com https://*.pinterest.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.tawk.to https://s7.addthis.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com ct.pinterest.com data: https://*.cloudflare.com https://cdn.klarna.com https://www.magecomp.com https://*.paypal.com www.paypalobjects.com https://*.sandbox.paypal.com https://*.g.doubleclick.net https://*.vimeocdn.com https://s.ytimg.com https://*.usercentrics.eu https://*.magentocommerce.com https://www.google.ro https://www.google.com https://*.tawk.to https://cdn.jsdelivr.net https://*.cdninstagram.com  https://*.xx.fbcdn.net www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net http://seal.alphassl.com/ https://secure.trust-provider.com https://ssl.comodo.com https://feedback.trusted.ro https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com maps.gstatic.com maps.google.com https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net https://*.google.com https://sslseal.certum.pl/ *.collect.igodigital.com flagpedia.net cdn1.themarketer.com 'self' 'unsafe-inline'; script-src https://*.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com https://*.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.stripe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com https://*.cloudflare.com https://*.google.com *.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com maps.googleapis.com https://*.trustedshops.com https://*.usercentrics.eu https://*.cardinalcommerce.com https://*.googleadservices.com https://googleadservices.com https://*.authorize.net https://*.paypalobjects.com https://*.ytimg.com *.braintreegateway.com *.signifyd.com https://connect.facebook.net https://embed.productlead.me https://chimpstatic.com https://*.tawk.to https://*.hotjar.com https://*.getsitecontrol.com https://*.g.doubleclick.net https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ http://seal.alphassl.com/ https://secure.trust-provider.com https://cdn.jsdelivr.net https://s.pinimg.com https://*.pinterest.com https://*.paypal.com https://*.sandbox.paypal.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.collect.igodigital.com *.avada.io cdn1.themarketer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com https://*.cloudflare.com https://*.trustedshops.com https://*.usercentrics.eu https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.tawk.to https://cdn.jsdelivr.net https://*.googleapis.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://static.xpertbeauty.ro https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com ct.pinterest.com https://*.cloudflare.com https://*.paypal.com https://*.cardinalcommerce.com www.facebook.com *.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.productlead.me wss://*.productlead.me www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net https://stats.g.doubleclick.net https://bam.eu01.nr-data.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com https://s7.addthis.com https://api-public.addthis.com https://in.hotjar.com https://vc.hotjar.io maps.googleapis.com https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net www.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://*.xpertbeauty.ro/; report-to report-endpoint; 1
script-src *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.googletagmanager.com *.hotjar.com 'unsafe-inline' *.mouseflow.com; img-src js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net *.hsforms.net *.hsforms.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.mouseflow.com; connect-src *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mouseflow.com; frame-src *.hubspot.com play.hubspotvideo.com *.hubspot.net *.hsforms.net *.mouseflow.com; style-src cdn2.hubspot.net *.harmonicinc.com; child-src *.hsforms.com *.mouseflow.com; font-src *.hotjar.com *.hotjar.io *.mouseflow.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nUTfwLxPYxqJ5Co5kGAqGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' https://cdn-cookieyes.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https:; connect-src 'self' https://api.hubapi.com https://forms.hsforms.com https://www.google-analytics.com https://analytics.google.com; frame-src https://js.hsforms.net; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://forms.hsforms.com; 1
object-src  'none'; connect-src 'self' *.puretaboo.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.puretaboo.com join.gammasecure.com; script-src 'self' *.puretaboo.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.puretaboo.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
script-src 'nonce-NWAuTdMIaDXGMIj_lz4DTQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' https: http: 'nonce-a1d6610c-0bb7-4536-bd97-34188f223b02' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr; connect-src 'self' http://demo.safti.local:12081 https://googleads.g.doubleclick.net https://*.clarity.ms https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://api.privacy-center.org https://bo.safeti-immobilien.de/api https://bo.safti.es https://bo.safti.es/api/highlightblock https://bo.safti.es/api/saftiblock https://bo.safti.fr https://bo.safti.fr/api/highlightblock https://bo.safti.fr/api/saftiblock https://clarity.ms https://google-analytics.com https://google.com https://googletagmanager.com https://maps.googleapis.com https://new-immo-group.app https://new-immo-group.dev https://safeti-immobilien.de https://safti.es https://safti.fr https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr; img-src 'self' data: *.new-immo-group.app *.new-immo-group.dev http://demo.safti.local:9873 https://*.clarity.ms https://*.leadsmonitor.io https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://c.bing.com https://clarity.ms https://leadsmonitor.io https://maps.googleapis.com https://maps.gstatic.com https://nig-aws-preprod-bien-photo.s3.eu-west-3.amazonaws.com https://nig-aws-prod-bien-photo.s3.eu-west-3.amazonaws.com https://photo.safeti-immobilien.de https://purecatamphetamine.github.io https://safeti-immobilien.de https://safti.es https://safti.fr https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.es https://www.google.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://*.new-immo-group.dev; worker-src 'self' blob:; frame-src 'self' https://*.alainbossard.fr https://*.bien-estimer-safti.fr https://*.cloudpano.com https://*.dailymotion.com https://*.facebook.com https://*.floorfy.com https://*.google.com https://*.istaging.com https://*.klapty.com https://*.matterport.com https://*.nodalview.com https://*.previsite.com https://*.previsite.net https://*.provirtualvisit.com https://*.rhinov.pro https://*.ricohtours.com https://*.youtu.be https://*.youtube.com https://alainbossard.fr https://bien-estimer-preprod.new-immo-group.app/ https://bien-estimer-safti.fr https://cloudpano.com https://dailymotion.com https://facebook.com https://floorfy.com https://google.com https://istaging.com https://klapty.com https://login.microsoftonline.com/ https://matterport.com https://nodalview.com https://oauth2-proxy.new-immo-group.app/ https://*.new-immo-group.dev https://*.new-immo-group.app https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-preprod-safti-de.new-immo-group.app https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://player.vimeo.com https://previsite.com https://previsite.net https://provirtualvisit.com https://rhinov.pro https://ricohtours.com https://td.doubleclick.net https://tour.giraffe360.com https://youtu.be https://youtube.com https://play.danim.com/ http://localhost:*; frame-ancestors 'self' http://*.safti-fr.localhost http://safti-fr.localhost https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://*.safti.fr https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://safeti-immobilien.de https://safti.es https://safti.fr; media-src 'self' https://*.safti.es https://*.safti.fr https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; object-src 'self' https://*.safti.es https://*.safti.fr https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; manifest-src 'self' *.new-immo-group.dev *.new-immo-group.app https://*.safeti-immobilien.de/ https://*.safti.es https://*.safti.fr https://*.safti.fr https://safeti-immobilien.de https://safti.es https://safti.fr 1
default-src 'self'; script-src 'self' 'nonce-W6JSjcM3H0xLo8+0zszclg==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.be *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.be; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://matomo.eah-jena.de/matomo.js https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://www.studycheck.de https://*.typo3.org https://https//www.studycheck.de/%2A https://matomo.eah-jena.de/matomo.php; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www2.hochschulsport.eah-jena.de; connect-src 'self' data: https://*.openstreetmap.org https://www.eah-jena.de https://matomo.eah-jena.de; media-src 'self' blob:; font-src 'self' data:; style-src blob: data: 'self' 'unsafe-inline' 'report-sample'; worker-src blob: 'report-sample'; report-uri https://www.eah-jena.de/@http-reporting?csp=report&requestTime=1773716459693300&requestHash=d8bc2a7b9e991fa15a2e7f8ccb503b574421da94 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.klarnacdn.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.klarna.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://cdn.ingrid.com/ https://js.klarna.com/ https://js.playground.kustom.co/ https://js.live.kustom.co/ https://td.doubleclick.net/ https://widget.imbox.io/ https://widget-launcher.imbox.io/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.klarna.com/ https://js.playground.kustom.co/ https://js.live.kustom.co/ bat.bing.com bat.bing.net cdn-cookieyes.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com bat.bing.com bat.bing.net cdn-cookieyes.com *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.klarnacdn.net *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.klarna.com/ https://js.playground.kustom.co/ https://js.live.kustom.co/ region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com www.google.com/ccm/collect log.cookieyes.com cdn-cookieyes.com bat.bing.com bat.bing.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://26dd9fdb-d1ae-4de1-a1b1-9eeb5fbcd903.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-w-DXNrPEMDGLK4JSYLQIBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-Y1wWUI1d4qGp/2DrC7OBqA==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.co.uk *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.co.uk; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://internationalepolitik.de https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net https://fonts.gstatic.com; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org https://audio.podigee-cdn.net https://sign.dgap.dev https://www.helpmundo.de https://www.helpdirect.org https://tube.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' https://www.google.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://sign.dgap.dev; report-uri https://dgap.org/en/system/reporting/default; report-to default 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-da9fb8053e2a57ca4053ca942645907a' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://dev.visualwebsiteoptimizer.com 'nonce-de12c4b40a8d85aeaac451f12232f788' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-de12c4b40a8d85aeaac451f12232f788';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=hp-vhp-mfe%401.358.3&sentry_environment=prod 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.doubleclick.net *.facebook.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * customer-jo4fg3675hw5zuyf.cloudflarestream.com gum.criteo.com fledge.eu.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.feedaty.com cdn.flbx.io *.cloudfront.net *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com customer-jo4fg3675hw5zuyf.cloudflarestream.com www.gstatic.com a.omappapi.com matching.ivitrack.com x.bidswitch.net sync-t1.taboola.com sync.outbrain.com zendesk.com sgtm.jeannebaret.com campagnolo1715786198.zendesk.com www.google.it sync.1rx.io ib.adnxs.com rtb.csync.smartserver.com r.casalemedia.com gum.criteo.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com *.dmxleo.com *.smartadserver.com *.omnitagjs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.feedaty.com *.getflowbox.com *.iubenda.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com static.zdassets.com cdn.clerk.io customer-jo4fg3675hw5zuyf.cloudflarestream.com cdn.iubenda.com api.clerk.io cs.iubenda.com js-agent.newrelic.com embed.cloudflarestream.com www.google.com www.gstatic.com dynamic.criteo.com a.omappapi.com static.hotjar.com sslwidget.criteo.com script.hotjar.com ecomm.sella.it sandbox.gestpay.net pod-29.zendesk.com sgtm.jeannebaret.com sgtm.cmpsport.com mn.cmpsport.com mn.melby.it connect.facebook.net https://static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.feedaty.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com www.gstatic.com a.omappapi.com cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.feedaty.com *.getflowbox.com *.iubenda.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com region1.google-analytics.com ekr.zdassets.com customer-jo4fg3675hw5zuyf.cloudflarestream.com api.openweathermap.org cmp.zendesk.com bam.nr-data.net idb.iubenda.com region1.analytics.google.com api.omappapi.com gum.criteo.com measurement-api.criteo.com wss://pod-29.zendesk.com sgtm.jeannebaret.com campagnolo1715786198.zendesk.com www.google.it connect.facebook.net *.doubleclick.net mn.cmpsport.com mn.melby.it 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.nr-data.net *.criteo.net *.cloudflarestream.com *.cloudflare.com *.clerk.io *.cmpsport.com *.melby.it *.zdassets.com *.chimpstatic.com *.iubenda.com *.zendesk.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; form-action *.cardinalcommerce.com *.paypal.com www.sandbox.paypal.com *.amazon.com *.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.googletagmanager.com *.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.paypal.com www.sandbox.paypal.com player.vimeo.com *.google.com *.braintreegateway.com google.com js.stripe.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.net www.commercepartnerhub.com assets.braintreegateway.com plumrocket.com *.authorize.net *.artifi.net www.googleadservices.com assets.pinterest.com ct.pinterest.com www.paypalobjects.com i.liadm.com *.securly.com gateway.zscalerthree.net ep2.adtrafficquality.google 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.newrelic.com *.nr-data.net *.authorize.net *.commerce-payment-services.com *.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klaviyo.com fast.a.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.shopify.com *.sandbox.braintreegateway.com *.popt.in *.cloudflare.com celebrosnlp.com *.celebros-analytics.com *.artifi.net maps.googleapis.com www.googletagservices.com cdn.gladly.qa cdn.gladly.com *.monetate.net *.visualwebsiteoptimizer.com *.cloudfront.net s.pinimg.com bat.bing.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.pinterest.com cdn.noibu.com *.hotjar.com b-code.liadm.com secure.merchantadvantage.com *.celebros.com ep2.adtrafficquality.google static.currentcatalog.com currentc-ac.celebros.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.currentcatalog.com/pr-csp/report/add/; report-to report-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-zSsluaufh7KoEeLtqxmxyQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'self' https://analytics.tiktok.com https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn-4.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cdn.ometria.com https://script.hotjar.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://p.teads.tv https://s.pinimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://widget.trustpilot.com https://www.bing.com https://js.klarna.com https://payments.worldpay.com https://rum-static.pingdom.net https://www.awin1.com https://www.dwin1.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://app.convert.com https://ct.pinterest.com https://no-cdn.convertexperiments.com https://r.bing.com https://apis.google.com https://js.playground.klarna.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.ssl.ak.dynamic.tiles.virtualearth.net https://www.flyingflowers.co.uk https://www.interflora.ie https://www.interflora.co.uk https://www.paypal.com https://static.zdassets.com 'report-sample'; script-src-attr 'self'; script-src-elem 'self' https://cdn-4.convertexperiments.com https://www.paypal.com https://tr.snapchat.com https://atlas.microsoft.com https://static.zdassets.com https://www.googletagmanager.com https://www.dwin1.com https://widget.trustpilot.com https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://s.pinimg.com https://rum-static.pingdom.net https://js.klarna.com https://googleads.g.doubleclick.net https://ct.pinterest.com https://connect.facebook.net https://cdn.ometria.com https://cdn.debugbear.com https://cdn.cookielaw.org https://bat.bing.com https://analytics.tiktok.com https://payments.worldpay.com; connect-src 'self' https://hpp.worldpay.com https://tr.snapchat.com https://tr6.snapchat.com https://*.metrics.convertexperiments.com https://ekr.zdassets.com https://ad.doubleclick.net https://analytics.tiktok.com https://ask.hotjar.io https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cm.teads.tv https://content.hotjar.io https://ct.pinterest.com https://data.debugbear.com https://googleads.g.doubleclick.net https://in.hotjar.com https://insights.algolia.io https://l.teads.tv https://logs.convertexperiments.com https://metrics.hotjar.io https://msn7pvpzhu-1.algolianet.com https://msn7pvpzhu-2.algolianet.com https://msn7pvpzhu-3.algolianet.com https://msn7pvpzhu-dsn.algolia.net https://stats.g.doubleclick.net https://surveystats.hotjar.io https://t.teads.tv https://trk.ometria.com https://unpkg.com https://vc.hotjar.io https://widget.trustpilot.com wss://ws.hotjar.com https://www.bing.com https://www.facebook.com https://media.interflora.co.uk https://apis.google.com https://cdn.ometria.com https://geolocation.onetrust.com https://payments.worldpay.com https://privacyportal-eu.onetrust.com https://rum-collector-2.pingdom.net https://rum-static.pingdom.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://uksouth-0.in.applicationinsights.azure.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://o4506853695881216.ingest.us.sentry.io https://*.playground.klarnaevt.com https://adservice.google.com https://cdn-4.convertexperiments.com https://connect.facebook.net https://js.klarna.com https://js.playground.klarna.com https://oc.klarnaevt.com https://eu.klarnaevt.com https://region1.analytics.google.com https://analytics.google.com https://api.edq.com https://bat.bing.net https://dev.virtualearth.net https://translate.googleapis.com https://translate-pa.googleapis.com https://www.google.co.uk https://na.klarnaevt.com https://atlas.microsoft.com https://na.klarnaevt.com https://www.interflora.ie https://www.flyingflowers.co.uk https://dc.services.visualstudio.com https://www.awin1.com https://www.googleadservices.com https://wepowerconnections.com https://fonts.gstatic.com https://google.com https://www.paypal.com https://analytics-ipv6.tiktokw.us https://www.sandbox.paypal.com https://cdn.media.amplience.net https://o24547.ingest.sentry.io; style-src 'self' 'unsafe-inline'; frame-src 'self' https://tr.snapchat.com https://*.fls.doubleclick.net https://match.adsrvr.org https://ct.pinterest.com https://hpp.worldpay.com https://js.klarna.com https://payments.worldpay.com https://td.doubleclick.net https://widget.trustpilot.com https://www.awin1.com https://www.facebook.com https://js.klarna.com https://pay.klarna.com https://www.paypal.com https://www.googletagmanager.com https://www.sandbox.paypal.com; img-src 'self' data: https://www.interflora.co.uk https://media.interflora.co.uk https://ad.doubleclick.net https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cm.teads.tv https://connect.facebook.net https://googleads.g.doubleclick.net https://l.teads.tv https://stats.g.doubleclick.net https://t.teads.tv https://trk.ometria.com https://www.awin1.com https://www.bing.com https://www.facebook.com https://logs.convertexperiments.com https://adservice.google.com https://media.flyingflowers.co.uk https://translate.google.com https://www.flyingflowers.co.uk https://www.googletagmanager.com https://t.ssl.ak.dynamic.tiles.virtualearth.net https://interflora.a.bigcontent.io https://ade.googlesyndication.com https://www.wepowerconnections.com https://eu.fareye.co https://cdn.media.amplience.net https://media.interflora.ie https://www.interflora.ie https://fonts.gstatic.com https://www.google.co.uk https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.net https://analytics-ipv6.tiktokw.us https://google.com https://www.googleadservices.com; form-action 'self' https://payments.worldpay.com; worker-src 'self'; report-uri https://interflorauk.report-uri.com/r/t/csp/reportOnly;  1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.elecrow.com *.chromestatus.com *.bootcss.com maxcdn.bootstrapcdn.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com *.amazonaws.com *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://store.plumrocket.com cashier1.uat.useepay.com cashier.useepay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.elecrow.com *.shopify.com github.com *.githubusercontent.com *.wp.com *.imgur.com bitronics.store www.longan-labs.cc www.facebook.com elecrow.s3.us-west-1.amazonaws.com *.sharethis.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: blob: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google-analytics.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.facebook.net *.pinterest.com *.instagram.com *.dwin1.com *.livechatinc.com *.elecrow.com *.bootcdn.net *.googletagmanager.com *.doubleclick.net t.contentsquare.net *.awin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com s7.addthis.com *.fontawesome.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cashier.useepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.bootcss.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.elecrow.com *.googletagmanager.com *.doubleclick.net *.amazonaws.com *.wepowerconnections.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com assets.mxapis.com *.cloudfront.net www.gstatic.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.soundestlink.com www.gstatic.com assets.mxapis.com *.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.hotjar.com *.cloudflare.com *.doubleclick.net static.cloudflareinsights.com *.clarity.ms *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net *.googleapis.com;script-src-elem 'self' 'unsafe-inline' cdn.datatables.net static.cloudflareinsights.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.cloudflare.com *.doubleclick.net www.youtube.com pagead2.googlesyndication.com *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net;connect-src 'self' https://api.e-menessaptieka.lv *.nordcode.io *.google-analytics.com *.doubleclick.net *.google.com *.cookiebot.com *.bing.com *.googlesyndication.com *.clarity.ms *.facebook.com adservice.google.com graph.facebook.com www.googleadservices.com www.google.com www.google.lt www.google.lv googleadservices.com google.com google.lt google.lv pagead2.googlesyndication.com *.nosto.com *.sentry.io *.googleapis.com *.equalweb.com *.soundestlink.com *.dot.vu ams.creativecdn.com analytics.tiktok.com *.e-menessaptieka.lv *.moonmart.lt *.mxapis.com *.tiktokw.us;frame-src 'self' *.cookiebot.com *.doubleclick.net *.youtube.com accounts.google.com *.ladesk.com live.dot.vu ams.creativecdn.com cdn.mxapis.com;img-src 'self' data: https://api.e-menessaptieka.lv https://images.e-menessaptieka.lv *.klix.app *.cookiebot.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.google.com *.google.lt *.google.lv *.cloudflare.com *.tawk.to tawk.link *.hotjar.com *.soundestlink.com *.googleapis.com *.gstatic.com *.facebook.com *.youtube.com *.doubleclick.net *.dmxleo.com *.hotjar.com *.bing.com *.adform.net *.criteo.com *.clarity.ms *.demdex.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com googleads.g.doubleclick.net omnisnippet1.com csm.fr3.eu.criteo.net id5-sync.com ade.googlesyndication.com *.nosto.com *.appspot.com serve.mxapis.com *.e-menessaptieka.lv *.moonmart.lt www.googleadservices.com *.creativecdn.com static.salidzini.lv ema.ladesk.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.e-menessaptieka.lv https://images.e-menessaptieka.lv;report-uri https://api.e-menessaptieka.lv/csp/report 1
img-src 'self' staccwexerius.blob.core.windows.net cdn.xerius.be consentcdn.cookiebot.com *.cookiebot.com data: *.google-analytics.com www.googletagmanager.com xerius-prd-911.azureedge.net media.xerius.be media.accdesk.be media.myfamily.be media.xerius-lei.eu *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.ads.linkedin.com *.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.tiktok.com dev.visualwebsiteoptimizer.com *.clarity.ms *.bing.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.varify.io media.xerius.be media.accdesk.be media.myfamily.be media.xerius-lei.eu cxppusa1formui01cdnsa01-endpoint.azureedge.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com *.doubleclick.net fonts.gstatic.com www.googleoptimize.com www.googletagmanager.com *.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.facebook.com *.ads.linkedin.com *.linkedin.com cdn.xerius.be staccwexerius.blob.core.windows.net xerius-prd-911.azureedge.net www.youtube.com data: xerius.piwik.pro www.gstatic.com script.hotjar.com static.hotjar.com js.monitor.azure.com js.cdn.applicationinsights.io js.cdn.monitor.azure.com *.tiktok.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon trk.adbutter.net *.adnxs.com *.clarity.ms *.bing.com snap.licdn.com *.bannernow.com; worker-src 'none'; frame-ancestors 'self' auth.xerius.be 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.braintreegateway.com *.cardinalcommerce.com *.doubleclick.net *.dwin1.com *.facebook.net *.getwisp.co *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.helpscout.net *.klaviyo.com *.paypal.com *.roeyecdn.com *.trustpilot.com *.wisepops.com *.wisepops.net *.youtube.com cdn-cookieyes.com wisepops.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.gstatic.com; img-src 'self' data: *.awin1.com *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.paypal.com *.roeye.com *.wisepops.com *.youtube.com *.ytimg.com cdn-cookieyes.com image-charts.com; font-src 'self' *.fontawesome.com *.gstatic.com; frame-src 'self' *.bing.com *.braintreegateway.com *.cardinalcommerce.com *.doubleclick.net *.facebook.com *.getwisp.co *.google.com *.googletagmanager.com *.trustpilot.com *.wisepops.com *.wisepops.net *.youtube.com wisepops.net; connect-src 'self' *.bing.com *.bing.net *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.cookieyes.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googlesyndication.com *.helpscout.net *.klaviyo.com *.paypal.com *.wisepops.com *.wisepops.net cdn-cookieyes.com google.com wisepops.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; report-uri https://b965d175-0c60-4d34-b3f2-c7244d93f81a.sansec.watch/; media-src 'self'; object-src 'none'; worker-src 'self'; manifest-src 'self'; 1
frame-ancestors 'self'; object-src 'none'; report-to stott-security-endpoint; 1
object-src 'none'; script-src 'nonce-MA74FA9Obpe9caDULHPLm1CL' 'strict-dynamic' http: https:; base-uri 'none'; 1
base-uri 'self'; connect-src 'self' *.repco.com.au *.repco.co.nz *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com.au *.googleadservices.com *.doubleclick.net *.curalate.com *.adobedtm.com *.facebook.net *.facebook.com *.zip.co *.dxpapi.com api.edq.com *.hotjar.io *.hotjar.com bam-cell.nr-data.net bat.bing.com *.mktoutil.com *.cloudfront.net *.paypal.com *.braintree-api.com *.zipmoney.com.au gpc.d2.sc.omtrdc.net *.mktoresp.com *.marketo.com dpm.demdex.net *.bazaarvoice.com *.google.com google.com *.clarity.ms *.optimizely.com *.ibosscloud.com *.zdassets.com bam.nr-data.net *.zendesk.com wss://ws.hotjar.com wss://*.zendesk.com *.braintreegateway.com *.azurewebsites.net *.mouseflow.com *.adsrvr.org *.forter.com *.cdn.forter.com *.cardinalcommerce.com *.bing.net wss://*.forter.com siteperformancetest.net *.cardinaltrusted.com *.afterpay.com; default-src 'self'; font-src *.repco.com.au *.repco.co.nz 'self' fonts.gstatic.com data: *.zip.co *.mouseflow.com *.hotjar.com *.bazaarvoice.com; frame-src 'self' *.repco.com.au *.repco.co.nz cashrewards.go2cloud.org *.ibosscloud.com *.zip.co *.cybersource.com *.demdex.net *.doubleclick.net static.addtoany.com *.paypal.com *.hotjar.com *.youtube.com *.facebook.com nexuspublications.com.au *.bazaarvoice.com *.googletagmanager.com *.cdn.optimizely.com *.adsrvr.org *.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com; img-src 'self' *.atdmt.com *.repco.com.au *.repco.co.nz *.doubleclick.net *.youtube.com *.googleapis.com maps.gstatic.com *.zip.co *.afterpay.com *.ibosscloud.com www.paypalobjects.com i.ytimg.com *.curalate.com salefinder.co.nz *.salefinder.co.nz p.brsrvr.com dpm.demdex.net *.facebook.com *.facebook.net *.google.com.au *.google-analytics.com px.ads.linkedin.com *.google.com gpc.d2.sc.omtrdc.net *.bing.com cm.everesttech.net *.pinterest.com *.bazaarvoice.com data: *.zipmoney.com.au *.clarity.ms *.googletagmanager.com *.zendesk.com *.googleadservices.com *.paypal.com *.google.co.nz *.cloudfront.net *.bing.net *.optimizely.com; manifest-src 'self'; media-src 'self' *.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamiccatalogue.com.au *.mouseflow.com bat.bing.com www.gstatic.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.doubleclick.net *.google.com *.google.com.au *.zipmoney.com.au *.cybersource.com *.laybuy.com *.hotjar.com mpsnare.iesnare.com *.afterpay.com www.paypalobjects.com nexuspublications.com.au *.adobedtm.com *.marketo.com *.marketo.net cdn.brcdn.com cdn.jsdelivr.net *.facebook.net *.curalate.com bam-cell.nr-data.net *.cloudflare.com *.bazaarvoice.com *.youtube.com static.addtoany.com *.cloudfront.net js-agent.newrelic.com *.mktoutil.com *.salefinder.co.nz assets.pinterest.com data.stats.tools *.zip.co *.braintreegateway.com *.paypal.com *.googletagmanager.com *.optimizely.com *.clarity.ms *.ibosscloud.com *.zdassets.com *.zendesk.com *.repco.com.au *.repco.co.nz *.adsrvr.org *.preezie.com *.forter.com *.cdn4.forter.com *.cardinalcommerce.com static.client.cardinaltrusted.com hbiq.net; style-src 'unsafe-inline' 'self' *.googleapis.com *.cloudflare.com cdn.jsdelivr.net *.marketo.com *.bazaarvoice.com *.salefinder.co.nz *.zip.co; worker-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=unXUXVq.fH0nfPrWzw7gfdKmKQRm9SdL20ZYhXwqLTg-1773714394.3140738-1.0.1.1-AVdTtmduEQwXG5N_6lBZn6JUhOrAfkop5.4svWprjY4Ms9cGD14Dz0IuV0FLBWyg5kbiw_FxyKjPkNy0aLcPQrtmEbTynFGVa3XtYpXm6_yXCP1wDxim6qpWAykmJiSxo.EAjFob0i3CbLma2c3jk7Bq0UEO3krsGL3VWEa0lKphzDVPT0VrtQ60HYOTmMpi; report-to cf-wmgcowllcvhmqonj 1
default-src 'self'; script-src 'self' 'nonce-hEt9j3RRwNwZ98nqsDJClg==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.payneglasses.com ka-f.fontawesome.com fonts.googleapis.com *.alicdn.com cdnjs.cloudflare.com vtom.neox-lab.com www.vtlicensing.com *.loginwithamazon.com *.ssl-images-amazon.com https://static.klaviyo.com *.iadvize.com wss://ws.hotjar.com *.google.co.in *.criteo.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.pinimg.com *.istockphoto.com wss://*.iadvize.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://plumrocket.com https://accounts.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * self *.payneglasses.com payneglasses.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com https://www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com https://www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.payneglasses.com static.payneglasses.com payneglasses.com bat.bing.com google.com *.google.com ct.pinterest.com *.alicdn.com *.googleusercontent.com vtom.neox-lab.com www.vtlicensing.com *.loginwithamazon.com storage.needpix.com cdn.pixabay.com c1.peakpx.com cdn.stocksnap.io https://pagead2.googlesyndication.com https://www.googletagservices.com https://d3k81ch9hvuctc.cloudfront.net https://d2xo6khwzbhes8.cloudfront.net *.google.co.in pm.geniusmonkey.com ib.adnxs.com sync.1rx.io eb2.3lift.com ade.clmbtech.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com simage2.pubmatic.com sync.outbrain.com gum.criteo.com c.bing.com contextual.media.net idsync.rlcdn.com ad.360yield.com ads.stickyadstv.com cs.adingo.jp r.casalemedia.com tg.socdm.com cm.g.doubleclick.net x.bidswitch.net sync.targeting.unrulymedia.com *.agkn.com *.criteo.com *.v.fwmrm.net user-sync.fwmrm.net *.adsrvr.org *.yahoo.com match.prod.bidr.io public-prod-dspcookiematching.dmxleo.com *.pubmatic.com *.adform.net *.simpli.fi ad.turn.com pubmatic-match.dotomi.com www.facebook.com pixel-sync.sitescout.com sync.crwdcntrl.net sync.springserve.com sync.srv.stackadapt.com sync.ipredictive.com rtb.openx.net *.iadvize.com wss://ws.hotjar.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.pinimg.com *.istockphoto.com wss://*.iadvize.com https://*.trustpilot.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://accounts.google.com https://www.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payneglasses.com *.loginwithamazon.com *.ssl-images-amazon.com *.hotjar.com static.payneglasses.com payneglasses.com bat.bing.com *.pinimg.com analytics.tiktok.com kit.fontawesome.com *.iadvize.com *.alicdn.com cdnjs.cloudflare.com https://d2xo6khwzbhes8.cloudfront.net https://*.cloudfront.net *.facebook.net cdn.jsdelivr.net unpkg.com vtom.neox-lab.com www.vtlicensing.com cdn.convertcart.com pm.geniusmonkey.com static.criteo.net wss://ws.hotjar.com *.google.co.in *.criteo.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.istockphoto.com wss://*.iadvize.com https://*.trustpilot.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com https://accounts.google.com https://www.gstatic.com https://fonts.googleapis.com assets.braintreegateway.com *.payneglasses.com static.payneglasses.com payneglasses.com *.fastsimon.com ka-f.fontawesome.com *.typekit.net *.alicdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com vtom.neox-lab.com www.vtlicensing.com *.loginwithamazon.com *.ssl-images-amazon.com accounts.google.com *.iadvize.com wss://ws.hotjar.com *.google.co.in *.criteo.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.pinimg.com *.istockphoto.com wss://*.iadvize.com https://*.trustpilot.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.payneglasses.com payneglasses.com *.alicdn.com vtom.neox-lab.com www.vtlicensing.com *.loginwithamazon.com *.ssl-images-amazon.com *.iadvize.com wss://ws.hotjar.com *.google.co.in *.criteo.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.pinimg.com *.istockphoto.com wss://*.iadvize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com www.googleadservices.com analytics.google.com https://www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com https://*.google-analytics.com https://*.analytics.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://accounts.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.payneglasses.com payneglasses.com doubleclick.net *.doubleclick.net bat.bing.com ct.pinterest.com analytics.tiktok.com *.iadvize.com ka-f.fontawesome.com *.alicdn.com cdnjs.cloudflare.com ip-geolocation-ipwhois-io.p.rapidapi.com vtom.neox-lab.com www.vtlicensing.com *.loginwithamazon.com *.ssl-images-amazon.com https://pagead2.googlesyndication.com https://www.googletagservices.com https://a.klaviyo.com https://static-tracking.klaviyo.com *.convertcart.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.google.co.in *.criteo.com *.facebook.com wss://xmpp-ha-alb.iadvize.com *.wikimedia.org *.pexels.com *.staticflickr.com *.defense.gov *.pinimg.com *.istockphoto.com wss://*.iadvize.com https://*.cloudfront.net https://*.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com self *.payneglasses.com payneglasses.com http: https: blob: 'self' 'unsafe-inline'; default-src https://*.iadvize.com wss://*.iadvize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem 'unsafe-inline' cdn.listrakbi.com *.googleapis.com *.livehelpnow.net *.shipperhq.com tcc.test cary.test *.userway.org thecarycompany.com *.thecarycompany.com; font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com data: *.hawksearch.com *.hawksearch.net *.userway.org *.livehelpnow.net *.shipperhq.com *.gstatic.com *.googleapis.com tcc.test cary.test *.thecarycompany.com thecarycompany.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.googletagmanager.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.certcapture.com data: *.avis-verifies.com *.livechatinc.com *.shipperhq.com *.userway.org *.trustpilot.com guarantee-cdn.com *.pinterest.com *.google.com services.listrak.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.googleapis.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.certcapture.com tcc.test cary.test *.thecarycompany.com www.thecarycompany.com *.adobedtm.com *.wistia.com *.wistia.net *.akamaihd.net seal-chicago.bbb.org *.listrakbi.com maps.gstatic.com *.bing.com *.linkedin.com *.google.com nsg.symantec.com tcs-analytics-tracker.now.sh tcs-analytics-tracker.vercel.app guarantee-cdn.com www.facebook.com hn.inspectlet.com thecarycompany.com *.livehelpnow.net googleadservices.com *.cookielaw.org *.userway.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.magento-datasolutions.com https://rum.hlx.page *.certcapture.com 'unsafe-inline' data: *.wistia.com *.wistia.net seal-chicago.bbb.org *.listrakbi.com nsg.symantec.com *.online-metrix.net *.shipperhq.com *.authorize.net secure.authorize.net test.authorize.net *.licdn.com *.chatservice.co *.inspectlet.com www.facebook.com *.msecnd.net *.bing.com *.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googlecommerce.com *.googletagmanager.com *.googleapis.com *.gstatic.com guarantee-cdn.com *.cardinalcommerce.com.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trustpilot.com *.cookielaw.org *.userway.org *.livehelpnow.net *.sentry-cdn.com *.thomasnet.com ip.convirza.com tcc.test cary.test thecarycompany.com *.thecarycompany.com cdn.jsdelivr.net *.pinimg.com *.fontawesome.com *.pinterest.com services.listrak.com testflex.cybersource.com flex.cybersource.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ x.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com assets.shipperhq.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com data: *.listrakbi.com *.shipperhq.com *.userway.org *.livehelpnow.net tcc.test cary.test *.googleapis.com *.thecarycompany.com thecarycompany.com assets.shipperhq.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.wistia.com *.wistia.net *.akamaihd.net *.userway.org tcc.test cary.test *.thecarycompany.com thecarycompany.com *.livehelpnow.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com data: *.wistia.com *.litix.io *.shipperhq.com wss://rms.shipperhq.com *.doubleclick.net *.chatservice.co *.inspectlet.com ws.inspectlet.com tcs-analytics-tracker.now.sh tcs-analytics-tracker.vercel.app *.google.com *.googleapis.com *.bing.com *.trustpilot.com *.cookielaw.org developer.livehelpnow.net *.userway.org *.livehelpnow.net wss://app.livehelpnow.net ip.convirza.com dni.logmycalls.com tcc.test cary.test *.thecarycompany.com thecarycompany.com geolocation.onetrust.com *.linkedin.com *.pinterest.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com rms.shipperhq.com https://rms.shipperhq.com ovs.shipperhq.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5502b8453f99696234832a80aaf978ec.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self';    script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@gumlet/ webapp.gumlet.com snap.licdn.com googleads.g.doubleclick.net js-na2.hs-scripts.com challenges.cloudflare.com script.hotjar.com embed.savvycal.com tracking.g2crowd.com analytics.ahrefs.com cdn.firstpromoter.com www.googletagmanager.com js-na2.hsadspixel.net js-na2.hs-banner.com js-na2.hs-analytics.net static.hotjar.com app.factors.ai;    style-src 'self' 'unsafe-inline';    img-src * blob: data:;    font-src 'self';    media-src video.gumlet.io js.gleap.io;    object-src 'none';    base-uri 'self';    form-action 'self' *.gumlet.com https://webapp.gumlet.com;    connect-src *;    frame-ancestors 'none';    frame-src play.gumlet.io www.googletagmanager.com savvycal.com messenger-app.gleap.io challenges.cloudflare.com;    upgrade-insecure-requests;    report-to gumlet-nel; 1
font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.gstatic.com *.klaviyo.com *.slant.co *.yotpo.com *.zip.co sc-static.net *.zdassets.com *.zendesk.com tryme.directory *.hotjar.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.sportrx.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; frame-ancestors www.sportrx.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.zdassets.com *.zendesk.com *.hotjar.com *.klarna.com *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adsrvr.org *.avantlink.com *.bing.com *.bing.net *.cloudflare.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.klevu.com *.linksynergy.com *.liquifire.com *.pushcrew.com *.rlcdn.com *.sharethis.com *.sportrx.com *.teamusa.org *.visualwebsiteoptimizer.com *.wileyxrx.com *.xg4ken.com *.yotpo.com *.youtube.com cdn-cookieyes.com d10lpsik1i8c69.cloudfront.net *d3k81ch9hvuctc.cloudfront.net extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com s3.amazonaws.com *.zdassets.com *.zendesk.com *.hotjar.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com dhv2ziothpgrr.cloudfront.net www.sportrx.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.attn.tv events.attentivemobile.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zendesk.com wss://api.smooch.io *.luckyorange.net *.luckyorange.com *.googleapis.com *.pushcrew.com *.addthis.com *.addthisedge.com *.adobedtm.com *.adsrvr.org *.bing.com *.braintreegateway.com *.cloudflare.com d10lpsik1i8c69.cloudfront.net d3k81ch9hvuctc.cloudfront.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.invoca.net *.invocacdn.com *.klaviyo.com *.klevu.com *.linksynergy.com *.moatads.com *.noibu.com input.noibu.com wss://input.noibu.com *.sharethis.com *.tiktok.com *.visualwebsiteoptimizer.com *.xg4ken.com *.yotpo.com *.youtube.com *.zdassets.com acsbapp.com cdn.acsbapp.com *.acsbapp.com cdn-cookieyes.com google-analytics.com tryme.directory *.newrelic.com *.rakuten.com *.rlcdn.com *.hotjar.com cdn.avmws.com/1016937/ *.smooch.io *.liquifire.com *.klarnacdn.net *.klarna.com *.glasseson.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaservices.com js.klevu.com *.ksearchnet.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.klevu.com *.pushcrew.com *.yotpo.com *.zdassets.com *.zendesk.com *.hotjar.com https://static.klaviyo.com *.klarnacdn.net *.ksearchnet.com dhv2ziothpgrr.cloudfront.net www.sportrx.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.bing.com *.googleapis.com *.gstatic.com *.zdassets.com *.zendesk.com *.hotjar.com *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.attn.tv events.attentivemobile.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.zendesk.com wss://api.smooch.io *.googleapis.com *.addthis.com *.adsrvr.org *.bing.com *.bing.net *.cloudflare.com *.criteo.com *.criteo.net *.datadome.co *.doubleclick.net *.facebook.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.invoca.net *.invocacdn.com *.klaviyo.com *.linksynergy.com *.luckyorange.net *.luckyorange.com *.noibu.com input.noibu.com wss://input.noibu.com *.nr-data.net *.pushcrew.com *.rlcdn.com *.samsung.com *.sharethis.com *.teamusa.org *.tiktok.com *.visualwebsiteoptimizer.com *.youtube.com *.zdassets.com acsbapp.com cdn.acsbapp.com *.acsbapp.com cdn-cookieyes.com *.cookieyes.com google-analytics.com tryme.directory d10lpsik1i8c69.cloudfront.net d3k81ch9hvuctc.cloudfront.net *.hotjar.com *.klarnaevt.com *.glasseson.com *.mixpanel.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.sportrx.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.sportrx.com http: https: blob: wss: 'self' 'unsafe-inline'; default-src *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f67b9549-76ff-40d0-b57c-93081e358fa4.sansec.watch/; report-to report-endpoint; 1
connect-src *.spiraxsarco.com *.onetrust.com *.onetrust.io *.google-analytics.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com 'self' px.ads.linkedin.com google.com analytics.google.com region1.analytics.google.com www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com ad.doubleclick.net stats.g.doubleclick.net 680-ryi-639.mktoresp.com forms.hubspot.com forms.hsforms.com cdn.linkedin.oribi.io hummingbirdwebsocket-nld2.cloud.adobe.io adservice.google.com translate.googleapis.com googleads.g.doubleclick.net www.google.com www.google.co.uk www.google.ae www.google.by www.google.com.gh www.google.com.mm www.google.ga www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bs www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.hu www.google.co.id www.google.co.il www.google.co.im www.google.co.in www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.uz www.google.com.vc www.google.com.vn www.google.cn www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.ms www.google.mu www.google.mw www.google.net www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.tm www.google.tn www.google.to www.google.tp www.google.tt www.google.tv www.google.uz www.google.vg www.google.vu www.google.ws www.google.co.zw www.google.dz/ads/ga-audiences www.google.al/ads/ga-audiences www.google.bf/ads/ga-audiences ttps://www.google.by/ads/ga-audiences www.google.cm/ads/ga-audiences www.google.co.ao/ads/ga-audiences ttps://www.google.co.mz/ads/ga-audiences www.google.co.tz/ads/ga-audiences www.google.com.bn/ads/ga-audiences ttps://www.google.com.gh/ads/ga-audiences www.google.com.kh/ads/ga-audiences www.google.com.lb/ads/ga-audiences ttps://www.google.com.mm/ads/ga-audiences www.google.com.ng/ads/ga-audiences www.google.com.pg/ads/ga-audiences ttps://www.google.dz/ads/ga-audiences www.google.ge/ads/ga-audiences www.google.iq/ads/ga-audiences www.google.sr/ads/ga-audiences 680-ryi-639.mktoutil.com wss://lo.msg.liveperson.net bat.bing.com js.calltrk.com mc.yandex.ru yandexmetrica.com:30103 ymetrica1.com; font-src *.onetrust.com 'self' fonts.gstatic.com use.typekit.net script.hotjar.com data:; img-src optimize.google.com www.google-analytics.com www.googletagmanager.com 'self' data: *; manifest-src 'self'; script-src *.onetrust.com *.scr.kaspersky-labs.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com 'self' 'nonce-OGUwNWI1N2ItYTFkOC00YTVlLWI5NTItYzNkNWY3NGYwNGZj' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-NiPpcuG5iPK1KPR3YIEEEz98KT0W7243V6u7FeP7hdE=' 'sha256-gRuNVLzs+xy+3p6+I1CnZb8pDmnXUWSlO9ejbnSR/lQ=' 'sha256-ibqfaR/CmFL3wQZAxIuZ0V4RMm9txqHSln46Z5WyeVA=' 'sha256-30EB3olZggJZ3OT2ahL22VzuYSIEPTzmMb+L3StxKgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-qbWCytLP5JMsZSG1DsvruBVK5O5otEfzrwtrYklbihw=' 'sha256-bkXrlHTrWu78qnQooXw+JqlG1rZijbuVZIkNBzTfagM=' 'sha256-vbs/XR7vkC12NXdDH8FEaUASiJdg/16cqF/0T3ze1ks=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-/Fu0G2rh4wmpTYIDt4lb/x5WJp6zusqpavun8dZ8Yns=' 'sha256-yqVa7ver8F3o3KAsmdt2r10wQlIPCHuaBhkxEMbFQKE=' 'sha256-pZ/qdkaCfUhJbPDW6dxGk6IT/oRRR/mlpXeonIs9iew=' 'sha256-t2dxu6v8zWLBnuT0wS9gbS8+6dWSZKwyh8Oc1O+KFKM=' 'sha256-nOEqrdYQbjOqHNv8REn7NbgmgfgpHFGAMJeDad9+6Cc=' 'sha256-i9Hqrp5R5xqtEYAfxGINmtDPcds/LnLceINVGS0StZg=' 'sha256-5E/6sj96qbSHixz46qooKeWA+LIjK6XzdMgxXJYGMCo=' 'sha256-ZjDDDO/TrMCju3UiIns3DMC7cnl6jp0zh9NKm11JAyY=' 'sha256-pJrmX8BIQNU7+D+cF3F3p3Z/mHxe83gyTZAzRGq+YBE=' solutions.spiraxsarco.com ssl.google-analytics.com connect.facebook.net www.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com www.youtube.com platform.twitter.com cdn.syndication.twimg.com www.google.com accdn.lpsnmedia.net googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsforms.net js.hsleadflows.net lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net munchkin.marketo.net script.hotjar.com snap.licdn.com static.hotjar.com www.googleadservices.com www3.spiraxsarco.com cdn.calltrk.com pi.pardot.com bat.bing.com js.calltrk.com; style-src-elem *.onetrust.com 'self' solutions.spiraxsarco.com fonts.googleapis.com p.typekit.net use.typekit.net platform.twitter.com ton.twimg.com assets.calendly.com optimize.google.com www.googletagmanager.com 'unsafe-inline'; frame-src *.spiraxsarco.com *.doubleclick.net optimize.google.com vars.hotjar.com *.liveperson.net lpcdn.lpsnmedia.net www.traceparts.com traceparts-cache.s3.eu-west-1.amazonaws.com www.googletagmanager.com www.facebook.com www.google.com www.youtube.com m.youtube.com share.hsforms.com platform.twitter.com syndication.twitter.com player.vimeo.com calendly.com spiraxsarco.octadesk.com www.buzzsprout.com go.pardot.com www.linkedin.com; media-src 'self' *.spiraxsarco.com lpcdn.lpsnmedia.net; form-action 'self' resources.spiraxsarco.com; style-src-attr 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://steam.report-uri.com/r/d/csp/enforce 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com https://live.icecat.biz data: https://googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com locator.uberall.com script.hotjar.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com dashboard.trustprofile.com td.doubleclick.net https://s3-eu-west-1.amazonaws.com/ https://td.doubleclick.net https://google-analytics.com https://objects.icecat.biz/ *.trustpilot.com https://www.google.com www.xtento.com trafic-career.talent-soft.com view.publitas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com funtrafic.imgix.net bat.bing.com www.google.be lqip-funtrafic.imgix.net https://funtrafic-large.imgix.net/media/ https://funtrafic-thumb.imgix.net/media/ https://pdpthumb-funtrafic.imgix.net https://pdplarge-funtrafic.imgix.net https://pdpfull-funtrafic.imgix.net https://content.fun.be https://adservice.google.com https://region1.analytics.google.com https://googletagmanager.com https://tagmanager.google.com https://bat.bing.com  https://pagead2.googlesyndication.com https://td.doubleclick.net https://google-analytics.com www.xtento.com cdn.xtento.com bat.bing.net catalogmedia.trafic.com funtrafic-thumb.imgix.net joko-mobile-app-media.s3.eu-west-1.amazonaws.com locator.uberall.com magentoadmin.trafic.com www.google.de www.google.fr www.google.lt www.google.lu *.google.com www.trafic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com static.hotjar.com eu1-config.doofinder.com widget.trustpilot.com invitejs.trustpilot.com script.hotjar.com bat.bing.com js-agent.newrelic.com https://live.icecat.biz https://bat.bing.com  https://js-agent.newrelic.com https://googletagmanager.com https://tagmanager.google.com https://td.doubleclick.net https://google-analytics.com *.trustpilot.com www.xtento.com cdn.xtento.com api.mapbox.com locator.uberall.com view.publitas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com cdn.doofinder.com https://live.icecat.biz blob: https://googletagmanager.com https://tagmanager.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com region1.analytics.google.com eu1-api.doofinder.com bam.eu01.nr-data.net https://invitejs.trustpilot.com https://live.icecat.biz https://magentoadmin.trafic.docker https://adservice.google.com https://region1.analytics.google.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://google-analytics.com  https://pagead2.googlesyndication.com api.mapbox.com bat.bing.com bat.bing.net content.hotjar.io events.mapbox.com locator.uberall.com surveystats.hotjar.io vc.hotjar.io *.hotjar.com wss: wss://ws.hotjar.com www.google.lu *.google.com *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com bam.eu01.nr-data.net googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BHPb-YnSaaa9tUIJxZ1sCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-w2IweYSLkmCmKOP5Db4MppTl' 'strict-dynamic' http: https:; base-uri 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Iaz_N72yUMNbaK8AyJj0TQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-atWSiTuRr8pnTzo4fPyv0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.ladesk.com *.nr-data.net *.newrelic.com *.payments-amazon.com *.connectif.cloud *.google.com *.bing.com *.botsrv2.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ladesk.com *.nr-data.net *.newrelic.com *.payments-amazon.com *.connectif.cloud *.google.com *.bing.com *.botsrv2.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.vimeo.com *.oct8ne.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.ladesk.com *.nr-data.net *.newrelic.com *.payments-amazon.com *.connectif.cloud *.google.com *.bing.com botsrv2.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ladesk.com *.nr-data.net *.newrelic.com *.payments-amazon.com *.connectif.cloud *.bing.com *.botsrv2.com https://static.linguise.com https://forms-eu1.hsforms.com https://perf-eu1.hsforms.com https://imgsct.cookiebot.com https://track-eu1.hubspot.com https://pagead2.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'unsafe-inline' *.ladesk.com *.payments-amazon.com *.connectif.cloud *.bing.com *.botsrv2.com *.sealmetrics.com https://static.linguise.com https://js-eu1.hsforms.net https://js.hs-scripts.com https://js-eu1.hs-scripts.com https://js-eu1.hsadspixel.net https://js-eu1.usemessages.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hubspot.com https://pagead2.googlesyndication.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.ladesk.com *.nr-data.net *.newrelic.com *.payments-amazon.com *.connectif.cloud *.google.com *.bing.com *.botsrv2.com cdnjs.cloudflare.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.ladesk.com *.payments-amazon.com *.connectif.cloud *.bing.com botsrv2.com https://forms-eu1.hsforms.com https://api.linguise.com https://api-eu1.hubspot.com https://forms-eu1.hscollectedforms.net https://cta-eu1.hubspot.com https://api-eu1.hubapi.com https://pagead2.googlesyndication.com https://invitejs.trustpilot.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.measureup.com/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://*.klarnacdn.net https://fonts.gstatic.com https://fonts.gstatic.com/s/lato/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.klarna.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.avis-verifies.com https://*.criteo.com https://*.facebook.com https://widgets.rr.skeepers.io sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.quirumed.com https://www.quirumed.com https://*.onetrust.com https://*.google.es https://*.facebook.com https://*.media.net https://*.outbrain.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.adform.net https://*.omnitagjs.com https://*.casalemedia.com https://*.criteo.com https://www.sync-criteo.ads.yieldmo.com https://id5-sync.com https://www.id5-sync.com https://*.ivitrack.com https://*.mediavine.com https://*.pubmatic.com https://*.tremorhub.com https://*.yieldlab.net https://*.bidswitch.net https://*.doubleclick.net https://*.adnxs.net https://*.ib.adnxs.com https://www.ib.adnxs.com https://*.secure.adnxs.com https://secure.adnxs.com https://*.360yield.com https://*.krxd.net https://*.thebrighttag.com https://*.bing.com https://*.ups.analytics.yahoo.com https://www.ups.analytics.yahoo.com https://ib.adnxs.com https://jadserve.postrelease.com https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://sync.targeting.unrulymedia.com https://c.clarity.ms https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://aa.agkn.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.klarna.com *.klarnacdn.net *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.doofinder.com https://*.avis-verifies.com https://*.googlesyndication.com https://*.onetrust.com https://*.criteo.net https://*.criteo.com https://*.facebook.net https://*.googleoptimize.com https://*.datadome.co https://*.bing.com https://*.newrelic.com https://*.retailrocket.net https://*.nr-data.net https://*.quirumed.com https://*.bolt.com https://*.commerce-quick-checkout.com https://*.clarity.ms https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.paypal.com https://*.sandbox.paypal.com https://*.paypalobjects.com https://*.t.paypal.com https://*.s.ytimg.com https://live.sequracdn.com https://assets.adobedtm.com https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://unpkg.com https://cdn.noibu.com https://*.klarnaservices.com https://*.klarna.com https://js.klarna.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.sgmtfy.com/* https://cdn.sgmntfy.com https://*.cloudflare.com https://*.cloudflare.com/* https://cdnjs.cloudflare.com/* https://widgets.rr.skeepers.io https://client.rum.us-east-1.amazonaws.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com unsafe-inline assets.braintreegateway.com https://*.retailrocket.net https://*.klarnacdn.net https://*.cloudflare.com https://*.cloudflare.com/* https://cdnjs.cloudflare.com/* https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.sgmtfy.com/* https://cdn.sgmntfy.com https://fonts.googleapis.com/* https://fonts.googleapis.com/css https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.doofinder.com https://*.avis-verifies.com https://*.googlesyndication.com https://*.onetrust.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.retailrocket.net https://*.nr-data.net https://*.datadome.co https://*.google.es https://www.google.es https://www.google.com https://*.bing.com https://*.newrelic.com https://*.cardinalcommerce.com https://*.paypal.com https://*.braintree-api.com https://*.client-analytics.sandbox.braintreegateway.com https://*.client-analytics.braintreegateway.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://t.clarity.ms https://input.noibu.com https://*.noibu.com https://cdn.noibu.com wss://input.noibu.com https://measurement-api.criteo.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.segmentify.com https://cdn.segmentify.com https://*.sgmtfy.com https://*.klarnaservices.com https://evt-eu.playground.klarnaservices.com https://widgets.rr.skeepers.io https://bat.bing.com https://api-product-reviews.cxr.skeepers.io sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' https://*.styla.com https://fast.fonts.net https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://delivery-assets.squarelovin.com https://fonts.googleapis.com https://cdn.parcellab.com https://www.gstatic.com; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://joop.com https://*.joop.com https://app.usercentrics.eu https://web.cmp.usercentrics.eu https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://*.fls.doubleclick.net https://pay.google.com https://www.paypal.com https://*.adyen.com https://*.global-e.com https://www.facebook.com https://bat.bing.com https://*.cdn-apple.com; img-src 'self' blob: data: https:; connect-src 'self' https://joop.com https://*.joop.com https://*.usercentrics.eu https://*.service.usercentrics.eu https://*.kameleoon.io https://*.kameleoon.eu https://blackbit-styla.s3.eu-central-1.amazonaws.com  https://*.styla.com https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://squarelovin-main-app.s3.eu-central-1.amazonaws.com https://tracking-api.squarelovin.com https://www.paypal.com https://*.adyen.com https://*.clarity.ms https://ad.doubleclick.net https://*.bing.com https://*.bing.net https://ct.pinterest.com https://px.ads.linkedin.com https://ib.adnxs.com/pixie/up https://www.facebook.com https://connect.facebook.net https://*.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com https://google.com https://*.google.com:* https://*.analytics.google.com https://*.googleapis.com https://*.googletagmanager.com:* https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.parcellab.com https://bt.fraud0.com https://recommender.scarabresearch.com https://in.hotjar.com https://analytics-ipv6.tiktokw.us:*; child-src 'self' https://joop.com https://*.joop.com; object-src 'none'; worker-src 'self' https://joop.com https://*.joop.com; media-src 'self' https://joop.com https://*.joop.com data: https://styla-prod-us.imgix.net https://cdn.kameleoon.com https://cdn-vid.squarelovin.com; frame-ancestors 'self' https://joop.com https://*.joop.com; default-src 'self' https://joop.com https://*.joop.com; font-src 'self' data: https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://fast.fonts.net https://fonts.gstatic.com https://s3.global-e.com https://script.hotjar.com https://*.cdn-apple.com; report-uri https://joop.com/csp/report; report-to csp-endpoint; 1
connect-src 'self' bitrix.info *.bitrix.info google-analytics.com *.google-analytics.com kapitalbank.uz *.kapitalbank.uz yandex.com *.yandex.com yandex.ru *.yandex.ru yandex.uz *.yandex.uz yandex.md *.yandex.md https://mc.yandex.ru/webvisor/25640921 https://mc.yandex.ru/watch/25640921 https://mc.yandex.ru/*; default-src 'self'; font-src 'self' *.cloudflare.com; frame-src yandex.ru *.yandex.ru 'self'; img-src 'self' facebook.com *.facebook.com yandex.ru *.yandex.ru yandex.net *.yandex.net cloudflare.com *.cloudflare.com kapital24.uz kapitalbank.uz maps.yandex.net; script-src 'self' bitrix.info *.bitrix.info adguard.org *.adguard.org cloudflareinsights.com *.cloudflareinsights.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com googleadshost.net *.googleadshost.net googletagmanager.com *.googletagmanager.com kapitalbank.uz *.kapitalbank.uz kaspersky-labs.com *.kaspersky-labs.com yandex.ru *.yandex.ru yandex.net *.yandex.net unpkg.com *.unpkg.com tildacdn.one *.tildacdn.one tildacdn.com *.tildacdn.com retagro.com *.retagro.com openfpcdn.io *.openfpcdn.io licdn.com *.licdn.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com infird.com *.infird.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=CrBhNfHeiOiOafwVXX7T3T2CiOhI8yN1MyO4ub0Hc.Y-1773719721.6174524-1.0.1.1-bc28CPSJkH.PejBJzEB246re2ckg8maNHlq_Hla9L7SjfMxiHv_zwNv.HXJQsoDhNlYcJD6YEtapl0gXytas2IJNXoGyf7_SAR.OFnhh43gWyImt8KGFMPxULrKkauh9ENjLAJMqaR2FlXvy9PFn_XnnVqQw917ZZ4DktHXi2SuSgh5v.lIoci8HohXHX8Xo; report-to cf-umwtnptsawqyoqjc 1
default-src 'self';                     script-src 'self'                                'unsafe-inline'                                'unsafe-eval'                                https://www.googletagmanager.com                                https://www.google-analytics.com                                https://cdn.cookielaw.org                               http://cdn-4.convertexperiments.com                               https://cdn.yellowmessenger.com                               https://www.gstatic.com                               https://s.pinimg.com                               https://dx.mountain.com                               https://bat.bing.com                               https://www.redditstatic.com                               https://smct.co                               https://advertiserpro.flexoffers.com                               http://collector-22856.us.tvsquared.com                               https://share.iflyworld.com                               https://www.clarity.ms                               https://c.amazon-adsystem.com                               https://connect.facebook.net                               https://cdn.attn.tv                               http://www.gstatic.com                               https://googleads.g.doubleclick.net                               http://origin-5.xtlo.net                               http://origin-2.xtlo.net                               http://origin-7.xtlo.net                               https://js.smct.io                               https://scripts.clarity.ms                               https://ct.pinterest.com                               http://px.mountain.com                               https://gs.mountain.com;                    style-src 'self'                               'unsafe-inline'                              https://cdn.yellowmessenger.com;                     media-src 'self'                              https://cdn-development-products.iflyworld.com                              https://cdn-production-products.iflyworld.com                              https://stable-baseball-0abcece43b.media.strapiapp.com                              https://patient-flower-5496d2d8a2.strapiapp.com;                    img-src 'self'                             data:                             https://www.google-analytics.com                             https://www.googletagmanager.com                             https://www.google.com                            https://analytics.google.com                            https://bat.bing.com                            https://c.bing.com                            https://cdn-production-products.iflyworld.com                             https://cdn-development-products.iflyworld.com                             https://stable-baseball-0abcece43b.media.strapiapp.com                            https://patient-flower-5496d2d8a2.strapiapp.com                            https://cdn.cookielaw.org                            https://bidagent.xad.com                            https://alb.reddit.com                            http://collector-22856.us.tvsquared.com                            https://c.clarity.ms                            https://cdn.yellowmessenger.com                            https://stats.g.doubleclick.net;                    font-src 'self'                              data:                             https://cdn.yellowmessenger.com;                     connect-src 'self'                                 https://www.google-analytics.com                                 https://www.googletagmanager.com                                https://www.google.com                                 https://stg-coreapi.iflyworld.com                                 https://coreapi.iflyworld.com                                 https://sgtm.iflyworld.com                                https://px.premion.com                                https://ct.pinterest.com                                https://c.amazon-adsystem.com                                https://s.amazon-adsystem.com                                https://ara.paa-reporting-advertising.amazon                                https://bat.bing.com                                https://pixel-config.reddit.com                                https://cdn.cookielaw.org                                https://r4.cloud.yellow.ai                                https://geolocation.onetrust.com                                https://events.attentivemobile.com                                https://www.googleadservices.com                                https://iflyworld-us.attn.tv                                https://i.clarity.ms                                wss://r4.cloud.yellow.ai                                https://js.smct.io;;                     frame-src 'self'                              https://www.googletagmanager.com                              https://ct.pinterest.com                              https://sgtm.iflyworld.com                              https://ct.pinterest.com                              https://creatives.attn.tv;                     object-src 'none';                     base-uri 'self';                     worker-src 'self' blob:;                    form-action 'self'; 1
base-uri 'self';script-src 'self' *.aliyun.com *.alicdn.com *.qwen.ai *.alibaba.com googleads.g.doubleclick.net www.googletagmanager.com www.google.com *.cloudflare.com appleid.cdn-apple.com 'unsafe-inline' 'unsafe-eval' 'report-sample' https: http: 'nonce-AifC_4Duyu7aQq7nJv-FmA' 'Strict-Dynamic' 'unsafe-hashes';frame-src 'self' *.aliyun.com *.alicdn.com td.doubleclick.net *.alibaba-inc.com qwenlm.io *.alibabacloud.com www.googletagmanager.com www.google.com *.cloudflare.com appleid.cdn-apple.com;worker-src blob: 'self';object-src 'none';frame-ancestors 'self' *.qwen.ai;report-uri /report-csp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-OKKOFtIeKHNHz8fcLe7KuA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com kit.fontawesome.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net www.garp.org *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' *.google.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.vidyard.com *.fontawesome.com content.hotjar.io *.hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com www.garp.org *.hsforms.net *.hsforms.com *.googletagmanager.com *.twitter.com *.facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/; 1
font-src www.paypalobjects.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com craftelier.com *.craftelier.com hartem.com *.hartem.com *.paypal.com *.paypalobjects.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com es-blog.craftelier.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com webpay3g.transbank.cl webpay3gint.transbank.cl www.facebook.com www.paycomet.com api.paycomet.com https://plumrocket.com es-blog.craftelier.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com es-blog.craftelier.com 'self'; frame-src fast.amc.demdex.net *.adobe.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com bid.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com www.facebook.com platform.twitter.com ct.pinterest.com td.doubleclick.net www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://plumrocket.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.googletagmanager.com es-blog.craftelier.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com craftelier.com *.craftelier.com hartem.com *.hartem.com ct.pinterest.com s3-eu-west-1.amazonaws.com c.clarity.ms c.bing.com *.doofinder.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://redchamps.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google.es *.googleadservices.com es-blog.craftelier.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com x.klarnacdn.net *.klarnaservices.com landofcoder.com *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com static.addtoany.com craftelier.com *.craftelier.com hartem.com *.hartem.com static.zdassets.com analytics.tiktok.com cdn.stg.p-a.io cdn.scalapay.com api.instagram.com js-agent.newrelic.com bam.eu01.nr-data.net cdn.connectif.cloud cdn.particularaudience.com b2c-cdn.scalapay.com s.pinimg.com www.clarity.ms dev.visualwebsiteoptimizer.com snippet.maze.co *.doofinder.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.googletagmanager.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google-analytics.com *.googleadservices.com es-blog.craftelier.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com craftelier.com *.craftelier.com hartem.com *.hartem.com *.doofinder.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.googletagmanager.com es-blog.craftelier.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com es-blog.craftelier.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com x.klarnacdn.net *.klarnaservices.com landofcoder.com https://get.geojs.io *.avada.io stats.addtoany.com craftelier.com *.craftelier.com hartem.com *.hartem.com analytics-ipv6.tiktokw.us stats.g.doubleclick.net ekr.zendesk.com ekr.zdassets.com recs-ap-e1a.stg.p-a.io craftelier.zendesk.com cdn.integration.scalapay.com wss://widget-mediator.zopim.com bam.eu01.nr-data.net eu5-api.connectif.cloud recs-us-e1a.particularaudience.com api.amplitude.com ct.pinterest.com www.facebook.com p.clarity.ms v.clarity.ms *.paypalobjects.com *.doofinder.com instantcredit.net *.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://analytics.tiktok.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google.com *.googlesyndication.com *.googletagmanager.com googleads.g.doubleclick.net es-blog.craftelier.com 'self' 'unsafe-inline'; child-src es-blog.craftelier.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com craftelier.com *.craftelier.com hartem.com *.hartem.com widget-mediator.zopim.com analytics.tiktok.com es-blog.craftelier.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /api/v1/csp/violation; script-src https://*.intercom.io https://js.intercomcdn.com https://www.google-analytics.com 'unsafe-inline' https://optimize.google.com 'self' https://widget.trustpilot.com https://cdn.segment.com https://*.typekit.net https://www.googletagmanager.com https://cdn.mxpnl.com https://*.fullstory.com https://fullstory.com https://connect.facebook.net https://ajax.googleapis.com https://js.stripe.com https://bat.bing.com https://www.googleadservices.com 'unsafe-eval'; plugin-types application/pdf; frame-ancestors 'none'; child-src https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.doubleclick.net https://js.stripe.com; font-src https://js.intercomcdn.com https://fonts.gstatic.com 'self' https://*.typekit.net; media-src https://js.intercomcdn.com 'self'; base-uri 'none'; connect-src https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://api.mixpanel.com https://*.fullstory.com https://*.typekit.net https://api.segment.io https://adservice.google.com https://*.launchdarkly.com; form-action 'self'; style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'self' https://*.cloudfront.net https://*.typekit.net; object-src 'self'; default-src 'none'; frame-src https://optimize.google.com https://js.stripe.com https://*.doubleclick.net; img-src https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://optimize.google.com https: data: 1
frame-ancestors 'self'; report-uri https://www.thechronicle.com.au/csp-reports 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://altinea.fr https://cdn.astra.com https://static.elfsight.com https://core.service.elfsight.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js;         style-src 'self' 'unsafe-inline' https://altinea.fr https://cdn.astra.com https://fonts.googleapis.com https://use.fontawesome.com/releases/v6.6.0/css/v4-shims.css https://use.fontawesome.com/releases/v6.6.0/css/all.css https://use.typekit.net/gme6kbk.css https://p.typekit.net/gme6kbk.css;         img-src 'self' https://altinea.fr data: *.webp;         font-src 'self' https://altinea.fr/wp-content/ https://fonts.gstatic.com https://use.fontawesome.com/releases/v6.6.0/fonts/ https://use.typekit.net/fonts/ data:;         connect-src 'self' https://altinea.fr https://core.service.elfsight.com https://www.google.com;         media-src 'self' https://altinea.fr;         frame-src 'self' https://altinea.fr https://www.google.com;         object-src 'none';         base-uri 'self';         form-action 'self';         upgrade-insecure-requests;         report-uri https://votreservice.report-uri.com/r/d/csp/reportOnly; 1
font-src *.cloudflare.com fonts.gstatic.com *.bootstrapcdn.com *.maxcdn.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.google.com www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ td.doubleclick.net *.facebook.com www.googletagmanager.com www.google.com *.standout.com.br 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com www.google.com.br device.clearsale.com.br *.ebit.com.br *.ebitempresa.com.br newimgebit-a.akamaihd.net *.googleapis.com *.gstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.openpix.com.br s3.amazonaws.com flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.githubusercontent.com *.addthis.com device.clearsale.com.br *.ebit.com.br *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com s3-sa-east-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.maxcdn.com *.bootstrapcdn.com *.cloudflare.com *.githubusercontent.com fonts.googleapis.com *.ebit.com.br *.gstatic.com 'self' 'unsafe-inline'; object-src data: 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.bootstrapcdn.com www.google.com www.google.com.br googleads.g.doubleclick.net device.clearsale.com.br *.ebit.com.br newimgebit-a.akamaihd.net *.googleapis.com apis.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.openpix.com.br *.gstatic.com s3.amazonaws.com www.gstatic.com maps.googleapis.com s3-sa-east-1.amazonaws.com *.standout.com.br 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Pz8oaCE_We0bKUuT4rNQtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-DNRDpV2NuuJpsmulECljWcZavVPtVw6cGdT1/1L6lY8=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com *.onetrust.com cdn.cookielaw.org https://storage.googleapis.com/snowplow-cto-office-tracker-bucket/3.1.1/sp.js https://snowplow.visma.com/com.snowplowanalytics.snowplow/tp2 *.sharethis.com www.gstatic.com easycruit.com; img-src 'self' data: * 'unsafe-inline' 'unsafe-eval'; report-uri https://easycruit.com/api/logging/v1/csp-report 1
frame-src *.force.com https://player.vimeo.com 'self' *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es https://usa856.sfdc-yfeipo.salesforce.com *.adis.ws *.youtube.ie https://www.youtube.com *.cloudinary.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video https://www.kdpcommunity.com *.youtube.fr https://*.a.forceusercontent.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com *.youtube.nl https://service.force.com/embeddedservice/ https://testdata.coremetrics.com https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://www.abebooks.com *.youtube.com.br *.salesforce-experience.com *.salesforceliveagent.com https://indiecommunity.file.force.com https://scormanywhere.secure.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net *.youtube.ca https://location.force.com *.vidyard.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://kdpcommunity.com https://assets.prod.abebookscdn.com https://*.a.forceusercontent.com/lightningmaps/ *.wistia.net *.salesforce.com *.youtube.pl; report-to sfdc-csp-ep; report-uri https://indiecommunity.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Df4000001cwvQ&networkId=0DMf4000000gttr&type=communities 1
style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com  *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net  t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net  maps.googleapis.com www.googletagmanager.com  assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com  www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de analytics.tiktok.com;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org  www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com  *.google.com *.doubleclick.net www.google-analytics.com  tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net  consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com  www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://*.adyen.com https://services.postcodeanywhere.co.uk https://fonts.googleapis.com https://*.global-e.com https://static.trbo.com https://saiz-recommender.com https://saiz-extensions.com data:; img-src 'self' data: *.bogner.com *.commercecloud.salesforce.com https://cdn.cookielaw.org https://*.adyen.com https://*.gstatic.com https://*.paypal.com https://*.paypalobjects.com https://services.postcodeanywhere.co.uk https://*.global-e.com https://*.bglobale.com https://maps.googleapis.com https://*.google.com https://www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://www.google.de https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://x.bidswitch.net https://cm.g.doubleclick.net https://simage4.pubmatic.com https://cs.media.net https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync.1rx.io https://dpm.demdex.net https://dis.criteo.com https://aa.agkn.com https://cdn.saiz-recommender.com https://tvspix.com https://lantern.roeye.com https://a.twiago.com https://sync.targeting.unrulymedia.com https://collect.trbo.com https://region1.google-analytics.com; font-src 'self' https://*.global-e.com https://fonts.gstatic.com https://*.gstatic.com data:; media-src 'self' https://cdn.saiz-recommender.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.adyen.com https://*.paypal.com https://services.postcodeanywhere.co.uk https://*.global-e.com https://*.bglobale.com https://cdn.cookielaw.org https://*.kameleoon.eu https://*.cquotient.com https://player.vimeo.com *.commercecloud.salesforce.com https://d.ratepay.com https://static.trbo.com https://s.pinimg.com https://cdn.mouseflow.com https://cdn.trkkn.com https://bat.bing.com https://l.ecn-ldr.de https://connect.facebook.net https://dynamic.criteo.com https://www.dwin1.com https://sslwidget.criteo.com https://api-v4.trbo.com https://lantern.roeyecdn.com https://ct.pinterest.com https://saiz-recommender.com https://saiz-extensions.com https://ct.pinterest.com/static/ct/token_create.js https://acsbapp.com/apps/app/dist/js/app.js; connect-src 'self' https://cdn.cookielaw.org https://*.adyen.com https://google.com https://*.google.com https://*.paypal.com https://*.kameleoon.eu https://*.onetrust.com https://services.postcodeanywhere.co.uk https://*.cquotient.com https://maps.googleapis.com https://ext.nonstoppartner.net https://ct.pinterest.com https://ct.pinterest.com/stats/ https://ct.pinterest.com/v3/ https://www.econda-monitor.de https://t.bogner.com https://lantern.roeyecdn.com https://api-v4.trbo.com https://www.bogner.com https://checkoutshopper-live.adyen.com https://live.adyen.com https://cdn.cquotient.com https://bat.bing.com/actionp/ https://bat.bing.com/action/ https://vimeo.com https://d.ratepay.com https://webservices.global-e.com https://saiz-app.com https://region1.google-analytics.com https://api.iconify.design https://cdn.acsbapp.com/config/bogner.com/config.json https://cdn.saiz-recommender.com https://www.gstatic.com/draco/versioned/decoders/1.5.5/ https://www.googleadservices.com; worker-src 'self' blob:; frame-src 'self' https://*.adyen.com https://*.google.com https://*.paypal.com https://*.bglobale.com 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=fQv-YnucYmycxqzZhKP9HhmpiwU_QTxFCTCyzbOyrjv9rlTutEJTE8c479M04x-xnpQ=&policy_id=71&user_id=&request_id=d38afbd2-0ff3-407f-974a-b7c28e8aa64b; report-to csp-endpoint-fqvynucymycxqzzhkphhmpiwuqtxfctcyzboyrjvrltutejtecmxxnpq; frame-ancestors 'none' 1
font-src https://fonts.gstatic.com *.klevu.com *.ksearchnet.com fonts.gstatic.com blog.vintageking.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com *.facebook.com blog.vintageking.com 'self' 'unsafe-inline'; frame-ancestors blog.vintageking.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * syf.demdex.net *.syfpos.com *.syf.com *.weltpixel.com www.xtento.com https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klevu.com *.ksearchnet.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://imgs.signifyd.com https://*.online-metrix.net blog.vintageking.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com https://*.leadmanagerfx.com https://*.marketingcloudfx.com www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.syfpos.com *.klevu.com *.ksearchnet.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com blog.vintageking.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blog.vintageking.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net https://*.leadmanagerfx.com https://*.marketingcloudfx.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://imgs.signifyd.com blog.vintageking.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.vintageking.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.vintageking.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sips-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com www.gstatic.com *.google-analytics.com *.cdninstagram.com *.my-probance.one maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affilae.com *.my-probance.one maps.googleapis.com www.gstatic.com www.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com https://geowidget.easypack24.net *.spotify.com *.cepd.tech *.drogerienatura.pl *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://geowidget-app.inpost.pl/ secure.payu.com merch-prod.snd.payu.com *.spotify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.payu.com https://img.youtube.com *.spotify.com *.cepd.tech *.drogerienatura.pl *.syndigo.cloud trustmate.io cdn.cookiesaur.com google.pl *.google.pl visitor.omnitagjs.com sync.addlv.smt.docomo.ne.jp hbx.media.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googletagmanager.com tagmanager.google.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com pay.google.com applepay.cdn-apple.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech s7.addthis.com *.spotify.com *.cookiesaur.com *.jsdelivr.net *.cloudflare.com *.syndigo.com *.cepd.tech *.drogerienatura.pl *.newrelic.com *.nr-data.net trustmate.io static.hotjar.com tags.creativecdn.com connect.facebook.net s2.adform.net script.hotjar.com track.adform.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.spotify.com *.cloudflare.com *.cepd.tech *.drogerienatura.pl trustmate.io unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech ekr.zdassets.com/ *.spotify.com *.cookiesaur.com *.syndigo.com trustmate.io *.newrelic.com *.nr-data.net *.cepd.tech *.drogerienatura.pl ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com static.harveynorman.si static.mage.harvey.optiweb.serv.si media.flixfacts.com media.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro https://stage-checkout.leanpay.si *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://firebasestorage.googleapis.com *.harveynorman.si *.harvey.optiweb.serv.si *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net www.google.si *.creativecdn.com blob: *.facebook.com *.reddit.com static.youreko.com *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.flixcar.com media.flixfacts.com rt.flix360.com logo.flix360.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com s7.addthis.com *.avada.io *.segmentify.com cdn.sgmntfy.com api.squalomail.com *.criteo.com *.criteo.net *.googleapis.com cdnjs.cloudflare.com *.hotjar.com *.cookiebot.com *.harveynorman.si *.livechatinc.com *.creativecdn.com www.gstatic.com static.harveynorman.si static.mage.harvey.optiweb.serv.si https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com maps.googleapis.com static.youreko.com api.youreko.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.loadbee.com media.flixcar.com media.flixfacts.com prod.flixgvid.flix360.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.segmentify.com cdnjs.cloudflare.com www.googletagmanager.com static.harveynorman.si static.mage.harvey.optiweb.serv.si tagmanager.google.com static.youreko.com assets.braintreegateway.com media.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.segmentify.com *.criteo.com *.cookiebot.com pagead2.googlesyndication.com *.hotjar.io *.doubleclick.net *.creativecdn.com *.harveynorman.si capig.stape.host static.mage.harvey.optiweb.serv.si *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app maps.googleapis.com api.youreko.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com media.flixcar.com pk.takoleasy.si *.loadbee.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com ws.sharethis.com c.sharethis.mgr.consensu.org www.facebook.com t.sharethis.com *.weltpixel.com *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com gateway.apaylater.com gateway.atome.sg www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ve01-lnx003-psr-cms.wt-id.dev stage-api-psr.wt-id.dev *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ gateway.apaylater.com gateway.atome.sg www.xtento.com cdn.xtento.com connect.facebook.net googletagmanager.com ws.sharethis.com maps.googleapis.com foursixty.com jscdn.appier.net click.accesstra.de goofleads.g.doubleclick.net t.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zdassets.com *.midtrans.com s7.addthis.com *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com gateway.apaylater.com gateway.atome.sg fonts.googleapis.com cdn.curator.io ws.sharethis.com https://static.klaviyo.com cdnjs.cloudflare.com *.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com anylist.c.appier.net l.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.zendesk.com ekr.zdassets.com/ *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ve01-lnx003-psr-cms.wt-id.dev stage-api-psr.wt-id.dev landofcoder.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: track.goggles4u.info https://track.goggles4u.info www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net https://images.unsplash.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.google.com.ua www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://maps.googleapis.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://accounts.google.com https://www.gstatic.com * www.xtento.com cdn.xtento.com sst.goggles4u.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://maps.googleapis.com https://player.vimeo.com https://checkout.iwdagency.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com * sst.goggles4u.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com *.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com *.securetrading.net * 1merchantacsstag.cardinalcommerce.com payments.securetrading.net *.cardinalcommerce.com *.trustpayments.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.vimeo.com *.trustpilot.com *.hotjar.com *.facebook.com *.google.com *.livechatinc.com *.pinterest.co.uk *.trustpayments.com *.googletagmanager.com *.dropbox.com account.fetchify.com *.klarna.com * *.securetrading.net brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com *.secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.mastercard.com *.weltpixel.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.google.com *.google.co.uk *.doubleclick.net *.facebook.com *.livechatinc.com cladcodecking.co.uk *.cladcodecking.co.uk *.clarity.ms *.bing.com *.googletagmanager.com *.visualwebsiteoptimizer.com *.bing.net *.cladco.co.uk *.files-text.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://cc-cdn.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.klaviyo.com *.pinterest.com *.pinimg.com *.google-analytics.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.googletagmanager.com *.chimpstatic.com *.trustpilot.com *.hotjar.com *.facebook.net *.bing.com *.livechatinc.com *.google.com *.google-analytics.com *.clarity.ms *.klarnaservices.com *.elfsight.com *.zoominfo.com *.pinterest.com *.tiktok.com googletagmanager.com universe-static.elfsightcdn.com *.cookie-script.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.dropbox.com cc-cdn.com https://cc-cdn.com *.disqus.com https://cdn.jsdelivr.net *.klarna.com *.klarnacdn.net x.klarnacdn.net webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com *.trustpayments.com *.securetrading.net pay.google.com *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com *.googleadservices.com *.redditstatic.com *.reddit.com *.ads-twitter.com *.klaviyo.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.klarnacdn.net https://static.klaviyo.com cc-cdn.com https://cdn.jsdelivr.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.fontawesome.com *.hotjar.io *.hotjar.com *.craftyclicks.co.uk *.bing.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.clarity.ms *.google.co.uk *.klarna.com *.google.com *.visualwebsiteoptimizer.com *.elfsight.com *.facebook.com *.tiktokw.us *.bing.net *.googlesyndication.com *.livechatinc.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com o402164.ingest.sentry.io *.sentry.io *.cardinalcommerce.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.klaviyo.com *.pinterest.com *.pinimg.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/brtj8tbu2q/report-uri; report-to report-endpoint; 1
script-src 'nonce-6zDaGRZb9JCRYcj/lEtYQg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=99defd59-4ba2-4e2d-b335-0dd67529f330; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-DqeyOyKyu2_-wjvj9L-NdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4g_DIiPsMgTp3UgWfPPwaTa2gbyBwiUKRkEUwzdZvdc-1773711887.6175935-1.0.1.1-1tc3GZsVmY2h4cfAi4EWzQEzHVjOtrBlRADlefqeqI0IC0b15TCK3cCD4wSyqEv1.lCp3SeKqZHxidvQNQUb7ErKv5Bak.YYldmXTnJQMpOhKMtpNg_0I327iwiMrrgSjajz.KTgXIwuAb9Qp28QX3fdxC_BzejzAklI3dO2md7GmOyPRlKWN7ITRaUEp31x; report-to cf-csp-endpoint 1
default-src 'self' 'report-sample'; img-src 'self' data: https://tile.openstreetmap.org; object-src 'none'; script-src 'self' 'nonce-MWNGNHlzN1FkTnVOaXhuWTFUcm45ag==' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; report-to csp; report-uri /csp-report?parent_request_id=002gf8h7qnl0mjcurns0&parent_request_id_hmac=2fdc26ddd946d7624315be7de3195e23bae68787 1
default-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-iO-8Ao3tXnmqhX6y1BEqNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; img-src https: data: 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https:; connect-src 'self' https:; upgrade-insecure-requests; block-all-mixed-content 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com/ *.doubleclick.net *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com magefan.com cm.magefan.com https://www.magezon.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
media-src 'self' data: blob: https:; frame-src 'self' https://www.deutschakademie.de https://www.deutschakademie.com https://*.facebook.com https://www.google.com/recaptcha/ https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.adtrafficquality.google https://*.paypal.com https://*.livechatinc.com https://cdn.chatbot.com https://app.hubspot.com https://js.mollie.com; frame-ancestors 'self' https://www.deutschakademie.de https://www.deutschakademie.com https://*.livechatinc.com https://cdn.chatbot.com ;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://api.livechatinc.com https://cdn.livechatinc.com https://googletagmanager.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://tagmanager.google.com https://www.provenexpert.com https://www.googletagmanager.com https://*.google-analytics.com https://cdn.chatbot.com https://connect.facebook.net; style-src 'self' 'report-sample' 'unsafe-inline' https://cdnjs.cloudflare.com *.google.com www.provenexpert.com www.googletagmanager.com https://fonts.googleapis.com https://cdn.chatbot.com https://connect.facebook.net https://www.deutschakademie.de https://www.deutschakademie.com; style-src-elem 'self' 'unsafe-inline' https://*.doofinder.com fonts.googleapis.com cdnjs.cloudflare.com https://www.gstatic.com https://www.deutschakademie.de https://www.deutschakademie.com https://cdn.jsdelivr.net/npm/ https://www.provenexpert.com/css/widget_landing.css; object-src 'self' data: *.googlesyndication.com;child-src 'self' https://*.livechatinc.com blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com; worker-src 'self' blob: www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.doofinder.com https://*.hsappstatic.net https://*.hubspot.com https://*.accessgo.de https://*.clarity.ms cdnjs.cloudflare.com *.google-analytics.com https://ajax.googleapis.com *.adtrafficquality.google https://cdnjs.cloudflare.com  https://cdn-cookieyes.com  https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://*.livechatinc.com https://googletagmanager.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://maps.google.com https://maps.googleapis.com https://tagmanager.google.com https://*.paypal.com https://www.provenexpert.com https://www.googletagmanager.com https://*.google-analytics.com https://cdn.chatbot.com https://connect.facebook.net https://www.deutschakademie.de https://www.deutschakademie.com https://js.mollie.com https://cdn.jsdelivr.net/npm/ 1
default-src 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com cdn.livechatinc.com stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.livechatinc.com *.dotit.com *.ncco.com dotit.wufoo.com stats.g.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.livechatinc.com stats.g.doubleclick.net dotit.wufoo.com www.wrike.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.livechatinc.com *.disqus.com *.dotit.com *.ncco.com stats.g.doubleclick.net cp-ywz-382.chili-publish.online cp-ywz-382.chili-publish-sandbox.online https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.livechatinc.com *.disqus.com stats.g.doubleclick.net chimpstatic.com *.wufoo.com www.youtube.com apis.google.com *.google.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com stats.g.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.livechatinc.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com dotit.wufoo.com *.smartystreets.com apis.google.com *.google.pl 'self' 'unsafe-inline'; child-src stats.g.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri stats.g.doubleclick.net 'self' 'unsafe-inline'; 1
default-src 'self' https://*.pixum.com;base-uri 'self';img-src 'self' https://assets.pixum.com https://cdn.pixum.com https://pixum-cms.imgix.net data: blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pixum.com https://app.usercentrics.eu https://gmm9n9.pixum.de https://bn3mcl4n8l.kameleoon.eu https://*.trustpilot.com https://widgets.trustedshops.com https://*.clarity.ms https://*.scarabresearch.com https://storage.googleapis.com/photo-prints-journey-builds/ https://*.pagent.ai https://spot.photoprintit.com https://www.paypal.com/sdk/js https://website-overlay.zenloop.com https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js https://zenloop-website-overlay-production.s3.amazonaws.com https://tag.mention-me.com https://static.mention-me.com https://pixum-assets.imgix.net https://unpkg.com/core-js-bundle@3.16.2/index.js https://tcan97.pixum.co.uk;connect-src 'self' https://*.pixum.com https://*.pixum-api.com https://api.usercentrics.eu https://gmm9n9.pixum.de https://bn3mcl4n8l.kameleoon.eu https://eu-data.kameleoon.eu https://pixum-assets.imgix.net https://consent-api.service.consent.usercentrics.eu https://storage.googleapis.com/pixum-api-images/ https://*.clarity.ms https://webchannel-content.eservice.emarsys.net https://*.scarabresearch.com wss://peer-service.pixum-api.com https://www.pixum.be/5fixu6 https://www.pixum.co.uk/tcan97 https://tcan97.pixum.co.uk https://api.zenloop.com https://channels-api.zenloop.com https://website-overlay.zenloop.com https://graphql.usercentrics.eu https://tag.mention-me.com https://www.paypal.com/xoplatform/logger/api/logger https://guarantee-log.trustedshops.com https://*.pagent.ai https://aggregator.service.usercentrics.eu wss://chatbot-de.photoprintit.com https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://pixum-cms.imgix.net https://photospicker.googleapis.com/v1/sessions/ blob: data: https://api.trustedshops.com/rest/internal/ https://api.trustbadge.etrusted.com/accounts/ https://data.kameleoon.eu https://mention-me.com/api/v2/event/ https://gum.criteo.com https://www.gstatic.com/draco/versioned/decoders/1.4.1/ https://faro-collector-prod-eu-west-0.grafana.net/collect/;style-src 'self' 'unsafe-inline' https://*.pixum.com;media-src 'self' data: https://cdn.pixum.com;font-src 'self' data: https://*.pixum.com https://assets.zenloop.com;frame-src 'self' https://widget.trustpilot.com https://dls.photoprintit.com https://mention-me.com https://www.youtube.com https://www.paypal.com blob:;worker-src 'self' blob:;child-src 'self' blob:; report-to csp-report-only; report-uri https://psi.pixum.com/?ns=content-security-policy-report-only&service=base&module=status&action=report 1
script-src 'nonce-aa1GppPnAebfKwG9HRPOkg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' *.auditboard.com *.optro.ai *.42chat.com *.doubleclick.net *.google.com *.googlesyndication.com *.greenhouse.io *.marketo.com *.vidyard.com *.wistia.com https://www.facebook.com https://www.youtube.com; connect-src 'self' https: *.auditboard.com *.optro.ai wss://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.addthis.com *.addthisedge.com *.auditboard.com *.optro.ai *.cloudfront.net *.google-analytics.com *.googleapis.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com https://cdn.livechatinc.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com https://use.typekit.net; frame-ancestors 'self' *.auditboard.com *.optro.ai https://*.sanity.io http://localhost:*; frame-src 'self' *.auditboard.com *.optro.ai https://app.netlify.com https://app.qualified.com https://app-ab39.marketo.com *.googletagmanager.com *.vidyard.com *.visualwebsiteoptimizer.com https://www.google.com https://excon-shell-prod.web.app https://app.vwo.com https://auditboard126.outgrow.co https://auditboard126.outgrow.us https://td.doubleclick.net *.demandbase.com *.company-target.com *.addthis.com *.auditboard.com *.optro.ai *.42chat.com *.auditboard.com.pagescdn.com *.auditboardmarketing.com.pagescdn.com *.google.com *.greenhouse.io *.marketo.com *.ps-bizzabo.com *.qualified.com *.wistia.com https://961-zqv-184.mktoweb.com https://auditboard.atlassian.net https://bid.g.doubleclick.net https://events.bizzabo.com https://js.driftt.com https://play.vidyard.com https://secure.livechatinc.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.visualize-roi.com https://www.youtube.com https://app.netlify.com https://marketo-lps.netlify.app *.marketodesigner.com https://na-ab39.marketodesigner.com; font-src 'self' data: *.auditboard.com *.optro.ai *.eventscloud.com *.gstatic.com https://use.typekit.net https://marketo-lps.netlify.app https://auditboard126.outgrow.co; img-src 'self' https: data: *.auditboard.com *.optro.ai https://optimize.google.com https://www.google-analytics.com https://p.typekit.net https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; worker-src 'self' blob: *.auditboard.com *.optro.ai; style-src 'self' 'unsafe-inline' https: *.auditboard.com *.optro.ai *.qualified.com https://use.typekit.net https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; media-src 'self' data: blob: mediastream: *.auditboard.com *.optro.ai *.livechatinc.com *.qualified.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.driftt.com https://cdn.sanity.io; object-src 'self' *.auditboard.com *.optro.ai https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://auditboardinc.wpengine.com; base-uri 'self'; form-action 'self' *.marketo.com *.marketo.net https://app-ab39.marketo.com https://961-zqv-184.mktoweb.com https://www.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.bestbroadbanddeals.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.bestbroadbanddeals.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com plausible.io consent.cookiebot.com consentcdn.cookiebot.com e.infogram.com localhost:3000; connect-src 'self' consentcdn.cookiebot.com *.fontawesome.com api.addressy.com wss://ws.hotjar.com *.hotjar.com content.hotjar.io cable.us4.list-manage.com admin.bestbroadbanddeals.co.uk stats.g.doubleclick.net plausible.io localhost:3000; img-src 'self' data: *.bestbroadbanddeals.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com 540k006f.tinifycdn.com imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.bestbroadbanddeals.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.bestbroadbanddeals.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net consentcdn.cookiebot.com e.infogram.com data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1
base-uri 'self' ; connect-src https://*.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://stats.g.doubleclick.net https://www.facebook.com https://app.five9.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.insurify.com https://insurify.com https://insurifycdn.com https://*.klaviyo.com https://*.makestories.io https://*.mixpanel.com https://*.mxpnl.com https://*.pinterest.com wss://ws.pusherapp.com https://insurify.sjv.io https://*.snapchat.com https://lux.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://*.usersnap.com https://ifrm.insurify.com https://browser-intake-datadoghq.com 'self' ; default-src 'self' ; font-src https://*.insurify.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://insurifycdn.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' data: ; form-action https://www.facebook.com https://tr.snapchat.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' ; frame-ancestors 'self' ; frame-src https://insight.adsrvr.org https://match.adsrvr.org https://cj.dotomi.com https://*.doubleclick.net https://www.emjcd.com https://www.facebook.com https://*.pinterest.com https://www.quotelab.com https://tr.snapchat.com https://www.googletagmanager.com https://widget.trustpilot.com https://app.usecanopy.com https://ifrm.insurify.com 'self' ; img-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://www.googletagmanager.com https://maps.gstatic.com https://ib.adnxs.com https://*.appsflyer.com https://segment.prod.bidr.io https://*.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://www.gstatic.com https://insurifycdn.com *.makestories.io https://*.mediaalpha.com https://*.nextinsure.com https://*.pinterest.com https://www.shopperapproved.com https://*.snapchat.com https://lux.speedcurve.com https://*.storyblok.com https://cdn.transparent.ly https://widget.trustpilot.com https://*.usersnap.com 'self' data: ; media-src *.googlevideo.com 'self' ; script-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://maps.gstatic.com https://acdn.adnxs.com https://js.adsrvr.org *.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.bootstrapcdn.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://app.five9.com https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://d.impactradius-event.com https://*.insurify.com https://insurifycdn.com https://*.jquery.com https://*.klaviyo.com https://insurance.mediaalpha.com https://*.mixpanel.com https://*.mxpnl.com https://s.pinimg.com https://*.pinterest.com https://sc-static.net https://www.shopperapproved.com https://cdn.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://unpkg.com https://*.usersnap.com https://ifrm.insurify.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.ampproject.org https://widget.trustpilot.com https://ifrm.insurify.com 'self' 'unsafe-inline' ; worker-src 'self' blob: ; report-uri https://report-uri.insurify.com/json; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.fontawesome.com *.bootstrapcdn.com *.gstatic.com 'self' data: www.googleadservices.com www.googletagmanager.com *.reevoo.com/ *.googleapis.com *.feefo.com *.speedex.gr data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com unpkg.com *.unpkg.com *.magedeploy.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net challenges.cloudflare.com unpkg.com *.unpkg.com cdnjs.cloudflare.com consentcdn.cookiebot.eu 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.designer-images.net 'self' data: unpkg.com *.unpkg.com www.themart.gr cdn.themart.gr *.cdninstagram.com sp.analytics.yahoo.com *.cookiebot.com *.google.gr *.sharethrough.com *.outbrain.com *.bidswitch.net *.dnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.adnxs.com *.id5-sync.com *.pubmatic.com *.postrelease.com *.rubiconproject.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.emxdgt.com *.yieldmo.com *.unrulymedia.com *.1rx.io data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.stat-track.com polyfill.io *.moosend.com challenges.cloudflare.com *.google.com *.gstatic.com unpkg.com *.unpkg.com cdnjs.cloudflare.com *.feefo.com *.clarity.ms skroutza.skroutz.gr static.cloudflareinsights.com *.skroutz.gr dynamic.criteo.com sslwidget.criteo.com widgets.reevoo.com go.linkwi.se s.yimg.com measurement-api.criteo.com metrics.find.gr plausible.io *.cookiebot.com *.hotjar.com *.pinimg.com *.pinterest.com *.magedeploy.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.moosend.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com unpkg.com *.unpkg.com *.reevoo.com/ *.feefo.com *.speedex.gr *.magedeploy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.stat-track.com *.m-pages.com *.m-operations.com unpkg.com *.unpkg.com *.feefo.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io widgets.reevoo.com skynet.reevoo.com measurement-api.criteo.com s.yimg.com metrics.find.gr plausible.io *.doubleclick.net *.pinterest.com *.clarity.ms *.cookiebot.com *.magedeploy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';base-uri 'none';font-src 'self' https://client.crisp.chat;form-action 'self';frame-ancestors 'self';img-src 'self' https: data: blob: https://matomo.openagenda.com https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat;object-src 'none';script-src https: 'unsafe-inline' 'strict-dynamic' 'nonce-4180189287148397' https://client.crisp.chat https://settings.crisp.chat;script-src-attr 'none';style-src 'self' 'unsafe-inline' https://cdn.openagenda.com https://client.crisp.chat;media-src 'self' https: data: https://client.crisp.chat;frame-src 'self' https://service.mtcaptcha.com https://service2.mtcaptcha.com https://game.crisp.chat;connect-src 'self' https://cdn.openagenda.com https://matomo.openagenda.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;upgrade-insecure-requests;block-all-mixed-content;report-to default;report-uri https://openagenda.com/reports 1
default-src 'self'; script-src 'self' 'nonce-uQSScm9zBGxqFrKCMq67YA==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self' https://cdn.ckeditor.com https://proxy-event.ckeditor.com; connect-src 'self' https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://www.googletagmanager.com https://analytics.google.com https://*.linkedin.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://lift3assets.lift.acquia.com https://privacyportal-eu.onetrust.com https://www.google.com https://localhost:4443 https://www.googleadservices.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/g/collect* https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://w.soundcloud.com https://www.podbean.com https://www.googletagmanager.com https://www.google.com https://maps.google.com https://view.ceros.com; img-src 'self' https://cdn.cookielaw.org https://*.global.siteimproveanalytics.io https://www.google.com blob: data: https://insights.mintz.com https://www.insights.mintz.com https://mintzlevin.prod.acquia-sites.com https://px.ads.linkedin.com/collect* https://px.ads.linkedin.com https://i.vimeocdn.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'self' https://player.vimeo.com https://w.soundcloud.com https://www.podbean.com; script-src 'self' 'wasm-unsafe-eval' https://analytics.clickdimensions.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://unpkg.com 'nonce-mRZ6v7D87BepEGIRDwxRPg'; script-src-attr 'self'; script-src-elem 'self' https://script.crazyegg.com https://events.mintz.com https://viewpoints.mintz.com https://news.mintz.com https://www.googletagmanager.com https://extend.vimeocdn.com https://analytics.google.com https://*.acquia.com https://labs.ceros.com https://sdk.ceros.com https://www.google-analytics.com https://siteimproveanalytics.com https://*.licdn.com https://*.cookielaw.org https://cdn.cookielaw.org https://view.ceros.com https://player.vimeo.com https://lift3assets.lift.acquia.com https://analytics.clickdimensions.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'nonce-mRZ6v7D87BepEGIRDwxRPg'; style-src 'self' https://script.crazyegg.com https://events.mintz.com https://viewpoints.mintz.com https://news.mintz.com https://www.googletagmanager.com https://extend.vimeocdn.com https://analytics.google.com https://*.acquia.com https://labs.ceros.com https://sdk.ceros.com https://www.google-analytics.com https://siteimproveanalytics.com https://*.licdn.com https://*.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.mintz.com/log-report-uri/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://elegant-harmony-f8a4c00980.strapiapp.com https://elegant-harmony-f8a4c00980.media.strapiapp.com https://cms.sandbox-london-b.fetch-ai.com https://res.cloudinary.com; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://www.dropbox.com https://*.dropboxusercontent.com; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'none'; base-uri 'self'; object-src 'none'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.com.pt https://www.myheritage.com.pt  'unsafe-eval' 'nonce-d3f223beb129d82a2341b77c4bdfb6a2' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.com.pt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
report-uri https://shop.southco.com/csp-report.php; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net 'self' data: testmedia.southco.com devmedia.southco.com preprodmedia.southco.com media.southco.com maxcdn.bootstrapcdn.com dev.southco.com preprod.southco.com test.southco.com southco.com preprodstatic.southco.com staticassets.southco.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * southco.my.salesforce.com d.la1-core2.sfdc-lywfpd.salesforceliveagent.com cloud.e.southco.com southco.com.br preprod.southco.com.br dev.southco.com.br https://cl.s12.exct.net/DEManager.aspx cl.s12.exct.net https://secure.ccavenue.com https://test.ccavenue.com 'self' form-action: *.icicibank.com *.wibmo.com *.americanexpress.com *.starlingbank.com www.rsa3dsauth.com acs.revolut.com *.live.ext.prod.enfuce.com authentication-acs.marqeta.com acs.capitalone.com *.acssecure.com *.danskebank.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.meetanshi.com meetanshi.com  * *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com *.addthis.com *.google.com/ *.meetanshi.com meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.magezon.com *.meetanshi.com meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: testmedia.southco.com devmedia.southco.com preprodmedia.southco.com media.southco.com preprodstatic.southco.com staticassets.southco.com dev.visualwebsiteoptimizer.com px.ads.linkedin.com www.google.co.in imgsct.cookiebot.com www.linkedin.com shop.southco.com testshop.southco.com devshop.southco.com preprodshop.southco.com dev.southco.com preprod.southco.com test.southco.com southco.com www.mageworx.com image.e.southco.com southco.box.com blob: guarantee-cdn.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com maps.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.klevu.com *.ksearchnet.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io *.shopify.com *.meetanshi.com meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com testmedia.southco.com devmedia.southco.com preprodmedia.southco.com media.southco.com preprodstatic.southco.com staticassets.southco.com dev.visualwebsiteoptimizer.com static.hotjar.com consent.cookiebot.com service.force.com s.saleswingsapp.com snap.licdn.com secure.intelligent-data-247.com script.hotjar.com d.la4-c1-phx.salesforceliveagent.com southco.my.salesforce.com d.la1-core2.sfdc-lywfpd.salesforceliveagent.com test.southco.com dev.southco.com preprod.southco.com southco.com consentcdn.cookiebot.com www.gstatic.com www.google.com js-agent.newrelic.com cdnjs.cloudflare.com cloudpages.mc-content.com southco.secure.force.com static.lightning.force.com southco.my.salesforce-sites.com cdn.jsdelivr.net *.salesforceliveagent.com player.vimeo.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com guarantee-cdn.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net assets.braintreegateway.com *.gstatic.com service.force.com/ testmedia.southco.com devmedia.southco.com preprodmedia.southco.com media.southco.com preprodstatic.southco.com staticassets.southco.com maxcdn.bootstrapcdn.com test.southco.com dev.southco.com preprod.southco.com southco.com southco.secure.force.com southco.my.salesforce-sites.com cdn.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com *.yotpo.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com api.addressy.com *.addthis.com https://get.geojs.io *.avada.io *.meetanshi.com meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com test.southco.com dev.southco.com preprod.southco.com southco.com to.go.saleswingsapp.com px.ads.linkedin.com stats.g.doubleclick.net wss://ws.hotjar.com content.hotjar.io testmedia.southco.com devmedia.southco.com preprodmedia.southco.com media.southco.com metrics.hotjar.io consentcdn.cookiebot.com preprodstatic.southco.com staticassets.southco.com vc.hotjar.io cl.s12.exct.net southco.secure.force.com pagead2.googlesyndication.com southcosearch.netsmartz.us *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com southco.my.salesforce.com d.la1-core2.sfdc-lywfpd.salesforceliveagent.com cl.s12.exct.net *.cardinalcommerce.com *.paypal.com pilot-payflowlink.paypal.com cloud.e.southco.com static.lightning.force.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com maxcdn.bootstrapcdn.com *.myfeelback.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr *.viseca.ch *.redsys.es *.monext.fr *.rpc-raiffeisen.com *.sparda.de *.citibank.com sicher-bezahlen.sparkasse.at 3ds-challenge.n26.com esecure.sia.eu *.uobgroup.com *.revolut.com *.fssnet.co.in *.e-i.com *.neuflizeobc.net *.cm-cic.com *.apata.io *.nexigroup.com *.cardcenter.ch *.gps.com.bh *.bkm.com.tr *.airplus.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.lamaisonduchocolat.com *.avis-verifies.com *.reetags.com *.prismic.io vimeo.com *.googletagmanager.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypalobjects.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.wlp-acs.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr www.googletagmanager.com *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr *.viseca.ch *.redsys.es *.monext.fr *.rpc-raiffeisen.com *.sparda.de *.citibank.com sicher-bezahlen.sparkasse.at *.arcot.com 3ds-challenge.n26.com esecure.sia.eu *.uobgroup.com *.revolut.com *.fssnet.co.in *.e-i.com *.neuflizeobc.net *.cm-cic.com *.apata.io *.nexigroup.com *.cardcenter.ch *.gps.com.bh *.bkm.com.tr *.monzo.com *.airplus.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com * *.googleapis.com *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://cm.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.fr *.linkedin.com https://rum-metrics.quanta.io *.reetags.com https://sync-t1.taboola.com https://ad.360yield.com https://ad.yieldlab.net https://contextual.media.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://ib.adnxs.com https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://match.sharethrough.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://secure.adnxs.com https://simage2.pubmatic.com https://sync.1rx.io https://sync.outbrain.com https://visitor.omnitagjs.com https://x.bidswitch.net *.prismic.io https://images.unsplash.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com lamaisonduchocolat.com *.clarity.ms *.google.com *.bing.com *.google.co.jp *.google.com.hk *.doubleclick.net *.google.ro *.google.com.sg *.google.at *.a8.net *.google.com.tw www.americanexpress.com *.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://www.clarity.ms https://appstatic.quanta.io *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://acdn.adnxs.com https://ad.avtm.fr https://analytics.optimalpeople.fr https://trk.adbutter.net prismic.io https://maps.googleapis.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.zdassets.com *.vimeo.com *.a8.net *.tradedoubler.com *.algolia.net *.algolianet.com *.prismic.io *.myfeelback.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.lamaisonduchocolat.com *.reetags.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com tagmanager.google.com *.myfeelback.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lamaisonduchocolat.com *.prismic.io *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.lamaisonduchocolat.com *.privacy-center.org https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com *.linkedin.com *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://analytics.optimalpeople.fr https://ib.adnxs.com https://maps.googleapis.com https://player.vimeo.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com yubinbango.github.io *.clarity.ms rum-metrics.quanta.io *.zdassets.com *.zendesk.com *.bing.com *.bing.net *.googlesyndication.com *.vimeo.com *.trackingplan.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-nLAInWQ/wQRN3SD4MU6xXw==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.neu.de *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.neu.de; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.posthog.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.segment.com;  style-src 'self' 'unsafe-inline';  img-src 'self' blob: data: https://*.posthog.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.google-analytics.com https://www.googletagmanager.com https://*.google.com https://*.doubleclick.net https://www.google.com.tr;  font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com;  connect-src 'self' https://*.posthog.com https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.segment.com https://api.segment.io https://vitals.vercel-insights.com https://*.doubleclick.net https://analytics.google.com https://stats.g.doubleclick.net;  object-src 'none';  base-uri 'self';  form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;  frame-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.doubleclick.net;  worker-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;  media-src https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;  frame-ancestors 'none';  manifest-src 'self' https://upstash.com; 1
script-src 'nonce-6cd07ec4eb695786bc107217e61aa9e18814039b444ee9385c2b8f5759b53e0b' 'strict-dynamic';object-src 'none';base-uri 'none';frame-ancestors 'none'; 1
base-uri 'self'; form-action 'self'; default-src 'self'; connect-src 'self' data: https://stats.nederhost.nl/ https://zammad.nederhost.nl/ wss://zammad.nederhost.nl/; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; report-to csp-endpoint; report-uri /_/report_csp_violation; script-src 'self' 'nonce-FDzUtcizC0qPOsVB' 'unsafe-eval' https://stats.nederhost.nl/ https://cdn.matomo.cloud/stats.nederhost.nl/ https://zammad.nederhost.nl/; style-src 'self' data: 'nonce-FDzUtcizC0qPOsVB' https://zammad.nederhost.nl/; style-src-attr 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-mzhwJ5W9iX/kBbnP+tlJq8j+TLbEb61L5ilYj4rRUH8='; base-uri 'none'; connect-src 'self' https://*.fontawesome.com https://*.googleapis.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; img-src data: 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://cdn.startpeople.be https://img.youtube.com https://i.ytimg.com https://imgsct.cookiebot.com https://vumbnail.com/ https://i.vimeocdn.com; object-src 'none'; style-src 'self' https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/css/bootstrap-datepicker3.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/select2@4.0.13/dist/css/select2.min.css https://cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/select2-bootstrap-5-theme.min.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css https://fonts.googleapis.com; frame-src 'strict-dynamic' 'self' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; report-to csp-endpoint; report-uri https://csp-dxp.rgfstaffing.be/csp 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.brightcove.com https://*.boltdns.net https://*.brightcovecdn.com https://*.siteimprove.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://info.mumc.nl https://www.google.com https://players.brightcove.net https://*.youtube.com https://*.vimeo.com https://heritage.mumc.nl https://www.googletagmanager.com; img-src 'self' https://metrics.brightcove.com https://*.boltdns.net https://*.ytimg.com data:; media-src 'self' https://*.brightcovecdn.com https://*.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.texthelp.com https://*.browsealoud.com https://players.brightcove.net https://vjs.zencdn.net https://cdn.rawgit.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com blob: cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.jsdelivr.net; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.mumc.nl/report-uri/reportOnly; block-all-mixed-content 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com www.searchanise.com *.searchserverapi.com staticw2.yotpo.com https://*.hotjar.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com www.searchanise.com *.searchserverapi.com *.twitter.com secure.livechatinc.com widget.trustpilot.com frame.hubbox.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com services.postcodeanywhere.co.uk *.google-analytics.com *.analytics.google.com https://*.hotjar.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io magento-recs-sdk.adobe.net www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net searchanise-ef84.kxcdn.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com cdn.cookie-script.com cdn.livechatinc.com api.livechatinc.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net widget.trustpilot.com searchserverapi.com cpage11112.pcapredict.com services.postcodeanywhere.co.uk analytics.ahrefs.com www.googleoptimize.com *.clarity.ms https://*.hotjar.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com *.twitter.com services.postcodeanywhere.co.uk maxcdn.bootstrapcdn.com https://*.hotjar.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com api.amplitude.com stats.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net services.postcodeanywhere.co.uk api.livechatinc.com *.google-analytics.com *.analytics.google.com mcprod.vapeuk.co.uk *.clarity.ms api.pwnedpasswords.com analytics.ahrefs.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xf2cfobJbKgc2bzQuJ3g9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.tgtag.io *.youtube.com *.abtasty.com *.gstatic.com *.googleapis.com *.amazonaws.com *.powerfront.com *.exacttarget.com *.adimo.co *.adimouat.co *.amazonaws.com *.formstack.com *.clarity.ms *.bing.com *.adswizz.com *.spotify.com *.googletagmanager.com *.adnxs.com *.aidemsrv.com *.criteo.com *.pinimg.com *.omguk.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.cquotient.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.site.com *.flippingbook.com *.criteo.net *.cquotient.com *.adyen.com *.doubleclick.net *.hotjar.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.paypal.com *.paypalobjects.com *.facebook.net *.googletagmanager.com *.datatoolscloud.net.au *.igodigital.com *.salesforceliveagent.com *.serving-sys.com *.force.com *.tiqcdn.com *.rezdy.com *.polyfill.io *.cloudflare.com *.subscribepro.com *.dwin1.com *.criteo.com *.adnxs.com *.salesforce.com *.wayin.com *.typekit.net *.ooyala.com *.licdn.com *.getwisp.co *.omneo.io *.vimeo.com *.formstack.com *.thefork.com.au *.resy.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.adobe.com *.cloudfront.net *.sc-static.net sc-static.net *.adsrvr.org *.googleoptimize.com *.googleanalytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.onelink-edge.com *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.byspotify.com *.abtasty.com *.tryzens.com *.powerfront.com *.exacttarget.com blob: *.adimo.co *.adimouat.co *.amazonaws.com *.clarity.ms *.bing.com *.adswizz.com *.spotify.com *.aidemsrv.com *.pinimg.com *.omguk.com commerceops.tryzens-analytics.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.cquotient.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com *.dyntrk.com unpkg.com https://hcaptcha.com https://*.hcaptcha.com *.site.com d.ratepay.com *.ratepay.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; style-src 'self' data: 'unsafe-inline' 'unsafe-hashes' *.site.com *.adyen.com *.googleapis.com *.force.com *.omneo.io *.subscribepro.com *.datatoolscloud.net.au *.salesforceliveagent.com *.ooyala.com *.formstack.com *.thefork.com.au *.go2cloud.org *.sc-static.net *.google.com *.google-analytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.byspotify.com *.abtasty.com *.gstatic.com *.powerfront.com *.exacttarget.com *.adimo.co *.adimouat.co *.amazonaws.com *.clarity.ms *.adswizz.com *.spotify.com *.googletagmanager.com *.adnxs.com *.aidemsrv.com *.criteo.com *.pinimg.com *.omguk.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.cquotient.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com https://hcaptcha.com https://*.hcaptcha.com *.site.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; img-src 'self' data: *.penfolds.com *.site.com *.cloudfront.net *.flippingbook.com *.adyen.com *.doubleclick.net *.facebook.com *.adform.net *.mediavine.com *.postrelease.com *.360yield.com *.twiago.com *.adscale.de *.1rx.io *.meba.kr *.rubiconproject.com *.aralego.com *.daum.net *.adsrvr.org *.dotomi.com *.contextweb.com *.admixer.co.kr *.adsymptotic.com *.smrtb.com *.bnmla.com *.tpmn.co.kr *.zemanta.com *.stackadapt.com *.kakao.com *.toast.com *.outbrain.com *.addthis.com *.gstatic.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bidswitch.net *.salesforce.com *.googletagmanager.com *.googleapis.com *.paypal.com *.mookie1.com *.igodigital.com *.adnxs.com *.googleadservices.com *.zenaps.com *.placeholder.com *.facebook.net *.3lift.com *.ad-stir.com *.adtdp.com *.advertising.com *.bing.com *.casalemedia.com *.clmbtech.com *.criteo.com *.dmxleo.com *.ivitrack.com *.mgid.com *.omnitagjs.com *.pubmatic.com *.rlcdn.com *.sharethrough.com *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.tapad.com *.yahoo.com *.yieldmo.com *.dable.io *.adingo.jp *.gssprt.jp *.microad.jp *.demandware.net *.media.net *.openx.net *.smaato.net *.smartclip.net *.yieldlab.net *.teads.tv *.ants.vn *.adswizz.com *.serving-sys.com *.unsplash.com *.typekit.net *.linkedin.com *.vimeocdn.com *.hotjar.com *.mathtag.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.abtasty.com *.amazonaws.com *.powerfront.com *.exacttarget.com blob: *.adimo.co *.adimouat.co *.amazonaws.com *.formstack.com *.clarity.ms *.bing.com *.spotify.com *.aidemsrv.com *.pinimg.com *.omguk.com *.cquotient.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com *.dyntrk.com cdn.n.dynstc.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; font-src 'self' data: *.site.com *.sfdcstatic.com *.gstatic.com *.typekit.net *.hotjar.com *.ooyala.com *.formstack.com *.go2cloud.org *.inside-graph.com *.fouanalytics.com *.byspotify.com *.abtasty.com *.googleapis.com *.powerfront.com *.exacttarget.com blob: *.adimo.co *.adimouat.co *.amazonaws.com *.clarity.ms *.bing.com *.adswizz.com *.spotify.com *.googletagmanager.com *.adnxs.com *.aidemsrv.com *.facebook.com *.criteo.com *.pinimg.com *.omguk.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.cquotient.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com; connect-src 'self' *.site.com *.analytics.google.com analytics.google.com *.flippingbook.com *.hotjar.com *.hotjar.io *.serving-sys.com *.paypal.com *.tryzens-analytics.com:12280 *.tryzens-analytics.com:12443 *.google-analytics.com *.googleapis.com *.tealiumiq.com *.facebook.net *.demandware.net *.ooyala.com *.getomneo.com *.force.com wss: *.yimg.com *.adobe.io *.snapchat.com *.onelink-edge.com *.inside-graph.com *.fouanalytics.com *.youtube.com *.byspotify.com *.abtasty.com https://google.com *.google.com *.adyen.com *.powerfront.com *.exacttarget.com *.adimo.co *.adimouat.co *.amazonaws.com *.formstack.com *.clarity.ms *.bing.com *.adswizz.com *.spotify.com *.googletagmanager.com *.adnxs.com *.aidemsrv.com *.facebook.com *.criteo.com *.pinimg.com *.omguk.com *.cquotient.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com commerceops.tryzens-analytics.com https://hcaptcha.com https://*.hcaptcha.com *.site.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; frame-src 'self' bytedance: sslocal: *.adsrvr.org *.vintagejournal.co *.doubleclick.net *.paypalobjects.com *.adyen.com *.hotjar.com *.facebook.com *.criteo.net *.paypal.com *.google.com *.force.com *.rezdy.com *.matterport.com *.criteo.com *.vimeo.com *.wayin.com *.typekit.net *.ooyala.com *.snazzymaps.com https://snazzymaps.com *.spotify.com *.exacttarget.com *.sfmc-content.com *.thefork.com.au *.lafourchette.com *.resy.com vimeo.com *.serving-sys.com *.flipsnack.com *.adobe.com *.opinionstage.com *.cloudfront.net *.penfolds.com *.snapchat.com *.bing.com *.inside-graph.com *.fouanalytics.com *.youtube.com *.byspotify.com *.abtasty.com *.gstatic.com *.googleapis.com *.amazonaws.com *.powerfront.com *.exacttarget.com *.adimo.co *.adimouat.co *.amazonaws.com *.formstack.com *.clarity.ms *.adswizz.com *.spotify.com *.googletagmanager.com *.adnxs.com *.aidemsrv.com *.pinimg.com *.omguk.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.cquotient.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com https://hcaptcha.com https://*.hcaptcha.com *.site.com analytics.tiktok.com *.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com; worker-src 'self' blob: *.datatoolscloud.net.au *.adyen.com *.cloudflare.com *.cquotient.com *.dwin1.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.igodigital.com *.licdn.com *.paypal.com *.paypalobjects.com *.rezdy.com *.salesforceliveagent.com *.serving-sys.com *.tiqcdn.com *.polyfill.io *.doubleclick.net *.facebook.net 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.getwisp.co *.criteo.com *.subscribepro.com *.youtube.com *.powerfront.com *.exacttarget.com *.adimo.co *.adimouat.co *.amazonaws.com *.formstack.com *.clarity.ms *.bing.com *.adswizz.com *.spotify.com *.adnxs.com *.aidemsrv.com *.facebook.com *.pinimg.com *.omguk.com *.cquotient.com *.abtasty.com *.bing.com *.cellardoor.co *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.fouanalytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.igodigital.com *.linkedin.com *.omneo.io *.penfolds.cn *.penfolds.com *.salesforce.com *.salesforceliveagent.com *.spotify.com *.subscribepro.com *.tealiumiq.com *.tiqcdn.com *.vimeocdn.com *.wolfblass.com *.pinterest.com *.linkedin.com *.licdn.com *.smartadserver.com; frame-ancestors 'self' data: *.site.com;; report-uri https://tweau-csp.tryzens-analytics.com; 1
default-src 'self' *.nscc.ca; img-src 'self' *.nscc.ca *.gstatic.com *.fontawesome.com *.google.ca *.google.com www.google-analytics.com app.careerbeacon.com s3.amazonaws.com syndication.twitter.com www.facebook.com *.monsido.com data: www.googletagmanager.com maps.googleapis.com https://ad.doubleclick.net https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://i.ytimg.com/vi_webp/ https://syndicatedsearch.goog https://ep1.adtrafficquality.google https://alb.reddit.com; font-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.gstatic.com cdn.kendostatic.com data:; style-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.google.com app.simplycast.ca widget.alongside.com cdn.kendostatic.com kendo.cdn.telerik.com tags.srv.stackadapt.com www.googletagmanager.com static-assets-ca.libanswers.com https://kendo.cdn.telerik.com 'unsafe-inline'; script-src 'self' *.nscc.ca *.google.com *.googleapis.com *.gstatic.com https://googleads.g.doubleclick.net *.fontawesome.com *.google-analytics.com *.googletagmanager.com app.simplycast.ca *.youtube.com widget.alongside.com platform.twitter.com lgapi-ca.libapps.com https://ep2.adtrafficquality.google islpronto.islonline.net ca.libraryh3lp.com api3-ca.libcal.com cdn.kendostatic.com *.monsido.com *.crazyegg.com connect.facebook.net tags.srv.stackadapt.com js.adsrvr.org blob: static-assets-ca.libanswers.com https://jsonip.com https://server402.islonline.net/live/islpronto https://code.jquery.com https://unpkg.com https://cdn.kendostatic.com/2023.3.1010/js/* https://kendo.cdn.telerik.com https://qvdt3feo.com/events.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/static/ https://www.redditstatic.com 'unsafe-inline'; connect-src 'self' *.nscc.ca www.google-analytics.com https://www.google.com https://ad.doubleclick.net csp.withgoogle.com ka-p.fontawesome.com kit.fontawesome.com api3-ca.libcal.com *.crazyegg.com tags.srv.stackadapt.com *.monsido.com analytics.google.com stats.g.doubleclick.net maps.googleapis.com https://px.ads.linkedin.com/ https://px.ads.linkedin.com/wa/ https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://ep1.adtrafficquality.google https://www.google.ca https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://mpc-prod-27-s6uit34pua-uk.a.run.app https://pixel-config.reddit.com; frame-src 'self' *.youtube.com *.google.com https://www.googletagmanager.com syndication.twitter.com platform.twitter.com ca.libraryh3lp.com *.fls.doubleclick.net insight.adsrvr.org cckc.airtime.pro www.facebook.com https://player.vimeo.com https://td.doubleclick.net https://app.simplycast.ca https://match.adsrvr.org/track/upb/* https://ep2.adtrafficquality.google; frame-ancestors 'self' *.nscc.ca:*; 1
default-src amplitude.com *.amplitude.com cash.app *.cash.app cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com datatables.net *.datatables.net doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.com *.google.com googletagmanager.com *.googletagmanager.com jquery.com *.jquery.com paypal.com *.paypal.com sentry.io *.sentry.io tiny.cloud *.tiny.cloud tinymce.com *.tinymce.com citconpay.com *.citconpay.com facebook.net *.facebook.net google.co.uk *.google.co.uk kcp.co.kr *.kcp.co.kr ngrok-free.app *.ngrok-free.app sift.com *.sift.com 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wOh0y23ACXKnqxz2_t3Nbwi_IuJCjD04Pji6r1IDgFs-1773712301.5443418-1.0.1.1-lDndDSC.G.r9zdBAWeNkCuNUhBuYMhT6JR5g.O6cj9nSF5ug6Qp4gZxULJbzJJAWKcHBQ3canazKqJfRl47r6.BKRPrmKx4ARyHau245HHGE24ysTaUm100kbeJFOZPBTWuFfPTe8eRet7lL5AqWJOT7Zq98cdUkzU6.FXYCwmj5mOeezCp46Av3eTdCVfqr; report-to cf-xhbympszketrrcia 1
report-uri /core/api/Monitoring/SaveCSPReport 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.u-srv.net https://connect.facebook.net https://static.zdassets.com https://js.zdassets.com https://bam.nr-data.net https://js-agent.newrelic.com https://gtm.uppababy.com https://cdn.cookielaw.org https://analytics.tiktok.com https://applepay.cdn-apple.com https://cdn.attn.tv https://ui.powerreviews.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ekr.zdassets.com https://t.contentsquare.net https://vnuvb.uppababy.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.zdassets.com https://ui.powerreviews.com https://p.typekit.net; img-src 'self' data: https://uppababy.com https://cdn.uppababy.com https://prod.uppababy.com https://back.prod.uppababy.com https://back.uppababy.com https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://static.zdassets.com https://cdn.u-srv.net https://bam.nr-data.net https://cdn.cookielaw.org https://gtm.uppababy.com https://analytics.tiktok.com https://cdn.attn.tv https://ui.powerreviews.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ekr.zdassets.com https://t.contentsquare.net https://c.az.contentsquare.net https://www.google.com; font-src 'self' https://fonts.gstatic.com https://p.typekit.net https://ui.powerreviews.com https://use.typekit.net; connect-src 'self' https://back.uppababy.com https://back.prod.uppababy.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://connect.facebook.net https://bam.nr-data.net https://js-agent.newrelic.com https://static.zdassets.com https://k-us1.az.contentsquare.net https://t.contentsquare.net https://c.az.contentsquare.net https://cdn.cookielaw.org https://events.attentivemobile.com https://vnuvb.uppababy.com https://uppababy-us.attn.tv https://uppababy1730824702.zendesk.com https://uppababy.zendesk.com https://ekr.zdassets.com https://analytics.tiktok.com https://cdn.attn.tv https://gtm.uppababy.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://ui.powerreviews.com wss://widget-mediator.zopim.com; frame-src https://www.youtube.com https://static.zdassets.com https://gtm.uppababy.com https://connect.facebook.net; media-src 'self' https://static.zdassets.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com consentcdn.cookiebot.com service.force.com *.livestory.io *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net s.ytimg.com * *.bird.eu 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adobedtm.com dev.visualwebsiteoptimizer.com *.exacttarget.com *.google.it/pagead/1p-user-list serverside.stiga.com *.cookiebot.com via.placeholder.com maps.googleapis.com *.teads.tv www.xtento.com *.trustpilot.com imgsct.cookiebot.com *.livestory.io cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.youtube.com video.google.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.klarna.com consent.cookiebot.com *.collect.igodigital.com serverside.stiga.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.salesforce-scrt.com *.site.com *.mczbf.com *.emjcd.com dev.visualwebsiteoptimizer.com *.clarity.ms *.imedia.cz consentcdn.cookiebot.com *.teads.tv *.seznam.cz *.xtento.com *.livestory.io *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com getfirebug.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com service.force.com *.klarnacdn.net *.site.com *.livestory.io *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.google-analytics.com *.facebook.com *.facebook.net api.addressy.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com consentcdn.cookiebot.com *.googlesyndication.com dev.visualwebsiteoptimizer.com serverside.stiga.com *.klarna.com *.klarnaevt.com trustpilot.com googleads.g.doubleclick.net *.teads.tv *.clarity.ms noembed.com *.livestory.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net apps.bazaarvoice.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com esqa.moneris.com www3.moneris.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com e.bmr.co www.facebook.net www.facebook.com ct.pinterest.com td.doubleclick.net static.addtoany.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net *.ddlnk.net https://axeptio.imgix.net apps-stg.bazaarvoice.com www.bmr.ca  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat static.hotjar.com script.hotjar.com survey.hotjar.com www.facebook.net www.facebook.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net *.wishabi.com *.wishabi.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com https://*.axept.io e.bmr.co js-agent.newrelic.com s.pinimg.com ct.pinterest.com static.hotjar.com script.hotjar.com connect.facebook.net connect.facebook.com plausible.io cdn.cookielaw.org maps.googleapis.com www.gstatic.com r2-t.trackedlink.net bam.nr-data.net bam-cell.nr-data.net static.addtoany.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net p.flipp.com cdn-gateflipp.flippback.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://www.bmr.ca 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com *.punchout2go.com static.hotjar.com script.hotjar.com cdn.cookielaw.org www.gstatic.com aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.axept.io https://*.axeptio.eu https://*.axeptio.techimg-src https://axeptio.imgix.net network-a.bazaarvoice.com network-stg-a.bazaarvoice.com apps-stg.bazaarvoice.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com wss://*.hotjar.com *.hotjar.io www.facebook.com ct.pinterest.com plausible.io cdn.cookielaw.org maps.googleapis.com stats.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net aq.flippenterprise.net dam.flippenterprise.net cdn.flippenterprise.net p.flipp.com cdn-gateflipp.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a4825dc4-e033-47b9-830c-751e434948c6.sansec.watch/; report-to report-endpoint; 1
; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klaviyo.com *.paypalobjects.com *.licdn.com *.clarity.ms https://ttz41d7zd1.execute-api.eu-west-1.amazonaws.com/Prod/js storage.googleapis.com cdn.mxpnl.com *.finance-calculator.co.uk angus.finance-calculator.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com *.dotdigital-pages.com script.hotjar.com player.vimeo.com www.googleoptimize.com *.bookingbug.com *.paypal.com static.trackedweb.net *.trackedlink.net *.gstatic.com static.zdassets.com *.trustpilot.com optimize.google.com tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.net *.cquotient.com services.postcodeanywhere.co.uk cdn.cquotient.com www.googletagmanager.com googleads.g.doubleclick.net https://iploc.tryzens-analytics.com:12443 *.pcapredict.com maps.googleapis.com services.postcodeanywhere.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com *.sub2tech.com www.google-analytics.com p.cquotient.com static.hotjar.com www.googleadservices.com *.adyen.com geolocation.onetrust.com cdn.cookielaw.org *.googletagmanager.com extend.vimeocdn.com *.christopherward.com *.appointedd.com *.ratepay.com unpkg.com *.tryzens-analytics.com tally.so *.tally.so; style-src 'self' 'unsafe-inline' *.klaviyo.com angus.finance-calculator.co.uk storage.googleapis.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.paypalobjects.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com *.adyen.com optimize.google.com tagmanager.google.com foursixty.com cdn.jsdelivr.net fonts.googleapis.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.christopherward.com; frame-src 'self' *.doubleclick.net storage.googleapis.com *.surveymonkey.com *.finance-calculator.co.uk *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.dotdigital-pages.com *.bookingbug.com vars.hotjar.com *.paypal.com *.paypalobjects.com *.google.com widget.trustpilot.com *.youtube.com *.vimeo.com optimize.google.com www.facebook.com *.klarnaservices.com *.adyen.com extend.vimeocdn.com *.appointedd.com tally.so *.tally.so https://www.googletagmanager.com https://data.christopherward.com; child-src 'none'; img-src 'self' data: *.doubleclick.net *.vimeocdn.com *.clarity.ms px.ads.linkedin.com c.bing.com storage.googleapis.com angus.finance-calculator.co.uk *.paypalobjects.com dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com www.jrni.com *.bookingbug.com *.paypal.com stats.g.doubleclick.net *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com edge.disstg.commercecloud.salesforce.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com cdn.sub2tech.com *.sub2tech.com www.google-analytics.com *.paypalobjects.com static.secure-afterpay.com.au um.simpli.fi www.instagram.com www.googletagmanager.com services.postcodeanywhere.co.uk pixel.mathtag.com aa.agkn.com cx.atdmt.com www.facebook.com *.pbbl.co *.optimove.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googleapis.com *.google.com *.adyen.com t1.stormiq.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.christopherward.com *.cloudflare.com *.ctfassets.net bat.bing.net; font-src 'self' data: www.christopherward.com fonts.gstatic.com res.cloudinary.com *.paypalobjects.com googleads.g.doubleclick.net; connect-src 'self' *.onetrust.com *.mixpanel.com *.klaviyo.com *.collector-11207.tvsquared.com g.clarity.ms clarity.ms collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com angus.finance-calculator.co.uk dmtrk.net dmtrk.com r1.dmtrk.net r1.dmtrk.com r2.dmtrk.net r2.dmtrk.com r3.dmtrk.net r3.dmtrk.com ddlnk.net ddlnk.com r1.ddlnk.net r1.ddlnk.com r2.ddlnk.net r2.ddlnk.com r3.ddlnk.net r3.ddlnk.com t.trackedlink.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net webinsight.s3.amazonaws.com static.trackedweb.net trackedweb.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net i.emlfiles.com i.emlfiles1.com i.emlfiles2.com i.emlfiles3.com i.emlfiles4.com i.emlfiles5.com i.emlfiles6.com i.emlfiles7.com i.emlfiles8.com i.emfiles9.com r1.dotmailer-surveys.com r2.dotmailer-surveys.com r3.dotmailer-surveys.com r1.dotdigital-surveys.com r2.dotdigital-surveys.com r3.dotdigital-surveys.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.paypal.com *.adyen.com widget.trustpilot.com wss://widget-mediator.zopim.com christopherward.zendesk.com *.trackedweb.net ekr.zdassets.com https://ttz41d7zd1.execute-api.eu-west-1.amazonaws.com/Prod/js* *.klarnaevt.com stats.g.doubleclick.net www.facebook.com https://www.tryzens-analytics.com:12280 *.pinterest.com *.klarnauserservices.com *.optimove.events www.google-analytics.com *.hotjar.com *.optimove.net *.hotjar.io https://uat.tryzens-analytics.com:12280 api.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat google.com/pay extend.vimeocdn.com unpkg.com *.tryzens-analytics.com player.vimeo.com download-video-ak.vimeocdn.com px.ads.linkedin.com https://data.christopherward.com ; form-action 'self' http://portal.afterpay.com http://portal-sandbox.afterpay.com *.playground.klarna.com *.klarna.com *.afterpay.com www.facebook.com *.collector-11207.tvsquared.com collector-11207.tvsquared.com bat.bing.com cdn.sub2tech.com *.sub2tech.com *.paypal.com *.adyen.com https://data.christopherward.com px.ads.linkedin.com; media-src 'self' static.zdassets.com res.cloudinary.com *.akamaized.net download-video-ak.vimeocdn.com player.vimeo.com;; report-uri https://chw-csp.tryzens-analytics.com; 1
connect-src 'self' noembed.com *.plyr.io *.usercentrics.eu tracker.muellergroup.com translate.googleapis.com; img-src 'self' data: *.ytimg.com *.usercentrics.eu translate.google.com fonts.gstatic.com www.facebook.com; default-src 'self' 'unsafe-inline' *.usercentrics.eu *.youtube.com tracker.muellergroup.com data: connect.facebook.net; frame-src *.youtube.com *.youtube-nocookie.com; report-uri https://www.muellergroup.com/@http-reporting?csp=report&requestTime=1773715591256757&requestHash=5a062e94543786e200787cbbc19f86e040e19244 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.usablenet.com *.udev1a.net *.narvar.com *.narvar.qa *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn https://logistics-stage.ecpay.com.tw/Express/map https://logistics.ecpay.com.tw/Express/map https://logistics-stage.ecpay.com.tw/helper/printTradeDocument https://logistics.ecpay.com.tw/helper/printTradeDocument *.twitter.com *.usablenet.com *.udev1a.net https://plumrocket.com *.authorize.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn landofcoder.com maps.googleapis.com chart.googleapis.com *.twitter.com *.usablenet.com *.udev1a.net https://plumrocket.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://accounts.google.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.usablenet.com *.udev1a.net *.clarity.ms *.bing.com *.nofraud.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.facebook.com/tr/ *.tiktok.com *.googlesyndication.com *.google.com *.criteo.com *.narvar.com *.narvar.qa hexagon-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com maps.googleapis.com chart.googleapis.com *.mookie1.com 'self' *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com *.usablenet.com *.udev1a.net *.nofraud.com *.clarity.ms *.mmapiws.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.facebook.net *.facebook.com *.facebook.com/tr/ *.tiktok.com *.criteo.com *.bing.com cdn.sift.com api3.veritrans.co.jp *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com self *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.usablenet.com *.udev1a.net *.bing.com *.criteo.com assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com maps.googleapis.com chart.googleapis.com self *.cloudflare.com *.twitter.com *.twimg.com *.usablenet.com *.udev1a.net *.nofraud.com *.clarity.ms *.mmapiws.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.facebook.net *.facebook.com *.facebook.com/tr/ *.tiktok.com *.criteo.com api3.veritrans.co.jp *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://accounts.google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 1
default-src 'self' *.fls.doubleclick.net *.google-analytics.com *.overdrive.com bam.nr-data.net connect.facebook.net hello.myfonts.net stats.g.doubleclick.net tracking.crazyegg.com/clock; connect-src 'self' *.google-analytics.com analytics.google.com bam.nr-data.net hello.myfonts.net manager.us.smartlook.cloud script.crazyegg.com/pages/data-scripts/0023/8294.json stats.g.doubleclick.net tracking.crazyegg.com/clock www.facebook.com/tr/ api.digioh.com jsapi.azurewebsites.net analytics.digioh.com; script-src 'self' apis.google.com/js/platform.js bam.nr-data.net connect.facebook.com connect.facebook.net js-agent.newrelic.com script.crazyegg.com servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js web-sdk.smartlook.com www.google-analytics.com/analytics.js www.googletagmanager.com cdn.digioh.com scripts.digioh.com lightboxcdn.digioh.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' apis.google.com/ apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/platform.js bam.nr-data.net connect.facebook.net js-agent.newrelic.com/ script.crazyegg.com/pages/scripts/0023/8294.js script.crazyegg.com/pages/versioned/common-scripts/ servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js web-sdk.smartlook.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google.com/recaptcha www.googletagmanager.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-SZQkbvg5qEoZCsjnxgXvHLnpRi0='; img-src 'self' data: images.contentreserve.com/ img1.od-cdn.com servedbyadbutler.com/getad.img/ t.co/i/ www.facebook.com/tr/ www.google-analytics.com/collect www.google.com/ads/ www.googletagmanager.com/a www.googletagmanager.com/td cdn.digioh.com *.google-analytics.com *.doubleclick.net; frame-src 'self' 9250847.fls.doubleclick.net accounts.google.com/ classroom.google.com www.facebook.com/ www.gstatic.com/; worker-src blob:; object-src 'none'; report-uri https://itsentry.overdrive.com/api/13/security/?sentry_key=86a98bc6ee19c71aed01755910f50c3c 1
default-src 'self' wss: *.gravatar.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com *.countyofsb.org * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src 'self' blob: *; font-src * 'self' data: *.fontawesome.com * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 1
object-src 'none';base-uri 'self';script-src 'nonce-d0txhMtGkefVM0ZtoarPPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.inpost.pl *.fontawesome.com https://geowidget.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://fonts.gstatic.com https://cdn.thulium.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.inpost.pl https://geowidget-app.inpost.pl/ https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com data.imoje.pl *.inpost.pl *.disqus.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://cmp.uniconsent.com https://www.google.pl https://www.facebook.com/ https://data.imoje.pl https://imgsct.cookiebot.com https://www.google.nl https://maps.gstatic.com/ *.clarity.ms *.clarity.com https://maps.googleapis.com https://c.bing.com blob: https://cdn.thulium.com https://e24files.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js paywall.imoje.pl sandbox.paywall.imoje.pl *.inpost.pl *.disqus.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrbox.com https://connect.facebook.net https://cmp.uniconsent.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://analytics.tiktok.com *.clarity.ms *.clarity.com https://unpkg.com https://cdn.thulium.com https://browser.sentry-cdn.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.inpost.pl *.fontawesome.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrcdn.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.bunny.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.inpost.pl https://geowidget.easypack24.net https://cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://region1.analytics.google.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com  https://maps.googleapis.com/ https://player.vimeo.com *.inpost.pl *.easypack24.net *.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.snrbox.com https://www.sentry.macopedia-dev.pl https://cmp.uniconsent.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.pl https://www.google.com https://consent.cookiebot.com  https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://googleads.g.doubleclick.net https://analytics.tiktok.com *.clarity.ms *.clarity.com https://cdn.thulium.com wss://chat-proxy-service.thulium.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://d13qcyivyon4xf.cloudfront.net https://*.recollect.net https://www2.elpasotexas.gov https://*.piktochart.com https://elpasotx.citysourced.com https://alive5.com https://*.pure.cloud https://td.doubleclick.net https://*.userway.org https://*.powerbigov.us 'self' data:; script-src https://*.fontawesome.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' https://*.cloudflare.com https://*.jsdelivr.net https://*.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' https://googletagmanager.com https://acsbapp.com https://*.pure.cloud https://*.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' https://*.userway.org https://alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' https://*.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=' 'sha256-ogBzyJChbukfa3Sy3FmuFfBT4HErpPzLDY1mDXuD08I=' https://*.clarity.ms 'sha256-1Mtgu0LP1N914Q7hPqP5oj1G7I5kj4eUK9emzGHCGU0=' https://*.youtube.com 'sha256-ISZqhiP5lsW/o4tzWAjiLcmBSgn4ci50MHTdBAJeJzo=' https://*.googleadservices.com 'unsafe-eval' https://*.facebook.net https://*.adtrafficquality.google https://*.cloudflareinsights.com 'self' 'report-sample' 'nonce-b536a9d61e3402f7'; style-src https://*.googleapis.com https://*.fontawesome.com https://*.google.com https://*.jsdelivr.net https://*.typekit.net https://*.fastly.net https://alive5.com https://*.userway.org https://*.gstatic.com 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.fontawesome.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://googletagmanager.com https://*.acsbapp.com https://webmessaging.usw2.pure.cloud https://*.pure.cloud https://*.userway.org https://*.alive5.com https://alive5.com https://*.clarity.ms https://*.adtrafficquality.google https://*.g.doubleclick.net https://*.googleapis.com 'self' data:; font-src https://*.gstatic.com https://*.fontawesome.com https://*.jsdelivr.net https://*.typekit.net https://*.fastly.net https://acsbapp.com https://*.userway.org 'self' data:; img-src https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.jsdelivr.net https://*.fastly.net https://*.recollect.net https://*.piktochart.com https://*.userway.org https://*.alive5.com https://*.clarity.ms https://*.gstatic.com https://*.googletagmanager.com https://*.bing.com https://tip411.com https://*.tip411.com https://*.adtrafficquality.google https://*.g.doubleclick.net https://*.google.com.mx 'self' data:; Strict-Transport-Security max-age=31536000; frame-src https://syndicatedsearch.goog https://www2.elpasotexas.gov https://alive5.com https://*.youtube.com https://*.powerbigov.us https://*.google.com https://*.adtrafficquality.google https://*.userway.org https://googletagmanager.com https://coepgis.map.arcgis.com https://*.googletagmanager.com https://tip411.com https://*.tip411.com 'self'; media-src https://*.gstatic.com 'self'; script-src-elem https://*.fontawesome.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' https://*.cloudflare.com https://*.jsdelivr.net https://*.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' https://googletagmanager.com https://acsbapp.com https://*.pure.cloud https://*.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' https://*.userway.org https://alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' https://*.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=' 'sha256-ogBzyJChbukfa3Sy3FmuFfBT4HErpPzLDY1mDXuD08I=' https://*.clarity.ms 'sha256-1Mtgu0LP1N914Q7hPqP5oj1G7I5kj4eUK9emzGHCGU0=' https://*.youtube.com 'sha256-ISZqhiP5lsW/o4tzWAjiLcmBSgn4ci50MHTdBAJeJzo=' https://*.googleadservices.com 'unsafe-eval' https://*.facebook.net https://*.adtrafficquality.google 'sha256-RlhVC6WGhVrcsY0hAmbU/YhaSUz2iA2q1f16/7A6jLU=' 'self' 'report-sample' 'nonce-b536a9d61e3402f7'; frame-ancestors 'self'; 1
script-src 'strict-dynamic' 'nonce-636f769e7d4fe734565105d10d5ce80b' 'unsafe-inline' 'unsafe-eval' https: ; frame-ancestors 'self' ; base-uri 'self'; object-src 'none'; report-uri https://csp.phenompeople.com/violations; 1
default-src 'self'  'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://recaptcha.net/ https://gstatic.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://assets.adobedtm.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://recaptcha.net/ https://gstatic.com/; font-src 'self' https://cdn.jsdelivr.net/; img-src 'self' https: data: blob:; connect-src https:; frame-src 'self' https://recaptcha.net/ https://gstatic.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://clydesdalebankplc.demdex.net/; frame-ancestors 'none'; 1
default-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval'    cdn.jsdelivr.net cdnjs.cloudflare.com    www.googletagmanager.com www.google-analytics.com    pagead2.googlesyndication.com www.googleadservices.com    www.gstatic.com securepubads.g.doubleclick.net    use.typekit.net www.youtube.com s.ytimg.com    js.hsforms.net www.googletagservices.com    www.google.com ep2.adtrafficquality.google    tpc.googlesyndication.com;     style-src 'self' 'unsafe-inline'    cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com use.typekit.net p.typekit.net;     font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com use.typekit.net;     img-src 'self' data: *;     media-src 'self' https://video.aapg.org blob: data:;     connect-src 'self' * https://video.aapg.org;     frame-src *;     object-src 'none';     base-uri 'self';     form-action *;     frame-ancestors *; 1
default-src asdf.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=z04.ejIWNwSrkSfXaZXLipYJNkxWBHQdnOwDA1sFCzY-1773709657.9513986-1.0.1.1-UjSO6QpEccz23YIuRqGNWYR7oIMkSefDLYbxeNbNWtpIfTzlxF5VTR3siVixliAOVLeNVrWmp2hlsdXVrzbznMX1oa2HQLbS.QT2UnRTDdci1poAE7cWWoXl0hhS6wEfMPTB3AXf7ZHCVBs0hgws_GV.mTGhuZmLAHYv.Dm8FfYcbay0QEUPhxRAti_tol9H; report-to cf-prykuguhypxbdzfi 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net cdn.shirtspace.com *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com *.paypal.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.ckeditor.com io.clickguard.com acsbapp.com sc-static.net api.ipify.org cdnjs.cloudflare.com *.easysize.me *.klaviyo.com unleash.shirtspace.com unpkg.com *.frontapp.com cdn.shirtspace.com 'nonce-'; style-src 'self' cdn.shirtspace.com *.googleapis.com *.typekit.net *.typeform.com *.ckeditor.com cdnjs.cloudflare.com *.easysize.me *.klaviyo.com 'unsafe-inline' 'nonce-'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.pinterest.com www.youtube.com *.acsbapp.com accessibe.com player.vimeo.com tr.snapchat.com tpc.googlesyndication.com *.easysize.me *.typeform.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com *.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com io.clickguard.com bam.nr-data.net *.klaviyo.com *.easysize.me unleash.shirtspace.com cdn.shirtspace.com 1
child-src 'self'; connect-src 'self' https://*.clarity.ms https://ad.doubleclick.net https://consent.app.cookieinformation.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://maps.googleapis.com https://ms01.nasjonalmuseet.no https://northeurope-2.in.applicationinsights.azure.com https://o4509280890519552.ingest.de.sentry.io https://policy.app.cookieinformation.com https://prod-nasjonalmuseet-favorites-api.azurewebsites.net https://region1.google-analytics.com https://shop.nasjonalmuseet.no https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.nasjonalmuseet.no; default-src 'self'; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com; frame-src 'self' https://11993474.fls.doubleclick.net https://auth.nasjonalmuseet.no https://ms01.nasjonalmuseet.no https://policy.app.cookieinformation.com https://www.instagram.com https://www.youtube.com; img-src 'self' data: https://ad.doubleclick.net https://ade.googlesyndication.com https://cdn.auth0.com https://maps.googleapis.com https://maps.gstatic.com https://ms01.nasjonalmuseet.no https://perf-na1.hsforms.com https://shop.nasjonalmuseet.no https://track.hubspot.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.auth0.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hubspot.com https://js.monitor.azure.com https://maps.googleapis.com https://policy.app.cookieinformation.com https://scripts.clarity.ms https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; media-src https://gamma.nasjonalmuseet.no https://www.nasjonalmuseet.no; report-to stott-security-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com *.googleapis.com https://www.gstatic.com applepay.cdn-apple.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com api-qa.payplug.com secure-qa.payplug.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com https://images.unsplash.com https://*.afflelou.com https://p.sharinpix.com *.googlesyndication.com https://editor-assets.abtasty.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://flagcdn.com https://mafranchise.afflelou.com https://cms-mafranchise.afflelou.com https://mcstaging.afflelou.com https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.disqus.com https://maps.googleapis.com https://eu1-config.doofinder.com https://*.googlesyndication.com https://halc.iadvize.com https://static.iadvize.com https://iadvize.com https://static.livechat.iadvize.com https://api.iadvize.com https://try.abtasty.com https://msr.afflelou.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com afflelou.containers.piwik.pro https://vto-advanced-integration-api.fittingbox.com/ https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://cdn.payplug.com https://cdn-qa.payplug.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://try.abtasty.com https://cdn.fonts.net *.doofinder.com assets.braintreegateway.com https://secure-magenta.dalenys.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://cdn.plyr.io https://*.googlesyndication.com https://halc.iadvize.com https://api.iadvize.com https://collector.iadvize.com wss://*.iadvize.com https://*.abtasty.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.fonts.net *.doofinder.com wss://*.doofinder.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com afflelou.piwik.pro afflelou.containers.piwik.pro https://dev.visualwebsiteoptimizer.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://bohds.afflelou.com https://bohds.afflelou.es https://bohds.afflelou.be https://bohds.afflelou.ch https://bohds.afflelou.pt https://bohds.afflelou.ma 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net 'self' data: js.klevu.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' www.google.com 'self' *.affirm.com 'self' *.vimeo.com 'self' *.sharethis.mgr.consensu.org 'self' *.sharethis.com drive.google.com *.wufoo.com *.paypal.com *.braintreegateway.com *.dnky.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com hello.zonos.com js.klevu.com *.paypal.com cdn.datamanager.arinet.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.affirm.com *.gstatic.com www.google.com *.sharethis.com *.wufoo.com *.linkedin.com *.licdn.com js.klevu.com hello.zonos.com cdn.iglobalstores.com assets.shipperhq.com *.paypal.com *.trackedlink.net *.dnky.co js-agent.newrelic.com bam.nr-data.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com 'self' *.sharethis.com *.licdn.com js.klevu.com assets.shipperhq.com *.dnky.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.adroll.com *.doubleclick.net 'self' *.sharethis.com hello.zonos.com rms.shipperhq.com wss://rms.shipperhq.com *.braintree-api.com *.paypal.com *.braintreegateway.com *.dotdigital.com *.ksearchnet.com bam.nr-data.net maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com wss://rms.shipperhq.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
report-to *.usercentrics.eu; font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://widgets.trustedshops.com *.fontawesome.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.usercentrics.eu 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ js.mollie.com *.usercentrics.eu *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://images.unsplash.com *.googleapis.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://www.mollie.com *.usercentrics.eu https://admin.helikon-tex.com *.etrusted.com *.googlesyndication.com *.google.pl *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com *.googleapis.com *.gstatic.com applepay.cdn-apple.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.avada.io js.mollie.com *.usercentrics.eu https://id1247.entirem.com *.cloudflareinsights.com *.trustedshops.com *.clarity.ms https://mailing.entirem.com *.ahrefs.com *.crazyegg.com *.gr-cdn.com *.gr-wcon.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com applepay.cdn-apple.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.fontawesome.com *.usercentrics.eu *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://get.geojs.io *.avada.io *.usercentrics.eu https://id1247.entirem.com *.cloudflareinsights.com *.frankfurter.app *.doubleclick.net *.clarity.ms *.getresponse.com *.ahrefs.com *.crazyegg.com *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://*.greenbone.net https://www.cloud.ccm19.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt https://www.googleadservices.com https://bat.bing.com; default-src 'none'; font-src 'self' data:; frame-src 'self' https://www.googletagmanager.com https://www.cloud.ccm19.de https://bid.g.doubleclick.net; img-src 'self' data: blob: https://mautic.greenbone.net https://www.cloud.ccm19.de https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt https://bat.bing.com; script-src 'self' 'unsafe-inline' https://www.cloud.ccm19.de https://matomo.greenbone.net https://*.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://bat.bing.com https://app.varify.io; style-src 'self' 'unsafe-inline' https://www.cloud.ccm19.de; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: p.typekit.net static.klaviyo.com libs.intiaro.com likeshop.me data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.certcapture.com https://webchat.mitel.io https://*.nice-incontact.com https://cxone.niceincontact.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.googleapis.com cdn.metalocator.com cdn.brandfolder.io log.pinterest.com cdn.cookielaw.org https://images.dashsocial.com https://likeshop.me https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.gstatic.com *.googleapis.com use.fontawesome.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net code.metalocator.com assets.pinterest.com libs.intiaro.com cdn.dashhudson.com cdn.cookielaw.org sec.webeyez.com js.hellomedian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://webchat.mitel.io https://*.nice-incontact.com https://cxone.niceincontact.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://js-agent.newrelic.com https://cdn.visenze.com https://home-c61.nice-incontact.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.gstatic.com *.googleapis.com use.fontawesome.com use.typekit.net p.typekit.net libs.intiaro.com https://static.klaviyo.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com *.gstatic.com *.googleapis.com bam.nr-data.net bam-cell.nr-data.net analytics.data.visenze.com api.likeshop.me search.visenze.com kravet.prinpay.com wss://wss.public-api.intiaro.com cdn.cookielaw.org hlg.tokbox.com wss://socket.hellomedian.com app.hellomedian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /_csp/report; report-to report-endpoint; 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://d49023f3-8b11-4d8b-8a77-0cdf17bda398.sansec.watch/; report-to report-endpoint; 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self' https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'report-sample' 'self' https://s.go-mpulse.net https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' https://fonts.googleapis.com; worker-src 'none' 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.fr/api/csp-report; report-to csp-endpoint 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src * wss:; frame-src *; object-src *; 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.getalma.eu https://nominatim.openstreetmap.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' 'sha256-weogirlFgf2zfcYnMLiYLPFr1r8OlrcBmVkaXQ8/gr0=' 'sha256-hS1/d+uUuGe2Mab9hgGLbBcUpyHsASPtZlMP4ltEqdw=' 'sha256-ag96uDBR0oaIFczIQpabSozMTX7FZqwDo49K145MLFM=' 'sha256-ioYOEdGxe3k+hlzlsPm7DH8J2ihJoqGHOZ3NVrP0+KI=' 'sha256-OhHDlbnyDzZxZZU4kC8yaxqyRy4W9QoCDZOlHZDARgw=' 'sha256-xeobZ+06OCHR4HV3IGWhxWQ1pCyS5/9lhVEntjRCVAo=' 'nonce-NWRkYzg2MDBiYzM4OWQ3ZjY4NTRlNTcyNjc1MDE3YjJiZjI0YTdmOTdmN2VhMTY2MmQzZDBlMGNhYTg0N2E1MmQ5ZTg4YTJkYzVjM2UxYWU1MDlmYTRkMWE5ZGYwNDYxYzM3OWJhOTU0NjkzMmEzN2QzNDE2MmUxYmQxOWNmZjY=' 'self'; default-src 'self'; style-src 'sha256-xfi4cYsS7hWgjngpxpAvZTzj0DgRlUyoK77Bd+K2cuU=' 'sha256-ACHhjgOUuuyZySynlo+/Daurh4OiGc72PUDKH/XpFig=' 'sha256-bi7MTSKU3Fl7fe49BKA7nGtusJUBoUq6SdekJTz5nbQ=' 'sha256-jhO7MO7YAg0TLGTsluDJxzUM1Prn0dVd2mCuXK4Iugw=' 'sha256-71QAxCwq8RiThmnhSaiRBHeIt1ZeSKEmaoxieaZoYQc=' 'sha256-KBn0GSvWilHx7S+9fBz2bvN4kTXtWgzsefl3t16obJ4=' 'sha256-VvGbc5uc0VF+mSJCrqOZzX2tZY9gtbQDhs25w0MZMSs=' 'sha256-Ao6jE25UXUIRTfYn+cZ7FyEhN8Oqp93b7rDOxc7rx7o=' 'sha256-JJ3nwoTh8hUvTxwhTGEBGb1U1UbZuzjLzrqWZ8eP/pE=' 'sha256-0exl01RrkLKiyGSJEXwuUd47SZq8ZgrB03RNMJ3mEGA=' 'sha256-igtFAPFL5WVIIkl0KHcbdsk+saJpmz+AZYJBAG4FDBg=' 'sha256-6KigPIoBL0TmJWS4G5SUFk7bIGyl5FRn/1la0iTMMqU=' 'sha256-VFSNO+uz5RUBijCMEpM3I6Fc7orcCJPSXhq9xfLuQX4=' 'sha256-X11QMsuRjV/87y7Qxon5uoKI0swiIRW8IcITsMrGILE=' 'sha256-TP9uPznGcYkOScVXXihEQuKezOeUhN1OYBNa3h6piuQ=' 'sha256-x/fY75judYUbWYvafhMZVdK4MNLjlbF1953L82LgMr0=' 'sha256-Q+5na10OvLjb+FlkcxA6XrZNx5N96Wpl7HWy6LolM44=' 'sha256-nCC+XAHWtfbgggChp6PqZ3Ln0iVCBi1iMjVS6ZvYhAI=' 'nonce-NWRkYzg2MDBiYzM4OWQ3ZjY4NTRlNTcyNjc1MDE3YjJiZjI0YTdmOTdmN2VhMTY2MmQzZDBlMGNhYTg0N2E1MmQ5ZTg4YTJkYzVjM2UxYWU1MDlmYTRkMWE5ZGYwNDYxYzM3OWJhOTU0NjkzMmEzN2QzNDE2MmUxYmQxOWNmZjY=' 'self'; connect-src 'self'; frame-src 'self'; img-src 'self'; frame-ancestors 'none' 1
default-src 'self'; connect-src 'self' pdfconvertertools.com *.pdfconvertertools.com *.google.com *.youtube.com *.facebook.com *.amazon.com sentry-cdn.com *.ingest.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: pdfconvertertools.com *.pdfconvertertools.com *.google.com *.youtube.com *.facebook.com *.amazon.com cdnjs.cloudflare.com js.sentry-cdn.com *.sentry-cdn.com chrome-extension: *.googletagmanager.com *.doubleclick.net *.googleadservices.com; style-src 'self' 'unsafe-inline' pdfconvertertools.com fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; media-src 'self' data: blob:; img-src 'self' data: https: chrome-extension: pdfconvertertools.com *.pdfconvertertools.com *.google.com *.youtube.com *.facebook.com *.amazon.com storage.googleapis.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com; frame-src 'self' pdfconvertertools.com *.pdfconvertertools.com *.google.com *.youtube.com *.facebook.com *.amazon.com *.googletagmanager.com *.doubleclick.net; report-uri /csp-report 1
default-src 'self' https:; connect-src 'self' https: wss:; script-src 'unsafe-inline' 'self' https:; worker-src blob:; style-src 'unsafe-inline' 'self' https:; object-src 'none'; img-src 'self' data: https:; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: code.ionicframework.com maxcdn.bootstrapcdn.com media.flixfacts.com media.flixcar.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com media.flixcar.com *.zdassets.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com gateway.apaylater.com gateway.atome.sg media.flixcar.com *.flix360.com *.flix360.io 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ gateway.apaylater.com gateway.atome.sg static.hotjar.com cdnjs.cloudflare.com js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com media.flixcar.com media.flixfacts.com *.zendesk.com *.zdassets.com *.outbrain.com www.datadoghq-browser-agent.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com gateway.apaylater.com gateway.atome.sg code.ionicframework.com *.freshchat.com maxcdn.bootstrapcdn.com media.flixcar.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com bam-cell.nr-data.net *.google-analytics.com media.flixcar.com *.zendesk.com *.zdassets.com *.outbrain.com *.datadoghq.com browser-intake-datadoghq.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src self; connect-src self; default-src self; font-src self; img-src self; manifest-src self; media-src self; prefetch-src self; object-src self; script-src 'strict-dynamic' 'sha256-SR8bN339OMynNJtiOzokEXzJnun61AQRM3sZP6Vm+M4=' 'sha256-q3zEDUi6jsrAJ7yXcvfYY8d0Of1fXCLY/i1LV+xLmM8=' 'nonce-YzM5ZTQ3NjY0YTg2YTMzOWI3OTZkOGI3YmY5MGRkZGJkYTJiZGZjNzE0ZDQxZTg4NDA4ZWEwZDIzNjdhY2I5YzViNjc4NzZhOTMzODE1YzJhMDZjNjkzMTdlMzJhYmQxOTMwOTc1YzQxMzZkMjVjZTBhNjJlMDUxNGU2NWQ5MzM=' self; style-src  'nonce-YzM5ZTQ3NjY0YTg2YTMzOWI3OTZkOGI3YmY5MGRkZGJkYTJiZGZjNzE0ZDQxZTg4NDA4ZWEwZDIzNjdhY2I5YzViNjc4NzZhOTMzODE1YzJhMDZjNjkzMTdlMzJhYmQxOTMwOTc1YzQxMzZkMjVjZTBhNjJlMDUxNGU2NWQ5MzM=' self; worker-src self; frame-ancestors 'self' 1
default-src *.emersya.com emersya.com 'self'; script-src  'unsafe-inline' *.vimeocdn.com *.emersya.com cdn-cookieyes.com *.hubspot.com yoast.com js-eu1.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.hsforms.net 146805878.hs-sites-eu1.com *.hsappstatic.net google.com beacon-v2.helpscout.net www.gstatic.com cdnjs.cloudflare.com 'self' blob:; connect-src yoast.com my.yoast.com cdn-cookieyes.com *.cookieyes.com *.emersya.com *.hubspot.com *.hscollectedforms.net d3hb14vkzrxvla.cloudfront.net *.mixpanel.com 'self'; img-src *.w.org *.gravatar.com *.vimeocdn.com emersya.com *.emersya.com *.hubspot.com *.hsforms.com static.hsappstatic.net cdn-cookieyes.com assets.elementor.com 'self' data:; style-src  'unsafe-inline' emersya.com *.emersya.com *.vimeocdn.com designsystem.brevo.com fonts.googleapis.com 'self';  media-src *.vimeocdn.com 'self';frame-src emersya.com *.emersya.com player.vimeo.com 146805878.hs-sites-eu1.com *.hsforms.net *.hubspot.com google.com 'self'; font-src emersya.com *.emersya.com designsystem.brevo.com fonts.gstatic.com 'self' data:; report-to csp-endpoint 1
default-src 'self' *.typekit.net *.googletagmanager.com *.bootstrapcdn.com *.google.com *.google-analytics.com *.facebook.com *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.quantserve.com https://rules.quantcount.com *.cloudflare.com *.basis.net *.doubleclick.net *.optimizely.com https://cdn.optimizely.com *.calendly.com *.tailwindcss.com *.jsdelivr.net *.gstatic.com *.google-analytics.com *.crazyegg.com *.facebook.net *.simpli.fi *.google.com *.googleapis.com *.googletagmanager.com https://code.jquery.com *.cdn4dd.com https://drive-widget.cdn4dd.com *.tribalfusion.com; connect-src 'self' *.cheetahedp.com *.crazyegg.com *.google-analytics.com *.google.com *.typekit.net *.gstatic.com *.doubleclick.net https://pixel.quantserve.com *.quantserve.com *.optimizely.com https://logx.optimizely.com; frame-src 'self' *.googletagmanager.com calendly.com *.calendly.com *.gstatic.com *.google.com *.doubleclick.net https://pixel-sync.sitescout.com *.sitescout.com *.optimizely.com https://a12600010354.cdn.optimizely.com; font-src 'self' data: *.deltaco.com *.gstatic.com *.bootstrapcdn.com *.typekit.net https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.calendly.com *.googleapis.com https://fonts.googleapis.com *.typekit.net www.googletagmanager.com maxcdn.bootstrapcdn.com; img-src 'self' https: data: *.quantserve.com *.sitescout.com; report-to csp-endpoint 1
worker-src blob: 'self' *.noibu.com wss://*.noibu.com; font-src fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://hpp.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://secure-test.worldpay.com/shopper/3ds/ddc.html https://secure.worldpay.com/shopper/3ds/ddc.html https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://pay.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://pay.google.com https://secure-test.worldpay.com https://hpp.worldpay.com/ *.yotpo.com www.xtento.com *.fls.doubleclick.net *.worldpay.com *.trustarc.com sdx.microsoft.com *.googleapis.com *.google.com blob: *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.dam.wexup.com fidelitepro.screwfix.fr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.dycdn.net *.cloudflare.com *.gstatic.com *.yotpo.com www.xtento.com cdn.xtento.com *.googleapis.com https://*.ggpht.com media.screwfix.fr media.screwfix.eu consent.trustarc.com *.doubleclick.net *.contentsquare.net *.postcodeanywhere.co.uk yotpo-editor-production.s3.amazonaws.com sp.analytics.yahoo.com s.yimg.com p1.zemanta.com *.googletagmanager.com *.googleusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bing.com *.microsoft.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com cdn.optimizely.com *.tealiumiq.com *.facebook.com *.facebook.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com https://www.google.com/recaptcha/api.js www.gstatic.com cdnjs.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js *.yotpo.com *.sdiapi.com www.xtento.com cdn.xtento.com *.googleapis.com storage.googleapis.com consent.trustarc.com js-agent.newrelic.com bam.nr-data.net tags.tiqcdn.com www.res-x.com *.googletagmanager.com unsafe-inline t.contentsquare.net app.contentsquare.com payments.worldpay.com *.pcapredict.com services.postcodeanywhere.co.uk www.google.com *.contentsquare.net *.truste.com sp.analytics.yahoo.com s.yimg.com js-tag.zemanta.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat region1.google-analytics.com bat.bing.com r.bing.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com strict-dynamic *.confirmit.com *.creativecdn.com *.tealiumiq.com *.facebook.com *.facebook.net *.noibu.com wss://*.noibu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net cdnjs.cloudflare.com https://fonts.googleapis.com/css *.yotpo.com *.googleapis.com payments.worldpay.com services.postcodeanywhere.co.uk *.bing.com *.dwin1.com *.awin1.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com *.hub-box.com https://www.google.com/pay https://pay.google.com/gp/p/web_manifest.json https://pay.google.com/gp/p/payment_method_manifest.json https://pay.google.com/ https://google.com/pay *.worldpay.com https://hpp.worldpay.com/app/hpp/135-0/telemetry https://hpp.worldpay.com/app/hpp/135-0/payment/paypalsmartbutton/continue https://payments.worldpay.com/app/hpp/135-0/telemetry/iframe *.yotpo.com *.sdiapi.com *.googleapis.com stats.g.doubleclick.net bam.nr-data.net *.contentsquare.net media.screwfix.fr *.postcodeanywhere.co.uk sp.analytics.yahoo.com s.yimg.com *.bing.com wss://*.bing.com region1.google-analytics.com *.analytics.google.com *.sciencebehindecommerce.com *.google.com *.google.co.uk *.optimizely.com *.creativecdn.com *.confirmit.com *.tealiumiq.com *.facebook.com *.facebook.net *.noibu.com wss://*.noibu.com 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e90dc890-c7f3-4322-adbb-3a37b4df98b3.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.klevu.com *.ksearchnet.com https://script.hotjar.com https://fonts.gstatic.com https://embed.tawk.to https://*.tawk.to https://i5.walmartimages.com https://use.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.canadapost.ca https://sso.epost.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com * api.bazaarvoice.com stg.api.bazaarvoice.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com https://*.tawk.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com www.xtento.com https://vars.hotjar.com https://testsecureacceptance.cybersource.com https://secureacceptance.cybersource.com https://testflex.cybersource.com https://*.tawk.to c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.ddlnk.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.gstatic.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com magefan.com cm.magefan.com https://maps.gstatic.com https://www.google.com https://www.google.ca https://stats.g.doubleclick.net https://tools.applemediaservices.com https://aq.flippenterprise.net https://f.wishabi.net https://cdn.flippenterprise.net https://apple-resources.s3.amazonaws.com https://*.tawk.to *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://www.googletagmanager.com maps.googleapis.com developers.google.com *.googleapis.com *.gstatic.com https://rum.hlx.page www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net https://static.hotjar.com https://kent-esengage.live.exchangesolutions.com https://cdn.jsdelivr.net https://embed.tawk.to https://*.tawk.to https://a.omappapi.com https://aq.flippenterprise.net *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://js.klevu.com https://kent.ca 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com display.ugc.bazaarvoice.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://a.omappapi.com https://embed.tawk.to https://*.tawk.to https://aq.flippenterprise.net https://use.typekit.net https://p.typekit.net assets.braintreegateway.com *.gstatic.com https://js.klevu.com https://kent.ca 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com https://api.omappapi.com https://maps.googleapis.com https://va.tawk.to https://embed.tawk.to https://*.tawk.to wss://*.tawk.to https://aq.flippenterprise.net https://dam.flippenterprise.net https://app.launchdarkly.com https://region1.analytics.google.com https://cdn-gateflipp.flippback.com https://p.flipp.com https://events.launchdarkly.com https://google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'none'; report-uri https://o225139.ingest.us.sentry.io/api/4508413967400960/security/?sentry_key=3e448f8df21f7ffe3ceda28e5ae1b362&sentry_environment=PRODUCTION; script-src 'unsafe-eval' 'strict-dynamic' 'report-sample' 'unsafe-hashes' 'sha256-lo7ZdP6kFds+wf1WMWvn7MhcFVFJV44kAXODRevzRZ8=' 'sha256-rRMdkshZyJlCmDX27XnL7g3zXaxv7ei6Sg+yt4R3svU=' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'nonce-58JtBEyDujAIZWvTTNaJ4A==' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.versapay.com *.paynup.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.twitter.com *.paynup.com *.versapay.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.certcapture.com *.amazonaws.com *.google.co.in t.co.in t.co *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com *.trackedlink.net magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.certcapture.com *.ads-twitter.com *.pinimg.com *.qualtrics.com *.hotjar.com *.pinterest.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.pinterest.com *.googleapis.com *.qualtrics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net wss://ws.hotjar.com *.google.co.in *.cloudflare.com *.twitter.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/magento_os/; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://www.geelongadvertiser.com.au/csp-reports 1
font-src https://fonts.gstatic.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnaservices.com *.klarnacdn.net *.klarna.com *.addsauce.com *.fontawesome.com *.bootstrapcdn.com *.funky-buddha.com *.cloudfront.net fonts.googleapis.com skroutza.skroutz.gr data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.vivapayments.com skroutza.skroutz.gr *.modirum.com *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.klarnacdn.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: connect.facebook.net graph.facebook.com business.facebook.com *.contactpigeon.com *.bestprice.gr *.googletagmanager.com *.cookiebot.com *.grxchange.gr *.criteo.com *.skroutz.gr skroutza.skroutz.gr https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.plenigo.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.addsauce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.designer-images.net *.bestprice.gr *.visualwebsiteoptimizer.com *.cloudflarestream.com *.rubiconproject.com *.smartadserver.com *.funky-buddha.com *.sharethrough.com *.casalemedia.com *.postrelease.com *.unrulymedia.com *.servenobid.com *.cookiebot.com *.bidswitch.net *.mediavine.com *.omnitagjs.com *.tremorhub.com *.linkedin.com *.outbrain.com *.360yield.com *.pubmatic.com *.yieldlab.net *.ivitrack.com *.taboola.com *.yieldmo.com *.demdex.net *.criteo.com *.google.gr *.3lift.com *.media.net *.adnxs.com *.teads.tv *.bing.com *.glami.gr *.emxdgt.com id5-sync.com trustmark.gr *.1rx.io *.e-satisfaction.com glamipixel.com fonts.googleapis.com skroutza.skroutz.gr blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.playground.klarnaservices.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.funky-buddha.com *.addsauce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.vivapayments.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.avada.io *.stat-track.com polyfill.io *.moosend.com *.bestprice.gr *.visualwebsiteoptimizer.com *.googleoptimize.com *.googleapis.com *.cookiebot.com *.socital.com *.eyefitu.com *.simpler.so *.skroutz.gr *.hotjar.com *.clarity.ms *.criteo.com *.tiktok.com *.linkwi.se *.licdn.com glamipixel.com *.adman.gr *.bing.com trustmark.gr self data: snapppt.com *.e-satisfaction.com cdn.simpler.so sdk.local.simpler.so skroutza.skroutz.gr https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.klarna.com *.addsauce.com *.findbar.io *.fontawesome.com *.moosend.com *.bootstrapcdn.com *.bestprice.gr *.contactpigeon.com *.funky-buddha.com *.cloudfront.net *.myfonts.net *.e-satisfaction.com skroutza.skroutz.gr https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.funky-buddha.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.findbar.io blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.playground.klarnaservices.com *.playground.klarnaevt.com *.klarnaservices.com *.addsauce.com *.klarnacdn.net *.klarna.com *.klarnaevt.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com *.googlesyndication.com *.monitor.azure.com *.visualstudio.com *.funky-buddha.com *.googleapis.com *.cookiebot.com *.linkedin.com *.bestprice.gr *.socital.com *.eyefitu.com *.simpler.so *.criteo.com *.clarity.ms *.hotjar.io *.bing.com wss: *.e-satisfaction.com button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so fonts.googleapis.com skroutza.skroutz.gr https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src *.funky-buddha.com *.clarity.ms *.criteo.net *.google.com *.tiktok.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com https://static.payzen.eu/static/ https://fonts.gstatic.com *.fontawesome.com *.typekit.net https://static.lyra.com/static/ maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.facebook.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ *.avis-verifies.com *.botnation.ai *.doubleclick.net *.facebook.com *.googletagmanager.com *.hotjar.com *.zenaps.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ *.myspectro.io *.kxcdn.com *.weltpixel.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de axeptio.imgix.net https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org *.avis-verifies.com *.awin1.com *.bing.com *.clarity.ms *.facebook.com *.google.com *.analytics.google.com *.lacompagniedesanimaux.com *.netreviews.eu *.twgdns.com *.zenaps.com *.youtube.com *.vumbnail.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ https://www.mollie.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.axept.io https://cdnjs.cloudflare.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.plugins.emarsys.net *.scarabresearch.com widget.freshworks.com m2epro.freshdesk.com *.avis-verifies.com *.bing.com *.botnation.ai *.clarity.ms *.doubleclick.net *.dwin1.com *.facebook.net *.analytics.google.com *.hotjar.com *.iadvize.com *.newrelic.com *.nr-data.net *.remisesetprivileges.fr *.roeyecdn.com *.sciencebehindecommerce.com *.skeepers.io *.twenga.fr *.zdassets.com *.zenaps.com assets.emarsys.net https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.myspectro.io *.kxcdn.com s.kk-resources.com js.mollie.com *.googletagmanager.com *.googleadservices.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.payzen.eu/static/ widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.botnation.ai *.jsdelivr.net *.typekit.net https://static.lyra.com/static/ maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.axept.io client.axept.io https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.scarabresearch.com *.eservice.emarsys.net widget.freshworks.com m2epro.freshdesk.com *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud https://nominatim.openstreetmap.org *.botnation.ai *.clarity.ms *.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.iadvize.com *.nr-data.net *.remisesetprivileges.fr *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ *.myspectro.io *.kxcdn.com s.kelkoogroup.net *.hotjar.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net st.softgamings.com cdn.livechatinc.com www.google.com api.livechatinc.com www.gstatic.com snap.licdn.com bat.bing.com connect.facebook.net mc.yandex.ru www.clarity.ms scripts.clarity.ms consent.cookiebot.com *.softgamings.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com st.softgamings.com *.softgamings.com; font-src 'self' fonts.gstatic.com st.softgamings.com data: *.softgamings.com; img-src 'self' data: https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net st.softgamings.com www.facebook.com www.google.ru px.ads.linkedin.com cdn.files-text.com secure.gravatar.com agstatic.com bat.bing.com www.googletagmanager.com *.softgamings.com images.dmca.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.google.com https://px.ads.linkedin.com wss://mc.yandex.ru https://z.clarity.ms https://v.clarity.ms https://mc.yandex.ru *.softgamings.com https://hooks.slack.com https://bat.bing.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://cdn.livechatinc.com https://secure.livechatinc.com https://mc.yandex.ru https://www.clarity.ms *.softgamings.com https://www.youtube.com/ https://consentcdn.cookiebot.com https://bid.g.doubleclick.net; media-src 'self' https://video.softgamings.com *.softgamings.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://tr.snapchat.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.ringcentral.com wss://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://storyboard.storystream.ai https://content.storystream.ai https://*.abtasty.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://apps.storystream.ai https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://sgtm.www.berghaus.com https://*.ometria.com https://www.berghaus.com/e2/ds/relay https://horizon-api.www.berghaus.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://m.berghaus.com https://checkout.berghaus.com https://www.berghaus.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://*.ringcentral.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai blob: https://*.abtasty.com https://*.googleapis.com https://ucarecdn.com https://sgtm.www.berghaus.com https://*.upsellit.com https://*.ometria.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://*.ometria.com https://s1.thcdn.com; report-to report-endpoint; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-web.zinio.com https://js-agent.newrelic.com https://*.nr-data.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://cdn.jsdelivr.net https://recaptcha.net https://www.gstatic.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://apis.google.com https://accounts.google.com/gsi/client https://*.kaptcha.com;style-src 'self' 'unsafe-inline' https://*.audiencemedia.com data: https://use.fontawesome.com https://accounts.google.com/gsi/style;img-src 'self' data: blob: https://*.ziniopro.com https://*.audiencemedia.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.paypal.com https://*.braintreegateway.com https://discover.zinio.com https://sleeknotestaticcontent.sleeknote.com https://analytics.sleeknote.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.kaptcha.com;media-src 'self';connect-src 'self' webpack: https://*.audiencemedia.com https://*.ziniopro.com https://*.nr-data.net https://googleads.g.doubleclick.net https://adservice.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://cdn.jsdelivr.net https://*.braintree-api.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://*.googletagmanager.com https://collector.datacloud.zinio.com https://cdnjs.cloudflare.com https://analytics.sleeknote.com https://fonts.googleapis.com https://images.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://sleeknotecustomerscripts.sleeknote.com https://sdk.iad-07.braze.com https://use.fontawesome.com https://accounts.google.com/gsi/ https://*.kaptcha.com collector.datacloud.zinio.com;font-src 'self' https://*.audiencemedia.com https://fonts.gstatic.com https://sleeknotestaticcontent.sleeknote.com https://use.fontawesome.com;frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://*.paypal.com https://*.braintreegateway.com https://recaptcha.net https://*.sleeknote.com https://accounts.google.com/gsi/;frame-ancestors 'none';child-src 'self' https://*.kaptcha.com 1
default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'strict-dynamic' 'nonce-TQ/XQ6L3qIUUXtnC7Q+J1KrUsTmsx0PTyPmomO7t8tc='; connect-src 'self' https://vitruv.uni-tuebingen.de https://services.dnb.de; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://*.tile.osm.org https://*.tile.osm.org https://services.dnb.de; font-src 'self'; base-uri 'self'; frame-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-aHf1R1PKw30nOtTmVSTYSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-mj_FyuNIRS6hD96V11cAMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://cdn.livechatinc.com https://secure.livechatinc.com https://fonts.google.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.livechatinc.com https://widget.trustpilot.com https://consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://app-wallee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.amazonaws.com maps.gstatic.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://cdn.livechat-files.com/ https://bat.bing.com https://www.google.co.uk https://s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://app-wallee.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://widget.trustpilot.com https://bat.bing.com https://script.thisisbeacon.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://app-wallee.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ws.postcoder.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com https://v5api.thisisbeacon.com https://consentcdn.cookiebot.com https://bam.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://app-wallee.com https://assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-nZuwSKFVpI-nGuojzyTQWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://www.googletagmanager.com/ platform.twitter.com secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com https://extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com pinterest.com assets.pinterest.com syndication.twitter.com https://img.youtube.com flagpedia.net moogento.com *.moogento.com *.livechatinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com widget.freshworks.com m2epro.freshdesk.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net cdn.jsdelivr.net twitter.com platform.twitter.com *.gstatic.com maps.googleapis.com l2.moogento.com cdn1.affirm.com sdk.helloextend.com cdn.livechatinc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com widget.freshworks.com m2epro.freshdesk.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com *.livechatinc.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e4d51802-a473-4ed1-8641-fab46596696a.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://*.googletagmanager.com   https://www.google.com https://www.gstatic.com   https://webforms.pipedrive.com https://cdn.cmh-1.pipedriveassets.com https://cdn.was-1.pipedriveassets.com   https://client.crisp.chat   https://static.hotjar.com https://script.hotjar.com   https://use.typekit.net   https://cdn-cookieyes.com; connect-src 'self'   https://*.googletagmanager.com   https://www.google.com https://www.gstatic.com   https://client.crisp.chat wss://client.relay.crisp.chat   https://api.weglot.com   https://cdn-cookieyes.com https://log.cookieyes.com   https://vc.hotjar.io   https://stats.g.doubleclick.net; frame-src 'self'   https://www.google.com   https://webforms.pipedrive.com   https://*.googletagmanager.com   https://www.youtube.com https://www.youtube-nocookie.com   https://datastudio.google.com https://lookerstudio.google.com; img-src 'self' data: https:   https://image.crisp.chat   https://img.youtube.com; style-src 'self' 'unsafe-inline'   https://client.crisp.chat   https://use.typekit.net https://p.typekit.net; font-src 'self' data: https: https://use.typekit.net; object-src 'none'; 1
default-src 'none'; img-src 'self' https: ; script-src 'self' https: ; style-src 'self'; object-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-tVX8h9VKyjpIzZcaomh2_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com cdn1.stamped.io stamped.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.doubleclick.net consentcdn.cookiebot.com bat.bing.com www.googletagmanager.com hose.gardeningexpress.co.uk pipe.gardeningexpress.co.uk consent.cookiebot.com pixel.thoughtmetric.io www.clarity.ms stats.g.doubleclick.net www.google.com www.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn1.stamped.io stamped.io www.google.com.ua magefan.com cm.magefan.com mageside.com flagpedia.net cdn.stamped.io www.ojrq.net *.clarity.ms *.bing.com *.cookiebot.com help.gardeningexpress.co.uk/ www.google.de www.google.co.uk bat.bing.com hose.gardeningexpress.co.uk fonts.gstatic.com bat.bing.net https://pipe.gardeningexpress.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.trustpilot.com cdn1.stamped.io stamped.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com *.newrelic.com consent.cookiebot.com ajax.googleapis.com bat.bing.com pagead2.googlesyndication.com pipe.gardeningexpress.co.uk pixel.thoughtmetric.io www.clarity.ms stats.g.doubleclick.net www.gstatic.com https://pipe.gardeningexpress.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.trustpilot.com cdn1.stamped.io stamped.io *.stripe.network *.stripecdn.com *.amazon.com *.addtoany.com maxcdn.bootstrapcdn.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://gardeningexpress.us12.list-manage.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com http://dpm.demdex.net www.gstatic.com maps.googleapis.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com pagead2.googlesyndication.com gardeningexpress.pxf.io *.doubleclick.net *.google.com bat.bing.com hose.gardeningexpress.co.uk google.com bat.bing.net pipe.gardeningexpress.co.uk consent.cookiebot.com pixel.thoughtmetric.io www.clarity.ms data.thoughtmetric.io stats.g.doubleclick.net www.google.com https://pipe.gardeningexpress.co.uk 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://stats.g.doubleclick.net; connect-src 'self' https: wss: data: https://www.facebook.com https://graph.facebook.com https://*.nr-data.net https://bam.nr-data.net https://bam.eu01.nr-data.net https://js-agent.newrelic.com https://www.bpp.com https://*.google-analytics.com http://*.google-analytics.com https://pro.ip-api.com/json https://*.analytics.google.com http://*.analytics.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net https://*.doubleclick.net https://tpc.googlesyndication.com https://*.onetrust.com https://pagead2.googlesyndication.com https://bat.bing.com http://bat.bing.com https://bat.bing.net http://bat.bing.net https://u.clarity.ms https://*.clarity.ms https://px.ads.linkedin.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://secure.leadforensics.com https://*.agile-company-365.com https://*.igodigital.com https://connect.facebook.net https://www.facebook.net http://www.facebook.net http://www.facebook.com https://snap.licdn.com https://www.google-analytics.com https://cdn.mouseflow.com https://*.mouseflow.com wss://*.mouseflow.com https://aiden.learnwise.ai https://*.learnwise.ai https://tags.srv.stackadapt.com http://tags.srv.stackadapt.com https://*.usbrowserspeed.com https://*.salesforceliveagent.com https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com https://analytics.tiktok.com http://analytics.tiktok.com https://analytics-ipv6.tiktokw.us http://analytics-ipv6.tiktokw.us https://pixels.spotify.com http://pixels.spotify.com; font-src 'self' data: https://fonts.gstatic.com https://*.cdn.office.net https://use.typekit.net https://use.typekit.com https://fonts.googleapis.com https://cdn.mouseflow.com https://www.bpp.com; frame-src 'self' data: https://www.youtube-nocookie.com https://www.youtube.com https://*.fls.doubleclick.net http://*.fls.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://*.doubleclick.net https://adservice.google.com https://chat.learnwise.ai https://*.learnwise.ai https://match.adsrvr.org https://www.google.com https://www.datocms-assets.com https://*.opendns.com https://*.deferrerstrust.com https://*.safeframe.googlesyndication.com http://*.safeframe.googlesyndication.com https://consentcdn.cookiebot.com https://www.googleadservices.com https://*.id.opendns.com http://*.id.opendns.com; img-src 'self' https: data: blob: https://*.cloudfunctions.net https://www.google-analytics.com https://www.facebook.com http://www.facebook.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://pagead2.googlesyndication.com http://pagead2.googlesyndication.com https://ad.doubleclick.net http://ad.doubleclick.net https://*.onetrust.com https://www.googleadservices.com https://www.googletagmanager.com https://ade.googlesyndication.com https://tpc.googlesyndication.com https://c.clarity.ms https://px.ads.linkedin.com https://*.doubleclick.net https://bat.bing.com http://bat.bing.com https://bat.bing.net http://bat.bing.net https://c.bing.com https://pixel.byspotify.com http://pixel.byspotify.com https://*.igodigital.com https://www.datocms-assets.com https://*.mouseflow.com https://www.bpp.com; media-src 'self' https: data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 'nonce-MTQ3OGNhMGEtNTJiNS00OTdiLTllZjItOTY5ZTVmZmRlNTgx' 'strict-dynamic' http: https: https://js-agent.newrelic.com https://bam.nr-data.net https://bam.eu01.nr-data.net https://www.bpp.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://connect.facebook.net https://*.onetrust.com http://*.onetrust.com https://bat.bing.com http://bat.bing.com https://bat.bing.net http://bat.bing.net https://snap.licdn.com https://secure.agile-company-365.com https://*.agile-company-365.com https://px.ads.linkedin.com https://www.clarity.ms https://*.clarity.ms https://www.clarity.com https://ts.clarity.com https://v.clarity.com https://ad.doubleclick.net https://*.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://secure.leadforensics.com https://pixel.byspotify.com https://*.igodigital.com https://*.infinity-tracking.com https://cdn.mouseflow.com https://aiden.learnwise.ai https://*.learnwise.ai https://tags.srv.stackadapt.com https://*.usbrowserspeed.com https://*.salesforceliveagent.com; style-src 'self' 'unsafe-inline' blob: data: * https://fonts.googleapis.com https://aiden.learnwise.ai https://*.learnwise.ai; upgrade-insecure-requests; report-uri https://o4508693778268160.ingest.de.sentry.io/api/4509629814800465/security/?sentry_key=7af8eb49226dd30e4cc31a2e2f6ea5cc; 1
default-src 'self' https: 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.beautysuccess.fr fonts.googleapis.com googleapis.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.weltpixel.com *.hipay-tpp.com *.hipay.com *.googleapis.com https://www.youtube.com https://form.typeform.com libs.hipay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.hipay.com *.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.beautysuccess.fr maps.googleapis.com googleapis.com maps.gstatic.com *.openstreetmap.org api.maptiler.com magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com https://www.googletagmanager.com tagmanager.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.beautysuccess.fr *.googletagmanager.com maps.googleapis.com googleapis.com api.socloz.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.hipay.com *.googleapis.com tagmanager.google.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.beautysuccess.fr googleapis.com libs.hipay.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com https://www.google-analytics.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.beautysuccess.fr api.maptiler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.bglobale.com *.global-e.com assets.reviews.io applepay.cdn-apple.com *.amazonaws.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.adyen.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.bglobale.com *.global-e.com www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com https://t.pepperjamnetwork.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://*.gstatic.com *.adyen.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com www.xtento.com cdn.xtento.com assets.reviews.io www.google.co.uk *.amazonaws.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://shareasale.com/sale.cfm https://track.linksynergy.com https://www.bizrate.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com https://track.webgains.com https://prf.hn https://track.flexlinks.com https://scripts.affiliatefuture.com https://t.powerreviews.com https://match.sharethrough.com https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://jadserve.postrelease.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://ps.eyeota.net https://public-prod-dspcookiematching.dmxleo.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cc-cdn.com *.bglobale.com *.global-e.com www.xtento.com cdn.xtento.com app.termly.io widget.reviews.io js-agent.newrelic.com ajax.cloudflare.com static.cloudflareinsights.com ipinfo.io websdk.appsflyer.com ct.pinterest.com www.dwin1.com *.amazonaws.com api.uk.exponea.com tag.mention-me.com c0.adalyser.com joani11112.pcapredict.com joaniedev-1.store.advancedcommerce.services joanie-1.store-uk1.advancedcommerce.services static.dressipi.com load.collect.joanieclothing.com shopforward.eu script.hotjar.com cdn-sitegainer.com services.postcodeanywhere.co.uk static.mention-me.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://cdn.lr-ingest.io https://unpkg.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://*.dwin1.com https://intljs.rmtag.com https://cdn.avmws.com https://images.bizrate.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://swrap.tradedoubler.com https://analytics.optimalpeople.fr https://www.linkconnector.com https://d3v27wwd40f0xu.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://*.affiliatefuture.com https://static.powerreviews.com https://analytics.webgains.io *.hsforms.net *.hsforms.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.bglobale.com *.global-e.com assets.reviews.io data: use.typekit.net p.typekit.net *.amazonaws.com services.postcodeanywhere.co.uk https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com app.termly.io *.reviews.io region1.analytics.google.com stats.g.doubleclick.net pagead2.googlesyndication.com *.amazonaws.com grapheneai.joanieclothing.com wss://ws.hotjar.com content.hotjar.io api.zuko.io joaniedev-1.store.advancedcommerce.services joanie-1.store-uk1.advancedcommerce.services services.postcodeanywhere.co.uk metrics.hotjar.io https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://shareasale.com/sale.cfm https://analytics.optimalpeople.fr https://measurement-api.criteo.com https://api.webgains.io https://the.sciencebehindecommerce.com https://*.wepowerconnections.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.google.com.ua ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://gzuvq.sanitairkamer.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://gzuvq.sanitairkamer.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://gzuvq.sanitairkamer.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-5tiO6oYkIgSJTHlDIlgM1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yzgbBAEIEQMr4rRshvoSOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://static-web.jjdsn.vip https://bitkeep.page https://*.bitkeep.fun https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://www.recaptcha.net https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://share.bwb.online https://share.bwb.global https://share.bwb.win https://share.bwb.inc https://share.bwb.space https://*.walletconnect.org wss://*.walletconnect.org https://*.walletconnect.com;connect-src 'self' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://*.bitkeep.fun https://bitkeep.page https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://share.bwb.online https://share.bwb.global https://share.bwb.win https://share.bwb.inc https://share.bwb.space https://region1.google-analytics.com https://*.walletconnect.org wss://*.walletconnect.org https://*.walletconnect.com https://cloudflare-eth.com https://eth.llamarpc.com https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.life https://api-web.chainnear.com https://api-web.bitkeep.fun;frame-src 'self' 'report-sample' https://www.google.com https://www.recaptcha.net https://*.bitget.com https://static-web.jjdsn.vip https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://*.walletconnect.org;frame-ancestors 'self' https://bulbaswap.io https://app.bulbaswap.io https://www.bulbaswap.io https://bulba.bknode.vip https://*.bitget.com https://static-web.jjdsn.vip https://www.google.com https://www.recaptcha.net https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com;report-uri https://64ad2bae905b5c797e632276.endpoint.csper.io?v=17; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com https://maxcdn.bootstrapcdn.com https://iwae.com https://cdn.iwae.com https://static.ecorebates.com www.searchanise.com *.searchserverapi.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com https://phone.aircall.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.certcapture.com https://phone.aircall.io/ *.getbread.com *.breadpayments.com *.rbcpayplan.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.certcapture.com https://cdn.aircall.io/ *.getbread.com *.breadpayments.com *.rbcpayplan.com magefan.com cm.magefan.com https://seal-louisville.bbb.org https://www.google.com https://bid.g.doubleclick.net https://iwae.com https://cdn.iwae.com https://bat.bing.com https://c.bing.com https://clarity.ms https://static.zdassets.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ guarantee-cdn.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com https://www.magezon.com https://redchamps.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.certcapture.com https://cdn.rawgit.com/ https://phone.aircall.io/ https://phone.aircall.io/static/ *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com https://static.zdassets.com https://acsbapp.com https://www.mczbf.com https://widget.trustpilot.com https://maxcdn.bootstrapcdn.com https://static.klaviyo.com https://fast.a.klaviyo.com https://connect.facebook.net https://ekr.zdassets.com https://static-tracking.klaviyo.com https://telemetrics.klaviyo.com/ *.googleadservices.com *.paypal.com *.cardinalcommerce.com https://static.ecorebates.com https://iwae.com https://cdn.iwae.com searchserverapi.com *.searchserverapi.com https://ingrams.ecorebates.com https://bat.bing.com https://s.pinimg.com https://clarity.ms https://ct.pinterest.com *.leadmanagerfx.com *.marketingcloudfx.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ *.cloudflare.com guarantee-cdn.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.certcapture.com https://cdn.jsdelivr.net/ widget.freshworks.com m2epro.freshdesk.com https://maxcdn.bootstrapcdn.com https://iwae.com https://cdn.iwae.com https://static.ecorebates.com assets.braintreegateway.com https://static.klaviyo.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com https://www.mczbf.com https://iwae.zendesk.com https://cdn.acsbapp.com https://ekr.zdassets.com https://iwae.com https://cdn.iwae.com *.breadgateway.net https://ct.pinterest.com https://b.clarity.ms https://bat.bing.com https://acsbapp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.amplitude.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://fonts.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.coutts.com   *.amazon-adsystem.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com   *.jwpcdn.com *.jwpltx.com *.liveperson.net *.lpsnmedia.net *.neolane.net *.omtrdc.net *.pinimg.com *.pinterest.com *.userzoom.com *.youtube.com *.ytimg.com *.contentsquare.net *.contentsquare.com https://geolocation.onetrust.com   https://privacyportal-eu.onetrust.com https://googleads.g.doubleclick.net https://www.googleadservices.com snap.licdn.com cdn.cookielaw.org www.gstatic.com www.googletagmanager.com www.google-analytics.com googleapis.com;   upgrade-insecure-requests; block-all-mixed-content; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.brightcove.net *.brightcove.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.brightcove.net *.brightcove.com *.boltdns.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://prf.hn maps.gstatic.com *.facebook.com *.reddit.com *.adtrafficquality.google *.cookielaw.org *.lightboxcdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.brightcove.net *.brightcove.com *.ordergroove.com *.attn.tv events.attentivemobile.com *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://prf.hn https://pzapi-nb.com https://pzapi-kg.com https://pzapi-ij.com/ maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.adtrafficquality.google *.audioeye.com *.clarity.ms *.cookielaw.org *.gstatic.com *.lightboxcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com *.typekit.net *.googlesyndication.com tagmanager.google.com *.audioeye.com *.lightboxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.typekit.net *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.typekit.net *.googlesyndication.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com maps.googleapis.com *.ordergroove.com *.attn.tv events.attentivemobile.com *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.adtrafficquality.google *.audioeye.com *.clarity.ms *.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net annies-livesearch.s3.amazonaws.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.brightcovecdn.com *.typekit.net *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.google.com *.googleadservices.com *.googletagmanager.com *.jquery.com *.facebook.net *.cookiebot.com *.doubleclick.net *.privacymanager.io *.disqus.com *.twitter.com *.trustpilot.com *.clarity.ms *.gstatic.com *.youtube.com youtube.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://a.disquscdn.com https://c.clarity.ms https://c.disquscdn.com https://clm.nektony.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://nektony.com https://ps.w.org https://referrer.disqus.com https://secure.gravatar.com https://ssl.gstatic.com https://syndication.twitter.com https://www.google.com https://www.google.com.ua https://www.googletagmanager.com *.facebook.com *.bing.com; font-src 'self' data: https://fonts.gstatic.com https://nektony.com; connect-src *; media-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://disqus.com https://store.payproglobal.com https://td.doubleclick.net https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; worker-src 'self';  upgrade-insecure-requests; report-uri https://nektony.com/csp-report-mode1.php; manifest-src 'self'; 1
script-src 'nonce-DNiDjaPZnSk7lATD+YgS52hpnvOZDg/M' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googleapis.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com *.google.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com http://s3.amazonaws.com https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://static.hotjar.com https://script.hotjar.com http://*.tiqcdn.com https://pageimprove.io https://*.linkedin.com https://partenamut.activehosted.com https://*.tealiumiq.com https://*.youtube.com https://*.decibelinsight.net https://wurfl.io https://bat.bing.com https://*.googlesyndication.com https://*.teads.tv https://*.clarity.ms/ https://dev.visualwebsiteoptimizer.com https://tags.partenamut.be/partenamut-site/prod/utag.sync.js https://tags.partenamut.be/partenamut-site/prod/utag.js https://tags.partenamut.be https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/events.js https://collect.partenamut.be; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://unpkg.com https://script.hotjar.com https://static.hotjar.com https://*.gstatic.com https://fonts.bunny.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com *.googleusercontent.com https://*.google.be https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.linkedin.com https://*.partenamut.be https://*.facebook.com https://dummyimage.com https://placehold.co https://www.googletagmanager.com http://www.w3.org/2000/svg https://*.tealiumiq.com https://s535jira.mutworld.be https://flagcdn.com https://script.hotjar.com https://static.hotjar.com https://bat.bing.com https://ad.doubleclick.net https://*.teads.tv https://dev.visualwebsiteoptimizer.com https://tags.partenamut.be/partenamut-site/prod/utag.js https://*.clarity.ms https://c.bing.com https://www.google.com/pagead/form-data https://survey-images.hotjar.com data:; frame-src 'self' https://*.google.com https://optimize.google.com https://vars.hotjar.com/ https://*.youtube.com https://*.partenamut.be https://cloud.cavai.com/ www.facebook.com https://idp.iamfas.belgium.be/ https://td.doubleclick.net/ https://*.teads.tv/ https://td.doubleclick.net.x.ccf80dde0e0820444b0b8f9038e392127391.d045232a.id.opendns.com https://10649093.fls.doubleclick.net https://maternity-leave---partena.bubbleapps.io; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://fonts.bunny.net; object-src 'self' data: 'unsafe-eval'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; navigate-to *; connect-src 'self' https://*.cloud.es.io https://*.googleapis.com *.google.com https://*.google.com https://*.google.com https://*.gstatic.com  https://*.google-analytics.com https://*.facebook.com https://*.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com https://pageimprove.io https://*.tealiumiq.com https://*.decibelinsight.net wss://*.hotjar.com https://*.cloud.es.io https://bat.bing.com https://*.linkedin.com https://*.googlesyndication.com wss://*.decibelinsight.net https://wurfl.io https://*.g.doubleclick.net https://*.teads.tv https://*.clarity.ms/ https://dev.visualwebsiteoptimizer.com https://adservice.google.com https://www.google.com/pagead/form-data https://google.com/ccm/form-data/1035243604 https://google.com:433/ccm/form-data/1035243604 https://*.adservice.google.com https://adservice.google.com https://analytics.tiktok.com https://*.partenamut.be data: blob:; worker-src 'self' blob:; https://t.contentsquare.net/uxa/b8b4149d47658.js;report-uri https://mutualit.uriports.com/reports; report-to default 1
script-src-elem data: 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' https://web-sdk.aptrinsic.com https://s7.addthis.com https://static.hotjar.com https://script.hotjar.com https://host.hotjar.com https://www.google.com https://assets.adobedtm.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://www.googleapis.com https://*.newrelic.com https://*.nr-data.net https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://geoapi.cardinalcommerce.com https://1eafapi.cardinalcommerce.com https://songbird.cardinalcommerce.com https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://t.paypal.com https://vimeo.com https://www.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://use.typekit.net https://*.typekit.net https://*.magento-ds.com https://*.cloudflare.com https://*.gstatic.com https://js.braintreegateway.com https://assets.braintreegateway.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://checkout.razorpay.com https://*.facebook.net https://*.avada.io; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.cloudflare.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com 'self' data: play.google.com api.razorpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://cm.everesttech.net https://*.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://*.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self'  https://www.magecomp.com https://assets.adobedtm.com https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://widgets.magentocommerce.com https://www.googleadservices.com https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://*.ftcdn.net https://*.behance.net https://www.paypal.com https://www.paypalobjects.com https://fpdbs.paypal.com https://fpdbs.sandbox.paypal.com https://*.vimeocdn.com https://p.typekit.net https://*.gstatic.com https://validator.swagger.io https://cdn.razorpay.com https://*.facebook.com https://firebasestorage.googleapis.com https://assets.braintreegateway.com https://checkout.paypal.com cdn.razorpay.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'self' data: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://static.hotjar.com https://script.hotjar.com https://assets.adobedtm.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com tagmanager.google.com https://*.facebook.net https://js.braintreegateway.com https://checkout.razorpay.com checkout.razorpay.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'self' data: 'report-sample' *.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.bunnycart.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com 'self' data: *.hotjar.io wss://ws.hotjar.com https://*.hotjar.io https://*.facebook.com https://www.facebook.com https://www.facebook.com/*/ https://lumberjack-cx.razorpay.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' stat.joomlapolis.com https:  data ;     script-src-attr 'self' 'unsafe-inline' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com      www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com      www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data ;     script-src-elem 'self' 'unsafe-inline' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com     www.google-analytics.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com www.pagespeed-mod.com connect.facebook.net  ;         style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com ;     style-src-elem 'self' 'unsafe-inline' translate.googleapis.com  www.gstatic.com  fonts.googleapis.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com pwm-image.trendmicro.com adblockers.opera-mini.net ;     img-src 'self' data: www.joomlapolis.com stat.joomlapolis.com forge.joomlapolis.com *.stripe.com *.stripe.network *.ytimg.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com www.google.com/images fonts.gstatic.com    yastatic.net i.imgur.com servimg.com tinypic.com www.google-analytics.com www.googleadservices.com www.facebook.com img391.imageshack.us blob data ;         frame-src 'self' *.stripe.com *.stripe.network www.youtube.com www.youtube-nocookie.com www.slideshare.net      mozbar.moz.com div.show pwm-image.trendmicro.com ;     font-src 'self' data: fonts.gstatic.com use.typekit.net     *.avast.com chrome-extension github.com/google/fonts/blob chrome-extension   ;     connect-src *.joomlapolis.com *.googleapis.com ;     report-uri /report-csp-jp-c.php ; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-944dcc0bce39910a663d5d87667daaae' 'strict-dynamic' https://www.googletagmanager.com/ https://securepubads.g.doubleclick.net/tag/js/gpt.js https://static.hotjar.com/ https://cdn.cookielaw.org/ https://imasdk.googleapis.com/ https://*.hotjar.io/ https://connect.facebook.net/ https://*.facebook.com/ https://*.facebook.net/ https://analytics.tiktok.com/ https://galt.hit.gemius.pl/  ; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://fonts.googleapis.com/ https://www.biathlonworld.com/embedded-player.css https://www.atletiek.nl/build/css/css-ebu.build.css; img-src 'self' data: https://imageservice.evsports.opentv.com/images/v1/image/Sport/ https://cabi.evsports.sports.opentv.com/ https://*.sports.opentv.com/ https://www.googletagmanager.com/ https://static.hotjar.com/ https://cdn.cookielaw.org/logos/ https://www.google.com/ https://www.google.co.uk/ https://www.facebook.com/ https://*.g.doubleclick.net/ https://ep1.adtrafficquality.google/pagead/ https://*.googlesyndication.com/ https://www.ebu.ch/files/live/sites/ebu/files/images/ https://*.cloudfront.net/EBU/; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://cdn.cookielaw.org/ https://api.evsports.opentv.com/metadata/delivery/ https://www.google.com/pagead/form-data/ https://www.google.com/ccm/form-data/ https://*.sports.opentv.com/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://ep1.adtrafficquality.google/getconfig/sodar https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/gampad/ https://analytics.tiktok.com/ https://www.facebook.com/ https://*.tiktokw.us/ https://*.hotjar.com/ https://galt.hit.gemius.pl/ https://firebase.googleapis.com/ https://firebaseremoteconfig.googleapis.com/v1/projects/eurovision-sport-prod-772510/ https://firebaseinstallations.googleapis.com/v1/projects/eurovision-sport-prod-772510/ https://firebaseremoteconfig.googleapis.com/v1/projects/eurovision-sport-dev-511366/ https://firebaseinstallations.googleapis.com/v1/projects/eurovision-sport-dev-511366/ https://*.facebook.com/ https://*.fbcdn.net/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.hotjar.io/ wss://ws.hotjar.com/ https://*.akamaized.net/ https://*.anycast.nagra.com/ https://evs-dtvsports-vod-secure2.akamaized.net/ https://*.ampproject.org/ https://api.evsports.opentv.com/ https://api.evsports.opentv.com/useractivityvault/v1/useractivity/; frame-src https://files.eurovisionsport.com/ https://www.google.com/ https://ep2.adtrafficquality.google/ https://www.googletagmanager.com/ https://*.g.doubleclick.net/ https://*.safeframe.googlesyndication.com/ http://imasdk.googleapis.com/ http://console.googletagservices.com/ https://www.ebu.ch/ https://eurovisionsport.com/; media-src 'self' blob: https://*.akamaized.net/ https://*.anycast.nagra.com/ https://*.sports.opentv.com/; script-src-elem 'self' 'nonce-944dcc0bce39910a663d5d87667daaae' https://cdn.ampproject.org/ https://*.hotjar.com/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://securepubads.g.doubleclick.net/ https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.hotjar.io/; object-src 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self' 'nonce-U51d0++j1YCqvVivYIMhwA==' *.google-analytics.com *.googlesyndication.com *.gstatic.com *.youtube.com *.fontawesome.com *.googletagmanager.com *.trustpilot.com; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-U51d0++j1YCqvVivYIMhwA==' *.unpkg.com *.addtoany.com *.trustpilot.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.jsdelivr.net *.vimeo.com *.godaddy.com *.cloudflare.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.jsdelivr.net *.cloudflare.com *.typekit.net https://tagmanager.google.com https://fonts.googleapis.com; connect-src 'self' https://lottie.host/ *.6sense.com *.pingdom.net *.salesloft.com http://ib.adnxs.com https://secure.adnxs.com/ https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk *.cookiebot.com *.linkedin.com *.6sc.co; frame-src 'self' 'nonce-U51d0++j1YCqvVivYIMhwA==' *.addtoany.com https://www.googletagmanager.com https://td.doubleclick.net *.youtube.com *.vimeo.com *.google.com *.cookiebot.com *.trustpilot.com *.doubleclick.net; font-src 'self' 'nonce-U51d0++j1YCqvVivYIMhwA==' data: *.jsdelivr.net *.cloudflare.com *.typekit.net *.fontawesome.com https://fonts.gstatic.com; img-src 'self' data: https://www.quartix.com/ https://b.sf-syn.com/ https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.gravatar.com *.google.co.uk *.6sc.co *.facebook.com *.facebook.net *.linkedin.com *.metricool.com *.cookiebot.com; object-src 'nonce-U51d0++j1YCqvVivYIMhwA=='; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.criteo.com *.pinterest.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com *.googleapis.com *.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com *.cdninstagram.com *.google.lk *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.media.net *.bing.com *.yieldmo.com *.aralego.com *.3lift.com *.clmbtech.com *.teads.tv *.smaato.net *.rubiconproject.com *.pubmatic.com *.outbrain.com *.aralego.net *.1rx.io *.bluekai.com *.contextweb.com *.unrulymedia.com *.trackedlink.net *.ddlnk.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.googleapis.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.tiktok.com *.pinimg.com *.criteo.com *.pinterest.com *.freshworks.net *.freshworks.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co https://www.bedbathntable.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au *.use.typekit.net *.p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.crazyegg.com googleads.g.doubleclick.net bam-cell.nr-data.net *.lr-ingest.io *.foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.nr-data.net foursixty.com *.pinterest.com *.pangle-ads.com *.tiktok.com *.criteo.com *.google.com *.freshworks.net *.freshworks.com *.attraqt.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' wss:; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googletagmanager.com *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' 'nonce-jwmkz4Zmo9Y-KKJlriWMaUnLBcB7NBE-US98zXcXt81rKNC-yX9MZQ' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' wss: 'inline' 'report-sample'; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1773712204600240&requestHash=4ced51911321e2b740dfa8c8a7d1335f39f8499f 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.cupio.ro https://ss.cupio.ro https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.googleapis.com https://www.googleoptimize.com https://www.googleadservices.com https://www.google.ro https://www.google.com https://connect.facebook.net https://*.facebook.com https://*.pinterest.com https://ct.pinterest.com https://s.pinimg.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.snapchat.com https://sc-static.net https://bat.bing.com https://bat.bing.net https://event.2performant.com https://attr-2p.com https://*.klarna.com https://*.klarnacdn.net https://*.revolut.com https://aqurate.ai https://cdn.channelize.io https://trusted.ro https://js.stripe.com cupio.ro https://*.themarketer.com https://*.mktr2.com https://unpkg.com https://*.mczbf.com https://*.gstatic.com https://*.clarity.ms https://*.tiktok.com https://stapecdn.com; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com https://*.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com https://fonts.googleapis.com *.zopim.com *.zopim.io *.klarnacdn.net https://fonts.bunny.net 'self' data: https://cdn.cupio.ro https://*.themarketer.com https://*.mktr2.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://fonts.cdnfonts.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.twitter.com *.cupio.ro https://www.facebook.com https://payflowlink.paypal.com https://sandbox.payu.ro/ https://secure.payu.ro/ https://cdn.channelize.io https://*.revolut.com https://*.themarketer.com https://*.mktr2.com https://*.mczbf.com https://*.gstatic.com https://*.clarity.ms https://*.tiktok.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.innoship.ro https://plumrocket.com https://*.revolut.com *.cdn-apple.com *.google.com/ pay.google.com https://*.gstatic.com https://accounts.google.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com https://*.klarna.com 'self' *.cupio.ro https://ss.cupio.ro https://*.pinterest.com https://s.pinimg.com *.vimeo.com https://cdn-cookieyes.com https://*.snapchat.com https://bat.bing.com https://event.2performant.com https://js.stripe.com https://hooks.stripe.com https://*.themarketer.com https://*.mktr2.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://*.klarnaservices.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com https://www.magezon.com *.tile.openstreetmap.org *.openstreetmap.org *.revolut.com *.google.com *.cdn-apple.com https://*.google.com pay.google.com https://*.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com https://www.google-analytics.com *.twitter.com *.twimg.com https://*.vimeocdn.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.co.in *.mastercard.com https://*.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com 'self' cupio.ro *.cupio.ro https://*.google.ro https://www.googleadservices.com https://trusted.ro https://*.ytimg.com https://*.pinterest.com https://s.pinimg.com https://*.klarnacdn.net https://cdn-cookieyes.com https://*.snapchat.com https://bat.bing.com https://bat.bing.net https://event.2performant.com https://*.themarketer.com https://*.mktr2.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://www.google.com https://redchamps.com *.facebook.com *.reddit.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.tiktok.com *.channelize.io https://cdn.jsdelivr.net https://*.revolut.com *.google.com/ pay.google.com https://*.gstatic.com https://accounts.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com https://www.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://bat.bing.com *.zopim.com *.zdassets.com https://*.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cupio.ro https://ss.cupio.ro https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.googleapis.com https://www.googleoptimize.com https://www.googleadservices.com https://www.google.ro https://*.facebook.com https://*.pinterest.com https://ct.pinterest.com https://s.pinimg.com https://*.cookieyes.com https://*.snapchat.com https://sc-static.net https://bat.bing.net https://event.2performant.com https://attr-2p.com https://*.klarnacdn.net https://aqurate.ai https://cdn.channelize.io https://trusted.ro https://www.trusted.ro cupio.ro https://*.themarketer.com https://*.mktr2.com https://unpkg.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://www.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com *.cloudflare.com https://fonts.googleapis.com *.twitter.com *.twimg.com https://*.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.klarnacdn.net https://fonts.bunny.net 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.cupio.ro https://*.klarnacdn.net https://*.themarketer.com https://*.mktr2.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://unpkg.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com *.channelize.io https://*.revolut.com *.cdn-apple.com pay.google.com https://*.gstatic.com https://accounts.google.com www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://www.google-analytics.com https://stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://*.klarna.com https://get.geojs.io *.avada.io 'self' *.cupio.ro https://ss.cupio.ro https://*.googleapis.com https://www.googletagmanager.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.snapchat.com https://bat.bing.com https://bat.bing.net https://event.2performant.com https://attr-2p.com https://directory.cookieyes.com https://*.klarnacdn.net https://*.klarnaservices.com https://analytics-ipv6.tiktokw.us https://cdn.channelize.io https://api.stripe.com https://*.themarketer.com https://*.mktr2.com https://unpkg.com https://*.mczbf.com https://*.clarity.ms https://*.tiktok.com https://ct.pinterest.com https://cdn.jsdelivr.net https://aqurate.ai https://*.aqurate.ai *.stripe.com klarna.com *.klarna.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PSlfT4r30_-w5q0kUsdtiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.thulium.com 'self' *.ekomiapps.de *.payu.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com https://plumrocket.com 'self' 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com secure.payu.com merch-prod.snd.payu.com https://plumrocket.com *.ceneo.pl *.paypo.pl *.payu.com *.onet.pl *.googletagmanager.com youtube.com *.askspot.io paypo.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.hsforms.net *.hsforms.com static.payu.com *.google.pl *.skalnik.pl 'self' *.openstreetmap.org *.pagesense.io *.ekomiapps.de *.google.de *.amazonaws.com *.bing.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com secure.payu.com secure.snd.payu.com *.quartic.pl *.skalnik.pl *.ceneo.pl *.uptimiarium.eu *.luigisbox.com *.getresponse.com *.savecart.pl recostream.com *.thulium.com *.gr-wcon.com *.gr-cdn.com 'self' 'unsafe-eval' *.uptimiarum.eu 'nonce-test' 'unsafe-inline' *.tiktok.com *.clickonometrics.pl *.hotjar.com *.onet.pl *.gr-cdn-e.eu *.cloudflareinsights.com *.pagesense.io *.clarity.ms *.ekomiapps.de *.ekomi.com *.bing.com *.payu.com *.askspot.io *.tmtarget.com *.luigisbox.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.thulium.com *.luigisbox.com 'self' 'unsafe-inline' *.ekomiapps.de *.luigisbox.tech 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.thulium.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com t.elasticsuite.io *.hsforms.net *.hsforms.com secure.payu.com merch-prod.snd.payu.com *.luigisbox.com *.recostream.com *.savecart.pl *.getresponse.com *.thulium.com *.uptimiarium.eu 'self' *.uptimiarum.eu *.payu.com *.openstreetmap.org *.ocdn.eu *.onet.pl wss: ws.hojtar.com *.hotjar.io *.tiktok.com *.eu01.nr-data.net *.clickonometrics.pl *.skalnik.pl *.clarity.ms *.ekomiapps.de *.ekomi.com *.bing.net *.tiktokw.us bat.bing.com *.luigisbox.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://sandbox.blpaczka.com https://send.blpaczka.com pudofinder.dpd.com.pl https://www.googletagmanager.com/ *.facebook.com pay.google.com apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ruch-osm.sysadvisors.pl p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io secure.przelewy24.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com magefan.com cm.magefan.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com geowidget.easypack24.net maps.googleapis.com *.hsforms.net *.hsforms.com 'self' data: *.groomershop.pl *.groomershop.eu www.google.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ruch-osm.sysadvisors.pl amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://sandbox.blpaczka.com https://send.blpaczka.com secure.przelewy24.pl http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.googleapis.com sandbox.przelewy24.pl pay.google.com apm.przelewy24.pl secure.payu.com secure.snd.payu.com geowidget.easypack24.net *.hsforms.net *.hsforms.com *.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com ruch-osm.sysadvisors.pl fonts.googleapis.com secure.przelewy24.pl maxcdn.bootstrapcdn.com geowidget.easypack24.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.groomershop.pl *.groomershop.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ruch-osm.sysadvisors.pl *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://sandbox.blpaczka.com https://send.blpaczka.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com api-pl-points.easypack24.net maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com places.googleapis.com *.groomershop.pl *.groomershop.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action https://testsecurepay.eway2pay.com/fim/est3Dgate https://bib.eway2pay.com/fim/est3Dgate *.facebook.com *.gc.sales-snap.com https://rs.raiffeisenbank.rs pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src *.googletagmanager.com *.doubleclick.net/ *.yandex.com *.facebook.com *.gc.sales-snap.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com/ www.facebook.com platform.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.etrustmark.rs *.facebook.com *.google.com https://yandex.ru *.clarity.ms *.bing.com *.google.rs *.yandex.ru *.yango.com https://core.yads.tech *.doubleclick.net *.yandex.com *.gamecentar.rs https://gamecentar.rs/static/ https://gamecentar.rs/media/ *.googletagmanager.com *.google-analytics.com  *.yandex.md *.yads.tech cm.g.doubleclick.net t.adx.opera.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com https://firebasestorage.googleapis.com https://www.magezon.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src *.sales-snap.com *.facebook.net *.yandex.ru *.clarity.ms *.google-analytics.com  *.googletagmanager.com mc.yango.com mc.yandex.ru mc.yandex.com *.cloudflareinsights.com *.yandex.md *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.google.com/ connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sales-snap.com *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google.com mc.yango.com *.yandex.com  *.sales-snap.com  *.clarity.ms *.analytics.google.com *.googleapis.com *.google-analytics.com *.clarity.ms *.googletagmanager.com *.google-analytics.com  *.yango.com *.google.rs *.yandex.ru *.yandex.md cm.g.doubleclick.net t.adx.opera.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.revolut.com *.cdn-apple.com *.gstatic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.google.com maps.googleapis.com maps.gstatic.com https://api.esto.ee https://api.esto.lv https://api.estopay.lt *.unsplash.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.terminalmappingjs.com https://osm.venipak.com http://mano.venipak.lt https://maps.omnivasiunta.lt www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.klix.app meetanshi.com *.facebook.com *.gudriem.lv *.kurpirkt.lv *.salidzini.lv *.mailchimp.com *.mcusercontent.com *.fcfpay.com/ unsplash.com/ *.google.lv/ *.hsforms.net *.hsforms.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.google.com maps.googleapis.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.revolut.com *.gstatic.com *.facebook.net chimpstatic.com *.mailchimp.com *.list-manage.com *.googletagmanager.com *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net https://unpkg.com assets.braintreegateway.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://www.terminalmappingjs.com https://geocode.arcgis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com stats.g.doubleclick.net *.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hsadspixel.net https://js.hs-banner.com https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://website-assets.atlan.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleoptimize.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://ajax.googleapis.com https://unpkg.com https://embedsocial.com https://platform.twitter.com http://*.ads-twitter.com https://cdn.syndication.twimg.com https://static.ads-twitter.com https://*.clarity.ms https://bat.bing.com https://ipgeolocation.abstractapi.com https://platform.linkedin.com https://snap.licdn.com https://*.quora.com https://*.zi-scripts.com https://*.zoominfo.com https://player.vimeo.com https://f.vimeocdn.com https://*.vimeocdn.com https://*.salesloft.com https://*.demandbase.com https://*.company-target.com https://cdn.dreamdata.cloud https://www.redditstatic.com https://cdn.seersco.com https://*.sibforms.com https://*.ashbyhq.com https://plausible.io https://*.plausible.io https://darkvisitors.com https://*.darkvisitors.com https://connect.facebook.net https://*.facebook.com https://www.youtube.com https://s.ytimg.com https://js.blazeverify.com https://js.emailable.com/v1 https://www.gartner.com https://gartner.com *.crazyegg.com https://builder.io https://*.calendly.com https://cdnjs.cloudflare.com https://cloudflare.com https://static.cloudflareinsights.com https://cdn.rollbar.com https://*.rollbar.com https://*.chatbase.co https://*.emailable.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.default.com https://*.lindy.ai https://*.g2.com https://groas.ai https://*.groas.ai https://tofuhq.com https://*.tofuhq.com;object-src 'none';worker-src blob:;report-uri https://o4507661801488384.ingest.sentry.io/api/4507683673866240/security/?sentry_key=b5327dda5a6527e6c04e9aa0de05fe22; report-to csp-endpoint 1
default-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-8fL6xxH58FYwCmr8aBDB0w==' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://consent.bumble.com http://www.google-analytics.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
default-src 'self' https://d1g5x7b3jtu99v.cloudfront.net;script-src 'self' 'unsafe-inline' https://www2.chromatic.com js.stripe.com widget.intercom.io js.intercomcdn.com cdn.segment.com cdn.lr-in-prod.com https://*.google-analytics.com api.figma.com https://d1g5x7b3jtu99v.cloudfront.net data: connect.facebook.net https://googleads.g.doubleclick.net https://*.googletagmanager.com cdn.jsdelivr.net js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hsappstatic.net us-assets.i.posthog.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://cdn.vector.co/pixel.js https://*.clarity.ms https://api.app.bullseye.so cdn.getkoala.com js.hsadspixel.net cdn.cr-relay.com a.usbrowserspeed.com d-code.liadm.com https://web.cmp.usercentrics.eu https://assets.revenuehero.io snap.licdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1g5x7b3jtu99v.cloudfront.net https://www2.chromatic.com;img-src * data:;font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;media-src 'self' https://js.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;connect-src 'self' https://*.chromatic.com https://index.chromatic.com snapshots.chromatic.com api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.segment.com https://*.google-analytics.com https://analytics.google.com https://api.segment.io https://stats.g.doubleclick.net https://api-us-east-1.graphcms.com https://r.lr-in-prod.com webmention.io hichroma.us15.list-manage.com https://*.ingest.sentry.io api.figma.com us.i.posthog.com https://pagead2.googlesyndication.com https://forms.hscollectedforms.net https://api.hsforms.com forms.hsforms.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://google.com api.vector.co https://*.clarity.ms https://api.app.bullseye.so https://pro.ip-api.com api.cr-relay.com https://www.facebook.com api.getkoala.com https://api.hubapi.com https://*.usercentrics.eu https://app.revenuehero.io px.ads.linkedin.com;child-src 'self' blob:;frame-src 'self' https://www.chromatic.com https://index.chromatic.com snapshots.chromatic.com js.stripe.com https://www.youtube.com https://chromatic-interactive-demo.netlify.app https://*.chromatic.com https://td.doubleclick.net https://*.googletagmanager.com https://meetings.hubspot.com https://forms.hsforms.com https://popup.schedulehero.io;frame-ancestors 'self' https://*.chromatic.com 1
script-src 'nonce-wqNaQC5jC64Gugrphh/W+Q==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=770e3ff9-a2fa-4cf3-a7dc-75cceca3afcb; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
frame-ancestors 'none'; default-src https://www.czater.pl 'self'; script-src https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.czater.pl 'self' 'unsafe-inline'; img-src https://static.sprintdatacenter.pl https://rapiddc.pl https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://googleads.g.doubleclick.net https://www.googleadservices.com data: 'self'; style-src https://www.czater.pl 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; connect-src https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com wss://s2.czater.pl 1
default-src 'self' fact24.f24.com; upgrade-insecure-requests; report-uri https://0ze76053.uriports.com/reports/report; report-to csp-endpoint; manifest-src 'self'; script-src https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com snap.licdn.com j.6sc.co https://pi.pardot.com https://www.youtube-nocookie.com https://www.youtube.com https://www.clarity.ms https://scripts.clarity.ms 'self' fact24.f24.com; style-src https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com https://www.youtube-nocookie.com https://www.youtube.com 'self' fact24.f24.com; img-src data: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com www.google.com www.google.hr www.google.fr www.google.no www.google.ch www.google.lu www.google.de www.google.at www.google.es www.google.hn www.google.dk www.google.nl googleads.g.doubleclick.net cdn.cookielaw.org px.ads.linkedin.com px4.ads.linkedin.com b.6sc.co img.youtube.com img.youtube-nocookie.com https://c.clarity.ms https://claritystatic.blob.core.windows.net https://c.bing.com 'self' fact24.f24.com; frame-src https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com www.tfaforms.com f24.jobs.personio.de 'self' fact24.f24.com; font-src https://fonts.gstatic.com data: 'self' fact24.f24.com; connect-src www.googletagmanager.com www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com px.ads.linkedin.com ipv6.6sc.co c.6sc.co epsilon.6sense.com https://www.youtube-nocookie.com https://www.youtube.com noembed.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms 'self' fact24.f24.com; frame-ancestors 'none'; 1
default-src 'none'; media-src 'self'; object-src 'none'; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self'; base-uri 'none'; form-action 'self'; img-src 'self' data: *.america250.org *.classy.org classy.org america-250.helloprobability.io fonts.gstatic.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.gstatic.com i.ytimg.com *.ytimg.com www.youtube.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.nextdoor.com *.pinterest.com *.pinimg.com *.doubleclick.net *.googlesyndication.com manage.america250.org; frame-src 'self' *.america250.org *.classy.org classy.org america-250.helloprobability.io fonts.gstatic.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.gstatic.com i.ytimg.com *.ytimg.com www.youtube.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.nextdoor.com *.pinterest.com *.pinimg.com *.doubleclick.net *.googlesyndication.com manage.america250.org; frame-ancestors 'none'; script-src 'self' *.america250.org *.classy.org classy.org america-250.helloprobability.io fonts.gstatic.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.gstatic.com i.ytimg.com *.ytimg.com www.youtube.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.nextdoor.com *.pinterest.com *.pinimg.com *.doubleclick.net *.googlesyndication.com manage.america250.org 'unsafe-inline'; style-src 'self' *.america250.org *.classy.org classy.org america-250.helloprobability.io fonts.gstatic.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.gstatic.com i.ytimg.com *.ytimg.com www.youtube.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.nextdoor.com *.pinterest.com *.pinimg.com *.doubleclick.net *.googlesyndication.com manage.america250.org 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.america250.org *.classy.org classy.org america-250.helloprobability.io fonts.gstatic.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com *.googleapis.com *.gstatic.com i.ytimg.com *.ytimg.com www.youtube.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.nextdoor.com *.pinterest.com *.pinimg.com *.doubleclick.net *.googlesyndication.com manage.america250.org; upgrade-insecure-requests 1
frame-ancestors 'self'; report-uri https://www.townsvillebulletin.com.au/csp-reports 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-4DkooW-ttVHMMMfdgVpaFg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' *.across.to across.to wss://api.blocknative.com; font-src 'self' fonts.gstatic.com assets.vercel.com data:; img-src 'self' *.walletconnect.com assets.vercel.com data:; connect-src wss://*.walletconnect.com *.walletconnect.com wss://api.blocknative.com mainnet.infura.io *.across.to across.to *.wallet.coinbase.com *.alchemy.com *.infura.io api2.amplitude.com *.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com vercel.live; style-src 'self' 'unsafe-inline'; frame-src 'self' vercel.live platform.twitter.com *.walletconnect.com; frame-ancestors 'self'; report-uri https://umaproject.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-RrSBfExsU4DucKAQOcgnHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://44d1e7f7-e0f3-40b1-97a0-2365023697f1.sansec.watch/; report-to report-endpoint; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; script-src 'nonce-229c6d1dc8ea427bbf6845268dbc19c6'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; style-src 'self' 'nonce-229c6d1dc8ea427bbf6845268dbc19c6'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=133-3784775-5351157:rid=E1E9E52E34F14AFA8E90:sn=www.newworld.com 1
font-src cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com * *.hotjar.com *.google.com *.doubleclick.net https://www.googletagmanager.com/ cdn.dnky.co *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://maps.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.doubleclick.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com chimpstatic.com *.hotjar.com *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.zopim.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com cdn.prooffactor.com cdn.one.store https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.cookiehub.net *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.hotjar.com *.google.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.doubleclick.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.one.store 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-u1enpRg7bhnE12FpaYLvRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';    script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms/ https://scripts.clarity.ms/ *.wp.com https://fast.wistia.com/ https://analytics.wpmucdn.com/ https://cdn.jotfor.ms/ https://cdnjs.cloudflare.com/ https://sidebar.bugherd.com/ https://maps.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://payfacto.bamboohr.com/ https://www.bugherd.com/ https://cdn-cookieyes.com/ https://hb.wpmucdn.com/maitredpos.com/ https://www.googletagmanager.com/ https://stats.wpmucdn.com/ https://cdn.callrail.com/ https://js.callrail.com/ https://j.6sc.co/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/;    style-src 'report-sample' 'self' 'unsafe-inline' https://use.fontawesome.com/ https://ams.wpml.org/ https://fonts.bunny.net/ https://hb.wpmucdn.com/maitredpos.com/ https://fonts.googleapis.com/;    object-src 'none'; base-uri 'self';    connect-src 'self' https://y.clarity.ms/collect https://analytics3.wpmudev.com/ https://sessions.bugsnag.com/ wss://ws-mt1.pusher.com/ https://sockjs.pusher.com/ https://epsilon.6sense.com/ https://cdn.ampproject.org/ https://ams.wpml.org/ https://maps.google.com/ https://maps.googleapis.com/ https://app.callrail.com/ https://www.google-analytics.com/ https://metrics.hotjar.io/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://distillery.wistia.com/ https://payfacto.bamboohr.com/ https://stats.g.doubleclick.net/ https://c.6sc.co/ https://analytics.google.com/ https://ipv6.6sc.co/ https://js.callrail.com/ https://cdn-cookieyes.com/ https://log.cookieyes.com/ https://stats1.wpmudev.com/;    font-src 'self' data: https://use.fontawesome.com/ https://fonts.bunny.net/ https://fonts.gstatic.com/;    frame-src 'self' about: blob: data: https://form.jotform.com/ https://maps.google.com/ https://www.google.com/ https://sidebar.bugherd.com/ https://www.google.com/ https://forms.zohopublic.com;    img-src 'self' data: https://www.googletagmanager.com/ https://c.clarity.ms/c.gif https://c.bing.com/ *.smushcdn.com *.wp.com https://d2iiunr5ws5ch1.cloudfront.net/ https://ps.w.org/ https://secure.gravatar.com/ https://wpmudev.com/ https://i0.wp.com/ https://www.google.ca/ https://resources.bamboohr.com/ https://b.6sc.co/ https://cdn-cookieyes.com/ https://b3550802.smushcdn.com/;    manifest-src 'self';    media-src 'self';    worker-src blob:;    frame-ancestors 'self' https://google.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com https://challenges.cloudflare.com https://eu-assets.i.posthog.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://assets.deadlock-api.com data:; connect-src 'self' https://api.deadlock-api.com https://assets.deadlock-api.com https://eu.i.posthog.com https://eu-assets.i.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; font-src 'self'; frame-src https://challenges.cloudflare.com; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.stape.io static.klaviyo.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io js.mollie.com https://plumrocket.com https://accounts.google.com *.consentmanager.net ridersdeal.mycleverpush.com www.sovendus-benefits.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://www.mollie.com *.consentmanager.net cookie-cdn.cookiepro.com www.googletagmanager.com pagead2.googlesyndication.com www.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io js.mollie.com https://accounts.google.com https://www.gstatic.com ridersdeal.app.baqend.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.kameleoon.net *.consentmanager.net maps.googleapis.com 'self' *.sovendus.com chimpstatic.com *.googlesyndication.com *.cookiepro.com connect.facebook.net *.hotjar.com static.cleverpush.com *.zdassets.com apis.google.com www.google.com www.gstatic.com cdn.jsdelivr.net magento-recs-sdk.adobe.net static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.stape.io https://accounts.google.com https://www.gstatic.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://accounts.google.com api.cleverpush.com *.cookiepro.com data.ridersdeal.com *.zdassets.com ridersdeal.zendesk.com maps.googleapis.com *.sovendus.com www.chatbase.co bam.nr-data.net ridersdeal-web.talk.insaight.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://td.doubleclick.net; connect-src 'self' https://swile-privacy.my.onetrust.com https://cdn.cookielaw.org https://static.axept.io https://api.axept.io https://client.axept.io https://swile.containers.piwik.pro https://swile.piwik.pro/ https://adservice.google.com https://googleads.g.doubleclick.net https://www.google.com; img-src 'self' blob: data: https://cdn.cookielaw.org https://static.axept.io https://axeptio.imgix.net https://www.google.fr https://www.googletagmanager.com https://fonts.gstatic.com; manifest-src 'self'; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub1f7041eb55ec9a12eea50b161be3d8c0&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to csp; script-src 'nonce-YmI1MjI1ZTEtMjE1NS00MzQxLWIxZjktZTlkZjBiYjFiNTlm' 'strict-dynamic' https://static.axept.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com 1
img-src https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicstream.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: *.gstatic.com 'self' data: www.designsbyjuju.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.designsbyjuju.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net www.designsbyjuju.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com https://www.googletagmanager.com/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.youtube.com https://c.paypal.com/ *.weltpixel.com www.designsbyjuju.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com store.paradoxlabs.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ 'self' data: blog.designsbyjuju.com www.designsbyjuju.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.attn.tv events.attentivemobile.com *.certcapture.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.fontawesome.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com *.google.com *.gstatic.com embedsocial.com sec.webeyez.com https://www.googletagmanager.com tagmanager.google.com www.designsbyjuju.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com embedsocial.com tagmanager.google.com www.designsbyjuju.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.designsbyjuju.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.attn.tv events.attentivemobile.com *.certcapture.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ send.webeyez.com sec.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com https://www.google-analytics.com www.designsbyjuju.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com www.designsbyjuju.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.designsbyjuju.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self';  script-src 'self'    https://vercel.live    https://static.hotjar.com    https://script.hotjar.com    https://www.googletagmanager.com    https://beacon.riskified.com    https://static.moonpay.com    https://cdn.checkout.com    https://s3.tradingview.com    https://static.zdassets.com    https://cdn.gsght.com    https://connect.facebook.net    https://www.google-analytics.com    https://www.redditstatic.com    'unsafe-inline';  style-src 'self' 'unsafe-inline';  connect-src 'self' *    https://listing-api.openloot.com    https://vault-api.openloot.com    https://auth-api.openloot.com    https://www.google-analytics.com;  frame-src 'self' https://vercel.live https://export.turnkey.com/ https://auth.turnkey.com/ https://alchemy-rpc.dev.bigtimestudios.net https://s3.tradingview.com https://www.tradingview-widget.com https://buy.moonpay.com https://buy-sandbox.moonpay.com https://www.googletagmanager.com;  img-src 'self' https: data:;  media-src 'self' https:;  font-src 'self' data:;  object-src 'none';  base-uri 'self';  form-action 'self'    https://auth-api.openloot.com/oauth/v1/decision    https://bigtime720.activehosted.com/proc.php;  frame-ancestors 'self';  report-uri https://vault-api.openloot.com/v2/csp-report;  report-to csp-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-bfr4G1tBa8lw3Bxz7-ifaw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'strict-dynamic' 'self' 'inline-speculation-rules' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com 'sha256-GyUsdBtdHKlqtQSzGDSvNCHPdK8s1GO2S2y9jj4oYog=' *.google-analytics.com stats.wp.com 'sha256-+zMjo4vywISTRiN+RDp+W665czd5i8MOxiovBqr69F0=' 'sha256-X7SYke/fTbXP5LTn1g56zfcWCiSzQpGhzSLHvvNm0jo=' form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com connect.facebook.net s3.tradingview.com https://www.google.com/recaptcha/ https://challenges.cloudflare.com/turnstile/ 'sha256-riitXBKGtl5y5ccA7GF6ccqJuwEVP5tm8j0ff/fbw9U=' 'sha256-k8zlbQ8Yw3tO1mzGrtP0m5BxCIEa+iH8LXA4dctSEMI=' 'sha256-wBhUGm/Lzl4TA4tJsiguA/vnV9LaNE6plmk4Xn/6/Mw=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-5oZoxPs07HkLGv2K/yyNWiLlCvxwJuQdhXLKg2AXhT0=' 'nonce-QPopxUN9eaY6buqLJx+rxq0v' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.jotform.com; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com https://www.google.com/recaptcha/; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com *.youtube.com s.tradingview.com www.tradingview-widget.com challenges.cloudflare.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.userway.org *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.userway.org *.automann.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.userway.org *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src *.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.userway.org *.amazonaws.com wss://transcribestreaming.us-east-1.amazonaws.com:8443 *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://get.geojs.io *.avada.io webservices.purolator.com devwebservices.purolator.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; frame-src automann-scanner.global.ssl.fastly.net fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com *.livechatinc.com *.userway.org www.googletagmanager.com webservices.purolator.com devwebservices.purolator.com 'self' 'unsafe-inline'; script-src *.clarity.ms *.cloudfront.net assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdn.jsdelivr.net/ https://maps.googleapis.com browser-update.org *.userway.org *.livechatinc.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.dotdigital-pages.com *.dotdigital.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com photos.pixlee.co *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.trackedlink.net *.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.pixlee.com *.inicis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com *.gstatic.com *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.googletagmanager.com *.facebook.net www.termsfeed.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.pxlecdn.com *.pixlee.com *.inicis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.certcapture.com display.ugc.bazaarvoice.com *.klevu.com *.ksearchnet.com *.fontawesome.com assets.braintreegateway.com *.inicis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com https://inbound-analytics.pixlee.com *.inicis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://224c98c5-2b57-48b9-abd5-386e2aff2a6c.sansec.watch/; report-to report-endpoint; 1
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://s7.addthis.com https://dash.accessibly.app https://*.ketchcdn.com https://*.seniorly.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://*.googleapis.com https://cdn.segment.com https://cdn.builder.io https://cdn.accessibly.app https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://lh3.ggpht.com https://www.google.com https://*.seniorly.com https://*.facebook.com https://*.linkedin.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://i.ytimg.com https://d1qiigpe5txw4q.cloudfront.net https://cdn.builder.io; font-src 'self' data: https://*.seniorly.com https://fonts.gstatic.com https://cdn.accessibly.app; connect-src 'self' https://www.google.com https://demo-1.conversionsapigateway.com https://analytics.google.com https://alt-tags.accessiblyapp.com https://cdn.segment.com https://cdn.builder.io wss://*.seniorly.com https://*.seniorly.com https://api.segment.io https://cdn-settings.segment.com https://www.google-analytics.com https://region1.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://dash.accessibly.app https://alt-tags.accessibly.app; frame-src 'self' https://www.youtube.com https://player.vimeo.com my.matterport.com https://dash.accessibly.app; media-src 'self' https://*.seniorly.com; form-action 'self' https://*.seniorly.com; worker-src 'self' blob:; manifest-src 'self'; report-to reporter 1
report-uri https://o7202.ingest.us.sentry.io/api/278133/security/?sentry_key=3fa89efb7ac645f5820f641a4e80c50f&sentry_environment=production; report-to csp-endpoint; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * data: blob:; img-src * data: blob:; style-src * 'unsafe-inline' data: blob:; media-src * data: blob:; font-src * data: blob:; object-src * data: blob:; frame-src * data: blob:; worker-src * data: blob:; manifest-src * data: blob:; frame-ancestors *; 1
object-src 'none';base-uri 'self';script-src 'nonce-29OK8_I-_3ydKsOsLVfPLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com https://api.systempay.fr/static/ *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.pinterest.com/ https://wisepops.net/ https://*.wisepops.com/ https://*.trustpilot.com/ https://*.systempay.fr/ https://*.amaymag2.dnd.fr/ https://*.atelier-amaya.com/ *.weltpixel.com *.trustpilot.com *.dotdigital-pages.com *.dotdigital.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ www.xtento.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://*.cdninstagram.com/ https://*.instagram.com/ https://*.google.com/ https://*.google.fr/ https://*.zdassets.com/ https://*.pinterest.com/ https://*.facebook.com/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://assets.shipup.co https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ www.xtento.com cdn.xtento.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com/maps/api/mapsjs *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://cdn.shipup.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com *.gstatic.com *.trustpilot.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com https://cdn.shipup.co https://api.systempay.fr/static/ *.fontawesome.com tagmanager.google.com https://cdnjs.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com/maps/api/mapsjs https://api.shipup.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://www.google-analytics.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';style-src 'self' 'unsafe-inline';style-src-elem 'unsafe-inline' 'self' https://*.intercomcdn.com/ https://fonts.googleapis.com/css2;script-src 'unsafe-eval' https://*.intercom.io;script-src-elem 'self' 'unsafe-inline' https://*.intercom.io/ https://*.intercomcdn.com/ https://www.googletagmanager.com/gtag/ https://fonts.googleapis.com/css2;img-src 'self' data: blob: https://images.stealthex.io https://stealthex.io/blog/wp-content/ https://*.intercomassets.com https://*.intercomcdn.com	https://fc-use1-00-pics-bkt-00.s3.amazonaws.com/;media-src https://*.intercom.io;frame-src https://*.intercom.io https://intercom-sheets.com;worker-src 'self' blob: https://*.intercom.io/;font-src 'self' data: https://fonts.gstatic.com/ https://*.intercomcdn.com/;connect-src 'self' https://stealthex.io/api/ https://www.google-analytics.com/g/collect https://*.ingest.sentry.io/api/ wss://*.intercom.io/ https://*.intercom.io/;report-uri https://stealthex.report-uri.com/r/d/csp/reportOnly 1
font-src *.oney.io *.staging.oney.io *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com/ https://akio-25-49.akio.cloud/ https://service.joomeo.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.fd-recette.net https://akio-25-49.akio.cloud/ https://service.joomeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.hipay-tpp.com *.hipay.com *.paypal.com *.google.com/ *.googleapis.com *.photoweb.com *.photoweb.es *.contentsquare.net *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ https://www.googletagmanager.com https://widget.trustpilot.com https://privacy.fnac.phoenix.digitalphoto.group https://www.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com https://service.joomeo.com https://gum.criteo.com/ https://www.mainadv.com/ https://tag.perfmaker.net/ https://tagassistant.google.com https://sst.photoweb.fr https://gum.criteo.com https://www.mainadv.com https://tag.perfmaker.net *.wepowerconnections.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.hipay.com *.google.com *.oney.io *.staging.oney.io magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com * https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com photoweb.com *.photoweb.com *.magento.digitalphoto.dev blob: *.contentsquare.net https://akio-25-49.akio.cloud/ https://www.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com https://service.joomeo.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.google.com *.oney.io *.staging.oney.io *.googletagmanager.com *.facebook.net *.avada.io *.shopify.com * maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.eu01.nr-data.net *.trustpilot.com *.contentsquare.net *.privacy-center.org *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ https://www.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com https://service.joomeo.com https://cdn.jsdelivr.net *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com/ https://fonts.google.com https://akio-25-49.akio.cloud/ https://service.joomeo.com https://cdn.jsdelivr.net *.gstatic.com https://www.googletagmanager.com https://tag.perfmaker.net/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io *.google-analytics.com https://get.geojs.io *.avada.io maps.googleapis.com *.google.com https://stats.g.doubleclick.net *.eu01.nr-data.net *.contentsquare.net *.kwanko.com https://hq-dev.magento.digitalphoto.dev https://cdn.segment.com https://events.eu1.segmentapis.com https://akio-25-49.akio.cloud/ https://api.privacy-center.org/v1/events https://prompts.maze.co/api/widgets https://sdk.fra-02.braze.eu/api/v3/data/ https://pagead2.googlesyndication.com/ https://jls.photoweb.fr/ https://www.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com https://service.joomeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://sst.photoweb.fr *.googletagmanager.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net https://halc.iadvize.com https://api.privacy-center.org https://prompts.maze.co https://sdk.fra-02.braze.eu https://akio-25-49.akio.cloud https://jls.photoweb.fr *.kameleoon.io *.merchant-center-analytics.goog *.iadvize.com *.tiktok.com *.perfmaker.net *.clarity.ms *.bing.com *.google.pt *.google.fr *.google.es *.google.de *.google.it *.google.be *.google.nl *.google.co.uk *.tiktokw.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.klarnacdn.net *.stackla.com *.googleapis.com cdn.honey.io account.affilitizer.com at.alicdn.com https://vax.co.uk/ https://applepay.cdn-apple.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.securesuite.co.uk *.facebook.com *.arcot.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com *.monzo.com *.wlp-acs.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.lloydsbankinggroup.com *.salesforce.com 3dsecure.starlingbank.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.facebook.net *.vax.co.uk 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.klarna.com *.stackla.com *.authorize.net *.pinterest.com *.doubleclick.net *.snapchat.com *.trustpilot.com *.securesuite.co.uk *.arcot.com *.salesforceliveagent.com tti-fc.my.salesforce-sites.com *.vax.co.uk *.googletagmanager.com *.awin1.com/ *.awinblackfriday.com/ spay.samsung.com *.google.it *.rsa3dsauth.co.uk *.rsa3dsauth.com *.klarnaservices.com *.lloydsbankinggroup.com *.googleusercontent.com *.salesforce.com *.wepowerconnections.com *.monzo.com 3dsecure.starlingbank.com *.cardinalcommerce.com *.site.com *.techsee.me www.facebook.com https://service.force.com https://tti-fc-emea.force.com https://d.la1-c1cs-cdg.salesforceliveagent.com https://cdn.cookielaw.org 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://*.gstatic.com *.adyen.com https://images.unsplash.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.simpli.fi *.google.com *.google.co.uk *.bazaarvoice.com *.adscience.com *.rackcdn.com *.magentocommerce.com *.pinimg.com *.snapchat.com *.bing.com *.trustpilot.com *.vaxstaffsale.co.uk *.roeye.com www.awin1.com *.awinblackfriday.com/ *.clarity.ms *.doubleclick.net *.googlesyndication.com *.vax.co.uk https://vax.co.uk/ https://vax.co.uk:443/ *.wepowerconnections.com spay.samsung.com *.googleapis.com *.tiktok.com *.google.ie *.google.je *.google.gg *.zenaps.com *.googleusercontent.com *.facebook.com *.cloudinary.com *.facebook.net *.cloudflareinsights.com *.force.com *.techsee.me edge.curalate.com bat.bing.net res.cloudinary.com www.facebook.com vax.co.uk *.abtasty.com *.googleadservices.com *.postcodeanywhere.co.uk https://service.force.com https://tti-fc-emea.force.com https://d.la1-c1cs-cdg.salesforceliveagent.com https://cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.stackla.com *.authorize.net *.zencdn.net *.googleoptimize.com *.postcodeanywhere.co.uk *.force.com d.la1-c1cs-cdg.salesforceliveagent.com cdn.cookielaw.org *.googletagmanager.com *.google.it *.google.ie *.google.je sc-static.net *.bing.com *.pinterest.com *.pinimg.com *.snapchat.com *.tiktok.com *.abtasty.com *.trustpilot.com *.dwin1.com *.salesforceliveagent.com *.clarity.ms *.roeyecdn.com *.securesuite.co.uk *.vaxstaffsale.co.uk tti-fc--dtn.sandbox.my.site.com *.site.com *.vax.co.uk *.stapecdn.com stapecdn.com *.awin1.com *.awinblackfriday.com/ *.sciencebehindecommerce.com *.cloudflareinsights.com spay.samsung.com *.googleapis.com *.zenaps.com cdn.honey.io *.googleusercontent.com *.doubleclick.net *.salesforce.com *.facebook.net *.cookielaw.org cdn.evgnet.com edge.curalate.com connect.facebook.net tti-fc.my.site.com *.bazaarvoice.com *.gstatic.com https://service.force.com https://tti-fc-emea.force.com https://d.la1-c1cs-cdg.salesforceliveagent.com https://cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ display.ugc.bazaarvoice.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klarnacdn.net *.googleapis.com *.stackla.com *.zencdn.net *.force.com *.postcodeanywhere.co.uk crm.vax.co.uk cdn.honey.io *.doubleclick.net *.site.com https://service.force.com https://tti-fc-emea.force.com https://d.la1-c1cs-cdg.salesforceliveagent.com https://cdn.cookielaw.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.techsee.me *.vax.co.uk edge.curalate.com connect.facebook.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com https://maps.googleapis.com https://player.vimeo.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.onetrust.com *.cardinalcommerce.com *.pinterest.com *.snapchat.com *.tiktok.com *.doubleclick.net *.postcodeanywhere.co.uk *.abtasty.com *.googlesyndication.com *.vaxstaffsale.co.uk *.securesuite.co.uk *.clarity.ms *.dynatrace.com *.vax.co.uk https://google.com/pay *.sciencebehindecommerce.com spay.samsung.com *.googleapis.com *.google.ie *.google.je *.google.gg cdn.honey.io account.affilitizer.com *.googleusercontent.com *.bing.com https://www.wepowerconnections.com:443 *.facebook.com edge.curalate.com bat.bing.net tti-fc.my.salesforce-scrt.com tti-fc--devdigital.sandbox.my.salesforce-scrt.com n55685555553z63h3bc3n3n3a2759464.germany-2.evergage.com www.gstatic.com https://service.force.com https://tti-fc-emea.force.com https://d.la1-c1cs-cdg.salesforceliveagent.com https://cdn.cookielaw.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri pay.google.com 'self' 'unsafe-inline'; report-uri https://csp.vax.co.uk/csp-report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net https://fonts.gstatic.com data: *.klevu.com *.flixcar.com *.flixfacts.com https://bf-content.elon.se https://c.bannerflow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.klarna.com *.klevu.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://briqpay.test *.briqpay.com *.klarna.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.hotjar.com *.klarnaservices.com *.ingrid.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adnxs.com *.omtrdc.net *.bing.com *.cloudflare.com *.cookiebot.com *.elongroup.se *.elon.se elon.se *.facebook.com *.googleadservices.com *.google-analytics.com *.google.se *.googletagmanager.com *.googleapis.com *.imbox.io *.klevu.com *.klarnaservices.com *.vaimo.net *.ytimg.com *.pricerunner.se *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.jwpsrv.com *.jwplayer.com *.uc.se *.prisjakt.no *.googlesyndication.com *.where-to-buy.co *.clarity.ms *.doubleclick.net *.dialogtrail.com *.lemonpi.io *.facebook.net *.reddit.com *.elon.no *.wistia.com *.videoly.co https://where-to-buy.co https://bf-content.elon.se https://c.bannerflow.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://briqpay.test *.briqpay.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adnxs.com *.bing.com *.clarity.ms *.cookiebot.com *.depict.ai *.elongroup.se *.facebook.net *.googletagmanager.com *.googleapis.com *.hotjar.com *.imbox.io *.klevu.com *.myvisitors.se *.oribi.io *.pertento.ai *.pinimg.com *.pinterest.com *.testfreaks.com *.charpstar.net *.flixfacts.com *.loadbee.com *.flix360.io *.flixcar.com *.unpkg.com *.dialogtrail.com *.adform.net *.elon.se *.cloudfront.net *.videoly.co *.scaleflex.it *.redditstatic.com *.voyado.com https://unpkg.com https://bf-content.elon.se https://c.bannerflow.net *.ingrid.com *.klarnaevt.com https://www.elon.se 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com *.depict.ai *.dibspayment.eu *.googleapis.com *.gstatic.com *.klevu.com *.flixcar.com https://www.elon.se 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.flixcar.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.adnxs.com *.demdex.net *.clarity.ms *.cookiebot.com *.depict.ai *.dibspayment.eu *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarnauserservices.com *.ksearchnet.com *.pertento.ai *.pinterest.com security-hub.vaimo.network *.apptus.cloud *.iconify.design *.dialogtrail.com *.flix360.io *.charpstar.net *.loadbee.com *.flixcar.com *.googlesyndication.com *.elon.no *.bing.com *.facebook.com *.reddit.com *.unisvg.com wss://ws.depict.ai wss://headless.dialogtrail.com https://bf-content.elon.se https://c.bannerflow.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fSbzqpz9-HKmKM1-eOPm2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1LV0g0erlDXIkk341gYozw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xrM6c-cc916dQoMDujemmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a1c1AMlaIHpy3GQktDw6jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'self' data: https://*.tawk.to data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' https://*.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src cdn.zitmaxx.nl https://pim.zitmaxx.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com 'self' data: https: http: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://cdn.ablyft.com https://maps.googleapis.com https://player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.tawk.to https://secure.adnxs.com https://*.expivi.net d5yoctgpv4cpx.cloudfront.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://sst.zitmaxx.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' https://*.tawk.to https://*.expivi.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://pim.zitmaxx.nl dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' https://*.google-analytics.com wss://*.tawk.to rkkck31tec.execute-api.eu-central-1.amazonaws.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https://cdn.jsdelivr.net; script-src-attr 'self'; style-src 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.qq.com *.gtimg.cn *.cookiefirst.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.linkedin.com snap.licdn.com *.facebook.com *.facebook.net connect.facebook.net *.dynamics.com *.microsoftonline.com *.friendlycaptcha.com friendlycaptcha.com *.heraeus-web.com *.cookiefirst.com; script-src-elem 'self' 'unsafe-inline' *.youtube.com *.wistia.com *.wistia.net *.qq.com *.cookiefirst.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.linkedin.com *.facebook.com *.facebook.net *.dynamics.com *.friendlycaptcha.com *.sociablekit.com localtesting.com *.azureedge.net *.maptiler.com *.licdn.com *.heraeus-web.com; style-src 'self' 'unsafe-inline' *.wistia.com *.wistia.net *.friendlycaptcha.com *.sociablekit.com *.cookiefirst.com *.heraeus-web.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.heraeus-web.com *.cookiefirst.com *.sociablekit.com; img-src 'self' data: blob: *.youtube.com *.ytimg.com *.googlevideo.com *.wistia.com *.wistia.net *.qq.com *.gtimg.cn *.cookiefirst.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.linkedin.com *.facebook.com *.facebook.net *.dynamics.com *.friendlycaptcha.com *.sociablekit.com *.azureedge.net *.heraeus.com *.heraeus-web.com; font-src 'self' data: *.wistia.com *.wistia.net *.heraeus-web.com; connect-src 'self' *.youtube.com *.wistia.com *.wistia.net *.qq.com *.cookiefirst.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.linkedin.com *.facebook.com *.facebook.net *.dynamics.com *.microsoftonline.com *.friendlycaptcha.com friendlycaptcha.com *.heraeus-web.com *.accentapi.com *.heraeus.com *.azurewebsites.net *.azureedge.net *.sociablekit.com *.maptiler.com *.highcharts.com localtesting.com sgtm.argor-heraeus.com sgtm.heraeus-medical.com sgtm.heraeus-medevio.com sgtm.heraeus-electronics.com sgtm.heraeus-precious-metals.com sgtm.heraeus-printed-electronics.com sgtm.heraeus-remloy.com sgtm.heraeus-electro-nite.com sgtm.heraeus-epurio.com sgtm.heraeus-amloy.com sgtm.heraeus.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.wistia.com *.wistia.net *.qq.com *.linkedin.com *.facebook.com *.dynamics.com *.friendlycaptcha.com friendlycaptcha.com *.powerapps.com *.heraeus-web.com *.heraeus.com heraeus.sharepoint.com login.microsoftonline.com sgtm.argor-heraeus.com sgtm.heraeus-medical.com sgtm.heraeus-medevio.com sgtm.heraeus-group.com sgtm.heraeus-electronics.com sgtm.heraeus-precious-metals.com sgtm.heraeus-printed-electronics.com sgtm.heraeus-remloy.com sgtm.heraeus-electro-nite.com sgtm.heraeus-epurio.com sgtm.heraeus-amloy.com sgtm.heraeus.com; frame-ancestors 'self' *.heraeus-web.com *.heraeus.com; media-src 'self' data: blob: *.wistia.com *.wistia.net *.licdn.com *.heraeus-web.com *.heraeus.com; child-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' *.dynamics.com; report-uri https://uat-group.heraeus-web.com/api/csp-report 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://kelseyseyboldepiciframe-pp-prtl.spectrumretailnet.com https://kelseyseyboldepiciframe-pp-prtltsttest.spectrumretailnet.com https://play.vidyard.com;script-src 'nonce-a5812f80c64e4496ba75096fc55dd69b' https://mykelseyonline.com 'self' 'unsafe-eval' https://play.vidyard.com/ repo-stg.rakanto.com repo.rakanto.com;img-src https://* 'self' blob: data:;connect-src 'self' cse.rakanto.com epichttp: https://stage-cse.rakanto.com www.google.com;style-src https://mykelseyonline.com 'self' 'unsafe-inline' www.gstatic.com;worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;report-uri /MkoApi/api/CspReport; 1
script-src 'nonce-iIiCAKxsJ86YjU0KsdUIaQ==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=19a559be-9ca0-4922-85bb-74badfeaf5e9; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
script-src 'self' 'unsafe-eval' chrome-extension: https://mc.yandex.ru 'unsafe-inline' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://mc.yandex.com https://div.show; object-src 'self'; report-uri /cspreportonly; 1
default-src 'self'; script-src 'self' 'nonce-NSiGhnaVa16DwC4ZcQ37lA==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.lexa.nl *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.lexa.nl; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-Q4f7hOEIp58I7z7TlJSdyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_JDhUfD5asor117hpVOK3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; report-uri /csp_logger/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com https://*.google.com https://*.cdn-apple.com https://*.reviews.io https://*.reviews.co.uk https://grwapi.net https://*.cloudflare.com https://*.jquery.com https://*.jsdelivr.net https://*.termly.io https://*.gstatic.com https://*.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.gumlet.com https://*.cardinalcommerce.com https://*.doubleclick.net https://*.googleadservices.com https://*.paypal.com https://*.paypalobjects.com https://*.pcapredict.com https://*.postcodeanywhere.co.uk https://where-to-buy.co https://*.where-to-buy.co https://*.pricespider.com; style-src 'self' 'unsafe-inline' data: https://grwapi.net https://*.reviews.io https://*.braintreegateway.com https://*.cloudflare.com https://*.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.tooled-up.com https://*.postcodeanywhere.co.uk; img-src 'self' data: blob: https://grwapi.net https://*.tooled-up.com https://*.gumlet.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://*.googlesyndication.com https://*.doubleclick.net https://*.googleadservices.com https://*.reviews.io https://*.gstatic.com https://*.postcodeanywhere.co.uk https://*.ytimg.com https://*.where-to-buy.co https://where-to-buy.co; frame-src 'self' https://*.reviews.io https://*.youtube.com https://*.braintreegateway.com https://*.googletagmanager.com https://*.google.co.uk https://*.google.com https://*.termly.io https://*.doubleclick.net https://*.facebook.com https://*.cardinalcommerce.com https://*.paypal.com https://*.reviews.co.uk https://*.youtube-nocookie.com https://*.americanexpress.com https://*.rsa3dsauth.co.uk https://*.pricespider.com https://*.channelsight.com https://challenges.cloudflare.com; connect-src 'self' https: wss:; font-src 'self' data: https://*.reviews.io https://*.cloudflare.com https://*.jsdelivr.net https://*.gstatic.com; report-uri https://www.tooled-up.com/api/csp-report; report-to csp-endpoint; 1
script-src 'nonce-aKOuCUHEjJfDwGFW9NlfBw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=8c5f8048-a949-440f-bf07-93232f3dc5f7; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.google.com cdn.dnky.co www.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.gstatic.com maps.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.google.be maps.google.com ct.pinterest.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.mollie.com *.postcode-checkout.nl *.google.com www.gstatic.com google.com www.google.com gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s.pinimg.com ct.pinterest.com *.tradetracker.net *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.postcode-checkout.nl commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com maps.googleapis.com ct.pinterest.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.twitter.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.optimonk.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.googletagmanager.com *.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.googletagmanager.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.doubleclick.net www.xtento.com *.hcaptcha.com *.stripecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.disqus.com https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.googletagmanager.com *.twitter.com *.gstatic.com *.reddit.com *.doubleclick.net www.xtento.com cdn.xtento.com *.zendesk.com *.optimonk.com *.bing.net *.elfsightcdn.com *.hcaptcha.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com static.addtoany.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.googletagmanager.com *.twitter.com *.trustpilot.com unsafe-inline *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com *.iubenda.com *.zendesk.com *.addtoany.com *.optimonk.com *.tinyboxcompany.co.uk *.elfsightcdn.com elfsightcdn.com *.hcaptcha.com js.stripe.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.twitter.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com fonts.googleapis.com *.optimonk.com *.hcaptcha.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io stats.addtoany.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com google.co.uk *.google.co.uk *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.googletagmanager.com *.youtube.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.googlesyndication.com *.iubenda.com *.zendesk.com *.tinyboxcompany.co.uk *.optimonk.com *.trustpilot.com *.bing.net *.elfsight.com *.elfsightcdn.com pay.google.com *.hcaptcha.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src google.co.uk *.google.co.uk *.google.com *.facebook.com *.google-analytics.com *.analytics.google.com  *.cookiebot.com *.hotjar.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.twitter.com *.iubenda.com *.doubleclick.net *.elavon.com *.zendesk.com pay.google.com js.stripe.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.gstatic.com *.googleapis.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.clearpay.co.uk https://pay.google.com https://secure-test.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 5900250.fls.doubleclick.net *.payments-amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com *.clearpay.co.uk *.cloudflare.com *.gstatic.com *.google-analytics.com *.hsforms.net *.hsforms.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klarna.com *.googleadservices.com *.google.com *.google.co.uk *.run4it.com *.fbcdn.net d23yuld0pofhhw.cloudfront.net ut.ra.linksynergy.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js *.google-analytics.com https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.hsforms.net *.hsforms.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.feefo.com *.run4it.com *.klevu.com *.payments-amazon.com connect.facebook.net tag.rmp.rakuten.com *.typekit.net *.google.com theed11117.pcapredict.com cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.klevu.com *.run4it.com *.postcodeanywhere.co.uk unpkg.cm 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com t.elasticsuite.io *.hsforms.net *.hsforms.com api.addressy.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.feefo.com *.instagram.com *.amazon.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.amazonaws.com *.cloudfront.net *.fontawesome.com fonts.googleapis.com *.googleapis.com *.gstatic.com fonts.gstatic.com google.com gstatic.com *.hotjar.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors cf.dev-gorgany.com cf.gorgany.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com https://www.liqpay.ua https://static.liqpay.ua cf.dev-gorgany.com cf.gorgany.com apptrian.com *.hotjar.com xtento.com creativecdn.com *.googletagmanager.com *.creativecdn.com *.doubleclick.net www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.amazonaws.com *.cloudfront.net * maps.gstatic.com maps.google.com cf.dev-gorgany.com cf.gorgany.com www.google.com.ua www.google.de www.xtento.com cdn.xtento.com *.alothemes.com *.magepow.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.google.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net *.fontawesome.com *.googleapis.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://static.addtoany.com * https://static.liqpay.ua js-agent.newrelic.com *.doubleclick.net cf.dev-gorgany.com cf.gorgany.com *.hotjar.com *.googletagmanager.com https://accounts.google.com www.xtento.com cdn.xtento.com *.alothemes.com *.magepow.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.amazonaws.com *.cloudfront.net *.fontawesome.com cf.dev-gorgany.com cf.gorgany.com fonts.googleapis.com https://accounts.google.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net *.addthis.com *.esputnik.com esputnik.com maps.googleapis.com *.analytics.google.com *.doubleclick.net cf.dev-gorgany.com cf.gorgany.com *.googleadservices.com *.google-analytics.com paypalobjects.com paypal.com youtube.com *.googletagmanager.com xtento.com player.vimeo.com sandbox.paypal.com *.google.com *.creativecdn.com *.hotjar.io *.hotjar.com ws.hotjar.com *.alothemes.com *.magepow.com *.facebook.net 'self' 'unsafe-inline'; child-src cf.dev-gorgany.com cf.gorgany.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UuYw9NDPyG6Q_V7Pw974Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.bettermarks.com stetic.com bettermarks.com; report-uri https://csp-report-pro00.bettermarks.com/csp/report-only 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com; object-src 'none'; 1
default-src 'none'; manifest-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com *.pusher.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://ssl.gstatic.com https://accounts.google.com https://apis.google.com https://www.gstatic.com https://www.google.com https://static.zuora.com https://static.userguiding.com/ *.fullstory.com https://cdn.jsdelivr.net https://cdn.pendo.io https://pendo-static-4789186942795776.storage.googleapis.com https://content-4789186942795776.static.pendo.io https://data.pendo.io https://content.product.canopytax.com https://data.product.canopytax.com https://app.pendo.io https://*.pusher.com https://unpkg.com https://www.google-analytics.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://static.userguiding.com https://d2yyd1h5u9mauk.cloudfront.net https://surveys-web.delighted.com https://static.zdassets.com https://cdn.jsdelivr.net/npm/react@18.3.1/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@18.3.1/umd/react-dom.production.min.js https://cdn.jsdelivr.net/npm/react-dom@18.3.1/umd/react-dom-server.browser.production.min.js https://cdn.jsdelivr.net/npm/react-router-dom@6.30.1/dist/umd/react-router-dom.production.min.js https://cdn.jsdelivr.net/npm/react-hook-form@7.53.0/dist/index.umd.min.js https://cdn.jsdelivr.net/npm/lodash@4.17.15/lodash.min.js https://cdn.jsdelivr.net/npm/moment@2.24.0/moment.min.js https://cdn.jsdelivr.net/npm/luxon@3.4.3/build/amd/luxon.min.js https://cdn.jsdelivr.net/npm/prop-types@15.7.2/prop-types.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-operators.min.js https://cdn.jsdelivr.net/npm/single-spa@5.5.5/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/single-spa-canopy@3.1.0/lib/system/single-spa-canopy.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/system.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/amd.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/named-exports.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/named-register.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/use-default.min.js https://cdn.jsdelivr.net/npm/jquery@2.2.4/dist/jquery.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-shared.min.js; script-src-elem 'unsafe-inline' *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com *.pusher.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://ssl.gstatic.com https://accounts.google.com https://apis.google.com https://www.gstatic.com https://www.google.com https://static.zuora.com https://static.userguiding.com/ *.fullstory.com https://cdn.jsdelivr.net https://cdn.pendo.io https://pendo-static-4789186942795776.storage.googleapis.com https://content-4789186942795776.static.pendo.io https://data.pendo.io https://content.product.canopytax.com https://data.product.canopytax.com https://app.pendo.io https://*.pusher.com https://unpkg.com https://www.google-analytics.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://static.userguiding.com https://d2yyd1h5u9mauk.cloudfront.net https://surveys-web.delighted.com https://static.zdassets.com https://cdn.jsdelivr.net/npm/react@18.3.1/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@18.3.1/umd/react-dom.production.min.js https://cdn.jsdelivr.net/npm/react-dom@18.3.1/umd/react-dom-server.browser.production.min.js https://cdn.jsdelivr.net/npm/react-router-dom@6.30.1/dist/umd/react-router-dom.production.min.js https://cdn.jsdelivr.net/npm/react-hook-form@7.53.0/dist/index.umd.min.js https://cdn.jsdelivr.net/npm/lodash@4.17.15/lodash.min.js https://cdn.jsdelivr.net/npm/moment@2.24.0/moment.min.js https://cdn.jsdelivr.net/npm/luxon@3.4.3/build/amd/luxon.min.js https://cdn.jsdelivr.net/npm/prop-types@15.7.2/prop-types.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-operators.min.js https://cdn.jsdelivr.net/npm/single-spa@5.5.5/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/single-spa-canopy@3.1.0/lib/system/single-spa-canopy.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/system.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/amd.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/named-exports.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/named-register.min.js https://cdn.jsdelivr.net/npm/systemjs@6.15.1/dist/extras/use-default.min.js https://cdn.jsdelivr.net/npm/jquery@2.2.4/dist/jquery.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-shared.min.js; connect-src *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com wss://*.pusher.com wss://*.pusherapp.com https://*.pusher.com https://*.pusherapp.com https://stat.userguiding.com/ https://api.userguiding.com/ https://user.userguiding.com/ https://metrics.userguiding.com/ https://static.userguiding.com/ https://sdk.userguiding.com *.fullstory.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com/api/v2/rum https://web.delighted.com https://surveys-web.delighted.com https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://canopytax.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://canopytax.zendesk.com wss://*.zopim.com https://o4504080391733248.ingest.sentry.io/ https://api-js.mixpanel.com https://canopy.thoughtspot.cloud https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live.adyen.com https://data.pendo.io https://pendo-static-4789186942795776.storage.googleapis.com https://content-4789186942795776.static.pendo.io https://data.product.canopytax.com https://content.product.canopytax.com https://app.pendo.io; form-action *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://intercom.help https://api-iam.intercom.io; media-src https://js.intercomcdn.com https://v2assets.zopim.io https://static.zdassets.com; child-src blob: *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com  https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com; frame-src *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://accounts.google.com https://www.google.com https://www.zuora.com https://apisandbox.zuora.com https://canopy.page.link https://ls.userguiding.com https://canopy.thoughtspot.cloud/ https://checkoutshopper-live-us.adyen.com https://app.pendo.io https://portal.pendo.io; style-src 'unsafe-inline' https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.google.com/ https://cdn.canopytax.com https://pendo-io-static.storage.googleapis.com https://pendo-static-4789186942795776.storage.googleapis.com https://content-4789186942795776.static.pendo.io https://content.product.canopytax.com https://app.pendo.io; style-src-elem 'unsafe-inline' https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.google.com/ https://cdn.canopytax.com; img-src data: blob: *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com https://la.www4.irs.gov https://csi.gstatic.com https://static.userguiding.com/ https://v2assets.zopim.io https://canopytax.zendesk.com https://checkoutshopper-live.adyen.com https://f.hubspotusercontent40.net https://cdn.pendo.io https://data.pendo.io https://pendo-static-4789186942795776.storage.googleapis.com https://content-4789186942795776.static.pendo.io https://content.product.canopytax.com https://data.product.canopytax.com https://app.pendo.io; font-src data: *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com https://static.userguiding.com https://cdn.pendo.io; worker-src blob: *.canopytax.com *.clientportal.com https://www.getcanopy.com https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://beanstalk-production.s3-us-west-2.amazonaws.com https://beanstalk-production.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://canopy-cme-migrations.s3.amazonaws.com; frame-ancestors 'self' https://app.canopytax.com https://*.clientportal.com https://app.pendo.io; upgrade-insecure-requests; report-uri https://app.canopytax.com/_/csp-reports 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net consentcdn.cookiebot.com metrics.azerty.nl www.googletagmanager.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com magefan.com cm.magefan.com *.multisafepay.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: bat.bing.com www.facebook.com www.google.nl imgsct.cookiebot.com metrics.azerty.nl azerty.nl bat.bing.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://maps.googleapis.com *.avada.io *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com app.aiden.cx consent.cookiebot.com sgtm.azerty.nl bat.bing.com d5yoctgpv4cpx.cloudfront.net consentcdn.cookiebot.com metrics.azerty.nl connect.facebook.net www.clarity.ms js-agent.newrelic.com cdn.ablyft.com ocean.kieskeurig.nl sgtm.azertyzakelijk.nl script.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.multisafepay.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com metrics.azerty.nl l.clarity.ms q.clarity.ms consentcdn.cookiebot.com bam.nr-data.net pro.ip-api.com bat.bing.com www.google.com google.com www.facebook.com get.geojs.io pagead2.googlesyndication.com bat.bing.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com bat.bing.com l.clarity.ms bam.nr-data.net www.google.com bat.bing.net pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com backend.yoogiscloset.com frontend.yoogiscloset.com js-agent.newrelic.com *.nr-data.net backend.yoogiscloset.com frontend.yoogiscloset.com www.yoogiscloset.com xdymhcopnh.execute-api.us-east-1.amazonaws.com knrpc.olark.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com apis.google.com connect.facebook.net static.olark.com *.google-analytics.com *.listrakbi.com *.static.olark.com *.affirm.com *.firebaseapp.com *.lightwidget.com *.adroll.com *.bing.com *.doubleclick.net *.trustpilot.com storage.googleapis.com api.olark.com *.googleapis.com *.sharethis.com *.clarity.ms www.clarity.ms *.api.olark.com www.google.com connect.facebook.com www.facebook.com *.paypal.com *.paypalobjects.com www.recaptcha.net www.gstatic.com accounts.google.com *.adobedtm.com; report-uri /.webscale/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.resellerratings.com www.paypal.com cdn.attn.tv s.yimg.com static.klaviyo.com cdn-tp4.mozu.com/27977-44902/ t.contentsquare.net ajax.googleapis.com www.googleadservices.com bat.bing.com www.google.com www.googletagmanager.com live-chat.chatbotize.com d2gh7vqn9p1ieu.cloudfront.net www.res-x.com resources.xg4ken.com polaris.truevaultcdn.com pay.google.com www.paypalobjects.com challenges.cloudflare.com googleads.g.doubleclick.net cdn.sift.com www.google-analytics.com www.mczbf.com acsbapp.com s3-us-west-2.amazonaws.com maps.googleapis.com www.clarity.ms static-tracking.klaviyo.com b-code.liadm.com sv.calendars.com edge1.certona.net services.xg4ken.com connect.facebook.net se.monetate.net cdn-tp4.mozu.com cdn.equalweb.com access.equalweb.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_NLCabBWV7hUBuJ7I55SWrJKmvQQoxB.9uNT9Bq1y4M-1773710722-1.0.1.1-HGZ_AltSiEzPMIPv69x3exjBUhuktWnelnDMm8Ad.MosPA8usVcAj66qtrwggtm7jBGrd.FQZCXduvWrgn8IpW1cAD40vVKowu8WGKQ1tQjZtTVckUuIJ1.dWT_EH9mNza6KtEa94z1oQ4iTkb3F5c2LT1LC4lY.x1qqbkSFAR9JdLZnBbTF6BnhX4oezW9SUOOrThBgCqXbz0IK6rmWmw; report-to cf-qlicajjwxqtuhojn 1
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com 'self' data: *.crisp.chat *.hotjar.com *.hotjar.io *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.ometria.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.bglobale.com *.global-e.com *.iubenda.com secure.authorize.net *.facebook.com *.facebook.net *.pinterest.com *.pinterest.co.uk *.hotjar.com *.hotjar.io *.clarity.ms *.rakuten.com *.vimeo.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.google.com/ *.stripe.com *.doubleclick.net *.paypalobjects.com *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *.gorgias.io4- *.gorgias.work *.dwin1.com www.dwin2.com https://lantern.roeye.com https://lantern.roeyecdn.com *.wepowerconnections.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bglobale.com *.global-e.com *.iubenda.com www.google.com.ua www.google.com.uk www.google.com.fr www.google.com.de www.google.com.es *.cloudflare.com *.cloudfront.net https://cdn.klarna.com *.cdnwidget.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.ometria.com *.cdn-ometria-com.s3-eu-west-1.amazonaws.com *.postcodeanywhere.co.uk *.bing.com *.pinterest.com *.pinterest.co.uk *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io *.google.com *.google.co.uk *.vimeo.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.gstatic.com *.astleyclarke.com *.emjcd.com cj.dotomi.com *.dwin1.com www.dwin2.com https://lantern.roeyecdn.com https://lantern.roeye.com https://the.sciencebehindecommerce.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.bglobale.com *.global-e.com *.iubenda.com www.google.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu *.cloudfront.net client.crisp.chat *.pcapredict.com *.postcodeanywhere.co.uk *.ometria.com *.pinterest.com *.pinterest.co.uk *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io *.bing.com *.googleoptimize.com *.googleapis.com *.google.co.uk *.rakuten.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.wknd.ai *.stripe.com *.mczbf.com *.gorgias.chat2- *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *.gorgias.io4- *.gorgias.work config.gorgias.chat www.dwin2.com https://lantern.roeyecdn.com https://lantern.roeye.com cdn.ometria.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bglobale.com *.global-e.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu client.crisp.chat *.postcodeanywhere.co.uk *.bounceexchange.com *.gorgias.chat2- *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *.gorgias.io4- *.gorgias.work *.googletagmanager.com *.stripe.network *.stripecdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.iubenda.com data: *.cloudflare.com *.paypal.com *.ometria.com *.cdn-ometria-com.s3-eu-west-1.amazonaws.com *.crisp.chat wss://client.relay.crisp.chat *.postcodeanywhere.co.uk *.doubleclick.net *.pinterest.com *.bing.com *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io wss://*.hotjar.com *.rakuten.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.google-analytics.com *.analytics.google.com *.googleapis.com *.cdnbasket.net *.mczbf.com *.google.com/ *.google.co.uk/ google.com *.astleyclarke.com *.trustpilot.com *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *.gorgias.io4- *.gorgias.work config.gorgias.chat *.dwin1.com www.dwin2.com *.awin1.com *.zenaps.com https://lantern.roeyecdn.com https://lantern.roeye.com api.ometria.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cae44243-9d5b-441e-a28a-9392df894e78.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'nonce-RandomString123456' https://metaswitch.com https://*.metaswitch.com 'strict-dynamic' 'nonce-pHC7q1mKBShWYHaQ9stkBg=='; style-src 'self' 'nonce-RandomString123456' https://metaswitch.com https://*.metaswitch.com; img-src 'self' data: https://metaswitch.com https://*.metaswitch.com; font-src 'self' https://metaswitch.com https://*.metaswitch.com; connect-src 'self' https://metaswitch.com https://*.metaswitch.com; frame-src 'self' https://metaswitch.com https://*.metaswitch.com; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://770a769bea45352cd46f7e284097b330.report-uri.com/r/d/csp/reportOnly 1
script-src ‘self’; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-xAAJNG7gs-RvSza_ziMEUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src *.bundesregierung.de analytics.bundesregierung.de 'self' https://hls-hd.myrasec.de *.stage.bio ; style-src *.bundesregierung.de 'self' 'unsafe-inline' ; script-src *.bundesregierung.de 'self' ; script-src-elem 'self' *.bundesregierung.de 'nonce-XAte/i4TQB5iceMrTOQInA/9Q5NMiJwzOYa4IGXcxHi2JE9cq8kV2dmA1NR1x76dOj0OK117xWvGJwwC/2UMh98PFAx5JGUth6NALNIOJxYnQChYJ0zmx5ePhpHNJoTSXvHK4Ti4BvLY3futLKF2BOkeXRKImyJNRcEuavt8HfQ=' *.stage.bio ; frame-src *.bundesregierung.de 'self' ; media-src *.bundesregierung.de 'self' http://video.bundesregierung.de https://zdf-hls-18.akamaized.net *.stage.bio ; frame-ancestors *.bundesregierung.de 'self' ; img-src 'self' *.bundesregierung.de https://*.tile.openstreetmap.de data: *.stage.bio ; default-src *.bundesregierung.de 'self' ; font-src *.bundesregierung.de 'self' ; report-uri https://www.bundeskanzler.de/service/csp-report ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.posthog.com https://fonts.googleapis.com; script-src 'self' 'nonce-33SNzheijHu3iMo9XnBb3e' https://*.posthog.com https://*.i.posthog.com; font-src 'self' https://*.posthog.com https://app-static.eu.posthog.com https://app-static-prod.posthog.com https://d1sdjtjk6xzm7.cloudfront.net https://fonts.gstatic.com https://cdn.jsdelivr.net https://assets.faircado.com https://use.typekit.net; worker-src 'self'; child-src 'none'; object-src 'none'; media-src https://res.cloudinary.com; img-src 'self' data: https://*.posthog.com https://posthog.com https://www.gravatar.com https://res.cloudinary.com https://platform.slack-edge.com https://raw.githubusercontent.com; frame-ancestors https://posthog.com https://preview.posthog.com https://vercel.com; connect-src 'self' https://status.posthog.com https://*.posthog.com  https://raw.githubusercontent.com https://api.github.com; frame-src https:; manifest-src 'self'; base-uri 'self'; report-uri https://us.i.posthog.com/report/?token=sTMFPsFhdP1Ssg&sample_rate=0.1&v=2; report-to posthog 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.doubleclick.net *.facebook.com *.getfastr.com *.zmags.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.klarna.com www.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.rlcdn.com *.googleapis.com *.linksynergy.com *.getfastr.com *.zmags.com *.unityclient.com *.listrakbi.com magefan.com cm.magefan.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.disqus.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.pcapredict.com *.addressy.com *.zmags.com *.zma.gs *.googleapis.com *.unityclient.com *.listrakbi.com *.thrive.today recruitingbypaycor.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com *.disqus.com cdn.ampproject.org connect.facebook.net https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.addressy.com *.zmags.com *.zma.gs *.unityclient.com *.listrakbi.com assets.braintreegateway.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.facebook.com *.facebook.net *.doubleclick.net *.addressy.com *.zmags.workers.dev *.zmags.com *.zma.gs *.googleapis.com *.unityclient.com *.listrakbi.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.talentio.com cdn.ravenjs.com widget.intercom.io js.intercomcdn.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com ; img-src 'self' data: blob: https: http:; child-src 'self' blob:; form-action 'self' www.facebook.com id.talentio.com api-iam.intercom.io ; font-src 'self' data: assets.talentio.com fonts.gstatic.com use.fontawesome.com use.typekit.net fonts.intercomcdn.com ; frame-ancestors 'self'; frame-src 'self' blob: youtube.com *.youtube.com speakerdeck.com *.speakerdeck.com slideshare.net *.slideshare.net twitter.com *.twitter.com note.com *.note.com google.com *.google.com google.co.jp *.google.co.jp facebook.com *.facebook.com backcheck.jp *.backcheck.jp s3.ap-northeast-1.amazonaws.com intercom-sheets.com; manifest-src 'none'; object-src 'self' blob: s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' assets.talentio.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com translate.googleapis.com ; media-src 'none'; worker-src 'self' blob:; connect-src 'self' assets.talentio.com *.sentry.io sentry.io api-iam.intercom.io uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io www.google-analytics.com analytics.google.com s3.ap-northeast-1.amazonaws.com translate.googleapis.com 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.fontawesome.com https://fonts.bunny.net https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ https://cash-f.squarecdn.com/ https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.googletagmanager.com *.facebook.com *.squarecdn.com www.google.com www.gstatic.com apis.google.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com maps.gstatic.com *.google.com *.google.co.in *.redditstatic.com *.reddit.com https://firebasestorage.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://franklin-assets.s3.amazonaws.com/ https://static.sandbox.afterpay.com/ https://static.afterpay.com/ https://static.sandbox.afterpay.com/logo/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com maps.googleapis.com *.authorize.net *.paypal.com *.mouseflow.com localmenu.katzsdelicatessen.com *.addthis.com *.noibu.com *.redditstatic.com *.reddit.com *.tiktok.com *.tiktokw.us *.facebook.com *.vibe.co *.avada.io *.shopify.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.fontawesome.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu https://js-sandbox.squarecdn.com https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ https://js-sandbox.squarecdn.com/ https://js.squarecdn.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.google.com *.klaviyo.com *.fontawesome.com https://fonts.bunny.net https://static.klaviyo.com *.gstatic.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com maps.googleapis.com  *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.klaviyo.com *.report-uri.com *.noibu.com wss://*.noibu.com *.redditstatic.com *.reddit.com *.facebook.com *.tiktok.com *.tiktokw.us *.vibe.co https://get.geojs.io *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://api.lab.amplitude.com/sdk/vardata https://sandbox.plaid.com/ https://production.plaid.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.report-uri.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://katzsdelicatessen.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
default-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' * data:; connect-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; report-uri https://fundraisingbox.com 1
frame-ancestors 'self'; report-uri https://www.weeklytimesnow.com.au/csp-reports 1
object-src *; script-src 'self' https://stats.inalco.fr/matomo.js https://cdnjs.cloudflare.com; script-src-attr 'self' 1
base-uri *.google.com *.gstatic.com 'self' 'unsafe-inline'; default-src *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.google.com *.gstatic.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src *.google.com *.gstatic.com http: https: blob: 'self' 'unsafe-inline'; object-src *.google.com *.gstatic.com 'self' 'unsafe-inline'; style-src *.google.com *.gstatic.com *.doofinder.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; img-src *.google.com *.gstatic.com https://alehop.smartie.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com cdn.doofinder.com https://images.unsplash.com *.oct8ne.com *.facebook.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com www.googletagmanager.com *.storyblok.com data: 'self' 'unsafe-inline'; form-action *.google.com *.gstatic.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; font-src *.google.com *.oct8ne.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.storyblok.com 'self'; frame-src td.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.oct8ne.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com www.googletagmanager.com 'self' 'unsafe-inline'; connect-src *.google.com *.googlesyndication.com analytics.tiktok.com *.analytics.google.com *.gstatic.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://player.vimeo.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co www.googletagmanager.com 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com *.google.com *.gstatic.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com https://maps.googleapis.com *.oct8ne.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-jJq7xcELl6W6Ky4f9q4hCA==' 1
report-uri /api/csp 1
default-src 'self' 'unsafe-inline' *.neso.energy *.coveo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.neso.energy *.coveo.com *.google-analytics.com *.hotjar.com *.clarity.ms bing.com *.bing.com *.coveo.com players.brightcove.net www.googletagmanager.com assets.juicer.io js.createsend1.com www.smartsurvey.co.uk assets.smartsurvey.io snap.licdn.com unpkg.com js-agent.newrelic.com *.cookieyes.com cdn-cookieyes.com my.visme.co; style-src 'self' 'unsafe-inline' *.neso.energy *.coveo.com assets.juicer.io unpkg.com fonts.googleapis.com; img-src 'self' data: *.neso.energy *.coveo.com *.clarity.ms www.googletagmanager.com *.google.co.uk c.bing.com www.juicer.io assets.juicer.io www.smartsurvey.co.uk *.cartocdn.com datanationalgrideso.files.wordpress.com *.tile.openstreetmap.org *.linkedin.com *.cookieyes.com cdn-cookieyes.com; frame-src 'self' *.neso.energy *.coveo.com players.brightcove.net www.youtube.com app.powerbi.com my.visme.co *.arcgis.com; font-src 'self' *.neso.energy *.coveo.com themes.googleusercontent.com static.juicer.io fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.neso.energy *.coveo.com *.clarity.ms *.hotjar.io *.hotjar.com *.google-analytics.com *.analytics.google.com storage.googleapis.com www.juicer.io *.staging.datopian.com bam.nr-data.net *.cookieyes.com cdn-cookieyes.com 1
frame-ancestors 'self' https://dsa.no/ https://dsa.no/ https://storymaps.arcgis.com https://miljostatus.miljodirektoratet.no/ https://storymaps.arcgis.com/stories/ https://miljotall.miljodirektoratet.no/ https://play.libsyn.com/ https://www.miljodirektoratet.no/ https://videoforweb.aventia.no; 1
default-src 'self' data: https://cdn.eye-able.com https://www.eye-able-cdn.com; script-src 'self' 'nonce-n-tFw-X4XvIpiNXJmpnt9ylTG5HUOeU_nki4m11UfoSqgVYNJGkg_A' data: https://*.openstreetmap.org https://piwik.westfaelische-hochschule.org https://*.b-ite.com https://www.eye-able-cdn.com 'sha256-kpp7jp1G7DKU2k6CPD6k/asyeO7+E2xEijdXf6SIVBo=' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://cdn.eye-able.com https://www.eye-able-cdn.com https://*.b-ite.com https://fonts.gstatic.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'nonce-n-tFw-X4XvIpiNXJmpnt9ylTG5HUOeU_nki4m11UfoSqgVYNJGkg_A' https://cdn.eye-able.com https://www.eye-able-cdn.com https://*.b-ite.com https://www.gstatic.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ON+MdrZ2dq2tx2UE4WU1JvzaQayLhnhp+UdCmcBUXVA=' 'sha256-evlXprP8aYZfWtGuNDGteVp2szOTXZRCzJSjAs6HoQU=' 'sha256-WMm2rxgrdLbPiNOT3khywmfmX3KBQRnomQ+oL369Sik=' 'sha256-ZVjd2zfSTfAVh1y7eCcNk0SPGUQOP/H8vzrFJIVgg90=' 'sha256-cLU5/oMMUHS/N9urTg6WSPUWPuAZ02hayXsYjoUkva4=' 'sha256-iYqob1vCcitIN4aN8bIKm+LqktmCbhq/FJKYOIMyJI4=' 'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo=' 'report-sample'; connect-src 'self' data: https://*.openstreetmap.org https://piwik.westfaelische-hochschule.org https://*.b-ite.com; font-src 'self' data: https://cdn.eye-able.com https://www.eye-able-cdn.com https://fonts.gstatic.com https://cdn.scite.ai; style-src 'self' data: https://cdn.eye-able.com https://www.eye-able-cdn.com https://*.b-ite.com 'report-sample'; script-src-elem 'self' 'nonce-n-tFw-X4XvIpiNXJmpnt9ylTG5HUOeU_nki4m11UfoSqgVYNJGkg_A' data: https://*.openstreetmap.org https://piwik.westfaelische-hochschule.org https://*.b-ite.com https://www.eye-able-cdn.com 'sha256-kpp7jp1G7DKU2k6CPD6k/asyeO7+E2xEijdXf6SIVBo=' https://cdn.eye-able.com https://connect.facebook.net 'sha256-Qv/VPCnMI30bPS9FCon86d6xCsmIBEeK7FUH2g3DSLA=' 'sha256-DHn6qIXxJ7Goiu9HCn2oUxRIiD5CncdiPGVck5LCmSw=' 'sha256-NNTZOCItJc2lwjmx5YPNr6GxN4IApSMqiyET2r1se98=' 'sha256-L1KTRnCkar390nbS9IVhytBi3LCcvlipxKCUQ5Pwh34=' 'sha256-xalV6Dk0W9vOogZ92sSSJKhCykaV2LYzK6On9AJ322o=' 'sha256-p25tvfrhwmHHQYBjAzut79Nba5GtD0Ddk31vVGWslfs=' 'sha256-rtaVU57dLbRdkXCugTr49x7HJRqjTwe5YoVCy2M4dDE=' 'sha256-ZgQOjhfNErc+jFOCITznCiFox3pQHBhC74pqacwXZ3Q=' 'sha256-ZgQOjhfNErc+jFOCITznCiFox3pQHBhC74pqacwXZ3Q=' 'sha256-+6LzFOOApZCAm6cux/qCcYofBOE+g5eXU6nFCrc0eyA=' 'sha256-ZIbFciq4U8SN2z6C2F3IsHx9XU+6EjoyS1Va9yDsHP4=' 'report-sample'; script-src-attr 'self' data: 'unsafe-inline' 'report-sample'; object-src 'none'; report-uri https://www.w-hs.de/@http-reporting?csp=report&requestTime=1773713492574572&requestHash=00f44d56ae96adf8e4c847742e2b08465abdf70c 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-W0xtxi01iT9tN7jrYYywSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: use.fontawesome.com *.antartica.cl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * tracking.bciplus.cl www.google.com wchat.freshchat.com *.antartica.cl www.mercadopago.cl www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.facebook.com www.google.cl *.antartica.cl www.gstatic.com www.mercadolibre.com www.mercadopago.cl *.google.com.ar antartica.cl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fw-cdn.com/ *.freshchat.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.mercadopago.cl *.googletagmanager.com *.facebook.net *.hotjar.com unpkg.com tracking.krip.cl r2-t.trackedlink.net www.clarity.ms static.trackedweb.net js-agent.newrelic.com wchat.freshchat.com static.zdassets.com *.antartica.cl sdk.mercadopago.com http2.mlstatic.com https://fw-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.freshchat.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com use.fontawesome.com *.antartica.cl www.mercadopago.cl www.gstatic.com *.googletagmanager.com *.cookielaw.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com api.bciplus.cl ekr.zdassets.com libreriaantartica.zendesk.com wchat.freshchat.com bam.nr-data.net *.antartica.cl api.mercadopago.com www.mercadolibre.com events.mercadopago.com *.hotjar.com *.hotjar.io *.clarity.ms *.doubleclick.net *.cookielaw.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.google.com bam.nr-data.net r2.trackedweb.net commerce.adobedc.net *.antartica.cl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv30.20s%60w-19cf9b2e198-0x1706#pd 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com https://js.playground.klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.script.crazyegg.com *.empathy.co *.cdn.aplazame.com api.aplazame.com *.maps.googleapis.com *.cdn.jsdelivr.net https://www.google-analytics.com https://cdnjs.cloudflare.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; script-src-elem 'unsafe-inline' *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.aplazame.com *.empathy.co cdn.jsdelivr.net script.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.klarnacdn.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://www.joseluisjoyerias.com https://www.google-analytics.com *.clarity.ms c.bing.com *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com *.klarnacdn.net; font-src 'self' *.klarna.com *.klarnacdn.net *.klarnaevt.com https://fonts.gstatic.com cdn.aplazame.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com; connect-src 'self' *.hotjar.com *.hotjar.io *.empathy.co *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js.playground.klarna.com https://www.google-analytics.com google.com  script.crazyegg.com maps.googleapis.com api.aplazame.com *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com capig.stape.pro; frame-src 'self' *.clarity.ms *.facebook.net *.facebook.com *.pinterest.com *.googletagmanager.com *.google.com *.google.es *.analytics.google.com *.connectif.cloud *.doubleclick.net *.googleadservices.com *.joseluisjoyerias.com *.pinimg.com *.googlesyndication.com *.google-analytics.com *.klarna.com; child-src 'self'; form-action 'self'; base-uri 'self'; report-uri /csp-report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-bHzjpI2zqUe3wgsqAjDYfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *; object-src *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src *; frame-src *; frame-ancestors *; child-src 'self' blob: *; font-src *; connect-src *; report-uri /report-csp-violation 1
frame-src 'self'; report-uri http://events.convio.com/site/XFrameViolation 1
default-src 'self' litium.revolutionrace.de fbcdn.revolutionrace.de wss://fbcdn.revolutionrace.de *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.de *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com googletagmanager.com *.googletagmanager.com *.optimizely.com stockist.co *.stockist.co *.klaviyo.com static.cloudflareinsights.com tags.clickagy.com cdn.jsdelivr.net cdn.userway.org stackpath.bootstrapcdn.com *.bootstrapcdn.com; report-uri /.webscale/csp-report 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://577b98e4-295e-4fa5-a3b4-175395da624f.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://js.hs-scripts.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; frame-src https://www.youtube.com; connect-src 'self' https://api.hsforms.com; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.cloudflare.com *.eesa.lh; font-src use.fontawesome.com 'self'; frame-src www.youtube.com www.google.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; script-src 'self' www.googletagmanager.com *.cloudflare.com *.google.com 'strict-dynamic' 'unsafe-inline' 'nonce-jkR3cJFUAngUsAdjcb/toQ=='; style-src 'self' use.fontawesome.com *.cloudflare.com 'unsafe-inline' 'nonce-jkR3cJFUAngUsAdjcb/toQ=='; report-uri /csp/report 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://unpkg.com https://static.cloudflareinsights.com https://assets.mailerlite.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com; font-src 'self' data:; connect-src 'self' https://cloudflareinsights.com https://api.botpoison.com https://staging.xlsform.getodk.org; frame-src 'self' https://staging.xlsform.getodk.org https://www.youtube.com; object-src 'none'; report-uri https://o130137.ingest.us.sentry.io/api/4509499598307328/security/?sentry_key=898adfd606e362d4f4106ffe69b4d0bf&sentry_environment=www; 1
object-src 'none';base-uri 'self';script-src 'nonce-oDgQ7j3chamqq7U2iF4LRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.ne *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com googleads.g.doubleclick.net *.dotomi.com he.lijit.com envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org *.zendesk.com *.zopim.com widget-mediator.zopim.com trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com jadserve.postrelease.com ad.tpmn.io match.prod.bidr.io i6.liadm.com sync.crwdcntrl.net *.sv.rkdms.com *.simpli.fi *.dlx.addthis.com ws.rqtrk.eu *.youtube-nocookie.com *.klarnaevt.com *.cloudflare.com *.datadome.co *.hotjar.com *.hotjar.io *.narvar.com aorta.clickagy.com *.abtasty.com *.narvar.qa suggest-cache.searchspring.net *.captcha-delivery.com *.usablenet.com *.usablenet.dev *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 cdn.jsdelivr.net player.vimeo.com *.gorewear.com *.dev.stagesitkagear.com *.stagesitkagear.com www.sandbox.paypal.com cdn.sand.us.zip.co localhost:* 1
frame-ancestors 'self' *.preview.devprod.cloudflare.dev;frame-src 'self' www.youtube.com player.vimeo.com www.recaptcha.net www.google.com www.googletagmanager.com sgtm-cr.vistra.com *.hsforms.com td.doubleclick.net consentcdn.cookiebot.com s.company-target.com cdn.yoshki.com cdn.userway.org platform.twitter.com; report-uri https://vistragroup.com/csp-report 1
script-src 'sha256-chsQfFUA80KbS8N1YGnvgvaK+rNKp+7watTzxnFcLK4=' 'self' self unsafe-eval *.criteo.com; style-src self unsafe-eval; report-uri https://0771da0b-b592-4245-a1e0-f93423ca942b.sansec.watch/ 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.curtmfg.com googleads.g.doubleclick.net www.googletagmanager.com secure.quantserve.com www.google-analytics.com www.google.com connect.facebook.net static.hotjar.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com www.googleadservices.com rules.quantcount.com *.hotjar.com js-agent.newrelic.com bam-cell.nr-data.net; report-uri /.webscale/csp-report 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.oct8ne.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.cloudflare.com https://*.shippypro.com https://*.google.com https://*.klarna.com https://*.channelize.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.shippypro.com https://*.google.com https://*.klarna.com https://*.channelize.io 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.sella.it *.gestpay.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.sella.it *.gestpay.net https://*.tiktokcdn-eu.com https://*.tiktok.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.klarna.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.shippypro.com https://*.google.com https://*.channelize.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.feedaty.com https://*.tiktokcdn-eu.com https://*.tiktok.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.klarna.com *.klarnaevt.com *.klarnacdn.net *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://semprefarmacia.it https://*.cookiebot.com https://*.feedaty.com https://*.shippypro.com https://*.google.it https://*.doubleclick.net https://*.bidswitch.net https://*.adnxs.com https://*.smartadserver.com https://*.taboola.com https://*.1rx.io https://*.omnitagjs.com https://*.casalemedia.com https://*.criteo.com https://id5-sync.com https://*.360yield.com https://*.ivitrack.com https://*.media.net https://*.mediavine.com https://*.postrelease.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.teads.tv https://*.tremorhub.com https://*.3lift.com https://*.yieldlab.net https://*.yieldmo.com https://*.emxdgt.com https://*.adform.net https://*.unrulymedia.com https://*.google.com https://*.amazonaws.com https://*.getsitecontrol.com https://*.icons8.com https://*.agkn.com https://*.lgw.com https://*.awin1.com https://*.idealo-partner.com https://*.zenaps.com https://*.wepowerconnections.com https://*.dmxleo.com https://*.kelkoogroup.net https://*.channelize.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.channelize.io *.sella.it *.gestpay.net *.feedaty.com https://*.tiktokcdn-eu.com https://*.tiktok.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com widget.freshworks.com m2epro.freshdesk.com *.avada.io *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com www.gstatic.com beacon.riskified.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.facebook.net https://*.cookiebot.com https://*.feedaty.com https://*.cloudflare.com https://*.shippypro.com https://*.google.com https://*.videoask.com https://*.videoask.it https://*.criteo.net https://*.criteo.com https://*.dwin1.com https://*.hotjar.com https://*.zdassets.com https://*.getsitecontrol.com https://*.connectif.cloud https://*.cloudflareinsights.com https://*.calendly.com https://*.kk-resources.com https://*.shopalike.it https://*.awin1.com https://*.sciencebehindecommerce.com https://*.channelize.io tracking.trovaprezzi.it www.trovaprezzi.it tps.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.feedaty.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.doofinder.com *.klarnacdn.net widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.cloudflare.com https://*.shippypro.com https://*.google.com https://*.feedaty.com https://*.klarna.com https://*.channelize.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.tiktokcdn-eu.com https://*.tiktok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.shippypro.com https://*.google.com https://*.youtube.com https://*.klarna.com https://*.channelize.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.channelize.io *.feedaty.com https://*.tiktokcdn-eu.com https://*.tiktok.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://*.klarna.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com https://*.dnafactory.it https://*.dnalab.online https://*.semprefarmacia.it https://*.google.com https://google.com https://*.google-analytics.com https://*.cookiebot.com https://*.feedaty.com https://*.shippypro.com https://*.googlesyndication.com https://*.criteo.com https://*.zdassets.com https://*.getsitecontrol.com https://*.zendesk.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.connectif.cloud https://*.getsitectrl.com https://*.kelkoogroup.net https://*.sciencebehindecommerce.com https://*.channelize.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.feedbackcompany.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.newrelic.com www.xtento.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.feedbackcompany.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.feedbackcompany.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.feedbackcompany.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d088f4f9-ddea-4faf-b7bc-b7ce45ac64e7.sansec.watch/; report-to report-endpoint; 1
default-src 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline'; script-src 'self' 'nonce-nDh1ohSDcKhp1ZAzG8KFrQvevaNQHC94ksqCFl7vrErHnN--TLRhvQ' * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com * blob:; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com * blob: data:; script-src-elem 'self' * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; connect-src 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline' *; frame-ancestors * blob: data:; media-src 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline' *; style-src 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline' * 'report-sample'; style-src-elem 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline' * https://cdntrf.com https://fonts.googleapis.com https://fonts.gstatic.com 'report-sample'; font-src 'self' data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval 'wasm-unsafe-eval' 'unsafe-inline' * https://fonts.gstatic.com; worker-src 'self' 'nonce-nDh1ohSDcKhp1ZAzG8KFrQvevaNQHC94ksqCFl7vrErHnN--TLRhvQ' * data: blob: 'report-sample'; script-src-attr 'self' * data: blob: 'unsafe-inline' 'report-sample'; report-uri https://www.derpatriot.de/@http-reporting?csp=report&requestTime=1773716787981763&requestHash=3aaaca6c271fd0efb538699d705f607e7a3dbe63 1
default-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.zalo.me https://sp.zalo.me; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; img-src 'self' data: https: https://*.mailchimp.com https://mcusercontent.com https://www.google-analytics.com; media-src 'self' https://www.youtube.com https://www.youtu.be; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://*.mailchimp.com https://zalo.me https://*.zalo.me; frame-src 'self' https://www.youtube.com https://www.youtu.be https://www.canva.com https://*.canva.com https://www.facebook.com https://*.facebook.com https://zalo.me https://*.zalo.me; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.fr ; font-src 'self' https: data: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net *.musette.ro data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.facebook.com/ *.googlesyndication.com *.tiktok.com *.innoship.ro landofcoder.com https://www.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org https://firebasestorage.googleapis.com *.musette.ro *.google.com/ads/ *.google.ro *.google.ro/ads/ *.trusted.ro/ trusted.ro/ *.profitshare.ro *.omtrdc.net musette.ro maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com landofcoder.com www.termsfeed.com *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jivosite.com *.profitshare.ro profitshare.ro *.7w.ro *.aptrinsic.com *.musette.ro maps.googleapis.com chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.aptrinsic.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net *.jivosite.com *.musette.ro *.salofarm.ro *.stormers.ro 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.jivosite.com *.musette.ro 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com landofcoder.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net/ *.jivosite.com *.7w.ro *.aptrinsic.com maps.googleapis.com socialplugin.facebook.net region1.analytics.google.com wss://chat-eu1-4.jivosite.com *.musette.ro 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.gstatic.com *.sensefuel.live *.clarity.ms *.cookiebot.com *.facebook.com *.facebook.net *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ widget.trustpilot.com maps.google.com *.clarity.ms *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.doubleclick.net *.googletagmanager.com *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.sendcloud.sc *.jsdelivr.net challenges.cloudflare.com js.mollie.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.doubleclick.net *.lorempixel.com *.google.com *.google.be *.gstatic.com *.googleapis.com *.babylux.nl *.babylux.be *.baby-lux.com *.clarity.ms *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com placehold.co *.getsitecontrol.com *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.amazonaws.com ssl.gstatic.com www.gstatic.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com cdn.jsdelivr.net *.sensefuel.live *.cloudflare.com *.g.doubleclick.net *.googletagmanager.com widget.trustpilot.com *.googleapis.com *.tpc.googlesyndication.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.google.com *.facebook.com *.facebook.net *.cookiebot.com *.pinimg.com *.getsitecontrol.com *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.sendcloud.sc *.jsdelivr.net challenges.cloudflare.com tagmanager.google.com *.disqus.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com www.gstatic.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.sensefuel.live *.clarity.ms *.cookiebot.com *.googletagmanager.com *.facebook.com *.facebook.net *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.sendcloud.sc *.jsdelivr.net tagmanager.google.com fonts.google.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.getalma.eu *.almapay.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.sensefuel.live *.googleapis.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google.com *.pinterest.com *.getsitecontrol.com *.getsitectrl.com *.flockler.com *.flockler.app instant.page babylux.customer.voyado.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://83f99021-b14f-47b7-8ca8-7d59ce24ff4f.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' mfstatic.com static.mediaflowpro.com dl.episerver.net; style-src-attr 'self' 'unsafe-inline'; font-src 'self' mfstatic.com dl.episerver.net static.mediaflowpro.com; form-action 'self' information.his.se; frame-src 'self' *.imbox.io *.kaltura.nordu.net www.youtube.com play.mediaflowpro.com web103.reachmee.com; frame-ancestors 'self'; img-src 'self' data: *.mediaflowpro.com *.mediaflow.com *.his.se i.ytimg.com dl.episerver.net *.inviewer.se mfstatic.com *.mfstatic.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.matomo.cloud *.imbox.io mfstatic.com www.youtube.com cdn.siteimprove.net web103.reachmee.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.matomo.cloud *.imbox.io mfstatic.com www.youtube.com cdn.siteimprove.net web103.reachmee.com static.mediaflowpro.com *.inviewer.se dl.episerver.net; worker-src 'self' blob:; connect-src 'self' *.matomo.cloud noembed.com *.mediaflow.com mfstatic.com stats.mediaflowpro.com *.siteimprove.com *.rekai.se; media-src 'self' blob: *.mediaflow.com *.mediaflowpro.com; report-uri /csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uat.pinepg.in https://uat.pinepg.in/api/PG/V2 secure.pinepg.in https://secure.pinepg.in/payment 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.googleapis.com maps.gstatic.com www.pinelabs.com https://www.pinelabs.com/img/logo.png *.gstatic.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com landofcoder.com https://storage.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com *.googleapis.com https://www.gstatic.com landofcoder.com https://storage.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.googleadservices.com 'self' 'unsafe-inline'; 1
default-src 'self' https://www.sescpr.com.br https://vlibras.gov.br https://www.google.com/ https://selos-site-defender.s3.amazonaws.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vlibras.gov.br https://www.googletagmanager.com/ https://www.google.com/ https://cdn.jsdelivr.net/ https://www.gstatic.com/ https://www.google-analytics.com/ https://connect.facebook.net https://challenges.cloudflare.com https://viacep.com.br; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https: https://www.sescpr.com.br; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://vlibras.gov.br https://challenges.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://vlibras.gov.br;frame-ancestors 'self' https://googleads.g.doubleclick.net https://static.doubleclick.net https://ff.kes.v2.scr.kaspersky-labs.com  1
font-src *.gstatic.com data: *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com applepay.cdn-apple.com *.survicate.com https://github.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.monetico-services.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.monetico-services.com connect.facebook.net graph.facebook.com business.facebook.com api.payplug.com secure.payplug.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://px.ads.linkedin.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com https://static.splio.pro https://analytics.tiktok.com https://cdn.jsdelivr.net *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ survey.survicate.com sdk.privacy-center.org cdn.mouseflow.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.splio.pro https://analytics.tiktok.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.survicate.com *.typekit.net *.klaviyo.com *.clarity.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com https://sdk-sdk-backend.apigw.splio.pro https://analytics.tiktok.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.monetico-services.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://o2.mouseflow.com *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.pl/api/csp-report; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.klaviyo.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net *.pcapredict.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com services.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googlesyndication.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-F_hIBqH0ie6l8MuV5VXyVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google.com/ https://cse.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ apply.ciis.edu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ https://www.google.com/ https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.eventbrite.com/ https://apply.ciis.edu https://apply-ciis-edu.cdn.technolutions.net/ https://slate-technolutions-net.cdn.technolutions.net/ https://fw.cdn.technolutions.net/ https://bbox.blackbaudhosting.com/ https://mx.technolutions.net/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://payments.blackbaud.com/ https://www.gstatic.com/ 1
font-src www.paypalobjects.com https://fonts.gstatic.com *.cloudflare.com *.googleapis.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://0merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com static.addtoany.com *.addthis.com *.cookiebot.com *.criteo.com *.fls.doubleclick.net *.awin1.com *.zenaps.com *.wesupply.xyz https://wesupplylabs.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: https://maps.google.com https://maps.gstatic.com *.facebook.com *.google.it *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.ups.analytics.yahoo.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com/ *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.krxd.net *.thebrighttag.com *.cookiebot.com *.roeye.com *.emxdgt.com *.yieldmo.com *.postrelease.com *.criteo.com *.1rx.com *.dmxleo.com *.unrulymedia.com *.googleapis.com *.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bird.eu https://cdn.clerk.io *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com https://maps.google.com https://maps.googleapis.com static.addtoany.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com *.cookiebot.com *.criteo.com *.gestpay.net *.dwin1.com *.hotjar.com *.sella.it *.roeyecdn.com *.preciso.net *.2trk.info *.googleapis.com *.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://api.clerk.io https://cdn.clerk.io *.google.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.hsforms.net *.hsforms.com *.cloudflare.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://www.gstatic.com *.cloudflare.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://maps.googleapis.com *.addthis.com *.googleapis.com *.doubleclick.net *.cookiebot.com *.google.com *.criteo.com *.wepowerconnections.com https://the.sciencebehindecommerce.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com t.elasticsuite.io *.hsforms.net *.hsforms.com analytics.google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://celesio.file.force.com *.force.com https://content.instrumentation.getconga.com slack-imgs-mil-dev.com https://*.aah.co.uk https://www.linkedin.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://gbr122.sfdc-5pakla.salesforce.com/icons/ https://celesio.my.site.com https://payments.salesforce.com/icons/ https://login.salesforce.com/icons/ https://*.googleapis.com https://ariane.abtasty.com https://www.gstatic.com https://celesio--c.um3.content.force.com *.slack-edge-gov.com https://composer.congamerge.com *.my-salesforce.com https://*.onetrust.com https://*.youtube.com *.cloudinary.com https://www.google.com https://region1.google-analytics.com blob: https://cdn-ukwest.onetrust.com https://*.salesforce.com https://region1.analytics.google.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://data.instrumentation.getconga.com https://ssl.gstatic.com *.twimg.com https://*.supplier-point.com https://*.cookielaw.org *.slack.com https://www.paypal.com https://youtu.be *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://*.aah-point.com https://celesio.my.salesforce-scrt.com https://celesio--4cdevflu--livepreview.cs110.force.com https://*.force.com https://dcinfos-cache.abtasty.com slack-imgs-gov-dev.com *.slack-edge.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://*.linkedin.com slack-mil-dev.com https://*.trustarc.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://celesio.my.salesforce.com https://*.medecator.co.uk https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://editor-assets.abtasty.com https://i.vimeocdn.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com https://www.google.co.uk https://*.adyen.com slack-imgs.mil data:; report-to sfdc-csp-ep; report-uri https://celesio.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D24000000aWJn&networkId=0DM4H000000TnMn&type=communities 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' hubspot.mintlify.dev app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-Ph/IM9EOCgshFL7VUSMfjA=='; report-uri https://send.hsbrowserreports.com/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.livechatinc.com https://*.haiku.ai https://api.hubspot.com https://api.mixpanel.com https://cdn.freshmarketer.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://info.proctoru.com https://ip.freshmarketer.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://px.ads.linkedin.com https://snap.licdn.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://hire.withgoogle.com https://*.adroll.com https://*.consensu.org https://*.twitter.com/ https://cdn.syndication.twimg.com/ https://*.fullstory.com/ https://js.hs-banner.com https://api.hubapi.com https://sc.lfeeder.com https://tagmanager.google.com https://yas.bamboohr.com https://*.cincopa.com https://www.meazurelearning.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://maxcdn.bootstrapcdn.com https://platform.twitter.com/ https://tagmanager.google.com https://*.bamboohr.com https://*.meazurelearning.com https://cdn.jsdelivr.net; img-src https: data:; connect-src https://www.google-analytics.com https://*.haiku.ai https://api.mixpanel.com https://api.hubspot.com https://api.hubapi.com https://*.fullstory.com/ https://*.bamboohr.com https://stats.g.doubleclick.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; media-src https://*.livechatinc.com; frame-ancestors 'none'; object-src 'none'; frame-src https://secure.livechatinc.com https://bid.g.doubleclick.net https://forms.hsforms.com https://www.facebook.com https://www.youtube.com https://hire.withgoogle.com https://www.proctoru.com https://player.vimeo.com https://platform.twitter.com/ https://syndication.twitter.com/ https://twitter.com/; upgrade-insecure-requests 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com geowidget.easypack24.net fonts.gstatic.com *.tophifi.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.googlesyndication.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.google.com/ pay.google.com play.google.com *.autopay.eu *.weltpixel.com *.cookiebot.com *.cookiebot.eu creativecdn.com *.criteo.com td.doubleclick.net www.googletagmanager.com *.tophifi.pl tbs.tradedoubler.com www.youtube.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu https://*.openstreetmap.org tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl magefan.com cm.magefan.com *.google-analytics.com *.bing.com *.clarity.ms *.cookiebot.com *.usercentrics.eu *.g.doubleclick.net geowidget.easypack24.net www.facebook.com www.google.pl *.google.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.gstatic.com ssl.ceneo.pl *.tophifi.pl *.user.com *.facebook.com *.reddit.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com/ *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com mapa.orlenpaczka.pl cdn.jsdelivr.net analytics.ahrefs.com *.bing.com ssl.ceneo.pl *.clarity.ms static.cloudflareinsights.com *.cookiebot.com *.cookiebot.eu *.criteo.com dc.cux.io geowidget.easypack24.net connect.facebook.net *.google.com maps.googleapis.com www.gstatic.com ec.monplat-cdn.com *.tophifi.pl wrap.tradedoubler.com *.user.com wss://tophifi.user.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.autopay.eu *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net geowidget.easypack24.net tagmanager.google.com fonts.googleapis.com googletagmanager.com *.tophifi.pl *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src video.cdninstagram.com *.user.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.google-analytics.com https://*.openstreetmap.org nominatim.openstreetmap.org analytics.ahrefs.com *.clarity.ms *.cookiebot.com *.cookiebot.eu *.criteo.com *.g.doubleclick.net api-shipx-pl.easypack24.net www.facebook.com *.google.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com csr.onet.pl *.tophifi.pl tophifi.user.com wss://tophifi.user.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://premier.trustcommerce.com;script-src 'nonce-740fb4de107e4d0db0794a2bd4cf0757' https://www.myconnectnyc.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.myconnectnyc.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: http: https:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; img-src * data: blob: https: android-webview-video-poster:; frame-src * data: blob: about:; connect-src * data: blob: ws: wss:; font-src * data: blob:; media-src * data: blob:; object-src 'none'; report-uri /csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; media-src 'self' https:; object-src 'none'; frame-src 'self' https:; report-uri /csp-report-endpoint 1
connect-src https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com 'self' https://api.ipstack.com https://geoip-js.com https://*.launchdarkly.com https://*.aptrinsic.com https://sentry.pub.jamf.build https://sentry.jamf.com https://api.services.jamfnow.com https://services-api.services.jamfnow.com https://jamfsw.okta.com/.well-known/openid-configuration https://jamfsw.okta.com/oauth2/v1/token; img-src https://*.google-analytics.com https://ssl.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.hz https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.ms https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pk https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vg https://www.google.vu https://www.google.ws blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://appinstallers-packages.services.jamfcloud.com 'self' https://*.aptrinsic.com https://*.jamfnow.com https://*.services.jamfnow.com https://jamfnow-customapps.s3.amazonaws.com; script-src https://cdn.segment.com https://www.google-analytics.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'self' https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js https://*.aptrinsic.com https://www.youtube.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src https://js.intercomcdn.com https://fonts.intercomcdn.com 'self' https://fonts.gstatic.com; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; style-src 'unsafe-inline' 'self' https://*.aptrinsic.com https://fonts.googleapis.com; base-uri 'self'; default-src 'self' https:; report-uri https://sentry.jamf.com/api/11/security/?sentry_key=85194cbf03b7401ade1ab2a23567ae71&sentry_environment=production; 1
script-src 'self' 'nonce-4O7qkprYrO0GLIw1Y03RLiQDoFU=' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://dev-sgwf-01.bepsa.com.py https://checkout.dinelco.com.py/ www.facebook.com platform.twitter.com td.doubleclick.net 13605183.fls.doubleclick.net www.google.com cdn.octadesk.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com static.tacdn.com ad.doubleclick.net www.google.com.py adservice.google.com c.clarity.ms c.bing.com cellshop.com.py integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in https://desa.infonet.com.py:8035/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://dev-sgwf-01.bepsa.com.py https://checkout.dinelco.com.py/ connect.facebook.net twitter.com platform.twitter.com static.addtoany.com static.cloudflareinsights.com js-agent.newrelic.com www.tripadvisor.com unpkg.com www.tripadvisor.es www.google.com static.tacdn.com www.gstatic.com www.clarity.ms www.jscache.com vpos.infonet.com.py www.tripadvisor.com.br cdn.octadesk.com *.cellshop.com.py *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com *.infonet.com.py:8888/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.tacdn.com tagmanager.google.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://dev-sgwf-01.bepsa.com.py https://checkout.dinelco.com.py/ stats.addtoany.com *.infonet.com.py:8888 *.infonet.com.py bam.nr-data.net t.clarity.ms *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com bam.nr-data.net t.clarity.ms commerce.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.dk https://www.myheritage.dk  'unsafe-eval' 'nonce-5c1c72e28daed4b97108b58a0ef4e9b0' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.dk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' wss:; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googletagmanager.com *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' 'nonce-Txl0s4gp1cgUOylq91a-K_eCTd3otTTPouw_OoxEVxsA1p3MUOs29g' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' wss: 'inline' 'report-sample'; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1773718662461199&requestHash=cae3a79b907f2d2ec87a121d393f109fd4f66ef7 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' support.webkeeper.ch wss://support.webkeeper.ch www.google-analytics.com my.webkeeper.ch stats.g.doubleclick.net; font-src * data:; form-action 'self' www.webkeeper.ch; frame-ancestors 'none'; frame-src support.webkeeper.ch; img-src * data:; manifest-src 'self'; media-src support.webkeeper.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' support.webkeeper.ch www.google-analytics.com maps.googleapis.com developers.google.com treellionaire.com data:; style-src 'self' 'unsafe-inline' support.webkeeper.ch fonts.googleapis.com data:; report-uri /csp-report.php 1
default-src 'none'; worker-src 'self' blob:; base-uri 'self'; img-src * data:; frame-ancestors 'self' soderhamnnara.se *.gavlenet.se gavlenet.se gavleenergi.se; form-action 'self'; script-src 'self' 'unsafe-eval' 'nonce-SVtVBm2WrJMcM8o3AQxIlQ' 'nonce-4vXbpQD' api.livechatinc.com cdn.livechatinc.com functions.janjoo.se/js/informera-rss/app.js bankid.lime-technologies.com ajax.googleapis.com code.jquery.com *.gavlenet.se *.gavleenergi.se kit.fontawesome.com googletagmanager.com stats.gavleenergi.se cdn.gavleenergi.se t.adii.se https://bankid.lime-technologies.com/api/v2/js/bankid-modal.js; connect-src 'self' code.jquery.com maxcdn.bootstrapcdn.com gavchat.uc.tele2.se functions.janjoo.se *.gavleenergi.se maps.googleapis.com stats.gavleenergi.se simpliform.gavleenergi.se ka-p.fontawesome.com www.gavleenergi.se gavleenergi.se kit.fontawesome.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com kit.fontawesome.com ka-p.fontawesome.com code.jquery.com maxcdn.bootstrapcdn.com cdn.gavleenergi.se; frame-src 'self' secure.livechatinc.com *.youtube.com youtube.com gavleenergi.se *.gavlenet.se *.gavleenergi.se app.bwz.se gavleenergiab.webapp.virtaglobal.com; font-src *.fontawesome.com use.typekit.net fonts.gstatic.com data: *.gavleenergi.se www.gavleenergi.se/wp-includes/fonts/ maxcdn.bootstrapcdn.com; object-src 'none' 1
default-src 'self' *.itrustcapital.com;  script-src *.itrustcapital.com https://www.googletagmanager.com 'unsafe-inline' 'self' ;  style-src 'self' *.itrustcapital.com use.fontawesome.com 'unsafe-inline' https://www.google-analytics.com;  font-src 'self' *.itrustcapital.com use.fontawesome.com 'unsafe-inline';  connect-src sdk.iad-05.braze.com api.amplitude.com dataschemasprodstorage.blob.core.windows.net *.alloy.co https://rum.browser-intake-us3-datadoghq.com https://www.googletagmanager.com 'self' *.itrustcapital.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net wss:;  img-src 'self' *.itrustcapital.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net blob:;  object-src 'none'; frame-src https://www.googletagmanager.com; report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pubb464f8903d11bb4c37d5cbb555ed196a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=csp-report;  report-to default 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-i-jGLS7PRqB_KmYIdz_oEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-KLnsnWd15tEn6f47g0Fcug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://applepay.cdn-apple.com *.fontawesome.com applepay.cdn-apple.com 'self' data: 'unsafe-inline' https://admin.dev3.gh-stores.com https://dev3.gh-stores.com https://admin.gh-stores.com https://gh-stores.com https://www.gh-stores.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.paypal.com *.stripe.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ mirakl.m2e.cloud *.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.cookiebot.com *.facebook.com *.google.it *.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ quickchart.io img.youtube.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://secure-magenta.dalenys.com *.googleapis.com 'self' *.fontawesome.com *.google.pl *.google.it *.google.com *.google.nl *.gh-stores.com gh-stores.com *.facebook.com *.facebook.net *.atdmt.com *.adobedtm.com *.cookiebot.com https://dev3.gh-stores.com https://gh-stores.com https://www.gh-stores.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ pay.google.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.googleapis.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' *.cookiebot.com *.stripe.com *.facebook.net *.googleads.g.doubleclick.net *.cloudflare.com *.ajax.cloudflare.com *.payplug.com https://dev3.gh-stores.com https://admin.dev3.gh-stores.com/backadmin https://www.gh-stores.com https://gh-stores.com https://www.admin.gh-stores.com/backadmin https://admin.gh-stores.com/backadmin *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.freshdesk.com *.freshworks.com *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.sandbox.paypal.com *.paypalobjects.com *.ytimg.com *.scalapay.com *.jsdelivr.net *.dalenys.com *.omtrdc.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com *.googleapis.com *.googletagmanager.com https://dev3.gh-stores.com https://gh-stores.com https://www.gh-stores.com https://fonts.gstatic.com 'self' 'unsafe-inline' *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.google.pl *.google.it *.google.nl *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.cookiebot.com *.facebook.com *.scalapay.com *.stape.cloud https://dev3.gh-stores.com https://gh-stores.com https://www.gh-stores.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/passwords_google 1
object-src 'none';base-uri 'self';script-src 'nonce-cpXzR8kwvrFfSM34UA0TZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; report-uri https://vault.gostatera.com/collect/csp 1
object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.recaptcha.net unpkg.com; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src *; img-src https:; frame-src 'none' 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com public.montonio.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.apotheka.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com public.montonio.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com rx.apotheka.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com rx.apotheka.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.apotheka.ee http: https: wss: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://syonmedia.uriports.com/reports/report; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net *.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarna.com secure.payu.com merch-prod.snd.payu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://geowidget-app.inpost.pl/ https://lilou-configurator.netlify.app exchange.mediavine.com ams.creativecdn.com tags.creativecdn.com *.criteo.com *.criteo.net facebook.com 'unsafe-inline' data: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.payu.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.cdninstagram.com *.google.pl google.com google.pl *.criteo.com *.criteo.net https: data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klarna.com *.klarnacdn.net x.klarnacdn.net secure.payu.com secure.snd.payu.com *.klarnaservices.com https://d3bo67muzbfgtl.cloudfront.net https://sentry.lilou.pl *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.sentry-cdn.com exchange.mediavine.com unpkg.com *.mapbox.com furgonetka.pl *.hotjar.com *.criteo.com *.criteo.net *.cloudflareinsights.com *.wp.pl *.clickonometrics.pl bat.bing.com tags.creativecdn.com ams.creativecdn.com lib.onet.pl sgqcvfjvr.onet.pl events.onet.pl events.ocdn.eu clarity.ms *.clarity.ms 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdngazeta.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net https://d3bo67muzbfgtl.cloudfront.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.easypack24.net *.openstreetmap.org lilouparis.test lilou.test *.lilouparis.com *.lilou.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net secure.payu.com merch-prod.snd.payu.com *.klarnaservices.com *.klarna.com https://api.edrone.me https://sentry.lilou.pl https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.sentry-cdn.com *.wp.pl exchange.mediavine.com bat.bing.com bat.bing.net ams.creativecdn.com tags.creativecdn.com measurement-api.criteo.com api-s.edrone.me events.ocdn.eu *.googleadservices.com *.google.pl *.googletagmanager.com health.ems.onet.pl content.hotjar.io hotjar.com wss://ws.hotjar.com *.onet.pl analytics-ipv6.tiktokw.us *.gazeta.pl clk.leadexpert.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com bat.bing.com google.com exchange.mediavine.com www.googletagmanager.com tags.creativecdn.com ams.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-e5LH76zH7ELq3xvXTnTttg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.globalpay.com https://fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.yotpo.com www.bedstar.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.bedstar.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.bedstar.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://js.mollie.com account.fetchify.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.yotpo.com www.bedstar.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://s3.amazonaws.com https://aggregate-imgs.s3.eu-north-1.amazonaws.com https://fsc-images.s3.eu-north-1.amazonaws.com *.globalpay.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.google.com www.google.com.ua maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com www.bedstar.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://js.mollie.com https://*.ngrok.app *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com www.bedstar.co.uk server.bedstar.co.uk https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com https://fonts.googleapis.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com www.bedstar.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.bedstar.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://*.fero.com https://*.ngrok.app wss://*.ngrok.app wss://fero.ngrok.app:3000/ws api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://google.com/pay *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.googleapis.com *.yotpo.com www.bedstar.co.uk server.bedstar.co.uk https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.bedstar.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.bedstar.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://2a739ab1-c282-4278-9304-d6969cd3e784.sansec.watch/; report-to report-endpoint; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com a.omappapi.com *.fontawesome.com *.alothemes.com *.magepow.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com event.getblue.io static.omni.chat *.criteo.com static.criteo.net td.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.oceandrop.com.br c.clarity.ms *.bing.com www.google.com.br cm.g.doubleclick.net collect.vendavalida.com.br *.criteo.com *.omappapi.com a.mgid.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.mollie.com cdn.mundipagg.com api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com event.getblue.io widget.getblue.io static.omni.chat a.omappapi.com oceandrop-br.mais.social js-agent.newrelic.com www.clarity.ms *.hotjar.com bat.bing.com www.googleoptimize.com collect.vendavalida.com.br *.criteo.com secure.afilio.com.br a.mgid.com *.ubembed.com rum.hlx.page widget.freshworks.com m2epro.freshdesk.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com 3ds2.pagar.me 3ds2-sdx.pagar.me js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com oceandrop-br.mais.social a.omappapi.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.google.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com oceandrop-br.mais.social omnichat-web-chat.omni.chat webchat-adapter.omni.chat *.omappapi.com *.clarity.ms bam.nr-data.net ws.hotjar.com *.hotjar.io *.criteo.com stats.g.doubleclick.net collect.vendavalida.com.br bat.bing.com widget.freshworks.com m2epro.freshdesk.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';  default-src 'self';  connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://beyondwickedmapping.org https://*.google-analytics.com https://*.fra.meilisearch.io https://*.sanity.io https://*.snapchat.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://eu01.rec.mouseflow.com https://ad.doubleclick.net https://www.facebook.com https://vercel.live wss://ws-us3.pusher.com https://clerk.cappelendamm.no https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://api.statsigcdn.com https://featureassets.org https://assetsconfigcdn.org https://prodregistryv2.org https://cloudflare-dns.com https://beyondwickedmapping.org https://clerk.www.flammeforlag.no/ https://clerk.www.fontini.no/ https://browser-intake-datadoghq.eu;  font-src 'self' https://*.typekit.net https://cdn.mouseflow.com https://vercel.live https://assets.vercel.com;  frame-src 'self' https://assets-eur.mkt https://e.issuu.com https://www.googletagmanager.com https://www.google.com https://consentcdn.cookiebot.com https://tr.snapchat.com https://15316350.fls.doubleclick.net https://www.facebook.com https://vercel.live https://challenges.cloudflare.com;  img-src 'self' blob: data: https://cdn.sanity.io https://media.crystallize.com https://sr.bokbasen.io https://www.google-analytics.com https://www.googletagmanager.com https://tr.snapchat.com https://www.facebook.com https://vercel.live https://vercel.com https://imgsct.cookiebot.com https://ade.googlesyndication.com;  media-src 'self' https://sr.bokbasen.io;  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://vercel.live https://*.cookiebot.com https://cdn.mouseflow.com https://connect.facebook.net https://sc-static.net https://static.readpeak.com https://*.snapchat.com https://clerk.cappelendamm.no https://clerk.www.flammeforlag.no/ https://clerk.www.fontini.no/;  style-src 'self' 'unsafe-inline' https://vercel.live https://*.typekit.net https://cdn.jsdelivr.net/gh/paulirish/lite-youtube-embed@master/src/lite-yt-embed.css;  worker-src 'self' blob:;  upgrade-insecure-requests; 1
default-src 'self'; child-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://*.storage.googleapis.com https://*.vimeo.com https://vimeo.com https://octus.chilipiper.com https://app.pendo.io https://cookie-cdn.cookiepro.com https://*.cookiepro.com https://cdn.cookielaw.org https://ajax.googleapis.com https://widget.surveymonkey.com https://go.octus.com https://go.reorg-research.com https://*.pardot.com https://cdn.pendo.io https://*.pendo.io https://*.doubleclick.net https://js.chilipiper.com https://cdn.us.heap-api.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://rs.fullstory.com https://edge.fullstory.com https://px.ads.linkedin.com https://analytics.google.com https://snap.licdn.com https://stats.g.doubleclick.net https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://www.googleadservices.com https://*.doubleclick.net https://app.pendo.io https://*.pendo.io https://geolocation.onetrust.com https://*.cookiepro.com https://cdn.cookielaw.org https://go.octus.com https://c.us.heap-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://rs.fullstory.com https://edge.fullstory.com https://px.ads.linkedin.com https://analytics.google.com https://snap.licdn.com https://*.doubleclick.net https://stats.g.doubleclick.net https://dev.visualwebsiteoptimizer.com; frame-src 'self' https://app.vwo.com https://vimeo.com https://octus.chilipiper.com https://player.vimeo.com https://www.googletagmanager.com https://www.surveymonkey.com https://td.doubleclick.net https://go.octus.com https://reorg-research.chilipiper.com https://www.podbean.com https://*.podbean.com https://res.cloudinary.com https://*.cloudinary.com; worker-src 'self' blob:; report-uri https://octus.com/wp-json/csp/v1/report/; report-to csp-endpoint; 1
default-src 'self' https://*.alltuu.live https://alltuu-frontend-log-tracking.cn-hangzhou.log.aliyuncs.com https://alltuu-frontend-log.cn-hangzhou.log.aliyuncs.com https://www.gstatic.com https://alltuu-help-video.oss-cn-shanghai.aliyuncs.com https://open.work.weixin.qq.com https://cdn.jsdelivr.net https://cdnjs.cloundflare.com https://gw.alipayobjects.com https://lf1-cdn-tos.bytegoofy.com https://alltuu.cc https://alltuu.pw https://alltuu.co https://alltuu.tv https://s9.cnzz.com https://zz.bdstatic.com https://v1.cnzz.com https://g.alicdn.com https://mp.weixin.qq.com https://res.wx.qq.com https://open.weixin.qq.com https://turing.captcha.qcloud.com https://sp0.baidu.com/ https://turing.captcha.gtimg.com https://at.alicdn.com data: blob: https://*.alltuu.ren https://*.alltuu.com 'unsafe-eval' 'unsafe-inline'; report-uri https://csp-page.alltuu.com;connect-src 'self' https://*.alltuu.live https://mcs.snssdk.com https://alltuu-storage.oss-accelerate.aliyuncs.com https://alltuu-prsoon-private.oss-cn-hangzhou.aliyuncs.com https://aegis.qq.com https://mp.weixin.qq.com/ https://alltuu-msg.cn-hangzhou.log.aliyuncs.com/ https://alltuu-flashapp.cn-hangzhou.log.aliyuncs.com https://ai-platform-data-analysis.cn-hangzhou.log.aliyuncs.com https://ai-data-analysis.cn-hangzhou.log.aliyuncs.com https://*.alltuu.com wss://*.alltuu.com https://alltuu-frontend-log.cn-hangzhou.log.aliyuncs.com https://videocloud.cn-hangzhou.log.aliyuncs.com https://alltuu-storage.oss-cn-hangzhou.aliyuncs.com https://alltuu-frontend-log-tracking.cn-hangzhou.log.aliyuncs.com data: blob:;frame-src 'self' https://* blob: data: ; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com   *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-9mpBjGY8vu124GkG9zZ3BQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' feedback-eu1.hubapi.com feedback.hubapi.com *.hubspotfeedback.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hsleadflows.net *.hscollectedforms.net *.hubspot.net *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net 'strict-dynamic' 'nonce-Da8rJr8wQFuW2mEf+sgMxg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.hsappstatic.net; font-src 'self' *.hubspotusercontent-eu1.net; img-src 'self' data: 'unsafe-inline' *.chemaxon.com *.googletagmanager.com *.s3.amazonaws.com t.co *.twitter.com *.linkedin.com *.google.hu *.google.com *.hsappstatic.net *.facebook.com *.hsforms.com *.hsforms.net cdn2.hubspot.net *.hubspot.net no-cache.hubspot.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; connect-src 'self' *.linkedin.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io googleads.g.doubleclick.net *.google.com *.google-analytics.com chemaxon.matomo.cloud *.hubapi.com *.hsforms.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net; frame-src https://chemaxon.com https://www.youtube.com https://td.doubleclick.net/ *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com *.hsforms.net *.hsforms.com; object-src 'none'; base-uri 'self'; form-action 'self' 1
default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com https://api.maptiler.com https://api.vitally-eu.io https://app.vitally-eu.io https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com cdn.vitally-eu.io ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com cdn.announcekit.app cdn.segment.com cdn.vitally-eu.io ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app https://fast.wistia.net pigmentforms.typeform.com ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co https://use.typekit.net https://p.typekit.net ; worker-src blob: ; font-src 'self' https://use.typekit.net fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigment7-dev-ed.develop.lightning.force.com/ https://pigment7-dev-ed--c.develop.vf.force.com/ https://wiki.klarna.net/ ; base-uri 'self' ; form-action https://announcekit.co ; report-uri https://pigment.uriports.com/reports/report ; report-to report ; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.co.jp/api/csp-report; report-to csp-endpoint 1
default-src 'self' *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.google.com *.googleadservices.com *.youtube.com *.google *.the-ozone-project.com *.optimizely.com tag.aticdn.net cdn.shopify.com cdn.jsdelivr.net scripts.webcontentassessor.com *.wayin.com; style-src 'self' 'unsafe-inline' *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk fonts.googleapis.com fonts.gstatic.com *.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.typekit.net; img-src 'self' data: blob: https: http: *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk; connect-src 'self' *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.google.com *.googleadservices.com *.youtube.com *.google *.the-ozone-project.com *.optimizely.com cdn.jsdelivr.net; frame-src 'self' *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.google.com *.googleadservices.com *.youtube.com *.google *.brightcove.com *.brightcove.net *.the-ozone-project.com *.optimizely.com; media-src 'self' data: *.doctorwho.tv *.bbc.com *.bbc.co.uk *.bbci.co.uk *.brightcove.com *.brightcove.net; object-src 'none' 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com portal.bulkgate.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com https://www.googletagmanager.com https://widgets.onlinesizing.bike *.resurs.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com portal.bulkgate.com https://www.google.fi https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://px.ads.linkedin.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.facebook.com https://maps.googleapis.com https://maps.gstatic.com flagpedia.net cdn2.hubspot.net resources.paytrail.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ portal.bulkgate.com *.gstatic.com https://analytics.tiktok.com https://tiktok.com https://embed.trustmary.com https://d3qhsf9lmfcusu.cloudfront.net https://assets.zendesk.com https://static.zdassets.com https://www.clarity.ms https://scripts.clarity.ms https://e.clarity.ms https://snap.licdn.com https://widgets.onlinesizing.bike https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com https://maps.googleapis.com https://cdnjs.cloudflare.com maps.googleapis.com services.paytrail.com resources.paytrail.com *.resurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.googletagmanager.com tagmanager.google.com *.googleapis.com portal.bulkgate.com *.gstatic.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com portal.bulkgate.com *.gstatic.com https://doubleclick.net https://stats.g.doubleclick.net https://www.doubleclick.net https://google.com https://www.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://capig.stape.de https://d.clarity.ms https://embed.trustmary.io https://ekr.zdassets.com wss://widget-mediator.zopim.com https://electrobikehelp.zendesk.com https://e.clarity.ms https://px.ads.linkedin.com https://api.onlinesizing.bike https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://maps.googleapis.com www.gstatic.com maps.googleapis.com *.paytrail.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src *.bundesregierung.de analytics.bundesregierung.de 'self' https://hls-hd.myrasec.de *.stage.bio ; style-src *.bundesregierung.de 'self' 'unsafe-inline' ; script-src *.bundesregierung.de 'self' ; script-src-elem 'self' *.bundesregierung.de 'nonce-m1pxEiiCUGjuBssHGP41w9T+P3NzWpwU+SW6CH3rM//YnGnb1NfzF/bsVdp9Rj58nIUVPyJZNTour4ajfl4CI4XVesJVcq4loL2g/wFWawHkzQAzySkeE9qg9kQze+xT515edsKEc8qbchmDTvl9SmgWszLA1LZERe/onW2C84c=' *.stage.bio ; frame-src *.bundesregierung.de 'self' ; media-src *.bundesregierung.de 'self' http://video.bundesregierung.de https://zdf-hls-18.akamaized.net *.stage.bio ; frame-ancestors *.bundesregierung.de 'self' ; img-src 'self' *.bundesregierung.de https://*.tile.openstreetmap.de data: *.stage.bio ; default-src *.bundesregierung.de 'self' ; font-src *.bundesregierung.de 'self' ; report-uri https://www.bundeskanzler.de/service/csp-report ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action *.cognitoforms.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.paygate.co.za/payweb3/process.trans oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src *.cognitoforms.com *.peachpayments.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.klarnacdn.net *.klevu.com *.ksearchnet.com fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.feedaty.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.iubenda.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.feedaty.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.klarna.com *.klarnacdn.net x.klarnacdn.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.iubenda.com *.klarnaservices.com js.klevu.com *.ksearchnet.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com tracking.trovaprezzi.it www.trovaprezzi.it https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.feedaty.com *.fontawesome.com downloads.mailchimp.com assets.braintreegateway.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.feedaty.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.iubenda.com *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com *.oct8ne.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com https://www.googletagmanager.com/ *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.feedaty.com *.erickson.it http://risorseonline.erickson.it *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.feedaty.com *.iubenda.com *.acsbapp.com *.salesmanago.com *.erickson.it *.zdassets.com cdn.doofinder.com https://code.gelproximity.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.feedaty.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.feedaty.com *.doubleclick.net *.scalapay.com *.erickson.it *.acsbapp.com *.zdassets.com *.iubenda.com *.doofinder.com wss://*.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: https://media.flixcar.com/ https://media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.facebook.com/tr/ https://content.jwplatform.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.hotjar.com https://www.facebook.com/tr/ https://static.addtoany.com/ https://static.zdassets.com/ https://script.hotjar.com *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com https://googleads.g.doubleclick.net https://www.google.com.ar https://www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com https://connect.facebook.net logo.flixfacts.co.uk https://widgets.magentocommerce.com/ https://media.flixcar.com/ *.flix360.com notifications-icommkt.website *.googlesyndication.com *.zdassets.com/ekr/snippet.js *.googletagmanager.com *.simpleanalyticscdn.com *.flixcar.com *.ocularsolution.com *.amazonaws.com *.syndigo.cloud *.baidu.com *.cloudfront.net *.syndigo.com *.google *.bing.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.hotjar.com *.hotjar.io https://static.hotjar.com/c/hotjar- https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://www.google-analytics.com/u/analytics_debug.js https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://static.zdassets.com/ https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js intent://arvr.google.com https://static.addtoany.com/menu/page.js https://static.addtoany.com/ https://static.zdassets.com/ekr/snippet.js *.flixfacts.com/ *.flixcar.com/ https://media.flixfacts.com/js/loader.js https://media.flixcar.com/delivery/static/tracking/tracking.js https://samsungxr.s3.amazonaws.com/js/ar_casacuesta.js https://cdn.jsdelivr.net/gh/Wruczek/Bootstrap-Cookie-Alert@gh-pages/cookiealert.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__es.js *.googlesyndication.com *.googletagmanager.com *.singular.net *.icommkt.online *.syndigo.com *.flixfacts.com *.ocularsolution.com *.syndigo.cloud *.zdassets.com *.zopim.com *.flix360.io *.adobedtm.com *.google/sodar/sodar2.js *.gbqofs.com *.gbqofs.io *.doubleclick.net *.gbss.io *.ms *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://media.flixfacts.com/ https://media.flixcar.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com https://static.zdassets.com/ https://media.flixcar.com/ https://media.flixfacts.com/ https://media.flixsyndication.net/ https://assets-jpcust.jwpsrv.com/ https://ssl.p.jwpcdn.com/ *.cloudfront.net/ https://d3nkfb7815bs43.cloudfront.net/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://media.pointandplace.com/ https://player.pointandplace.com/ https://t.pointandplace.com/ *.pointandplace.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net vimeo.com api.magento.com commerce.adobedtm.com commerce.adobedc.net commerce.adobe.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.comapi.com bam.nr-data.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.hotjar.com *.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ https://casacuesta.zendesk.com/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://prod.flixgvid.flix360.io https://t.flix360.com https://syndication.flix360.com *.flix360.com *.amazonaws.com *.flixcar.com *.googlesyndication.com *.syndigo.com *.ocularsolution.com *.simpleanalitycscdn.com *.casacuesta.com *.simpleanalyticscdn.com *.singular.net *.baidu.com *.google *.gbqofs.io *.gstatic.com *.google.com.do/ads/ga-audiences wss://ws.hotjar.com/api/v2/client/ws *.g.doubleclick.net *.syndigo.cloud *.googleapis.com *.gbss.io *.gbqofs.com *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com googlesyndication.com *.googlesyndication.com google.com google.co.nz *.google.co.nz doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.maxmind.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googlesyndication.com *.googlesyndication.com google.com google.co.nz *.google.co.nz doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net stripe.com *.stripe.com *.wetanz.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.mmapiws.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.doubleclick.net get.geojs.io sgtm.adagio-city.com; child-src 'self' blob:; connect-src 'self' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net *.tradelab.fr ib.adnxs.com *.googleadservices.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.fastlylb.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.google.nl *.metaffiliation.com *.wonderpush.com *.analytics.google.com googleads.g.doubleclick.net *.cedexis-radar.net *.google.com *.doubleclick.net ipinfo.io *.gstatic.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com sgtm.adagio-city.com *.pinterest.com s.pinimg.com get.geojs.io analytics.tiktok.com *.nr-data.net *.us-east-1.amazonaws.com *.kontorolabs.com *.sojern.com bat.bing.net bat.bing.com *.ip-api.com 2643.userly.net mapsresources-pa.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com; font-src *; frame-src 'self' *.cedexis-test.com *.doubleclick.net static.addtoany.com *.google.com *.youtube.com my.matterport.com *.citrix-itm-test.com *.facebook.com *.fbcdn.net *.citm-test.com *.cardinalcommerce.com *.online-metrix.net cedexis-test.gcorelabs.com *.contentsquare.net csxd.all.accor.com csxd.mag-adagio.com ct.pinterest.com s.pinimg.com *.adagio-city.com *.googletagmanager.com sgtm.adagio-city.com *.itm.cloud.com *.by.wonderpush.com data: blob:; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' adagio.nonce cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com ssl.google-analytics.com *.contentsquare.net connect.facebook.net *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.cedexis-radar.net *.google.com *.doubleclick.net ipinfo.io *.gstatic.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.google.de *.cardinalcommerce.com *.elitrack.com *.metaffiliation.com *.wonderpush.com ct.pinterest.com s.pinimg.com *.sojern.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://github.com https://static.addtoany.com https://try.abtasty.com https://www.google.com staticaws.fbwebprogram.com; script-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.cedexis-radar.net *.google.com *.doubleclick.net ipinfo.io *.gstatic.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.elitrack.com *.metaffiliation.com *.wonderpush.com s.pinimg.com cdn.jsdelivr.net *.adagio-city.com analytics.tiktok.com ct.pinterest.com bat.bing.com *.sojern.com surveys-static-prd.survicate-cdn.com survey.survicate.com 2643.userly.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://github.com https://static.addtoany.com https://try.abtasty.com https://www.google.com staticaws.fbwebprogram.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.googleapis.com *.gstatic.com https://script.hotjar.com *.landbot.io cash-f.squarecdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es api.paycomet.com *.ogone.com *.v-psp.com https://www.facebook.com *.redsys.es * 'self' 'unsafe-inline'; frame-ancestors *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.adobe.com https://bid.g.doubleclick.net https://www.linkbux.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es www.google.com api.paycomet.com *.doubleclick.net pay.google.com service.force.com hal9000.redintelligence.net https://pikolinrecommend.botslovers.com https://*.soreto.com https://ams.creativecdn.com/ https://www.facebook.com/ https://www.awin1.com/ *.redsys.es https://www.googletagmanager.com * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com *.trackedlink.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.pikolin.com https://pikolin.com *.magentosite.cloud *.beds.es *.gstatic.com *.adotmob.com *.facebook.com *.facebook.net *.google.com *.google.es *.googleapis.com *.omtrdc.net https://*.g.doubleclick.net/ *.doubleclick.net https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com *.media-amazon.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://ade.googlesyndication.com https://lantern.roeyecdn.com https://lantern.roeye.com https://pikolinrecommend.botslovers.com https://*.tagmanager.google.com https://pikolin.botslovers.com https://cdn.botslovers.com https://t.teads.tv/ https://c.clarity.ms/ https://*.bing.com/ https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://rt.udmserve.net/ https://pixel.rubiconproject.com https://www.awin1.com/ https://eb2.3lift.com/ https://secure.adnxs.com/ https://ih.adscale.de/ https://sync.outbrain.com/ https://ssp-csync.smartadserver.com/ https://ads.stickyadstv.com https://ads.yieldmo.com/ https://api.soreto.com/ https://cdn.doofinder.com/ https://ib.adnxs.com/ eu1-doofinderuser.s3.amazonaws.com https://*.collect.igodigital.com * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es www.google.com https://maps.googleapis.com *.gstatic.com *.zdassets.com js-agent.newrelic.com *.serving-sys.com *.facebook.net *.doubleclick.net *.zopim.com *.cstatic.weborama.fr https://cdn.cookielaw.org https://pikolin.botslovers.com.co https://pikolin.botslovers.com https://pikolinrecommend.botslovers.com https://cdn.landbot.io *.payments-amazon.com pay.google.com https://service.force.com https://cdn.doofinder.com *.clarity.ms *.hotjar.com https://www.dwin1.com https://www.wepowerconnections.com https://lantern.roeyecdn.com https://espadesa.my.salesforce.com/ https://*.googletagmanager.com https://*.tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://p.teads.tv/ https://*.soreto.com https://cdn.frizbit.com/ https://js.cookieless-data.com/ https://*.adform.net/ https://js.sddan.com/ https://tags.creativecdn.com/ https://*.bing.com https://www.awin1.com/ https://the.sciencebehindecommerce.com/ https://*.datnova.com/ https://static.lightning.force.com https://espadesa.secure.force.com https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com/ https://d.la2-c1-cdg.salesforceliveagent.com/ *.redsys.es https://sslwidget.criteo.com/ https://dynamic.criteo.com/ https://pikolin--presandbox.sandbox.my.site.com/ https://pikolin.my.site.com/ https://*.collect.igodigital.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com *.trustpilot.com https://assets.adobedtm.com https://510004498.collect.igodigital.com https://pikolin.my.site.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.googleapis.com service.force.com *.clarity.ms https://cdn.doofinder.com https://*.googletagmanager.com https://*.tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.frizbit.com/ https://espadesa.secure.force.com/ https://pikolin--presandbox.sandbox.my.site.com/ https://pikolin.my.site.com/ *.cash.app *.trustpilot.com 'self' 'unsafe-inline'; object-src *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.pikolin.com https://pikolin.com *.magentosite.cloud *.beds.es *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.pikolin.com/es *.pikolin.com/pt pikolin.tt.omtrdc.net *.magentosite.cloud *.beds.es *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.serving-sys.com *.google-analytics.com *.analytics.analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.demdex.net *.paypal.com *.doubleclick.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://google.com https://www.google.es https://www.google.com https://pagead2.googlesyndication.com pay.google.com https://payments-eu.amazon.com *.amazon.com eu1-layer.doofinder.com wss://eu1-layer.doofinder.com/ *.clarity.ms https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://pikolinrecommend.botslovers.com *.tt.omtrdc.net https://pikolin.botslovers.com https://cdn.botslovers.com/ https://www.facebook.com/ https://cm.teads.tv/ https://t.teads.tv/ https://www.wepowerconnections.com https://*.soreto.com https://*.frizbit.com/ https://ams.creativecdn.com/ https://the.sciencebehindecommerce.com/ https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-eu.onetrust.com https://*.bing.com/ https://espadesa.secure.force.com/ *.googleapis.com *.landbot.io * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://*.trustpilot.com/ 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es https://*.soreto.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; report-uri https://pikolin.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none'; script-src 'nonce-ZmuBTzxxCVY7wz8Ae5CUlw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://o463592.ingest.sentry.io/api/5471479/security/?sentry_key=ab531d6dca0d488898493ccc9706f202&sentry_environment=prod 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.googleapis.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.oct8ne.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.hotjar.com *.pinterest.com *.pinterest.es *.criteo.com *.cookiebot.com *.doubleclick.net *.googletagmanager.com *.oct8ne.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.doofinder.com https://maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.facebook.com *.pinterest.com *.google.es *.clarity.ms *.quantserve.com *.lladro.com *.yahoo.com *.3lift.com *.360yield.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.adnxs.com *.casalemedia.com *.tapad.com *.smartadserver.com *.taboola.com *.addthis.com *.dable.com *.criteo.com *.media.net *.bidswitch.net *.revcontent.com *.teads.tv *.sharethrough.com *.liadm.com *.dable.io *.yieldmo.com *.advertising.com *.clmbtech.com *.smaato.net *.dmxleo.com *.cookiebot.com visitor.omnitagis.com id5-sync.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com criteo-partners.tremorhub.com ad.yieldlab.net *.emxdgt.com sync.1rx.io sync.targeting.unrulymedia.com *.line.me www.googletagmanager.com visitor.omnitagjs.com *.oct8ne.com magefan.com cm.magefan.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.gstatic.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr *.cloudflare.com *.cloudfront.net *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.googletagmanager.com *.facebook.net *.pinimg.com *.hotjar.com *.tiktok.com *.quantserve.com *.doubleclick.net *.quantcount.com *.doofinder.com *.oct8ne.com *.clarity.ms *.criteo.com *.criteo.net *.cookiebot.com www.mczbf.com *.line-scdn.net *.pinterest.com cdn.jsdelivr.net *.useberry.com js.mollie.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com www.google.com payments-eu.amazon.com *.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr *.analytics.google.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.luckyorange.net *.pinterest.com *.tiktok.com *.clarity.ms *.oct8ne.com *.criteo.com www.mczbf.com *.cookiebot.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src https://pay.kcp.co.kr https://paygw.kcp.co.kr https://testpay.kcp.co.kr http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://seoulwebdev.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src https://cdn.checkout.com *.cdn-apple.com instantcredit.net test.instantcredit.net druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; style-src https://cdn.checkout.com *.doofinder.com instantcredit.net test.instantcredit.net druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; img-src https://www.googletagmanager.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com https://images.unsplash.com instantcredit.net test.instantcredit.net www.googletagmanager.com www.druni.pt druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net www.googletagmanager.com druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com/ https://ui.swogo.net/ https://www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.checkout.com *.klarnacdn.net *.cdn-apple.com cdn.doofinder.com https://maps.googleapis.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com www.googletagmanager.com druni.my.site.com druni.my.salesforce-scrt.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https://analytics.tiktok.com/ https://tracking.swogo.net/ https://api.swogo.net/ https://api.trustedshops.com/ https://www.googletagmanager.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://js.checkout.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://player.vimeo.com instantcredit.net *.instantcredit.net www.googletagmanager.com druni.my.salesforce-scrt.com druni.my.site.com *.salesforce.com *.force.com *.salesforce-sites.com *.lightning.force.com https://sandbox.sequracdn.com https://live.sequracdn.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: track.goggles4u.info https://track.goggles4u.info www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net https://images.unsplash.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.google.com.ua www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://maps.googleapis.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://accounts.google.com https://www.gstatic.com * www.xtento.com cdn.xtento.com sst.goggles4u.co.uk https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://maps.googleapis.com https://player.vimeo.com https://checkout.iwdagency.com *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com * sst.goggles4u.co.uk https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ACCA/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogiclongterm.s3.amazonaws.com/ACCA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://higherlogicstream.s3.amazonaws.com/ACCA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ACCA/ https://higherlogicdownload.s3.amazonaws.com/ACCA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ACCA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://10176109.fls.doubleclick.net/ https://www.googletagmanager.com/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
base-uri 'self'; child-src 'self'; connect-src 'self' ws: https://*.psychologytools.com https://a.optinmonster.com https://a.omappapi.com https://api.omappapi.com https://checkout.stripe.com https://api.stripe.com https://maps.googleapis.com https://plausible.io https://hemsync.clickagy.com https://aorta.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://*.psychologytools.com https://fonts.bunny.net data:; form-action 'self' https://*.psychologytools.com; frame-src 'self' https://*.psychologytools.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://hooks.stripe.com https://www.youtube.com https://hemsync.clickagy.com; img-src 'self' data: https://*.psychologytools.com https://psychologytools-com-local.s3.eu-west-1.amazonaws.com https://psychology-tools-dev-files.s3.eu-west-1.amazonaws.com https://media-engine-local-public.s3.eu-west-2.amazonaws.com https://media-engine-local-private.s3.eu-west-2.amazonaws.com https://media-engine-dev-public.s3.eu-west-2.amazonaws.com https://media-engine-staging-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://*.stripe.com https://gravatar.com https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src  'nonce-pnIyyOuUvx6GjsANO72o16d8Z9Bdck5p' 'self' 'unsafe-eval' https://*.psychologytools.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://*.js.stripe.com https://maps.googleapis.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://cdn.jsdelivr.net blob:; script-src-attr 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net https://psychologytools-com-local.s3.eu-west-1.amazonaws.com https://media-engine-local-public.s3.eu-west-2.amazonaws.com https://media-engine-local-private.s3.eu-west-2.amazonaws.com https://media-engine-dev-public.s3.eu-west-2.amazonaws.com https://media-engine-staging-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com https://media-engine-production-public.s3.eu-west-2.amazonaws.com; script-src-elem 'self' 'unsafe-inline' https://*.psychologytools.com https://a.omappapi.com https://cdn.jsdelivr.net https://plausible.io https://ws-assets.zoominfo.com https://js.zi-scripts.com blob:; style-src 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline' https://*.psychologytools.com https://cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.psychologytools.com https://fonts.googleapis.com https://a.omappapi.com https://cdn.jsdelivr.net https://fonts.bunny.net; 1
font-src maxcdn.bootstrapcdn.com *.oct8ne.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.oct8ne.com www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com *.usizy.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com *.oct8ne.com www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co usizy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://sis.redsys.es/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com *.cloudflare.com *.twitter.com *.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app www.googletagmanager.com sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl folders.baby-dump.nl *.twitter.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de www.babydeals.be dehoevebuitenleven.nl m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com *.bing.com *.bing.net www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com stats.g.doubleclick.net sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com bat.bing.net static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app *.cloudflare.com *.google.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com sst.babypark.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com chatwidget-css.web.app *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu maxcdn.bootstrapcdn.com unsafe-inline https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com bat.bing.net *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com api.ipify.org *.cloudflare.com *.twitter.com *.twimg.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com sst.babypark.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self'; script-src 'nonce-8I4o0nehSkDMb+4VSCZiGw==' 'strict-dynamic' 'unsafe-eval' *.jumbomail.me *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com *.2mdn.net *.adtrafficquality.google fundingchoicesmessages.google.com *.clarity.ms www.clarity.ms *.facebook.net challenges.cloudflare.com *.netfree.link; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https: *.jumbomail.me *.doubleclick.net *.google.com *.google.co.il *.googleadservices.com *.clarity.ms *.facebook.com; font-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' data: blob: https: wss: *.jumbomail.me *.doubleclick.net *.google.com *.googleadservices.com *.adtrafficquality.google *.google-analytics.com analytics.google.com *.clarity.ms *.facebook.com; media-src 'self' https: blob:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; report-uri https://napi.jumbomail.me/api/reports/csp-report; 1
connect-src 'self' data: wss://fulltextsearch.org/flare ka-f.fontawesome.com yoast.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl translate.googleapis.com www.gdpsystem.eu connect.facebook.net; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com/releases/v5.15.4/; frame-src 'self' data: uwr.edu.pl *.uwr.edu.pl maps.google.com *.youtube.com youtube.com player.vimeo.com www.google.com; img-src 'self' data: blob: graph.facebook.com *.xx.fbcdn.net s.w.org *.ytimg.com uwr.edu.pl *.uwr.edu.pl *.fna.fbcdn.net secure.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com www.google.pl https://ssl.gstatic.com https://www.gstatic.com *.vimeocdn.com; object-src 'self'; script-src 'self' cdn.jsdelivr.net https://*.googletagmanager.com www.youtube.com use.fontawesome.com kit.fontawesome.com ajax.googleapis.com cdn-eu.readspeaker.com polyfill.io code.jquery.com https://tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com www.gdpsystem.eu 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' uwr.edu.pl data: code.jquery.com kit.fontawesome.com polyfill.io cdn-eu.readspeaker.com cdn-eu.readspeaker.com ajax.googleapis.com cdn.jsdelivr.net www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com cdnjs.cloudflare.com cdn.datatables.net secure.polldaddy.com connect.facebook.net www.googletagmanager.com www.gdpsystem.eu 'unsafe-inline'; style-src 'self' cdn.jsdelivr.net cdn-eu.readspeaker.com https://tagmanager.google.com https://fonts.googleapis.com www.gdpsystem.eu 'unsafe-inline'; style-src-elem 'self' uwr.edu.pl cdn.jsdelivr.net www.youtube.com fonts.googleapis.com cdn-eu.readspeaker.com www.gdpsystem.eu 'unsafe-inline'; worker-src 'self' uwr.edu.pl blob: 1
report-to kmstools.com; font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: *.postescanada-canadapost.ca https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.shift4.com *.shift4test.com *.i4go.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ data: *.google.com *.gstatic.com *.facebook.com *.postescanada-canadapost.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.shift4.com *.shift4test.com *.i4go.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com *.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com *.signifyd.com *.online-metrix.net *.google.com *.paypal.com *.googletagmanager.com *.analytics.yahoo.com s.ytimg.com *.postescanada-canadapost.ca kmstools.com *.kmstools.com *.cloudfront.net *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://firebasestorage.googleapis.com *.shift4.com *.shift4test.com *.i4go.com *.facebook.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.eigendev.com *.googleapis.com *.gstatic.com *.facebook.net *.googleapis.net *.googletagmanager.com *.google.com data: *.postescanada-canadapost.ca *.newrelic.com *.nr-data.net *.searchspring.net *.trustpilot.com *.3cx.com *.my3cx.ca:5001 *.tctm.co *.bing.com *.clickcease.com snapui.searchspring.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.shopify.com *.shift4.com *.shift4test.com *.i4go.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.gstatic.com *.googleapis.com *.postescanada-canadapost.ca *.searchspring.net unsafe-inline assets.braintreegateway.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.googleapis.com *.google-analytics.com *.nr-data.net *.doubleclick.net *.signifyd.com *.searchspring.io *.postescanada-canadapost.ca *.3cx.com *.my3cx.ca:5001 api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io *.shift4.com *.shift4test.com *.i4go.com *.facebook.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval';         style-src 'self' 'unsafe-inline';         img-src 'self' data: blob: https:;         font-src 'self' data:;         connect-src 'self';         media-src 'self';         object-src 'none';         frame-src 'self';         frame-ancestors 'self';         form-action 'self';         base-uri 'self' 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.avada.io player.vimeo.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: google.com https://affiliates.baptistchart.com pay.instamed.com;script-src 'nonce-c89a3d43619c4c398ca13b5f8f174643' https://my.baptistchart.com 'self';img-src https://* 'self' blob: data: google.com https://affiliates.baptistchart.com;connect-src 'self' epichttp: google.com https://affiliates.baptistchart.com https://www.google.com;style-src https://my.baptistchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self' google.com https://affiliates.baptistchart.com;media-src https://* 'self' blob:; 1
default-src 'self' data: wss: *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://prorail.projectatlas.app *.cookiebot.com connect.facebook.net www.facebook.com snap.licdn.com *.bing.com *.clarity.ms *.clarity.ml *.indeed.com *.talent.com *.doubleclick.net bs.serving-sys.com connect.facebook.com pagead2.googlesyndication.com s2.adform.net sc-static.net secure.adnxs.com secure-ds.serving-sys.com secure-ds-serving-sys.com static.jobrapido.com *.snapchat.com track.adform.net www.googleadservices.com *.joboti.com joboti-widget.azurewebsites.net res.cloudinary.com http://res.cloudinary.com netdna.bootstrapcdn.com www.geluidregister.nl cdn.starred.com cdn.jsdelivr.net www.redditstatic.com *.reddit.com *.billypx.com *.cdn.billygrace.com onesignal.com cdn.onesignal.com api.onesignal.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.cookiebot.com *.google-analytics.com *.gstatic.com *.googleapis.com *.mapbox.com *.g.doubleclick.net *.doc-cirrus.com *.smarketer.de; script-src 'self' 'unsafe-inline' *.cookiebot.com *.webspaceconfig.de *.googletagmanager.com *.google-analytics.com *.doc-cirrus.com *.smarketer.de *.doubleclick.net *.googleadservices.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.google-analytics.com *.gstatic.com *.googleapis.com *.kununu.com *.google.com *.google.de *.googleadservices.com *.cookiebot.com *.googletagmanager.com *.heydata.eu *.doc-cirrus.com *.google.ch *.google.co.in *.google.ru *.google.nl; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com *.personio.de *.jobs.personio.de; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.mapbox.com *.webspaceconfig.de 'report-sample'; connect-src 'self' *.fast.smarketer.de *.doc-cirrus.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookiebot.com *.smarketer.de *.google.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.webspaceconfig.de 'report-sample'; worker-src 'self' blob:; report-uri https://www.doc-cirrus.com/@http-reporting?csp=report&requestTime=1773714340275022&requestHash=d2427d17a63bd3bcec9e1f4b0a66738c154005dd 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app www.googletagmanager.com sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl folders.baby-dump.nl platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de www.babydeals.be dehoevebuitenleven.nl m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com *.bing.com *.bing.net www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com stats.g.doubleclick.net sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com bat.bing.net static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com sst.baby-dump.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com chatwidget-css.web.app maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com bat.bing.net *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com api.ipify.org www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com sst.baby-dump.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'nonce-Ho0jgm43WXv8U8DYMFWWGTFpFsF65JdnVK8Ak7B2VTM='; base-uri 'none'; connect-src 'self' https://*.fontawesome.com https://*.googleapis.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; img-src data: 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://cdn.startpeople.be https://img.youtube.com https://i.ytimg.com https://imgsct.cookiebot.com https://vumbnail.com/ https://i.vimeocdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/css/bootstrap-datepicker3.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/select2@4.0.13/dist/css/select2.min.css https://cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/select2-bootstrap-5-theme.min.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css https://fonts.googleapis.com; frame-src 'strict-dynamic' 'self' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; report-to csp-endpoint; report-uri https://csp-dxp.rgfstaffing.be/csp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com cdn.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.punchout2go.com *.tradecentric.com https://connect.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors https://cdn.livechatinc.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.punchout2go.com *.tradecentric.com https://cdn.chatbot.com https://*.doubleclick.net https://*.livechatinc.com https://vars.hotjar.com https://*.paymetric.com https://stementorstg.wpengine.com https://calendar.time.ly https://*.worldpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com https://p.adsymptotic.com https://hm.baidu.com/hm.gif https://bat.bing.com https://c.bing.com https://c.clarity.ms https://*.doubleclick.net https://d3cgm8py10hi0z.cloudfront.net/is.gif https://www.facebook.com/privacy_sandbox/ https://www.facebook.com/tr/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://www.google.ca/pagead/ https://www.google.com/pagead/ https://www.google.ca/ads/ https://www.google.com/ads/ https://www.googletagmanager.com https://static.kameleoon.com https://*.ads.linkedin.com https://cdn.files-text.com/api/accounts/avatars/ https://connect.punchout2go.com https://*.stemcell.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://www.linkedin.com https://id.rlcdn.com https://aorta.clickagy.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com *.magento-ds.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.googletagmanager.com *.livechatinc.com *.livechat-static.com *.punchout2go.com *.tradecentric.com https://cdn.recapture.io https://acds-events.adobe.io https://rum.hlx.page https://maps.googleapis.com https://hm.baidu.com/hm.js https://bat.bing.com https://*.clarity.ms https://cdn.chatbot.com https://tags.clickagy.com https://www.clickcease.com https://img.en25.com https://*.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com/ajax/libs/ https://seal.geotrust.com/getgeotrustsslseal geoip-js.com https://*.hotjar.com https://*.livechatinc.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cmp.osano.com https://connect.punchout2go.com/jslib/ https://*.recapture.io/beacon/ https://cdn.recapture.io/sdk/ https://cdn.searchspring.net/intellisuggest/is.min.js https://*.stemcell.com/media/ https://*.twitter.com https://static.ads-twitter.com https://calendar.time.ly https://unpkg.com/tabulator-tables@6.2.1/dist/js/tabulator.min.js https://*.xisecurenet.com https://s.yimg.com/wi/ytc.js https://ws.zoominfo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com *.livechatinc.com *.fontawesome.com *.punchout2go.com *.tradecentric.com https://connect.punchout2go.com/jslib/ https://www.googletagmanager.com/debug/badge.css 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.livechatinc.com *.livechat-static.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.livechatinc.com *.text.com https://app.recapture.io https://bat.bing.com https://cdn.chatbot.com https://*.clarity.ms https://*.doubleclick.net https://geoip-js.com https://www.googleadservices.com https://analytics.google.com *.google-analytics.com https://fonts.googleapis.com https://www.google.com/pagead/ https://maps.googleapis.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://api.kameleoon.com https://na-data.kameleoon.io https://na-data.kameleoon.eu https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.livechatinc.com https://bam.nr-data.net https://cmp.osano.com https://*.api.osano.com https://connect.punchout2go.com https://d3peztlk7w3332.cloudfront.net *.searchspring.io *.searchspring.net https://s.yimg.com https://geo-ip.js wss://*.hotjar.com https://aorta.clickagy.com https://vc.hotjar.io 'self' 'unsafe-inline'; child-src *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com *.klevu.com *.yotpo.com *.livechatinc.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.elev.io *.zdassets.com *.cartfulsolutions.com *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com data: *.greatlakesskipper.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cybersource.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.criteo.net *.criteo.com *.livechatinc.com *.wufoo.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net getshogun.com *.klaviyo.com *.facebook.com *.cybersource.com insight.adsrvr.com insight.adsrvr.org *.frstre.com *.cloudfront.net *.g.doubleclick.net *.twitter.com *.cloudmaestro.com *.elev.io *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com *.addthis.com *.recaptcha.net *.freshdesk.com airtable.com *.paypalobjects.com *.kaptcha.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: landofcoder.com *.yotpo.com *.vimeo.com *.pixlee.com *.pixlee.co *.pxlecdn.co *.jst.ai *.jsdelivr.net *.pxlecdn.com *.klaviyo.com *.facebook.com *.facebook.net *.google.com *.bing.com *.choozle.com s3.amazon.com s3.amazonaws.com *.g.doubleclick.net *.adsrvr.org *.twitter.com *.swagger.io *.cloudfront.net *.godaddy.com *.cartfulsolutions.com *.cloudmaestro.com *.trustwave.com/ *.taboola.com *.media.net *.3lift.com *.rubiconproject.com *.adnxs.com *.outbrain.com *.adform.net *.360yield.com *.yieldmo.com *.bidswitch.net *.yahoo.com *.smartadserver.com *.advertising.com *.stickyadstv.com *.fwmrm.net *.adscale.de *.teads.tv *.postrelease.com *.sharethrough.com *.ivitrack.com *.casalemedia.com *.smaato.net *.pubmatic.com *.omnitagjs.com *.criteo.com *.mediawallahscript.com *.mgid.com *.addthis.com *.revcontent.com *.liadm.com *.rlcdn.com *.turn.com *.krxd.net *.google.com.ar *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.braintree-api.com *.bazaarvoice.com *.klevu.com *.greatlakesskipper.com *.clmbtech.com *.tapad.com *.openx.net *.dmxleo.com *.tremorhub.com *.kargo.com *.tpmn.co.kr *.agkn.com *.amanad.adtdp.com *.bluekai.com *.mathtag.com *.zemanta.com *.bnmla.com *.stackadapt.com *.simpli.fi *.admanmedia.com *.loopme.me *.digitaleast.mobi *.yieldlab.net *.lemmatechnologies.com *.avct.cloud *.deepintent.com *.dotomi.com *.creative-serving.com *.twiago.com *.amazon-adsystem.com *.mediavine.com *.socdm.com *.octillion.tv *.bidr.io.tv *.everesttech.net *.w55c.net *.emxdgt.com *.adgrx.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.reddit.com *.googletagmanager.com *.doubleclick.net *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ www.google.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.klevu.com *.cloudflare.com *.klaviyo.com acsbapp.com *.acsbap.com acsbap.com *.online-metrix.net *.criteo.net *.criteo.com *.trustwave.com *.livechatinc.com *.wufoo.com *.fontawesome.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.gstatic.com *.jsdelivr.net *.justuno.com *.getshogun.com *.zdassets.com *.elev.io *.facebook.net *.zopim.com *.govx.com govxconnect.com *.pinimg.com *.bing.com *.tapfiliate.com *.cloudfront.net *.pepperjam.net *.pepperjam.com *.g.doubleclick.net *.ensighten.com *.bestworlds.com *.cartsave.io *.twitter.com *.swagger.io *.payments-amazon.com *.amazon.com *.godaddy.com *.cartfulsolutions.com *.cybersource.com *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com polyfill.io *.oribi.io *.paypal.com *.cloudflareinsights.com *.braintree-api.com *.greatlakesskipper.com *.trackedweb.net *.emxdgt.com *.uptrendsdata.com *.noibu.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.googleapis.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.trackedlink.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.fontawesome.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.bestworlds.com *.cartsave.io *.cloudmaestro.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.paypal.com *.braintree-api.com apps.bazaarvoice.com *.greatlakesskipper.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.googletagmanager.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.ksearchnet.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.jst.ai *.jsdelivr.net *.klaviyo.com *.zdassets.com *.cloudmaestro.com agentcore.s3.amazonaws.com *.freshchat.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.vimeo.com *.pixlee.com *.pxlecdn.com *.pixlee.co *.klaviyo.com *.jst.ai *.acsbapp.com acsbapp.com *.jsdelivr.net *.zdassets.com *.zendesk.com *.facebook.com *.elev.io *.zopim.com wss://*.zopim.com *.google-analytics.com *.g.doubleclick.net *.pinterest.com *.bestworlds.com *.cartsave.io *.bing.com *.amazon.com *.cartfulsolutions.com *.cloudmaestro.com adapter.aivo.co *.agentbot.net *.oribi.io *.hotjar.com *.freshchat.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.ksearchnet.com *.trackedweb.net *.googleadservices.com *.google.com.ar *.uptrendsdata.com *.noibu.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.twimg.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.trackedlink.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.cloudmaestro.com *.visualwebsiteoptimizer.com *.cloudflare.com polyfill.io *.cartsave.io *.paypal.com *.braintree-api.com *.greatlakesskipper.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self';connect-src 'self' marketing.cockroachlabs.cloud https://autocomplete.clearbit.com https://status.cockroachlabs.cloud https://marketing.cockroachlabs.cloud https://marketing.management-staging.crdb.io 350-qin-827.mktoresp.com https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://r3f773swz03t.statuspage.io https://checkout.stripe.com https://api.stripe.com https://fast.appcues.com wss://api.appcues.net https://api.segment.io https://cdn.segment.com https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://session-replay.browser-intake-us5-datadoghq.com https://rum.browser-intake-us5-datadoghq.com https://logs.browser-intake-us5-datadoghq.com https://browser-intake-us5-datadoghq.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://fast.chameleon.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' marketing.cockroachlabs.cloud https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com cdn.wootric.com munchkin.marketo.net https://checkout.stripe.com https://js.stripe.com cdn.segment.com https://cdn.madkudu.com fast.appcues.com https://widget.kapa.ai https://fast.chameleon.io https://cdn.cookielaw.org https://cdn.jsdelivr.net;child-src 'self' marketing.cockroachlabs.cloud blob: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.cockroachlabs.com https://td.doubleclick.net https://checkout.stripe.com https://js.stripe.com https://r3f773swz03t.statuspage.io https://fast.chameleon.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.appcues.com;font-src 'self' https://fonts.gstatic.com data:;img-src 'self' data: https://logo.clearbit.com https://*.stripe.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;report-uri /csp-reports 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://analytics.algolia.com https://*.algolia.net https://insights.algolia.io https://*.scarabresearch.com https://*.abtasty.com https://api-js.mixpanel.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.de https://ams.creativecdn.com https://bat.bing.net https://bat.bing.com https://*.pinterest.com https://www.googleadservices.com https://locator.uberall.com https://*.mapbox.com https://google.com/ https://api.friendlycaptcha.com https://*.adyen.com https://*.zenloop.com https://*.sovendus.com https://api.userlike.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.facebook.com https://webchannel-content.eservice.emarsys.net https://www.paypal.com https://www.sandbox.paypal.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://sgtm.blume2000.de https://sgtm.blume2000.at https://sgtm.blume2000.ch https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://eu-api.friendlycaptcha.eu wss://umd.userlike.com umd.userlike.com https://userlike-cdn-web.b-cdn.net https://www.userlike.com blob: https://y.clarity.ms https://s.clarity.ms; script-src 'self' https://*.usercentrics.eu https://*.scarabresearch.com https://try.abtasty.com https://maps.googleapis.com https://www.googletagmanager.com https://va.vercel-scripts.com https://sgtm.blume2000.de https://sgtm.blume2000.at https://sgtm.blume2000.ch https://connect.facebook.net https://s.pinimg.com https://ct.pinterest.com https://tags.creativecdn.com https://bat.bing.com https://www.dwin1.com https://*.hotjar.com https://lantern.roeyecdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net/gh/paulirish/lite-youtube-embed@master/src/lite-yt-embed.js https://locator.uberall.com https://*.mapbox.com https://zenloop-website-overlay-production.s3.amazonaws.com https://*.zenloop.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.sovendus.com https://vercel.live https://www.paypal.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://applepay.cdn-apple.com https://*.abtasty.com https://www.clarity.ms https://scripts.clarity.ms 'unsafe-inline' 'unsafe-eval' https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.clarity.ms https://scripts.clarity.ms; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.abtasty.com; img-src 'self' data: blob: https://suite16.emarsys.net https://link.mailing.blume2000.de https://link.mailing.blume2000.at https://link.mailing.blume2000.ch https://*.abtasty.com https://res.cloudinary.com https://maps.gstatic.com https://maps.googleapis.com https://app.usercentrics.eu https://lantern.roeye.com https://bat.bing.net https://bat.bing.com https://www.google.com https://www.google.de https://www.googleadservices.com https://www.facebook.com https://i.ytimg.com/ https://www.googletagmanager.com https://locator.uberall.com https://connect.facebook.net https://*.cdn.adyen.com https://*.doubleclick.net https://uct.service.usercentrics.eu https://www.paypalobjects.com https://*.google-analytics.com https://storage.googleapis.com https://api.mapbox.com https://ib.adnxs.com https://rt.udmserve.net https://cm.adform.net https://ih.adscale.de https://cm.g.doubleclick.net https://visitor.omnitagjs.com https://pixel.advertising.com https://ice.360yield.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://hbx.media.net https://cs.mobfox.com/ https://cm.mgid.com https://onetag-sys.com https://us-u.openx.net https://sync.outbrain.com https://simage2.pubmatic.com https://bh.contextweb.com https://s.seedtag.com/ https://match.sharethrough.com https://s.ad.smaato.net https://us.ck-ie.com https://ce.lijit.com https://sync.taboola.com https://eb2.3lift.com https://s-cs.rmp.rakuten.com https://dot.wp.pl https://ad.yieldlab.net https://ads.yieldmo.com https://t.visx.net https://ssc-cms.33across.com/ https://inv-nets.admixer.net https://sync.e-planning.net https://csync.loopme.me https://adn.caprofitx.com https://sync.addlv.smt.docomo.ne.jp https://sync.teads.tv https://sync.console.adtarget.com.tr https://dot.wp.pl https://sync.1rx.io https://ssp-csync.smartadserver.com https://rtb.gumgum.com https://sync.connectad.io https://csync.smilewanted.com https://sync.go.sonobi.com https://fast.nexx360.io https://hb.yahoo.net https://sync-service.net https://sync.cootlogix.com https://cs.adingo.jp https://sync.inmobi.com https://stickyadstv.com https://yellowblue.io https://dmxleo.com https://ms-cookie-sync.presage.io https://adtech.ink https://cm-exchange.toast.com https://ad.as.amanad.adtdp.com https://sync.bidence.net https://cs.gssprt.jp https://sp.gmossp-sp.jp/ https://analytics.ad.daum.net https://s-cs.send.microad.jp https://mixer.mobon.net https://tg.socdm.com https://sync.ad-stir.com https://t.adx.opera.com https://ad.tpmn.co.kr https://userlike-cdn-operators.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://userlike-cdn-web.b-cdn.net https://www.userlike.com https://userlike-store-media-files.s3.amazonaws.com https://i.ytimg.com; font-src 'self' https://res.cloudinary.com https://locator.uberall.com https://assets.zenloop.com https://userlike-cdn-umm.b-cdn.net https://*.abtasty.com https://applepay.cdn-apple.com https://fonts.gstatic.com; worker-src 'self' blob:; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.googletagmanager.com https://ct.pinterest.com https://www.facebook.com https://*.adyen.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://vercel.live/ https://www.paypal.com https://www.sandbox.paypal.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://sgtm.blume2000.de https://sgtm.blume2000.at https://sgtm.blume2000.ch https://ams.creativecdn.com https://*.edb.com https://*.abtasty.com https://applepay.cdn-apple.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self' https://app.storyblok.com https://blume2000.io https://*.blume2000.io https://blume2000.de https://*.blume2000.de https://blume2000.at https://*.blume2000.at https://blume2000.ch https://*.blume2000.ch http://localhost:3000 http://localhost:3001; media-src 'self' https://userlike-cdn-umm.b-cdn.net https://userlike-store-media-files.s3.amazonaws.com https://www.userlike.com blob:; child-src 'self' https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net blob:; object-src 'none' 1
script-src 'nonce-51qA6YiL0DBLabRjqMg1wQ==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=1fb2c5af-1a39-43c8-8560-fc9af5ba56e9; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.googletagmanager.com *.grudado.com.br *.doubleclick.net *.paypal.com *.mercadolibre.com *.pinterest.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.addthis.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googletagmanager.com *.grudado.com.br *.facebook.com *.google.com *.google.com.br *.mercadolibre.com *.mercadolivre.com *.mercadolivre.com.br *.doubleclick.net *.bing.com *.pinimg.com *.pinterest.com *.mercadopago.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://images.unsplash.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.mixpnl.com https://analytics.tiktok.com *.clarity.ms *.logr-ingest.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.vimeo.com *.video.google.com *.facebook.net *.doubleclick.net *.mlstatic.com *.mercadopago.com *.bing.com *.pinimg.com *.sgtm.grudado.com.br ct.pinterest.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br google.com *.facebook.com  'unsafe-inline'  *.mercadolivre.com *.mercadolibre.com https://mercadopago.com.br https://maps.googleapis.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com load.sgtm.grudado.com.br https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.mixpanel.com https://cdn.growthbook.io https://analytics.tiktok.com https://*.clarity.ms https://*.grudado.com.br https://viacep.com.br *.doubleclick.net *.google.com *.mercadopago.com *.mercadolibre.com *.pinterest.com *.pinpiaa.com *.bing.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br google.com *.facebook.com *.mercadolivre.com https://mercadopago.com.br *.mlstatic.com https://maps.googleapis.com https://player.vimeo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net load.sgtm.grudado.com.br https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.indigo.ai mtmc.iltrovatore.it data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net/ *.vimeo.com *.demdex.net *.indigo.ai mtmc.iltrovatore.it 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com *.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.google.com *.google.it *.googleapis.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.vimeo.com *.googletagmanager.com *.paypalobjects.com *.demdex.net *.amazonaws.com *.swagger.io *.ytimg.com *.doubleclick.net *.magentocommerce.com *.adobe.com  *.everesttech.net *.omtrdc.net *.adobedtm.com *.bing.com *.indigo.ai mtmc.iltrovatore.it *.appdomain.cloud data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.adobedtm.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.paypal.com *.paypalobjects.com *.googleapis.com *.vimeo.com *.chimpstatic.com *.mailchimp.com *.addthis.com *.bing.com *.hotjar.com *.facebook.net *.iubenda.com *.indigo.ai mtmc.iltrovatore.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.iubenda.com *.indigo.ai mtmc.iltrovatore.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.indigo.ai mtmc.iltrovatore.it 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com ekr.zdassets.com/ *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.vimeo.com *.paypalobjects.com *.zdassets.com *.googleapis.com *.youtube.com https://maps.googleapis.com https://fonts.googleapis.com *.doubleclick.net *.hotjar.com *.iubenda.com *.indigo.ai mtmc.iltrovatore.it 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline'  https://addtocalendar.com  https://use.typekit.net https://cdn.userway.org https://cdn.siteimprove.net https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google-analytics.com https://copperalliance.org https://internationalcopper.org/ https://cdn.svgator.com; style-src 'self' 'unsafe-inline' https://addtocalendar.com https://cdn.jsdelivr.net  https://cdn.userway.org; img-src 'self'  https://p.typekit.net https://cdn.userway.org data: *; media-src *.cloudfront.net; frame-src https://cdn.userway.org; font-src 'self' https://cdn.jsdelivr.net https://use.typekit.net  https://cdn.userway.org ; connect-src 'self' https://freeport2017ir.q4web.com https://api.userway.org https://www.google-analytics.com https://contentassistant.eu.siteimprove.com https://id.eu.siteimprove.com https://cdn.userway.org https://cdn77.api.userway.org https://region1.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; img-src 'self' *.gaertner.de; frame-src 'self' https://www.openstreetmap.org ; font-src 'self' ; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' https://*.keva.fi https://disqus.com https://*.disquscdn.com https://static.aim.front.ai https://905keva.boost.ai; style-src 'self' 'unsafe-inline' *.tinymce.com *.tiny.cloud https://*.googleapis.com https://*.episerver.net https://*.disquscdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://ton.twimg.com https://platform.twitter.com https://hello.myfonts.net https://fonts.googleapis.com https://cdn.reactandshare.com https://static.aim.front.ai; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tinymce.com *.tiny.cloud https://*.reactandshare.com https://*.keva.fi https://disqus.com https://keva-fi.disqus.com https://*.disquscdn.com https://cdn.syndication.twimg.com https://api.twitter.com https://platform.twitter.com https://*.snoobi.com https://insight.fonecta.fi https://netdna.bootstrapcdn.com https://*.episerver.net https://code.jquery.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://*.vo.msecnd.net https://connect.facebook.net https://*.krxd.net https://survey.taloustutkimus.fi https://www.googleadservices.com https://snap.licdn.com https://unpkg.com https://js.monitor.azure.com https://static.aim.front.ai/ https://905keva.boost.ai; img-src 'self' data: blob: kevadevstorage.blob.core.windows.net *.tinymce.com *.tiny.cloud https://*.reactandshare.com https://*.adsymptotic.com/ https://*.gstatic.com https://*.keva.fi https://*.episerver.net https://*.twitter.com https://*.twimg.com https://insight.fonecta.fi https://cdn.shopify.com https://nuget.episerver.com https://raw.githubusercontent.com https://www.facebook.com https://referrer.disqus.com https://*.disquscdn.com https://beacon.krxd.net https://*.snoobi.com https://www.linkedin.com https://*.ads.linkedin.com https://static.aim.front.ai https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com; connect-src wss: https: ws: https://dc.services.visualstudio.com https://static.aim.front.ai https://905keva.boost.ai; font-src 'self' *.tinymce.com *.tiny.cloud https://*.cloudflare.com https://*.keva.fi https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://cdn.reactandshare.com https://static.aim.front.ai https://*.cloudfront.net; frame-src 'self' *.tinymce.com *.tiny.cloud https://*.keva.fi https://*.twitter.com https://www.youtube.com https://disqus.com https://staticxx.facebook.com https://cdn.krxd.net https://survey.taloustutkimus.fi https://player.vimeo.com https://www.riddle.com https://*.soundcloud.com https://app.powerbi.com https://dashboard.find.episerver.net/; object-src 'self'; 1
default-src 'self';    connect-src 'self'  *.nixonpeabody.com *.nixonpeabody.localhost stats.g.doubleclick.net analytics.google.com region1.analytics.google.com *.typekit.net *.vercel.app *.linkedin.com *.clarity.ms *.bing.com *.onetrust.com *.google.com *.doubleclick.net apps.sitecore.net cdn.cookielaw.org googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com cdn.pdst.fm pixels.spotify.com youtube.com www.youtube.com player.vimeo.com open.spotify.com vercel.com vercel.live vitals.vercel-insights.com wss://ws-us3.pusher.com www.googletagmanager.com *.google.com *.google.ca *.google.co.uk *.google.com.au *.google.co.in *.google.de *.google.fr *.google.it *.google.es *.google.jp *.google.com.br *.google.co.kr *.google.co.za *.google.com.mx *.google.nl *.google.se *.google.dk *.google.no *.google.ch *.google.be *.google.ie *.google.pl *.google.ro *.google.ru *.google.com.hk *.google.sg *.google.com.tw *.google.co.nz *.google.fi *.google.pt;    script-src 'self'  'unsafe-inline' *.searchstax.com *.clarity.ms cdn.cookielaw.org www.googletagmanager.com tagmanager.google.com snap.licdn.com vercel.live cdn.pdst.fm player.vimeo.com static.searchstax.com *.doubleclick.net;    script-src-elem 'self'  'unsafe-inline' *.searchstax.com *.clarity.ms cdn.cookielaw.org www.googletagmanager.com tagmanager.google.com snap.licdn.com vercel.live cdn.pdst.fm player.vimeo.com static.searchstax.com *.doubleclick.net googleads.g.doubleclick.net;    img-src * data: blob:;    style-src 'self' 'unsafe-inline' *.typekit.net use.typekit.net vercel.live *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;    style-src-elem 'self' 'unsafe-inline' *.typekit.net use.typekit.net vercel.live *.googletagmanager.com tagmanager.google.com fonts.googleapis.com;    object-src 'self' data: blob:;    base-uri 'self';    form-action 'self';    font-src 'self' data: *.typekit.net use.typekit.net vercel.live assets.vercel.com fonts.gstatic.com;    frame-src 'self' vercel.live *.doubleclick.net player.vimeo.com youtube.com www.youtube.com cdn.yoshki.com open.spotify.com www.googletagmanager.com;    frame-ancestors 'none';    upgrade-insecure-requests;    report-to csp-report; 1
img-src 'self' data: dev.visualwebsiteoptimizer.com cdn.cookielaw.org www.googletagmanager.com *.siteimproveanalytics.io *.intoxalock.com *.facebook.com *.lpsnmedia.net *.gstatic.com *.googleapis.com i.ytimg.com 'self' data: dev.visualwebsiteoptimizer.com cdn.cookielaw.org www.googletagmanager.com *.siteimproveanalytics.io *.intoxalock.com *.facebook.com *.lpsnmedia.net *.gstatic.com *.googleapis.com i.ytimg.com px.ads.linkedin.com; script-src m555.bluemod.us cdn.cookielaw.org www.googletagmanager.com js.monitor.azure.com *.liveperson.net *.liveperson.com *.lpsnmedia.net unpkg.com getrockerbox.com siteimproveanalytics.com *.infinity-tracking.com *.facebook.com *.intoxalock.com *.facebook.net *.ubembed.com *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com m555.bluemod.us *.googletagmanager.com *.gstatic.com mindrco.blueconic.net dev.visualwebsiteoptimizer.com snap.licdn.com www.youtube.com 'self' 'unsafe-inline' 'nonce-5faLqWq09v+RTuD43ClingRWZte9FtggTWsicMjJnno='; font-src 'self' data: *.gstatic.com; connect-src dev.visualwebsiteoptimizer.com *.applicationinsights.azure.com cdn.cookielaw.org *.google.com *.infinity-tracking.com *.googleapis.com *.onetrust.com dev.visualwebsiteoptimizer.com *.onetrust.com t081.intoxalock.com r5.visualwebsiteoptimizer.com px.ads.linkedin.com ad.doubleclick.net www.google-analytics.com 'self'; frame-src 'self' *.trustpilot.com www.googletagmanager.com td.doubleclick.net lpcdn.lpsnmedia.net *.liveperson.net *.youtube.com https://www.google.com https://locations.intoxalock.com.yext-cdn.com https://www.zeemaps.com/ 'self' *.trustpilot.com www.googletagmanager.com td.doubleclick.net lpcdn.lpsnmedia.net *.liveperson.net *.youtube.com https://www.google.com https://locations.intoxalock.com.yext-cdn.com https://www.zeemaps.com https://13396136.fls.doubleclick.net https://www.facebook.com; style-src *.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; default-src 'self'; 1
default-src 'self' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; connect-src 'self' solutionreach.okta.com solutionreach-admin.okta.com login.solutionreach.com *.oktacdn.com *.mixpanel.com *.mapbox.com solutionreach.kerberos.okta.com solutionreach.mtls.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' solutionreach.okta.com login.solutionreach.com *.oktacdn.com; frame-src 'self' solutionreach.okta.com solutionreach-admin.okta.com login.solutionreach.com login.okta.com; img-src 'self' solutionreach.okta.com login.solutionreach.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: blob:; font-src 'self' solutionreach.okta.com login.solutionreach.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'self' *.oktacdn.com; connect-src 'self' *.oktacdn.com *.mixpanel.com *.mapbox.com https://oinmanager.trexcloud.com data:; script-src 'unsafe-inline' 'nonce-TPHQh1n96VIlR_Ugkzv3ew' 'self' 'report-sample' *.oktacdn.com; style-src 'unsafe-inline' 'nonce-TPHQh1n96VIlR_Ugkzv3ew' 'self' 'report-sample' *.oktacdn.com; frame-src 'self' login.trexcloud.com *.vidyard.com; img-src 'self' *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/reportOnly; report-to csp 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com *.gstatic.com *.hotjar.com *.cloudfront.net static.klaviyo.com *.reviews.io *.reviews.co.uk *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.reviews.io *.reviews.co.uk *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.google.com/ *.hotjar.com *.livechatinc.com *.reviews.co.uk widget.reviews.co.uk *.reviews.io *.pingdom.com *.heritagepartscentre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.google.com *.google.co.uk *.cloudfront.net *.facebook.com *.yotpo.com *.heritagepartscenter.com www.google.co.in *.google-analytics.com bat.bing.com imgsct.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.pcapredict.com/js/sensor.js *.google.com/ *.gstatic.com *.hotjar.com *.doubleclick.net *.newrelic.net *.livechatinc.com *.facebook.net *.webgains.io *.chimpstatic.com *.yotpo.com *.reviews.co.uk *.trackedlink.net *.googleapis.com gtm.heritagepartscentre.com consent.cookiebot.com bat.bing.com www.clarity.ms consentcdn.cookiebot.com scripts.clarity.ms static.zdassets.com static.zdassets.com/web_widget static.onsitesupport.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.yotpo.com *.cloudfront.net *.reviews.co.uk static.onsitesupport.io https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.reviews.io *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.livechatinc.com *.heritagepartscenter.com *.onsitesupport.io static.onsitesupport.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.hotjar.com *.adobedc.net *.reviews.co.uk bat.bing.com l.clarity.ms consentcdn.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com dk5s5cje1o3yr.cloudfront.net *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.freshmarketer.com *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.hotjar.com www.facebook.com *.pinterest.com *.g.doubleclick.net *.zinrelo.com *.google.com *.google.co.in *.freshchat.com *.freshmarketer.com *.adroll.com panorama.2020.net *.ampproject.org *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com *.lilyanncabinets.com *.lilyanncabinets.local c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.demdex.net searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.visualwebsiteoptimizer.com bat.bing.com *.bing.com www.google.co.in *.facebook.com *.facebook.net *.pinterest.com cdn.pushcrew.com *.magecomp.com *.googletagmanager.com *.shopperapproved.com *.clarity.ms *.lilyanncabinets.com *.cloudfront.net *.amazonaws.com *.adroll.com d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com pixel.rubiconproject.com pixel.advertising.com sync.outbrain.com sync.taboola.com eb2.3lift.com dsum-sec.casalemedia.com image2.pubmatic.com ups.analytics.yahoo.com dk5s5cje1o3yr.cloudfront.net *.ytimg.com *.pinimg.com *.heatmap.it *.gstatic.com maps.googleapis.com *.hotjar.io *.hotjar.com *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com bat.bing.com *.woopra.com chimpstatic.com dev.visualwebsiteoptimizer.com cdn.pushcrew.com connect.facebook.net s.pinimg.com apis.google.com *.freshchat.com *.freshmarketer.com www.gstatic.com *.googletagmanager.com *.clarity.ms *.smartlook.com *.cardinalcommerce.com *.shopperapproved.com *.googlecommerce.com *.zinrelo.com *.cloudfront.net webmoder.space *.adroll.com *.hotjar.com d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com *.pinterest.com dk5s5cje1o3yr.cloudfront.net downloads.mailchimp.com mc.us2.list-manage.com ajax.googleapis.com *.heatmap.it *.fw-cdn.com *.klaviyo.com maps.googleapis.com https://analytics.tiktok.com *.fwusercontent.com *.ampproject.org *.answerbase.com cdn.skypack.dev *.static.klaviyo.com *.static-tracking.klaviyo.com *.cdnjs.cloudflare.com *.ttwstatic.com fw-cdn.com https://s.pinimg.com data-management-external.magento-ds.com *.lilyanncabinets.local *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.list-manage.com *.googleapis.com *.google.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local *.magento-datasolutions.com *.magento-ds.com *.certcapture.com cdn.pushcrew.com *.freshchat.com *.freshmarketer.com d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com *.adroll.com *.pinterest.com dk5s5cje1o3yr.cloudfront.net downloads.mailchimp.com mc.us2.list-manage.com *.hotjar.io *.hotjar.com *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com *.ttwstatic.com *.shopperapproved.com *.fontawesome.com *.gstatic.com https://static.klaviyo.com *.googleapis.com *.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local https://lilyanncabinets.com *.cdninstagram.com *.amazonaws.com d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com *.lilyanncabinets.com dk5s5cje1o3yr.cloudfront.net *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.klaviyo.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klaviyo.com *.visualwebsiteoptimizer.com *.clarity.ms ct.pinterest.com *.doubleclick.net *.cardinalcommerce.com *.google-analytics.com *.smartlook.cloud *.smartlook.com *.demdex.net *.chimpstatic.com *.facebook.com *.woopra.com *.hotjar.com *.hotjar.io ws34.hotjar.com *.adroll.com *.pinterest.com d1hcctelsiwksg.cloudfront.net mcstaging-cdn.lilyanncabinets.com *.lilyanncabinets.com *.lilyanncabinets.local dk5s5cje1o3yr.cloudfront.net *.freshmarketer.com maps.googleapis.com ws23.hotjar.com *.tiktok.com *.fw-cdn.com *.fwusercontent.com *.ampproject.org *.answerbase.com *.google.co.in *.googleadservices.com *.algolia.io prod-init.100ms.live wss://*.100ms.live wss://rts-us-fcht.freshworksapi.com *.static.klaviyo.com *.static-tracking.klaviyo.com *.app.zinrelo.com wss://*.hotjar.com www.google.com https://google.com bat.bing.com *.bing.com *.breadgateway.net data-management-external.magento-ds.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com lilyanncabinets.local *.getbread.com *.chimpstatic.com *.cloudfront.net *.adroll.com *.pinterest.com *.klaviyo.com *.hotjar.io *.hotjar.com ws23.hotjar.com *.fw-cdn.com *.ampproject.org *.answerbase.com *.static.klaviyo.com *.static-tracking.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.liantis.be; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/client https://www.googletagmanager.com https://geddle.com https://o.alicdn.com https://static.twtcdn.com https://www.clarity.ms https://scripts.clarity.ms https://visitorchat.twt.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; img-src 'self' data: blob: https://*.googleusercontent.com https://www.googletagmanager.com https://static.twtcdn.com https://www.clarity.ms; font-src 'self' data:; frame-src https://accounts.google.com/gsi/ https://visitorchat.twt.com; connect-src 'self' https://accounts.google.com/gsi/ https://www.google-analytics.com https://geddle.com https://static.twtcdn.com https://f.clarity.ms https://visitorchat.twt.com; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.cloudflare.com *.contivio.com *.hsappstatic.net *.ivaws.com *.redditstatic.com *.slant.co *.tiktok.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.adroll.com *.bing.com *.braintreegateway.com *.cloudflare.com *.compton.k12.ca.us *.contivio.com *.criteo.com *.criteo.net *.deledao.com *.doubleclick.net *.facebook.com *.google.com *.googletagmanager.com *.ibosscloud.com *.jotform.com *.liadm.com *.linewize.net *.lsfilter.com *.microsoftonline.com *.netsuite.com *.opendns.com *.securly.com *.shareasale-analytics.com *.shareasale.com *.skimresources.com *.trustpilot.com *.vimeo.com 127.0.0.1 lsrelay-config-production.s3.amazonaws.com vimeo.com www.google.bs www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.nz www.google.co.th www.google.co.uk www.google.com.au www.google.com.br www.google.com.eg www.google.com.mx www.google.com.pr www.google.com.qa www.google.de www.google.es www.google.it www.google.no www.xtento.com *.addthis.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.ablyft.com *.adroll.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.contivio.com *.criteo.net *.dicebear.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.googletagmanager.com *.ivaws.com *.liadm.com *.mailchimp.com *.pinimg.com *.pinterest.com *.reddit.com *.redditstatic.com *.tiktok.com *.wepowerconnections.com *.ytimg.com d1z0mfyqx7ypd2.cloudfront.net d3k81ch9hvuctc.cloudfront.net google.com shareasale.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tm www.google.tn www.google.tt www.google.ws cdn.xtento.com flagpedia.net www.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.33across.com *.ablyft.com *.adroll.com *.amped.io *.bing.com *.boldchat.com *.braintreegateway.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.contivio.com *.criteo.com *.doubleclick.net *.dwin1.com *.facebook.net *.fullstory.com *.getgobot.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.jotfor.ms *.jsdelivr.net *.klaviyo.com *.klevu.com *.liadm.com *.mailchimp.com *.noibu.com *.optiversal.com *.pinterest.com *.redditstatic.com *.rmbl.ws *.smtrk.net *.tiktok.com *.trustpilot.com acsbapp.com unpkg.com xxredda.s3.amazonaws.com *.cardinalcommerce.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net maps.googleapis.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.ablyft.com *.bootstrapcdn.com *.cloudflare.com *.contivio.com *.googleapis.com *.gstatic.com *.klaviyo.com *.rakuten.com xxredda.s3.amazonaws.com https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.contivio.com *.gstatic.com *.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.ablyft.com *.acsbapp.com *.adblocknext.com *.bing.com *.bing.net *.braintreegateway.com *.clarity.ms *.contivio.com *.criteo.com *.datadome.co *.doubleclick.net *.facebook.com *.facebook.net *.getgobot.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.intuit.com *.klaviyo.com *.liadm.com *.mailchimp.com *.moonshot-ai.com *.noibu.com *.reddit.com *.redditstatic.com *.rmbl.ws *.tiktok.com *.tiktokw.us *.trustpilot.com *.wepowerconnections.com 9kvu81ddh3.execute-api.us-east-2.amazonaws.com acsbapp.com d3k81ch9hvuctc.cloudfront.net ipapi.co www.google.ae www.google.al www.google.as www.google.at www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cf www.google.ch www.google.cl www.google.cm www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.kz www.google.la www.google.lk www.google.lt www.google.md www.google.me www.google.mg www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tn www.google.tt ekr.zdassets.com/ www.gstatic.com maps.googleapis.com sp.americanflags.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://acc.locaties.partou.nl https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://fpp.partou.nl https://googleads.g.doubleclick.net https://locaties.partou.nl https://projects.elitechnology.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://acc.locaties.partou.nl https://locaties.partou.nl; object-src 'none'; base-uri 'self'; connect-src 'self' https://backoffice-api.acc.locaties.partou.nl https://backoffice-api.locaties.partou.nl wss://backoffice-api.acc.locaties.partou.nl wss://backoffice-api.locaties.partou.nl wss://cxcomlive-webconvwa-weu.azurewebsites.net https://bat.bing.com https://consentcdn.cookiebot.com https://fpp.partou.nl https://*.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com; font-src 'self' data: https://acc.locaties.partou.nl https://locaties.partou.nl https://www.cm.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com; img-src 'self' data: https://bat.bing.com https://img.youtube.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://tiles.stadiamaps.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.nl; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com self www.google.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com www.google.com www.gstatic.com apis.google.com accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com flagpedia.net *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.googleapis.com *.gstatic.com accounts.google.com *.fontawesome.com *.sharethis.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com accounts.google.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com accounts.google.com *.sharethis.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com *.googleapis.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.w3-edge.com https://www.googletagmanager.com https://www.googletagservices.com https://cdn.privacy-mgmt.com https://cdnjs.cloudflare.com https://secure.hook6vein.com https://a.usbrowserspeed.com https://www.details-enterprise-7.com https://pi.pardot.com https://www.google.com https://www.google-analytics.com https://go.skymedia.co.uk https://js-agent.newrelic.com https://bam.nr-data.net https://yoast.com https://ajax.googleapis.com https://assets.adobedtm.com https://www.gstatic.com https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie https://cdn.cflight.co.uk https://gdpr-tcfv2.sp-prod.net https://fluid.4strokemedia.com https://cdnb.4strokemedia.com https://z.moatads.com https://imasdk.googleapis.com https://pagead2.googlesyndication.com https://s0.2mdn.net;connect-src 'self' https://bam.nr-data.net https://cdn.privacy-mgmt.com https://my.yoast.com https://www.skymedia.co.uk https://cdn.skymedia.co.uk https://cdn.skymedia.ie https://cmp.skymedia.de https://edge.adobedc.net https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://fluid.4strokemedia.com https://feed.4strokemedia.com https://api.condatis.sky https://playback.brightcovecdn.com https://videos.skysports.com https://manifest.prod.boltdns.net https://securepubads.g.doubleclick.net https://videos.skynews.com https://csi.gstatic.com https://idx.liadm.com; img-src 'self' data: https: https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie; font-src 'self' data: https://fonts.gstatic.com https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie https://fonts.bunny.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie https://fonts.bunny.net;media-src 'self' https: blob: https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie https://playback.brightcovecdn.com https://videos.skysports.com https://videos.skynews.com;frame-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://players.brightcove.net https://www.youtube.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com  https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.weltpixel.com *.addthis.com *.pinterest.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.certcapture.com landofcoder.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://www.sandbox.paypal.com https://www.paypal.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://widget02.wolkvox.com https://static.cloudflareinsights.com https://ajax.googleapis.com https://crm.zoho.com https://crm.zohopublic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://connect.facebook.net https://snap.licdn.com https://*.clarity.ms https://c.bing.com https://static.hotjar.com https://script.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://fonts.googleapis.com https://*.hotjar.com; img-src 'self' data: https://cdn.prod.website-files.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://www.google.com.co https://www.facebook.com https://*.clarity.ms https://static.hotjar.com https://survey-images.hotjar.com http://imgsct.cookiebot.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.prod.website-files.com https:/* 1
img-src 'self' data: https://*.siteimproveanalytics.io; script-src 'self' https://siteimproveanalytics.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-src 'self' https://werbung.transgourmet.de https://www.youtube.com https://www.google.com www.recaptcha.net *.b2clogin.com *.loadbee.com *.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl googleads.g.doubleclick.net blob: cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl https://www.xing-events.com/resources/js/amiandoExport.js www.google.com content.syndigo.com www.recaptcha.net js.monitor.azure.com googleads.g.doubleclick.net job.transgourmet.de *.dvinci-easy.com *.clarity.ms *.loadbee.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://werbung.transgourmet.de 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-wzDL6izkpDKdgfo94qPnjdvU' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://decagon.ai https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.it https://www.myheritage.it  'unsafe-eval' 'nonce-82b1f8da97c988ffc8ccbe99f83db0fa' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-46_czMA5l-CJZvzgB9EEyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.tillamook.com tillamook.com stackpath.bootstrapcdn.com; img-src 'self' data: *.ctfassets.net ctfassets.net *.cookielaw.org cookielaw.org www.google.com/ads/ www.google-analytics.com/ www.facebook.com/ c.lytics.io/c/b5c7317d218cb2a0ef160219694b5a9e www.googletagmanager.com; media-src 'self' *.ctfassets.net ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: destinilocators.com https://connect.facebook.net/ *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.cookielaw.org cookielaw.org www.google-analytics.com/ www.googletagmanager.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.clarity.ms givebutter.com/ destinilocators.com/ www.googleoptimize.com/ cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js cdnjs.cloudflare.com/ajax/libs/iframe-resizer/2.8.10/iframeResizer.min.js cdnjs.cloudflare.com/ajax/libs/easyXDM/2.4.20/easyXDM.min.js va.vercel-scripts.com/v1/speed-insights/script.debug.js widget.intercom.io js.intercomcdn.com www.recaptcha.net analytics.tiktok.com/i18n/pixel/events.js; style-src 'self' 'unsafe-inline' *.typekit.net typekit.net api.tiles.mapbox.com www.exploretock.com stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css fonts.googleapis.com/css; style-src-elem 'self' 'unsafe-inline' *.typekit.net stackpath.bootstrapcdn.com fonts.googleapis.com; font-src 'self' *.tillamook.com tillamook.com *.typekit.net typekit.net www.exploretock.com stackpath.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' wss: *.tillamook.com tillamook.com *.tillamaps.com tillamaps.com *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.doubleclick.net doubleclick.net *.ingest.sentry.io *.ingest.us.sentry.io *.ctfassets.net ctfassets.net *.mapbox.com mapbox.com *.algolianet.com *.algolia.net *.onetrust.com onetrust.com *.cookielaw.org cookielaw.org analytics.google.com api.addresszen.com *.clarity.ms/collect www.recaptcha.net preview.contentful.com/ www.google-analytics.com/ vitals.vercel-insights.com/ cdn.contentful.com/ analytics.google.com/ d2k6913brarspg.cloudfront.net/ www.facebook.com/tr/ analytics.tiktok.com/api/v2/pixel qcjajnmiprtqkimhahis.supabase.co; frame-src 'self' https://vars.hotjar.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com https://www.youtube-nocookie.com https://destinilocators.com/ https://td.doubleclick.net/; frame-ancestors https://app.contentful.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://16x3230g.uriports.com/reports/report; report-to default 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com https://cdn.checkout.com images.getfastr.com https://fonts.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarna.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.cylindo.com/ ls.smct.io td.doubleclick.net d2d7do8qaecbru.cloudfront.net ct.pinterest.com edigitalsurvey.com sst.heals.com https://*.fixtuur.io/ https://*.digitalbridgehq.com blob: intent: https://www.googletagmanager.com/ https://www.google.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com imgsct.cookiebot.com imgsct.cookiebot.eu https://*.cylindo.com/ links.imagerelay.com images.getfastr.com gis.goinstore.com bat.bing.com c.az.contentsquare.net www.google.com.ua ad.doubleclick.net adservice.google.com sp.analytics.yahoo.com insight.adsrvr.org assets.reviews.io heals.content.fixtuur.io services.postcodeanywhere.co.uk js.checkout.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com https://www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.checkout.com *.klarnacdn.net consent.cookiebot.com consent.cookiebot.eu https://*.cylindo.com/ heals-1.store-uk1.advancedcommerce.services cas.zma.gs static.klaviyo.com static-tracking.klaviyo.com gis.goinstore.com sdk.fixtuur.io cdn.shipup.co cdn.usehero.com consentcdn.cookiebot.com s.pinimg.com smct.co t.contentsquare.net bat.bing.com analytics.webgains.io cdn.sub2tech.com assets.gocertify.me js.smct.io js-agent.newrelic.com ct.pinterest.com uk005.sub2tech.com s.yimg.com sm001.sub2tech.com viewer.cylindo.com scripts.sirv.com uk002.sub2tech.com www.google.com static-na.payments-amazon.com www.gstatic.com services.postcodeanywhere.co.uk cdn.checkout.com https://*.fixtuur.io/ https://*.digitalbridgehq.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ cdn.shipup.co widget.reviews.io assets.reviews.io gis.goinstore.com viewer.cylindo.com scripts.sirv.com js.checkout.com https://static.klaviyo.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarnaevt.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://*.cylindo.com/ analytics.google.com sst.heals.com cas.zma.gs fast.a.klaviyo.com static-forms.klaviyo.com eu.prd.impact.fixtuur.com ct.pinterest.com ep.smct.co k-eu1.az.contentsquare.net api.usehero.com c.az.contentsquare.net srm.aa.contentsquare.net bam.nr-data.net s.yimg.com adservice.google.com api.reviews.io heals.content.fixtuur.io stats.sirv.com www.google-analytics.com services.postcodeanywhere.co.uk js.checkout.com fpjs.checkout.com risk.checkout.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com k-eu1.az.contentsquare.net c.az.contentsquare.net bam.nr-data.net www.google.com google.com stats.sirv.com heals-1.tracking-uk1.advancedcommerce.services www.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://349fdf52-472e-46ad-8c8c-5e785e5026a3.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.ccavenue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.ccavenue.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' https://pay.google.com https://applepay.cdn-apple.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data:;connect-src 'self';font-src 'self' 'unsafe-inline' https://fonts.googleapis.com;media-src 'self';frame-src 'self' https://applepay.cdn-apple.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
report-uri /api/v1/csp-report; connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://www.facebook.com https://analytics.tiktok.com https://api.maptiler.com https://api.typeform.com https://*.consentmanager.net https://*.pinterest.com; default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.consentmanager.net https://www.googletagmanager.com https://analytics.tiktok.com https://s.pinimg.com https://embed.typeform.com https://www.gstatic.com https://connect.facebook.net https://cdn.jsdelivr.net https://ct.pinterest.com https://*.googleapis.com https://*.google.com https://*.trustpilot.com; style-src 'self' 'unsafe-inline' https://embed.typeform.com https://fonts.googleapis.com https://www.gstatic.com https://*.consentmanager.net; font-src 'self' https://fonts.gstatic.com; img-src data: 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.facebook.com https://*.google.com https://*.openstreetmap.org https://*.gstatic.com https://i.ytimg.com; frame-src https://www.youtube-nocookie.com https://ct.pinterest.com https://form.typeform.com https://widget.trustpilot.com https://www.facebook.com; media-src 'self' blob:; worker-src  'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net *.onetrust.com js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://images.unsplash.com *.ctfassets.net *.arvesta.eu *.google.be *.adnxs.com *.bing.com *.gstatic.com *.googleapis.com *.cookielaw.org *.facebook.com *.clarity.ms *.onetrust.com https://www.mollie.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com *.hotjar.com *.googleoptimize.com *.bing.com *.facebook.net *.adnxs.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.clarity.ms *.googleapis.com *.npmcdn.com *.convertexperiments.com *.cookielaw.org *.onetrust.com *.voyado.com js.mollie.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.typekit.net *.npmcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com *.cookielaw.org *.doubleclick.net *.clarity.ms gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.googleapis.com *.npmcdn.com *.hotjar.com *.onetrust.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' blob ; font-src 'self' https: data: ; img-src 'self' https: data: blob: ; media-src 'self' https: blob: ; worker-src 'self' https: blob: ; connect-src 'self'  https: ; object-src 'none'  https: ; frame-ancestors 'none' https: ; base-uri 'self' ; form-action 'self' ; frame-src 'self' ; report-uri /csp-report; 1
default-src 'nonce-95238d378193624c5ff5363e57db7c16' 'self' https://*.cathaycargo.com; script-src 'nonce-95238d378193624c5ff5363e57db7c16' 'self' blob: 'nonce-0147d02183a5f826f96ae158aa2b033f' 'unsafe-eval' https://analytics.cathaypacific.com https://tags.cathaycargo.com https://tags.tiqcdn.com https://*.qualtrics.com https://www.googletagmanager.com https://js.adsrvr.org https://ad.doubleclick.net https://connect.facebook.net https://api.mapbox.com https://cgocms.cathaypacific.com https://*.jsdelivr.net https://assets.cathaypacific.com https://snap.licdn.com https://www.youtube.com; style-src 'self' api.mapbox.com 'unsafe-inline'; img-src 'self' data: https://metrics.cathaycargo.com https://cm.everesttech.net https://*.googlesyndication.com https://www.facebook.com https://*.qualtrics.com https://px.ads.linkedin.com https://ad.doubleclick.net https://www.googletagmanager.com https://www.google.com https://i.ytimg.com https://connect.facebook.net https://www.googleadservices.com https://*.linkedin.com; connect-src 'self' https://assets.cathaypacific.com https://*.qualtrics.com https://insight.adsrvr.org https://www.google.com https://ad.doubleclick.net https://dpm.demdex.net https://*.cathaycargo.com https://www.facebook.com https://*.px-cloud.net https://*.px-cdn.net https://*.mapbox.com https://*.akamaihd.net https://api.cathaypacific.com https://px.ads.linkedin.com https://*.akstat.io https://pagead2.googlesyndication.com https://www.googleadservices.com https://collector-pxstetiejf.pxchk.net https://www.googletagmanager.com; font-src 'self' data:; worker-src 'self' chrome blob:; frame-src 'self' https://13315781.fls.doubleclick.net https://asiamiles.demdex.net https://*.adsrvr.org https://cgocms.cathaypacific.com https://cathaypacific.eu.qualtrics.com https://www.youtube.com https://login.microsoftonline.com; frame-ancestors 'self'; 1
script-src 'nonce-49443e810a57685e5c75574359e9d71b186c52e0b4e8863a3971d7fcc3f17a74' assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com www.xtento.com cdn.xtento.com secure.payu.com secure.snd.payu.com https://cdnjs.cloudflare.com *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl *.facebook.net *.allekurier.pl *.hsforms.net *.hsforms.com *.gstatic.com 'self' *.trustpilot.com 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8=' 'sha256-F20iqiqGicuuiFlhCPv0sBKJFT9sCplzelbf57o8GsI=' 'sha256-syV/eNOnvdKZkC4mI0Qgl6a+j1+UDhVcxAdH9K2eMUw='; style-src *.adobe.com fonts.googleapis.com *.autopay.eu *.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline' *.trustpilot.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu www.xtento.com cdn.xtento.com static.payu.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.przelewy24.pl gstatic.com puccini.pl *.puccini.pl puccini.cz *.puccini.cz puccini.hu *.puccini.hu puccini.ro *.puccini.ro puccini.sk *.puccini.sk puccini.ua *.puccini.ua *.allekurier.pl *.wittchen.com *.hsforms.net *.hsforms.com 'self' data: 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com secure.payu.com merch-prod.snd.payu.com *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self'; media-src *.adobe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com pay.google.com play.google.com *.autopay.eu www.xtento.com secure.payu.com merch-prod.snd.payu.com *.dhl.pl *.dhl24.com.pl *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * apm.przelewy24.pl *.googletagmanager.com 'self' *.trustpilot.com; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: 'self'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self'; frame-ancestors pay.google.com; object-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-S9YT3N6VVtBxc_DmgBiSRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; report-to https://652d4e11b6167cf8f68c6359.endpoint.csper.io/?v=0;; report-uri https://652d4e11b6167cf8f68c6359.endpoint.csper.io/?v=0;; 1
font-src fonts.gstatic.com use.typekit.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.cloudflare.com *.typekit.net *.trustedshops.com *.similarinc.com *.zipmoney.com.au *.zendesk.com *.bootstrapcdn.com p-a.io *.particularaudience.com *.digidirect.com.au images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.zipmoney.com.au *.digidirect.com.au *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app * *.zipmoney.com.au *.digidirect.com.au *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.weltpixel.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.cloudflare.com cdn.klarna.com *.paypal.com s.ytimg.com *.google.com *.facebook.com *.adsrvr.org *.google.com.ph *.similarinc.com *.cloudfront.net digidirect.zendesk.com *.pinterest.com *.analytics.yahoo.com *.zendesk.com *.gstatic.com *.klarnacdn.net *.facebook.net *.doubleclick.net *.kayweb.com.au p-a.io *.particularaudience.com *.services.qantasloyalty.com *.adobedtm.com *.latitudepayapps.com zip.co bpi.zip.co *.latitudefinancial.com *.google.lk *.digidirect.com.au https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.cloudflare.com maps.googleapis.com *.cloudfront.net *.testfreaks.com *.cfjump.com *.facebook.net *.benchplatform.com *.livechatinc.com *.g.doubleclick.net googletagmanager.com *.adsrvr.org *.studio19.com.au *.particularaudience.com *.srv.stackadapt.com cfjump.digidirect.com.au *.gstatic.com t.cfjump.com settings.luckyorange.net *.similarinc.com *.api.similarinc.com *.zipmoney.com.au *.zip.co *.zdassets.com assets.pinterest.com r3.dotdigital-pages.com api.smooch.io *.klarna.com *.klarnacdn.net *.google.com *.cardinalcommerce.com static.client.cardinaltrusted.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.visitors.live *.wibmo.com *.paypal.cn *.paypalobjects.com *.googleadservices.com *.soreto.com *.kayweb.com.au p-a.io api-recs.particularaudience.com d10lpsik1i8c69.cloudfront.net gtm.js *.connect.studentbeans.com *.studentbeans.com *.instagram.com *.jquery.com *.adobedtm.com *.adobed.com *.latitudefinancial.com *.static.afterpay.com *.latitudepayapps.com *.clarity.ms *.zendesk.com *.digidirect.com utt.impactcdn.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu tags.srv.stackadapt.com *.similarinc.com *.zipmoney.com.au *.gstatic.com *.google.com *.kayweb.com.au *.bootstrapcdn.com p-a.io *.particularaudience.com *.cloudfront.net *.zip.co *.digidirect.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zendesk.com *.kayweb.com.au p-a.io *.particularaudience.com *.services.qantasloyalty.com *.zip.co *.zipmoney.com.au *.digidirect.com.au 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.zendesk.com *.cloudflare.com *.paypal.com t.cfjump.com settings.luckyorange.net *.particularaudience.com stats.g.doubleclick.net *.google-analytics.com tags.srv.stackadapt.com secure.studio19.com.au secure.polygongroup.com.au bam-cell.nr-data.net *.similarinc.com *.api.similarinc.com *.zipmoney.com.au *.visitors.live *.googleapis.com *.zdassets.com digidirect.zendesk.com *.zip.co api.smooch.io *.gstatic.com *.google.com *.klarnacdn.net *.cardinalcommerce.com *.cardinaltrusted.com *.demdex.net *.braintree-api.com *.braintreegateway.com *.wibmo.com *.paypal.cn *.paypalobjects.com *.kayweb.com.au p-a.io *.qantasloyalty.com *.services.qantasloyalty.com api-recs.particularaudience.com d10lpsik1i8c69.cloudfront.net *.static.afterpay.com *.doubleclick.net *.clarity.ms wss://in.visitors.live visitors.live insight.adsrvr.org api-preview.luckyorange.com *.digidirect.com digidirect.pxf.io d.impct.site https://www.eventbriteapi.com https://corsproxy.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com www.google.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.userway.org js.hsforms.net forms.hsforms.com forms-na1.hsforms.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.googletagmanager.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com *.livechatinc.com *.crazyegg.com *.userway.org workforcenow.adp.com js.hsforms.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googletagmanager.com *.userway.org unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com *.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://maps.googleapis.com https://player.vimeo.com *.livechatinc.com *.hubspot.com *.userway.org *.crazyegg.com workforcenow.adp.com js.hsforms.net forms.hsforms.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; frame-src https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com https://login.microsoftonline.com https://secure.aadcdn.microsoftonline-p.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https://planetaryscienceinstitute.kindful.com; frame-ancestors 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.trustedshops.com *.joemerino.com *.google.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.gstatic.com apis.google.com js.mollie.com speedsize.com *.speedsize.com *.cookiebot.com *.easysize.me *.pinterest.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://www.mollie.com https://redchamps.com speedsize.com *.speedsize.com *.cloudflare.com *.klarna.com *.ytimg.com *.usercentrics.eu *.bing.com *.joemerino.com *.google.com *.google.co.in *.clarity.ms *.googletagmanager.com *.pinterest.com *.d1pna5l3xsntoj.cloudfront.net *.trustedshops.com *.popupsmart.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.pinimg.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.gstatic.com js.mollie.com speedsize.com *.speedsize.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.adyen.com *.cookiebot.com *.helloretail.com *.cloudfront.com *.payments-amazon.com  *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es  *.payments-amazon.de *.facebook.com *.pinterest.com *.mollie.com *.sendcloud.sc *.avada.io *.yotpo.com *.etrusted.com *.etrusted.site *.googletagmanager.com *.glinkseclin.com glinkseclin.com *.windows.net *.robinhq.com *.msecnd.net *.easysize.me *.g1980843351.co g1980843351.co *.googleadservices.com *.cloudfront.net *.hotjar.com *.clarity.ms *.bing.com *.pingdom.net geotargetly-api-2.com *.popupsmart.com *.doubleclick.net *.pinimg.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com sc-static.net *.snapchat.com unpkg.com *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com speedsize.com *.speedsize.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.cdn.popupsmart.com *.d1pna5l3xsntoj.cloudfront.net *.adobe.com  https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com speedsize.com *.speedsize.com *.cloudflare.com *.glinkseclin.com wss://glinkseclin.com *.visualstudio.com *.doubleclick.net *.clarity.ms *.pingdom.net *.cookiebot.com *.eu01.nr-data.net *.pinterest.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.joemerino.com/; report-to report-endpoint; 1
connect-src fanatics.live *.fanatics.live stream-io-api.com *.stream-io-api.com 'self' wss: https://os.fanatics.live https://*.fanatics.live *.live-video.net https://websdk.appsflyer.com https://sdk.split.io https://streaming.split.io https://auth.split.io https://events.split.io https://sdk.iad-05.braze.com https://cdn.segment.com https://api.segment.io https://www.googletagmanager.com https://connect.facebook.net https://*.google-analytics.com https://td.doubleclick.net/ https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://us1.browser-intake-datadoghq.com https://us3.browser-intake-datadoghq.com https://us5.browser-intake-datadoghq.com https://datadoghq.com https://*.datadoghq.com https://*.livekit.cloud https://*.cloudfront.net https://*.amazonaws.com/web-prod-assets-0l9t/ https://*.amazonaws.com/web-staging-assets-0l9t/ https://*.amazonaws.com/fl-application-assets/ https://*.amazonaws.com/fl-application-asset/ https://d2wpy28tlhnoxg.cloudfront.net/media_convert https://google.com https://www.google.com/ccm/collect https://*.appsflyer.com https://fanatics.live/api/auth/session https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://ekr.zdassets.com https://fanaticslive.zendesk.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.cookielaw.org/ https://*.onetrust.com https://*.rive.app fonts.googleapis.com *.fonts.googleapis.com marker.io *.marker.io sentry.io *.sentry.io fullstory.com *.fullstory.com stripe.com *.stripe.com tiktok.com *.tiktok.com https://chat-insights.getstream.io; default-src fanatics.live *.fanatics.live fonts.googleapis.com *.fonts.googleapis.com fullstory.com *.fullstory.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com zdassets.com *.zdassets.com stripe.com *.stripe.com stream-io-api.com *.stream-io-api.com sentry.io *.sentry.io marker.io *.marker.io live-video.net *.live-video.net 'self' https://cdn.jsdelivr.net 'unsafe-inline'; font-src https://fonts.gstatic.com/* https://fonts.gstatic.com fanatics.live *.fanatics.live jsdelivr.net *.jsdelivr.net https://cdn.jsdelivr.net; frame-src 'self' https://js.stripe.com/ https://td.doubleclick.net https://www.google.com/ https://odyssey.dev.fanatics.live/ https://odyssey.staging.fanatics.live/ https://odyssey.fanatics.live/ https://www.googletagmanager.com https://use.fontawesome.com https://fonts.googleapis.com https://cdn.appsflyer.com/; frame-ancestors https://docs.fanatics.live https://topps.com https://*.topps.com/ https://*.vercel.app/ https://*.dacwdev.com/ https://*.dacardworld.com/ https://*.wweshop.com/ https://*.wweshop.com https://shop.wwe.com https://*.wwe.com https://ufcstore.com https://*.ufcstore.com https://ufc.com https://*.ufc.com; img-src * blob: 'self' data:; media-src * blob:; script-src 'self' 'sha256-6EL/zz29Q8UFwqahdj1cGAxqbH5Xd+he4QVXaoQno44=' https://cdn.segment.com https://js.stripe.com https://js.appboycdn.com https://sdk.iad-05.braze.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com/recaptcha/ https://*.datadoghq-browser-agent.com https://static.zdassets.com https://pod-29.zendesk.com https://*.fullstory.com https://cdn.cookielaw.org/ https://*.onetrust.com https://analytics.tiktok.com 'unsafe-eval' marker.io *.marker.io live-video.net *.live-video.net fanatics.live *.fanatics.live 'unsafe-inline'; worker-src 'self' blob: https://*.datadoghq.com https://*.datadoghq-browser-agent.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5GZod9tUmNu4qhZLx6rtFPqMIxd2DMnPiskfqm__Lfs-1773712740-1.0.1.1-slYTjyrP19TVBf.ljx4PurXoKWf7xvYL16F.hIoK1.noC7MIKHFXEyMrw3CwrkCgrtKNwWfOqcaab8eX4JPhpBJ6G3R3EuLLbY2DMEXGassaZgLLcT1o9Oi9TzTInW9EbrjGvduce5owHnSdPBbLunzI9gj71z8nf2VBDmcmGxPeSsUkQjNpBKP.XVG3BiJuTvrwV9Qwe1FKIFKm8chxjg; report-to cf-lwunsyofcrjigjxc 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-JEqSCx_ehrMir6JSS3QNNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' https://*.charteredaccountants.ie https://*.realexpayments.com https://*.payandshop.com https://*.digicert.com https://*.zendesk.com https://*.zopim.com https://*.zdassets.com https://*.youtube.com https://googleads.g.doubleclick.net https://*.licdn.com https://*.google-analytics.com https://*.cookiebot.com https://*.fontawesome.com https://*.jsdelivr.net https://*.crazyegg.com https://*.telerikstatic.com https://*.aspnetcdn.com https://*.facebook.net https://*.facebook.com https://*.cloudflare.com https://*.googleapis.com https://*.googletagmanager.com https://*.jquery.com https://*.doubleclick.net https://*.tiktok.com https://*.google.co.uk https://*.google.com https://*.google.ie https://*.googleadservices.com https://*.google.co.in https://*.bootstrapcdn.com https://*.gstatic.com https://charteredaccountantsireland.mediasite.com https://*.linkedin.com 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'none'; base-uri 'self' https://*.charteredaccountants.ie; frame-ancestors 'self' https://*.google.com https://*.charteredaccountants.ie https://*.realexpayments.com https://*.payandshop.com; report-uri https://csp.charteredaccountants.ie/index.php; worker-src blob:; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.oney.io *.staging.oney.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.gelproximity.com *.hipay-tpp.com *.hipay.com *.googleapis.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.openstreetmap.org *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://maps.googleapis.com *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.gelproximity.com *.hipay.com *.hipay-tpp.com https://mpsnare.iesnare.com *.zdassets.com *.zipchat.ai *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.oney.io *.staging.oney.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com *.hipay.com *.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com data: mpsnare.iesnare.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.zendesk.com *.zdassets.com *.zopim.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.openstreetmap.org https://maps.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://UMHEALTHCAREEPICIFRAME-PP-PRTLTST.SPECTRUMRETAILNET.COM https://umhealthcareepiciframe-pp-prtl.spectrumretailnet.com;script-src 'nonce-95f3273dd06e4e28a50e3b50ab348cb0' https://myuhealthchart.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://myuhealthchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.paypal.com *.juicer.io/fonts/ *.fontawesome.com https://fonts.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com *.google.com https://plumrocket.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com *.bootstrapcdn.com *.googleapis.com *.paypal.com *.gstatic.com *.paypalobjects.com *.omtrdc.net magefan.com cm.magefan.com *.google.com *.mageside.com mageside.com *.disqus.com *.juicer.io https://img.youtube.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.bootstrapcdn.com *.googleapis.com www.google.com *.paypal.com *.gstatic.com chimpstatic.com freegeoip.net *.ipstack.com *.google.com *.disqus.com *.juicer.io/embed.js cdn.jsdelivr.net services.sheerid.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.bootstrapcdn.com *.googleapis.com *.paypal.com *.gstatic.com *.juicer.io/embed.css cdn.jsdelivr.net *.fontawesome.com https://fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.juicer.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.oct8ne.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com https://layer.accelasearch.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com localhost:* *.motive.co *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.conforama.it *.flipsnack.com *.facebook.com *.klarna.com js.mollie.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://td.doubleclick.net/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.cdninstagram.com *.googleapis.com https://maps.gstatic.com/ *.avis-verifies.com *.facebook.com https://*.google.com *.google.it *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.mollie.com *.motive.co *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://conforama.b-cdn.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.iubenda.com *.zdassets.com *.youtube.com *.facebook.com *.facebook.net *.newrelic.com *.nr-data.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io js.mollie.com *.motive.co *.oct8ne.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://analytics.tiktok.com/ https://widgets.rr.skeepers.io/ https://ehatec.quest/ https://*.googletagmanager.com https://*.accelasearch.io https://svc11.accelasearch.io https://*.g.doubleclick.net https://layer.accelasearch.io/ https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.iubenda.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://layer.accelasearch.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.googleapis.com *.zendesk.com *.zdassets.com *.iubenda.com *.doubleclick.net *.nr-data.net *.newrelic.com *.demdex.net *.aptrinsic.com *.klarnaevt.com *.klarnaservices.com https://get.geojs.io *.avada.io *.motive.co *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.amazon.com https://analytics.tiktok.com/ https://pilotech.store/ https://*.accelasearch.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src 'self' https://js.qualified.com https://js.chilipiper.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://unpkg.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api.qualified.com https://js.qualified.com https://api.chilipiper.com https://*.hubspot.com https://*.hubapi.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src https://*.hubspot.com https://js.chilipiper.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-8WiFGg6yluUIBW7_Bo_x_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kj2yg-oE2swT-U0o4XGr8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src 'self'; font-src www.paypalobjects.com 'self' data: fonts.gstatic.com *.gstatic.com 'self' data: *.varify.io data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ 'self' *.jotform.com *.weltpixel.com *.google.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tokenization.secure.payone.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.trustpilot.com *.criteo.com *.criteo.net *.facebook.com *.online-metrix.net *.scratcher.io *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' *.online-metrix.net ake-e2ee.s3.amazonaws.com render.barcodes.systems https://images.unsplash.com https://www.magezon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com *.hsforms.net *.hsforms.com 'self' data: *.consentmanager.net *.contentsquare.net *.criteo.com *.criteo.net *.emarsys.net *.facebook.net *.ggpht.com *.jotform.com *.scratcher.io *.trustpilot.com *.trustpilot.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' www.google.de zldqcc.dodenhof.de; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' *.online-metrix.net *.scarabresearch.com https://maps.googleapis.com https://player.vimeo.com *.google.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tokenization.secure.payone.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.hsforms.net *.hsforms.com *.gstatic.com *.trustpilot.com https://browser.sentry-cdn.com *.baqend.com *.consentmanager.net *.contentsquare.com *.contentsquare.net *.criteo.com d5yoctgpv4cpx.cloudfront.net *.jotform.com *.pay1.de *.scratcher.io *.sentry-cdn.com *.tag-monitoring.com *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src d.ratepay.com d.payla.io dr.payla.io src.mastercard.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.typeform.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' *.scarabresearch.com h.online-metrix.net https://maps.googleapis.com https://player.vimeo.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tokenization.secure.payone.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com t.elasticsuite.io *.hsforms.net *.hsforms.com o398721.ingest.sentry.io 127.0.0.1 ake-e2ee.s3.amazonaws.com *.baqend.com *.consentmanager.net *.contentsquare.com *.contentsquare.net *.criteo.com *.emarsys.net *.facebook.com localhost *.online-metrix.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.sentry-cdn.com *.tag-monitoring.com *.trustpilot.com *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' www.google.com; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.googleapis.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri 'self' 'unsafe-inline'; report-uri https://1e8f5bec-f9ea-40a5-b847-cd8990d97b94.sansec.watch/; report-to report-endpoint; 1
default-src 'nonce-e4034336de09d8ca281059c78d9523b3' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src google.com *.google.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com paypal.com *.paypal.com youtube.com *.youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com clickonometrics.pl *.clickonometrics.pl *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com criteo.com *.criteo.com google.com *.google.com google.pl *.google.pl doubleclick.net *.doubleclick.net googletagmanager.com *.googletagmanager.com facebook.com *.facebook.com paypal.com *.paypal.com youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com clickonometrics.pl *.clickonometrics.pl *.google.com/ https://www.youtube.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cookieyes.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com crazyegg.com *.crazyegg.com bing.com *.bing.com bing.net *.bing.net facebook.net *.facebook.net facebook.com *.facebook.com onet.pl *.onet.pl ocdn.eu *.ocdn.eu ceneo.pl *.ceneo.pl tiktok.com *.tiktok.com cdngazeta.pl *.cdngazeta.pl criteo.com *.criteo.com paypal.com *.paypal.com youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com shopdeputy.com *.shopdeputy.com creativecdn.com *.creativecdn.com kk-resources.com *.kk-resources.com clarity.ms *.clarity.ms cloudfront.net *.cloudfront.net edrone.me *.edrone.me google.com *.google.com google.pl *.google.pl googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net clickonometrics.pl *.clickonometrics.pl https://www.magezon.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com cookieyes.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com crazyegg.com *.crazyegg.com bing.com *.bing.com bing.net *.bing.net facebook.net *.facebook.net facebook.com *.facebook.com onet.pl *.onet.pl ocdn.eu *.ocdn.eu ceneo.pl *.ceneo.pl tiktok.com *.tiktok.com cdngazeta.pl *.cdngazeta.pl criteo.com *.criteo.com paypal.com *.paypal.com youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com shopdeputy.com *.shopdeputy.com creativecdn.com *.creativecdn.com kk-resources.com *.kk-resources.com clarity.ms *.clarity.ms cloudfront.net *.cloudfront.net edrone.me *.edrone.me google.com *.google.com google.pl *.google.pl googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net clickonometrics.pl *.clickonometrics.pl *.disqus.com *.avada.io *.shopify.com *.google.com/ www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com google.com *.google.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com paypal.com *.paypal.com youtube.com *.youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com clickonometrics.pl *.clickonometrics.pl *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cookieyes.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com crazyegg.com *.crazyegg.com bing.com *.bing.com bing.net *.bing.net facebook.net *.facebook.net facebook.com *.facebook.com onet.pl *.onet.pl ocdn.eu *.ocdn.eu ceneo.pl *.ceneo.pl tiktok.com *.tiktok.com cdngazeta.pl *.cdngazeta.pl criteo.com *.criteo.com paypal.com *.paypal.com youtube.com *.youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync.com magezon.com *.magezon.com shopdeputy.com *.shopdeputy.com creativecdn.com *.creativecdn.com kk-resources.com *.kk-resources.com clarity.ms *.clarity.ms cloudfront.net *.cloudfront.net edrone.me *.edrone.me google.com *.google.com google.pl *.google.pl googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net clickonometrics.pl *.clickonometrics.pl https://get.geojs.io *.avada.io cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src cookieyes.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com crazyegg.com *.crazyegg.com bing.com *.bing.com bing.net *.bing.net facebook.net *.facebook.net facebook.com *.facebook.com onet.pl *.onet.pl ocdn.eu *.ocdn.eu ceneo.pl *.ceneo.pl tiktok.com *.tiktok.com cdngazeta.pl *.cdngazeta.pl criteo.com *.criteo.com paypal.com *.paypal.com youtube.com *.youtube.com wp.pl *.wp.pl id5-sync.com *.id5-sync-com magezon.com *.magezon.com shopdeputy.com *.shopdeputy.com creativecdn.com *.creativecdn.com kk-resources.com *.kk-resources.com clarity.ms *.clarity.ms cloudfront.net *.cloudfront.net edrone.me *.edrone.me google.com *.google.com google.pl *.google.pl googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net clickonometrics.pl *.clickonometrics.pl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com;script-src 'nonce-ac99ea589e1d4097be09776443c0c374' https://az-mychart.franciscanalliance.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://az-mychart.franciscanalliance.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-dQgFMeKUBpOzMmRmrPTmVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' data: https://noembed.com https://www.chatbase.co https://bat.bing.com https://in-automate.brevo.com https://www.facebook.com https://www.googleadservices.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://ad.doubleclick.net https://twebshop.tomas-travel.com https://px.ads.linkedin.com https://analytics.tiktok.com https://cdn.plyr.io https://analytics-ipv6.tiktokw.us https://*.pinterest.com https://*.geneve.com https://*.google.com https://*.google-analytics.com https://*.google.ch https://*.axept.io https://*.clarity.ms https://*.personizely.net; default-src 'self'; font-src 'self' data: https://cdn.scite.ai https://cdn.vev.design https://fonts.gstatic.com https://fonts.axept.io https://assets.personizely.net; frame-src 'self' https://www.chatbase.co https://pay.datatrans.com https://www.google.com https://maps.google.com https://www.youtube-nocookie.com https://data.geneve.com https://www.googletagmanager.com https://ct.pinterest.com; img-src 'self' data: blob: https:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' inline eval https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' inline https://sibautomation.com https://www.chatbase.co https://bat.bing.com https://cdn.brevo.com https://maps.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://pixel.mathtag.com https://twebshop.tomas-travel.com https://connect.facebook.net https://www.youtube.com https://s.pinimg.com https://ct.pinterest.com https://analytics.tiktok.com https://cdn.vev.design https://js.vev.design https://embed.vev.page https://io1.eulerian.net https://static.personizely.net https://*.axept.io https://*.clarity.ms https://*.doubleclick.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://twebshop.tomas-travel.com https://fonts.googleapis.com https://fonts.axept.io; worker-src blob:; report-uri /CspReportLogger.php 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://customer-htr0575wlpdjwirn.cloudflarestream.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.no https://www.myheritage.no  'unsafe-eval' 'nonce-b5efe84bfbd6a909edf9b50e3ad15876' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self';      script-src 'self' *.hubspot.com *.hs-analytics.net *.hs-scripts.com;      connect-src 'self' *.hubspot.com *.hubapi.com;      img-src 'self' *.hs-analytics.net *.hubspotusercontent##.net;      frame-src 'self' *.hubspotvideo.com *.hscollectedforms.net;     style-src 'self' *.hubspotusercontent##.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.jablonet.net https://connect.facebook.net https://requestor.bezpecnostnicentrum.cz https://logbook.jablonet.net https://logbook-dev.jablonet.net https://logbook-stg.jablonet.net https://logbook-val.jablonet.net; report-uri https://files.jablonet.net/security-policy/csp.php; 1
default-src 'self' *.ctfassets.net;img-src data: blob: *;style-src 'self' 'unsafe-inline' *.gstatic.com;font-src 'self' fonts.gstatic.com;media-src 'self' *.ctfassets.net *.gstatic.com;frame-src 'self' *.ctfassets.net *.youtube.com *.ungpd.com;connect-src 'self' *.ctfassets.net *.contentful.com *.swish.nu;object-src 'none';script-src 'self'; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.kueskipay.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.kueskipay.com www.google.com www.gstatic.com apis.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar gnc.com.mx *.gnc.com.mx *.mercadopago.com.mx *.google.com.mx *.bing.com *.clarity.ms https://cdn.aplazo.mx/ assets.instantsearchplus.com *.akamaized.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sandbox.paypal.com *.paypalobjects.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net cdnjs.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.googleapis.com *.gstatic.com *.fontawesome.com player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.getblue.io *.scarabresearch.com *.facebook.net *.appspot.com *.convertexperiments.com *.clarity.ms *.hotjar.com *.zdassets.com *.survicate.com *.recapture.io *.bing.com *.tiktok.com *.zendesk.com wss://widget-mediator.zopim.com/ https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.googleapis.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.cdnfonts.com *.fastsimon.com assets.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.kueskipay.com *.doubleclick.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fastsimon.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com *.clarity.ms *.tiktok.com wss://widget-mediator.zopim.com/ *.hotjar.com *.googleapis.com https://api.aplazo.net https://posbifrost.aplazo.net https://api.aplazo.mx https://posbifrost.aplazo.mx api.instantsearchplus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-EQ8BeLQv-RveeBjkuXbiig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com d1cwup7r903a1d.cloudfront.net https://embed.tawk.to *.gstatic.com https://acsbapp.com https://cdnjs.cloudflare.com/ *.klaviyo.com/ *.smartwaiver.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.criteo.com https://static.criteo.net https://www.xtento.com *.divers-supply.com *.google.com https://cdn.routeapp.io/ *.tawk.to *.smartwaiver.com/ https://smartwaiver.com/ *.enterpriseapplicationdevelopers.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.targetbay.com *.criteo.com *.criteo.net www.xtento.com https://www.catchmarketingservices.com *.divers-supply.com https://targetbay.s3.amazonaws.com https://www.google.co.in *.routeapp.io *.yahoo.com https://criteo-sync.teads.tv https://cm.g.doubleclick.net https://s.ad.smaato.net https://ad.360yield.com https://r.casalemedia.com https://ups.analytics.yahoo.com https://eb2.3lift.com *.adnxs.com https://x.bidswitch.net https://sync-criteo.ads.yieldmo.com https://cdn.aralego.net https://ade.clmbtech.com https://simage2.pubmatic.com https://sync.outbrain.com https://c.bing.com https://exchange.mediavine.com https://idsync.rlcdn.com https://cs.adingo.jp https://adx.dable.io *.socdm.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://ads.stickyadstv.com https://sync.aralego.com https://bat.bing.com https://googleads.g.doubleclick.net *.emxdgt.com/ https://tawk.link https://img-msg.tb-list.com *.googleapis.com *.gstatic.com *.bayengage.com https://acsbapp.com https://cm.adgrx.com/ https://aa.agkn.com/ https://tags.bluekai.com/ https://trends.revcontent.com/ https://jadserve.postrelease.com/ https://i.liadm.com/ https://matching.ivitrack.com/ https://visitor.omnitagjs.com/ https://partner.mediawallahscript.com/ *.amazonaws.com *.tawk.to https://pixel.iceweb.io/ *.yahoo.net https://public-prod-dspcookiematching.dmxleo.com https://c1.adform.net/ https://d3k81ch9hvuctc.cloudfront.net/ *.klaviyo.com/ *.krxd.net/ *.smartwaiver.com/ https://smartwaiver.com/ https://image-msg.tb-list.com/ *.bolt.com/ *.cloudflare.com *.enterpriseapplicationdevelopers.com *.figpii.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page https://polyfill.io/ *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.routeapp.io fonts.googleapis.com *.amplitude.com cdn.jsdelivr.net protect-quote-q.route.com protection-widget.route.com stage-protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net unpkg.com wobs.route.com *.divers-supply.com *.bayengage.com https://www.google-analytics.com https://embed.tawk.to https://acsbapp.com https://acsbap.com *.googleapis.com *.criteo.net *.criteo.com *.targetbay.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net *.bing.com https://route-cdn.s3.amazonaws.com/ https://pixel.iceweb.io/ *.klaviyo.com/ *.smartwaiver.com/ https://smartwaiver.com/ *.enterpriseapplicationdevelopers.com *.figpii.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com d1cwup7r903a1d.cloudfront.net 'self' 'unsafe-inline' https://www.divers-supply.com/ https://embed.tawk.to https://route-cdn.s3.amazonaws.com/ https://cdnjs.cloudflare.com/ *.targetbay.com/ *.klaviyo.com/ *.smartwaiver.com/ https://smartwaiver.com/ *.enterpriseapplicationdevelopers.com *.figpii.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.route.com *.amplitude.com cdn.jsdelivr.net protect-quote-q.route.com protection-widget.route.com stage-protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net unpkg.com wobs.route.com https://www.divers-supply.com *.bayengage.com *.acsbapp.com *.targetbay.com *.tawk.to wss://*.tawk.to *.googleapis.com https://www.google-analytics.com *.criteo.com https://geolocation-db.com/ *.ipapi.com https://acsbapp.com/ *.klaviyo.com/ *.smartwaiver.com/ https://smartwaiver.com/ https://api.rollbar.com/ https://prodregistryv2.org/ https://featureassets.org/ *.enterpriseapplicationdevelopers.com *.figpii.com wss://*.figpii.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.com.tr https://www.myheritage.com.tr  'unsafe-eval' 'nonce-f50e336141700d2c2eff2a82c9ac41c8' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.com.tr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-uB06m90DU_FpsATbiBh-1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.googleusercontent.com *.gstatic.com *.jsdelivr.net *.slant.co unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.2c2p.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.inicis.com *.ipay88.com.my *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.weltpixel.com *.afterpay.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.citibank.com *.ctbcbank.com *.dnp-cdms.jp *.google.com *.inicis.com *.unionpay.com *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ k.kakaocdn.net *.inicis.com *.afterpay.com *.doubleclick.net *.elcompanies.com *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.co www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google.se *.google.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hstatic.net *.naver.com *.thecompanystore.com.sg data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com developers.kakao.com *.kakaocdn.net *.avada.io *.inicis.com *.afterpay.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.inicis.com *.googleapis.com *.gstatic.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com kauth.kakao.com https://get.geojs.io *.avada.io *.inicis.com *.afterpay.com *.doubleclick.net *.google-analytics.com *.googleapis.com www.google.ad www.google.at www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.au www.google.com.bd www.google.com.hk www.google.com.mt www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.co.th www.google.co.za www.google.de www.google.dk www.google.es www.google.fr www.google.ie www.google.it www.google.nl *.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://36b1ddb8-f3d2-4d2f-8889-d8ced8400535.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-nfBgA0QiPqR6b6XdnPp2Rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: code.jquery.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.google.com www.google.cz unpkg.com api.mapy.cz api.mapy.com; block-all-mixed-content; report-uri https://www.mudrc.net/report.php?csp  1
default-src 'self';                       script-src 'report-sample' 'self' 'unsafe-eval' https://googleads.g.doubleclick.net/pagead/viewthroughconversion/823935011/ https://js.monitor.azure.com/scripts/b/ai.2.min.js https://player.vimeo.com/api/player.js https://www.clarity.ms https://www.googletagmanager.com/gtm.js;                       script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/player.js https://f.vimeocdn.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.clarity.ms https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/recaptcha/releases/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/;                       style-src 'report-sample' 'self' 'unsafe-inline';                       object-src 'none';                       base-uri 'self';                       connect-src 'self' https://eastus-0.in.applicationinsights.azure.com https://*.clarity.ms https://www.google-analytics.com https://www.google.com https://px.ads.linkedin.com https://www.googleadservice.com/pagead;                       font-src 'self';                       frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://ai.appraisalinstitute.org/ https://embed.podcasts.apple.com/ https://player.vimeo.com/ https://www.google.com/ https://www.youtube.com/;                       img-src 'self' data: https://*.appraisalinstitute.org https://dummyimage.com https://placedog.net https://via.placeholder.com https://*.clarity.ms https://www.google.com https://www.googletagmanager.com https://appraisalinstitute-org-authoring-2023.azurewebsites.net https://px.ads.linkedin.com https://*.bing.com;                       manifest-src 'self';                       media-src 'self';                       worker-src 'none';                       frame-ancestors 'self'  https://appraisal-org-local-2023.bluemod.me/ https://appraisal-cms-local-2023.bluemod.me/                        https://appraisal-org-dev-2023.bluemod.us/ https://appraisal-cms-dev-2023.bluemod.us/                       https://appraisal-org-test-2023.bluemod.us/ https://appraisal-cms-test-2023.bluemod.us/                       https://appraisalinstitute-org-authoring-2023.azurewebsites.net/ https://appraisalinstitute-cms-authoring-2023.azurewebsites.net/                       https://www.appraisalinstitute.org/ https://appraisalinstitute-cms-prod-2023.azurewebsites.net/; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.com.ua https://www.myheritage.com.ua  'unsafe-eval' 'nonce-93b4db6b8dc3c1c87aac6d9db1ab2282' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.com.ua;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 1
object-src 'none'; script-src 'self' https://fonts.googleapis.com cdn.jsdelivr.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' cdn.jsdelivr.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-9_6CpQWkbwQlB8zO71LaYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri /_csp/report-uri; report-to csp-endpoint; default-src 'self'; script-src 'report-sample' 'unsafe-inline' vk.com *.yandex.ru *.yandex.net *.carrotquest.app *.amocrm.ru 'nonce-DLWNypWsjJdZ4pEV2wp2DY7UwEs5f1ZP'; style-src 'report-sample' 'self' 'unsafe-inline' 'nonce-DLWNypWsjJdZ4pEV2wp2DY7UwEs5f1ZP'; connect-src wss://rts-v2.carrotquest.app *.amocrm.ru; object-src 'none'; worker-src 'none'; base-uri 'none'; block-all-mixed-content; require-trusted-types-for 'script' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-8TAEd6MX1CNuBmRWPiKf3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'   plausible.io   *.bing.com   *.boomtrain.com   *.callrail.com   *.cdn.digitaloceanspaces.com   *.cloudflare.com   *.cloudflareinsights.com   *.cookielaw.org   *.crazyegg.com   *.derbysoftsec.com   *.doubleclick.net   *.facebook.net   *.gstatic.com   *.google-analytics.com   *.google.com   *.googleadservices.com   *.googleapis.com   *.googletagmanager.com   *.quantcount.com   *.quantserve.com   *.rezync.com   *.rfihub.net   *.sojern.com   *.stackadapt.com   *.stripe.com   *.tiqcdn.com   *.azds.com   *.qvdt3feo.com   *.pendry.com;  script-src-elem 'self' 'unsafe-inline'   plausible.io   *.bing.com   *.boomtrain.com   *.callrail.com   *.cdn.digitaloceanspaces.com   *.cloudflare.com   *.cloudflareinsights.com   *.cookielaw.org   *.crazyegg.com   *.derbysoftsec.com   *.doubleclick.net   *.facebook.net   *.gstatic.com   *.google-analytics.com   *.google.com   *.googleadservices.com   *.googleapis.com   *.googletagmanager.com   *.quantcount.com   *.quantserve.com   *.rezync.com   *.rfihub.net   *.sojern.com   *.stackadapt.com   *.stripe.com   *.storage.googleapis.com   *.tiqcdn.com   *.azds.com   *.acumbamail.com   *.threatspike.com   *.acumbamail.com   *.tms-plugins.com   *.sc-static.net   *.googlesyndication.com   *.infird.com   *.pendry.com   blob:;  connect-src 'self'   *.azds.com   *.boomtrain.com   *.callrail.com   *.cookielaw.org   *.crazyegg.com   *.doubleclick.net   *.facebook.com   *.g.doubleclick.net   *.google-analytics.com   google.com   *.google.com   *.googleadservices.com   *.googletagmanager.com   *.googleapis.com   *.google.com.mx   *.google.pl   *.google.ca   *.onetrust.com   *.sojern.com   *.stackadapt.com   *.tiqcdn.com   *.myhotelshop.de   *.awsapprunner.com   *.run.app   *.letsway.com   *.bing.com   *.bing.net   *.googlesyndication.com   *.quantcount.com   *.quantserve.com   plausible.io   *.emlsend.com   *.yoast.com   *.cloudfront.net   *.launchdarkly.com   *.overbridgenet.com   *.geoedge.com   *.dreamsadnetwork.com   *.pendry.com;  frame-src 'self'   *.doubleclick.net   *.facebook.com   *.googletagmanager.com   *.google.com   *.pcibooking.net   *.rfihub.net   *.rfihub.com   *.sojern.com   *.stripe.com   *.azds.com   *.techloq.com   *.ibosscloud.com   *.wikimedia.org   *.zscalerthree.net   *.zscaler.net   visitingmedia.com   *.vimeo.com   *.formcrafts.com   *.menlosecurity.com   *.dadco.com   *..dpisd.org   *.linewize.net   *.pendry.com   blob:;  img-src * data: blob:; font-src * data:; media-src * 'self' data:; manifest-src * 'self'; style-src * 'unsafe-inline' data:; worker-src 'self' blob:;  report-uri https://cfe87652b26de6b69f71ed43bef9cf37.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https://stats.codepoints.net:443; img-src 'self' data: https://stats.codepoints.net:443; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://stats.codepoints.net:443; font-src 'self'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com;script-src 'nonce-59b52e9c200145a1a4600805e059b646' https://myuthealthhouston.org 'self' https://hcaptcha.uth.edu https://hcaptchatest.uth.edu;img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://myuthealthhouston.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com secure.payu.com merch-prod.snd.payu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *; img-src 'self' *.cookiebot.com *.openstreetmap.org *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com static.payu.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://integrations.etrusted.com; script-src 'self' *.cookiebot.com 'unsafe-eval' 'unsafe-inline' *.openstreetmap.org *.makalu.com.pl *.paynow.pl assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com secure.payu.com secure.snd.payu.com *.snrbox.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com 'nonce-c2NuZGFzcHh5MnU2NjM4NDM1cHE4NHR1b3J1eDNqdmg=' 'nonce-M210bzVwdXF2ZDhlZTQxcjc2a2IyN2k4a2g2MDVvdXE=' 'nonce-MDNxeHBxazE5YXkxbDJxZDBvZnhqdnhtMGF4MGR1NGg=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.makalu.com.pl *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.snrcdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com https://widgets.trustedshops.com https://integrations.etrusted.com; object-src 'self' 'unsafe-eval'; media-src 'self' *.adobe.com; manifest-src 'self' 'unsafe-inline'; connect-src 'self' *.cookiebot.com 'unsafe-inline' *.openstreetmap.org *.makalu.com.pl *.google.pl dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com secure.payu.com merch-prod.snd.payu.com *.snrbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustedshops.com *.etrusted.com; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.googleapis.com; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.fontawesome.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.akamaihd.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.facebook.com *.google.com *.list-manage.com *.americanexpress.com *.cartasi.it *.nexi.it 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com *.sharethis.com js.mollie.com *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.hotjar.com *.cartasi.it *.nexi.it 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.sharethis.com *.googleapis.com *.feedaty.com https://images.unsplash.com https://www.mollie.com *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com *.signifyd.com *.e.aa.online-metrix.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.ytimg.com *.facebook.net *.akamaihd.net *.photorank.me *.zoorate.com *.nomination.com *.bing.com *.livehelp.it *.doubleclick.net *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.sharethis.com *.googleapis.com *.gstatic.com *.feedaty.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com *.iubenda.com *.googletagmanager.com *.chimpstatic.com chimpstatic.com *.doofinder.com *.signifyd.com *.livechatinc.com *.facebook.net *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.googleadservices.com *.google-analytics.com *.jsdelivr.net *.moatads.com *.addthisedge.com *.pinterest.com smct.co *.smct.co smct.io *.smct.io *.akamaihd.net *.zoorate.com *.cloudflare.com *.bing.com *.hotjar.com *.doubleclick.net *.livehelp.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ *.sharethis.com *.feedaty.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.zoorate.com *.akamaihd.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com *.sharethis.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.feedaty.com https://maps.googleapis.com https://player.vimeo.com *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.livechatinc.com *.addthis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.akamaihd.net *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.linkedin.com linkedin.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com 'self'; frame-src bid.g.doubleclick.net youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com landofcoder.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.hotjar.com *.google.com www.facebook.com www.linkedin.com linkedin.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com youtube.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com t.paypal.com www.google-analytics.com www.paypal.com www.paypalobjects.com px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com www.facebook.com master-7rqtwti-mnyjem72y4b5c.eu-5.magentosite.cloud img.youtube.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ landofcoder.com *.disqus.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com js.braintreegateway.com t.paypal.com video.google.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com google.com www.google.com gstatic.com www.gstatic.com *.googleapis.com *.hotjar.com *.fontawesome.com connect.facebook.net apis.google.com www.linkedin.com linkedin.com platform.linkedin.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.googleapis.com *.gstatic.com *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com landofcoder.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.fontawesome.com www.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.clickdimensions.com *.permaleads.ch *.mouseflow.com *.smart-business-intuition.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.hotjar.com *.yotpo.com *.googleapis.com *.gstatic.com *.wistia.com *.zip.co *.rakuten.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com js.stripe.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.getbread.com *.breadpayments.com *.rbcpayplan.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.accuquilt.com *.hotjar.com *.bounceexchange.com *.wistia.net *.twitter.com *.duosecurity.com *.doubleclick.net *.kaptcha.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.yotpo.com *.paypalobjects.com *.facebook.com vimeo.com localhost *.pinterest.com *.google.com *.googletagmanager.com google.com *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.getbread.com *.breadpayments.com *.rbcpayplan.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.visualwebsiteoptimizer.com *.bing.com *.locker2.com *.accuquilt.com *.pippio.com *.bouncex.net *.bounceexchange.com *.datatables.net e-accuquilt.com *.google.com.vn *.disqus.com https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.gstatic.com *.gstatic.com *.yotpo.com *.googleapis.com www.google.com.cy www.google.co.id *.listrakbi.com www.google.com.co www.google.com.bh www.google.com.tw www.google.com.om *.espssl.com www.google.tn www.google.tt www.google.com.sg *.facebook.com www.google.nl www.google.co.in www.google.ge www.google.by www.google.lk *.bing.net www.google.ad www.google.at www.google.ro *.googleusercontent.com www.google.no www.google.rs www.google.com.sv www.google.ie www.google.co.ke www.google.hr www.google.com.pa www.google.co.ve www.google.ae google.com www.google.pl www.google.com.fj www.google.com.tr www.google.com.kw www.google.dk www.google.com.uy www.google.pt www.google.se www.google.mg *.imgur.com www.google.com.pe www.google.be www.google.co.il www.google.com.mx www.google.mu www.google.hn sharethis.com www.google.ru www.google.jo www.google.co.cr *.rakuten.com www.google.it www.google.com.et www.google.ch www.google.ee www.google.com.py www.google.hu www.google.co.ao *.paypalobjects.com *.google.com www.google.com.pr www.google.ca www.google.com.cu www.google.com.na www.google.sn www.google.com.mm www.google.md www.google.co.jp www.google.sr www.google.am www.google.de www.google.cl www.google.im *.doubleclick.net *.wistia.com www.google.com.ni www.google.es www.google.co.za www.google.lt www.google.is www.google.co.nz www.google.com.bz www.google.lu www.google.co.uk www.google.com.do www.google.co.zw www.google.com.eg www.google.com.gt www.google.co.ma www.google.com.br www.google.com.jm www.google.com.bd www.google.fi www.google.sk *.twitter.com www.google.kz www.google.com.ph www.google.je www.google.com.au www.google.si www.google.bs *.pinterest.com www.google.ba *.nexcesscdn.net www.google.co.ck *.adelixir.com www.google.com.kh www.google.com.sa www.google.cz www.google.co.th www.google.co.kr www.google.dz www.google.ps www.google.com.hk www.google.co.vi www.google.com.ua www.google.com.af www.google.com.ar www.google.com.gh www.google.bg www.google.com.my www.google.com.pk www.google.gr www.google.fr www.google.com.ng *.useinsider.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.stripe.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kaptcha.com *.referralcandy.com *.hotjar.com *.bing.com *.visualwebsiteoptimizer.com *.bounceexchange.com *.datatables.net *.yottaa.com *.attn.tv *.noibu.com *.cloudfront.net *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com *.listrakbi.com *.googleapis.com *.wistia.com *.google.com *.pinterest.com *.vimeo.com *.doubleclick.net localhost *.adelixir.com *.cloudflare.com *.convertexperiments.com *.twitter.com *.zdassets.com *.googletagmanager.com *.facebook.net *.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.bounceexchange.com *.datatables.net tagmanager.google.com *.yotpo.com *.googleapis.com *.listrakbi.com *.googletagmanager.com *.nexcesscdn.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.wistia.com *.bing.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.getbread.com *.breadpayments.com *.rbcpayplan.com thm.visa.com *.kaptcha.com *.bouncex.net *.hotjar.com *.bing.com *.doubleclick.net *.noibu.com *.bounceexchange.com *.googleapis.com *.yottaa.net *.attn.tv google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.yotpo.com www.google.cz *.listrakbi.com www.google.com.pr www.google.com.bd www.google.ee *.cloudflare.com www.google.co.ao localhost www.google.com.gt *.wistia.com www.google.com.gh www.google.com.ar www.google.co.zw www.google.ae www.google.gr *.google.com www.google.com.ni www.google.ro www.google.es www.google.com.jm www.google.at www.google.com.pk www.google.bs www.google.se www.google.pl www.google.com.hk *.facebook.com www.google.ie www.google.com.vn www.google.de www.google.mu www.google.co.ve www.google.lk www.google.sn www.google.co.za www.google.co.kr www.google.kz www.google.fi *.bing.net www.google.cl www.google.com.pa www.google.be www.google.dz www.google.co.cr www.google.co.ke www.google.ba www.google.co.nz www.google.nl www.google.ch www.google.com.bz www.google.com.cu www.google.bg www.google.hn www.google.pt www.google.rs www.google.hu www.google.com.mx www.google.com.kh www.google.com.ua www.google.co.il *.convertexperiments.com www.google.co.uk www.google.fr www.google.co.in www.google.ps www.google.co.jp www.google.com.br www.google.no www.google.com.tw www.google.je *.listrak.com www.google.com.pe www.google.com.kw www.google.dk www.google.com.tr www.google.hr www.google.com.au www.google.ru www.google.com.et www.google.sk www.google.com.sa www.google.ca *.breadgateway.net www.google.com.sg www.google.com.eg www.google.co.id www.google.it www.google.com.af www.google.co.vi www.google.is www.google.com.do www.google.co.th www.google.com.ng www.google.com.ph www.google.co.ma www.google.com.cy www.google.com.co www.google.com.my www.google.si 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://75377fd6-3893-4bc0-8153-38484baaccb0.sansec.watch/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.bootstrapcdn.com *.hsappstatic.net *.ivaws.com *.ravecapture.com s3.amazonaws.com trustspot-app-assets.s3.amazonaws.com trustspot.io https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.attn.tv *.bing.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.livechatinc.com *.opendns.com *.paypalobjects.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com https://aheadworks.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.attentivemobile.com *.attn.tv *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.googletagmanager.com *.imgix.net *.ivaws.com *.paypalobjects.com *.ravecapture.com *.trustspot.io *.ytimg.com ravecapture-app-assets.s3.amazonaws.com s3.amazonaws.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tn https://connect.facebook.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://firebasestorage.googleapis.com guarantee-cdn.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com *.affirm.com *.affirm.ca https://cdn.attn.tv https://events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net *.addthis.com *.algolia.net *.algolianet.com *.attn.tv *.authorize.net *.bing.com *.doubleclick.net *.facebook.net *.fullstory.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.livechatinc.com *.paypal.com *.ravecapture.com trustspot.io https://hogworkz.com https://static-tracking.klaviyo.com https://app.ravecapture.com https://hogworkz.attn.tv https://js-agent.newrelic.com https://bam.nr-data.net widget.freshworks.com m2epro.freshdesk.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com *.cloudflare.com guarantee-cdn.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net *.bootstrapcdn.com *.gstatic.com *.klaviyo.com *.ravecapture.com s3.amazonaws.com trustspot.io widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.googleapis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.attentivemobile.com *.authorize.net *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.googleadservices.com *.googletagmanager.com *.imgix.net *.klaviyo.com *.livechatinc.com *.ravecapture.com ravecapture-app-assets.s3.amazonaws.com trustspot.io www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn https://events.attentivemobile.com https://bam.nr-data.net https://hogworkz.com widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rlr-9kVskhEUA4aH_EtdqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://ajax.googleapis.com https://forms.apsisforms.com https://snap.licdn.com https://consent.cookiebot.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com https://px.ads.linkedin.com https://consentcdn.cookiebot.com; frame-src 'self' https://www.google.com https://consentcdn.cookiebot.com https://*.hubspot.com https://www.googletagmanager.com; frame-ancestors 'self'; 1
base-uri 'self'; connect-src 'self' https://cms.mirka.com https://img.mirka.com https://*.applicationinsights.azure.com https://js.monitor.azure.com/scripts/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://edge.fullstory.com https://rs.fullstory.com https://www.googletagmanager.com *.google-analytics.com https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps_api_js_slo/log https://smc-lp.s4hana.ondemand.com https://api.mavenoid.com/api/graphql https://plausible.io/api/event https://www.google.com/ccm/ https://pagead2.googlesyndication.com https://www.google.com/pagead/ https://px.ads.linkedin.com https://www.googleadservices.com https://facebook.com https://www.facebook.com https://sdk.fra-02.braze.eu https://klear.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us; frame-ancestors 'self' https://cms.mirka.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://mirka.paperturn-view.com https://www.paperturn-view.com https://www.paperturn.com https://player.bilibili.com https://www.googletagmanager.com https://www.facebook.com https://open.spotify.com/; object-src 'none'; worker-src 'self'; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-Wtv0G6kAgU34PNWmL4DFwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; default-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; report-to csp-endpoint; report-uri https://sentry.nadapada.net/api/136/security/?sentry_key=7d3cea7bc0a6a8fb9a3fc5fe14a1ee02&sentry_environment=production; worker-src 'self' blob:; connect-src 'self' blob: data: https://analytics.google.com https://analytics.talentbrew.io https://content.hotjar.io https://google-analytics.com https://maps.googleapis.com https://*.werkenbijdefensie.nl https://overbridgenet.com https://p.typekit.net https://pagead2.googlesyndication.com https://pulse.werkenbijdefensie.nl https://region1.analytics.google.com https://region1.google-analytics.com https://sentry.nadapada.net/api/136/ https://stats.g.doubleclick.net https://use.typekit.net https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zq https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gh https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.ph https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googleadservices.com wss://ws.hotjar.com ; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/af/494550/0000000000000000774b907b/30/ ; frame-src 'self' https://c1.adform.net https://links.intractive.app https://track.adform.net https://web.intractive.app https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://login.werkenbijdefensie.nl ; img-src 'self' data: blob: https://analytics.talentbrew.io https://fonts.gstatic.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://media.werkenbijdefensie.nl https://pagead2.googlesyndication.com https://server.seadform.net https://stats.g.doubleclick.net https://translate.google.com https://www.google-analytics.com https://www.google.ad/ads/ https://www.google.ae/ads/ https://www.google.al/ads/ https://www.google.am/ads/ https://www.google.as/ads/ https://www.google.at/ads/ https://www.google.az/ads/ https://www.google.ba/ads/ https://www.google.be/ads/ https://www.google.bf/ads/ https://www.google.bg/ads/ https://www.google.bi/ads/ https://www.google.bj/ads/ https://www.google.bs/ads/ https://www.google.bt/ads/ https://www.google.by/ads/ https://www.google.ca/ads/ https://www.google.cat/ads/ https://www.google.cd/ads/ https://www.google.cf/ads/ https://www.google.cg/ads/ https://www.google.ch/ads/ https://www.google.ci/ads/ https://www.google.cl/ads/ https://www.google.cm/ads/ https://www.google.cn/ads/ https://www.google.co.ao/ads/ https://www.google.co.bw/ads/ https://www.google.co.ck/ads/ https://www.google.co.cr/ads/ https://www.google.co.id/ads/ https://www.google.co.il/ads/ https://www.google.co.in/ads/ https://www.google.co.jp/ads/ https://www.google.co.ke/ads/ https://www.google.co.kr/ads/ https://www.google.co.ls/ads/ https://www.google.co.ma/ads/ https://www.google.co.mz/ads/ https://www.google.co.nz/ads/ https://www.google.co.th/ads/ https://www.google.co.tz/ads/ https://www.google.co.ug/ads/ https://www.google.co.uk/ads/ https://www.google.co.uz/ads/ https://www.google.co.ve/ads/ https://www.google.co.vi/ads/ https://www.google.co.za/ads/ https://www.google.co.zm/ads/ https://www.google.co.zw/ads/ https://www.google.com/ads/ https://www.google.com.af/ads/ https://www.google.com.ag/ads/ https://www.google.com.ar/ads/ https://www.google.com.au/ads/ https://www.google.com.bd/ads/ https://www.google.com.bh/ads/ https://www.google.com.bn/ads/ https://www.google.com.bo/ads/ https://www.google.com.br/ads/ https://www.google.com.bz/ads/ https://www.google.com.co/ads/ https://www.google.com.cu/ads/ https://www.google.com.cy/ads/ https://www.google.com.do/ads/ https://www.google.com.ec/ads/ https://www.google.com.eg/ads/ https://www.google.com.et/ads/ https://www.google.com.fj/ads/ https://www.google.com.gh/ads/ https://www.google.com.gi/ads/ https://www.google.com.gt/ads/ https://www.google.com.hk/ads/ https://www.google.com.jm/ads/ https://www.google.com.kh/ads/ https://www.google.com.kw/ads/ https://www.google.com.lb/ads/ https://www.google.com.ly/ads/ https://www.google.com.mm/ads/ https://www.google.com.mt/ads/ https://www.google.com.mx/ads/ https://www.google.com.my/ads/ https://www.google.com.na/ads/ https://www.google.com.ng/ads/ https://www.google.com.ni/ads/ https://www.google.com.np/ads/ https://www.google.com.om/ads/ https://www.google.com.pa/ads/ https://www.google.com.pe/ads/ https://www.google.com.pg/ads/ https://www.google.com.ph/ads/ https://www.google.com.pk/ads/ https://www.google.com.pr/ads/ https://www.google.com.py/ads/ https://www.google.com.qa/ads/ https://www.google.com.sa/ads/ https://www.google.com.sb/ads/ https://www.google.com.sg/ads/ https://www.google.com.sl/ads/ https://www.google.com.sv/ads/ https://www.google.com.tj/ads/ https://www.google.com.tr/ads/ https://www.google.com.tw/ads/ https://www.google.com.ua/ads/ https://www.google.com.uy/ads/ https://www.google.com.vc/ads/ https://www.google.com.vn/ads/ https://www.google.com/ads/ https://www.google.com/ccm/collect https://www.google.com/pagead/ https://www.google.cv/ads/ https://www.google.cz/ads/ https://www.google.de/ads/ https://www.google.dj/ads/ https://www.google.dk/ads/ https://www.google.dm/ads/ https://www.google.dz/ads/ https://www.google.ee/ads/ https://www.google.es/ads/ https://www.google.fi/ads/ https://www.google.fm/ads/ https://www.google.fr/ads/ https://www.google.ga/ads/ https://www.google.ge/ads/ https://www.google.gg/ads/ https://www.google.gh/ads/ https://www.google.gl/ads/ https://www.google.gm/ads/ https://www.google.gr/ads/ https://www.google.gy/ads/ https://www.google.hn/ads/ https://www.google.hr/ads/ https://www.google.ht/ads/ https://www.google.hu/ads/ https://www.google.ie/ads/ https://www.google.im/ads/ https://www.google.iq/ads/ https://www.google.is/ads/ https://www.google.it/ads/ https://www.google.je/ads/ https://www.google.jo/ads/ https://www.google.kg/ads/ https://www.google.ki/ads/ https://www.google.kz/ads/ https://www.google.la/ads/ https://www.google.li/ads/ https://www.google.lk/ads/ https://www.google.lt/ads/ https://www.google.lu/ads/ https://www.google.lv/ads/ https://www.google.md/ads/ https://www.google.me/ads/ https://www.google.mg/ads/ https://www.google.mk/ads/ https://www.google.ml/ads/ https://www.google.mn/ads/ https://www.google.mu/ads/ https://www.google.mv/ads/ https://www.google.mw/ads/ https://www.google.ne/ads/ https://www.google.nl/ads/ https://www.google.no/ads/ https://www.google.nr/ads/ https://www.google.nu/ads/ https://www.google.ph/ads/ https://www.google.pl/ads/ https://www.google.pn/ads/ https://www.google.ps/ads/ https://www.google.pt/ads/ https://www.google.ro/ads/ https://www.google.rs/ads/ https://www.google.ru/ads/ https://www.google.rw/ads/ https://www.google.sc/ads/ https://www.google.se/ads/ https://www.google.sh/ads/ https://www.google.si/ads/ https://www.google.sk/ads/ https://www.google.sm/ads/ https://www.google.sn/ads/ https://www.google.so/ads/ https://www.google.sr/ads/ https://www.google.st/ads/ https://www.google.td/ads/ https://www.google.tg/ads/ https://www.google.tl/ads/ https://www.google.tm/ads/ https://www.google.tn/ads/ https://www.google.to/ads/ https://www.google.tt/ads/ https://www.google.vu/ads/ https://www.google.ws/ads/ https://www.googleadservices.com https://www.googletagmanager.com ; media-src 'self' https://media.werkenbijdefensie.nl ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://apply.talentbrew.io https://cdn.jsdelivr.net/npm/sockjs-client@1.4.0/dist/sockjs.min.js https://connect.facebook.net https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://s2.adform.net https://sc-static.net/webview-autofill.min.js https://sentry.nadapada.net https://track.adform.net https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.matomo.cloud ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://apply.talentbrew.io https://cdn.jsdelivr.net/npm/sockjs-client@1.4.0/dist/sockjs.min.js https://connect.facebook.net https://embed.intractive.app https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://s2.adform.net https://sc-static.net/webview-autofill.min.js https://script.hotjar.com https://sentry.nadapada.net https://static.hotjar.com https://track.adform.net https://use.typekit.net/rmg6mik.css https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.matomo.cloud ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net/p.css https://use.typekit.net/rmg6mik.css https://www.googletagmanager.com https://www.gstatic.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://spotify.com https://*.spotify.com https://byspotify.com https://*.byspotify.com https://googleusercontent.com https://*.googleusercontent.com https://*.azureedge.net https://*.cookieyes.com https://*.cdn-cookieyes.com https://*.aplazame.com https://*.azurewebsites.net https://*.cetelem.es https://*.clarity.ms https://*.connectif.cloud https://*.cookiebot.com https://*.cube.eu https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://*.sequrapi.com https://*.sequracdn.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.datatables.net https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://openweathermap.org https://cartstack.com https://*.cartstack.com https://metricool.com https://*.metricool.com https://motive.co https://*.motive.co https://klarnaservices.com https://*.klarnaservices.com https://hotjar.com https://*.hotjar.com https://klarnacdn.net https://*.klarnacdn.net https://googlesyndication.com https://*.googlesyndication.com https://google-analytics.com https://*.google-analytics.com https://clippingmagic.com https://*.clippingmagic.com https://intercom.io https://*.intercom.io https://intercomcdn.com https://*.intercomcdn.com https://revi.io https://*.revi.io https://bing.com https://*.bing.com https://cookielaw.org https://*.cookielaw.org https://pinterest.com https://*.pinterest.com https://pinimg.com https://*.pinimg.com https://prestashop3.com https://*.prestashop3.com https://cdn.ampproject.org https://*.cdn.ampproject.org; style-src 'self' 'unsafe-inline' https://*.aplazame.com https://*.azurewebsites.net https://*.cetelem.es https://*.clarity.ms https://*.connectif.cloud https://*.cookiebot.com https://*.cube.eu https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://sequracdn.com https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.datatables.net https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://openweathermap.org https://fontawesome.com https://*.fontawesome.com https://klarnacdn.net https://*.klarnacdn.net https://revi.io https://*.revi.io https://emoji-css.afeld.me https://*.afeld.me; img-src 'self' data: blob: https:; font-src 'self' data: https://*.cdn.office.net https://*.aplazame.com https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.cookiebot.com https://*.cube.eu https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://sequracdn.com https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://openweathermap.org https://gstatic.com https://*.gstatic.com https://fontawesome.com https://*.fontawesome.com https://klarnacdn.net https://*.klarnacdn.net https://account.affilitizer.com https://*.affilitizer.com https://perplexity.ai https://*.perplexity.ai https://goin.cloud https://*.goin.cloud https://wp.com https://*.wp.com; connect-src 'self' data: https://*.fna.fbcdn.net https://instagram.fsvq4-1.fna.fbcdn.net https://iona.nacex.com:8000 https://spotify.com https://*.spotify.com https://byspotify.com https://*.byspotify.com https://googleusercontent.com https://*.googleusercontent.com https://wsg127.com https://*.wsg127.com https://googlesyndication.com https://*.googlesyndication.com https://*.aplazame.com https://*.azurewebsites.net https://*.cetelem.es https://*.clarity.ms https://*.connectif.cloud https://*.cookiebot.com https://*.cube.eu https://*.datatables.net https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.google.* https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://*.sequrapi.com https://*.sequracdn.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://*.mkt.dynamics.com https://*.azureedge.net wss://*.doofinder.com wss://*.oct8ne.com https://motive.co https://*.motive.co https://google-analytics.com https://*.google-analytics.com https://klarnaservices.com https://*.klarnaservices.com https://klarnaevt.com https://*.klarnaevt.com https://klarna.com https://*.klarna.com https://googleadservices.com https://*.googleadservices.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://empathy.co https://*.empathy.co https://intercom.io https://*.intercom.io wss://*.intercom.io https://google.kz https://*.google.kz https://google.be https://*.google.be https://google.com.ar https://*.google.com.ar https://google.com.co https://*.google.com.co https://google.pt https://*.google.pt https://google.cl https://*.google.cl https://google.co.uk https://*.google.co.uk https://klarnacdn.net https://*.klarnacdn.net https://revi.io https://*.revi.io https://bing.com https://*.bing.com https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://pinterest.com https://*.pinterest.com https://bing.net https://*.bing.net https://amplitude.com https://*.amplitude.com https://yoast.com https://*.yoast.com https://cloudfunctions.net https://*.cloudfunctions.net https://blocksly.org https://*.blocksly.org; frame-src 'self' blob: https://motive.co https://*.motive.co https://*.aplazame.com https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://cookiebot.com https://*.cookiebot.com https://*.cube.eu https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://klarna.com https://*.klarna.com https://klarnaservices.com https://*.klarnaservices.com https://prestashop.com https://*.prestashop.com https://revi.io https://*.revi.io https://pinterest.com https://*.pinterest.com https://nacex.es https://*.nacex.es https://div.show https://*.div.show; media-src 'self' data: https://*.cdninstagram.com https://*.fna.fbcdn.net https://*.aplazame.com https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.cookiebot.com https://*.cube.eu https://*.doofinder.com https://*.doubleclick.net https://*.ettrusted.com https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://*.openweathermap.org https://joyeriasanchez.com https://*.joyeriasanchez.com https://*.redsys.es https://*.sentry.io https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.trustedshops.com https://*.trustpilot.com https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://*.googlevideo.com https://fbcdn.net https://*.fbcdn.net; worker-src 'self' blob:; child-src 'self' blob: https://*.oct8ne.com; base-uri 'self'; frame-ancestors 'self' https://playboard.motive.co https://*.motive.co; upgrade-insecure-requests; report-uri https://cspreports.desarrollotrevenque.com/api/csp-report/e50efd4f-695f-4b3e-bd4f-3db3912214c0; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.g.doubleclick.net https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.google.com *.google.com.ar *.googlesyndication.com  *.googleapis.com  *.googletagmanager.com  *.facebook.com blob: https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://desa.infonet.com.py:8035 https://*.bancard.com.py 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.g.doubleclick.net *.googlesyndication.com *.google.com.ar  *.googleadservices.com  *.googleapis.com  *.nr-data.net  *.facebook.net  *.newrelic.com tracker.metricool.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://vpos.infonet.com.py:8888 https://vpos.infonet.com.py 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googlesyndication.com *.g.doubleclick.net  *.googleapis.com  *.nr-data.net  *.facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; frame-src https:; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com www.googletagmanager.com www.youtube.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com connect.facebook.net c.imedia.cz c.seznam.cz translate.google.com www.gstatic.com cdn.voiceflow.com translate-pa.googleapis.com hypedigitaly.github.io api.ipify.org general-runtime.voiceflow.com cm4-production-assets.s3.amazonaws.com translate.googleapis.com region1.google-analytics.com h.seznam.cz tim.abirun.eu www.google-analytics.com quickchart.io extranet.kr-vysocina.cz www.vys-edu.cz kalendar.kr-vysocina.cz utils.hypedigitaly.ai www.ksusv.cz i.ytimg.com *.kr-vysocina.cz ci3.googleusercontent.com ajax.googleapis.com translate.google.com  hypedigitaly.github.io c.imedia.cz cdn.voiceflow.com; report-uri /vismo/csp-reports.asp 1
font-src *.cloudflare.com *.youtube.com *.twitter.com *.gstatic.com *.typekit.net *.mail.ru *.twimg.com *.trustedshops.com *.googleapis.com data: *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.youtube.com *.chatra.io *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.twitter.com *.youtube.com *.yandex.md *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my *.google.com gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.yandex.md *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my *.google.com gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.cloudflare.com *.youtube.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.nr-data.net *.mail.ru *.googletagmanager.com *.bi.owox.com *.google.com *.google.ru *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com vk.com *.maps.yandex.net *.yandex.ru *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.youtube.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.omtrdc.net *.googletagmanager.com *.jsdelivr.net *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com vk.com *.api-maps.yandex.ru *.suggest-maps.yandex.ru *.maps.yandex.net *.yandex.ru https://yastatic.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.youtube.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.youtube.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.mail.ru *.dadata.ru *.demdex.net *.ipify.org *.yandex.ru ymetrica1.com *.bi.owox.com *.google.com *.yandex.md *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com stats.g.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3os6i1ImuyjLsALHdmBmsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fontawesome.com *.googleapis.com *.cloudflare.com *.vimeo.com *.youtube.com *.googletagmanager.com *.ckeditor.com *.google-analytics.com *.newrelic.com *.nr-data.net *.livechatinc.com *.gstatic.com *.gtranslate.net *.google.com; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob:; report-uri /report-csp-violation 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; report-uri /csp-report 1
font-src *.fontawesome.com fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.doubleclick.net www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.googleapis.com maps.gstatic.com guarantee-cdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com get.geojs.io *.cloudflare.com guarantee-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ ; script-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ 'unsafe-inline' 'unsafe-eval' https://unpkg.com/tailwindcss@%5E1.0/ https://unpkg.com/tailwindcss@^1.0/ https://unpkg.com/trix@1.2.3/ https://cdn.jsdelivr.net/jquery/ https://cdn.jsdelivr.net/momentjs/ https://cdn.jsdelivr.net/npm/daterangepicker/ https://cdn.jsdelivr.net/npm/ace-builds@1.43.1/ https://cdn.jsdelivr.net/npm/ace-builds@1.43.3/ https://a.slack-edge.com https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ https://cmp.osano.com https://snippet.maze.co https://challenges.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/ https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://cdn.amplitude.com https://js.stripe.com ; style-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ 'unsafe-inline' https://unpkg.com/tailwindcss@%5E1.0/ https://unpkg.com/tailwindcss@^1.0/ https://unpkg.com/trix@1.2.3/ https://cdn.jsdelivr.net/npm/daterangepicker/ https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com https://static.licdn.com https://a.slack-edge.com https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ https://assets-cdn.maze.co ; img-src * data: blob: ; font-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com https://a.slack-edge.com https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ https://assets-cdn.maze.co https://i.s-microsoft.com/fonts/ ; media-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ data: https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ https://cdn.mycurricula.com ; connect-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ data: blob: https://cdn.plyr.io https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ https://tattle.api.osano.com https://prompts.maze.co https://graph.microsoft.com https://browser-intake-datadoghq.com https://cdn.jsdelivr.net/codemirror.spell-checker/ wss://sat-ws.mycurricula.com https://sr-client-cfg.amplitude.com https://api-sr.amplitude.com https://gs.amplitude.com https://api2.amplitude.com/2/httpapi https://api.eu.amplitude.com/2/httpapi ; worker-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ blob: ; frame-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ https://breach-notice.com https://businessnotice.org https://databoxonline.com https://electronic-hr.com https://emailtransaction.com https://employee-services.org https://feedback-collect.com https://filesharingnow.com https://fraud-assistance.com https://governmentnotice.org https://invite-meeting.com https://mailbox-quota.com https://news-article.com https://notificationservices.org https://passwordsnotification.com https://payment-process.com https://securelinkedin.com https://security-updater.com https://securitynotifications.org https://mycurricula.com https://alerts.mycurricula.com https://phish.mycurricula.com https://t.maze.co https://challenges.cloudflare.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com ; manifest-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ https://s3.amazonaws.com/media.mycurricula.com/ https://media.mycurricula.com.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.mycurricula.com/ https://s3.amazonaws.com/media.aws-cdn/ https://media.aws-cdn.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/media.aws-cdn/ https://s3.amazonaws.com/aware-production/ https://aware-production.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/aware-production/ https://s3.amazonaws.com/curricula-phishing/ https://curricula-phishing.s3.amazonaws.com https://s3.us-east-1.amazonaws.com/curricula-phishing/ ; child-src 'self' https://d2v8pn2kg220hg.cloudfront.net/58a13d15-1c5e-45f7-997f-364a87f4a5e0/ blob: ; report-uri https://mycurricula.com/_/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-gsmcLtpzGAEXiiRk0BCulw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.tiktok.com tiktok.com maxcdn.bootstrapcdn.com *.afterpay.com *.cloudflare.com *.espssl.com *.fontshare.com *.migaku.com *.minnetonkamoccasin.com *.qantas.com *.rakuten.com sc-static.net *.slant.co unpkg.com *.userway.org data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://plumrocket.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com *.tiktok.com https://*.online-metrix.net https://imgs.signifyd.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cudasvc.com *.blockboardtech.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.tiktok.com flagpedia.net https://imgs.signifyd.com https://*.online-metrix.net *.cluepixel.com *.6g2d4pn2yqc42.ent.platform.sh *.adnxs.com *.adsrvr.org *.afterpay.com *.bidswitch.net *.bing.com *.casalemedia.com *.clarity.ms *.cookielaw.org *.criteo.com *.criteo.net *.curalate.com *.doubleclick.net *.espssl.com *.facebook.com *.facebook.net *.ggpht.com *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.tn www.google.tt www.google.vu *.google.com google.com *.googlesyndication.com *.googletagmanager.com id5-sync.com *.listrakbi.com *.minnetonkamoccasin.com *.online-metrix.net *.pinterest.com *.rlcdn.com *.rubiconproject.com *.snapchat.com *.typekit.net *.userway.org *.yotpo.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cudasvc.com *.blockboardtech.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com landofcoder.com https://cdn.jsdelivr.net *.tiktok.com maps.googleapis.com *.googletagmanager.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net https://js.klevu.com *.cluepixel.com *.adobedtm.com *.adobe.net *.afterpay.com *.bing.com *.blackfire.io *.clarity.ms *.cloudflare.com *.cookielaw.org *.criteo.com *.criteo.net *.curalate.com d10lpsik1i8c69.cloudfront.net *.doubleclick.net *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.googlesyndication.com googletagmanager.com *.id5-sync.com *.jsdelivr.net *.klevu.com *.listrakbi.com *.listrak.com localhost *.mczbf.com *.minnetonkamoccasin.com *.nimblecapture.com *.online-metrix.net *.pinimg.com *.pinterest.com sc-static.net *.snapchat.com unpkg.com *.userway.org *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app *.sharethis.com unsafe-inline assets.braintreegateway.com *.cudasvc.com *.blockboardtech.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.tiktok.com tiktok.com maxcdn.bootstrapcdn.com *.gstatic.com https://statsjs.klevu.com https://js.klevu.com *.afterpay.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.listrakbi.com *.minnetonkamoccasin.com *.typekit.net *.userway.org *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.bing.com *.curalate.com *.googleapis.com *.google.com *.gstatic.com *.paypal.com *.userway.org *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src *.tiktok.com tiktok.com *.minnetonkamoccasin.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cudasvc.com *.blockboardtech.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com landofcoder.com *.tiktok.com www.gstatic.com maps.googleapis.com https://imgs.signifyd.com *.cluepixel.com *.adobedc.net *.adobe.net *.adsrvr.org *.amplitude.com *.bing.com *.clarity.ms *.cookielaw.org *.criteo.com *.criteo.net *.curalate.com *.doubleclick.net *.espssl.com *.facebook.com *.googleadservices.com *.google-analytics.com www.google.ca www.google.co.jp www.google.co.kr www.google.com.pk www.google.com.vn www.google.de *.googlesyndication.com *.gstatic.com *.listrakbi.com *.listrak.com localhost *.luckyorange.net *.mczbf.com *.minnetonkamoccasin.com *.nimblecapture.com *.onetrust.com *.pinimg.com *.pinterest.com *.rlcdn.com *.samsung.com sc-static.net *.snapchat.com unpkg.com *.userway.org 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.afterpay.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri *.criteo.com *.doubleclick.net *.google.com *.klevu.com *.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://2d02ba86-f55d-42ab-9b05-087fb2c163a0.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://eastprodcdn.azureedge.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://images.unsplash.com https://bat.bing.net https://eastprodcdn.azureedge.net https://forms.hsforms.com https://cdn.origene.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://track.hubspot.com https://www.bizgeniusapp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com landofcoder.com https://bat.bing.com https://cdn.noibu.com https://d.adroll.com https://eastprodcdn.azureedge.net https://galleryuseastprod.blob.core.windows.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hubspot.com https://s.adroll.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://www.bizgeniusapp.com https://www.clarity.ms https://cdnjs.cloudflare.com https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://eastprodcdn.azureedge.net https://galleryuseastprod.blob.core.windows.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com thm.visa.com https://maps.googleapis.com https://player.vimeo.com landofcoder.com https://api-engagement-us-east.velaro.com https://api-main-us-east.velaro.com https://api-visitor-us-east.velaro.com https://bat.bing.net https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://px.ads.linkedin.com https://u.clarity.ms https://www.bizgeniusapp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5MAuDQ3oA5rECJxt3OeCvLpMgboc.GipgRM9_lVkmpA-1773718104-1.0.1.1-BJYQzY4MQsGUO2gPMNM.xye2BYpcy76zFSJWixFNZeK3qVlHwvLh64NaOQm6dwc90CUqPwcX13ceeSI6kECSARBr8GVd4bRXq3jQXWNIdEn2dCAbwK6fjeUwNm2thYZtYc8FB6LDxnRKNcmhXUixr.Kn7g5WlJZlJatv3kEFwyO8shGs2lwvHNhTHWSOTdlM; report-to cf-csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://parcelshop.dhl.pl/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: *.googleapis.com maps.gstatic.com cdn.thulium.com chat-proxy-service.thulium.com ssl.ceneo.pl www.google.pl ads.trafficjunky.net bat.bing.com media.user.com n69.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com *.googleapis.com cdn.luigisbox.com scripts.luigisbox.com ssl.ceneo.pl cdn.thulium.com unpkg.com cdn.cookiehub.eu n69.user.com www.artfut.com static.trafficjunky.com widget.user.com bat.bing.com *.clickonometrics.pl  luigisbox.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com sandbox-easy-geowidget-sdk.easypack24.net cdn.luigisbox.com cdn.cookiehub.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net n69.pl cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.googleapis.com api.luigisbox.com live.luigisbox.com app.luigisbox.com chat-proxy-service.thulium.com cdn.thulium.com wss://chat-proxy-service.thulium.com stats.g.doubleclick.net googleads.g.doubleclick.net n69.user.com wss://n69.user.com luigisbox.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.clickonometrics.pl  'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://app-script.monsido.com/v2/monsido-script.js https://apps.usw2.pure.cloud/genesys-bootstrap/genesys.min.js https://connect.facebook.net/en_US/fbevents.js https://js.adsrvr.org/up_loader.1.1.0.js https://s.swiftypecdn.com/install/v2/st.js https://sc-static.net/scevent.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://tr.snapchat.com/config/com/f46d0350-ae7f-4886-b620-b497a4d93c9f.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://capidashboard.ialottery.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://10921257.fls.doubleclick.net https://apps.usw2.pure.cloud https://insight.adsrvr.org https://pixel-sync.sitescout.com https://tr.snapchat.com https://www.youtube.com; img-src 'self' https://analytics.twitter.com https://ssl.google-analytics.com https://t.co https://tracking.monsido.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://668597ef014602b312931fd2.endpoint.csper.io/?v=0; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-2luqCV9P1WHc-yUc30aFEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://cdn.jsdelivr.net https://uploads-ssl.webflow.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://api.pledgebox.com https://manage.pledgebox.com https://backer.pledgebox.com; frame-src 'self' https://js.stripe.com https://www.facebook.com; object-src 'none'; base-uri 'self' 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.cz https://www.myheritage.cz  'unsafe-eval' 'nonce-812d626b130dac985be61f8fee00aeff' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.cz;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://maps.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.youtube.com https://www.vimeo.com https://maps.gstatic.com https://maps.googleapis.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.vimeo.com https://vars.hotjar.com/ https://maps.gstatic.com https://maps.googleapis.com *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.disqus.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://r1.trackedweb.net https://services.postcodeanywhere.co.uk https://doore11115.pcapredict.com https://static.trackedweb.net https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com https://www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sentry-cdn.com *.disqus.com https://r1.trackedweb.net https://services.postcodeanywhere.co.uk https://doore11115.pcapredict.com https://static.trackedweb.net https://static.hotjar.com https://r1-t.trackedlink.net https://script.hotjar.com https://assets.adobedtm.com https://maps.gstatic.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com assets.braintreegateway.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk https://fonts.googleapis.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://r1.trackedweb.net https://services.postcodeanywhere.co.uk https://doore11115.pcapredict.com https://static.trackedweb.net https://www.gstatic.com https://static.hotjar.com https://vc.hotjar.io https://in.hotjar.com https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem 'self' 'unsafe-inline' https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js https://static.hotjar.com/c/hotjar-4972391.js https://euassets.gulfoilltd.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.gstatic.com/ https://secure.data-insight365.com/js/265784.js https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-3470892.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://script.hotjar.com/modules.2de3322c0609a6da3702.js https://connect.facebook.net/signals/config/214369947959115 https://secure.data-insight365.com/Track/Capture.aspx https://connect.facebook.net/signals/config/515690463347689 https://script.hotjar.com/modules.cf637fb03b42388e3bf3.js https://script.hotjar.com/browser-perf.33dcc26815d7481e62e8.js https://script.hotjar.com/modules.12bb18a8ada54a042e86.js cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js https://script.hotjar.com/modules.4bbac2bdc7f1b66d3009.js https://www.googletagmanager.com/ https://pbs.twimg.com https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js https://script.hotjar.com/modules.3128f1ee3ce5b65c4961.js https://a.usbrowserspeed.com https://secure.data-insight365.com https://script.hotjar.com/modules.a3cb6dcf71aec7e1a87f.js https://script.hotjar.com/sentry.58c81e3e25532810f6fd.js https://script.hotjar.com/ https://static.addtoany.com https://www.gstatic.com; style-src 'self' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ https://script.hotjar.com/modules.0ef46a83101151841364.js https://cdn.fonts.net/t/1.css cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; frame-ancestors 'self' 1
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'nonce-ml42pVtSPEbcjCePqRE1Xw=='; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 1
font-src *.googleapis.com *.gstatic.com data: *.bglobale.com *.global-e.com https://az693360.vo.msecnd.net *.typekit.net *.typenetwork.com https://plugin-magento-ui.glopalservice.com *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net csxd.izipizi.com *.cloudfront.net *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.salecycle.com *.salecycle.net *.tiktok.com *.tiktok.net *.hipay-tpp.com *.hipay.com *.paypal.com *.klarna.com www.youtube.com https://www.googletagmanager.com/ www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * uat-secure.pointspay.com secure.pointspay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.3lift.com *.360yield.com *.adform.com *.adnxs.com *.assets.sc-trc.com *.nr-data.net *.bing.com *.bidswitch.net *.casalemedia.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.com *.doubleclick.net *.facebook.com *.facebook.net *.ivitrack.com *.izipizi.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.pubmatic.com *.salecycle.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.com *.teads.tv *.thebrighttag.com *.tiktok.com *.tiktok.net *.tremorhub.com *.vo.msecnd.net.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rubiconproject.com *.adform.net *.sync.com *.emxdgt.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.adobedtm.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com uat-secure.pointspay.com secure.pointspay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net acsbapp.com *.beyable.com https://az693360.vo.msecnd.net https://tag.beyable.com *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.contentsquare.com *.privacy-center.org *.doubleclick.net *.elitrack.com *.facebook.com *.facebook.net *.fittingbox.com *.fittingbox.net *.hotjar.com *.jquery.com *.msecnd.net *.salecycle.com *.salecycle.net *.rr.skeepers.io t.contentsquare.net *.tiktok.com *.vimeo.com *.tiktok.net *.windows.net *.zdasets.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://maps.googleapis.com/maps/api/mapsjs *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.cdn-apple.com izipizi.my.join-stories.com *.klarna.com *.klarnacdn.net x.klarnacdn.net www.youtube.com player.vimeo.com *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com uat-secure.pointspay.com secure.pointspay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bglobale.com *.global-e.com *.typekit.net *.zdassets.com *.typenetwork.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.hipay.com *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: mpsnare.iesnare.com *.amazonaws.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.abstasty.net *.acsbapp.com bat.bing.com https://az693360.vo.msecnd.net *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.fr *.google-analytics.com *.googlesyndication.com *.hotjar.io *.izipizi.com *.privacy-center.org *.salecycle.com wss://ws.salecycle.com *.sentry.io *.rr.skeepers.io *.tiktok.com *.tiktok.net *.vimeo.com *.windows.net *.zdassets.com *.zendesk.com *.zopim.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://maps.googleapis.com/maps/api/mapsjs *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net cdn.plyr.io noembed.com *.klarnaservices.com *.klarna.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com uat-secure.pointspay.com secure.pointspay.com maps.googleapis.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com cash-f.squarecdn.com https://cdn.riverty.design/ data: https://fonts.gstatic.com https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com * uc8.tv 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube-nocookie.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com * uc8.tv https://documents.riverty.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com * https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ imgsct.cookiebot.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net https://maps.gstatic.com http://maps.gstatic.com https://maps.googleapis.com http://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.be https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl https://cdn.riverty.design http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.adyen.com pay.google.com *.payments-amazon.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ consent.cookiebot.com blob: https://www.google.com https://ssl.google-analytics.com https://maps.googleapis.com https://ecookie.nl https://www.ecookie.nl https://www.googletagmanager.com https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl *.convertexperiments.com *.voyado.com *.faslet.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.cash.app https://fonts.googleapis.com http://fonts.googleapis.com https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://flirtcreativity.com https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com vimeo.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com * uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com/ https://www.open32.nl https://test.open32.nl https://acceptance.open32.nl https://www.silvercreek.nl https://test.silvercreek.nl https://acceptance.silvercreek.nl https://admin.b32groep.nl https://test.b32groep.nl https://acceptance.b32groep.nl *.voyado.com *.faslet.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/; report-to report-endpoint; 1
report-uri https://www.scor.com/en/system/reporting/csp_report; report-to csp_report 1
default-src 'nonce-a80bb6d8f293831fc1739c6b8b9c1a6f' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://cdn.checkout.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com https://js.checkout.com *.klarna.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.googleapis.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://*.checkout.com *.klarnacdn.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io *.shopify.com https://ipinfo.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://cdn.checkout.com *.fontawesome.com assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com https://js.checkout.com *.klarnaevt.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ASHbVJX0Athyxv477JsowQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' blob: https://prod-bk-web.de.rbi.tools/en/static/js/vendor.33880721.js https://prod-bk-web.de.rbi.tools/en/static/js/main.a163561b.js https://prod-bk-web.de.rbi.tools/en/static/js/runtime.b8140644.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.de.rbi.tools/en/static/js/vendor.d8e34292.js https://prod-bk-web.de.rbi.tools/en/static/js/main.3b550ab2.js https://prod-bk-web.de.rbi.tools/en/static/js/runtime.ae636cad.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com https://pos.snapscan.io https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk secure.nmi.com secure.networkmerchants.com collectcheckout.com merchantx.transactiongateway.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://plumrocket.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk secure.nmi.com secure.networkmerchants.com collectcheckout.com merchantx.transactiongateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.googletagmanager.com https://pos.snapscan.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bablic.com https://s3-us-west-2.amazonaws.com/jsstore/a/* *.fraudlabspro.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.googletagmanager.com secure.nmi.com secure.networkmerchants.com collectcheckout.com merchantx.transactiongateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com https://static.klaviyo.com https://fonts.bunny.net *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net secure.nmi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.snplow.net commerce.adobedc.net commerce.adobe.io https://c.bablic.com https://e2.bablic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk ws: secure.nmi.com secure.networkmerchants.com collectcheckout.com merchantx.transactiongateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-bXAeIMJDWe1d17rViWnN8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-J6LPM9LR+coy1YJ8/QoUSg==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self' *.gs.com; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net https://cdn.appdynamics.com; connect-src 'self' wss://*.gs.com:* *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com *.datadoghq.com; img-src *.gs.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com; style-src 'unsafe-inline' *.gs.com:* https://fast.fonts.net; media-src 'self' *.gs.com ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com; frame-ancestors 'self' https://goldmansachs.experiencecloud.adobe.com:*; worker-src blob: *.gs.com:* *.gs.com:*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.tivly.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://fraudguard.tivly.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://analytics.google.com https://region1.analytics.google.com https://bat.bing.com https://create.leadid.com https://deviceid.trueleadid.com https://create.lidstatic.com https://js.zi-scripts.com https://ws.zoominfo.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://us.app.unleash-hosted.com https://*.cloudfront.net https://d2ydlkypr5z8li.cloudfront.net https://solutions.invocacdn.com https://maps.googleapis.com https://connect.facebook.net https://www.nextinsure.com https://*.atlassian.net https://js-agent.newrelic.com https://www.gstatic.com https://cdnjs.cloudflare.com https://app.jazz.co; connect-src 'self' https://*.optimizely.com https://fraudguard.tivly.com https://us.app.unleash-hosted.com https://js.zi-scripts.com https://ws.zoominfo.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://create.leadid.com https://info.leadid.com https://bam.nr-data.net https://bat.bing.com https://bat.bing.net https://*.twilio.com wss://*.twilio.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.cloudfront.net  https://www.google-analytics.com https://pnapi.invoca.net https://*.invoca.net https://www.nextinsure.com https://maps.googleapis.com https://google.com https://d2ydlkypr5z8li.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.honey.io https://www.gstatic.com; img-src 'self' data: blob: https://cdn.optimizely.com https://*.tivly.com https://*.cloudfront.net https://d2ydlkypr5z8li.cloudfront.net https://*.thehartford.com https://bat.bing.com https://bat.bing.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.it https://www.google.ie https://www.google.mx https://www.google.com.pr https://www.google.com.bd https://www.google.com.ph https://www.google.com.pk https://www.google.nl https://www.google.hn https://www.google.co.in https://www.google.co.jp https://www.google.gr https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.nextinsure.com https://create.leadid.com https://cdn.honey.io https://translate.google.com https://fonts.gstatic.com https://www.googletagmanager.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com; frame-src 'self' https://*.optimizely.com https://deviceid.trueleadid.com https://*.cloudfront.net https://www.googletagmanager.com https://create.leadid.com https://info.leadid.com https://recruiting.paylocity.com https://www.google.com; form-action 'self' https://create.leadid.com https://info.leadid.com https://tivly.com https://www.tivly.com https://tivly.okta.com https://commercialinsurance.okta.com https://www.nextinsure.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; report-uri https://fwfuik6zl2.execute-api.us-east-2.amazonaws.com/default/csp-report-collector 1
default-src 'self' *.localphone.com *.localphone.co.uk; img-src * data:; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://js.stripe.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com; 1
default-src 'self'; 			script-src 'self' 'unsafe-inline' 'unsafe-eval' 			https://assets.adobedtm.com 			https://static.cloud.coveo.com 			https://www.gstatic.com 			https://www.google.com 			https://maps.googleapis.com 			https://dpm.demdex.net; 			https://analytics.cloud.coveo.com 			https://marketplace.api.healthcare.gov 			https://viewlicense.adobe.io 			https://smetrics.bcbsnd.com 			https://px.ads.linkedin.com 			https://geo.fcc.gov; 			style-src-attr 'self' 'unsafe-inline'; 			style-src-elem 'self' 'unsafe-inline'; 			script-src-attr 'self' 'unsafe-inline'; 			script-src-elem 'self' 'unsafe-inline' 			https://assets.adobedtm.com 			https://static.cloud.coveo.com 			https://acrobatservices.adobe.com 			https://www.gstatic.com 			https://www.google.com 			https://maps.googleapis.com 			https://www.youtube.com 			https://player.vimeo.com 			https://connect.facebook.net 			https://api.dmcdn.net 			https://googleads.g.doubleclick.net 			https://snap.licdn.com 			https://www.googletagmanager.com 			https://ipapi.co; 			connect-src 'self' 			https://dpm.demdex.net 			https://analytics.cloud.coveo.com 			https://platform.cloud.coveo.com 			https://platformhipaa.cloud.coveo.com 			https://marketplace.api.healthcare.gov 			https://viewlicense.adobe.io 			https://smetrics.bcbsnd.com 			https://px.ads.linkedin.com 			https://maps.googleapis.com 			https://www.google.com 			https://api.bcbsnd.com 			https://geo.fcc.gov; 			img-src 'self' data: 			https://cm.everesttech.net 			https://maps.gstatic.com 			https://smetrics.bcbsnd.com 			https://www.google.co.in 			https://www.facebook.com 			https://www.google.com; 			media-src 'self' 			https://dai.ly 			https://dl6.webmfiles.org 			https://fb.watch 			https://vimeo.com 			https://youtube.com 			https://youtu.be; 			frame-src 'self' 			https://bcbsnd.demdex.net 			https://acrobatservices.adobe.com 			https://www.googletagmanager.com 			https://www.google.com 			https://player.vimeo.com 			https://www.youtube.com; 			report-to csp-endpoint; report-uri /services/bcbsnd/cspViolation 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-hkvxo0zpmiO68FwducMf9A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org; report-uri /private_apis/content-security-violation/ 1
object-src 'none';base-uri 'self';script-src 'nonce-x7b5cmaPtS_NlzjLQSTBHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6B7zu7-37peSotMhuuUEIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src https://player.vimeo.com https://stats.g.doubleclick.net *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://vev.my.site.com *.cybersource.com https://vev.my.salesforce.com https://fra80.sfdc-urlt2q.salesforce.com https://assets.mapquestapi.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://pay.google.com *.vimeo.com *.youtube.jp https://romerikebb.sharepoint.com https://region1.google-analytics.com https://www.telia.no https://c.tiles.mapbox.com https://mzmoment.app https://vev.my.salesforce-scrt.com https://vev--c.visualforce.com https://www.paypal.com https://appiniummastertrial.secure.force.com *.google.no https://a.tiles.mapbox.com *.youtube.com.br *.salesforce-experience.com https://app.oneflow.com https://www.mapquestapi.com *.youtube.ca *.vidyard.com https://www.gstatic.com/recaptcha/ https://commonapi-gw.get.no https://d.tiles.mapbox.com https://mapconfig.mqcdn.com https://cdn.embedly.com https://www.google.com/recaptcha/ https://m83tkyrsgfqwkylcgqzgkzlbgy.c360a.salesforce.com https://www.sandbox.paypal.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com https://vev--c.vf.force.com https://service.force.com *.force.com https://mzmoment-test.app https://www.vevromerike.no 'self' https://vevromerike.no https://checkoutshopper-test.adyen.com/ https://e360-tracking-service-cdp1.sfdc-yzvdd4.svc.sfdcfc.net https://pal-test.adyen.com *.youtube.es lightning.force.com *.adis.ws https://www.youtube-nocookie.com *.vevromerike.no https://www.googleoptimize.com bcove.video https://vev.lightning.force.com *.youtube.fr https://monitoringpublic.solaredge.com https://*.a.forceusercontent.com https://player.cloudinary.com https://d.la1-core1.sfdc-urlt2q.salesforceliveagent.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com https://tileproxy.cloud.mapquest.com *.brightcove.net *.youtube.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://play.vidyard.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://checkoutshopper-live.adyen.com/ https://d.la11-core1.sfdc-urlt2q.salesforceliveagent.com *.sfdcfc.net *.doubleclick.net https://location.force.com https://players.brightcove.net https://artikler.get.no https://js.stripe.com/ *.vev.lightning.force.com https://www.arrowcommunications.co.uk https://vev.file.force.com https://*.a.forceusercontent.com/lightningmaps/ https://d.la3-c2-fra.salesforceliveagent.com *.wistia.net https://b.tiles.mapbox.com *.youtube.pl https://vev.live-preview.salesforce-experience.com; report-to sfdc-csp-ep; report-uri https://vev.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D24000000Zs0w&networkId=0DM08000000sXzv&type=communities 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src 'self' https://stream.klgd.ru rtmp://stream.klgd.ru https://wowza.klgd.ru https://cctv.klgd.ru 1
object-src 'none';base-uri 'self';script-src 'nonce-yZthMbHHPtD_W7-w3fotqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com cash-f.squarecdn.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com js.mollie.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://maps.googleapis.com *.disqus.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://app.zinrelo.com app.zinrelo.com https://cdn.zinrelo.com/js/all.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://maps.googleapis.com https://player.vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.yotpo.com *.googleapis.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com static.lipscore.com *.stape.io fonts.googleapis.com maxcdn.bootstrapcdn.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.yotpo.com *.facebook.com *.facebook.net *.amazon.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.braintreegateway.com *.paypal.com google.com *.adyen.com *.yotpo.com *.rvvuptech.com *.clearpay.co.uk *.sandbox.paypal.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io www.facebook.com platform.twitter.com *.doubleclick.net *.hotjar.com *.facebook.com *.facebook.net *.vimeo.com *.pinterest.com *.newrelic.com *.zdassets.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.gstatic.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io *.adyen.com https://*.gstatic.com *.yotpo.com *.afterpay.com *.sandbox.paypal.com *.stats.paypal.com dhv2ziothpgrr.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.facebook.com *.facebook.net *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com *.newrelic.com *.media-amazon.com *.payments-amazon.com *.amazon.com *.zdassets.com *.clarity.ms yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com *.yotpo.com *.afterpay.com *.paypal.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com static.lipscore.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io connect.facebook.net twitter.com platform.twitter.com *.googleapis.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.pinterest.com *.tiktok.com *.bing.com *.facebook.com *.facebook.net *.visualwebsiteoptimizer.com *.pinimg.com *.matomo.cloud *.adt313.net *.adt356.net *.adt356.com *.payments-amazon.com *.amazon.com *.zdassets.com *.clarity.ms https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.yotpo.com *.googleapis.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com static.lipscore.com *.googletagmanager.com *.stape.io maxcdn.bootstrapcdn.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.nr-data.net *.bing.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.yotpo.com *.sandbox.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com wapi.lipscore.com users.lipscore.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io *.google.co.uk *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.pinterest.com *.tiktok.com *.facebook.com *.facebook.net bat.bing.com *.bing.com *.postcodeanywhere.co.uk *.payments-amazon.com *.amazon.com *.zdassets.com *.clarity.ms *.merchant-center-analytics.goog 'self' 'unsafe-inline'; child-src *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://592944fc-ced2-48d3-a0ef-ebc9d01e03fd.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com static.baufragen.de data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadolibre.com *.multisafepay.com https://pay.google.com *.cookiebot.com cloud.web.oracdecor.com/newsletter pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com cdn.flbx.io *.cloudfront.net *.disqus.com https://img.youtube.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.multisafepay.com *.cookiebot.com static.przelewy24.pl www.gstatic.com gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.googletagmanager.com *.google-analytics.com ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.getflowbox.com *.disqus.com https://z.moatads.com https://cdn.jsdelivr.net *.mlstatic.com *.mercadopago.com *.multisafepay.com https://pay.google.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.multisafepay.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.getflowbox.com *.mercadopago.com *.mercadolibre.com *.multisafepay.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self' https://*.concern.net https://*.concern.org.uk https://*.systemseed.host https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.cookiebot.com https://*.stripe.com https://*.sociablekit.com https://*.rollbar.com https://*.raisely.com https://*.fundraiseup.com https://*.paypal.com https://*.paypalobjects.com https://*.autoaddress.ie https://maxcdn.bootstrapcdn.com 'nonce-atmF+QWcWV8a/uHm4bBaBQ==' 'strict-dynamic' https:; connect-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self' https: data:; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; form-action 'self' https://*.facebook.com; frame-src 'self' https:; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub91b897b2a14e748cb0371152f548c32c&dd-evp-origin=content-security-policy&ddsource=csp-report-IE-v5 1
object-src 'none';base-uri 'self';script-src 'nonce-W9gQ3yarVNbK0_tUFOdHYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Uf8xVV7_NrQBrBFYYPzyEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SMC7jpw2R5TFo/oZnS/z' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
script-src 'self' 'report-sample' https://frontend.leon.aero https://leon-frontend.s3.eu-west-1.amazonaws.com https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.tiny.cloud blob:; img-src 'self' 'report-sample' https://leon-downloads.s3.eu-west-1.amazonaws.com https://leon-downloads.s3-eu-west-1.amazonaws.com https://api.maptiler.com https://frontend.leon.aero https://leon-frontend.s3.eu-west-1.amazonaws.com https://lsotest2.s3.eu-west-1.amazonaws.com https://leonfiles.s3.eu-west-1.amazonaws.com https://leon-passporteye-production.s3.eu-west-1.amazonaws.com https://leon-passporteye-dev.s3.eu-west-1.amazonaws.com https://leon-marketplace-prod.s3.eu-west-1.amazonaws.com https://charts.leon.aero data: blob:; style-src 'self' 'unsafe-inline' https://leon-downloads.s3.eu-west-1.amazonaws.com https://leon-downloads.s3-eu-west-1.amazonaws.com 'report-sample' https://frontend.leon.aero https://leon-frontend.s3.eu-west-1.amazonaws.com https://fonts.googleapis.com https://cdn.tiny.cloud https://lsotest2.s3.eu-west-1.amazonaws.com https://leonfiles.s3.eu-west-1.amazonaws.com; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://leon-passporteye-production.s3.eu-west-1.amazonaws.com https://leon-passporteye-dev.s3.eu-west-1.amazonaws.com blob: https://secure.payu.com https://merch-prod.snd.payu.com https://www.youtube.com/; object-src 'none'; report-uri https://europe-1.leon.aero/webservices/NewrelicLogger/new_relic_logger.php 1
frame-ancestors 'self'; report-uri https://www.escape.com.au/csp-reports 1
base-uri 'self';connect-src 'self' adservice.google.com identitytoolkit.googleapis.com securetoken.googleapis.com https://stats.g.doubleclick.net wss://orbx-orbs.firebaseio.com wss://*.firebaseio.com www.facebook.com www.google-analytics.com www.google.com consentcdn.cookiebot.com;default-src 'self';form-action 'self' www.facebook.com;img-src 'self' data: *.orbxdirect.com https://orbxdirect.com doubleclick.net i.ytimg.com *.stripe.com *.orbxsystems.com web.goog.cdn.orbxdirect.com www.facebook.com www.google-analytics.com www.gravatar.com imgsct.cookiebot.com;media-src 'self';object-src 'none';script-src 'self' cdnjs.cloudflare.com connect.facebook.net wasm-eval www.google-analytics.com www.googletagmanager.com challenges.cloudflare.com 'nonce-G0itIBIossOCRZbA1wdtfbpxtzsR8IMt';script-src-elem 'self' apis.google.com cdnjs.cloudflare.com checkout.stripe.com connect.facebook.net doubleclick.net *.firebaseio.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com 'nonce-G0itIBIossOCRZbA1wdtfbpxtzsR8IMt';style-src 'self' fonts.googleapis.com p.typekit.net use.typekit.net;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com p.typekit.net use.typekit.net;style-src-attr 'self' 'unsafe-inline';font-src 'self' fonts.gstatic.com use.typekit.net;frame-src checkout.stripe.com orbx-orbs.firebaseapp.com *.firebaseio.com doubleclick.net www.facebook.com facebook.com youtube.com challenges.cloudflare.com consentcdn.cookiebot.com;frame-ancestors 'none';script-src-attr 'nonce-G0itIBIossOCRZbA1wdtfbpxtzsR8IMt' 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://server-side-tagging-xga7vfylma-uc.a.run.app *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.affirm.com *.affirm.ca *.google.com/ https://td.doubleclick.net https://www.googletagmanager.com https://ct.pinterest.com https://x.adroll.com https://cdn.livechatinc.com https://www.facebook.com https://staging-checkout.creditkey.com https://staging.creditkey.com https://checkout.creditkey.com https://creditkey.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.affirm.com *.affirm.ca cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com * store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.affirm.com *.affirm.ca cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ https://cdn.customgpt.ai https://cdn.livechatinc.com https://api.livechatinc.com https://s.pinimg.com https://s.adroll.com https://connect.facebook.net https://bat.bing.com https://www.googletagmanager.com https://d.adroll.com https://ct.pinterest.com https://api.openwidget.com https://analytics.tiktok.com https://cdn.trackdesk.com https://unpkg.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.doofinder.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com * unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.affirm.com *.affirm.ca *.doofinder.com wss://*.doofinder.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://ct.pinterest.com https://www.google.com https://app.customgpt.ai https://d.adroll.com https://analytics.tiktok.com https://server-side-tagging-xga7vfylma-uc.a.run.app *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' https://qa-lapolartarjeta.cs123.force.com 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://soluciones.devetel.net https://checkoutshopper-test.adyen.com/ https://www.tarjetaabc.cl/resource/LP_Lib_IndigitallWebpush_sdk_min_js https://pal-test.adyen.com https://cdn-qservus.redcalidad.com https://www.gstatic.com/ https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://lapolar.qservus.com/ https://connect.facebook.net https://pay.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://qa-lapolartarjeta.cs123.force.com/tarjetalapolar/resource/1574257606000/assets/assets/css/all.css https://www.google.com.br/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://www.google.com/recaptcha/api https://qs28.qservus.com https://dev-lapolartarjeta.cs2.force.com/ blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.tarjetalapolar.cl/resource/1617892734000/OSF_HTMLfiles https://www.abc.cl https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://www.google.com/ 'report-sample' https://www.tarjetalapolar.cl https://abc.cl https://service.force.com/embeddedservice/ https://www.google.coom 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://lapolartarjeta.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D3k000000tOhd&networkId=0DM3k000000kdPK&type=communities 1
font-src https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.weltpixel.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://bat.bing.com/ http://bat.bing.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.attn.tv events.attentivemobile.com https://www.dwin1.com https://widget.usersnap.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://bat.bing.com/ http://bat.bing.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.attn.tv events.attentivemobile.com https://www.facebook.com https://ct.pinterest.com https://analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://bat.bing.com/ http://bat.bing.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-OJIQWzHfSXpQ7tCPozgymQ==' 'strict-dynamic' 'unsafe-eval'; connect-src 'self' https://privatevpn.com https://www.mczbf.com https://www.emjcd.com https://www.sjwoe.com https://cj.dotomi.com https://www.cj.com https://affiliate.privatevpn.com https://widget.intercom.io https://events.intercom.com https://api-iam.eu.intercom.io https://api.eu.intercom.io https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com https://js.intercomcdn.com https://downloads.intercomcdn.eu wss://nexus-europe-websocket.intercom.io wss://primary-realtime-eu.intercom-messenger.com https://api.stripe.com https://r.stripe.com https://hooks.stripe.com https://js.stripe.com https://connect-js.stripe.com https://pay.google.com https://wallet.googleapis.com https://app.termly.io https://us.consent.api.termly.io https://eu.consent.api.termly.io https://www.google-analytics.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://stape.privatevpn.com https://stape.privatesurfforme.net https://q.quora.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.com https://pixel-config.reddit.com; frame-src 'self' https://app.termly.io https://us.consent.api.termly.io https://eu.consent.api.termly.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://api.stripe.com https://r.stripe.com https://hooks.stripe.com https://js.stripe.com https://connect-js.stripe.com https://pay.google.com https://wallet.googleapis.com https://widget.trustpilot.com https://stape.privatevpn.com https://stape.privatesurfforme.net https://www.googletagmanager.com; frame-ancestors 'self'; img-src 'self' data: blob: privatevpn-cms-prod.us-ord-1.linodeobjects.com https://*.stripe.com https://app.termly.io https://us.consent.api.termly.io https://eu.consent.api.termly.io https://widget.trustpilot.com https://q.quora.com https://alb.reddit.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://stape.privatevpn.com https://stape.privatesurfforme.net https://www.googletagmanager.com https://www.google.com https://www.google.se https://js.intercomcdn.com https://static.intercomassets.eu https://downloads.intercomcdn.eu https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com; media-src 'self' https://downloads.intercomcdn.eu https://downloads.intercomcdn.com; style-src 'self' 'unsafe-inline' https://app.termly.io https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; object-src 'none'; base-uri 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rs__vo1-Vmn1eKC6etbAzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'nonce-hSLrcvhri+5094u8W2M98Q==' 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com data: *.fontawesome.com fonts.googleapis.com *.gstatic.com 'self' data: https://www.e-ver.com.ar/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://www.e-ver.com.ar/ https://www.ver.com.ar/ https://api.snappylabs.io/ https://storage.snappylabs.io/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com https://live.decidir.com/ *.magerocket.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://www.google.com *.gstatic.com *.woowup.com https://maps.googleapis.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ https://www.e-ver.com.ar/ https://static.hotjar.com/ https://q.clarity.ms/ https://www.clarity.ms/ https://snappychat.snappylabs.io/ https://api.snappylabs.io/ *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ https://www.e-ver.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://snappychat.snappylabs.io/ https://www.e-ver.com.ar/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io maps.googleapis.com api.comapi.com bam.nr-data.net https://developers.decidir.com *.magerocket.com *.cookielaw.org *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gocuotas.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ https://www.e-ver.com.ar/ https://q.clarity.ms/ https://live.decidir.com/ https://chat.snappylabs.io/ https://o.clarity.ms/ https://ws.snappylabs.io/ https://sessions.bugsnag.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.maksuturva.fi http://host.docker.internal:7001 data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.maksuturva.fi http://host.docker.internal:7001 https://script.custobar.com *.klevu.com *.ksearchnet.com https://script.custobar.com/nf3ax/custobar-k7wdkh46linx.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.maksuturva.fi http://host.docker.internal:7001 https://api.custobar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.gstatic.com; img-src 'self' * data:; frame-src 'self' *.retargetly.com *.doubleclick.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.hypera.com.br http://cdn.evgnet.com/beacon/hyperapharma/hypera/scripts/evergage.min.js https://hyperapharma.us-4.evergage.com https://banner-geolocalizacao.hypera-pharma-s-account.workers.dev https://mapa-gripe.hypera-pharma-s-account.workers.dev *.viacep.com.br *.google-analytics.com *.google.com *.clarity.ms *.hypera.com.br *.retargetly.com *.doubleclick.net; script-src 'self' 'nonce-a9f8efbf1bcb58eaca003c7ff01f8a54' 'nonce-b0d5fee76a0621e54ddbf831efa5a9ba8a4cf33d' 'sha256-R3cSZrKmnEGSaH0zEuTcZ3nnqtzhpC8vkSt+e0OLnGQ=' 'sha256-CmiKzOpf2CeiuZKn3xy9MmkCQwoc1MdoIcO9XfHrnbE=' *.googletagmanager.com *.viacep.com.br *.google.com *.gtm.js https://www.googletagmanager.com *.google-analytics.com *.retargetly.com *.navdmp.com *.gstatic.com *.facebook.net *.clarity.ms *.cloudfront.net cdn.jsdelivr.net *.hypera.com.br api.hypera.com.br hypera.com.br http://cdn.evgnet.com/beacon/hyperapharma/hypera/scripts/evergage.min.js https://hyperapharma.us-4.evergage.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com *.hypera.com.br 1
object-src 'none';base-uri 'self';script-src 'nonce-ki9CF95UvvIXC5Wg2YgGkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.consentmanager.net www.etracker.de de.etracker.com https://delivery.consentmanager.net https://use.typekit.net/eho0yem.js cdn.consentmanager.net delivery.consentmanager.ne use.typekit.net c.delivery.consentmanager.net https://doo.net https://www.doo.net https://wirvwsth.pi-asp.de https://widget.surveymonkey.com https://ajax.googleapis.com https://code.etracker.com/code/e.js code.etracker.com/code/e.js https://code.etracker.com/t.js code.etracker.com/t.js https://code.etracker.com/v1/consent-banners/N8Kcr3/icon https://code.etracker.com/v2/consent-banners/N8Kcr3/banner https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://doo.net https://www.doo.net https://wirvwsth.pi-asp.de https://widget.surveymonkey.com https://ajax.googleapis.com https://code.etracker.com/code/e.js code.etracker.com/code/e.js https://code.etracker.com/t.js code.etracker.com/t.js https://code.etracker.com/v1/consent-banners/N8Kcr3/icon https://code.etracker.com/v2/consent-banners/N8Kcr3/banner https://cdnjs.cloudflare.com; frame-ancestors 'self' https://doo.net https://www.doo.net https://wirvwsth.pi-asp.de https://widget.surveymonkey.com https://ajax.googleapis.com 1
default-src 'self' https://hosting.gl; script-src 'self' 'unsafe-inline' https://hosting.gl https://hosting.gl/templates/lagom2/assets/js/ https://statistics.hosting.gl https://www.googletagmanager.com https://connect.facebook.net https://widget.trustpilot.com https://cdn.datatables.net https://customerwidget.joinflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://region1.google-analytics.com https://statistics.hosting.gl https://www.facebook.com https://api.telavox.se https://payment.quickpay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.facebook.com data:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://widget.trustpilot.com; form-action 'self'; frame-ancestors 'self'; report-uri https://hostinggl.report-uri.com/r/d/csp/wizard 1
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; report-uri https://csp-reports.firmseek.com/hodgsonruss; 1
default-src 'self' *.analytics.google.com *.clarity.ms *.google-analytics.com *.googletagmanager.com affil.eshop-rychle.cz consent.cookie-script.com exponea-api.eshop-rychle.cz googleads.g.doubleclick.net pagead2.googlesyndication.com stats.g.doubleclick.net www.google.com www.youtube.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' *.hotjar.com fonts.gstatic.com; img-src 'self' *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.hotjar.com bat.bing.com c.seznam.cz googleads.g.doubleclick.net www.facebook.com www.google.com www.google.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.hotjar.com affil.eshop-rychle.cz bat.bing.com c.imedia.cz c.seznam.cz cdn.cookie-script.com connect.facebook.net exponea-api.eshop-rychle.cz googleads.g.doubleclick.net static.hotjar.com script.hotjar.com www.clarity.ms www.google.com www.googleadservices.com www.gstatic.com www.seznam.cz; style-src 'self' 'unsafe-inline' *.hotjar.com fonts.googleapis.com 1
default-src 'self' data: https://app.convertful.com https://*.dynatrace.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://forms.hscollectedforms.net https://*.hsforms.com https://*.hubspot.com https://*.monetate.net https://*.optimizely.com https://*.cdn.optimizely.com https://cdn.cloud.ecom-dev.pattersoncompanies.dev https://*.corp.ecom-dev.pattersoncompanies.dev https://cdn.cloud.pattersoncompanies.com https://use.typekit.net https://consent.trustarc.com https://siteintercept.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://players.brightcove.net https://cdn.callrail.com https://www.clickcease.com https://app.convertful.com https://googleads.g.doubleclick.net https://*.dynatrace.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hubspot.com https://*.monetate.net https://cdn.optimizely.com https://cdn.cloud.pattersoncompanies.com https://cdn.cloud.ecom-dev.pattersoncompanies.dev https://*.corp.ecom-dev.pattersoncompanies.dev https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://consent.trustarc.com; style-src 'self' 'unsafe-inline' https://cdn.cloud.pattersoncompanies.com https://cdn.cloud.ecom-dev.pattersoncompanies.dev https://*.typekit.net; connect-src 'self' https://bat.bing.com https://manifest.prod.boltdns.net https://edge.api.brightcove.com https://*.brightcovecdn.com https://app.convertful.com https://googleads.g.doubleclick.net https://*.dynatrace.com https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://forms.hscollectedforms.net https://forms.hsforms.com https://*.hubspot.com https://logx.optimizely.com https://billpay.pattersonvet.com https://content.pattersonvet.com https://gw.pattersoncompanies.com https://siteintercept.qualtrics.com https://tags.srv.stackadapt.com https://consent.trustarc.com; script-src-elem 'self' 'unsafe-inline' https://bat.bing.com https://players.brightcove.net https://cdn.callrail.com https://www.clickcease.com https://app.convertful.com https://googleads.g.doubleclick.net https://js-cdn.dynatrace.com https://connect.facebook.net https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsforms.net https://js.hs-scripts.com https://js.hubspot.com https://f.monetate.net https://se.monetate.net https://cdn.cloud.pattersoncompanies.com https://cdn.optimizely.com https://billpay.pattersonvet.com https://content.pattersonvet.com https://gw.pattersoncompanies.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://tags.srv.stackadapt.com https://consent.trustarc.com https://vjs.zencdn.net; frame-src https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.cdn.optimizely.com https://billpay.pattersonvet.com https://content.pattersonvet.com https://gw.pattersoncompanies.com https://*.cdn.optimizely.com/'; frame-ancestors 'self' https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://*.pattersoncompanies.com https://*.pattersoncompanies.dev https://rs.fullstory.com https://edge.fullstory.com; img-src 'self' data: https://bat.bing.com https://*.boltdns.net https://metrics.brightcove.com https://www.facebook.com https://googleads.g.doubleclick.net https://edge.fullstory.com https://rs.fullstory.com https://www.google.ca https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://*.hsforms.com https://*.hubspotusercontent-na1.net https://track.hubspot.com https://cdn.cloud.pattersoncompanies.com https://billpay.pattersonvet.com https://content.pattersonvet.com https://gw.pattersoncompanies.com https://tags.srv.stackadapt.com; font-src 'self' data: https://edge.fullstory.com https://www.google.com https://www.googleadservices.com https://fonts.gstatic.com https://gw.pattersoncompanies.com https://consent.trustarc.com https://use.typekit.net; worker-src 'self'; media-src 'self'; 1
default-src 'self' https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev https://forms-eu1.hsforms.com/* https://*.hsforms.com https://www.youtube.com https://*.hubspot.com https://*.usemessages.com https://*.l-expert-comptable.com https://googletagmanager.com https://www.googletagmanager.com https://l-expert-comptable.akimeo.app https://*.hsleadflows.net https://open.spotify.com/ https://*.typeform.com; script-src 'self' https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev https://forms-eu1.hsforms.com/* https://*.hsforms.com https://www.youtube.com https://*.hubspot.com https://*.usemessages.com https://*.l-expert-comptable.com https://googletagmanager.com https://www.googletagmanager.com https://l-expert-comptable.akimeo.app https://*.hsleadflows.net https://open.spotify.com/ https://*.typeform.com cdn.jsdelivr.net cdn.rawgit.com https://cdnjs.cloudflare.com https://github.com https://www.google.com mdbootstrap.com; style-src 'self' https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.experimentation.dev https://forms-eu1.hsforms.com/* https://*.hsforms.com https://www.youtube.com https://*.hubspot.com https://*.usemessages.com https://*.l-expert-comptable.com https://googletagmanager.com https://www.googletagmanager.com https://l-expert-comptable.akimeo.app https://*.hsleadflows.net https://open.spotify.com/ https://*.typeform.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com; form-action * 1
default-src 'self'; connect-src 'self' https://*.hotjar.com:* https://aggregator.service.usercentrics.eu https://analytics.tiktok.com https://api.omappapi.com https://api.trustpilot.com https://api.usercentrics.eu https://bat.bing.com https://ct.pinterest.com https://graphql.usercentrics.eu https://pagead2.googlesyndication.com https://services.ottonova.de https://ssl.google-analytics.com https://sst.ottonova.de https://stats.g.doubleclick.net https://*.hotjar.io https://trc-events.taboola.com https://www.google-analytics.com wss://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://gum.criteo.com https://hal9000.redintelligence.net https://static.criteo.net https://tr.snapchat.com https://www.awin1.com https://vars.hotjar.com https://www.youtube.com; img-src 'self' data: https:; script-src 'self' 'nonce-c65d3f145217486f5cb444a80e11b27d' 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; base-uri 'none'; report-uri https://ottonova.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.nic.audi/api/csp-report; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'nonce-SQu2lfsfA4uCVbtbr4XoIA==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
report-uri /csp-log.php;         report-to csp-log-endpoint;         default-src 'self';         style-src 'self' 'unsafe-inline' https://static.tegut.com/ *.typekit.com *.typekit.net https://fast.fonts.net/;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu *.typekit.com *.typekit.net https://static.tegut.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com/ https://analytics.tiktok.com/ https://www.youtube.com/ https://www.googleadservices.com/ https://www.google.com https://www.google.hu https://www.google.lu/ https://www.google.de/ https://www.google.at/ https://www.google.pl/ https://ad1.adfarm1.adition.com/ https://cdn.scarabresearch.com/ https://static.scarabresearch.com/ https://bat.bing.com/ https://s.pinimg.com/ https://s2.adform.net/ https://track.adform.net/ https://ct.pinterest.com/ https://track.adform.net/ https://assets.pinterest.com/;         img-src 'self' data: https://static.tegut.com/ https://*.usercentrics.eu https://www.google.com https://www.google.hu https://www.google.lu/ https://www.google.de/ https://www.google.at/ https://www.google.pl/ https://www.facebook.com/ https://www.google-analytics.com/ https://tegut.maps.dmknet.de/ https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.googletagmanager.com/ https://maps.gstatic.com/ https://log.pinterest.com/;         object-src 'self' https://*.usercentrics.eu https://static.tegut.com/ blob:;         connect-src 'self' data: https://*.usercentrics.eu https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://recommender.scarabresearch.com/ https://www.google.com https://www.google.hu https://www.google.lu/ https://www.google.de/ https://www.google.at/ https://www.google.pl/ https://analytics.tiktok.com/ https://webchannel-content.eservice.emarsys.net/ https://ct.pinterest.com/ https://bat.bing.net/ https://bat.bing.com/ https://www.googleadservices.com/;         font-src 'self' data: https://static.tegut.com/ https://use.typekit.com/;         frame-src 'self' https://jackpot.tegut.com/ https://www.youtube-nocookie.com/ https://12761294.fls.doubleclick.net/ https://www.facebook.com/ https://ct.pinterest.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/; 1
object-src 'none'; script-src 'nonce-pKQxUxX_ivhLZzbi5pMszrVd' 'strict-dynamic' http: https:; base-uri 'none'; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com seal.digicert.com assurance.sysnetgs.com mylivechat.com *.mylivechat.com flagpedia.net *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com seal.digicert.com assurance.sysnetgs.com mylivechat.com a5.mylivechat.com libs.na.bambora.com cdn.jsdelivr.net maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com a5.mylivechat.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com seal.digicert.com assurance.sysnetgs.com mylivechat.com a5.mylivechat.com libs.na.bambora.com www.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-9HL-n7IT1tSloOlLsRAdOg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com *.googletagmanager.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline' *.google.com;script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.googletagmanager.com *.google.com *.etracker.com 1
default-src 'self'; script-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com; img-src 'self' data:;; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://themes.googleusercontent.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-src *.force.com https://player.vimeo.com https://www.vimeo.com 'self' https://stats.g.doubleclick.net https://script.hotjar.com https://api-preview.luckyorange.com *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://usa274.sfdc-lywfpd.salesforce.com https://pal-test.adyen.com *.cybersource.com *.youtube.es https://static.hj.contentsquare.net https://hmproxy.luckyorange.com *.adis.ws https://settings.luckyorange.com https://cpaacademy.my.salesforce.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://s3.amazonaws.com https://www.google.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video https://www.interamark.com https://www.cpaacademy.org *.youtube.fr https://*.a.forceusercontent.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws https://*.hotjar.com *.forceusercontent.com https://cpaacademy--c.na100.visual.force.com *.brightcove.net *.youtube.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net https://cpaacademy.s3.us-west-2.amazonaws.com *.quip.com *.arkoselabs.com https://api.mixpanel.com *.youtube-nocookie.com https://www.paypal.com https://cpaacademy.na100.my.salesforce.com https://appiniummastertrial.secure.force.com https://play.vidyard.com *.youtube.com.br *.salesforce-experience.com https://googleads.g.doubleclick.net *.salesforceliveagent.com https://pubsub.googleapis.com https://scormanywhere.secure.force.com https://cpaacademy.file.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net https://cpaacademy.org *.youtube.ca https://location.force.com *.vidyard.com https://cpaacademy.s3.amazonaws.com https://cpaacademy.s3-us-west-2.amazonaws.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://beta.cpaacademy.org https://www.google.co.in https://cdn.embedly.com https://cpaacademy--livepreview.na100.force.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com http://click.edu.cpaacademy.org https://staging.cpaacademy.org https://vimeo.com https://*.a.forceusercontent.com/lightningmaps/ https://t.contentsquare.net https://www.googletagmanager.com https://use.fontawesome.com https://cpaacademy.my.site.com *.wistia.net *.salesforce.com https://*.contentsquare.net https://storage.googleapis.com *.youtube.pl; report-to sfdc-csp-ep; report-uri https://cpaacademy.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DC0000000PiAN&networkId=0DMQh0000000DQI&type=communities 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com snap.licdn.com connect.facebook.net www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net translate.googleapis.com prod.ally.ac a.omappapi.com a.opmnstr.com yoda.unifyed.com www.googleadservices.com js.adsrvr.org translate.google.com cdn01.basis.net translate-pa.googleapis.com cdn.gtranslate.net tags.srv.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' cloud.typography.com tags.srv.stackadapt.com a.omappapi.com prod.ally.ac translate.googleapis.com fonts.gstatic.com fonts.googleapis.com www.gstatic.com; img-src 'self' my.unifyed.com px.ads.linkedin.com www.gstatic.com www.facebook.com www.google.com pixel.sitescout.com www.google-analytics.com i.ytimg.com i.vimeocdn.com translate.google.com translate.googleapis.com fonts.gstatic.com ad.doubleclick.net manageimages-prod.s3.amazonaws.com data:; frame-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; frame-ancestors 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; child-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' cloud.typography.com tags.srv.stackadapt.com api.omappapi.com prod.ally.ac translate.googleapis.com yoda.unifyed.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net play.google.com www.facebook.com https://px.ads.linkedin.com/wa/; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: data: *.wbbasket.ru *.geobasket.ru *.wbcontent.net *.wb.ru *.wb.cn *.wb.by *.wb.ge *.wildberries.ru *.wildberries.cn *.wildberries.by *.wildberries.ge *.wildberries.et *.wildberries.tj *.api-maps.yandex.ru *.maps.yandex.net yastatic.net/s3/front-maps-static/ wss://bfd-b.wildberries.ru; report-uri https://nel.wb.ru/cspl 1
connect-src 'self' app.termly.io us.consent.api.termly.io www.google.com; default-src 'self'; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; frame-src app.termly.io www.youtube.com www.google.com; img-src 'self' data: s.w.org secure.gravatar.com www.googletagmanager.com i.ytimg.com; manifest-src 'self'; object-src 'none'; script-src 'self' googletagmanager.com; script-src-elem 'nonce-6613db6c28' 'self' app.termly.io www.googletagmanager.com ajax.cloudflare.com www.google.com www.gstatic.com static.cloudflareinsights.com; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com static.cloudflareinsights.com; worker-src blob:; base-uri 'none'; report-uri https://w73n8sbh.uriports.com/reports 1
default-src 'self'; script-src 'self' 'strict-dynamic' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net data: https://*.openstreetmap.org 'report-sample' 'nonce-bdMsIQzuDLyZiwLf6JOobsICAb00KWi3ruArNAk_wv2WBIpGCLzzrg'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://www.google.ch data: https://i.vimeocdn.com https://*.openstreetmap.org; base-uri 'self'; frame-src https://www.googletagmanager.com https://player.vimeo.com; style-src-elem 'self' 'nonce-bdMsIQzuDLyZiwLf6JOobsICAb00KWi3ruArNAk_wv2WBIpGCLzzrg' 'report-sample'; object-src 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://vimeo.com https://player.vimeo.com data: https://*.openstreetmap.org; style-src 'self' 'report-sample'; report-uri https://axc.biz/@http-reporting?csp=report&requestTime=1773718233796299&requestHash=3bcd1a2a0ff9299510f94e957953135a71c3f75f 1
object-src  'none'; connect-src 'self' *.dogfartnetwork.com *.dfxtra.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.dogfartnetwork.com *.dfxtra.com join.gammasecure.com; script-src 'self' *.dogfartnetwork.com *.dfxtra.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.dogfartnetwork.com *.dfxtra.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.careem-pay.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.myfatoorah.com *.sheeel.com *.fontawesome.com *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kpaytest.com.kw *.kpay.com.kw https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b-cdn.net *.tap.company *.careem-pay.com *.myfatoorah.com www.googletagmanager.com *.snapchat.com *.facebook.net/ *.kpaytest.com.kw *.kpay.com.kw https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b-cdn.net *.myfatoorah.com *.googleapis.com *.facebook.net *.sheeel.com *.snapchat.com *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b-cdn.net *.careem-pay.com *.cloudflare.com *.googleapis.com *.myfatoorah.com *.sheeel.com *.cdn-apple.com *.facebook.net/ *.facebook.com sc-static.net *.snapchat.com libraries.unbxdapi.com analytics.tiktok.com js-agent.newrelic.com analytics.ahrefs.com *.amazonaws.com *.cloudfront.net https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.b-cdn.net maxcdn.bootstrapcdn.com *.myfatoorah.com *.sheeel.com *.fontawesome.com *.amazonaws.com *.cloudfront.net https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dev.tap.company *.tap.company *.myfatoorah.com region1.analytics.google.com *.cdn-apple.com region1.google-analytics.com *.googleapis.com *.sheeel.com *.snapchat.com www.google.com search.unbxd.io *.facebook.net bam.eu01.nr-data.net analytics.tiktok.com tracker.unbxdapi.com analytics.ahrefs.com *.amazonaws.com *.cloudfront.net *.kpaytest.com.kw *.kpay.com.kw https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.sheeel.com bam.eu01.nr-data.net www.google.com analytics.tiktok.com tr6.snapchat.com tracker.unbxdapi.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google-analytics.com https://www.google.com https://amrest.containers.piwik.pro https://amrest.piwik.pro/ppms.js https://cdnjs.cloudflare.com https://unpkg.com https://www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google.com https://amrest.containers.piwik.pro https://amrest.piwik.pro/ppms.js https://cdnjs.cloudflare.com https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.amrest.eu/en/report-uri/reportOnly 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.facebook.com *.facebook.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ts.tradetracker.net www.magmodules.eu magefan.com cm.magefan.com *.facebook.com *.facebook.net https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com tm.tradetracker.net *.facebook.com *.facebook.net *.googletagmanager.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.facebook.net *.google-analytics.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-5ZMYDiGwMu9qAFxEPUhdjwEDwIU=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com *.cloudfront.net *.zopim.com *.sfdcstatic.com https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.ttf use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net widgets.automizely.com widgets.automizely.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.scosche.com *.google.co.in *.sharethis.com *.adnxs.com *.adsrvr.org *.b1img.com *.amazon.com/* http://b1img.com *.force.com *.cloudfront.net www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.thecustomproductbuilder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com s7.addthis.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cardinalcommerce.com g.doubleclick.net *.google.com *.zdassets.com *.nmgassets.com *.expertrec.com *.tiktok.com *.trackedweb.net *.shop.pe *.google.co.in *.sharethis.com *.zopim.com *.adnxs.com *.b1js.com *.cloudfront.net *.hotjar.com *.b1img.com http://shop.pe *.amazonaws.com http://b1img.com *.jsdelivr.net *.zendesk.com *.newrelic.com *.force.com https://service.force.com/embeddedservice/5.0/esw.min.js *.shopbox.ai https://shopbox-widgets-storybook.pages.dev/sbmain.min.js https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com https://d41000002lgrjea2.my.salesforce-sites.com *.my.salesforce-sites.com https://d41000002lgrjea2.my.salesforce.com/lightning/lightning.out.js https://d41000002lgrjea2.my.salesforce.com/lightning/lightning.out.delegate.js https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.10/purify.js https://cmp.osano.com/AzqbnpTQhAyVm3E99/8df62698-cfde-462e-8a72-94fe3192c7c1/osano.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.15f60036.js https://d41000002lgrjea2.my.salesforce-sites.com/liveAgentSetupFlow/embeddedService/sidebarApp.app *.iesnare.com *.pinimg.com *.pinterest.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.addshoppers.com *.force.com https://d41000002lgrjea2.my.salesforce-sites.com https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com *.my.salesforce-sites.com https://static-tracking.klaviyo.com/onsite/js/532.fa051703115da6a50763.css *.klaviyo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.iesnare.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.automizely.com api.automizely.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com ekr.zdassets.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sharethis.com *.trackedweb.net *.klaviyo.com *.zopim.com *.zendesk.com *.hotjar.io *.shop.pe wss://widget-mediator.zopim.com wss://pod-27.zendesk.com *.nr-data.net https://bam.nr-data.net *.jsdelivr.net *.my.sentry.io *.hotjar.com/* wss://ws.hotjar.com *.safeopt.com *.scosche.com *.force.com *.run.app *.a.run.app https://d.la1-core1.sfdc-lywfpd.salesforceliveagent.com *.salesforceliveagent.com https://d41000002lgrjea2.my.salesforce-sites.com *.my.salesforce-sites.com *.tiktok.com *.pinterest.com *.googleapis.com *.iesnare.com *.osano.com *.api.osano.com  wss://mpsnare.iesnare.com/star *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.artifi.net *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.hotjar.com *.sfdcstatic.com *.shopify.com *.trustedshops.com *.twimg.com *.twitter.com *.checkout.vficloud.net *.vficloud.net *.amazonaws.com *.checkout.verifone.cloud *.verifone.cloud https://fonts.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.swellrewards.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.artifi.net *.boyslife.org *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.doubleclick.net *.facebook.com *.force.com *.hotjar.com *.kaptcha.com *.scouting.org *.swellrewards.com *.twitter.com *.weltpixel.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.artifi.net *.cookiebot.com *.amazonaws.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.facebook.com *.facebook.net *.google.com *.google.co.in *.google.lv *.googleadservices.com *.googletagmanager.com *.hotjar.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.scoutshop.org *.scoutstuff.org *.shopify.com *.siteimproveanalytics.io *.smsbump.com *.swellrewards.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.reddit.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.artifi.net *.cookiebot.com *.verifone.cloud *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.ecomm-nav.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.jquery.com *.klaviyo.com *.nextopia.net *.nextopiasoftware.com *.paypal.com *.salesforceliveagent.com siteimproveanalytics.com *.stape.io *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.vficloud.net *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce-sites.com *.lightning.force.com *.secure.force.com *.checkout.vficloud.net *.checkout.verifone.cloud widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com *.kaptcha.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com youtu.be www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.artifi.net *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.force.com *.google.com *.googleapis.com *.gstatic.com *.klaviyo.com *.nextopia.net *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.secure.force.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com tagmanager.google.com assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.scoutshop.org player.vimeo.com www.youtube.com youtu.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.artifi.net *.cookiebot.com *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google.lv *.hotjar.com *.hotjar.io *.klaviyo.com *.scoutshop.org *.socialannex.com *.swellrewards.com *.twimg.com *.twitter.com wss: *.secure.force.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f0e6bfef-e270-42d2-8f01-c8e72656172d.sansec.watch/; report-to report-endpoint; 1
default-src 'self' *.alfainsurance.com www.alfainsurance.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' alfainsurance.com www.alfainsurance.com *.alfainsurance.com *.google-analytics.com *.googleapis.com *.googletagmanager.com https://unpkg.com/vue@3.5.12/dist/vue.esm-browser.prod.js https://unpkg.com/vue@3.5.12/dist/vue.esm-browser.js *.cloudflare.com *.godaddy.com *.oktacdn.com *.amazon-adsystem.com *.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.tvsquared.com *.oraclecloud.com *.custhelp.com *.rightnowtech.com *.forticloud.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.alfainsurance.com alfainsurance.com www.alfainsurance.com https://maps.googleapis.com maps.googleapis.com *.googleapis.com *.oraclecloud.com *.custhelp.com vsvipph01.rightnowtech.com https://vsvipph01.rightnowtech.com *.forticloud.com *.oktacdn.com *.googletagmanager.com *.cloudflare.com *.facebook.net *.godaddy.com https://unpkg.com/vue@3.5.12/dist/vue.esm-browser.js *.amazon-adsystem.com *.google.com *.tvsquared.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' alfainsurance.com www.alfainsurance.com fonts.googleapis.com *.oktacdn.com *.cloudflare.com *.alfainsurance.com *.oktacdn.com alfamutual--tst.custhelp.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.alfainsurance.com www.alfainsurance.com cdn.jsdelivr.net cdn.honey.io *.oraclecloud.com *.googleapis.com *.fontawesome.com *.googletagmanager.com *.gstatic.com *.oktacdn.com; img-src 'self' data: alfainsurance.com www.alfainsurance.com *.alfainsurance.com *.google-analytics.com *.godaddy.com *.mdhv.io *.adxcel-ec2.com *.facebook.com *.tvsquared.com *.doubleclick.net *.google.com *.googletagmanager.com *.analyticowl.com *.arttrk.com arttrk.com *.oktacdn.com *.oraclecloud.com *.custhelp.com analytics.twitter.com cdn.aisoftware.com cdn.honey.io cdn.prod.website-files.com *.gstatic.com *.paymentus.com *.googleapis.com *.facebook.net; font-src 'self' alfainsurance.com www.alfainsurance.com *.alfainsurance.com fonts.gstatic.com *.oktacdn.com cdn.scite.ai *.cloudflare.com *.fontawesome.com; connect-src 'self' www.alfainsurance.com *.alfainsurance.com *.google.com *.amazon-adsystem.com https://localhost:* http://localhost:* wss://localhost:* ws://localhost:* *.paa-reporting-advertising.amazon *.doubleclick.net  *.google-analytics.com *.custhelp.com *.googletagmanager.com www.googletagmanager.com googletagmanager.com *.facebook.com *.googleadservices.com *.cloudflare.com *.facebook.net *.googleapis.com *.gstatic.com *.oktacdn.com *.okta.com *.forticloud.com *.oraclecloud.com *.godaddy.com; frame-src 'self' alfainsurance.com www.alfainsurance.com *.alfainsurance.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.where2getit.com *.custhelp.com *.google.com alfafarmers.org *.paymentus.com *.facebook.com *.amazon-adsystem.co;object-src 'none';base-uri 'self' global.oktacdn.com;form-action 'self' *.alfainsurance.com alfainsurance.com www.alfainsurance.com;frame-ancestors 'self' alfainsurance.com *.alfainsurance.com www.alfainsurance.com;report-uri /csp-violation-report;media-src 'self' data: *.alfainsurance.com alfainsurance.com www.alfainsurance.com *.oktacdn.com *.gstatic.com; child-src 'self' *.alfainsurance.com www.alfainsurance.com; worker-src 'self' *.alfainsurance.com www.alfainsurance.com; upgrade-insecure-requests; block-all-mixed-content;  1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.hu https://www.myheritage.hu  'unsafe-eval' 'nonce-99310a82dd4f530dd56086299fb87062' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.hu;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self'; script-src 'self' 'nonce-WBxu8V37lSrlT8AtI0nG7A==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.pt *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.pt; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; connect-src 'self' https://prod.radiozamaneh.org https://s3.eu-de.cloud-object-storage.appdomain.cloud/static-reflection/ https://static-reflection.netlify.app https://i.zamaneh.media https://*.contentinsights.com https://*.smartocto.com https://www.googleapis.com https://attestation.android.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://csi.gstatic.com https://*.adtrafficquality.google; font-src 'self'; img-src 'self' https://i.zamaneh.media https://*.contentinsights.com https://i.ytimg.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com data:; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; frame-src https://platform.twitter.com https://www.youtube-nocookie.com https://www.instagram.com https://w.soundcloud.com https://www.google.com https://*.googlesyndication.com https://www.googleadservices.com https://securepubads.g.doubleclick.net; report-uri https://snfbtd92.uriports.com/reports/report; report-to policy 1
frame-src *.bimco.org *.cookiebot.com *.dotdigital-pages.com *.doubleclick.net *.googletagmanager.com 'self';font-src *.gstatic.com data: 'self';img-src data: https: 'self';script-src https: 'self' 'strict-dynamic' 'unsafe-eval' 'nonce-iQIatvq457tVXppZXS6XM/V7';connect-src https: 'self';style-src https: 'self' 'unsafe-inline';default-src 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NSBA/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogiclongterm.s3.amazonaws.com/NSBA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicstream.s3.amazonaws.com/NSBA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=24831&v=v1.0&payload=ymp00hZ1EycWvkX3IquhUieuZ-WwiM7wmeLf82fnMT6pUZ5yKevVikT-ngB7BfWK8foLZ2v_8uZQ1XcRDBaDNEff6t0LukHcBCSLf3O7WsiPsJIG8gLjwnlgEz3qKuzQK9HfWp5-_kfa5mDzQ-fCbQHPKC_1phKBGZamhc6pNfrK2HUMIBqLitq2oRZvl7kMXG4RJCygx9tqjjICHGUSug==; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; report-uri https://nz14bhs2.uriports.com/reports/report; report-to default 1
default-src 'self'; frame-ancestors 'self'; font-src 'self' data: https:; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-inline' https: 'nonce-0093a680e06a59f2dde2dba42eef3162'; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' data: https: https://o449122.ingest.sentry.io https://o449122.ingest.us.sentry.io; report-uri https://o449122.ingest.sentry.io/api/5431524/security/?sentry_key=253b89ec8d6246bf8482cbc0a90715ba&sentry_release=20260305.1&sentry_environment=production 1
default-src 'self' https:; font-src 'self' https: data: https://d3858hfkbmzrt.cloudfront.net; img-src 'self' https: data: https://d3858hfkbmzrt.cloudfront.net; object-src 'none'; script-src 'strict-dynamic' 'self' https: blob: https://js-agent.newrelic.com https://*.nr-data.net https://*.sdkassets.chime.aws https://d3858hfkbmzrt.cloudfront.net 'nonce-h5VJCyKsEGCgMdIMCj43+A=='; style-src 'self' https: https://d3858hfkbmzrt.cloudfront.net 'unsafe-inline' 'nonce-h5VJCyKsEGCgMdIMCj43+A=='; frame-src 'self' https://helloglobo.looker.com; manifest-src 'self'; worker-src 'self' blob: https://*.sdkassets.chime.aws; media-src 'self' https: https://d3858hfkbmzrt.cloudfront.net; base-uri 'self'; connect-src 'self' ws: wss://*.pusher.com wss://*.pusherapp.com https://*.pusher.com https://*.twilio.com wss://*.twilio.com https://js-agent.newrelic.com https://*.nr-data.net https://*.chime.aws wss://*.chime.aws https://*.amazonaws.com https://*.sdkassets.chime.aws 1
connect-src 'self' blob: *.agendrix.com analytics.google.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com www.google.com www.google.ca stats.g.doubleclick.net api-eu1.hubapi.com api-eu1.hubspot.com forms-eu1.hsforms.com perf-eu1.hsforms.com cta-eu1.hubspot.com content.hotjar.io metrics.hotjar.io vc.hotjar.io wss://ws.hotjar.com *.pathmonk.com a.omappapi.com api.omappapi.com z.omappapi.com bat.bing.com bat.bing.net www.facebook.com px.ads.linkedin.com pixel-config.reddit.com www.googleadservices.com pagead2.googlesyndication.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com ams.wpml.org maps.googleapis.com g.tenor.com media.tenor.com my.yoast.com static.cloudflareinsights.com cloudflareinsights.com unpkg.com edge.fullstory.com rs.fullstory.com *.ingest.sentry.io; default-src 'self' *.agendrix.com; font-src 'self' data: *.agendrix.com; form-action 'self' *.agendrix.com accounts.google.com appleid.apple.com; frame-ancestors 'self'; frame-src 'self' *.agendrix.com www.google.com www.googletagmanager.com calendly.com *.hotjar.com vars.hotjar.com forms-eu1.hsforms.com www.facebook.com td.doubleclick.net; img-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agendrix.com js-eu1.hs-analytics.net www.googletagmanager.com static.cloudflareinsights.com cdn-4.convertexperiments.com *.pathmonk.com static.hotjar.com script.hotjar.com a.omappapi.com cdn-cookieyes.com www.google.com www.gstatic.com maps.googleapis.com googleads.g.doubleclick.net snap.licdn.com bat.bing.com connect.facebook.net unpkg.com assets.calendly.com ams.wpml.org edge.fullstory.com; style-src 'self' 'unsafe-inline' *.agendrix.com; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=TSYCDNowMOtZbir6D._mHZGvpRmI1MMCqNrF7PDYECE-1773712697.0476913-1.0.1.1-nZfeoNWCfZCffQxVKyWwRsm95_KbzkhT.Pe1AHqb1RvFhw1ij1UYxSNKgWUhqY.L1V_PWELvdCUOq1hrw8Ygrq9uMmIhL65c8XVPVxG5Flxjd_mAom4Waivr4lkeXqBxLJp4M9PA63FwDyNA8q3qLZrBVr9fQOF6ODe8BNCr32LKfCE.ioKqC6GWlsczffyri1q7hFztofuLlsQOC8EJjg; report-to cf-ddjojjhbcebsmzqi 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net *.facebook.com *.adsrvr.org www.google.com.au *.bing.com *.criteo.com sq-trk.gammaplatform.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com libraries.unbxdapi.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal facebook.net connect.facebook.net facebook.com delta.pedders.com.au js.adsrvr.org *.bing.com *.criteo.com sq-trk.gammaplatform.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com libraries.unbxdapi.com cdnjs.cloudflare.com *.cloudfront.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com delta.pedders.com.au *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com search.unbxd.io tracker.unbxdapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self' 'unsafe-inline'; report-uri https://rev-a-shelf.com/csp/index/report; report-to report-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src http: https: blob: 'self' 'unsafe-inline' assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com; connect-src 'self' 'unsafe-inline' dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com https://ct.pinterest.com https://stats.g.doubleclick.net https://m.addthis.com https://www.paypalobjects.com https://www.chasepaymentechhostedpay-var.com *.facebook.com https://bam.nr-data.net/ wss://ws.hotjar.com/ https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.aptrinsic.com https://searchserverapi.com https://dpm.demdex.net *.hotjar.io https://bam-cell.nr-data.net/ 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net *.googletagmanager.com *.doubleclick.net *.google.ca *.google.com.mx *.braintreegateway.com https://maps.googleapis.com *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline' *.adobe.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.adobe.com fonts.googleapis.com *.certcapture.com https://static.rev-a-shelf.com *.rev-a-shelf.com https://static.trescolighting.com https://fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.aptrinsic.com https://searchserverapi.com; script-src 'self' 'unsafe-eval' 'nonce-enh1YnUxMWtlZTZyNWRjcDJxZWszaHZpNW16ajVyNjA=' 'nonce-ZWVidWd1NHlqZTJ5a25nNWJ5dXpya2xlZmk2MGRnb3Q=' 'sha256-UMrwMsNK5sO+p3F0aT6Hw7vIQCR131ROgVA5fMIHr4w=' 'sha256-gM3INQ3RIP/oY17YQwg7u7A93bTctVg1pzIyOz+cJ/Y=' 'sha256-LlqoHgLxPrfiN2MxpkG8C989z7x2mHIHTMMTTD/E0OM' 'sha256-9HXDQYYCK6Ux68i7qX/BDffkw+qFTzFKGKsGRMhRYg0=' *.commerce-payment-services.com *.certcapture.com https://cdn1.ebizcharge.net *.cdn-apple.com *.disqus.com *.braintreegateway.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com; img-src data: data: 'self' 'unsafe-inline' assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com https://static.rev-a-shelf.com *.rev-a-shelf.com https://s3.amazonaws.com/ https://www.facebook.com https://ct.pinterest.com https://static.trescolighting.com https://cdn.klarna.com/ https://www.google.co.in/ *.adobedtm.com https://tresco-lighting-layout-images.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com *.aptrinsic.com storage.googleapis.com https://searchserverapi.com https://img.youtube.com/ https://images.salsify.com/ https://searchanise-ef84.kxcdn.com *.youtube.com trescolighting.com *.googletagmanager.com *.google.ca *.google.com.mx s3.us-east-1.amazonaws.com/assets.trescolighting.com/images/lightinglayoutform/catalog-specs-image.png *.amazonaws.com/assets.trescolighting.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://maps.gstatic.com https://maps.googleapis.com; frame-src mailto: 'self' 'unsafe-inline' fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com https://ct.pinterest.com https://s7.addthis.com https://www.chasepaymentechhostedpay-var.com *.facebook.com *.issuu.com https://www.google.com https://www.youtube.com https://youtube.com https://www.ytimg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com https://searchserverapi.com *.googletagmanager.com www.paypalobjects.com app.smartsheet.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com; frame-ancestors 'self' *.certcapture.com google.com https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com; form-action 'self' 'unsafe-inline' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://searchserverapi.com; font-src data: data: 'self' 'unsafe-inline' fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.rev-a-shelf.com *.rev-a-shelf.com https://static.trescolighting.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.cloudflare.com https://searchserverapi.com www.paypalobjects.com https://fonts.googleapis.com; script-src-elem 'self' 'nonce-enh1YnUxMWtlZTZyNWRjcDJxZWszaHZpNW16ajVyNjA=' 'nonce-ZWVidWd1NHlqZTJ5a25nNWJ5dXpya2xlZmk2MGRnb3Q=' 'sha256-pEPkw2gqZHzBkthmOWxqnol8ClG12G199Dw3nT+pDb0=' 'sha256-ABlQ06egcTt9+4rrvQsST7Q7TeAo5iDj0jYlxv+VZPo=' 'sha256-t7HU6t3yHm1Yl/MG0g+0/1/eG/hXpaLYlXkLob0jN+w=' 'sha256-pGChAVRNB6/2sc/FkmpjRh3kMtSBM4abHmVSiKoLHXE=' 'sha256-7k81SbkyyBTFk6YccVLGQElU4x6brDYmpk9Puob3g/8=' 'sha256-ObEaVru4l21dF2oobOPLiz6uR0zenjySeVYH1TVtth4=' 'sha256-/2i5N0FfkYMaQ14EMRwoNtht9CQAlqBAOEy85wFWDV0=' 'sha256-WvcjCAO1NybNRQvogNNsPmZzD1ed5ij+8+ea6IcDzM0=' 'sha256-aUaBdX+Dkc/SsetrUbS41PY1tLi89PFjf9FDEkMr4Wk=' 'sha256-hnsGmuwSHRQPTtyIDFlF0cyx2JzXlMwiMaQHUw7AiR4=' 'sha256-LlqoHgLxPrfiN2MxpkG8C989z7x2mHIHTMMTTD/E0OM=' 'sha256-jOPUuh40bYUkNwdPg9/KVSHKnnvCdU3PPQxRfO/Hw3s=' 'sha256-9HXDQYYCK6Ux68i7qX/BDffkw+qFTzFKGKsGRMhRYg0=' 'sha256-40i/giXk+KGoARzqKG92xgRIEWPqbC9yHT5qga7Wlyo=' 'sha256-KhOr8lNBsfYcRLPRirTZ1tXOi+ZBNlGXZ+QN8/iFTkE=' 'sha256-1ozuCt5fPv779wJQEWXLF2gXag+V1bnu3hmAhDbY0Cg=' 'sha256-J16qEvJfRzusU0DZremppxvWkCWYD4JoqsC4cIJeO6Q=' 'sha256-BJAE1Y5A33mFMprdlxqghbZYnuF/0kSZ92Df4LtzoCw=' 'sha256-d9KgqyS8aTDiVyoh9llE3o6R30o/W3Cidf967elQFfA=' 'sha256-ji9536TfK2EyjaggbOD6Q0V/pUYXFaizqdBRrTk9y/M=' 'sha256-M0fEEBIMnZ4+E2frNPPPp1anmifnbL65XzPzP2SzdR0=' 'sha256-AmfschZEuIg8qaygYvUNUqB/ZEXfhqLldlaFf5dsxrg=' 'sha256-f5g6BkxJ1yWIe/gRp3R+jf8SkUVo9bSekseH2x1cB+k=' 'sha256-XCjHBpaJ2MMTK2D60LwYW7MoiXEyygSUv2OWOfB4GsI=' 'sha256-bnoagQ4sHTFTe9LkTwWgICYn+h7iVhK9tqmp5gQ2wts=' 'sha256-LUEESa896v9DQyxeJ6N4kdA24eAeHXw35AF5ejMdzag=' 'sha256-TUkxntqDKcwfh/oJd3/fRO0Co9jQ2KdZHBU8oyYtxks=' 'sha256-WXUnM8H8wlAa+Bkl8LV8c8FAqzYA2Lm034EouIF0m/Q=' 'sha256-rHufDnCeYVG9tMSYUA3D79sfbgC0AQJghN5jsFZlNE0=' 'sha256-L8Ad3/5p9o8+SNAqIq1T/rmCj0k7NxZDGuFDkh3M76k=' 'sha256-JTvveE01dCdYJoGC7Krj6DHMZg1oXMMdZwLrPDSunjA=' 'sha256-kSZaTLgs02vtrIi+BMzjIeGvT5hsBj/EXemRbXdbOXQ=' 'sha256-acaEWH422KBbXWw9yfor2cT2eZwOq1BXhdsxjIZ8M5o=' 'sha256-GAjmaehDsJH2jDoKMtZaYsCWJI2Ugs8esNnVYk0k3f0=' 'sha256-DKXqMWZ8QmFbTXyYpHblJUN9dVAOD9GRBrWT5mZzvgw=' 'sha256-U7OQEsAhph3g18KQWpEGK3Ku7uXxy6g9XHI4B3pQUdE=' https://script.hotjar.com/ https://static.hotjar.com/ https://www.googletagmanager.com/gtm.js js-agent.newrelic.com/ https://www.google.com/recaptcha/api.js *.paypal.com https://www.paypalobjects.com/webstatic/r/fb/fb-all-prod.pp.min.js https://js-agent.newrelic.com/nr-spa-1.267.0.min.js *.paypalobjects.com https://payments-sdk.live.commerce-payment-services.com *.youtube.com *.braintreegateway.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-sg0Pz1sOREbPa_eGP63Nvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://js.monitor.azure.com https://az416426.vo.msecnd.net https://cdn.devexpress.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdn.devexpress.com; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://dc.services.visualstudio.com https://js.monitor.azure.com; frame-src 'none'; object-src 'none'; media-src 'self'; form-action 'self' http://localhost:* https://localhost:*; base-uri 'self'; 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.authorize.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com *.alothemes.com *.magepow.com *.gstatic.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com *.alothemes.com *.magepow.com *.authorize.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com *.alothemes.com *.magepow.com *.authorize.net *.google-analytics.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';  script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://static.addtoany.com;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://fonts.bunny.net;  img-src 'self' https://wpassets.ncwit.org https://www.google-analytics.com https://secure.gravatar.com data:;  font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://fonts.bunny.net data:;  connect-src 'self' https://analytics.google.com;  frame-src 'self' https://www.youtube.com https://static.addtoany.com https://www.google.com https://academic-alliance-memberships.softr.app https://ncwit-workforce-members.softr.app;  object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://fonts.gstatic.com https://pro.fontawesome.com https://www.tolvnow.com data: *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self' *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com https://d2d7do8qaecbru.cloudfront.net https://google.com https://ls.smct.io https://www.mercadolibre.com https://www.tolvnow.com https://tracker.tolvnow.com connect.facebook.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.io *.pagaleve.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://h.online-metrix.net *.d.aa.online-metrix.net https://p.afilio.com.br https://newimgebit-a.akamaihd.net https://amcglobal.sc.omtrdc.net https://assets.adobedtm.com https://assets.braintreegateway.com https://*.behance.net https://c.bing.com https://b.stats.paypal.com https://c.paypal.com https://checkout.paypal.com https://c.clarity.ms https://o.clarity.ms https://cm.everesttech.net https://connect.facebook.net https://conectiva.io https://*.d.aa.online-metrix.net https://device.clearsale.com.br https://receiver.posclick.dinamize.com https://dpm.demdex.net https://dub.stats.paypal.com https://events.smct.co https://www.facebook.com/privacy_sandbox/ https://www.facebook.com/tr/ https://fpdbs.paypal.com https://fpdbs.sandbox.paypal.com https://*.ftcdn.net *.analytics.google.com https://www.google.com.br https://www.google.com/pagead/ https://ssl.gstatic.com https://googletagmanager.com https://*.mlstatic.com https://*.mercadopago.com https://mercadopago.com.br https://*.mercadopago.com.br https://*.mercadolibre.com https://*.mercadolibre.com.br https://*.mercadolivre.com https://www.paypal.com https://*.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://t.paypal.com https://tracker.tolvnow.com https://p.typekit.net https://validator.swagger.io https://*.vimeocdn.com https://widgets.magentocommerce.com https://i.ytimg.com connect.facebook.net *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.vimeocdn.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://h.online-metrix.net https://h.online-metrix.net/fp/tags.js *.cardinalcommerce.com https://assets.adobedtm.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://api.edrone.me https://api-s.edrone.me https://app.cartstack.com.br https://assets.braintreegateway.com https://bam.nr-data.net https://c.paypal.com https://*.cardinalcommerce.com https://clarity.ms https://www.clarity.ms https://d3bo67muzbfgtl.cloudfront.net https://d2vfa2a1j2oldr.cloudfront.net https://d3vhsxl1pwzf0p.cloudfront.net https://dgk28ckagqims.cloudfront.net https://commerce.adobedtm.com https://commerce.adobe.net https://*.commerce-quick-checkout.com https://connect.facebook.net https://device.clearsale.com.br https://receiver.posclick.dinamize.com https://www.feedrapp.info https://geostag.cardinalcommerce.com https://google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://includestest.ccdc02.com https://js-agent.newrelic.com https://js.braintreegateway.com https://js.smct.io https://magento-recs-sdk.adobe.net https://*.mercadopago.com https://mercadopago.com.br https://*.mercadopago.com.br https://*.mercadolibre.com https://*.mercadolibre.com.br https://*.mercadolivre.com https://*.mlstatic.com https://*.nr-data.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://t.paypal.com https://*.paypal.com https://imgs.ebit.com.br https://*.ebit.com.br https://sdk.mercadopago.com https://secure.afilio.com.br https://smct.co https://*.smct.co https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://s.ytimg.com https://tracker.tolvnow.com https://tracker5.tolvnow.com https://unpkg.com https://use.typekit.net https://*.vimeocdn.com https://v18dxapjmd.execute-api.eu-west-1.amazonaws.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://z.clarity.ms *.conectiva.io conectiva.io *.hotjar.com script.hotjar.com *.tolvnow.com tracker4.tolvnow.com static.trustvox.com.br https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://static.trustvox.com.br connect.facebook.net *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.com.br js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://assets.adobedtm.com https://clarity.ms https://d3bo67muzbfgtl.cloudfront.net https://cdn.dnky.co https://pro.fontawesome.com https://getfirebug.com https://fonts.googleapis.com https://webchat.dotdigital.com https://www.tolvnow.com https://tracker.tolvnow.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'none'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.nr-data.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://assets.adobedtm.com https://amcglobal.sc.omtrdc.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://api.edrone.me https://api-s.edrone.me https://api.mercadopago.com https://api.mercadolibre.com https://api.performa.ai https://assets.braintreegateway.com https://bam.nr-data.net https://c.bing.com https://*.cardinalcommerce.com https://*.clarity.ms https://n.clarity.ms https://o.clarity.ms https://l.clarity.ms https://z.clarity.ms https://d3vhsxl1pwzf0p.cloudfront.net https://d3bo67muzbfgtl.cloudfront.net https://dgk28ckagqims.cloudfront.net https://d2vfa2a1j2oldr.cloudfront.net https://commerce.adobedtm.com https://commerce.adobe.net https://newimgebit-a.akamaihd.net https://*.akamaihd.net https://connect.facebook.net https://www.google.com https://www.google.com/ccm/collect https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.feedrapp.info https://firehose.eu-west-1.amazonaws.com https://geostag.cardinalcommerce.com https://analytics.google.com https://stats.g.doubleclick.net https://includestest.ccdc02.com https://js-agent.newrelic.com https://js.braintreegateway.com https://*.mercadopago.com https://mercadopago.com.br https://*.mercadolibre.com https://*.mercadolivre.com https://*.mlstatic.com https://*.nr-data.net https://www.paypal.com https://www.paypalobjects.com https://receiver.posclick.dinamize.com https://songbird.cardinalcommerce.com https://js.smct.io https://*.smct.co https://tracker.tolvnow.com https://tracker5.tolvnow.com https://unpkg.com https://use.typekit.net https://*.vimeocdn.com wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com https://www.facebook.com https://api.ipify.org https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://static.trustvox.com.br connect.facebook.net https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://commerce.adobedc.net https://n.clarity.ms 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-UcBHP9lTP-hJypRr2eM7mw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
media-src 'self' https://landia-audio-assets.s3.us-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.amplitude.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://widget.trustpilot.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://uptime.betterstack.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://uptime.betterstack.com; connect-src 'self' https://google.com https://www.google.com https://storage.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://region1.analytics.google.com https://pagead2.googlesyndication.com https://analytics.google.com https://stats.g.doubleclick.net https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://www.facebook.com https://api.amplitude.com https://www.myreviews.ai https://uptime.betterstack.com https://landia-audio-assets.s3.us-west-2.amazonaws.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://js.stripe.com/; default-src 'self' 'unsafe-inline'; img-src 'self' data: https://landia-logos.s3.amazonaws.com https://landia-misc.s3-us-west-2.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.cz https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net 1
default-src 'self';     script-src 'self' 'nonce-b6accebcd52794ffeb45150db17ed1ab';     connect-src 'self' https://mc.yandex.ru wss://mc.yandex.ru;     font-src 'self' data:;     img-src 'self' https://mc.yandex.ru data: https:;     child-src blob: https://mc.yandex.ru;     frame-src blob: https://mc.yandex.ru;     frame-ancestors blob: https://mc.yandex.ru; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net *.facebook.com *.facebook.net *.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com https://maps.googleapis.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.mollie.com *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.google.com.mx *.facebook.com *.facebook.net *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.mollie.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net js.usemessages.com *.hsadspixel.net *.hs-analytics.net *.hsforms.com *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.jsdelivr.net cdn.jsdelivr.net us1-config.doofinder.com cdn.doofinder.com *.doofinder.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.hubapi.com *.facebook.com *.facebook.net *.cloudflare.com *.jsdelivr.net cdn.jsdelivr.net *.stripe.network *.stripecdn.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.hubspot.com forms.hscollectedforms.net *.hubapi.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com us1-config.doofinder.com cdn.doofinder.com *.doofinder.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl *.google.co.uk *.doubleclick.net *.bing.com *.bing.net *.runconverge.com *.mailchimp.com static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.doubleclick.net *.googlesyndication.com *.bing.com *.bing.net *.runconverge.com *.svgator.com *.beslist.nl chimpstatic.com *.mailchimp.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.nl *.doubleclick.net *.googlesyndication.com *.bing.com *.bing.net *.runconverge.com *.beslist.nl *.intuit.com *.mailchimp.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VbRIug11tAJvVWbDlu02yQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.facebook.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src https://auth.sdc.dk https://api-proxy-neos.sdc.eu https://azure-sign-p1.sdc.dk data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://*.sdc.dk/ https://*.sdc.eu/ https://api.cludo.com https://bat.bing.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://cloud.lsb.dk https://consent.app.cookieinformation.com https://dc.services.visualstudio.com/ https://policy.app.cookieinformation.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://www.google.com https://www.totalkredit.dk/ 'self'; default-src https://api-shared-proxy.sdc.eu https://bundles.lsb.dk 'self'; font-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://fonts.gstatic.com/ 'self'; frame-src https://auth.sdc.dk https://azure-sign-p1.sdc.dk https://app.leaddoubler.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://td.doubleclick.net https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com/ 'self'; img-src *.siteimproveanalytics.io  data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bat.bing.com https://bundles.lsb.dk https://customer.cludo.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://px.ads.linkedin.com/ https://stm.totalkredit.dk/ https://www.google.com https://www.google.dk https://www.google-analytics.com https://www.google-analytics.dk https://www.googletagmanager.com 'self' www.facebook.com; script-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bat.bing.com https://bundles.lsb.dk https://connect.facebook.net/ https://consent.cookiebot.com/ https://customer.cludo.com https://forms.lsb-kampagne.dk/ https://googleads.g.doubleclick.net https://maps.googleapis.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/ https://s.ytimg.com/ https://s2.adform.net https://s3-eu-west-1.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://track.adform.net https://widget.trustpilot.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.totalkredit.dk/ https://www.youtube.com/ 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://bundles.lsb.dk https://customer.cludo.com https://forms.lsb-kampagne.dk/ https://laanogsparneos.prod.ibn.host/ https://laanogspar-prd.neosbank-envr.com/ https://neosbank-laanogspar-prd.ibn.host/ https://policy.app.cookieinformation.com https://www.totalkredit.dk/ 'self' 'unsafe-inline'; report-uri /api/sdc/security/csp/report; report-to default 1
base-uri 'self'; child-src 'self'; default-src 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; script-src-attr 'self'; script-src-elem 'self'; style-src 'self'; style-src-attr 'self'; style-src-elem 'self' 1
script-src 'self' https://*.obvsg.at 'unsafe-inline' 1
base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbc97f311fa4b760aa9d5cff03790e285&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=production; font-src 'self' fast.fonts.net fonts.gstatic.com *.fontawesome.com d2m21dzi54s7kp.cloudfront.net cdnjs.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2m21dzi54s7kp.cloudfront.net *.googletagmanager.com *.addthis.com *.addthisedge.com *.informz.net *.adroll.com *.snapengage.com *.bugherd.com *.facebook.com *.bootstrapcdn.com cdnjs.cloudflare.com polyfill.io *.moatads.com *.fontawesome.com *.google-analytics.com *.licdn.com *.googleapis.com *.facebook.net; media-src 'self'; object-src 'self' 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://paddlecp.report-uri.com/r/t/csp/wizard 1
font-src https://*.tawk.to https://fonts.gstatic.com https://*.facebook.com https://cdn.tamara.co https://cdn.tamara.co/widget-v2/fonts 'self' data: https://fonts.googleapis.com https://storage.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' https://secure.authorize.net https://test.authorize.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.jp https://*.amazon.it https://*.amazon.fr https://*.amazon.es https://*.amazon.de https://*.yotpo.com https://*.facebook.com https://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.facebook.com https://*.criteo.net https://*.criteo.com https://*.tawk.to https://embed.tawk.to https://*.tabby.ai https://cdn.respond.io https://www.googletagmanager.com checkout.tabby.ai *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.visa.com https://c.clarity.ms https://*.clarity.ms https://cdn.tamara.co https://cdn.tamara.co/widget-v2/assets https://*.tawk.to https://cdn.jsdelivr.net https://*.tawk.link https://*.google.com https://*.google.nl https://*.google.be https://*.google-analytics.com https://*.google.com.pk https://*.google.com.uae https://*.bing.com https://*.facebook.com https://*.gstatic.com https://*.bidswitch.net https://*.adnxs.com https://*.doubleclick.net https://*.krxd.net https://*.criteo.com https://*.aralego.net https://*.bluekai.com https://*.smaato.net https://*.outbrain.com https://*.mediavine.com https://*.rlcdn.com https://*.360yield.com https://*.adingo.jp https://*.dable.io https://*.socdm.com https://*.yahoo.com https://*.taboola.com https://*.yieldmo.com https://*.pubmatic.com https://*.stickyadstv.com https://*.casalemedia.com https://*.3lift.com https://*.smartadserver.com https://*.sharethrough.com https://*.rubiconproject.com https://*.media.net https://*.teads.tv https://*.aralego.com https://www.googletagmanager.com 'self' *.alothemes.com *.magepow.com www.facebook.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://*.tawk.to https://*.cdn.jsdelivr.net https://*.criteo.net https://*.doubleclick.net https://*.bing.com https://*.criteo.com https://*.jsdelivr.net https://*.cloudflareinsights.com https://*.google.be https://*.google-analytics.com https://*.facebook.com https://cdn.tamara.co https://*.click2buy.com https://*.clic2drive.com https://*.clic2buy.com https://widget.driverreviews.com https://widget.staging.driverreviews.com https://analytics.ahrefs.com https://www.clarity.ms https://scripts.clarity.ms https://checkout.tabby.ai https://cdn.respond.io 'unsafe-inline' 'unsafe-eval' *.avada.io *.alothemes.com *.magepow.com *.facebook.net connect.facebook.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://*.tawk.to https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.facebook.com https://checkout.tabby.ai https://cdn.tamara.co 'self' 'unsafe-inline' data: *.fontawesome.com *.alothemes.com *.magepow.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://n.clarity.ms https://v.clarity.ms https://l.clarity.ms https://k.clarity.ms https://*.clarity.ms https://*.tawk.to wss://*.tawk.to https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.google.be https://*.google-analytics.com https://*.facebook.com https://cdn.tamara.co https://widget.driverreviews.com https://widget.staging.driverreviews.com https://app.respond.io https://analytics.ahrefs.com 'self' 'unsafe-inline' https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://l.clarity.ms *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; style-src 'self' 'unsafe-inline' *.liveperson.net *.addressy.com *.freshchat.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleconnerce.com *.liveperson.net *.googletagmanager.com *.facebook.net *.googleapis.com bat.bing.com *.google.com connect.facebook.com *.freshchat.com *.google-analytics.com *.googleadservices.com schwaab.oro-cloud.com *.doubleclick.net *.bootstrapcdn.com *.googlecommerce.com *.addressy.com *.lpsnmedia.net;  font-src 'self' fonts.gstatic.com; report-uri https://www.stampxpress.com/report.aspx 1
base-uri 'self'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://sentry.io https://stats.g.doubleclick.net https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://hello.myfonts.net data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://browser.sentry-cdn.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://hello.myfonts.net 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/5442953/security/?sentry_key=2d010088d19e4231bfaafcd8c84034a0&sentry_release=&sentry_environment=live; upgrade-insecure-requests 1
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'nonce-eecd38c4-bae6-4a4d-9994-9510e2c92e18' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; frame-src 'self' 'nonce-eecd38c4-bae6-4a4d-9994-9510e2c92e18' https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://c.sandbox.paypal.com https://c.paypal.com https://accounts.google.com https://td.doubleclick.net https://api.recurly.com https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com; connect-src 'self' 'nonce-eecd38c4-bae6-4a4d-9994-9510e2c92e18' https://*.analytics.google.com https://bat.bing.com https://api.rollbar.com https://*.ads.linkedin.com https://api.recurly.com https://*.google-analytics.com http://rum-collector-2.pingdom.net https://www-data.neat.com https://www.googleadservices.com https://stats.g.doubleclick.net https://www.facebook.com https://accounts.google.com https://m1.openfpcdn.io https://docs.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://google.com https://analytics.google.com https://bat.bing.net https://cx.neat.com https://edge.fullstory.com https://rs.fullstory.com https://manager.eu.smartlook.cloud https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://pixel-config.reddit.com https://forms.hscollectedforms.net https://api.hubapi.com https://*.quora.com https://googleads.g.doubleclick.net; img-src 'self' 'nonce-eecd38c4-bae6-4a4d-9994-9510e2c92e18' https://*.google-analytics.com https://www.facebook.com https://bat.bing.com https://*.ads.linkedin.com https://seal-dc-easternpa.bbb.org https://*.googletagmanager.com data: https://www-data.neat.com https://ct.capterra.com https://googleads.g.doubleclick.net https://i.ytimg.com https://neat-cms-staging.s3.amazonaws.com https://neat-cms-prod.s3.amazonaws.com https://connect.facebook.net https://www.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://fonts.gstatic.com https://googletagmanager.com https://bat.bing.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.paypal.com https://stats.g.doubleclick.net https://track.hubspot.com https://alb.reddit.com https://forms.hsforms.com https://*.quora.com; object-src 'none'; base-uri 'self'; media-src 'self' data:; report-uri https://www.neat.com/api/csp/report; report-to csp-report-endpoint 1
default-src 'self' https://cdn-4.convertexperiments.com https://logs.convertexperiments.com https://static.hsappstatic.net *.metrics.convertexperiments.com *.wse-abtesting-components.pages.dev https://mktmedia.wallstreetenglish.com https://mktmediadev.wallstreetenglish.com https://no-cdn.convertexperiments.com https://www.googleanalytics.com *.cookiebot.com *.hotjar.io *.reviews.io data: *.amazonaws.com *.cloudflare.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.typekit.net *.hsforms.com *.hs-sites.com *.wsemktapp.com *.reviews.co.uk *.cloudfront.net *.hs-banner.com *.doubleclick.net *.hubspot.com *.hotjar.com *.hubapi.com *.facebook.com *.linkedin.com *.adsymptotic.com *.crwdcntrl.net *.bing.com *.clarity.ms *.cpmktg.com *.mathtag.com *.youtube.com *.slideshare.net *.googletagmanager.com *.fna.fbcdn.net *.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://js.usemessages.com https://cdn-4.convertexperiments.com https://logs.convertexperiments.com *.metrics.convertexperiments.com *.wse-abtesting-components.pages.dev https://no-cdn.convertexperiments.com https://www.googleanalytics.com *.cookiebot.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.hsforms.net *.reviews.io *.hsforms.com js.hscta.com *.wsemktapp.com *.google-analytics.com *.gstatic.com *.cloudfront.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net f.hubspotusercontent20.net *.hotjar.com *.facebook.net www.googleadservices.com snap.licdn.com *.doubleclick.net *.bing.com *.cpmktg.com *.aimage.it:3000 *.clarity.ms *.crwdcntrl.net *.youtube.com *.google.com https://js.storylane.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googletagmanager.com *.cookiebot.com *.typekit.net *.googleapis.com *.reviews.io data: *.wsemktapp.com *.cloudfront.net *.fna.fbcdn.net *.hubspot.com *.cdninstagram.com; object-src 'none'; frame-src 'self' https://app.storylane.io https://js.hsforms.net *.hsforms.com *.hs-sites.com https://consentcdn.cookiebot.com https://widget.reviews.io https://www.googletagmanager.com https://www.google.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.stape.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.staging.flexint.net *.dynamicyield.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.staging.flexint.net *.dynamicyield.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.flexshopper.com *.dynamicyield.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com *.stape.io mcstaging.flex.store *.flexshopper.xyz images.flexshopper.xyz http://images.flexshopper.xyz *.adxcel-ec2.com *.bing.com *.360yield.com *.liadm.com *.media.net *.mediavine.com *.postrelease.com *.criteo.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.tapad.com *.teads.tv *.tremorhub.com *.clmbtech.com *.tpmn.co.kr *.3lift.com *.yieldmo.com *.emxdgt.com *.1rx.io *.bidswitch.net *.adnxs.com *.mediawallahscript.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.agkn.com *.unrulymedia.com *.crwdcntrl.net *.adsrvr.org *.stickyadstv.com *.imrworldwide.com *.lijit.com *.mathtag.com *.bidr.io *.facebook.net *.facebook.com *.dmxleo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.exponea.com *.osano.com acsbapp.com *.livevox.com *.staging.flexint.net *.flexshopper.com *.flexshopper.xyz *.dynamicyield.com *.bloomreach.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io edge.fullstory.com cdn.segment.com api.segment.io *.steelhousemedia.com *.criteo.com *.listrakbi.com *.ipredictive.com *.liadm.com *.bing.com *.facebook.net *.taboola.com *.impactradius-event.com *.pinimg.com *.googleapis.com *.pinterest.com *.maxmind.com device.maxmind.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.flexshopper.com *.listrakbi.com *.dynamicyield.com maxcdn.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.stape.io assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.exponea.com *.osano.com *.acsbapp.com *.livevox.com *.flexshopper.com *.flexshopper.xyz *.dynamicyield.com *.bloomreach.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.stape.io *.fullstory.com cdn.segment.com api.segment.io *.taboola.com *.pinterest.com *.listrakbi.com *.mmapiws.com d-ipv6.mmapiws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wjzN6xVIJ4s4o3-C_6t7-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UVCRUX3HtoEjm0XhHM3Cgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-tZuGXWTVqne_SeC7lsSXlyRdBmCi9Vt9WNrutBb8354m4WC_nzcgOg' 'wasm-unsafe-eval' https://matomo.ecchr.eu https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://*.googleapis.com https://js.hcaptcha.com https://spenden.twingle.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://imgsct.cookiebot.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://www.facebook.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://consentcdn.cookiebot.com https://newassets.hcaptcha.com https://loa.ecchr.eu/ https://loa-staging.ecchr.eu/ https://spenden.twingle.de/; worker-src 'self' blob:; media-src 'self' data:; style-src 'self' 'unsafe-inline' blob: https://*.googleapis.com https://*.gstatic.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com 'report-sample'; connect-src 'self' data: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://matomo.ecchr.eu/ https://newassets.hcaptcha.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com; font-src 'self' data: https://fonts.gstatic.com; report-uri https://www.ecchr.eu/@http-reporting?csp=report&requestTime=1773709224117924&requestHash=f8bd58f44d0bf375695205f9e7204045de65646a 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com fonts.googleapis.com *.googleapis.com data: https://*.typekit.net *.klevu.com *.ksearchnet.com *.cloudflare.com *.fontawesome.com *.salesfire.co.uk *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.salesfire.co.uk *.trustpilot.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com cdn.flbx.io https://*.cloudfront.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.klevu.com *.ksearchnet.com 'self' data: *.onesignal.com onesignal.com *.salesfire.co.uk *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.getflowbox.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.onesignal.com onesignal.com *.salesfire.co.uk *.trustpilot.com *.googletagmanager.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.onesignal.com onesignal.com *.salesfire.co.uk *.typekit.net *.trustpilot.com tagmanager.google.com fonts.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.getflowbox.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.addressy.com *.klevu.com *.ksearchnet.com *.onesignal.com onesignal.com *.salesfire.co.uk *.smartmetrics.co.uk *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://data.milieudefensie.nl https://www.googletagmanager.com https://consent.cookiebot.com https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://js-eu1.hubspot.com https://snap.licdn.com https://siteimproveanalytics.com https://analytics.milieudefensie.nl https://consentcdn.cookiebot.com https://eu-assets.i.posthog.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://data.milieudefensie.nl https://www.googletagmanager.com https://consent.cookiebot.com https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://js-eu1.hubspot.com https://snap.licdn.com https://siteimproveanalytics.com https://analytics.milieudefensie.nl https://consentcdn.cookiebot.com https://eu-assets.i.posthog.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://data.milieudefensie.nl https://www.google.com https://dev.visualwebsiteoptimizer.com https://consentcdn.cookiebot.com https://eu.i.posthog.com https://api-eu1.hubspot.com https://cta-eu1.hubspot.com https://analytics.milieudefensie.nl https://px.ads.linkedin.com; frame-src 'self' https://consentcdn.cookiebot.com https://data.milieudefensie.nl; 1
default-src 'self' https://wog.ch/ https://www.wog.ch/ https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2; base-uri 'self' https://wog.ch/ https://www.wog.ch/; style-src-elem 'self' https://wog.ch/ https://www.wog.ch/ 'unsafe-inline' https://fonts.googleapis.com/; style-src 'self' 'unsafe-inline' https://wog.ch/ https://www.wog.ch/ https://fonts.googleapis.com/; media-src 'self' data: https://wog.ch/ https://wwww.wog.ch/; img-src 'self' https://wog.ch/ https://www.wog.ch/ https://www.games.ch/ https://i.ytimg.com/ data: https://www.paypalobjects.com/ https://t.paypal.com/ https://developer.android.com/ https://files.newsletter2go.com/ https://www.google.com/ https://www.googleadservices.com/ https://adservice.google.com/ https://google.com/ https://www.google.ch https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.econda-monitor.de; script-src-elem 'self' 'unsafe-inline' https://apis.google.com https://wog.ch/ https://www.wog.ch/ https://s.ytimg.com/ https://www.google.com/ https://www.gstatic.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://checkout.postfinance.ch/ https://static.newsletter2go.com/ https://appjs.blickinsbuch.de/ https://www.blickinsbuch.de/ https://*.googletagmanager.com https://www.googleadservices.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://www.econda-monitor.de/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://wog.ch/ https://www.wog.ch/ https://www.paypal.com/ https://www.paypalobjects.com/ https://checkout.postfinance.ch/ https://s.ytimg.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net https://appjs.blickinsbuch.de/ https://www.blickinsbuch.de/gateway/check.php; font-src 'self' https://wog.ch/ https://www.wog.ch/ data: https://fonts.gstatic.com; frame-src 'self' https://accounts.google.com https://wog.ch/ https://www.wog.ch/ https://www.youtube.com/ https://www.google.com/ https://www.googletagmanager.com/ https://myaccount.google.com/ https://maps.google.com/ https://bid.g.doubleclick.net https://td.doubleclick.net https://www.sandbox.paypal.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://wog.games.ch/ https://www.games.ch/ https://www.blickinsbuch.de/ https://www.blickinsbuch.net/ https://checkout.postfinance.ch/; connect-src 'self' data: https://wog.ch/ https://www.wog.ch/ https://code.jquery.com https://checkout.postfinance.ch/ https://www.sandbox.paypal.com/ https://www.paypal.com/ https://api.newsletter2go.com/ https://www.econda-monitor.de/ https://adservice.google.com/ https://www.googleadservices.com/ https://ad.doubleclick.net/ https://www.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; report-uri https://worldofgames.report-uri.com/r/d/csp/reportOnly; report-to default 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com unicons.iconscout.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.tiktok.com *.cookiebot.com *.cookiebot.eu js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.cookiebot.com *.cookiebot.eu d3k81ch9hvuctc.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.cookiebot.com *.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com unicons.iconscout.com static-tracking.klaviyo.com https://static.klaviyo.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.cookiebot.com *.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'nonce-a7417beac876a6c665d2d74fed16f0116b45276e' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'none'; report-uri https://proviso.report-uri.com/r/default/csp/reportOnly 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-2NYd2YBNBKHuMn636DOmug' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' bazaarvoice.com *.bazaarvoice.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com google.com *.google.com gstatic.com *.gstatic.com youtube.com *.youtube.com sparesbox.com.au *.sparesbox.com.au; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=PUvKoAb6u6WudIXuYARfrVwMv.oHPjqog60_zPzqra8-1773711378.3312159-1.0.1.1-jgY23dTh3w9KHl3jkdxowtmvAYWaSN2bkAHQD_P0lDLzZrz6tqRRJ63moDnHE6E14XWbvN2WMa1MJ5YsNzKyj03Uu1.loqjPvgBlzhRf0wTjRLw6IWEz4TCn8y504LDDuOLM.vuS2hlp05GAI3KReoPAJrvM1s4cxRA0S9M_WkV2zOBDrGSa4KScBi3CuQMYz6XB9_c3s0LyM.Y0f4p9.w; report-to cf-wlremlhaianormav 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.tradecentric.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com *.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com *.tradecentric.com *.ariba.com *.nps.k12.nj.us 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com https://static.addtoany.com/ *.certcapture.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com js.mollie.com *.schoolhealth.com *.punchout2go.com *.tradecentric.com *.zoom.us 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com *.certcapture.com *.b0e8.com *.cenpos.net *.cenpos.com https://images.unsplash.com https://www.mollie.com https://*.asknice.ly *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.punchout2go.com *.tradecentric.com *.zoom.us *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.certcapture.com *.b0e8.com *.bc0a.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com https://static.asknice.ly ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.addtoany.com *.chartbeat.com *.punchout2go.com *.tradecentric.com *.unbxdapi.com *.unbxd.com *.unbxd.io data: *.zoom.us *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.certcapture.com *.fontawesome.com https://static.asknice.ly *.bootstrapcdn.com *.punchout2go.com *.tradecentric.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com https://stats.addtoany.com/menu *.googleapis.com *.certcapture.com https://maps.googleapis.com https://player.vimeo.com https://*.asknice.ly *.doubleclick.net *.demdex.net *.punchout2go.com *.tradecentric.com *.zoom.us *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn2.hubspot.net resources.paytrail.com https://log.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com https://assets.pinterest.com bnSQZ2z9YDOGs4NgOKjSdQtzYlkZxVoLxk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.paytrail.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1DOZxs6qtmGGrENxykfSFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; child-src 'self' *.youtube-nocookie.com *.twitter.com *.gstatic.com *.googleapis.com *.googletagmanager.com 3f5l8ze0o4j2m.cloudfront.net *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.google.com www.google.com https://player.vimeo.com https://www.facebook.com https://staticxx.facebook.com; connect-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.facebook.com/tr http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://heatmaps.monsido.com https://stats.g.doubleclick.net/ https://analytics.tiktok.com/ https://px.ads.linkedin.com https://region1.analytics.google.com https://www.google.com https://analytics.google.com a.eu.silktide.com a.us.silktide.com https://js-ap1.hscollectedforms.net https://forms-ap1.hscollectedforms.net; frame-src 'self' https://staticcdn.co.nz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.youtube-nocookie.com *.twitter.com *.gstatic.com *.googleapis.com *.googletagmanager.com 3f5l8ze0o4j2m.cloudfront.net *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.google.com www.google.com https://player.vimeo.com https://www.facebook.com https://staticxx.facebook.com https://optimize.google.com https://tr.snapchat.com https://bid.g.doubleclick.net/ https://td.doubleclick.net; frame-ancestors 'self'; font-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com fonts.gstatic.com fonts.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://use.typekit.net data: 'self'; form-action 'self' *.twitter.com https://www.facebook.com/tr/ https://connect.facebook.com https://tr.snapchat.com/; img-src 'self' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com d3f5l8ze0o4j2m.cloudfront.net *.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://staticcdn.co.nz/embed/close.png https://optimize.google.com https://p.typekit.net https://px.ads.linkedin.com https://bat.bing.com/ https://p.adsymptotic.com/ https://www.google.com/ https://www.google.co.nz/ https://www.google.co.uk/ https://tracking.monsido.com/ https://cdn.monsido.com/ https://www.linkedin.com/ https://dc.ads.linkedin.com/ data: https://www.facebook.com https://www.xn--tepkenga-szb.ac.nz https://px4.ads.linkedin.com https://i.vimeocdn.com https://forms-ap1.hsforms.com https://track-ap1.hubspot.com https://www.google.com.au/; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.staticcdn.co.nz https://use.typekit.net https://cdnjs.cloudflare.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://static.hotjar.com/* d3f5l8ze0o4j2m.cloudfront.net https://connect.facebook.net https://staticcdn.co.nz https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net https://optimize.google.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://46e2fa37ca504ebc8217a70ea9c22c81.js.ubembed.com/ https://sc-static.net/ https://www.nmit.ac.nz/ https://app-script.monsido.com/ https://assets.ubembed.com/ https://vxml4.plavxml.com/ https://heatmaps.monsido.com/ https://cdn.monsido.com/ https://analytics.tiktok.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://tags.tiqcdn.com https://analytics.silktide.com https://snap.licdn.com https://js-ap1.hs-scripts.com https://js-ap1.hscollectedforms.net https://js-ap1.hs-banner.com https://js-ap1.hs-analytics.net; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com fonts.googleapis.com https://optimize.google.com/optimize/editor/css/css.css https://optimize.google.com https://www.nmit.ac.nz/themes/nmit/css/cookieconsent.min.css; 1
object-src 'none';base-uri 'self';script-src 'nonce-G9VLAxv6fJD7T9NWuy-oQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com.tw/api/csp-report; report-to csp-endpoint 1
font-src www.paypalobjects.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com maps.googleapis.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ https://static.placetopay.com/ https://*.googleapis.com/ *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ https://static.placetopay.com/ https://*.googleapis.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.youtube.com/ validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ https://static.placetopay.com/ maps.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co https://* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com/ www.vimeo.com *.vimeocdn.com https://www.youtube.com/ *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.hotjar.io/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://analytics.google.com/ *.google.com *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ *.vimeocdn.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://static.placetopay.com/ maps.googleapis.com https://*.hotjar.com/ https://*.cloudfront.net/ wss://ws.hotjar.com https://*.hotjar.io https://metrics.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ https://static.placetopay.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://metrics.hotjar.io https://*.hotjar.io wss://ws.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.clarity.ms maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UX7K7EaNFMe_VaWPy5nsjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iFolGN4_bXg1ynz2-ejToQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rHrT1hoDinZw2cci0RZI1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Q50Yl4wwshTeI9jLN5am1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WTuAcvivvVsiFr4QCwjwZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1LRZyQZyY-b3IF6fQ5FqrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cdn.userway.org; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.userway.org data: sppagebuilder.com maps.googleapis.com; connect-src 'self' cdn77.api.userway.org api.userway.org maps.googleapis.com; script-src 'self' cdn.userway.org ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self'; script-src-elem 'self' maps.googleapis.com cdn.userway.org 'sha256-N/4d8ewez3Wzx5WmnOwGLZfRBddPWJMlVZKikRqRiQo=' 'sha256-fjHH/hDGedQwWCxjrFtTeJTwaWHkUA4R2FtSczrt+nE=' 'sha256-QMfduvzot+N77aMq4Ad7jDgq8k/X3CPHmCK3Vhh7Abw=' 'sha256-3N2OR1PZdIZ1vFuw3e0TfFqZy9zUOfzV8wTs2Amy7K4='; media-src 'self'; 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri https://logger.ca-central-1.logging.brightspace.com/log/csp/TcJTKjTFNkuDn-Dd4kG-jQAAAZz5VfhN 1
object-src 'none';base-uri 'self';script-src 'nonce-YGclXZLOJRCEbdSFaCf9UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.cdn.adyen.com https://homologation-payment.cdn.payline.com https://payment.cdn.payline.com https://static.addtoany.com https://uberall.com https://unpkg.com https://www.google.com https://www.youtube.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.cdn.adyen.com https://homologation-payment.cdn.payline.com https://payment.cdn.payline.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addressfinder.io *.adsrvr.org *.creativecdn.com gum.criteo.com *.doubleclick.net *.ezy-way.online www.facebook.com *.flowpaper.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net lowes.api.useinsider.com *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net *.ddlnk.net www.feedoptimise.com cdn.feedoptimise.com *.dycdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.addressfinder.io *.bing.com *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online www.facebook.com *.freshchat.com *.google.com.au *.google.co.nz *.googletagmanager.com *.google.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypalobjects.com *.pxf.io *.reddit.com *.statsigapi.net *.stripe.com *.trackedweb.net *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.addressfinder.io https://rum.hlx.page *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com www.feedoptimise.com cdn.feedoptimise.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com https://cdn.searchspring.net/intellisuggest/is.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adsrvr.org *.amazonaws.com *.bing.com *.creativecdn.com *.criteo.com *.ezy-way.online www.facebook.com *.freshchat.com *.freshworksapi.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.redditstatic.com *.searchspring.io *.tiktok.com *.useinsider.com connect.facebook.net graph.facebook.com business.facebook.com https://www.lowes.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.addressfinder.io webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net assets.braintreegateway.com *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online *.facebook.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.google.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypal.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net *.useinsider.com *.vimeo.com *.youtube.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.addressfinder.io *.braintreegateway.com *.creativecdn.com *.dotdigital.com *.doubleclick.net *.ezy-way.online *.facebook.com *.freshchat.com *.google-analytics.com *.googleapis.com *.google.com.au *.googletagmanager.com *.google.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.newrelic.com *.paypal.com *.paypalobjects.com *.pxf.io *.statsigapi.net *.stripe.com *.trackedweb.net *.typekit.net *.vimeo.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.addressfinder.io *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://beacon.searchspring.io/beacon api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.aimtell.io *.creativecdn.com *.criteo.com *.doubleclick.net *.ezy-way.online www.facebook.com *.flowpaper.com *.freshchat.com *.google.com.au *.google.co.nz *.googletagmanager.com *.gstatic.com *.impactcdn.com *.kaspersky-labs.com *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.paypalobjects.com *.pxf.io *.reddit.com *.redditstatic.com *.statsigapi.net *.stripe.com *.typekit.net *.useinsider.com *.youtube.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bing.com *.creativecdn.com *.criteo.net *.ezy-way.online *.google.com *.google.com.au *.lesandpit.org *.lowes-menswear.com.au *.lowes.com.au *.lowesleavers.com.au *.nr-data.net *.searchspring.io self *.tiktok.com *.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fontawesome.com *.googleapis.com google.com unpkg.com *.doubleclick.net *.googletagmanager.com *.facebook.net *.googlesyndication.com analytics.google.com *.chartbeat.com *.google-analytics.com *.adtrafficquality.google; object-src *; img-src * data: blob: about:; frame-src *; font-src * data: blob:; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' audience.artcena.fr cdnjs.cloudflare.com maps.googleapis.com unpkg.com cdn.jsdelivr.net static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com; frame-src 'self' player.vimeo.com cdn.jwplayer.com; font-src 'self' fonts.gstatic.com; connect-src 'self' audience.artcena.fr maps.googleapis.com; report-uri /report-csp-violation 1
default-src https: 'self'; script-src  https: 'unsafe-eval' 'unsafe-inline'; style-src  https: 'unsafe-inline'; img-src  https: data:; font-src  https: data:; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.clarity.ms https://www.paypal.com https://*.paypal.com https://stgstdpay.inicis.com https://stdpay.inicis.com https://t1.daumcdn.net https://*.hotjar.com https://va.vercel-scripts.com https://api.eximbay.com https://api-test.eximbay.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://cdn.bhaptics.com https://s3-us-west-2.amazonaws.com https://www.facebook.com https://user-images.githubusercontent.com https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://*.paypal.com https://*.hotjar.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://o4509007775596544.ingest.us.sentry.io https://*.google-analytics.com https://analytics.google.com https://www.google.com https://*.googletagmanager.com https://*.facebook.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.clarity.ms https://va.vercel-scripts.com https://sdk-apis.bhaptics.com https://auth.bhaptics.com https://api.paymentwall.com https://t1.daumcdn.net https://firebase.googleapis.com https://*.paypal.com https://*.doubleclick.net https://www.googleapis.com https://api.eximbay.com https://api-test.eximbay.com; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://api.paymentwall.com https://mobile.inicis.com https://stdpay.inicis.com https://stgstdpay.inicis.com https://*.paypal.com https://td.doubleclick.net https://api.eximbay.com https://api-test.eximbay.com; media-src 'self' https://cdn.bhaptics.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://mobile.inicis.com https://stdpay.inicis.com https://stgstdpay.inicis.com; report-uri https://o4509007775596544.ingest.us.sentry.io/api/4509173618638848/security/?sentry_key=952dd92219d6db5eefd04c1d2a1d4e59 1
style-src-elem fonts.googleapis.com tags.srv.stackadapt.com *.dibspayment.eu 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com static.klaviyo.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.ingrid.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.mczbf.com *.emjcd.com *.klarna.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://cdn-int.safecharge.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://secure.safecharge.com/ *.googleapis.com *.googleusercontent.com cdn.cookielaw.org *.adzerk.net bat.bing.net s.zkcdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.disqus.com *.avada.io *.shopify.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com  https://magento.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://cdn-int.safecharge.com https://play.google.com *.spinnaker-js.com cdn.cookielaw.org *.googleapis.com *.gstatic.com widget.trustpilot.com static.fbot.me campaign.fbot.me tags.srv.stackadapt.com acsbapp.com bat.bing.com www.clarity.ms scripts.clarity.ms *.ingrid.com js-agent.newrelic.com www.gstatic.com *.klaviyo.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.mczbf.com *.emjcd.com *.klarna.com *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com  https://fonts.googleapis.com *.dibspayment.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com  https://sdkmon.safecharge.com https://ppp-test.safecharge.com https://ppp-test.nuvei.com https://secure.safecharge.com https://play.google.com cdn.cookielaw.org *.onetrust.com *.googleapis.com *.gstatic.com cdn.acsbapp.com tags.srv.stackadapt.com bat.bing.net l.clarity.ms eu-tracks.trackingplan.com *.ingrid.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.mczbf.com *.emjcd.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com https://widget.freshworks.com https://chart.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1
script-src 'nonce-+l9nkM5HOrJHi6YXgyj2Kw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=af93d35f-2654-4cc0-990f-96541bbd0f80; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
object-src 'none';base-uri 'self';script-src 'nonce--AJilnX9YslD3eturqHdrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://media.futebol365.pt https://static.futebol365.pt https://tpc.googlesyndication.com; font-src 'self' https://cdnjs.cloudflare.com; frame-src https://googleads.g.doubleclick.net; connect-src 'self'; 1
default-src                                            'self'                                            'unsafe-inline'                                            https://www.google-analytics.com                                            https://www.googletagmanager.com                                            https://connect.facebook.net;                                        img-src                                            'self'                                            data:;                                        font-src                                            'self'                                            data:;                                        report-uri                                            https://housekihiroba.jp/csp/reporting;                                        report-to                                            csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-6dzHkizAg1feSy0H_6Djuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.facebook.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.cybersource.com https://www.google.com https://www.facebook.com *.doubleclick.net *.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.online-metrix.net *.google.com *.google.co.in *.doubleclick.net *.hsforms.com *.hubspot.com *.googletagmanager.com *.nr-data.net https://trains.walthers.com/hubfs/Ma_yJuhneJoly2o2l-flyer_CONs-1.jpg https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.6/skins/lightgray/img/trans.gif data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.googletagmanager.com *.google.com *.google.co.in *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.doubleclick.net *.loyaltylion.net *.klevu.com https://cdn.equalweb.com http://assets.adobedtm.com https://h64.online-metrix.net *.hsforms.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.loyaltylion.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.walthers.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.google.com *.google-analytics.com *.doubleclick.net *.hubspot.com *.hubapi.com *.hs-banner.com *.walthers.com *.googleapis.com https://cdn.equalweb.com *.loyaltylion.net *.loyaltylion.com https://forms.hscollectedforms.net https://kg668dbov0.execute-api.us-east-1.amazonaws.com *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.lampdirect.nl data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.lampdirect.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.lampdirect.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
default-src 'self' blob: https: data:;script-src 'report-sample' 'self' https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline';connect-src https: wss:;object-src 'none';child-src 'self' blob:;base-uri 'none';frame-ancestors 'self';report-uri https://dot.fordeal.com/api/csp-reports?who=client_customer&app=fordeal;report-to csp-endpoint 1
default-src 'self' litium.revolutionrace.com fbcdn.revolutionrace.com wss://fbcdn.revolutionrace.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.com *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
block-all-mixed-content; default-src 'self'; img-src 'self' blob: data: https:; script-src 'self' 'strict-dynamic' 'unsafe-inline' cdnjs.cloudflare.com js.intercomcdn.com k0r92gxvnwz6.statuspage.io https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net embed.lpcontent.net; font-src 'self' data: https:; connect-src 'self' https: wss://*.intercom.io wss://*.pusher.com wss://*.ably.io wss://*.sessionstack.com; frame-src 'self' https:; media-src 'self' blob: data: https:; object-src 'self' *.amazonaws.com;; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubce2055812be5901b8d66c0f68cdc5bce&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=environment%3Aprod%2Cservice%3Asftptogo; 1
default-src 'self' https://www.rpharms.com https://eu-admin.eventscloud.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://staging-service.rpharms.com https://tracking.crazyegg.com https://cdn.linkedin.oribi.io https://api.usabilla.com https://strapi-uat.rpharms.com https://webchat.dotdigital.com https://www.google.co.uk https://kit.fontawesome.com https://www.facebook.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://geolocation.onetrust.com https://region1.analytics.google.com https://gtm-np33kgp-njqyn.uc.r.appspot.com https://privacyportal-eu.onetrust.com https://r1.trackedweb.net https://script.crazyegg.com https://ka-p.fontawesome.com https://ka-f.fontawesome.com; frame-src 'self' https://forms.office.com/ https://www.google.com/ https://my.matterport.com/ https://webchat.dotdigital.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://cse.google.com https://www.youtube.com/ https://td.doubleclick.net/ https://www.facebook.com/; script-src 'self' https://eu-admin.eventscloud.com https://cdn01.jotfor.ms https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://form.jotform.com https://api.usabilla.com https://partner.googleadservices.com https://webchat.dotdigital.com https://unpkg.com http://cdnjs.cloudflare.com https://player.vimeo.com http://clients1.google.com http://www.google-analytics.com http://cse.google.com http://www.googletagmanager.com http://rum.monitis.com https://cse.google.com https://www.google.com https://www.google-analytics.com https://connect.facebook.net https://cdn.cookielaw.org https://script.crazyegg.com https://snap.licdn.com https://googleads.g.doubleclick.net http://static.trackedweb.net http://w.usabilla.com https://kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://eu-admin.eventscloud.com https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://d6tizftlrpuof.cloudfront.net https://webchat.dotdigital.com http://cdnjs.cloudflare.com http://cdn.rawgit.com https://use.fontawesome.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://eu-admin.eventscloud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net https://use.fontawesome.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com data:; img-src * data:; 1
default-src 'self'; script-src 'self' 'nonce-0sOgg3aNWwU+VqOIi+4YLQ==' 'unsafe-eval' 'sha256-D6qmPappLq44HkTPDqoPNt4xbq6tey0/OMw+ES98kOA=' https://r.turn.com https://www.consumersadvocate.org 'sha256-ybGOhw0ptqEoEtsSRyQ1n39K40RJXTCVhciYX8GfmtE=' 'sha256-6IlTJmwjx2i2kt2GqHBx9SUoyvuuRJac9lLJaaG6gVY=' 'sha256-jilxzDAwoMHnI/sYPunbSF4PSFxa66I2MHS9tIiCrfg=' 'sha256-bPNC2UYZnsqF48WT2uvK3nwpsShkbHpESFH7CN22A2A=' 'sha256-CcAuTXsLFhPG8+bvXGEFTNqwgTP+gOp/1xzrE6+ml84=' 'sha256-2uhomdmXBdGGhi4cZWcrOSYYZE9FsTPOKmMGgHryLvM=' 'sha256-ttY1wyqGZTaUeC1w8cHnVp0l51uQCV36NFWV0wZQf34=' 'sha256-Ec4W03JbrjcKZLKC4NKIhW+WFtweeOtsvFwitQa+bdg=' 'sha256-QWVHgV7/NKVvW7NOTevf+CXpSCEf1BLqRrpOWxiNejE=' 'sha256-tQP6EDVF7j88gqhwx5PUtZaSLhLp+h/WaljmRHsVfeE=' 'sha256-VGFSrUo2w2StxJIf4omo6zNORYnJAhvpYN+/lAIyvWI=' 'sha256-QMBL/+k2zFo1vUBu90Mzzc7kIy1hGJt8iqrldTBeLGI=' 'sha256-G9MqehnTpAR+N1ZmC08TBi1mgxGhFZ652b8fxLeDgI8=' 'sha256-VSteLxW5hBO4uuaVuud54qESHNhWrnExM9YdV672YEc=' https://static.cloudflareinsights.com https://widget.trustpilot.com https://www.fullstory.com https://bat.bing.com https://bat.bing.net https://cdn.optimizely.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ct.pinterest.com https://fullstory.com https://edge.fullstory.com https://googleads.g.doubleclick.net https://invitejs.trustpilot.com https://js.adsrvr.org https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://maps.googleapis.com https://rum-static.pingdom.net https://s.pinimg.com https://s.swiftypecdn.com https://siteintercept.qualtrics.com https://va.v.liveperson.net https://widget.trustpilot.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zn6x5e1z85ygpkxoy-aaalife.siteintercept.qualtrics.com/SIE/ 'sha256-ELKW0GB2Mmq5yuDRmJbOq4g0NT4en07oEJbN3NexMDs='; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://s.swiftypecdn.com https://www.gstatic.com https://www.googletagmanager.com; object-src 'self'; base-uri 'self'; connect-src 'self' ws://localhost:8443 https://tstapipub.aaalife.com https://cdnjs.cloudflare.com https://accdn.lpsnmedia.net https://ad.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com https://analytics.google.com https://rum.optimizely.com https://www.google-analytics.com https://bat.bing.com https://bat.bing.net https://ct.pinterest.com https://widget.trustpilot.com https://demo-1.conversionsapigateway.com https://edge.fullstory.com https://globalip.melissadata.net https://insight.adsrvr.org https://ip-tracker.aaalife.com https://logx.optimizely.com https://maps.googleapis.com https://mpc-prod-16-s6uit34pua-uk.a.run.app https://rs.fullstory.com https://rum-collector-2.pingdom.net https://s.swiftypecdn.com https://search-api.swiftype.com https://siteintercept.qualtrics.com https://va.idp.liveperson.net https://www.google.com https://www.googletagmanager.com wss://va.msg.liveperson.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://13230076.fls.doubleclick.net https://8882006.fls.doubleclick.net https://a17908878585.cdn.optimizely.com https://aaalife.qualtrics.com https://ct.pinterest.com https://insight.adsrvr.org https://lpcdn.lpsnmedia.net https://widget.trustpilot.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://r.turn.com https://www.trcknow.com https://www.aaalife.com https://fonts.gstatic.com https://connect.facebook.net https://www.gstatic.com https://ct.pinterest.com https://www.shmktpl.com https://res.cloudinary.com https://www.quotelab.com https://insuranceclicks.com https://bat.bing.com https://bat.bing.net https://ad.doubleclick.net https://cc.swiftype.com https://iad1.qualtrics.com https://insight.adsrvr.org https://insurance.mediaalpha.com https://rtb-test.excelimpact.com https://lpcdn.lpsnmedia.net https://maps.gstatic.com https://seal.entrust.net https://siteintercept.qualtrics.com https://www.facebook.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://lpcdn.lpsnmedia.net; report-uri https://693842702d86e2a87d18b27c.endpoint.csper.io?builder=true&v=4; frame-ancestors 'self' https://aaalife.com https://www.aaalife.com https://loyalty.aaalife.com https://directterm.aaalife.com https://submityourclaims.aaalife.com;worker-src 'self';upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; img-src blob: data: *; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-dXfaic2s+hUb7ayOXrj29w=='; frame-ancestors 'none'; object-src 'none'; font-src 'self' data:; worker-src 'none'; style-src 'unsafe-inline' *; media-src *; base-uri 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://analytics.tiktok.com https://bat.bing.com https://secure.ewaypayments.com https://*.ewaypayments.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.honeybot.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://www.tiktok.com https://bat.bing.com https://*.ewaypayments.com https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://*.hcaptcha.com https://*.honeybot.ai; media-src 'self' https://www.youtube.com https://*.ytimg.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://www.tiktok.com https://*.ewaypayments.com https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.honeybot.ai; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://analytics.tiktok.com https://www.tiktok.com https://bat.bing.com https://*.ewaypayments.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.honeybot.ai; object-src 'none'; base-uri 'self'; form-action 'self' https://*.ewaypayments.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cwi.shell.451.io/ https://cwi2.shell.451.io/ https://embed-forms.451.io/ https://js.hubspot.com/ https://maps.googleapis.com/ https://25livepub.collegenet.com/ https://ai.ocelotbot.com/ https://ajax.googleapis.com/ajax/libs/ https://analytics.tiktok.com/ https://analytics.tiktok.com/i18n/pixel/events.js https://api3.libcal.com/ https://cdn.jsdelivr.net/npm/ https://cdn.jsdelivr.net/gh/snowplow/ https://cdnjs.cloudflare.com/ajax/libs/ https://collector-16905.us.tvsquared.com/tv2track.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://cwi.edu/ https://cwidaho.libanswers.com/ https://embed.financialaidtv.com/ https://embed.ocelotbot.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://googleads.g.doubleclick.net/pagead/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://h5p.org/ https://imageserver.ebscohost.com/ https://js-agent.newrelic.com/ https://js.hs-analytics.net/analytics/1692888000000/21023521.js https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/21023521.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.hscta.net/cta/ https://cta-service-cms2.hubspot.com/ https://lgapi.libapps.com/ https://live.cwid7.lndo.site/ https://us2.siteimprove.com/ https://*.clarity.ms/ https://wufoo.com/scripts/embed/form.js https://www.google-analytics.com/ https://www.google.com/jsapi/ https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://translate.google.com/ https://translate.googleapis.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://unpkg.com/ https://*.googlesyndication.com/ https://app.vwo.com/ https://static.kuula.io/ https://use.typekit.net/ https://js.stripe.com/ https://snap.licdn.com/ https://c.lytics.io/ https://static.ads-twitter.com/ https://secure.qgiv.com/ https://bat.bing.com/ https://search.cwi.edu/ https://browsersync.cwidaho.ddev.site/ https://translate-pa.googleapis.com/ https://cdn.gtranslate.net/; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://cwi.edu https://ai.ocelotbot.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.typekit.net https://www.gstatic.com https://app.vwo.com https://c.lytics.io https://search.cwi.edu/ https://api.lytics.io/; img-src https: data:; media-src 'self' data:; frame-src 'self' https://cwi.messenger.451.io https://cwi.discoveredu.ai https://cwi2.messenger.451.io https://ctl.h5p.com https://*.hsforms.com https://embed-forms.451.io https://cwi.maps.arcgis.com https://cwi.wufoo.com https://cwilibrary.wufoo.com https://cwidaho.libanswers.com https://docs.google.com https://e.issuu.com https://embed.ocelotbot.com https://maps.google.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.youtube.com https://yoshki.com https://*.doubleclick.net https://25livepub.collegenet.com https://*.googlesyndication.com https://www.googletagmanager.com https://creatorapp.zohopublic.com https://creator.zohopublic.com https://app.vwo.com https://kuula.co/ https://cwidaho.viewin360.co/ https://js.stripe.com/ https://cwi.bolt-discovery.451.io/ https://cwi2.bolt-discovery.451.io/ https://c.lytics.io/ https://secure.qgiv.com/; worker-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.typekit.net; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.451.io/ https://*.hsforms.com https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://25livepub.collegenet.com https://ai.ocelotbot.com https://analytics.tiktok.com https://api3.libcal.com https://bam.nr-data.net https://*.siteimprove.com https://forms.hscollectedforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://live.cwid7.lndo.site https://*.clarity.ms https://*.doubleclick.net https://use.typekit.net https://pubsub.googleapis.com https://translate.googleapis.com/ https://www.facebook.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://*.googlesyndication.com https://maps.googleapis.com https://*.visualwebsiteoptimizer.com/ https://px.ads.linkedin.com/ https://search.cwi.edu/ https://bat.bing.com/; report-uri https://64dcbe2ca068cd9821c1af0b.endpoint.csper.io?v=41; base-uri 'self'; manifest-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-LtyR9MqhBLIoOH0xpjHpoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://unpkg.com https://cdn.jsdelivr.net https://code.jquery.com https://*.clarity.ms https://*.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob: https://i.ytimg.com https://images.unsplash.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.com.ua https://www.google.co.in https://www.google.de https://www.google.pl https://www.google.kz https://www.google.ru https://www.facebook.com https://*.apple.com https://*.cdn-apple.com https://www.googletagmanager.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://*.clarity.ms https://*.bing.com https://westelecom.ua https://speed.westelecom.ua https://chat.westelecom.ua https://colocation.westelecom.ua; connect-src 'self' wss: ws: https://unpkg.com https://10.255.202.43 https://freeipapi.com https://ip-api.com https://analytics.google.com https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.google.com.ua https://connect.facebook.net https://www.facebook.com https://*.clarity.ms https://*.bing.com https://chat.westelecom.ua https://crm.westele.com.ua https://my.westele.com.ua; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://www.openstreetmap.org https://speed.westelecom.ua https://www.facebook.com https://connect.facebook.net; object-src 'none'; base-uri 'self'; form-action 'self' https://crm.westele.com.ua https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self'; report-uri /csp-report/legacy; report-to csp-violations; upgrade-insecure-requests 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-zOR7qM8BKl0-R-sdiV4VMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com bid.g.doubleclick.net www.google.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com magefan.com cm.magefan.com https://www.mollie.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.mollie.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hscta.net js-eu1.hscta.net js.hs-analytics.net static.hsappstatic.net track.hubspot.com no-cache.hubspot.com *.hubspot.com *.hs-sites.com *.hs-scripts.com forms.hsforms.com forms.hsforms.net cdn2.hubspot.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net connect.facebook.net snap.licdn.com bat.bing.com 'strict-dynamic' 'nonce-FOGoQugll/vHRqYZw/SKNw==' 1
object-src 'none';base-uri 'self';script-src 'nonce-_F9j-ytm6raEWartZqC51w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.googleapis.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com www.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-FC1I8qz7C7p5v_mrwog6uw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 1
default-src data: blob: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none';worker-src 'self' https://dev.visualwebsiteoptimizer.com/ blob: data:;  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tiktok.com https://connect.facebook.net/ https://ct.pinterest.com https://js-agent.newrelic.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsforms.net https://*.hsleadflows.net https://*.hubspot.com https://*.usemessages.com https://static.getclicky.com https://www.googletagmanager.com https://in.getclicky.com https://*.pinimg.com https://bat.bing.com https://*.getsitecontrol.com https://www.youtube.com https://*.hsappstatic.net https://maps.googleapis.com https://*.hu-manity.co https://www.google.com https://*.google.com https://*.nagich.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s.pinimg.com https://bat.bing.com https://*.getsitecontrol.com https://www.youtube.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://*.tiktok.com https://bam.nr-data.net https://*.hsforms.com https://*.pinterest.com https://*.hubspot.com https://*.hubapi.com https://stats.g.doubleclick.net https://maps.googleapis.com https://*.hu-manity.co https://www.google.com https://*.nagich.com; font-src 'self' data: https://*.alicdn.com https://fonts.gstatic.com https://www.denvercenter.org; frame-src 'self' https://www.facebook.com https://www.googletagmanager.com https://*.doubleclick.net https://ct.pinterest.com https://www.youtube.com https://www.google.com https://www.jotform.com https://*.nagich.com https://*.hubspot.com; img-src 'self' data: blob: https://*.hsforms.com https://*.tiktok.com https://track.hubspot.com https://www.facebook.com https://*.gravatar.com https://*.google.com https://bat.bing.com https://*.doubleclick.net https://*.hsappstatic.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.byhttps://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
script-src-attr https://cdn.evgnet.com https://*.googleapis.com https://tag.rmp.rakuten.com/ https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://s.pinimg.com/ https://tags.creativecdn.com/ https://analytics.tiktok.com/ https://www.clarity.ms/ https://connect.facebook.net/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline'; script-src-elem https://cdn.evgnet.com https://*.googleapis.com https://tag.rmp.rakuten.com/ https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://s.pinimg.com/ https://tags.creativecdn.com/ https://analytics.tiktok.com/ https://www.clarity.ms/ https://connect.facebook.net/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://stackpath.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app www.google.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.googleapis.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.tagalys.com https://sdk.giftflick.com.au/ https://cdn.giftflick.com.au/ https://gf-cdn.s3-ap-southeast-2.amazonaws.com/ *.clarity.ms *.google.com https://c.bing.com/ *.facebook.com https://www.google.com.au/ https://ad.doubleclick.net/ https://*.rubiconproject.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://api.addressfinder.io https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.convertexperiments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://cdnjs.cloudflare.com https://d3htxdwqp62ai4.cloudfront.net http://d2r9py2hfy5mgp.cloudfront.net http://d3fzz8zsf83ont.cloudfront.net https://storage.googleapis.com https://player.vimeo.com/ https://www.giftflick.com.au/ https://sdk.giftflick.com.au/ *.creativecdn.com https://s.pinimg.com/ *.pinterest.com *.clarity.ms https://dusk-455267821617990643-help.freshchat.com/ https://analytics.tiktok.com/ https://connect.facebook.net/ *.wisernotify.com t.cfjump.com *.dusk.com.au *.attn.tv https://cdn.jsdelivr.net/npm/@growthbook/ https://tag.rmp.rakuten.com/ https://cdn.evgnet.com https://*.googleapis.com https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://tags.creativecdn.com/ https://www.clarity.ms/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com https://cdnjs.cloudflare.com https://tagalys-assets.s3-ap-southeast-1.amazonaws.com https://d3htxdwqp62ai4.cloudfront.net https://stackpath.bootstrapcdn.com https://sdk.giftflick.com.au/ https://dusk-455267821617990643-help.freshchat.com/ *.wisernotify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://player.vimeo.com/ https://cdn.giftflick.com.au/ https://videos-demo.giftflick.com.au/ https://download-video.akamaized.net/ https://*.vimeocdn.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.convertexperiments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://api-r1.tagalys.com https://api-r2.tagalys.com https://api-r3.tagalys.com https://api-r4.tagalys.com https://staging-api-r2.tagalys.com http://tagalys-api.docker:3000 https://www.giftflick.com.au/ https://api-demo.giftflick.com.au/ https://api.giftflick.com.au/ *.creativecdn.com *.pinterest.com *.clarity.ms https://analytics.tiktok.com/ *.wisermapp.com *.azurewebsites.net *.doubleclick.net *.attn.tv https://cdn.growthbook.io/ https://*.evergage.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://images.ctfassets.net; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; frame-ancestors 'self' 1
worker-src blob: *.pinterest.com *.facebook.com *.google.com *.google.com.hk *.bing.com *.stripe.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.pinterest.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.googleapis.com *.bing.com *.googleadservices.com *.google-analytics.com *.pinterest.com *.googletagmanager.com *.webgains.io *.doubleclick.net *.stripe.com *.cookiebot.com www.awin1.com *.facebook.com *.twitter.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net *.pinterest.com *.adobedtm.com www.google.co.uk www.awin1.com blob: *.stripe.com *.facebook.com *.google.com.hk *.bing.com cdn.trustpilot.net *.cookiebot.com *.shareasale.com *.sc-static.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.addthisedge.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.ads-twitter.com *.bing.com *.pinimg.com *.googleadservices.com *.google-analytics.com *.pinterest.com *.googletagmanager.com *.webgains.io *.facebook.com td.doubleclick.net *.stripe.com *.cookiebot.com *.adobedtm.com *.snapchat.com *.sc-static.net www.dwin1.com www.google.co.uk www.awin1.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com s7.addthis.com *.facebook.net *.twitter.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.pinterest.com downloads.mailchimp.com *.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.pinterest.com *.facebook.com *.google.com.hk *.bing.com *.stripe.com *.cookiebot.com *.doubleclick.net *.snapchat.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com ekr.zdassets.com/ klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com upstream.heidipay.com sbx-upstream.heidipay.io *.klarnacdn.net *.fontawesome.com https://applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.vieffetrade.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com storage.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.vieffetrade.com *.livechatinc.com *.doofinder.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com upstream.heidipay.com sbx-upstream.heidipay.io *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.vieffetrade.com 'unsafe-inline' data: widget.trustpilot.com cdn.iubenda.com cs.iubenda.com cdn.jsdelivr.net *.livechatinc.com *.payplug.com *.hotjar.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com *.vieffetrade.com *.livechatinc.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com upstream.heidipay.com sbx-upstream.heidipay.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.link.com *.amazon.com *.vieffetrade.com idb.iubenda.com widget.trustpilot.com *.livechatinc.com *.doofinder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src self https://www.google.com https://www.gstatic.com; style-src 'self';frame-src self https://www.google.com https://www.gstatic.com;frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-X_w9eABAeEq5HVjIbAO7Vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com www.amac.nl *.amac.nl a-mac.nl www.amac-pro.nl *.aidencloud.eu *.youweagency.dev *.youweplatform.com apps-amac.bookerz.nl script.hotjar.com *.klarnacdn.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.paypal.com *.sandbox.paypal.com *.pilot-payflowlink.paypal.com *.adyen.com *.pay.google.com *.payments.amazon.com *.payments-eu.amazon.com *.rsa3d.com 'self' 'unsafe-inline'; frame-ancestors app.contenzi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * app.aiden.cx *.aiden.cx *.adyen.com *.adyenpayments.com abc.amac.nl apps-amac.bookerz.nl contact.robinhq.com tr.snapchat.com td.doubleclick.net 6615279.fls.doubleclick.net www.facebook.com *.rsa3d.com *.securesuite.co.uk *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * https://static.buckaroo.nl *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.amac.nl *.amac.nl a-mac.nl www.amac-pro.nl *.aidencloud.eu *.youweagency.dev *.youweplatform.com dev.visualwebsiteoptimizer.com px.ads.linkedin.com tr.snapchat.com t.squeezely.tech www.facebook.com ad.doubleclick.net adservice.google.com www.google.nl abc.amac.nl region1.analytics.google.com robincontentdesktop.blob.core.windows.net ade.googlesyndication.com www.linkedin.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.disqus.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com app.aiden.cx *.aiden.cx https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.googletagmanager.com tagmanager.google.com www.amac.nl *.amac.nl *.aidencloud.eu *.youweagency.dev *.youweplatform.com code.jquery.com static.cloudflareinsights.com apps-amac.bookerz.nl widget.trustpilot.com invitejs.trustpilot.com www.dwin1.com snap.licdn.com sc-static.net static.hotjar.com squeezely.tech script.hotjar.com dev.visualwebsiteoptimizer.com tr.snapchat.com robincontentdesktop.blob.core.windows.net connect.facebook.net az416426.vo.msecnd.net analytics.tiktok.com ajax.cloudflare.com cdnjs.cloudflare.com selfservice.robinhq.com www.googleoptimize.com bat.bing.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.trustpilot.com a11328.ctz-content.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl tagmanager.google.com fonts.google.com www.amac.nl *.amac.nl *.aidencloud.eu *.youweagency.dev *.youweplatform.com apps-amac.bookerz.nl code.jquery.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amac.nl *.aidencloud.eu a-mac.nl www.amac-pro.nl *.youweagency.dev *.youweplatform.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * app.aiden.cx *.aiden.cx https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com dev.visualwebsiteoptimizer.com www.amac.nl px.ads.linkedin.com abc.amac.nl googleads.g.doubleclick.net dc.services.visualstudio.com tr6.snapchat.com tr.snapchat.com analytics.tiktok.com www.facebook.com pagead2.googlesyndication.com bat.bing.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com a11328.ctz-content.com 'self' 'unsafe-inline'; child-src app.aiden.cx *.aiden.cx http: https: blob: 'self' 'unsafe-inline'; default-src www.amac.nl *.amac.nl *.aidencloud.eu *.youweagency.dev *.youweplatform.com tr6.snapchat.com tr.snapchat.com commerce.adobedc.net googleads.g.doubleclick.net analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://404d70f5-70c9-40a8-824b-f381e27a4eeb.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.cloudinary.com https://staticw2.yotpo.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com cloudinary.com *.cloudinary.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.vimeo.com *.livechatinc.com https://cloudinary.com shell.davidsonsinc.com https://www.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com cloudinary.com *.cloudinary.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.cloudflare.com https://p.yotpo.com https://cdn-yotpo-images-production.yotpo.com *.facebook.com *.pinterest.com *.google.com https://bat.bing.com https://cdn.livechat-files.com https://online.flippingbook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com unpkg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com https://assets.pinterest.com https://ct.pinterest.com https://staticw2.yotpo.com https://static.hotjar.com https://connect.facebook.net https://static-tracking.klaviyo.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://s.pinimg.com https://bat.bing.com https://r2-t.trackedlink.net https://script.hotjar.com https://cdn.livechatinc.com https://api.livechatinc.com https://davcc.disqus.com https://vc.hotjar.io/ https://in.hotjar.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cloudinary.com *.cloudinary.com *.googleapis.com unpkg.com unsafe-inline assets.braintreegateway.com https://staticw2.yotpo.com https://static.klaviyo.com https://fonts.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com cloudinary.com *.cloudinary.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://staticw2.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://telemetrics.klaviyo.com https://bam.nr-data.net https://bam-cell.nr-data.net https://stats.g.doubleclick.net https://ct.pinterest.com https://api.livechatinc.com *.hotjar.com *.hotjar.io *.google-analytics.com https://fbo-b.flippingbook.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.davidsonsinc.com; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.cloudfront.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.auryc.com *.klaviyo.com use.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.awin1.com *.zenaps.com *.fls.doubleclick.net *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.auryc.com *.klaviyo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cenpos.net *.cenpos.com *.trackedlink.net *.dycdn.net https://images.unsplash.com *.facebook.com magefan.com cm.magefan.com media.sezzle.com *.clarity.ms *.pontiac.media *.adnxs.com *.adelixir.com *.smartrecognition.com *.b1img.com *.bing.com *.bidr.io *.adsrvr.org *.equally.ai pix.pontiac.media *.prod.bidr.io shareasale.com *.yotpo.com swellrewards.com *.swellrewards.com *.reddit.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net shop.pe *.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com https://maps.googleapis.com s7.addthis.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.unbxd.io *.unbxdapi.com *.clarity.ms *.gorgias.chat *.adelixir.com *.attn.tv *.equally.ai *.adsrvr.org *.b1js.com *.bing.com *.b1img.com *.aidemsrv.com *.adnxs.com *.auryc.com *.facebook.com *.convertexperiments.com secure.adnxs.com stream.aidemsrv.com *.yotpo.com swellrewards.com *.swellrewards.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://www.dwin1.com https://cdn-4.convertexperiments.com https://libraries.unbxdapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cloudfront.net *.addshoppers.com assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net maxcdn.bootstrapcdn.com fonts.cdnfonts.com *.unbxd.io *.unbxdapi.com *.equally.ai *.yotpo.com swellrewards.com *.swellrewards.com tagmanager.google.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://maps.googleapis.com https://player.vimeo.com ekr.zdassets.com/ gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.unbxd.io *.unbxdapi.com *.clarity.ms *.attentivemobile.com *.attn.tv *.equally.ai *.gorgias.chat *.adsrvr.org *.aidemsrv.com *.facebook.com *.adnxs.com *.bing.com *.auryc.com stream.aidemsrv.com *.yotpo.com swellrewards.com *.swellrewards.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com data: *.facebook.com *.onetrust.com *.cookielaw.org *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com data: *.addthis.com *.tagembed.com *.flipsnack.com *.facebook.com bt.signifyd.com:11103 *.walls.io *.onetrust.com *.cookielaw.org *.equalada-api.herokuapp.com *.herokuapp.com *.doubleclick.net landofcoder.com maps.googleapis.com chart.googleapis.com *.googletagmanager.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.cardinalcommerce.com *.facebook.com *.google.com www.google.co.in mcusercontent.com *.onetrust.com *.cookielaw.org *.clarity.ms *.googletagmanager.com c.bing.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com data: *.cardinalcommerce.com *.facebook.net *.zassets.com static.zdassets.com walls.io *.g.doubleclick.net *.moatads.com *.addthisedge.com *.addthis.com *.tagembed.com *.ccdc02.com chimpstatic.com *.authorize.net mc.us5.list-manage.com *.mailchimp.com *.zopim.com *.onetrust.com *.cookielaw.org *.hotjar.com *.smartlook.com *.clarity.ms *.googletagmanager.com landofcoder.com maps.googleapis.com chart.googleapis.com *.disqus.com tagmanager.google.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: *.mailchimp.com *.onetrust.com *.cookielaw.org *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com *.onetrust.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com data: wss: *.zendesk.com *.zopim.com widget-mediator.zopim.com stats.g.doubleclick.net bam-cell.nr-data.net *.authorize.net bt.signifyd.com:11103 *.onetrust.com *.cookielaw.org bam.nr-data.net analytics.google.com vc.hotjar.io *.clarity.ms *.demdex.net *.cardinalcommerce.com manager.eu.smartlook.cloud landofcoder.com maps.googleapis.com chart.googleapis.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3hGrHcH46Y25OanOgiin2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' www.google-analytics.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; frame-src 'self' platform.twitter.com syndication.twitter.com www.google.com; img-src 'self' data: w3.org/svg/2000 google-analytics.com syndication.twitter.com www.googletagmanager.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' ajax.googleapis.com code.jquery.com connect.facebook.net platform.twitter.com  www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; worker-src 'none'; default-src 'self' 'report-sample'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.google.com https://fonts.bunny.net 'self' data: www.dufrio.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com www.dufrio.com.br 'self' 'unsafe-inline'; frame-ancestors www.dufrio.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.mercadopago.com *.mercadolibre.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io www.dufrio.com.br *.voxus.tv *.btg360.com.br *.criteo.net *.awin1.com *.zenaps.com td.doubleclick.net *.yandex.ru *.orpen.com.br *.mainadv.com *.datalivemarketing.com.br www.googletagmanager.com localhost:8080 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://images.unsplash.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.google-analytics.com ssl.gstatic.com www.gstatic.com *.ebit.com.br *.ebitempresa.com.br *.mercadopago.com *.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com cdn.mundipagg.com api.pagar.me *.caravelx.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: www.dufrio.com.br *.dufrio.com.br s3.amazonaws.com newimgebit-a.akamaihd.net *.bing.com *.google.com.br *.adnxs.com *.mercadopago.com.br *.btg360.com.br *.criteo.com *.mediavine.com *.bluekai.com *.adgrx.com *.casalemedia.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.media.net *.doubleclick.net *.bidswitch.net *.emxdgt.com *.yieldmo.com *.clmbtech.com *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.outbrain.com *.pubmatic.com *.revcontent.com *.tremorhub.com *.awin1.com *.zenaps.com *.yahoo.net *.postrelease.com *.aralego.com *.aralego.net *.dmxleo.com *.clearsale.com.br *.yandex.ru *.clarity.ms *.microsoftonline.com *.caravel.store *.orpen.com.br *.unrulymedia.com *.live.sma.ia.br *.agkn.com sync.1rx.io dufrio-my.sharepoint.com *.syndigo.cloud *.syndigo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com tagmanager.google.com *.ebit.com.br *.mercadopago.com *.mlstatic.com 3ds2.pagar.me 3ds2-sdx.pagar.me connect.facebook.net js.huggy.chat *.avada.io *.hsforms.net *.hsforms.com www.dufrio.com.br self s3.amazonaws.com *.voxus.com.br *.bing.com *.btg360.com.br *.adcart.com.br *.dwin1.com *.afilio.com.br *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.clearsale.com.br *.cloudflareinsights.com *.k-analytix.com *.yandex.ru unsafe-inline *.dufrio.com.br *.cloudfront.net *.orpen.com.br *.tiktok.com *.datalivemarketing.com.br *.syndigo.com *.posclick.dinamize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com fonts.google.com *.ebit.com.br *.mercadopago.com *.google.com webfonts.huggy.cloud https://fonts.bunny.net *.gstatic.com www.dufrio.com.br s3.amazonaws.com *.orpen.com.br 'self' 'unsafe-inline'; object-src www.dufrio.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dufrio.com.br *.syndigo.com 'self' 'unsafe-inline'; manifest-src www.dufrio.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.analytics.google.com *.googletagmanager.com https://hits-banner-cloud-function.azurewebsites.net *.mercadopago.com maps.googleapis.com *.mercadolibre.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com wss://ct-socket.huggy.app widget.huggy.io https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com www.dufrio.com.br *.reclameaqui.com.br *.voxus.tv *.voxus.com.br *.loggly.com *.ipify.org *.google.com.br *.criteo.com *.bing.com *.us-east-2.on.aws *.sciencebehindecommerce.com *.wepowerconnections.com *.akamaihd.net *.konduto.com *.mailbiz.one *.cloudfront.net *.tiktok.com *.pangle-ads.com *.yandex.ru *.tiktokw.us *.datalivemarketing.com.br wss://mc.yandex.ru/solid.ws wss://socket.live.sma.ia.br/ws wss://socket.live.sma.ia.br/ws/ *.syndigo.com 'self' 'unsafe-inline'; child-src www.dufrio.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.dufrio.com.br *.google.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dufrio.com.br 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-gFHQ8U9iaNm94A-bWmBQMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.clarity.ms; form-action 'self'; frame-ancestors 'none'; frame-src *.youtube.com secure.luton.gov.uk assets.nhs.uk https://*.one.network https://www.googletagmanager.com *.hotjar.com *.hotjar.io; font-src 'self' data: fonts.gstatic.com *.hotjar.com *.hotjar.io www.googletagmanager.com emea3.recruitmentplatform.com; img-src 'self' data: www.luton.gov.uk secure.luton.gov.uk www.googletagmanager.com www.cqc.org.uk www.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.clarity.ms https://c.bing.com https://translate.google.com emea3.recruitmentplatform.com https://static.lumessetalentlink.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cc.cdn.civiccomputing.com code.jquery.com portal.v7.roadworks.org www.googletagmanager.com www.google-analytics.com www.cqc.org.uk *.hotjar.com *.hotjar.io https://*.clarity.ms https://c.bing.com https://connect.facebook.net emea3.recruitmentplatform.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com www.cqc.org.uk emea3.recruitmentplatform.com; connect-src 'self' apikeys.civiccomputing.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.clarity.ms emea3.recruitmentplatform.com *.tb.lumesse.com; object-src 'none'; report-uri https://349104827b8b658b4e1be80ecb2de25d.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://*.gstatic.com data: *.cloudfront.net *.reviews.io *.reviews.co.uk https://*.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.clearpay.co.uk *.reviews.io *.reviews.co.uk *.iubenda.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.afterpay.com *.clearpay.co.uk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.cloudfront.net *.reviews.io *.reviews.co.uk *.iubenda.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.reviews.io *.reviews.co.uk *.iubenda.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.squarecdn.com downloads.mailchimp.com https://static.klaviyo.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://*.googleapis.com https://*.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.iubenda.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-FftmAqDrPvxVWNaZESJkXw==' 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-6b42ac60-89ab-4df6-a6e0-0b6d4878eb6e' https: data: https://js.sentry-cdn.com https://fast.wistia.com https://fast.wistia.net https://siteintercept.qualtrics.com https://browser.sentry-cdn.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://cdn.jsdelivr.net https://more.suse.com; img-src 'self' https: data: https://fast.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://fast.wistia.net https://fast.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com https://embed-ssl.wistia.com https://cdn.cookielaw.org https://embed-ssl.wistia.com; connect-src 'self' https: wss: https://cdn.cookielaw.org https://distillery.wistia.com https://siteintercept.qualtrics.com https://dc.services.visualstudio.com https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com wss://ws.qualified.com https://embed-ssl.wistia.com https://apple.dxcloud.episerver.net https://cdn.jsdelivr.net https://js.monitor.azure.com wss://ws.qualified.com; font-src 'self' https: data: https://fonts.gstatic.com https://fast.wistia.net; object-src 'none' ; media-src 'self' https: blob: ; frame-src 'self' https: ; form-action 'self' https://suselinux.fra1.qualtrics.com; frame-ancestors 'self' ; base-uri 'none' ;  report-uri https://www.suse.com/api/reporting/;  report-to csp-endpoint; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://billing-ads-qa-devel.corp.google.com/payments/v4/js/integrator.js https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-makersuite/_/js/k=boq-makersuite.MakerSuite.en_US.a6mq5b4aRNQ.2018.O/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/MakerSuite/cspreport/fine-allowlist 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com https://widgets.binotel.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.affirm.com *.affirm.ca *.b0e8.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.affirm.com *.affirm.ca *.b0e8.com *.bc0a.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net tagmanager.google.com fonts.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com qa-api.magedevteam.com *.affirm.com *.affirm.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com maxcdn.bootstrapcdn.com *.fontawesome.com data: *.googleapis.com *.acsbapp.com acsbapp.com *.laderach.com laderach.com https://fonts.bunny.net https://fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com nitropack.io *.nitrocdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://plumrocket.com www.facebook.com *.adyen.com laderach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * www.googletagmanager.com https://plumrocket.com consentcdn.cookiebot.com *.addthis.com *.avada.io *.paypalobjects.com www.facebook.com tpc.googlesyndication.com vars.hotjar.com *.laderach.com *.demdex.net *.vimeo.com *.doubleclick.net laderach.com policy.app.cookieinformation.com *.trustpilot.com *.twitter.com nitropack.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com maps.gstatic.com *.ytimg.com *.vimeocdn.com *.facebook.net *.acsbapp.com *.googleusercontent.com *.googleapis.com *.clarity.ms *.bing.com *.google.de *.google.es *.doubleclick.net *.paypalobjects.com services.postcodeanywhere.co.uk laderach.isa-test.de www.facebook.com bat.bing.com googletagmanager.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.laderach.com laderach.com *.disqus.com https://firebasestorage.googleapis.com *.cloudflare.com *.twitter.com *.contentsquare.net nitropack.io *.nitrocdn.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com consent.cookiebot.com *.addthisedge.com *.addthis.com *.moatads.com acsbapp.com *.acsbapp.com googletagmanager.com *.doubleclick.net *.gstatic.com *.paypalobjects.com static.addtoany.com lader11112.pcapredict.com services.postcodeanywhere.co.uk checkoutshopper-live.adyen.com g3367433695.co g3565518030.co g6140614385.co g15252493795.co g15450578130.co g15648662465.co *.cloudflare.com tpc.googlesyndication.com static.hotjar.com script.hotjar.com bat.bing.com *.clarity.ms *.laderach.com laderach.com *.disqus.com *.avada.io *.shopify.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net policy.app.cookieinformation.com *.fontawesome.com graph.facebook.com *.trustpilot.com *.vimeo.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net cdn.tailwindcss.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://static.klaviyo.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.googleapis.com *.gstatic.com services.postcodeanywhere.co.uk *.laderach.com laderach.com https://fonts.bunny.net https://fonts.googleapis.com https://cdn.jsdelivr.net *.cloudflare.com *.twitter.com cdn.tailwindcss.com nitropack.io *.nitrocdn.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.addthis.com *.facebook.com facebook.com *.acsbapp.com *.doubleclick.net wss://ws30.hotjar.com *.hotjar.io *.hotjar.com metrics.laderach.com *.clarity.ms services.postcodeanywhere.co.uk bat.bing.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.laderach.com laderach.com https://get.geojs.io *.avada.io maps.googleapis.com policy.app.cookieinformation.com consent.app.cookieinformation.com *.cloudflare.com *.twitter.com *.contentsquare.net *.nitrocdn.com nitropack.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-hashes' 'sha256-w/dYwr8dOxSxXkSn1TX2wSmL6acNm6A2QZk/9IX63rs=' 'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' *.usercentrics.eu/ *.usercentrics.com/ https://maps.googleapis.com https://app.usercentrics.eu https://js.hsforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hs-scripts.com https://apps.elfsight.com https://static.elfsight.com https://forms.hsforms.com/ https://static.businessbike.de/; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.hubspot.com https://analytics.tiktok.com https://*.redditstatic.com secure.adnxs.com/ *.facebook.net/ *.ads-twitter.com/ *.youtube.com/ *.gstatic.com/ *.google-analytics.com/ *.google.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ *.linkedin.com/ *.clarity.ms https://a.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://bat.bing.com/ 'sha256-OwC3Bmh3vk+mJXs4ObkYFCiNpm9wzy6lYA6Dbl8B0GA=' 'sha256-u6EjqE6QO8DkyTdpvdyvJKJ15kfu6gSa89ftCW5Qjvg=' 'sha256-eQwkKSAFkpymWoMr1PHlgPg3aR9VvmOUjP2IIgMxzXg=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-MdlFkCGaZJKqdQRWbI4q7anVqVWdp+/EEWFBsACXq5g=' 'sha256-u6EjqE6QO8DkyTdpvdyvJKJ15kfu6gSa89ftCW5Qjvg=' 'sha256-+fdBjI6fMToomtYR0ycdJhGsuUaibX4JJ/4drnsZ5mg=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-e+vQru+J5olo5XfVYmbhG6S1CgJkxHw5wR7fgr2WHvg=' 'sha256-l/HU4XTOsQHPJm2RViDCMdELfKC0E+6fI6r46fd1F18=' 'sha256-4Fgc+rmY2CWIS/Iu4eOBLSwEVHSJHQwRQA8QsAcoaMA=' 'sha256-QoPdnbMd1dyknqCfvI971xGxlajhOMS54r7tclyRsNk=' 'sha256-UMWfmReBIoR8be6oLQoUUzfsjUbjHmPU5X5Oa2xB2bw=' 'sha256-rTWylbtfP2tlUZy1UTVC+e8VaJ8myvtf3jfO6kzET6I=' 'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' 'sha256-rs6KClOKD5uekeoTJFtkA1CY/JzoQHftoDxKSxUfinM=' 'sha256-ayRPOmXL8YpsmCidiv5T8WnQJZ23P9j3ODKs8L1dQag=' https://www.googletagmanager.com blob: https://forms.hsforms.com/ https://js.hsforms.net/ https://js.hs-scripts.com/ https://apps.elfsight.com/ https://app.usercentrics.eu/ https://static.businessbike.de/ https://js.hs-analytics.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://static.elfsight.com/ https://maps.googleapis.com/ https://maps.googleapis.com/maps/api/mapsjs/ 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-LPE1FjPoSbFVAFRURZZRaYmFd2oy1AXZ0z0OVQ6bI6k='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://* *.google.com/ *.google.de/ *.google-analytics.com/ *.hsforms.com/ *.usercentrics.eu/ *.usercentrics.com/ *.businessbike.de/ *.bing.com/ *.linkedin.com/ *.clarity.ms/ https://c.bing.com/ https://px.ads.linkedin.com/ https://c.clarity.ms/ https://bat.bing.com/ www.googletagmanager.com https://static.businessbike.de/ https://app.usercentrics.eu https://track.hubspot.com https://images.eu.ctfassets.net https://i.ytimg.com https://maps.gstatic.com/ https://maps.googleapis.com/maps/ data:; font-src 'self' https://fonts.gstatic.com/ data:; connect-src 'self' https://*.businessbike.de https://*.google.com/ cdn.linkedin.oribi.io/ *.doubleclick.net/ *.google-analytics.com/ *.usercentrics.eu/ *.clarity.ms/ *.hsforms.com/ https://apps.elfsight.com https://service-reviews-ultimate.elfsight.com/ https://*.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://maps.googleapis.com/ https://portal.businessbike.de/ https://api.usercentrics.eu https://pixel-config.reddit.com https://www.redditstatic.com https://bat.bing.net https://bat.bing.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com; media-src 'self' https://videos.ctfassets.net; object-src 'none'; frame-src 'self' *.facebook.com/ *.google.com/ *.usercentrics.eu/ *.usercentrics.com/ *.hsforms.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.bing.com integrations.etrusted.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.nl *.google.at *.google.de *.google.be *.google.fr *.google.it www.googletagmanager.com *.trustpilot.com *.pinterest.com *.criteo.com *.criteo.net *.cookiebot.com https://squeezely.tech integrations.etrusted.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mailcampaigns.nl *.linkedin.com *.pinterest.com *.google.com.ua *.google.de *.google.nl *.google.at *.google.be *.google.fr *.google.it *.twitter.com *.yahoo.com *.webwinkelkeur.nl *.cookiebot.com *.criteo.com *.criteo.net *.bing.com *.cloudflare.com *.magentocommerce.com trusted.images.com integrations.etrusted.com *.zdassets.com *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.avada.io maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr chimpstatic.com *.cloudflare.com *.criteo.net *.robinhq.com *.mailcampaigns.nl *.cloudflareinsights.com *.hotjar.com *.trustpilot.com *.dhlparcel.nl *.criteo.com *.cookiebot.com *.bing.com *.msecnd.net *.pinterest.com *.clarity.ms *.pinimg.com *.licdn.com *.sooqr.com https://squeezely.tech trustedshops.com *.trustedshops.com *.etrusted.com integrations.etrusted.com *.tiktok.com *.esputnik.com https://esputnik.com *.zdassets.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.google.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com *.mailcampaigns.nl *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.typekit.net *.klaviyo.com *.bing.com *.sooqr.com trusted.styles.com integrations.etrusted.com *.esputnik.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com www.facebook.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.mailcampaigns.nl *.visualstudio.com *.pinterest.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.bing.com *.linkedin.com *.hotjar.com *.hotjar.io *.trustpilot.com *.doubleclick.net *.googletagmanager.com *.criteo.com *.criteo.net *.cookiebot.com *.clarity.ms *.amazonaws.com https://squeezely.tech *.googleapis.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com trustedshops.com *.trustedshops.com *.etrusted.com integrations.etrusted.com *.tiktok.com *.esputnik.com https://esputnik.com *.zdassets.com *.zendesk.com *.run.app https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com fonts.googleapis.com js.klarna.com *.fontawesome.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com googleads.g.doubleclick.net ct.pinterest.com *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com js.klarna.com ggmmoebel.com www.ggmmoebel.com *.facebook.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com googleads.g.doubleclick.net ct.pinterest.com *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com media.ggmmoebel.com cdn.ggmmoebel.com mediacdn.ggmmoebel.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com js.klarna.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com *.cloudflarestream.com *.mondu.ai/ *.mondu.local localhost:*/ *.facebook.com *.pinterest.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com googleads.g.doubleclick.net ct.pinterest.com *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com *.gstatic.com *.googleapis.com media.ggmmoebel.com cdn.ggmmoebel.com mediacdn.ggmmoebel.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com js.klarna.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com website.ggm-m.com *.cdninstagram.com *.content.instagram.com *.google.ba *.bing.com *.smarketer.de *.pinimg.com *.facebook.com *.pinterest.com *.facebook.net *.google.de *.hotjar.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com ct.pinterest.com *.clarity.ms *.hotjar.io *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ media.ggmmoebel.com cdn.ggmmoebel.com mediacdn.ggmmoebel.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com js.klarna.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com analytics.tiktok.com analytics-ipv6.tiktokw.us cdn.dashjs.org *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js cdn.jsdelivr.net *.avada.io www.youtube.com *.bing.com *.smarketer.de *.pinimg.com *.facebook.com *.facebook.net *.hotjar.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com *.cookiefirst.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com ct.pinterest.com *.clarity.ms *.hotjar.io *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com fonts.googleapis.com js.klarna.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com cdn.jsdelivr.net *.fontawesome.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com *.cookiefirst.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com googleads.g.doubleclick.net ct.pinterest.com *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.content.instagram.com *.cloudflarestream.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com js.klarna.com widget.freshworks.com m2epro.freshdesk.com ggmmoebel.com www.ggmmoebel.com analytics.tiktok.com analytics-ipv6.tiktokw.us insights.algolia.io https://get.geojs.io *.avada.io stats.g.doubleclick.net *.google-analytics.com *.pinterest.com *.smarketer.de *.facebook.com *.hotjar.com *.googlesyndication.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com *.cookiefirst.com api.paypal.com static.cloudflareinsights.com a.omappapi.com api.omappapi.com googleads.g.doubleclick.net ct.pinterest.com *.clarity.ms *.bing.com *.hotjar.io *.doubleclick.net 'self' 'unsafe-inline'; child-src media.ggmmoebel.com cdn.ggmmoebel.com mediacdn.ggmmoebel.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-cMnEXe7NZvgl9ji_arGMaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-+39ROEqdtSaRvWdezL/Mjg==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.lovescout24.de *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.lovescout24.de; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-Zl3JxDiK3xd6Jw6AGLuqtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.klimaworld.com *.trustedshops.com *.fontawesome.com *.gstatic.com 'self' data: https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klimaworld.com img.idealo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.trustedshops.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.facebook.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com challenges.cloudflare.com *.klimaworld.com *.doofinder.com *.iadvize.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustedshops.com cdnjs.cloudflare.com *.disqus.com *.googletagmanager.com *.facebook.net *.google.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.klimaworld.com *.doofinder.com unsafe-inline assets.braintreegateway.com *.trustedshops.com *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klimaworld.com *.doofinder.com *.iadvize.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trustedshops.com *.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net tawk.link data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.tawk.to cdn.jsdelivr.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.tawk.to wss://*.tawk.to *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com self data: static.klaviyo.com *.craftyclicks.co.uk *.cc-cdn.com *.klarnacdn.net https://fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.salesfire.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.craftyclicks.co.uk *.cc-cdn.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.craftyclicks.co.uk *.cc-cdn.com *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.salesfire.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tawk.to *.happybeds.co.uk *.google.co.uk *.bing.com *.facebook.com *.assets.adobedtm.com *.doubleclick.net *.adnxs.com *.craftyclicks.co.uk *.cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com *.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.fontawesome.com *.facebook.net *.assets.adobedtm.com cdn-4.convertexperiments.com/v1/js/10042037-10042596.js *.criteo.com *.getblue.io *.dwin1.com *.bing.com *.roeyecdn.com cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js *.craftyclicks.co.uk *.cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.salesfire.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.tawk.to *.craftyclicks.co.uk *.cc-cdn.com https://static.klaviyo.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.salesfire.co.uk *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net *.criteo.com *.tawk.to wss://*.tawk.to api.retargeted.co *.bing.com *.craftyclicks.co.uk *.cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.salesfire.co.uk *.smartmetrics.co.uk *.stripe.com klarna.com *.link.com *.amazon.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.happybeds.co.uk/; report-to report-endpoint; 1
default-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=E1t9w01U2tbFyGuaT0bSDwOHL5jXdsx9wWzcL02_l9M-1773709550.954782-1.0.1.1-Z_xGJztvYJgBsStjWNRAsNLghcsTQVpDK8EeAP5Y3ozh3QFI2f6oPxpqSEsN7DvsUXi1mBCNQJwuEpzEEhf1rLQwuk83ghMknZyfl1FnM6flMcLETcrMXxF5_Xo4t40EeALi3wcgisKP1HJb1i2OHX1j5qQRANW6uYVQpG7GIPw8jt4wz3vNHie2SxsjsUAgTtea96AN5V7AinRrYh6Mig; report-to cf-zmrkartgdctysmej 1
object-src 'none';base-uri 'self';script-src 'nonce-hMsXgMRJuw7lfEZrm1gTFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com go.trustpayments.com *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com *.cloudflareinsights.com *.trustpilot.com *.zdassets.com *.google.com *.omniconvert.com *.googletagmanager.com *.licdn.com *.facebook.net *.hotjar.com *.cloudflare.com *.yoast.com  *.dropbox.com *.live.net ; style-src 'self' 'unsafe-inline' *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com; style-src-elem * 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' *.linkedin.com *.google.com *.google.co.uk *.onetrust.com *.gstatic.com *.gravatar.com *.trustpayments.com *.zdassets.com *.facebook.com *.google-analytics.com *.google.com.mt; font-src 'self' data: 'unsafe-inline' *.gstatic.com *.trustpayments.com *.fontawesome.com; connect-src 'self' 'unsafe-inline' *.onetrust.com *.google.com *.zendesk.com *.clarity.ms *.omniconvert.com *.fontawesome.com *.cloudflareinsights.com *.zdassets.com *.yoast.com *.linkedin.com *.doubleclick.net *.hotjar.io *.google-analytics.com; media-src 'self' 'unsafe-inline' data:; object-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.trustpilot.com *.google.com; worker-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; report-uri https://www.trustpayments.com/csp-violation-report/ 1
child-src 'self' *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com *.plaid.com js.stripe.com *.youtube.com https://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com/ https://tpc.googlesyndication.com https://intercom-sheets.com/ https://calendly.com https://*.calendly.com https://capture.navattic.com https://guideline.navattic.com https://insight.adsrvr.org https://iframe.cloudflarestream.com/ https://customer-x5mykgv2c1zv0440.cloudflarestream.com/ https://match.adsrvr.org; img-src 'self' *.guideline.io https://cms-assets.guideline.com https://imagedelivery.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://alb.reddit.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://tracking-api.g2.com https://cdn.prod.uidapi.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' 'nonce-f68d3fc4f94f2297d8d289d0bae46d0c' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://*.enkempass.com https://*.central.inc https://*.keka.com https://*.lumberfi.com https://*.workstream.us https://pro.housecallpro.com https://*.tryplayground.com  https://*.7shifts.com https://app.getthera.com  https://dashboard.miter.com https://*.zenoti.com https://*.prod.aioapp.com https://app.gosteelhead.com https://*.encompassfi.com https://*.joinhomebase.com; report-uri https://sentry2.guideline.com/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.splitit.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.splitit.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.typekit.net *.commoninja.com *.coreprint.net *.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.splitit.com *.amazonaws.com *.facebook.com *.reddit.com *.cloudfront.net *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.livechatinc.com *.onetrust.com *.pcapredict.com cdn-ukwest.onetrust.com cdn.livechatinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.instagram.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://api.goaffpro.com https://static.goaffpro.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.splitit.com *.trustpilot.com *.cloudflare.com *.facebook.net https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.commoninja.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.livechatinc.com *.onetrust.com *.pcapredict.com cdn-ukwest.onetrust.com cdn.livechatinc.com p.typekit.net *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.splitit.com *.trustpilot.com *.facebook.net tagmanager.google.com *.typekit.net *.cardinalcommerce.com *.adobedtm.com *.livechatinc.com *.onetrust.com *.pcapredict.com p.typekit.net cdn-ukwest.onetrust.com cdn.livechatinc.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.goaffpro.com https://static.goaffpro.com *.ideal-postcodes.co.uk *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.splitit.com *.amazonaws.com logs.browser-intake-datadoghq.com *.facebook.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typekit.net *.commoninja.com *.authorize.net *.adobe.com *.adobedtm.com *.livechatinc.com *.onetrust.com *.pcapredict.com cdn-ukwest.onetrust.com cdn.livechatinc.com p.typekit.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://online.flippingbook.com/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.apexmagnets.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apexmagnets.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com www.apexmagnets.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.apexmagnets.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com validate.fishpig.co.uk flagpedia.net www.apexmagnets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.apexmagnets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com www.apexmagnets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apexmagnets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.apexmagnets.com 'self' 'unsafe-inline'; child-src www.apexmagnets.com http: https: blob: 'self' 'unsafe-inline'; default-src custom.intucdn.com www.apexmagnets.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com googletagmanager.com isst.dewitschijndel.nl tpc.googlesyndication.com 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.multisafepay.com pagead2.googlesyndication.com ad.doubleclick.net c.clarity.ms bat.bing.com www.google.rs www.google.ie www.google.it www.google.be www.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com 'self' data: robincontentdesktop.blob.core.windows.net az416426.vo.msecnd.net selfservice.robinhq.com tpc.googlesyndication.com dewitschijndel.nl connect.facebook.net bat.bing.com scripts.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.multisafepay.com profiles-staging.2factors.nl dewitschijndel.nl maps.googleapis.com bat.bing.com www.google.it www.google.be www.google.rs www.google.nl ad.doubleclick.net dc.services.visualstudio.com az416426.vo.msecnd.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' aims.okta.com *.pantheonsite.io cdnjs.cloudflare.com cdn.jsdelivr.net connect.facebook.net tag.simpli.fi scripts.clarity.ms analytics.tiktok.com www.googletagmanager.com aims.shell.451.io www.aims.edu events.aims.edu global.localizecdn.com script.crazyegg.com www.redditstatic.com www.google-analytics.com snap.licdn.com www.clarity.ms i.simpli.fi www.google.com www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' aims.okta.com online.aims.edu aims.messenger.451.io aims.discoveredu.ai www.google.com www.gstatic.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' aims.okta.com *.aims.edu schedule.aims.edu events.aims.edu analytics.google.com *.clarity.ms analytics.api.451.io t.451.io analytics.tiktok.com www.googletagmanager.com global.localizecdn.com pixel-config.reddit.com www.google-analytics.com sites-management-api.451.io px.ads.linkedin.com stats.g.doubleclick.net analytics-ipv6.tiktokw.us bam.nr-data.net; report-uri /report-csp-violation 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com yastatic.net data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com s7.addthis.com smartcaptcha.yandexcloud.net anketolog.ru mc.yandex.ru td.doubleclick.net api-maps.yandex.ru 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com tbs.tradedoubler.com bat.sherlockcrm.ru anketolog.ru https://an.yandex.ru api-maps.yandex.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ bat.sherlockcrm.ru s7.addthis.com m.addthis.com smartcaptcha.yandexcloud.net anketolog.ru https://abt.s3.yandex.net https://suggest-maps.yandex.ru mc.yandex.ru yastatic.net cdnjs.cloudflare.com https://www.googleoptimize.com https://pix.sniperlog.ru https://pixel.mathtag.com api-maps.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com bat.sherlockcrm.ru maxcdn.bootstrapcdn.com anketolog.ru 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com bat.sherlockcrm.ru 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.googleapis.com bat.sherlockcrm.ru ekr.zdassets.com/ https://uaas.yandex.ru https://suggest-maps.yandex.ru mc.yandex.ru https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu maps.gstatic.com maps.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com maps.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://d2wy8f7a9ursnm.cloudfront.net https://www.gstatic.com https://www.googleapis.com https://maps.googleapis.com https://static.carelinx.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.bugsnag.com; connect-src 'self' https://maps.googleapis.com https://firestore.googleapis.com https://sessions.bugsnag.com https://notify.bugsnag.com ; style-src 'self' https://static.carelinx.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://static.carelinx.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://api.carelinx.com/csp-report/ 1
object-src 'none';base-uri 'self';script-src 'nonce-xE6OUAmLZqqE_VTXnmCDSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yYg6zEn2ATaK0djqMadlMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data: blob:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-98+VR+cjKXhnEpSoPtpG/A=='; report-uri /csp_violations 1
connect-src 'self' https://dev.visualwebsiteoptimizer.com https://global.oktacdn.com https://px.ads.linkedin.com https://static.hsappstatic.net https://api.hubapi.com https://i.clarity.ms https://surveystats.hotjar.io https://pagead2.googlesyndication.com https://bat.bing.com https://previewtac.oktapreview.com https://tac.okta.com https://www.facebook.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com https://analytics.google.com https://bam.nr-data.net wss://ws.hotjar.com https://content.hotjar.io https://api.global.chalet.8x8.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://youtube.com https://www.google-analytics.com https://www.clarity.ms https://events.hotjar.io https://www.youtube.com https://region1.google-analytics.com https://api.hsforms.com https://www.googletagmanager.com; font-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://youtube.com https://www.youtube.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://youtube.com; object-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-inline' blob: https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://code.jquery.com https://consent.cookiebot.com https://static.hotjar.com https://js.hs-scripts.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://www.clarity.ms https://script.hotjar.com https://scripts.clarity.ms https://previewtac.oktapreview.com https://tac.okta.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://js.hsforms.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://global.oktacdn.com https://unpkg.com mdbootstrap.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: data: cdnjs.cloudflare.com fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com data: https://maxcdn.bootstrapcdn.com *.livehelpnow.net *.hotjar.com *.fontawesome.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.canadapost.ca https://sso.epost.ca *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.gstatic.com *.google.com roundme.com *.facebook.com www.xtento.com *.authorize.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.livehelpnow.net https://www.facebook.com *.fbcdn.net *.google.com *.google.ca *.authorize.net *.bing.com *.beachcomberhottubs.com *.cdninstagram.com www.xtento.com cdn.xtento.com mageside.com *.canadapost.ca maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://connect.facebook.net *.newrelic.com *.nr-data.net *.hotjar.com *.bing.com *.polyfill.io *.jquery.com *.jsdelivr.net *.cloudflare.com *.livehelpnow.net *.google.com www.xtento.com cdn.xtento.com *.authorize.net maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.livehelpnow.net *.fontawesome.com *.jsdelivr.net *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com data: *.livehelpnow.net *.doubleclick.net *.nr-data.net wss://app.livehelpnow.net/ *.hotjar.com wss://wsp25.hotjar.com/ *.google.ca *.authorize.net *.bing.com *.polyfill.io *.beachcomberhottubs.com *.hotjar.io wss://wsp37.hotjar.com/ *.clickdimensions.com *.instagram.com *.paypal.com maps.googleapis.com https://www.google-analytics.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://datafa.st https://cdn.tolt.io https://cdn.goentri.com https://www.googletagmanager.com https://*.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.blink.new https://firebasestorage.googleapis.com https://storage.googleapis.com https://images.unsplash.com https://lh3.googleusercontent.com https://avatars.githubusercontent.com https://*.posthog.com; connect-src 'self' https://core.blink.new https://*.sites.blink.new https://*.posthog.com https://*.googleapis.com https://plausible.io https://datafa.st https://cdn.tolt.io wss://*.blink.new; frame-src 'self' https://*.sites.blink.new https://*.blink.new; frame-ancestors 'self' 1
default-src 'none' ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ *.googleapis.com/ https://www.google-analytics.com/ https://cookie-cdn.cookiepro.com ; style-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com/ ; img-src 'self' data: https://maps.gstatic.com/ *.cdninstagram.com/ https://cookie-cdn.cookiepro.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://maps.googleapis.com/ ; font-src 'self' data: https://fonts.gstatic.com/ ; connect-src 'self' https://maps.googleapis.com/ https://stats.g.doubleclick.net/ region1.google-analytics.com/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://www.google-analytics.com/ ; media-src 'self' ; form-action 'self' https://www.facebook.com/tr/ ; frame-src 'self' https://www.google.com/ ; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-jjx6dNYPxHKwSdllr8yKiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.kxcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.fontawesome.com *.tawk.to *.stape.io https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.reviews.io *.reviews.co.uk *.pingdom.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.hotjar.com *.reviews.io *.reviews.co.uk *.pingdom.com *.paypalobjects.com https://td.doubleclick.net/ *.googletagmanager.com *.clarity.ms *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.stape.io *.google.com/ *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net *.cloudflare.com *.klarna.com *.googleadservices.com *.twimg.com *.ytimg.com *.lightemporium.com *.bing.com *.getclicky.com *.tawk.to *.lightsave.co.uk *.google.es *.google.de https://lightsave.co.uk https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com.ua https://c.clarity.ms *.mailchimp.com magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com https://www.magezon.com tawk.link cdn.jsdelivr.net s3.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com/ *.twimg.com *.trustedshops.com *.fontawesome.com *.googletagmanager.com *.reviews.io *.hotjar.com *.klaviyo.com *.livechatinc.com *.getclicky.com *.tawk.to *.jsdelivr.net *.licdn.com https://chimpstatic.com https://www.clarity.ms *.clarity.ms *.mailchimp.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.stape.io *.avada.io *.shopify.com www.gstatic.com cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tawk.to *.googletagmanager.com *.stape.io https://fonts.bunny.net www.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src https://pay.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.cloudflare.com *.intuit.com *.amazonaws.com *.doubleclick.net *.tawk.to embed.tawk.to https://px.ads.linkedin.com https://google.com https://pay.google.com *.clarity.ms *.mailchimp.com *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io www.googleapis.com wss://*.tawk.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com *.googleapis.com https://www.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.gstatic.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.authorize.net *.google.com *.yotpo.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com store.paradoxlabs.com *.yotpo.com *.cloudflare.com https://cdn.klarna.com *.vimeocdn.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com https://www.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net https://www.google.com *.yotpo.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net *.yotpo.com *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' data: imgsct.cookiebot.com www.gstatic.com www.google.com www.google.pl *.clarity.ms *.bing.com *.googletagmanager.com www.facebook.com www.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-inline' www.gstatic.com; font-src 'self' data: fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' lotto.chat.getzowie.com scripts.clarity.ms www.clarity.ms www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.googletagmanager.com www.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net s2.adform.net track.adform.net; frame-src consent.cookiebot.com cloud.crm.lotto.pl consentcdn.cookiebot.com b.clarity.ms www.google.com *.googletagmanager.com www.facebook.com; connect-src 'self' lotto.chat.getzowie.com api.loteriada.pl b.clarity.ms api-gramywygrywamy.azurewebsites.net consentcdn.cookiebot.com www.google.com *.clarity.ms *.google-analytics.com *.googlesyndication.com www.facebook.com www.google.pl www.googleadservices.com; frame-ancestors 'self' www.google.com; worker-src 'self' blob: 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.tawk.to *.gstatic.com *.kxcdn.com *.powerreviews.com *.googletagmanager.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net *.google-analytics.com web-2-tel.com *.unpkg.com unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.tawk.to https://js.stripe.com/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.powerreviews.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net *.google-analytics.com web-2-tel.com *.unpkg.com unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.tawk.to cdn.jsdelivr.net *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net m.media-amazon.com *.visualwebsiteoptimizer.com *.powerreviews.com https://meetanshi.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net *.google-analytics.com web-2-tel.com *.unpkg.com unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in *.googletagmanager.com tawk.link res.cloudinary.com *.rakuten.com *.linksynergy.com *.xg4ken.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.tawk.to cdn.jsdelivr.net https://checkout.stripe.com/checkout.js https://js.stripe.com/v3/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com unpkg.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.visualwebsiteoptimizer.com *.powerreviews.com *.googletagmanager.com *.stripe.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net *.google-analytics.com web-2-tel.com *.unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in 'unsafe-inline' mpsnare.iesnare.com res.cloudinary.com acds-events.adobe.io *.googleadservices.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.kaptcha.com *.mgt.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com 'unsafe-inline' assets.braintreegateway.com *.tawk.to cdn.jsdelivr.net *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.powerreviews.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net *.google-analytics.com web-2-tel.com *.unpkg.com unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in *.googletagmanager.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.tawk.to 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.tawk.to wss://*.tawk.to https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.instagram.com *.powerreviews.com *.visualwebsiteoptimizer.com *.bing.com *.googlecommerce.com *.web-2-tel.com *.doubleclick.net web-2-tel.com *.unpkg.com unpkg.com *.amazonaws.com amazonaws.com google.co.in *.google.co.in *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://stats.g.doubleclick.net *.kaptcha.com https://get.geojs.io *.mgt.com analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'nonce-0090f563d69eede92e9a1a2d63158d01' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com https://www.magezon.com flagpedia.net rt.flix360.com media.flixfacts.com magento-1482700-5635152.cloudwaysapps.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.plugins.emarsys.net *.scarabresearch.com *.avada.io *.shopify.com *.google.com/ maps.googleapis.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com media.flixfacts.com media.flixcar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com media.flixfacts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento-1482700-5635152.cloudwaysapps.co media.flixfacts.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.scarabresearch.com *.eservice.emarsys.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com media.flixfacts.com media.flixcar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com *.libreka.de *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com *.cloudfront.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com js.stripe.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.libreka.de www.sovendus-connect.com www.sovendus-benefits.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de https://firebasestorage.googleapis.com *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu *.scnem2.com cdn.consentmanager.net cloud.ccm19.de *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com tagmanager.google.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de api.sovendus.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.avada.io *.shopify.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu *.scnem2.com *.s7.addthis.com cdn.consentmanager.net d.delivery.consentmanager.net cloud.ccm19.de *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com fonts.google.com *.libreka.de *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com cdn.consentmanager.net cloud.ccm19.de https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.libreka.de *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com privacyportal-de.onetrust.com pagead2.googlesyndication.com qm.magazinabo.com qm.getredbulletin.ch *.libreka.de identification-api.sovendus.com press-tracking-api.sovendus.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com cloud.ccm19.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.cookiebot.com *.google.com maps.googleapis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.co.uk *.cloudflare.com *.google.co.in maps.googleapis.com https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cookiebot.com *.bing.com *.facebook.net *.google.com *.googleapis.com static.cloudflareinsights.com www.gstatic.com https://maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com maps.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.cookiebot.com googleads.g.doubleclick.net maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-EkJlUWvtH6hp5YgomAHTvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action 'self' www.paypal.com securepayments.paypal.com www.facebook.com www.cbz.at www.fontis-shop.ch; report-uri https://www.scm-shop.de/csp-report; report-to csp-endpoint 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; frame-src 'self' www.youtube.com challenges.cloudflare.com td.doubleclick.net outlook.office365.com fast.wistia.net fast.wistia.com; worker-src 'self' blob:; child-src 'self' blob: www.youtube.com; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' wasm-eval fast.wistia.net fast.wistia.com 'nonce-NBJqIeBii+4Qly++zRnvzA=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss: *.sentry.io; base-uri 'none'; report-uri https://o92134.ingest.us.sentry.io/api/218571/security/?sentry_key=c01e0509572348fca8b65b3fe0ad16f3 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://static.ctctcdn.com https://www.google.com https://www.gstatic.com https://t.sharethis.com https://platform-api.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://aacdn.nagich.com https://access.nagich.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com https://static.ctctcdn.com https://aacdn.nagich.com https://www.google.com https://www.gstatic.com https://t.sharethis.com https://platform-api.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://access.nagich.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cloud.typography.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://static.ctctcdn.com https://ws.sharethis.com https://aacdn.nagich.com https://access.nagich.com; frame-ancestors 'self' 1
default-src 'self' https://*.pronovabkk.de; script-src 'self' https://*.pronovabkk.de 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.etracker.com https://*.etracker.de https://cloud.itsc.de https://*.cloud.itsc.de https://maps.googleapis.com https://unpkg.com https://www.youtube.com; style-src 'self' https://*.pronovabkk.de 'unsafe-inline' fonts.googleapis.com; img-src 'self' https://*.pronovabkk.de data: https://*.usercentrics.eu https://*.etracker.com https://*.etracker.de https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com; connect-src 'self' https://*.pronovabkk.de https://*.usercentrics.eu https://*.etracker.de wss://*.apps40101.cloud.itsc.de https://maps.googleapis.com https://imasdk.googleapis.com http://www.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://cdn.plyr.io https://go.aniview.com https://i.ytimg.com https://noembed.com https://*.friendlycaptcha.eu; worker-src blob:; child-src blob:; media-src 'self' https://*.pronovabkk.de https://www.youtube.com https://youtu.be https://cdn.plyr.io data:; font-src 'self' https://*.pronovabkk.de data: https://fonts.gstatic.com; frame-src 'self' https://*.pronovabkk.de https://*.usercentrics.eu https://pronova-bkk.sps-prien.de https://pronovabkk.e-coaches.de https://www.ip-gkv.de https://www.youtube.com; form-action 'self' https://*.pronovabkk.de https://web.inxmail.com; frame-ancestors https://*.pronovabkk.de https://*.etracker.com 1
object-src 'none';base-uri 'self';script-src 'nonce-n_OViQPp6xr_xCC9GENXlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-gZk2RocPVC/2N70On5maMJKskaYpjDNdigwF6I5gPOY=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
object-src 'none';base-uri 'self';script-src 'nonce-Oz_HKGkuaio4RoF9qe75OA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https: blob:; object-src 'none'; script-src 'self' https://plausible.io https://cdnjs.cloudflare.com https://unpkg.com https://js.stripe.com 'nonce-iybbO7EMzcq6vD4MdmnFPg=='; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://eu.pwpush.com; connect-src 'self' wss: ws: https://plausible.io https://ga.jspm.io https://unpkg.com https://api.stripe.com https://eu.pwpush.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; frame-ancestors 'self'; form-action 'self' https://*.stripe.com https://accounts.google.com https://login.microsoftonline.com; base-uri 'self'; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self'; manifest-src 'self' 1
default-src 'none' ; manifest-src 'self' ; object-src 'none'; worker-src blob: ; media-src blob: house-fastly-signed-us-east-1-prod.brightcovecdn.com edge.api.brightcove.com manifest.prod.boltdns.net; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com; img-src 'self' data:  www.googletagmanager.com pagead2.googlesyndication.com  googleads.g.doubleclick.net www.google.com www.google.be ad.doubleclick.net sstats.hellobank.be c.contentsquare.net bnpparibasfortis.com www.bnpparibasfortis.com sstats.bnpparibasfortis.be px.ads.linkedin.com alb.reddit.com cf-images.us-east-1.prod.boltdns.net metrics.brightcove.com udc-neb.kampyle.com bnpparibasfortis.sc.omtrdc.net bnpbebnppffactorwebdev.112.2o7.net cdn.cookielaw.org; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; script-src 'self' 'nonce-25e39018d94348c6ad0faf01ef26fb19' assets.adobedtm.com www.googletagmanager.com www.qahellobank.be tags.bkrtx.com cdnssl.clicktale.net secure-ds.serving-sys.com tags.bluekai.com cdnjs.cloudflare.com www.bkrtx.com udc-neb.kampyle.com bnpparibasfortis.sc.omtrdc.net www.clicktale.net www.serving-sys.com www.bnpparibas.com house-fastly-signed-us-east-1 prod.brightcovecdn.com edge.api.brightcove.com www.brightcove.com www.bnpparibasfortis.com resources.digital-cloud.medallia.eu players.brightcove.net vjs.zencdn.net www.facebook.com connect.facebook.net snap.licdn.com www.redditstatic.com addevent.com www.addevent.com cdn.addevent.com assets.adobedtm.com googleads.g.doubleclick.net www.youtube.com www.bnpparibasfortis.be easybanking.qabnpparibasfortis.be cdn.cookielaw.org ajax.googleapis.com t.contentsquare.net app.contentsquare.com; child-src 'self' www.bnpparibas.com www.bnpparibasfortis.com house-fastly-signed-us-east-1-prod.brightcovecdn.com www.twitter.com bcove.video 'self'; frame-src 'self' 9887012.fls.doubleclick.net players.brightcove.net player.vimeo.com  www.googletagmanager.com www.youtube.com googleads.g.doubleclick.net; connect-src 'self'  pagead2.googlesyndication.com sstats.hellobank.be www.googletagmanager.com www.hellobank.be ad.doubleclick.net google.com www.google.com www.google.be google.be bnpparibasfortis.tt.omtrdc.net dpm.demdex.net ajax.googleapis.com analytics-fe.digital-cloud.medallia.eu t.contentsquare.net connect.facebook.net k-aeu1.contentsquare.net q-aeu1.contentsquare.net c.contentsquare.net conversions-config.reddit.com www.googletagmanager.com www.redditstatic.com pixel-config.reddit.com px.ads.linkedin.com sstats.bnpparibasfortis.be www.youtube.com googleads.g.doubleclick.net dpm.demdex.net tools.api.bnpparibasfortis.be manifest.prod.boltdns.net house-fastly-signed-us-east-1-prod.brightcovecdn.com edge.api.brightcove.com cdn.cookielaw.org geolocation.onetrust.com bnp-privacy.my.onetrust.com udc-neb.kampyle.com resources.digital-cloud.medallia.eu  bnpparibasfortis.sc.omtrdc.net assets.adobedtm.com www.akamaihd.net  ad.doubleclick.net www.kampyle.com www.prod.boltdns.net www.medallia.eu www.brightcove.com www.clicktale.net www.demdex.net www.serving-sys.com www.bnpparibas.com www.googleapis.com www.bnpparibasfortis.com www.bnpparibasfortis.be www.contentsquare.net; frame-ancestors 'none'; form-action 'self'; report-to /report-violation-csp; 1
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.zdassets.com cdn.brcdn.com *.googleapis.com *.google-analytics.com *.google.com *.newrelic.com bam.nr-data.net *.amazonaws.com *.jquery.com fonts.fontawesome.com fonts.gstatic.com use.fontawesome.com sarnova-dev.s3.amazonaws.com *.akstat.io *.klaviyo.com *.nice-incontact.com *.boundtree.com *.brsrvr.com *.stackadapt.com *.hotjar.io *.hotjar.com *.go-mpulse.net *.googletagmanager.com *.doubleclick.net player.vimeo.com www.youtube.com; script-src 'self' *.klaviyo.com cdn.brcdn.com sarnova.s3.amazonaws.com *.nice-incontact.com *.google-analytics.com *.newrelic.com *.hotjar.com *.go-mpulse.net *.stackadapt.com *.googleadservices.com cdn.acsbapp.com www.youtube.com 'unsafe-inline' *.googletagmanager.com *.acsbapp.com acsbapp.com 'unsafe-eval'; connect-src 'self' cdn.acsbapp.com *.acsbapp.com acsbapp.com tags.srv.stackadapt.com *.klaviyo.com www.google-analytics.com www.google.com www.googleadservices.com *.hotjar.com bam.nr-data.net api-js.datadome.co c.go-mpulse.net analytics.google.com; worker-src 'self' blob: 1
default-src 'self' *.googleapis.com; base-uri 'self'; frame-ancestors 'self' www.gstatic.com; form-action 'self' *.paypal.com pilot-payflowlink.paypal.com *.twitter.com; frame-src 'self' youtube.com *.youtube.com *.youtube-nocookie.com *.paypal.com *.checkout.com www.google.com *.doubleclick.net *.googletagmanager.com *.cookiebot.com cdn.smooch.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.luigisbox.com scripts.luigisbox.com assets.adobedtm.com *.adobe.com *.cloudflare.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com *.googleapis.com *.fontawesome.com *.zopim.com *.zdassets.com *.checkout.com *.cookiebot.com *.cookiefirst.com consent.cookiefirst.com *.bing.com *.clarity.ms s.ytimg.com www.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.checkout.com https://*.ggpht.com https://*.googleusercontent.com *.pcapredict.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com *.fontawesome.com *.cloudflare.com *.checkout.com *.cookiefirst.com cdn.luigisbox.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.cloudflare.com *.twitter.com *.trustedshops.com *.googleapis.com cdn.checkout.com https://www.gstatic.com *.twimg.com; img-src 'self' data: *.luigisbox.com *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com www.google.co.uk *.google.co.uk *.google-analytics.com analytics.google.com *.googletagmanager.com *.paypal.com t.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.youtube.com *.gstatic.com *.cloudflare.com *.lsengineers.co.uk *.twitter.com *.twimg.com *.doubleclick.net *.bing.com *.bing.net bat.bing.net *.zdassets.com *.googleapis.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com consent.cookiefirst.com *.cookiefirst.com; connect-src 'self' wss: *.luigisbox.com *.google-analytics.com analytics.google.com *.doubleclick.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io *.paypal.com *.checkout.com *.clarity.ms *.cookiefirst.com *.bing.com *.bing.net *.googleapis.com *.googlesyndication.com https://js.checkout.com https://*.google.com https://*.gstatic.com https://*.googleapis.com *.zendesk.com *.zdassets.com ekr.zdassets.com lsengineers.zendesk.com; object-src 'self'; media-src 'self' *.adobe.com *.zdassets.com; manifest-src 'self'; child-src 'self' https: http: 1
object-src 'none';base-uri 'self';script-src 'nonce-wiufDHC29IUTaaI--TGc0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Li4t3kdL2mqSDLKhxYt-Kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' *.cdn.content.amplience.net *.staging.bigcontent.io *.algolia.net direct-collect.dy-api.eu rcom-eu.dynamicyield.com st-eu.dynamicyield.com async-px-eu.dynamicyield.com direct.dy-api.eu *.algolianet.com *.worldline-solutions.com *.ingenico.com *.ideal-postcodes.co.uk *.criteo.com www.bing.com dev.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net insights.algolia.io *.scoota.co *.criteo.net adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com *.accdab.net apps.bazaarvoice.com display.ugc.bazaarvoice.com static.cloudflareinsights.com staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com https://api-eu.jdadelivers.com collection.decibelinsight.net cdn.decibelinsight.net *.decibel.com wss://collection.decibelinsight.net wss://cdn.decibelinsight.net *.digital-cloud.medallia.eu bam.nr-data.net ingressteam.cloudflareaccess.com *.google-analytics.com analytics.tiktok.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com *.analytics.google.com www.google.com google.com api2.asda.com ghs-mm.asda.com https://cdn-eu.dynamicyield.com/scripts/2.74.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.72.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.68.0/dy-coll-nojq-min.js https://cdn-eu.dynamicyield.com/scripts/2.66.0/dy-coll-nojq-min.js cdn-eu.dynamicyield.com api.bazaarvoice.com bat.bing.net; default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' *; frame-ancestors 'self' *.amplience.net; img-src 'self' *.commercecloud.salesforce.com *.media.amplience.net data: asda.a.bigcontent.io asdagroceries.scene7.com *.assets-asda.com *.dynamicyield.com *.criteo.com retailmedia-static.azureedge.net staticassets-creator-design.criteo.net t.ssl.ak.dynamic.tiles.virtualearth.net www.bing.com *.scoota.co adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com analytics.tiktok.com region1.analytics.google.com www.google.co.uk fonts.gstatic.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com adservice.google.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com www.google.com google.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net gum.criteo.com x.bidswitch.net r.casalemedia.com cm.g.doubleclick.net secure.adnxs.com simage2.pubmatic.com pixel.rubiconproject.com sync-criteo.ads.yieldmo.com hb.yahoo.net sync-t1.taboola.com haq81g6w.micpn.com *.bazaarvoice.com d1fd8aj8bhyfe9.cloudfront.net synchroscript.deliveryengine.adswizz.com us-u.openx.net cms.analytics.yahoo.com; media-src 'self' asdagroceries.scene7.com s7d2.scene7.com *.scoota.co static.criteo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' apps.rokt.com storage.googleapis.com *.algolia.net cdn-eu.dynamicyield.com st-eu.dynamicyield.com *.worldline-solutions.com *.ingenico.com assets.adobedtm.com www.bing.com r.bing.com dev.virtualearth.net *.scoota.co asdagroceries.scene7.com ui.assets-asda.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net adobedc.demdex.net edge.adobedc.net ns.adobe.com *.onetrust.com *.accdab.net *.criteo.com *.hlserve.com apps.bazaarvoice.com display.ugc.bazaarvoice.com stg.api.bazaarvoice.com static.cloudflareinsights.com mpsnare.iesnare.com collection.decibelinsight.net cdn.decibelinsight.net *.decibel.com blob: *.digital-cloud.medallia.eu staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com js-agent.newrelic.com ingressteam.cloudflareaccess.com www.googletagmanager.com *.google-analytics.com analytics.tiktok.com sghs.asda.com www.mczbf.com *.dotomi.com connect.facebook.net www.facebook.com bat.bing.com www.sc-static.net tr.snapchat.com www.redditstatic.com pixel-config.reddit.com analytics.twitter.com ads-api.twitter.com www.ads-twitter.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com tagmanager.google.com googletagmanager.com *.googletagmanager.com www.google.com google.com haq81g6w.micpn.com migroceries.asda.com asda-promotions.co.uk api.bazaarvoice.com *.criteo.net *.d3dh5c7rwzliwm.cloudfront.net *.mpsnare.iesnare.com https://analytics-static.ugc.bazaarvoice.com/prod/static/3/bv-analytics.js; style-src 'self' https: 'unsafe-inline' *.bazaarvoice.com ssl.gstatic.com www.gstatic.com tagmanager.google.com fonts.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=b5sc_FHM7vvzgyfeu6Vin61zRutC.B70o65.QGMiJXc-1773716940-1.0.1.1-bSAP9atFTNA5nmCQrTvmby22oebz7r2DQyqCe7TG8UmJ7YNTWTiXmttTNXC_f43ET5lOZ2SjAnMn0fMejLWgwbYoNOBlrhmfDuMARl29C1dBG0_egfcHBHK_y3Iw0lCszAzm6Enc_0KeliPC6TLDr70ozs3B2sgFBxYLrJ_XvWhjI.dBIYh71RE92QvWyx7C.h7Q3qXCWGfvkLaeqlcRaQ; report-to cf-yzyyifrvvlebqkuk 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.bunny.net cdn.jsdelivr.net cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com www.facebook.com interface.mailcampaigns.nl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com js.mollie.com *.multisafepay.com https://pay.google.com https://plumrocket.com www.googletagmanager.com *.doubleclick.net tagging.proforto.nl www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.mollie.com maps.googleapis.com *.multisafepay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com px.ads.linkedin.com bat.bing.com www.google.nl t.squeezely.tech www.facebook.com region1.analytics.google.com www.google.fr *.faslet.net trengo.s3.eu-central-1.amazonaws.com *.mailcampaigns.nl *.doubleclick.net cdn.proforto.nl tagging.proforto.nl images.prismic.io proforto-cdn.imgix.net https://maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; style-src *.adobe.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.multisafepay.com tagmanager.google.com fonts.google.com fonts.bunny.net *.faslet.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu player.vimeo.com *.vimeocdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://tagging.proforto.nl dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.com b.billypx.com px.ads.linkedin.com analytics.tiktok.com *.doubleclick.net rkkck31tec.execute-api.eu-central-1.amazonaws.com api.faslet.net cdn.api.prod.faslet.net bat.bing.com bat.bing.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com pagead2.googlesyndication.com metrics.hotjar.io *.trengo.eu *.convertexperiments.com tagging.proforto.nl *.tiktokw.us wss://*.hotjar.com interface.mailcampaigns.nl *.yotpo.com https: 'self' 'unsafe-inline'; script-src https://tagging.proforto.nl assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.mollie.com *.multisafepay.com https://pay.google.com *.googletagmanager.com tagmanager.google.com cdn-4.convertexperiments.com connect.facebook.net static.hotjar.com script.hotjar.com analytics.tiktok.com bat.bing.com squeezely.tech snap.licdn.com bgmin.cdn.billygrace.com d5yoctgpv4cpx.cloudfront.net widget.prod.faslet.net player.vimeo.com *.trengo.eu localhost:5174 *.proforto.nl *.yotpo.com https: 'self' 'unsafe-inline' 'unsafe-eval'; 1
manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.seamly-app.com https://*.cookiebot.com https://*.umbrella.com https://*.srcspot.com https://*.infomedics.nl https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://service.mtcaptcha.com https://static.srcspot.com https://unpkg.com https://matomo.infomedics.nl/; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.seamly-app.com https://*.cookiebot.com https://*.umbrella.com https://*.srcspot.com https://*.infomedics.nl https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://service.mtcaptcha.com https://static.srcspot.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://unpkg.com themes; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-z6a5Kvz3JtdO7A-u1zF_8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' *.cquotient.com *.dixa.io *.facebook.com *.forter.com *.global-e.com *.johnvarvatos.com *.klaviyo.com acsbapp.com app.pendo.io assets.ntcacdn.net bat.bing.com cdn-ukwest.onetrust.com cdn.jsdelivr.net container.pepperjam.com d16fk4ms6rqz1v.cloudfront.net dlthst9q2beh8.cloudfront.net googleads.g.doubleclick.net pendo-static-5872700213952512.storage.googleapis.com siteperformancetest.net tag.rmp.rakuten.com www.googletagmanager.com www2.bglobale.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=I4BOIVI1TxHL1KOpUmewl8DrOVc58oiIS95EVrrX0yI-1773709882-1.0.1.1-hiQfJEw6DQxmz38t8h.nwZxJPtTU0ohlrTlAd1WFHuWAEvWGVnQPQHdynxCBFLo7n8tJ1RurLYQFFJ3OT3HKquzCjCuHKlDTvw38r6g8gH5DmyNp5bs5oL.n9lrdFV6o_3DGvTT2oa068U6BX.ck5pg_Ajf_AUUQAmSlpYO2ZG74OKcyQuYu5qZuRj0RcdFd6NAGHub97XP4iCqGD5saJA; report-to cf-eavrkbwxfaduqwqs 1
object-src 'none';base-uri 'self';script-src 'nonce-tNhz8Qv63d0PbBPy7PgizQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.lpsnmedia.net *.liveperson.net *.hotjar.com *.bragard.ca https://plumrocket.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com platform.twitter.com blob: webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.linkedin.com bat.bing.com *.powerreviews.com dev.visualwebsiteoptimizer.com seal.digicert.com https://www.google.com/pagead/1p-user-list/ https://www.google.co.jp/pagead/1p-user-list/ https://www.google.com/ads/ https://www.google.co.jp/ads/ https://*.adsymptotic.com/d/px/ *.liquifire.com *.weglot.com *.bragard.ca *.chefworks.com e.postpilot.com aa.trkn.us *.trackedlink.net *.ddlnk.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com connect.facebook.net graph.facebook.com business.facebook.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com seal.digicert.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net code.jquery.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ bat.bing.com *.weglot.com *.bragard.ca https://d2s9x5slbvr0vu.cloudfront.net https://edge1.certona.net https://www.clarity.ms https://snap.licdn.com https://bat.bing.com https://maps.googleapis.com cdn.jsdelivr.net d22mbxk3w9mny2.cloudfront.net s.pinimg.com tags.srv.stackadapt.com scripts.clarity.ms ct.pinterest.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal player.vimeo.com www.facebook.com twitter.com platform.twitter.com unpkg.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com use.fontawesome.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.weglot.com *.bragard.ca https://maxcdn.bootstrapcdn.com public.codepenassets.com cdnjs.cloudflare.com cdn.jsdelivr.net p.typekit.net use.typekit.net tags.srv.stackadapt.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.adobedc.net *.demdex.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.powerreviews.com bam.nr-data.net *.g.doubleclick.net wss://*.hotjar.com https://*.hotjar.com *.hotjar.io bat.bing.com *.weglot.com *.bragard.ca https://dc.ads.linkedin.com https://px.ads.linkedin.com https://www.clarity.ms https://d.clarity.ms https://snap.licdn.com https://bat.bing.com https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com tags.srv.stackadapt.com sp.chefworks.com ct.pinterest.com k.clarity.ms e.postpilot.com aa.trkn.us dp.signifyd.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com data: webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net https://fonts.gstatic.com cdn.almapay.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ www.google.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com unpkg.com/@googlemaps/markerclusterer/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://maps.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com unpkg.com/@googlemaps/markerclusterer/ https://cdnjs.cloudflare.com https://maps.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net https://fonts.googleapis.com fonts.googleapis.com *.certcapture.com downloads.mailchimp.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://places.googleapis.com/ https://maps.googleapis.com/ 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src unpkg.com/@googlemaps/markerclusterer/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com fonts.googleapis.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com *.cookiebot.com *.trustpilot.com *.hotjar.com www.youtube.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bluebirdday.io *.misterb.com *.misterjock.com *.google.com *.google.nl www.google.nl www.facebook.com *.cloudfront.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com *.fontawesome.com *.cookiebot.com *.trustpilot.com *.doubleclick.net *.hotjar.com connect.facebook.net www.facebook.com secure.authorize.net test.authorize.net *.vimeo.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com v2.zopim.com *.cloudflareinsights.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com unsafe-inline assets.braintreegateway.com *.klaviyo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com *.cookiebot.com *.hotjar.com *.klaviyo.com *.doubleclick.net *.googleapis.com/ stats.g.doubleclick.net *.google-analytics.com *.hotjar.io *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self'; frame-ancestors 'self'; media-src 'self'; script-src 'self' https: 'unsafe-inline' http://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/sdk.js; report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=trusted-mfe@v1.1&sentry_environment=prod 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://js.hsforms.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https: blob:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://js.hsforms.net; frame-src 'self' https://www.googletagmanager.com https://consent.cookiebot.com; object-src 'none'; base-uri 'self'; form-action 'self' https://js.hsforms.net; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; script-src 'nonce-f07706d1e72d4147993c6daadead1954'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; style-src 'self' 'nonce-f07706d1e72d4147993c6daadead1954'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=138-4428968-0932554:rid=D495AE7B6D4F4774ABE6:sn=www.playlostark.com 1
font-src *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com 'self' data: static.klaviyo.com https://cdn.icomoon.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.reviews.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.reviews.io *.reviews.co.uk magento-cloudflare.jetrails.com https://app-wallee.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.criteo.com *.facebook.com ct.pinterest.com int.post.ch www.post.ch/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.ytimg.com https://app-wallee.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.angela-bruderer.ch *.bidswitch.net *.casalemedia.com *.criteo.com *.doubleclick.net *.facebook.com *.google.de *.id5-sync.com id5-sync.com *.ivitrack.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.praktikus.ch *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.smartclip.net *.taboola.com *.tdintern.de *.teads.tv *.thebrighttag.com *.tremorhub.com *.twiago.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.usercentrics.eu *.cloudflareaccess.com *.emxdgt.com *.1rx.io *.unrulymedia.com wheelioapp.azureedge.net *.wheelio-app.com dealioappstorage.blob.core.windows.net *.hsforms.net *.hsforms.com 'self' data: bat.bing.com ct.pinterest.com *.google.ch d3k81ch9hvuctc.cloudfront.net https://trck.spoteffects.net https://dev.visualwebsiteoptimizer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.reviews.io *.reviews.co.uk *.luware.cloud https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflareinsights.com *.criteo.com *.datareporter.eu *.getback.ch *.getsitecontrol.com *.usersnap.com analytics.maileon.com *.usercentrics.eu *.visualwebsiteoptimizer.com wheelioapp.azureedge.net *.wheelio-app.com wheeliofuncstats.azurewebsites.net *.cloudflare.com *.profity.ch *.neocomapp.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.plugins.emarsys.net *.scarabresearch.com connect.facebook.net *.usernap.com s.pinimg.com bat.bing.com static.profity.ch/ static.klaviyo.com https://static-tracking.klaviyo.com https://analytics.maileon.com angela-bruderer-ag.onlyfy.jobs gtm.adt313.net https://trck.spoteffects.net https://ajax.cloudflare.com https://apis.google.com/js/api.js https://production.neocomapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.luware.cloud https://app-wallee.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline' data: *.datareporter.eu wheelioapp.azureedge.net *.wheelio-app.com *.klaviyo.com *.googleapis.com *.gstatic.com static.getback.ch static-tracking.klaviyo.com https://cdn.icomoon.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.cloudflareaccess.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.luware.cloud *.service.signalr.net https://app-wallee.com https://assets.secure.checkout.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.criteo.com *.datareporter.eu *.doubleclick.net *.getsitecontrol.com *.google.de *.bing.com *.getback.ch analytics.maileon.com *.googlesyndication.com *.usercentrics.eu *.visualwebsiteoptimizer.com *.neocomapp.com *.klaviyo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.scarabresearch.com *.eservice.emarsys.net region1.analytics.google.com ct.pinterest.com events.getsitectrl.com https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://a.klaviyo.com https://insights.algolia.io *.facebook.com https://dev.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.luware.cloud *.adobe.com *.angela-bruderer.ch *.cloudflareaccess.com *.cloudflareinsights.com *.datareporter.eu *.facebook.com *.mediavine.com *.newrelic.com *.nr-data.net *.omnitagjs.com *.praktikus.ch *.tdintern.de *.tremorhub.com *.yieldlab.net *.googleapis.com *.getback.ch 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ljg3z6m2FpliiDzVDUUncw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com/ *.doubleclick.net *.facebook.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.tiktok.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com * https://widgets.payflex.co.za *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.tiktok.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com * https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.payflex.co.za *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.tiktok.com *.google-analytics.com *.facebook.com *.facebook.net *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'  https://*.jsdelivr.net https://supersociedades.gov.co https://*.fontawesome.com https://fonts.gstatic.com;         connect-src 'self' https://*.nr-data.net https://shyrka-prod.s3.amazonaws.com https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud wss://*.mypurecloud.com wss://*.use1.pure.cloud https://*.fontawesome.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jsdelivr.net https://www.youtube.com https://*.bootstrapcdn.com https://supersociedades.gov.co https://*.nr-data.net https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud https://kit.fontawesome.com https://ajax.googleapis.com https://*.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.twitter.com https://www.instagram.com;         media-src 'self' https://*.mypurecloud.com https://*.use1.pure.cloud;         object-src 'none';         child-src 'self' https://www.facebook.com https://*.mypurecloud.com https://*.use1.pure.cloud https://www.youtube.com https://superwas.supersociedades.gov.co https://www.linkedin.com https://*.twitter.com https://www.instagram.com;         img-src 'self' https://www.supersociedades.gov.co https://*.mypurecloud.com https://*.use1.pure.cloud data:;         frame-ancestors 'self';         style-src 'self' 'unsafe-inline' https://*.mypurecloud.com https://*.cloudflare.com https://*.jsdelivr.net https://supersociedades.gov.co https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' https://public.flourish.studio https://cdnjs.cloudflare.com https://code.highcharts.com https://use.typekit.net https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com https://platform.twitter.com https://www.googletagmanager.com https://default.salsalabs.org https://*.salsalabs.org https://code.jquery.com https://device.maxmind.com https://*.dwcdn.net https://datawrapper.dwcdn.net https://*.googleapis.com; connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.mmapiws.com https://device.maxmind.com https://*.salsalabs.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://nycfuture.org https://*.nycfuture.org https://www.google.co.kr https://syndication.twitter.com https://p.typekit.net https://*.google.com; style-src 'self' https://use.typekit.net https://p.typekit.net https://code.jquery.com https://fonts.googleapis.com https://default.salsalabs.org; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://default.salsalabs.org data:; frame-src 'self' https://www.youtube.com https://platform.twitter.com https://datawrapper.dwcdn.net https://flo.uri.sh https://www.canva.com; form-action 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-report.php 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Lnt-rqZL0G-_a8bWAp16rQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
worker-src blob:; font-src https://d1hku7l86oex7s.cloudfront.net https://fonts.gstatic.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.superpayments.com *.stripe.com *.gstatic.com fonts.gstatic.com *.bootstrapcdn.com *.cdnfonts.com *.cloudflare.com *.fontawesome.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to *.facebook.com *.facebook.com/tr/ *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors *.superpayments.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.awin1.com *.zenaps.com *.fls.doubleclick.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.nosto.com *.nos.to https://secure.livechatinc.com *.hartsofstur.com *.facebook.com *.facebook.com/tr/ https://quantcast.partners.tremorhub.com *.agechecked.com *.studentbeans.com *.google.com *.superpayments.com *.stripe.com *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.nosto.com *.nos.to www.google.co.uk *.bing.net *.cookiepro.com https://consent.cookiebot.com *.facebook.com www.google.com.ua www.google.it www.google.nl https://staging.hartsofstur.com *.hartsofstur.com https://bat.bing.com *.google.com *.google.co.uk https://pixel.quantserve.com https://dsum-sec.casalemedia.com https://x.bidswitch.net https://inv-nets.admixer.net https://rtb-csync.smartadserver.com https://aa.agkn.com https://e1.emxdgt.com https://api-us-st.smartassistant.com https://d1hku7l86oex7s.cloudfront.net *.facebook.com/* *.facebook.com/tr/ https://quantcast.partners.tremorhub.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://*.clarity.ms https://c.bing.com *.roeye.com https://gnattawatchtower.blob.core.windows.net https://*.fly.dev https://*.amazonaws.com *.superpayments.com *.stripe.com *.gstatic.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.awinblackfriday.com delight-custom-plugins.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com *.disquscdn.com *.disqus.com *.facebook.net gnattawatchtower.blob.core.windows.net *.googleadservices.com *.googleapis.com google.com *.googlesyndication.com *.kelkoogroup.net *.liadm.com *.paypalobjects.com *.postcodeanywhere.co.uk *.pricerunner.com *.sageappliances.com *.tiktok.com *.tiktokw.us *.trackedlink.net *.trackedweb.net *.trustpilot.com *.usercentrics.eu *.viglink.com *.wepowerconnections.com *.yapily.com yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.trustpilot.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk *.googleoptimize.com https://cookie-cdn.cookiepro.com https://consent.cookiebot.com https://consentdisplay.cookiebot.com https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://cdnjs.cloudflare.com https://cdn.lr-ingest.io https://ajax.googleapis.com https://api.agechecked.com https://widget.usersnap.com https://resources.usersnap.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://cdn.noibu.com https://secure.quantserve.com https://bat.bing.com https://connect.facebook.net https://s.kk-resources.com https://rules.quantcount.com https://harts11115.pcapredict.com *.hartsofstur.com *.googleoptimize.com/* https://js-agent.newrelic.com/* https://static.trackedweb.net/* https://cdnjs.cloudflare.com/* *.studentbeans.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.uk https://*.ggpht.com *.googleusercontent.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://api-tiger.zoovu.com https://bam.nr-data.net *.cloudfront.net *.roeyecdn.com *.fontawesome.com https://chat.system.gnatta.com https://*.fly.dev https://*.bing-int.com https://cdn.superpayments.com https://pay.google.com https://www.googletagmanager.com https://www.paypal.com *.superpayments.com *.stripe.com segment.com *.segment.com *.segmentapis.com statsig.com *.statsig.com statsigapi.net *.statsigapi.net featuregates.org *.featuregates.org statsigcdn.com *.statsigcdn.com featureassets.org *.featureassets.org assetsconfigcdn.org *.assetsconfigcdn.org prodregistryv2.org *.prodregistryv2.org cdn.seondf.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.agechecked.com *.braintreegateway.com *.cardinalcommerce.com *.cookiebot.eu *.cookiepro.com d21m4dsqdd3b9h.cloudfront.net delight-custom-plugins.fly.dev *.disquscdn.com *.disqus.com *.dwin1.com *.gnatta.com *.google-analytics.com *.googleapis.com *.gstatic.com *.kk-resources.com *.liadm.com *.noibu.com *.paypalobjects.com *.pcapredict.com *.postcodeanywhere.co.uk *.sciencebehindecommerce.com yastatic.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.nosto.com *.nos.to https://services.postcodeanywhere.co.uk https://api.agechecked.com https://cdnjs.cloudflare.com *.hartsofstur.com https://fonts.googleapis.com *.cloudfront.net https://chat.system.gnatta.com https://*.fly.dev maxcdn.bootstrapcdn.com *.superpayments.com *.stripe.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.typeform.com *.agechecked.com *.bootstrapcdn.com *.braintreegateway.com *.cloudflare.com d21m4dsqdd3b9h.cloudfront.net delight-custom-plugins.fly.dev *.disquscdn.com *.fontawesome.com *.gnatta.com *.googleapis.com *.gstatic.com *.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://the.sciencebehindecommerce.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.nosto.com *.nos.to www.google.co.uk *.bing.net *.noibu.com *.onetrust.com www.google.com.ua www.google.it www.google.nl https://services.postcodeanywhere.co.uk https://cookie-cdn.cookiepro.com https://consent.cookiebot.com https://consentdisplay.cookiebot.com https://privacyportal.cookiepro.com https://r.lr-ingest.io https://api.agechecked.com https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://bam.nr-data.net *.google-analytics.com wss://input.noibu.com https://api.livechatinc.com https://api-us-st.smartassistant.com *.amazonaws.com *.hartsofstur.com *.facebook.com *.facebook.com/tr/ https://input.noibu.com *.execute-api.us-east-1.amazonaws.com https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://chat.system.gnatta.com https://*.sentry.io https://*.delightglobal.io https://*.ip-api.com https://*.bing-int.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws *.superpayments.com *.stripe.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com statsig.com *.statsig.com statsigapi.net *.statsigapi.net featuregates.org *.featuregates.org statsigcdn.com *.statsigcdn.com featureassets.org *.featureassets.org assetsconfigcdn.org *.assetsconfigcdn.org prodregistryv2.org *.prodregistryv2.org cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com *.awinblackfriday.com *.cloudflare.com *.cookiebot.eu *.cookiepro.com d21m4dsqdd3b9h.cloudfront.net delight-custom-plugins.fly.dev *.disqus.com gnattawatchtower.blob.core.windows.net *.googleadservices.com *.googlesyndication.com *.jquery.com *.kelkoogroup.net *.liadm.com *.samsung.com *.sciencebehindecommerce.com *.storyblok.com *.tiktokw.us *.wepowerconnections.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.agechecked.com *.awin1.com *.bing.com *.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.cookiepro.com d21m4dsqdd3b9h.cloudfront.net delight-custom-plugins.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com *.disquscdn.com *.disqus.com *.dotdigital-pages.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.gnatta.com gnattawatchtower.blob.core.windows.net *.googleadservices.com *.googleapis.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.kelkoogroup.net *.kk-resources.com *.liadm.com *.newrelic.com *.noibu.com *.nosto.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.pinimg.com *.postcodeanywhere.co.uk *.pricerunner.com *.roeyecdn.com *.roeye.com *.sciencebehindecommerce.com *.stripe.com *.studentbeans.com *.superpayments.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.trustpilot.com *.viglink.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri *.cookiepro.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://e10203ef-faa6-4c8d-93a7-55d820287a84.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Ma2Da3_K81DD6VjM-FGvpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'strict-dynamic' 'self' 'nonce-LSN7K07FDsT0hiubN18nXg==' 'report-sample'; report-uri /gdhvb2c.onmicrosoft.com/B2C_1_signup_signin/client/cspreport?p=B2C_1_signup_signin 1
default-src 'self'; connect-src 'self' https://accounts.google.com https://maps.googleapis.com https://hotspotparking.com https://www.google.com https://*.networkmerchants.com; font-src 'self' https://fonts.gstatic.com https://hotspotparking.com data:; form-action 'self' https://hotspotparking.com; frame-src 'self' https://www.google.com https://accounts.google.com https://libs.na.bambora.com https://www.htsp.ca https://esqa.moneris.com https://gatewayt.moneris.com https://*.s3.ca-central-1.amazonaws.com https://www.okotoks.ca https://*.networkmerchants.com; img-src 'self' https://hotspotparking.com data: https://*.s3.ca-central-1.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com blob:  https://fonts.gstatic.com; script-src 'self' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://hotspotparking.com https://appleid.cdn-apple.com https://applepay.cdn-apple.com https://www.gstatic.com https://libs.na.bambora.com https://www.google.com https://accounts.google.com https://cdn.datatables.net https://maps.googleapis.com https://www.google-analytics.com https://gatewayt.moneris.com https://cdn.jsdelivr.net https://html2canvas.hertzen.com https://*.networkmerchants.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://hotspotparking.com https://accounts.google.com https://cdn.datatables.net https://fonts.googleapis.com https://*.networkmerchants.com; report-uri https://hotspot.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' media1.jpc.de wom.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de wom.de 'nonce-ImVT8j9n4ruy/MQRp52bFVFvDap4vMlEhIfHfIFLmeRi1I21JF47P0bitdayrNxhmYjrqOVFY9gudfSpsWSuew==' 'report-sample'; style-src 'self' media1.jpc.de wom.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de wom.de; img-src 'self' media1.jpc.de wom.de data:; connect-src 'self' media1.jpc.de wom.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
child-src 'self' bid.g.doubleclick.net *.bitexen.com www.google.com;  connect-src 'self' *.bitexen.com firebase.googleapis.com firebaseinstallations.googleapis.com salesiq.zoho.com salesiq.zohopublic.com sdkapi.netmera.com stats.g.doubleclick.net www.google-analytics.com api.intotheblock.com desk.zoho.com vts.zohopublic.com www.tradingview.com app.adjust.com app.adjust.net.in app.adjust.world fonts.gstatic.com koinbulteni.com region1.google-analytics.com wasm.regulaforensics.com;  font-src 'self' css.zohocdn.com fonts.gstatic.com css.zohocdn.com css.zohostatic.com;  form-action 'self' *.bitexen.com;  frame-ancestors 'self';  frame-src 'self' bid.g.doubleclick.net pixel.sitescout.com s.tradingview.com *.hcaptcha.com *.geetest.com *.bitexen.com www.google.com;  img-src 'self' data: *.bitexen.com pixel.sitescout.com salesiq.zohopublic.com sdkapi.netmera.com www.facebook.com www.google.com www.google.com.tr accounts.zoho.com googleads.g.doubleclick.net koinbulteni.com s3.eu-west-1.amazonaws.com ssl.google-analytics.com web.facebook.com www.google-analytics.com region1.google-analytics.com static.geetest.com static.geevisit.com www.gstatic.com *.hcaptcha.com www.googletagmanager.com;  manifest-src 'self';  script-src-attr 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.netmera-web.com connect.facebook.net firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com app.intotheblock.com code.jquery.com js-agent.newrelic.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com ssl.google-analytics.com d17nz991552y2g.cloudfront.net *.geetest.com *.geevisit.com;  script-src 'self' 'unsafe-eval' cdn.netmera-web.com js-agent.newrelic.com g792337344.co connect.facebook.net *.hcaptcha.com app.intotheblock.com firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.geetest.com *.hcaptcha.com;  style-src-attr 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' data: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com css.zohocdn.com fonts.googleapis.com use.fontawesome.com css.zohostatic.com *.geetest.com *.hcaptcha.com;  style-src 'unsafe-eval' data: cdnjs.cloudflare.com css.zohocdn.com css.zohostatic.com fonts.googleapis.com *.hcaptcha.com *.geetest.com *.bitexen.com;  worker-src *.bitexen.com;  object-src 'none';  report-uri https://reporturi.bitexen.com/r/d/csp/wizard 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.be https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://nap.licdn.com https://cookie-cdn.cookiepro.com https://fast.wistia.com https://pi.pardot.com https://*.fujirebio.com https://js.driftt.com https://snap.licdn.com https://code.jquery.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://*.bioz.com; object-src 'none' https://www.bioz.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdn.cookielaw.org cdn.jsdelivr.net fonts.googleapis.com https://cdn.bioz.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://fast.wistia.com; img-src 'self' data: https://*.wistia.com https://px.ads.linkedin.com https://www.google.be https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.fr https://cookie-cdn.cookiepro.com https://*.fujirebio.com https://cdn.bioz.com https://www.google.nl https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.hu https://px.ads.linkedin.com https://www.google.se https://www.google.es https://maps.gstatic.com https://maps.googleapis.com https://www.google.ch https://www.google.com.br https://analytics.google.com https://www.google.lu www.google.it; media-src 'self' blob: https://js.driftt.com https://*.wistia.com https://*.fujirebio.com; frame-src 'self' https://js.driftt.com https://*.google.com https://*.fujirebio.com https://*.bioz.com https://*.wistia.com; frame-ancestors 'self'; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://*.fontawesome.com https://fast.wistia.com https://cdn.bioz.com; connect-src 'self' https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fast.wistia.com https://embed-cloudfront.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://*.litix.io https://*.analytics.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.fujirebio.com https://px.ads.linkedin.com https://www.bioz.com https://privacyportal.cookiepro.com https://app.wistia.com https://www.google.com; upgrade-insecure-requests 1
default-src 'self' ;   script-src 'self' 'unsafe-eval' https://analitica.dacoruna.gal 'nonce-abi9rfwGwkPnWwMBSqnbOAAAAFI';   img-src 'self' data: blob: ;   frame-src 'self' ;   style-src 'self' 'unsafe-inline';   font-src 'self' ;   connect-src 'self' https://analitica.dacoruna.gal ;   object-src 'self' ;   frame-ancestors 'self' ; 1
object-src 'none';base-uri 'self';script-src 'nonce-kAf1BNVKDGtR0pD-2giCsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ChLkUoQKe10lxpkV1jtRkg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: blob:; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.youtube.com https://open.spotify.com 1
default-src 'self' https:; object-src 'none'; connect-src 'self' https: https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https: https://www.googletagmanager.com; img-src 'self' https: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data: blob:; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https: https://fonts.gstatic.com data:; script-src 'self' https: 'unsafe-eval' 'nonce-4VMfdNROfPLPQC6tP5eMxw=='; report-uri /csp_violations 1
script-src 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__en.js https://www.gstatic.com https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://www.youtube.com/ https://qrcargo.com https://www.google.com https://croamisstg.qatarairways.com.qa https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://www.qatarairways.com/ https://*.googlevideo.com blob: https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://qrcargo.my.site.com/ESWBotMessaging1734277840098 https://qrcargo.my.site.com/ import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://www.google.com/ 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://qrcargo.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D4K000000Cwhy&networkId=0DM4K000000gVJm&type=communities 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net https://*.facebook.com https://cdn.onesignal.com https://onesignal.com https://*.onesignal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com https://*.outbrain.com https://*.outbrainimg.com https://*.geistm.com https://*.avplayer.com; frame-src 'self' https://googleads.g.doubleclick.net https://*.doubleclick.net https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com https://www.googletagmanager.com https://www.google.com https://*.adtrafficquality.google https://*.outbrain.com https://*.avplayer.com; img-src 'self' data: https: blob: https://*.outbrainimg.com https://*.geistm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com https://*.onesignal.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' blob: data: https://*.avplayer.com https://videos.jfeed.com https://stream.jfeed.com; connect-src 'self' https: https://*.outbrain.com https://*.geistm.com https://*.google-analytics.com https://*.analytics.google.com; worker-src 'self' blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-f8ijI9ngZenRdECpane_9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' company.modyo.cloud cdn-cookieyes.com js.intercomcdn.com static.cloudflareinsights.com platform.twitter.com www.googletagmanager.com sc.lfeeder.com googleads.g.doubleclick.net snap.licdn.com ajax.cloudflare.com script.crazyeggs.com cdn.jsdelivr.net cdn.outfunnel.com cdn.dynamicframework.dev www.google.com www.gstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' company.modyo.cloud fonts.googleapis.com cdn.dynamicframework.dev www.googletagmanager.com cdn.jsdelivr.net; img-src 'self' data: blob: company.modyo.cloud cdn.modyo.cloud downloads.intercomcdn.com px.ads.linkedin.com px4.ads.linkedin.com i.ytimg.com yt3.ggpht.com www.googleadservices.com static.intercomassets.com lh4.googleusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat tr.lfeeder.com www.googletagmanager.com cdn-cookieyes.com tr-rc.lfeeder.com wt.outfunnel.com; report-uri https://modyo-reports.uriports.com/reports/report, report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-8e8CaFFw3I0w2i__XhL0Yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klaviyo.com cdn.qantasloyalty.com api-accent.bloomreach.co mpsnare.iesnare.com/snare.js api.smooch.io applepay.cdn-apple.com *.googleadservices.com assets.braintreegateway.com/web *.bazaarvoice.com *.doubleclick.net storage.googleapis.com/workbox-cdn www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cfjump.vans.com.au cfjump.vans.co.nz *.fullstory.com www.googletagmanager.com analytics.tiktok.com cdn.unidays.world *.truefitcorp.com www.paypalobjects.com/api/checkout.min.js *.klaviyo.com t.cfjump.com *.zdassets.com connect.facebook.net maps.googleapis.com dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js js-agent.newrelic.com js.datadome.co ct.captcha-delivery.com *.adobedtm.com *.afterpay.com *.demdex.net *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.useinsider.com *.roymorgan.com lantern.roeyecdn.com js-sandbox.squarecdn.com player.vimeo.com js.squarecdn.com *.stg.qantasloyalty.com/appcache/wid-redemptions-button/master/ ; style-src 'self' 'unsafe-inline' *.klaviyo.com/onsite/ display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com/font-awesome *.typekit.net fonts.googleapis.com assets.braintreegateway.com *.adobetm.com foursixty.com *.adobemc.com static.klaviyo.com/onsite/js static-tracking.klaviyo.com/onsite/js assets.api.useinsider.com/css *.klaviyo.com/onsite/ ; img-src data: 'self' api-accent.bloomreach.co *.zendesk.com dpm.demdex.net www.googleadservices.com/ccm www.magentocommerce.com/products/media *.vans.co.nz *.vans.com.au googleads.g.doubleclick.net ad.doubleclick.net www.google.com/ccm www.paypalobjects.com www.google.com www.google.com.au www.google.co.nz www.google.com.vn maps.gstatic.com/mapfiles scontent.cdninstagram.com *.afterpay.com *.accentgra.com www.googletagmanager.com www.facebook.com *.bazaarvoice.com t.paypal.com duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d3nocrch4qti4v.cloudfront.net *.google-analytics.com *.pinterest.com *.tiktok.com *.useinsider.com maps.googleapis.com/maps developers.google.com *.zopim.io *.zdassets.com adservice.google.com lantern.roeye.com d3k81ch9hvuctc.cloudfront.net ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' gateway.stg.qantasloyalty.com gateway.qantasloyalty.com api-accent.bloomreach.co analytics.google.com/g/collect iq.afterpay.com/us/v1 iq.afterpay-beta.com/us/v1 *.my.sentry.io wss://api.smooch.io *.accentgra.com www.facebook.com/tr google.com www.google.com collect-ap2.attraqt.io smetrics.vans.co.nz *.fullstory.com *.klaviyo.com smetrics.vans.com.au api-js.datadome.co *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.forter.com *.foursixty.com google.com/ccm www.google.com/ccm *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.truefitcorp.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com facebook.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://widget-mediator.zopim.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.myunidays.com o19233.ingest.sentry.io/api/1188273/store ct.pinterest.com opreq.observepoint.com *.useinsider.com stats.g.doubleclick.net/g/collect *.stg.qantasloyalty.com/redemptions/ ; font-src data: 'self' maxcdn.bootstrapcdn.com/font-awesome fonts.gstatic.com *.truefitcorp.com *.useinsider.com static.klaviyo.com use.typekit.net shopping.qantas.com/static/fonts ; frame-src 'self' checkout.qantas.com api-accent.bloomreach.co www.googletagmanager.com geo.captcha-delivery.com *.formstack.com *.afterpay.com *.bazaarvoice.com *.demdex.net *.doubleclick.net *.facebook.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com facebook.com foursixty.com google.com www.google.com vimeo.com *.qlstg.qantas.com/ ; worker-src 'self' blob: *.accentgra.com *.vans.co.nz *.vans.com.au; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com common-fonts.abtasty.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.weltpixel.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com cdn.cookielaw.org dp8v87cz8a7qa.cloudfront.net flagpedia.net *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com t4.my-probance.one try.abtasty.com cdn.facil-iti.app api.beeroot.io cdn.epoq.de rs1.epoq.de cdn.cookielaw.org client-scripts.fitle.com sdk.fitle.com pagead2.googlesyndication.com cdn.fibbl.com qa-assistant.abtasty.com teddytor.abtasty.com bexley-fr.arc.epoq.de epoq-systems.de client.get-potions.com appstatic.quanta.io bat.bing.com *.gstatic.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.cash.app maxcdn.bootstrapcdn.com cdn.epoq.de player.vimeo.com common-fonts.abtasty.com teddytor.abtasty.com epoq-systems.de *.fontawesome.com *.gstatic.com *.nosto.com *.nos.to assets.braintreegateway.com tagmanager.google.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * maps.googleapis.com bexley-privacy.my.onetrust.com cdn.cookielaw.org dcinfos-cache.abtasty.com pagead2.googlesyndication.com api.fitle.com blob: www.gstatic.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https://naturfotografen-forum.de/site/ https://naturfotografen-forum.de/modules/ https://naturfotografen-forum.de/types/ https://naturfotografen-forum.de/cache/ https://naturfotografen-forum.de/js/ 'nonce-uCy3QF1AcyQ=' 'report-sample'; object-src 'none' 'report-sample'; base-uri 'none' 'report-sample'; report-to csp-endpoint ; report-uri https://naturfotografen-forum.de/api.php?mod=uf&action=securitypolicyreport_save&o=3 1
report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.piwik.pro https://justiceinitiative.containers.piwik.pro https://cdn.matomo.cloud https://theideasletter.matomo.cloud https://cdn-cookieyes.com https://log.cookieyes.com https://*.cookieyes.com;default-src 'self';form-action 'self';img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://osjicontent.imgix.net https://*.google-analytics.com;object-src 'self';script-src 'self' 'unsafe-eval' https://translate.googleapis.com https://www.justiceinitiative.org https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.containers.piwik.pro https://*.justiceinitiative.org https://cdn-cookieyes.com https://log.cookieyes.com https://*.cookieyes.com https://cdn.matomo.cloud https://theideasletter.matomo.cloud 'sha256-fowkKyEQi1SMOmkzKHVR3kVRCxAkb7eITj4LYDwWuwE=' 'sha256-oLlgRvu5927ZsW/Ke7hqoXyWhVhfjYt888/If4Yk6Cc=' 'sha256-zTv/Ocm+3ZUxPK95MsRtR405opnhJuWd8OOOlDOY4jg=' 'sha256-rWd9UEdKeFeLqC7IaJz1wxlZctnoLlCVLl196dQ3XcM=' 'sha256-Wuuo8pjCq8p1DupaB6iKVd7xGXUV2cZ6FNKupyZkqtA=' 'sha256-Yo0rp6K5ZDMBPy3XfvFf6KNJPsyXl4KgVKlu1R1a3xQ=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'sha256-NmZgHsyoB9XJ6Wd+G4VMaoO3gnTIG8KiH+uVcxOeeoc=' 'sha256-qwhoBj+FiypvTPR3eQkqsvLUkSeShbVBRVleFpBWM0g=' 'sha256-ojZToIWnCw4yAO2wwSr0xkCYSoCACGXKKYmr9ZV6u7I=' 'sha256-MK/1crn2Wl/TYQNKpPss5ootd4EotbGRxQsmw+4y1gU=' 'sha256-IobZaBCT4PRq1c9DaVhn7w+Z0rXZcBjmuQBfk+M+z64=' 'sha256-DqrJErZI/7pog0A9GesbTSM9ARg5dFwEiTotQt+PXns=' 'sha256-veJ+ybPvqZmAOLrVwklPodQgAnVnspZnObsF0U42hqo' 'sha256-+fx2G+aE0ETxN+0K/lnVPgcwJBbC7vQs8fcKUg1eWKc=' 'sha256-lGf/YZe+HEzkMEOQc5bjVpCG99fBIWrHzKnAn+UsbmE=' 'nonce-dATvJ1uTBhzxFPhNL5FgquW1pjPWtH51';style-src 'self' 'unsafe-inline' https:;frame-src 'self';font-src 'self' https:;media-src 'self' https:;manifest-src 'self';worker-src 'none' 1
default-src 'self'; connect-src 'self' assets-cdn.kodomo-booster.com www.google-analytics.com am.yahoo.co.jp analytics.google.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com assets-cdn.kodomo-booster.com data:; frame-src 'self' www.googletagmanager.com bid.g.doubleclick.net youtube.com www.youtube.com td.doubleclick.net; img-src 'self' image2.kodomo-booster.com assets-cdn.kodomo-booster.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com maps.gstatic.com *.googleapis.com *.ggpht ad.as.amanad.adtdp.com ade.clmbtech.com adgen.socdm.com adx.dable.io b99.yahoo.co.jp beacon.krxd.net c.bing.com cm.g.doubleclick.net contextual.media.net cs.adingo.jp dev.visualwebsiteoptimizer.com eb2.3lift.com hb.yahoo.net ib.adnxs.com idsync.rlcdn.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.ad.smaato.net simage2.pubmatic.com sync-t1.taboola.com sync.outbrain.com tags.bluekai.com tg.socdm.com tr.line.me www.facebook.com www.google.co.jp x.bidswitch.net data:; script-src 'self' assets-cdn.kodomo-booster.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net maps.googleapis.com www.itokuro.jp b99.yahoo.co.jp connect.facebook.net d.line-scdn.net dev.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval' 'nonce-V/KwBZ+UTltpIgCxTjfYItpdfBlYti3Xgt7FXfLX3KM='; style-src 'self' tagmanager.google.com fonts.googleapis.com assets-cdn.kodomo-booster.com 'unsafe-inline' 'nonce-V/KwBZ+UTltpIgCxTjfYItpdfBlYti3Xgt7FXfLX3KM='; report-uri https://o240875.ingest.sentry.io/api/5769216/security/?sentry_key=bf03e8125dc74d988001801b90a625db&sentry_environment=production 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data: https:; connect-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; report-uri https://electric.ai/wp-json/csp/v1/report 1
font-src fonts.gstatic.com use.typekit.net self data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://store.plumrocket.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com self *.doubleclick.net *.criteo.com *.easydmp.net *.snapchat.com https://store.plumrocket.com https://accounts.google.com checkoutshopper-test.adyen.com pal-test.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com self *.bing.com *.paypal.com *.google.fr *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.cookielaw.org *.snapchat.com checkoutshopper-test.adyen.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com self sc-static.net *.abtasty.com *.jsdelivr.net *.gstatic.com *.facebook.net *.tiktok.com *.googleapis.com *.easydmp.net *.vzbl.eu *.aticdn.net *.m1by1.com *.woosmap.com *.doubleclick.net *.cookielaw.org *.snapchat.com *.valiuz.com *.mediarithmics.com *.prediggo.services https://accounts.google.com checkoutshopper-test.adyen.com 'self' 'unsafe-eval' 'nonce-cnhyMGN2bm4xODk1ZHB0Zm1mazc2bmEzdGVma3hkZWk=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com self *.gstatic.com *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.snapchat.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com self *.snapchat.com *.cookielaw.org *.abtasty.com *.googleapis.com *.vzbl.eu *.criteo.com *.easydmp.net *.xiti.com *.valiuz.com *.doubleclick.net *.mediarithmics.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.electrodepot.fr *.electrodepot.be *.electrodepot.es *.bing.com *.criteo.net *.snapchat.com *.netvigie.com *.xiti.com *.valiuz.com *.googletagmanager.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * consentcdn.cookiebot.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://geowidget-app.inpost-group.com/ https://sandbox-global-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.disqus.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: googleadservices.com google-analytics.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.disqus.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.snrcdn.net *.snrbox.com *.ekomiapps.de clarity.ms *.clarity.ms googleadservices.com gstatis.co *.gstatis.co gstatic.com paypal.com tpay.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://embedsocial.com/ https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src https://marsalabutikpl.savecart.pl/ 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.clarity.ms https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-btyiWpuh1/L+dPxicCF3lA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=a6da1a97-a866-41dd-a56b-404e86a0d54c; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
default-src 'self'; report-uri https://www.nt-ware.com/contentsecuritypolicyreport/index.php; 1
report-uri https://csp.threatview.app/report; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.googleapis.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com 'self' data: *.cngln.com *.paypalobjects.com http://cngln.com https://cngln.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app *.affirm.com *.affirm.ca *.klarna.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.criteo.com *.demdex.net *.sumo.com *.360vr.ie *.facebook.com *.afterpay.com *.wesupply.xyz https://wesupplylabs.com *.cngln.com http://cngln.com https://cngln.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.cash.app *.affirm.com *.affirm.ca *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.wdgtest.com *.glencara.com *.shopperapproved.com *.bing.com *.zdassets.com *.everesttech.net *.omtrdc.net *.zopim.io *.feefo.com *.facebook.com *.googletagmanager.com *.clarity.ms *.google.lt *.cngln.com *.usercentrics.eu http://cngln.com https://cngln.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.affirm.com *.affirm.ca *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net https://cdn.jsdelivr.net *.avada.io *.shopify.com *.fontawesome.com *.googleapis.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sumome.com *.sumo.com *.shopperapproved.com *.zdassets.com *.bing.com *.criteo.net *.criteo.com *.feefo.com *.cloudflare.com *.paysafe.com *.facebook.net http://unpkg.com https://unpkg.com *.facebook.com *.zopim.com *.google.lt *.clarity.ms *.smartlook.com *.cngln.com *.cloudflareinsights.com *.unpkg.com unpkg.com *.usercentrics.eu http://cngln.com https://cngln.com *.zendesk.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app *.klarnacdn.net *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cngln.com http://cngln.com https://cngln.com https://www.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.cngln.com http://cngln.com https://cngln.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.affirm.com *.affirm.ca *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com http://sumo.com https://sumo.com *.bing.com *.feefo.com *.demdex.net *.facebook.com *.amazonaws.com *.paysafe.com *.clarity.ms *.smartlook.com *.smartlook.cloud *.cngln.com wss://*.zendesk.com *.usercentrics.eu http://cngln.com https://cngln.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.insightsc3m.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.omtrdc.net *.adobedtm.com *.certcapture.com *.azurewebsites.net *.insightsc3m.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com smetrics.onnicotine.com target.onnicotine.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com *.datadome.co *.azurewebsites.net *.insightsc3m.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.azurewebsites.net *.insightsc3m.com *.fontawesome.com *.googleapis.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.omtrdc.net *.adobedtm.com *.certcapture.com *.datadome.co *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com smetrics.onnicotine.com target.onnicotine.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vKa8nd51-CjtHjNG5db4_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline'; img-src data: https:; script-src-elem 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https:; frame-src https:; object-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; report-uri /csp-violation-report-endpoint/ 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.vertexsmb.com www.googletagmanager.com www.sageexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com https://static.addtoany.com https://cdn.livechatinc.com https://api.livechatinc.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.certcapture.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com https://static.addtoany.com https://cdn.livechatinc.com https://api.livechatinc.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.shopperapproved.com seal-boston.bbb.org *.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://static.addtoany.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.shopperapproved.com https://direct.shopperapproved.com *.vertexsmb.com seal.godaddy.com static.hotjar.com www.sageexchange.com *.formstack.com stats.g.doubleclick.net bat.bing.com *.ywxi.net *.amazonaws.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com downloads.mailchimp.com unsafe-inline *.googleapis.com seal.godaddy.com stats.g.doubleclick.net bat.bing.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net https://includestest.ccdc02.com *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://static.addtoany.com https://cdn.livechatinc.com https://api.livechatinc.com *.vertexsmb.com seal.godaddy.com static.hotjar.com *.googleapis.com *.formstack.com stats.g.doubleclick.net www.sageexchange.com *.ywxi.net *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.force.com https://www.microchipdirect.com https://ask.hotjar.io 'self' https://stats.g.doubleclick.net https://script.hotjar.com *.microchip.file.force.com https://931-ude-464.mktoresp.com https://github.com https://cdn.cookielaw.org https://surveystats.hotjar.io https://upload.wikimedia.org https://cdn.ckeditor.com https://www.avrfreaks.net https://assets.adobedtm.com https://microchip.data.adobedc.net https://www.google.com https://fonts.gstatic.com/ https://vc.hotjar.io https://dpm.demdex.net https://eservices2.microchip.com blob: https://conversions-config.reddit.com https://content.metrics-nds.docgen.nintex.io https://stageapps.microchip.com https://microchip.my.salesforce-scrt.com https://microchip.tt.omtrdc.net https://content.hotjar.io http://www.microchip.com https://cm.everesttech.net https://microchip.secure.force.com https://googleads.g.doubleclick.net https://metrics.hotjar.io https://microchip.my.salesforce-sites.com https://metrics-nds.docgen.nintex.io https://microchip.demdex.net https://pixel-config.reddit.com https://geolocation.onetrust.com https://raw.githubusercontent.com https://td.doubleclick.net https://hm.baidu.com https://www.redditstatic.com https://data.metrics-nds.docgen.nintex.io https://in.hotjar.com https://px.ads.linkedin.com https://*.microchip.com wss://ws.hotjar.com https://privacyportal.onetrust.com https://www.googletagmanager.com https://alb.reddit.com https://www.google-analytics.com *.salesforce.com data:; report-to sfdc-csp-ep; report-uri https://microchip.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Do0000000KAkK&networkId=0DM3l000000TRuT&type=communities 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-RmRQcesjKGktrYIG_xW7rA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-EKp-FECl8XSFN8IJiJTvdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addthis.com *.pinterest.com *.meetanshi.com www.facebook.com platform.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com pinterest.com *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.meetanshi.com www.facebook.com assets.pinterest.com syndication.twitter.com https://maps.gstatic.com https://maps.googleapis.com maps.gstatic.com https://*.bcwsupplies.com https://www.google.com https://www.google.co.in https://www.google.co.us data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com connect.facebook.net *.pinterest.com *.instagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com twitter.com platform.twitter.com static.addtoany.com https://maps.googleapis.com https://maps.gstatic.com maps.googleapis.com self https://*.clarity.ms https://www.clarity.ms https://*.cloudflare.com https://*.cloudflareinsights.com https://*.jotform.com https://use.fontawesome.com https://s.pinimg.com https://kit.fontawesome.com https://assets.adobedtm.com https://*.adobe.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://geoapi.cardinalcommerce.com https://1eafapi.cardinalcommerce.com https://songbird.cardinalcommerce.com https://includestest.ccdc02.com https://*.commerce-payment-services.com https://*.ytimg.com https://www.googleapis.com https://www.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://amcglobal.sc.omtrdc.net https://*.magento-ds.com https://*.typekit.net https://*.google.com https://*.klaviyo.com https://*.meetanshi.com https://*.facebook.com https://*.twitter.com https://*.braintreegateway.com https://payments.braintree-api.com/ https://*.paypal.com https://*.paypalobjects.com https://songbirdstag.cardinalcommerce.com https://*.googleapis.com https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.instagram.com https://*.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com *.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://*.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com https://*.bcwsupplies.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com stats.addtoany.com https://maps.googleapis.com maps.googleapis.com https://*.pinterest.com https://*.clarity.ms https://*.google.com https://*.klaviyo.com https://*.googleapis.com https://*.braintree-api.com https://*.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com *.amazonaws.com *.feefo.com *.bglobale.com *.global-e.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action *.twitter.com *.facebook.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com *.klarnaservices.com *.braintreegateway.com *.authorize.net *.cloudfront.net *.bglobale.com *.global-e.com www.googletagmanager.com js.mollie.com assets.braintreegateway.com pay.google.com * https://www.google.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net www.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.awin1.com *.zenaps.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cloudflare.com *.feefo.com *.bing.com *.clarity.ms *.postcodeanywhere.co.uk *.cookiebot.com *.roeye.com https://www.google.com.vn https://www.google.com https://googleads.g.doubleclick.net *.facebook.net connect.facebook.net *.dycdn.net *.bglobale.com *.global-e.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net https://www.mollie.com assets.braintreegateway.com data: 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com *.cloudfront.net *.klaviyo.com; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net includestest.ccdc02.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.cloudflare.com *.twitter.com *.google.com *.feefo.com *.postcodeanywhere.co.uk *.cloudfront.net *.googlecommerce.com *.zdassets.com *.trackedweb.net *.clarity.ms *.pcapredict.com *.bing.com https://*.zopim.com *.hub-box.com *.roeyecdn.com http://*.postcodeanywhere.co.uk *.cloudflareinsights.com *.cookiebot.com *.cookie-script.com *.luigisbox.com *.luigisbox.tech wss://*.freshrelevance.com am.freshrelevance.com *.freshrelevance.com *.jsdelivr.net connect.facebook.net https://eu-assets.i.posthog.com https://eu.i.posthog.com https://gepi.global-e.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net *.bglobale.com *.global-e.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.klarnaservices.com *.avada.io *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://apis.google.com 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypal.com *.klaviyo.com; style-src *.adobe.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klaviyo.com *.feefo.com register.feefo.com *.luigisbox.com *.luigisbox.tech *.jsdelivr.net *.bglobale.com *.global-e.com *.fontawesome.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.clarity.ms 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.paypalobjects.com https://maps.googleapis.com https://player.vimeo.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.dycdn.net wss://*.dycdn.net *.zdassets.com *.feefo.com *.clarity.ms *.bing.com *.zendesk.com wss://*.zopim.com *.trackedweb.net *.postcodeanywhere.co.uk *.googlesyndication.com pagead2.googlesyndication.com *.luigisbox.com *.luigisbox.tech wss://*.freshrelevance.com am.freshrelevance.com *.freshrelevance.com *.jsdelivr.net *.cookiebot.com *.facebook.com *.facebook.net https://gepi.global-e.com https://eu-assets.i.posthog.com https://eu.i.posthog.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net api.addressy.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com *.klaviyo.com; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://db38adbe-f042-4c70-8ba5-48c5a02c8abc.sansec.watch/; report-to report-endpoint; 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.practicalaction.org practicalaction.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.cookiepro.com *.onetrust.com *.sharethis.com  *.google.com  *.ads.linkedin.com  *.linkedin.com *.bing.com *.soundcloud.com *.muchloved.com *.googlesyndication.com *.sharepoint.com www.google.co.uk *.bing.net www.facebook.com *.googletagmanager.com ; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.practicalaction.org practicalaction.org *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.hotjar.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com  *.fls.doubleclick.net *.doubleclick.net *.soundcloud.com *.muchloved.com *.sharepoint.com *.infogram.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com  *.twitter.com *.youtube.com *.practicalaction.org practicalaction.org  ad.doubleclick.net  *.nextdoor.com  *.cookiepro.com  bat.bing.com  *.ads.linkedin.com  *.linkedin.com  t.co *.facebook.com  *.sharethis.com platform-cdn.sharethis.com *.soundcloud.com *.googlesyndication.com *.sharepoint.com *.bing.net  *.infogram.com; media-src 'self' blob: data: *.soundcloud.com *.youtube.com *.youtube-nocookie.com *.muchloved.com *.sharepoint.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net *.muchloved.com cdn.jsdelivr.net *.sharepoint.com *.infogram.com; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.cookiepro.com code.jquery.com *.sharethis.com  static.ads-twitter.com  static.hotjar.com  bat.bing.com  snap.licdn.com  unpkg.com  ads.nextdoor.com  *.hotjar.com *.muchloved.com *.jsdelivr.net *.visitdatajs.com *.sharepoint.com *.infogram.com googleads.g.doubleclick.net  bat.bing-int.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com *.bootstrapcdn.com *.jquery.com *.fontawesome.com; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-UDi-hI2pd6wlNsw_OD8jug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://wfmatomo.com https://analytics.ahrefs.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://wfmatomo.com https://analytics.ahrefs.com https://www.google.com/recaptcha/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /csp-report.php 1
default-src 'self' siteminder.okta.com *.oktacdn.com; connect-src 'self' siteminder.okta.com siteminder-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com siteminder.kerberos.okta.com siteminder.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'nonce-hvL9VWToHcxgHOo4wY4nVQ' 'unsafe-eval' 'self' 'report-sample' siteminder.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-hvL9VWToHcxgHOo4wY4nVQ' 'self' 'report-sample' siteminder.okta.com *.oktacdn.com; frame-src 'self' siteminder.okta.com siteminder-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' siteminder.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' siteminder.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://tools.siteminder.systems https://siteminder--uat--c.sandbox.vf.force.com https://siteminder.vf.force.com https://siteminder.lightning.force.com https://siteminder--uat.sandbox.lightning.force.com https://tableau.siteminder.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' http://cdn.parsely.com http://maps.googleapis.com https://stats.wp.com/ https://www.google.com/ https://www.googletagmanager.com https://www.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;; object-src 'self'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://www.google.com/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://heyzine.com https://www.google.com https://player.vimeo.com/; img-src 'self' data: https://drive-thirdparty.googleusercontent.com https://maps.gstatic.com https://mapsresources-pa.googleapis.com; manifest-src 'self'; media-src 'self'; worker-src 'none' 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src 'self' 'unsafe-inline'  https://*.google-analytics.com; img-src https://*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ https://www.google-analytics.com/ ; frame-src 'self' data: * 'unsafe-inline' https://www.googletagmanager.com/ ; style-src 'self' https://cdn.skoda-auto.com/ 'unsafe-inline' ; img-src 'self' data: * ; font-src 'self' https://cdn.skoda-auto.com/ ;  object-src 'none'; frame-ancestors 'none';connect-src 'self' wss: * http: https 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-bftRRtYz5JsR1Sk2T30Tsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com https://assets.brevo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.sibforms.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://*.herder.cat https://cdn.dev.herder.cat https://cdn.stag.herder.cat https://cdn.herdereditorial.com *.twitter.com *.facebook.com google.es *.google.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net blob: https://www.googletagmanager.com https://*.google-analytics.com https://*.herder.cat https://cdn.dev.herder.cat https://cdn.stag.herder.cat https://cdn.herdereditorial.com https://sibforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.facebook.net *.ads-twitter.com sibautomation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com blob: *.herder.cat store.dev.herder.cat store.stag.herder.cat *.herdereditorial.com https://*.herder.cat https://store.dev.herder.cat https://store.stag.herder.cat https://*.herdereditorial.com *.fontawesome.com https://sibforms.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://*.google-analytics.com https://*.herder.cat https://cdn.dev.herder.cat https://cdn.stag.herder.cat https://cdn.herdereditorial.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com in-automate.brevo.com facebook.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.klik.de/api/csp-reports; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.cdnfonts.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cybersource.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.echeckpoint.com *.cybersource.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com *.google.com *.ggpht.com *.googleusercontent.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.online-metrix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com http://maps.google.com *.jotfor.ms *.jotform.com *.c3vault1.com *.storepoint.co https://res.cloudinary.com https://icons.storepoint-icons.com *.elfsight.com *.elfsightcdn.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.signifyd.com *.sezzle.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com https://*.echeckpoint.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com *.cardinalcommerce.com *.online-metrix.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://static.cloudflareinsights.com *.cloudflare.com *.lr-ingest.com *.ingest-lr.com *.jotform.com *.jotfor.ms *.storepoint.co *.elfsight.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.signifyd.com *.sezzle.com *.googleapis.com www.gstatic.com cdn.ampproject.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' https://static.klaviyo.com assets.braintreegateway.com fonts.cdnfonts.com https://fonts.googleapis.com *.jotfor.ms *.storepoint.co *.fontawesome.com *.cloudflare.com *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.typekit.net *.sezzle.com *.cdnfonts.com *.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com https://*.echeckpoint.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.online-metrix.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com https://maps.googleapis.com *.doubleclick.net https://bcp.crwdcntrl.net *.lr-ingest.com *.ingest-lr.com *.jotform.com https://api.jotform.com *.storepoint.co *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.echeckpoint.com *.sezzle.com *.automaticffl.com *.googleapis.com places.googleapis.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-x-IezU_v-kOSnj-avo6lfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.salesfire.co.uk *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.salesfire.co.uk *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.trackedlink.net *.ddlnk.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.googleapis.com *.trustpilot.com https://www.lawsons.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.salesfire.co.uk *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://bam.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.salesfire.co.uk *.smartmetrics.co.uk *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval'       *.icl-group.com       ajax.googleapis.com       *.google.com *.googletagmanager.com *.google-analytics.com       *.gstatic.com www.gstatic.com       *.facebook.com *.facebook.net       *.licdn.com       *.allyable.com       cdn.jsdelivr.net       cdnjs.cloudflare.com       widget.tagembed.com       cloud.tagbox.com       player.vimeo.com       icl2021ir.q4web.com       maps.googleapis.com       www.tiktok.com       sf16-website-login.neutral.ttwstatic.com       *.clarity.ms       widget.intercom.io       js.intercomcdn.com;         connect-src 'self'       *.icl-group.com       *.google.com *.google-analytics.com *.googletagmanager.com       *.facebook.com *.facebook.net       *.ads.linkedin.com       *.allyable.com       icl2021ir.q4web.com       api.taggbox.com       widget.tagembed.com       cloud.tagbox.com       ipapi.co       maps.googleapis.com       *.clarity.ms       api-iam.intercom.io;         style-src 'self' 'unsafe-inline'       *.icl-group.com       cdn.jsdelivr.net       widget.tagembed.com       cloud.tagbox.com       fonts.googleapis.com       sf16-website-login.neutral.ttwstatic.com;         font-src 'self' data: 	  cloud.taggbox.com       *.gstatic.com       *.icl-group.com       cloud.tagbox.com;         img-src 'self' data: blob:       *.googletagmanager.com       px.ads.linkedin.com       portal.allyable.com       s.w.org       *.tile.openstreetmap.org       *.icl-group.com       *.allyable.com       *.facebook.com *.facebook.net       cdn.taggbox.com       cloud.tagbox.com       *.w.org       *.elementor.com       *.tagembed.com;         media-src 'self'       *.icl-group.com       cdn.tagbox.com;         frame-src 'self'       portal.allyable.com       player.vimeo.com       www.google.com       www.gstatic.com       leap13.github.io       www.youtube.com;         worker-src 'self' blob:;         report-uri https://www.icl-group.com/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.voiceflow.com general-runtime.voiceflow.com app.yuma.ai js.yuma.ai scripts.luigisbox.tech static.senja.io exp.baerskintactical.com api.exponea.com ph.baerskintactical.com us.posthog.com invitejs.trustpilot.com widget.trustpilot.com connect.facebook.net www.facebook.com www.google-analytics.com tag.google.com www.googletagmanager.com js.stripe.com www.paypal.com www.google.com recaptcha.net maps.googleapis.com cdn.vercel-insights.com va.vercel-scripts.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: *.baerskintactical.com *.baerskinhoodie.com *.div.haus baerskin.media cdn.senja.io ik.imagekit.io flagcdn.com www.facebook.com www.google-analytics.com www.googletagmanager.com stripe.com www.paypal.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.div.haus *.baerskintactical.com *.baerskinhoodie.com pro.ip-api.com api.weatherapi.com exp.baerskintactical.com exp.baerskinhoodie.com exp.divcdn.com ph.baerskintactical.com us.posthog.com api.exponea.com inn.gs app.yuma.ai general-runtime.voiceflow.com cdn.voiceflow.com static.senja.io invitejs.trustpilot.com api.stripe.com *.paypal.com maps.googleapis.com places.googleapis.com api.mapbox.com connect.facebook.net www.facebook.com www.google-analytics.com www.googletagmanager.com www.google.com recaptcha.net vitals.vercel-insights.com *.sentry.io; frame-src 'self' js.stripe.com hooks.stripe.com checkout.stripe.com www.paypal.com *.paypal.com www.google.com recaptcha.net widget.trustpilot.com challenges.cloudflare.com id-msp.newsbreak.com; worker-src 'self' blob:; media-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-tibc7lxOEDGJtKhjdlWg_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src _ 'self'; script-src _ 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://_.zopim.io https://tag.clearbitscripts.com https://static.cloudflareinsights.com https://widget.clutch.co https://widget.trustpilot.com https://nitroscripts.com; style-src _ 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src _ 'self' data: https://www.google.com https://_.googleapis.com https://_.gstatic.com _.google.com _.googleusercontent.com; https://imagedelivery.net https://images.dmca.com https://widget.trustpilot.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://_.nitrocdn.com; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://widget.clutch.co https://widget.trustpilot.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://www.google.com https://i.clarity.ms https://_.zopim.io wss://\_.zopim.com https://\*.zendesk.com https://api.ipify.org https://ekr.zdassets.com https://to.getnitropack.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://www.einpresswire.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src caixabankresearch.com *.caixabankresearch.com clarity.ms *.clarity.ms doubleclick.net *.doubleclick.net everviz.com *.everviz.com google-analytics.com *.google-analytics.com google.com *.google.com google.es *.google.es googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com highcharts.com *.highcharts.com jsdelivr.net *.jsdelivr.net polyfill.io *.polyfill.io; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8q6uLjTU8L1SvPtgB6DAt4FSj3gGMIS8FgcrRfNQkW0-1773712448.4846413-1.0.1.1-6D6dc5ILUGY65k77aIXy7i58Ycj6NpkbPCPgYuV1ECtA7iJsVCg0UVte5F.6mnuXqI.2a_jCxUFZbjynSadJBRuCTsj9EaWO30aaunpvwcO.d8jM4DaejZ2dZV5dVSDxb_2ydcSSQ.cwYNRGUPn__ogclyBKUTJWzodP0s3.EsiwJf8MoL_roFl5CY0SmJQAAPl7ya7qHHFdD_PZ568Dpw; report-to cf-gmbzpeijbyviplcp 1
default-src 'self' data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://aosmd.componentsearchengine.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com https://componentsearchengine.com; frame-src https://www.google.com ; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://noembed.com https://ngenah6dvg-dsn.algolia.net; upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-RhFEaRmF7jd9a7Ew4slXCQ==' 1
default-src 'self' hdsystem.pl www.hdsystem.pl *.smsapi.pl *.efectecloud.com *.youtube.com *.facebook.com *.freshmail.io *.katowice.sesja.pl *.hd.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.efectecloud.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com;style-src *.freshmail.io *.katowice.sesja.pl *.hd.pl *.hdsystem.pl 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' *.google-analytics.com;font-src 'self' fonts.gstatic.com https:; img-src 'self' *.google.com *.google.pl *.googletagmanager.com *.google-analytics.com;frame-ancestors 'self';report-uri /report-csp 1
script-src 'nonce-QohrFY5+tOoOdtrZjSAnXOKWSV6hdMex' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com https://www.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk maxcdn.bootstrapcdn.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com 'self' data: https://cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.klaviyo.com *.getfastr.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self' https://*.alpinawatches.co.uk https://*.bulova.com https://*.citizenwatch.ie https://*.bulova.com https://*.citizenwatch.co.uk https://*.citizenwatch.ie https://*.frederiqueconstant.co.uk https://*.bulovawatch.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ js.mollie.com *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.clearpay.co.uk https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://player.vimeo.com https://www.youtube-nocookie.com www.xtento.com *.sendcloud.sc *.jsdelivr.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: https://images.unsplash.com *.googleapis.com https://*.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.afterpay.com *.clearpay.co.uk *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com https://widgets.dev.optty.com https://widgets.optty.com widgets.qa.optty.com https://redchamps.com *.amazonaws.com *.roeye.com *.clarity.ms *.bing.com *.tangiblee.com *.azurewebsites.net *.postcodeanywhere.co.uk *.bulova.com *.getfastr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com *.googleapis.com https://*.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://player.vimeo.com https://www.youtube.com www.xtento.com cdn.xtento.com https://widgets.dev.optty.com https://widgets.optty.com widgets.qa.optty.com *.sendcloud.sc *.jsdelivr.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.hlx.page *.omniconvert.com *.adsrvr.org *.zdassets.com *.hotjar.com *.cloudfront.net *.clarity.ms *.tangiblee.com *.pcapredict.com *.postcodeanywhere.co.uk *.tiktok.com *.zma.gs *.osano.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com maxcdn.bootstrapcdn.com *.klarnacdn.net assets.braintreegateway.com *.afterpay.com/ *.squarecdn.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com http://fonts.googleapis.com https://cdnjs.cloudflare.com *.sendcloud.sc *.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com *.typekit.net *.klaviyo.com data: *.postcodeanywhere.co.uk *.tangiblee.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blob: *.widen.net *.widencdn.net *.frederiqueconstant.com frederiqueconstant.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.addressy.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://api.dev.optty.com https://api.optty.com api.qa.optty.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googlesyndication.com *.omniconvert.com *.hotjar.io *.zdassets.com *.clarity.ms *.amazonaws.com *.adsrvr.org *.zendesk.com *.tangiblee.com *.azurewebsites.net *.postcodeanywhere.co.uk *.tiktok.com *.google-analytics.com *.zma.gs *.tiktokw.us *.osano.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-FBiQn7gHLDCcAvHeDOxmtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'unsafe-inline' 'unsafe-eval' bing.com *.bing.com braintree-api.com *.braintree-api.com braintreegateway.com *.braintreegateway.com chargeitpro.com *.chargeitpro.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.com *.google.com googleadservices.com *.googleadservices.com instapage.com *.instapage.com instapagemetrics.com *.instapagemetrics.com klaviyo.com *.klaviyo.com maps.googleapis.com *.maps.googleapis.com osano.com *.osano.com mczbf.com *.mczbf.com overland.com *.overland.com paypal.com *.paypal.com pinterest.com *.pinterest.com posthog.com *.posthog.com s3-us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com shop.app *.shop.app shopifysvc.com *.shopifysvc.com trackjs.com *.trackjs.com vaultdcr.com *.vaultdcr.com zdassets.com *.zdassets.com zendesk.com *.zendesk.com accessibleweb.com *.accessibleweb.com shopify.com *.shopify.com wss://pod-13-sunco-ws.zendesk.com; default-src 'unsafe-inline' 'unsafe-eval' accessibleweb.com *.accessibleweb.com bing.com *.bing.com bing.net *.bing.net braintree-api.com *.braintree-api.com braintreegateway.com *.braintreegateway.com chargeitpro.com *.chargeitpro.com cloudflare.com *.cloudflare.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com instapage.com *.instapage.com instapagemetrics.com *.instapagemetrics.com klaviyo.com *.klaviyo.com mapbox.com *.mapbox.com maps.googleapis.com *.maps.googleapis.com mczbf.com *.mczbf.com osano.com *.osano.com overland.com *.overland.com paypal.com *.paypal.com pinterest.com *.pinterest.com posthog.com *.posthog.com powerreviews.com *.powerreviews.com resultspage.com *.resultspage.com shop.app *.shop.app shopify.com *.shopify.com shopifysvc.com *.shopifysvc.com trackjs.com *.trackjs.com zdassets.com *.zdassets.com d2hrivdxn8ekm8.cloudfront.net *.d2hrivdxn8ekm8.cloudfront.net fastcdn.co *.fastcdn.co iesnare.com *.iesnare.com jsdelivr.net *.jsdelivr.net s3-us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com vaultdcr.com *.vaultdcr.com ywxi.net *.ywxi.net cloudinary.com *.cloudinary.com gstatic.com *.gstatic.com; font-src 'unsafe-inline' 'unsafe-eval' data: overland.com *.overland.com shopify.com *.shopify.com typekit.net *.typekit.net fonts.googleapis.com *.fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' overland.com *.overland.com google.com *.google.com; img-src 'unsafe-inline' 'unsafe-eval' overland.com overland.com *.overland.com trackjs.com *.trackjs.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com gstatic.com *.gstatic.com accessibleweb.com *.accessibleweb.com bidr.io *.bidr.io fastcdn.co *.fastcdn.co data: https://cdn.ywxi.net resultspage.com *.resultspage.com https://maps.googleapis.com https://overland.zendesk.com; media-src 'unsafe-inline' 'unsafe-eval' scene7.com *.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' accessibleweb.com *.accessibleweb.com chargeitpro.com *.chargeitpro.com d2hrivdxn8ekm8.cloudfront.net *.d2hrivdxn8ekm8.cloudfront.net doubleclick.net *.doubleclick.net fastcdn.co *.fastcdn.co google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com iesnare.com *.iesnare.com instapage.com *.instapage.com instapagemetrics.com *.instapagemetrics.com jsdelivr.net *.jsdelivr.net klaviyo.com *.klaviyo.com maps.googleapis.com *.maps.googleapis.com mczbf.com *.mczbf.com osano.com *.osano.com overland.com *.overland.com paypal.com *.paypal.com posthog.com *.posthog.com powerreviews.com *.powerreviews.com resultspage.com *.resultspage.com shopify.com *.shopify.com trackjs.com *.trackjs.com ywxi.net *.ywxi.net zdassets.com *.zdassets.com https://g.fastcdn.co https://www.googletagmanager.com https://cdn.instapagemetrics.com *.zendesk.com https://cdn.ywxi.net https://www.trustedsite.com; style-src 'unsafe-inline' 'unsafe-eval' accessibleweb.com *.accessibleweb.com jsdelivr.net *.jsdelivr.net overland.com *.overland.com https://overland.resultspage.com typekit.net *.typekit.net https://ramp.accessibleweb.com https://fonts.googleapis.com; worker-src 'unsafe-inline' 'unsafe-eval' blob: overland.com *.overland.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=mUY0aBU5oYYUHbtWS9dTarC7gRS3S1uVB2CCKmTCGH4-1773718658.2183917-1.0.1.1-zvu6MOQe9WlHVdvwFiT_JS_kIn4Me33CPPH8ouksb7lR3GkAsG4pVt5vwGZBwW84psxUgY43NU5TBRDmmfdTGZLxW6UgE83a68srNWyOT5evoda2tzKO3Gof8w9jdC6wYz9frWTUAk0Xs5DzePO7Iu_A6u_SQMdaT9eyj.lhogXkFI1mYjB3u961tzODm.NV; report-to cf-lncoihnbubtrevhc 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://cdn1.profitmetrics.io https://tag.heylink.com https://www.beautycos.dk https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-MOIHvjorATIVwZxQA42BAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com *.cloudflare.com *.twitter.com *.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app www.googletagmanager.com sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl folders.baby-dump.nl *.twitter.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de www.babydeals.be dehoevebuitenleven.nl m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com *.bing.com *.bing.net www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com stats.g.doubleclick.net sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com bat.bing.net static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app *.cloudflare.com *.google.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com sst.babypark.de https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com chatwidget-css.web.app *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu maxcdn.bootstrapcdn.com unsafe-inline https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com bat.bing.net *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com api.ipify.org *.cloudflare.com *.twitter.com *.twimg.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com sst.babypark.de https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
require-trusted-types-for 'script'; report-uri https://cspreports.skiff.com 1
default-src 'unsafe-inline' *.tulotero.es *.es.tulotero.net tulotero.es es.tulotero.net tulotero.net *.redsys.es api.fpjs.io static.tulotero.net tulotero-prod-es-public-files.s3.eu-west-3.amazonaws.com wa.appsflyer.com websdk.appsflyer.com wa.onelink.me wa.appsflyer.com websdk.appsflyer.com wa.onelink.me *.hotjar.com *.hotjar.io *.googleusercontent.com *.google.es *.google.com *.google-analytics.com *.googleapis.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com *.g.doubleclick.net td.doubleclick.net *.gstatic.com *.twitter.com t.co static.ads-twitter.com platform.twitter.com *.facebook.com connect.facebook.net fpnpmcdn.net graph.facebook.com bat.bing.com *.tiktok.com t.resfu.com data: blob: 'self'; frame-src 'self' sis.redsys.es td.doubleclick.net data: blob: ; frame-ancestors *.tulotero.es *.es.tulotero.net tulotero.es es.tulotero.net tulotero.net *.redsys.es api.fpjs.io static.tulotero.net tulotero-prod-es-public-files.s3.eu-west-3.amazonaws.com wa.appsflyer.com websdk.appsflyer.com wa.onelink.me wa.appsflyer.com websdk.appsflyer.com wa.onelink.me *.hotjar.com *.hotjar.io 'self'; report-uri https://csp-reports.tulotero.net/report/v14; block-all-mixed-content;manifest-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: mercadolibre.com.ar *.mercadolibre.com.ar mercadolibre.com.mx *.mercadolibre.com.mx mercadolivre.com.br *.mercadolivre.com.br mercadolibre.cl *.mercadolibre.cl mercadolibre.com.co *.mercadolibre.com.co credithub.com.br *.credithub.com.br gstatic.com *.gstatic.com js-agent.newrelic.com *.js-agent.newrelic.com http2.mlstatic.com *.http2.mlstatic.com google-analytics.com *.google-analytics.com facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com mercadolibre.com.ve *.mercadolibre.com.ve mercadolibre.com.pe *.mercadolibre.com.pe mercadolibre.com.uy *.mercadolibre.com.uy jsdelivr.net *.jsdelivr.net tiktok.com *.tiktok.com mercadopago.com *.mercadopago.com recaptcha.net *.recaptcha.net googlesyndication.com *.googlesyndication.com gstatic.cn *.gstatic.cn mercadolibre.com *.mercadolibre.com google.com *.google.com doubleclick.net *.doubleclick.net hotjar.com *.hotjar.com newrelic.com *.newrelic.com mercadolivre.com *.mercadolivre.com; report-uri https://events.mercadolibre.com/csp/reports?identifier=VLzYRkQq_c9JDN0rgeqNBHWXLdiZqw2_qxFsrcXEy-kqgH10y4emFIu-FQ3FzhnRLz2EdQyXLw0A&policy_id=29443&user_id=&request_id=2b67b6a6-c8c9-4a74-899a-d8d9e102f038; report-to csp-endpoint-vlzyrkqqcjdnrgeqnbhwxldizqwqxfsrcxeykqghyemfiufqfzhnrlzedqyxlwa 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-VXpw0N7sGij0iYOfM0W6dg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.mondu.ai/ *.mondu.local localhost:*/ https://www.googletagmanager.com/ *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com ratenkauf.easycredit.de *.mondu.ai/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://redchamps.com https://widgets.trustedshops.com https://integrations.etrusted.com *.nosto.com *.nos.to magefan.com cm.magefan.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io ratenkauf.easycredit.de *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://widgets.trustedshops.com https://integrations.etrusted.com jsd-widget.atlassian.com *.nosto.com *.nos.to maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com *.nosto.com *.nos.to *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com ratenkauf.easycredit.de http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.trustedshops.com *.etrusted.com jsd-widget.atlassian.com api-private.atlassian.com *.nosto.com *.nos.to api.friendlycaptcha.com eu-api.friendlycaptcha.eu maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: fonts.googleapis.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cookiebot.com *.cookiebot.eu business.facebook.com libs.hipay.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.it *.cookiebot.com *.cookiebot.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com *.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cookiebot.com *.cookiebot.eu *.tiktok.com *.matomo.cloud *.paypal.com https://payments-sdk.live.commerce-payment-services.com chimpstatic.com downloads.mailchimp.com *.list-manage.com business.facebook.com cdn.lordicon.com js-agent.newrelic.com bam.nr-data.net secure-gateway.hipay-tpp.com mpsnare.iesnare.com libs.hipay.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io maps.googleapis.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com libs.hipay.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com stats.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.cookiebot.com *.cookiebot.eu *.analytics.tiktok.com *.stape.net business.facebook.com cdn.lordicon.com stage-data.hipay.com bam.nr-data.net *.doubleclick.net *.stape.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mloVLdsH0_qX1aEiE_MJZA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
block-all-mixed-content; default-src 'none'; base-uri 'self'; child-src mc.yandex.ru mc.yandex.com blob:; connect-src 'self' tomesto.ru api.tomesto.ru wss://api.tomesto.ru https://scdn.tomesto.ru https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ru *.bugsnag.com mc.yandex.ru mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.kz suggestions.dadata.ru *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; font-src 'self' fonts.gstatic.com data:; form-action 'self'; img-src 'self' https: data: blob:; manifest-src 'self'; media-src 'self' tomesto.ru *.tomesto.ru; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' tomesto.ru *.tomesto.ru https://*.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net mc.yandex.ru mc.yandex.com https://js-agent.newrelic.com *.nr-data.net 'nonce-FNKhk5BK007WHdDPrj10gw=='; style-src 'self' 'unsafe-inline' tomesto.ru *.tomesto.ru fonts.googleapis.com; worker-src blob:; report-uri https://api.tomesto.ru/csp_report 1
default-src 'self' *.aswo.com *.euras.com *.aswo.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aswo.com *.euras.com *.aswo.net ; style-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net ; img-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net data: ; font-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *aswo.net ; connect-src 'self' *.aswo.com *.euras.com *aswo.net ; object-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net ; report-uri /log881.php; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://redchamps.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-DkCvb4dVGdu8I_Rdwdjulw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://*.yandex.net https://techport.api.useinsider.com https://vk.com https://*.vk.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://9khj7ltnoi.a.trbcdn.net https://techpont.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://*.flix360.io https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://techport.api.sociaplus.com https://flv.isitetv.com https://rum.ngenix.net https://*.cdnvideo.ru https://app.clicker.one https://*.24ttl.stream https://goodmod.ru https://p95bxv.ru https://x.cnt.my/ https://dmrtx.com/ https://*.searchbooster.io https://*.searchbooster.net https://cdn.diginetica.net https://getrcmx.com https://ga.segmel.com https://api.b2pos.ru/shop/v2/connect.js https://dpartaptm.com/ https://widget.yourgood.app https://cdn1.imshop.io https://do.price-port.ru; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
frame-src 'self'; object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com https://www.google.com maps.google.com platform.instagram.com platform.twitter.com 'nonce-iJFZ2ECb6IoGA9dhedeP4Q'; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' wss:; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googletagmanager.com *.library.wales *.llgc.org.uk *.staticflickr.com *.ticketsource.co.uk fonts.gstatic.com play.google.com syndication.twitter.com translate.google.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com *.google.com *.libanswers.com *.library.wales *.llyfrgell.cymru *.lyfrgell.cymru *.twitter.com div.show hwb.gov.wales sketchfab.com www.canva.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' *.clarity.ms *.fontawesome.com *.libanswers.com *.library.wales connect.facebook.net fonts.googleapis.com; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' 'nonce-tDeQBrw6V0591N1QIfvlP7pce-buItUyftWrHdEusPC_-T10EdDmKQ' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' wss: 'inline' 'report-sample'; script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.%2A.civiccomputing.com *.civiccomputing.com *.clarity.ms *.cloudflare.com *.googletagmanager.com *.jsdelivr.net *.library.wales *.%2A.v2.scr.kaspersky-labs.com *.flickr.com *.libanswers.com adblockers.opera-mini.net connect.facebook.net s3.amazonaws.com wusote.hirizasune.com; report-uri https://www.library.wales/@http-reporting?csp=report&requestTime=1773710735701852&requestHash=06850c6ebad8db7d4f9f5ef3b2ab6a6bb7c4c328 1
img-src *.ads.linkedin.com *.bing.com *.google.co.uk data: https://bighand.cantarusdev.com https://bighandcms.cantarusdev.com https://bighand-hr.secure.force.com https://cdn-cookieyes.com https://www.artificiallawyer.com https://www.google-analytics.com https://www.googletagmanager.com 'self';frame-ancestors *.apollo.io https://www.google.com/;frame-src *.apollo.io *.cookieeyes.com *.google.com https://alkaps.audioacrobat.com https://app.qualified.com https://bighand.outgrow.us https://bighand-hr.secure.force.com https://cdn-cookieyes.com https://content.libsyn.com https://e.issuu.com https://html5-player.libsyn.com https://legaltalknetwork.com https://open.spotify.com https://player.vimeo.com https://www.google.com/ https://www.googletagmanager.com https://www.tickcounter.com https://www2.bighand.com;connect-src *.clarity.ms *.cookieeyes.com *.google.co.uk *.google.com *.linkedin.com *.qualified.com https://aplo-evnt.com https://bat.bing.com https://bighand-hr.secure.force.com https://cdn-cookieyes.com https://content.hotjar.io https://log.cookieyes.com https://metrics.hotjar.io https://pagead2.googlesyndication.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.google.com/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com 'self' wss://ws.hotjar.com wss://ws4.qualified.com;script-src *.qualified.com ajax.googleapis.com cdn.jsdelivr.net https://ajax.cloudflare.com https://assets.apollo.io https://bat.bing.com https://bighand.cantarusdev.com https://bighandcms.cantarusdev.com https://bighand-hr.secure.force.com https://cdn-cookieyes.com https://code.jquery.com https://e.issuu.com https://js.qualified.com https://legaltalknetwork.com https://pi.pardot.com https://player.vimeo.com https://script.hotjar.com https://scripts.clarity.ms https://secure.lote1otto.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://www.clarity.ms https://www.google.com/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www2.bighand.com 'self' 'sha256-2cz0Dp7LUoCe0bLE2fgpivXBSzIFeTFyfKJJFgJfdLw=' 'sha256-blJbz2t0Jj68ZZO9tt+iS6fSRJMZmGFwbHrp/1I8UTs=' 'sha256-ml80QR4wR9kw/abF7/A6KYGOyy+RfPhkRGiUDcf57oI=' 'sha256-nzwgb7Tk31FF3Ouc8yfcYGLvaGGJ+X8y2SopdQY4lO0=' 'sha256-OOYzBqOcoW0foo1K1nG83Nir3NygYksgkkO1kww4aso=' 'sha256-pli35pRWOhf5dLnukaziF4wbP/KJVwvfXtAFHWmm/Us=' 'sha256-Q8s2Tlv6Qj9fZS+32p0UKnzIF3DxbU30xPuz6WSgxiE=' 'sha256-VJMnzkEXZNHT74REQppGnZo0LEmYaqZ/j2LlphhP65w=' 'unsafe-eval' 'unsafe-hashes';font-src *.typekit.net https://bighand.cantarusdev.com https://bighandcms.cantarusdev.com https://cdn-cookieyes.com 'self';style-src *.typekit.net https://bighand.cantarusdev.com https://bighandcms.cantarusdev.com https://cdn-cookieyes.com https://legaltalknetwork.com 'self' 'sha256-2cz0Dp7LUoCe0bLE2fgpivXBSzIFeTFyfKJJFgJfdLw=' 'sha256-6g8o8jKhaelzqv1rJNJNs1/eKZciv+92sWafeZs5qsg=' 'sha256-blJbz2t0Jj68ZZO9tt+iS6fSRJMZmGFwbHrp/1I8UTs=' 'sha256-i0qmpxUxsQsNRhzZ8w8Y7rsDsN8b+7ACzK068cU4QgI=' 'sha256-LB3ybv4DAo0t+5nrNyTXfhCx7eHIPKUnXHsMHeXZ9kk=' 'sha256-Oa77Gtz61TUUptiCB2Jycp3q1sEbfBnVdA8UwIuV60c=' 'sha256-OOYzBqOcoW0foo1K1nG83Nir3NygYksgkkO1kww4aso=' 'sha256-pli35pRWOhf5dLnukaziF4wbP/KJVwvfXtAFHWmm/Us=' 'sha256-Q8s2Tlv6Qj9fZS+32p0UKnzIF3DxbU30xPuz6WSgxiE=' 'sha256-ua3HKvKRuh/PSgVqVs3peBXTdxgsR+AoMZdN6AJPmaI=' 'sha256-Uj7JWkJ69UgPT+YfpyK2u7324RlcU2GVu38mFu0yBps=' 'sha256-WNGnU7/RbXXlQwrnVt0C4kHNoRcxOeJQ2cK940N5IyM=' 'sha256-XVIc9b8gR83yOekv7d4CWT3r+Cs55al7ZprYn75Cys4=' 'unsafe-hashes' 'unsafe-inline';default-src https://bighand.cantarusdev.com https://bighandcms.cantarusdev.com 'self' 'unsafe-inline';manifest-src https://bighand.cantarusdev.com https://bighand.com https://bighandcms.cantarusdev.com https://bighand-hr.secure.force.com;object-src https://bighand-hr.secure.force.com;script-src-attr https://bighand-hr.secure.force.com;style-src-attr 'unsafe-inline';report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.katapult.com *.klevu.com *.ksearchnet.com *.fontawesome.com data: v2.zopim.com js.klevu.com static.klaviyo.com *.wistia.com maxcdn.bootstrapcdn.com fonts.yieldify-production.com acsbapp.com *.hotjar.com *.nudgify.com fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.rainforestpay.com *.cardinalcommerce.com *.authorize.net *.splitit.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.katapult.com d.agkn.com *.vibe.co *.paytomorrow.com vimeo.com *.doubleclick.net *.trustpilot.com *.paypalobjects.com *.wistia.net *.sharethis.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.attn.tv *.yieldify.com *.kaptcha.com *.sirv.com *.nudgify.com *.gstatic.com *.stripe.com *.rainforestpay.com *.cardinalcommerce.com *.authorize.net *.splitit.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.katapult.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com https://* vimeo.com bat.bing.com js.klevu.com *.klaviyo.com v2.zopim.com maps.googleapis.com *.doubleclick.net *.wistia.com *.attn.tv *.nudgify.com *.paytomorrow.com *.splitit.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.katapult.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com *.disqus.com *.visualwebsiteoptimizer.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.vibe.co *.cometlytrack.com *.alhena.ai *.cookiehub.eu *.redditstatic.com *.wisernotify.com *.liadm.com *.getgobot.com v2.zopim.com static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com *.trustpilot.com bat.bing.com *.klevu.com *.klaviyo.com *.doubleclick.net acsbapp.com *.wistia.com *.wistia.net *.steelhousemedia.com *.mouseflow.com *.sharethis.com newrelic.com *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com www.googleoptimize.com *.yieldify.com *.noibu.com *.lordoftheentertainingostriches.com *.sirv.com *.howuku.com *.usbrowserspeed.com *.clarity.ms *.nudgify.com *.gstatic.com api.wisernotify.com *.userway.org *.dotomi.com *.lab.amplitude.com *.googleapis.com *.parados.ai *.criteo.com rum.hlx.page adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com unpkg.com *.jsdelivr.net *.omtrdc.com adobe.io *.paypal.com *.paypalobjects.com *.adobe.net *.payments-amazon.* apptrian.com *.facebook.com *.facebook.net *.route.com *.stripe.com *.authorize.com *.paytomorrow.com *.splitit.com *.hyros.com cdn.routeapp.io https//fonts.googleapis.com https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com elements.sika.health *.rainforestpay.com *.authorize.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.katapult.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.cookiehub.eu *.wisernotify.com js.klevu.com *.klaviyo.com *.sharethis.com maxcdn.bootstrapcdn.com wss://*.hotjar.com *.nudgify.com *.gstatic.com *.userway.org *.lab.amplitude.com https//fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net *.trustpilot.com *.paytomorrow.com *.splitit.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alhena.ai blob: embedwistia-a.akamaihd.net *.zendesk.com *.zdassets.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.vibe.co *.cometlytrack.com *.alhena.ai *.bugsnag.com *.cookiehub.net *.cookiehub.eu *.redditstatic.com *.reddit.com *.azurewebsites.net *.wisermapp.com *.ip-api.com *.liadm.com *.getgobot.com *.googlesyndication.com *.attentivemobile.com *.klarnacdn.net *.yieldify.com *.dc.yieldify.com *.yieldify-production.com *.zopim.com wss://widget-mediator.zopim.com static.zdassets.com ekr.zdassets.com *.acsbapp.com *.doubleclick.net *.klaviyo.com https://bt.signifyd.com:11103/ *.signifyd.com:11103 *.paypalobjects.com *.wistia.com *.litix.io *.akamaihd.net bat.bing.com *.trustpilot.com *.sharethis.com *.mouseflow.com maps.googleapis.com *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.lordoftheentertainingostriches.com *.noibu.com wss://*.noibu.com fonts.googleapis.com *.breadgateway.net *.howuku.com *.clarity.ms *.nudgify.com *.gstatic.com api.wisernotify.com dp70uvwpivouv.cloudfront.net *.userway.org *.api.userway.org *.paytomorrow.com *.lab.amplitude.com *.parados.ai *.route.com *.amplitude.com *.criteo.com *.cardinalcommerce.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.adobedc.net *.magento.com adobe.io *.typekit.net *.payments-amazon.* *.amazonservices.* apptrian.com *.facebook.com *.facebook.net api.route.com https://api.lab.amplitude.com https://flag.lab.amplitude.com https://protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com *.sikahealth.com *.stripe.com *.rainforestpay.com *.authorize.net *.splitit.com *.amazonaws.com logs.browser-intake-datadoghq.com places.googleapis.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src vimeo.com *.vimeocdn.com *.getbread.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://*.googletagmanager.com https://login.miele.com.au https://login.miele.co.nz https://api-crm.miele.com https://*.facebook.com https://*.facebook.net https://*.pinimg.com https://*.pinterest.com https://*.gigya.com https://*.appointedd.com https://*.cookieyes.com https://*.cookielaw.org https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io https://*.livechatinc.com https://*.salecycle.com https://s.salecycle.com https://*.yimg.com https://*.turn.com https://*.amazon-adsystem.com https://*.adnxs.com https://*.adsrvr.org https://*.bing.com https://*.bing.net https://*.akamaihd.net; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://*.googletagmanager.com https://login.miele.com.au https://login.miele.co.nz https://api-crm.miele.com https://*.facebook.com https://*.facebook.net https://*.pinimg.com https://*.pinterest.com https://*.gigya.com https://*.appointedd.com https://*.cookieyes.com https://*.cookielaw.org https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io https://*.livechatinc.com https://*.salecycle.com https://s.salecycle.com https://*.yimg.com https://*.turn.com https://*.amazon-adsystem.com https://*.adnxs.com https://*.adsrvr.org https://*.bing.com https://*.bing.net https://*.akamaihd.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://eu-images.contentstack.com https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.pinterest.com https://*.facebook.com https://*.facebook.net https://*.gigya.com https://*.yimg.com https://*.turn.com https://*.adnxs.com https://*.adsrvr.org https://*.cookieyes.com https://*.cookielaw.org https://*.onetrust.com https://*.bing.com https://*.bing.net https://*.akamaihd.net https://*.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://www.miele.com.au; connect-src 'self' https://eu-cdn.contentstack.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://login.miele.com.au http://login.miele.com.au https://login.miele.co.nz http://login.miele.co.nz https://api-crm.miele.com https://*.gigya.com http://*.gigya.com https://*.facebook.com https://*.pinterest.com https://*.amazon-adsystem.com https://*.amazon https://*.adsrvr.org https://*.adnxs.com https://*.yimg.com https://*.turn.com https://*.cookieyes.com https://*.cookielaw.org https://*.onetrust.com https://*.livechatinc.com https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.bing.net https://*.appointedd.com https://*.akamaihd.net wss://login.miele.com.au wss://login.miele.co.nz wss://*.hotjar.com; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.doubleclick.net https://*.youtube.com https://stylesourcebook.com.au https://*.gigya.com https://login.miele.com.au https://login.miele.co.nz https://*.pinterest.com https://*.amazon-adsystem.com https://*.adsrvr.org https://*.appointedd.com https://*.facebook.com https://*.bing.com; media-src 'self' https://www.miele.com.au https://www.miele.co.nz; object-src 'none'; worker-src 'self' blob:; manifest-src 'self'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; base-uri 'self'; report-uri /experiences/api/csp-report 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com applepay.cdn-apple.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.securetrading.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.rvvuptech.com *.rvvup.com *.afterpay.com *.clearpay.co.uk *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com thm.visa.com *.mastercard.com *.salesfire.co.uk *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.afterpay.com assets.dev.rvvuptech.com assets.rvvup.com *.sandbox.paypal.com *.stats.paypal.com *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com widgets.dividebuy.co.uk widgets.dividebuysandbox.co.uk *.salesfire.co.uk *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.plugins.emarsys.net *.scarabresearch.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.afterpay.com *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com applepay.cdn-apple.com widgets.dividebuysandbox.co.uk widgets.dividebuy.co.uk *.salesfire.co.uk *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://*.googleapis.com https://*.typekit.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com checkout.dev.rvvuptech.com checkout.rvvup.com widgets.dividebuy.co.uk widgets.dividebuysandbox.co.uk *.salesfire.co.uk *.typekit.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sharethis.com *.scarabresearch.com *.eservice.emarsys.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sandbox.paypal.com *.dev.rvvuptech.com *.rvvup.com www.apple.com apple.com browser-intake-datadoghq.com browser-intake-datadoghq.eu api.dividebuysandbox.co.uk api.dividebuy.co.uk *.salesfire.co.uk *.smartmetrics.co.uk *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: use.typekit.net www.google.com www.google.by unpkg.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.merchante-solutions.com https://hostedpayments.merchante.com https://merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.ca-dev.co *.chargeafter.com www.google.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://cdn-sandbox.ca-dev.co https://cdn.chargeafter.com *.gstatic.com *.googleapis.com *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.files-text.com www.google.by www.facebook.com *.godaddy.com *.bing.net *.omappapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn-sandbox.ca-dev.co https://cdn.chargeafter.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.omappapi.com a.opmnstr.com api.chargeafter.com seal.godaddy.com connect.facebook.net *.callrail.com *.livechatinc.com wss://*.livechatinc.com client.prod.mplat-ppcprotect.com *.searchspring.net snapui.searchspring.io app.termly.io www.clarity.ms *.prod.equally.ai 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.typekit.net a.omappapi.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ca-dev.co *.chargeafter.com *.googleapis.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com https://writer.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com logging-proxy-ca-production-170512-af60esna.uc.gateway.dev *.omappapi.com *.gateway.dev js.callrail.com click.prod.mplat-ppcprotect.com app.termly.io 9vbqsm.a.searchspring.io d.clarity.ms app.callrail.com wss://*.livechatinc.com *.bing.net *.livechatinc.com *.doubleclick.net *.googlesyndication.com *.prod.equally.ai *.consent.api.termly.io xoksmy.a.searchspring.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
default-src 'self';  base-uri 'self';  object-src 'none';  frame-ancestors 'self';  form-action 'self';  img-src 'self' data: https: blob:;  font-src 'self' data: https:;  style-src 'self' 'unsafe-inline' https:;  frame-src 'self' https:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://ajax.googleapis.com https://widget.trustpilot.com https://*.hotjar.com https://*.hotjar.io https://www.clarity.ms https://scripts.clarity.ms https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://policy.app.cookieinformation.com https://www.gstatic.com https://at.choicefurnituresuperstore.co.uk https://www.dwin1.com https://js.dwin1.com https://smtc.co https://lantern.roeycdn.com https://api.contester.net https://analytics-event.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.googleadservices.com; connect-src 'self' https: wss: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.clarity.ms https://static.cloudflareinsights.com https://dynamic.criteo.com https://static.criteo.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net; 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; connect-src 'self' stats.peer.biz; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it  www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self' https: data: blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-91b2b45c-2ad0-422f-99b4-327c5f144411' http: https: https://bpoint.com.au https://bpoint.uat.linkly.com.au; style-src 'self' 'unsafe-inline' https://*.arcgis.com https://bpoint.com.au https://bpoint.uat.linkly.com.au; connect-src 'self' http: https: data: mediastream: blob: filesystem: ws: wss: analytics.google.com https://*.arcgis.com https://*.arcgisonline.com https://dc.services.visualstudio.com https://*.doubleclick.net wss://ws.hotjar.com https://*.hotjar.io https://content.hotjar.io https://vc.hotjar.io https://surveystats.hotjar.io https://bpoint.com.au https://bpoint.uat.linkly.com.au; font-src 'self' https://*.arcgis.com https://script.hotjar.com data:; object-src 'none' ; frame-src 'self' https://*.google.com https://*.youtube.com *.westernpower.com.au https://*.microsoftcrmportals.com/ https://*.doubleclick.net https://*.apac01.idio.episerver.net/ https://online.flippingbook.com/ https://*.googletagmanager.com/; base-uri 'self' ;  report-uri https://www.westernpower.com.au/api/csp;  report-to csp-endpoint; 1
script-src https://www.googletagmanager.com/gtm.js 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://d.la1-c1-ia5.salesforceliveagent.com/chat/rest/ https://google-analytics.com https://creditkarma1.my.site.com https://www.google.com https://pay.google.com https://analytics.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://*.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.umd.js https://service.force.com/embeddedservice/ https://creditkarma1.my.salesforce-scrt.com 'unsafe-eval' https://d.la1-c1-ia4.salesforceliveagent.com/chat/rest/ https://*.analytics.google.com; report-to sfdc-csp-ep; report-uri https://creditkarma1.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1U000000rAl3&networkId=0DM1U000000e6Hq&type=communities 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adform.net *.adform.net betano.ca *.betano.ca betano.com *.betano.com betgenius.com *.betgenius.com bing.com *.bing.com cloudflare.com *.cloudflare.com cookielaw.org *.cookielaw.org creativecdn.com *.creativecdn.com facebook.net *.facebook.net fullstory.com *.fullstory.com geocomply.com *.geocomply.com gmlinteractive.com *.gmlinteractive.com googletagmanager.com *.googletagmanager.com kameleoon.eu *.kameleoon.eu kaizengaming.com *.kaizengaming.com optimove.net *.optimove.net sportradar.com *.sportradar.com cloudflareinsights.com *.cloudflareinsights.com app.delivery *.app.delivery clarity.ms *.clarity.ms lgrckt-in.com *.lgrckt-in.com tostarsbuilding.com *.tostarsbuilding.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=sFglmGQx4ycIs8rVMzyqlDMCmm1Ox2HXLcRELewrfqs-1773714567-1.0.1.1-TbZVueNlj_tiXbMzHeB9ZoHPIFZSdmq19UmIqaMxwQPEwuRLdiTvCylt2z7MOdZVyt7eAqNv21F9n8vr9.VEZ1_.0n8Ox08SyGIG9p9xAxvqD55ILhw5IDJ9WpEkavLPBmcV1aeMiIA2xFCqsdvE6IuLEhqlKg933o.kXgcAaZmFtj3QH4DBshTc8p457GP5ZR20qSqRS1J4_.1GM5OR4Q; report-to cf-zifsyqpriatxpkpx 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://accounts.google.com https://translate.google.com https://translate.googleapis.com https://*.fillout.com https://*.sentry.io https://vercel.live https://*.vercel.app https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com; img-src 'self' data: blob: https: http:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.spotsaas.com https://*.amazonaws.com https://*.cloudfront.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fillout.com https://*.sentry.io https://accounts.google.com https://translate.googleapis.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.fillout.com https://accounts.google.com https://www.google.com https://*.beehiiv.com; media-src 'self' https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self' https://accounts.google.com https://*.fillout.com 1
default-src 'self';                 script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'                     https://acsbapp.com                     https://browser.sentry-cdn.com                     https://cdn.cookielaw.org                     https://code.jquery.com                     https://cdn.jsdelivr.net                     https://fast.wistia.com                     https://js.monitor.azure.com                     https://kit.fontawesome.com                     https://www.google.com                     https://www.google.com/recaptcha                     https://www.googletagmanager.com                     https://www.gstatic.com                     https://connect.facebook.net                     https://polyfill.io                     https://ajax.googleapis.com                     https://developers.google.com                     https://maps.googleapis.com                     https://maps.gstatic.com;                 script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'                     https://acsbapp.com                     https://browser.sentry-cdn.com                     https://cdn.cookielaw.org                     https://code.jquery.com                     https://cdn.jsdelivr.net                     https://fast.wistia.com                     https://js.monitor.azure.com                     https://kit.fontawesome.com                     https://www.google.com                     https://www.google.com/recaptcha                     https://www.googletagmanager.com                     https://www.gstatic.com                     https://connect.facebook.net                     https://polyfill.io                     https://ajax.googleapis.com                     https://developers.google.com                     https://maps.googleapis.com                     https://maps.gstatic.com;                 style-src 'report-sample' 'self' 'unsafe-inline'                     https://cdnjs.cloudflare.com                     https://code.jquery.com                     https://fonts.googleapis.com;                 style-src-elem 'self' 'unsafe-inline'                     https://cdnjs.cloudflare.com                     https://code.jquery.com                     https://fonts.googleapis.com;                 object-src 'none';                 base-uri 'self';                 connect-src 'self'                     https://cdn.acsbapp.com                     https://cdn.cookielaw.org                     https://dc.services.visualstudio.com                     https://distillery.wistia.com                     https://embed-cloudfront.wistia.com                     https://fast.wistia.com                     https://fg8vvsvnieiv3ej16jby.litix.io                     https://geolocation.onetrust.com                     https://ka-p.fontawesome.com                     https://pipedream.wistia.com                     https://privacyportal.onetrust.com                     https://www.google-analytics.com                     https://analytics.google.com                     https://connect.facebook.net                     https://maps.googleapis.com                     https://maps.gstatic.com                     https://stats.g.doubleclick.net;                 font-src 'self'                     https://cdnjs.cloudflare.com                     https://fast.wistia.com                     https://ka-p.fontawesome.com                     https://fonts.gstatic.com                     data:;                 frame-src 'self'                     https://www.google.com                     https://www.facebook.com                     https://static.xx.fbcdn.net;                 img-src 'self' data:                     https://cdn.cookielaw.org                     https://fast.wistia.com                     https://embed-ssl.wistia.com                     https://www.globalmedicalresponse.com                     https://app-gmr-corpweb-amr.azurewebsites.net                     https://www.googletagmanager.com                     https://maps.gstatic.com                     https://maps.googleapis.com                     https://www.facebook.com                     https://facebook.com                     https://m.facebook.com                     https://amr.net;                 manifest-src 'self';                 media-src 'self' blob:;                 worker-src 'none';                 report-uri https://68654f9f841f0014a4c0d103.endpoint.csper.io?v=0; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.salesfire.co.uk *.typekit.net *.klarnacdn.net fonts.gstatic.com *.finance-calculator.co.uk *.s3.eu-west-2.amazonaws.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.myfonts.net *.bootstrapcdn.com *.electromarket.co.uk *.tawk.to *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.salesfire.co.uk *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com *.google-analytics.com *.gstatic.com *.google.com *.trustpilot.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com s3.eu-west-1.amazonaws.com *.blackhorseflexpay.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.uk *.paypal.com *.doubleclick.net *.electromarket.co.uk destiny-files.com *.bronto.com *.tawk.to *.jsdelivr.net *.postcodeanywhere.co.uk *.reviews.io *.reviews.co.uk *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesfire.co.uk *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.blackhorseflexpay.co.uk/ *.postcodeanywhere.co.uk https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.fontawesome.com *.divido.com *.electromarket.co.uk *.tawk.to *.pcapredict.com *.doubleclick.net *.trustpilot.com *.bronto.com *.jsdelivr.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.salesfire.co.uk *.typekit.net *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk https://*.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.myfonts.net *.electromarket.co.uk *.bootstrapcdn.com *.jsdelivr.net *.postcodeanywhere.co.uk *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk *.smartmetrics.co.uk *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.electromarket.co.uk *.tawk.to wss://*.tawk.to *.google.com *.google-analytics.com *.doubleclick.net *.postcodeanywhere.co.uk *.brontops.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.link.com *.amazon.com *.twitter.com *.twimg.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://db392d55-be7f-4975-a832-ea6573ed064e.sansec.watch/; report-to report-endpoint; 1
script-src 'nonce-jERt2ra7RXGsA7uJw2rOKmNYzJM6JsKvwAlrqzaP1qs=' 'unsafe-eval' 'strict-dynamic' https:; frame-ancestors 'self'; report-uri https://www.thonhotels.com/api/ContentSecurityViolation/; report-to csp-endpoint; object-src 'self'; base-uri 'self' 1
frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn-cookieyes.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com; frame-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.alliai.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.alliai.com wss://*.alliai.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
script-src * 'self' 'unsafe-inline' 1
font-src *.googleapis.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudmaestro.com *.punchout2go.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.punchout2go.com 'self' data: *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.certcapture.com *.doubleclick.net *.facebook.com events.blackthorn.io *.punchout2go.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com *.certcapture.com maps.googleapis.com www.googletagmanager.com www.google.com *.cloudmaestro.com *.doubleclick.net *.scene7.com *.bakerdist.com bam.nr-data.net *.punchout2go.com https://firebasestorage.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com cdnjs.cloudflare.com cdn.jsdelivr.net static.cloudflareinsights.com unpkg.com *.onetrust.com cdn.cookielaw.org maps.googleapis.com *.punchout2go.com *.tradecentric.com cdn.polyfill.io *.cloudmaestro.com js-agent.newrelic.com bam.nr-data.net *.authorize.net *.bakerdist.com static.zdassets.com cdn.rudderlabs.com events.blackthorn.io *.avada.io *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com cdnjs.cloudflare.com *.cloudmaestro.com *.punchout2go.com *.tradecentric.com *.bakerdist.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.punchout2go.com *.tradecentric.com *.buyerquest.net bam.nr-data.net 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com *.googleapis.com *.certcapture.com *.bakerdist.com bam.nr-data.net *.authorize.net cdn.cookielaw.org *.scene7.com lkx760tcl7.execute-api.us-east-1.amazonaws.com www.facebook.com wss://widget-mediator.zopim.com static.cloudflareinsights.com bakerdist.zendesk.com ekr.zdassets.com bkuatdmbogssdi.dataplane.rudderstack.com bkprodukgnhabu.dataplane.rudderstack.com api.rudderstack.com geolocation.onetrust.com privacyportal.onetrust.com boltgw-uat.cardconnect.com:* boltgw.cardconnect.com:* *.punchout2go.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.beleuchtungdirekt.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.beleuchtungdirekt.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.beleuchtungdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-YJrJRitETRQuS9x0txexmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cash-f.squarecdn.com *.yotpo.com *.googleapis.com *.gstatic.com *.flaticon.com *.baomitu.com *.googleusercontent.com *.faircado.com *.faceworks.nl *.jsdelivr.net *.typekit.net *.cloudflare.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com *.yotpo.com *.3dsecure.no *.wlp-acs.com *.marqeta.com *.cardcomplete.com *.securesuite.net *.eewosecure.com *.apata.io *.google.com *.easybank.at *.americanexpress.com *.securesuite.co.uk *.rsa3dsauth.com *.n26.com *.monext.fr *.ing.de *.sparkassen-kreditkarten.de *.firstdata.de *.arcot.com *.psa.at 3dsecure-vrp.de *.rabobank.nl *.salesforce.com *.sparkasse.at 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sendcloud.sc *.jsdelivr.net *.weltpixel.com *.yotpo.com *.opendns.com *.rabobank.nl *.wlp-acs.com *.psa.at *.bing.com *.arcot.com *.google.com *.firstdata.de google.com 3dsecure-vrp.de *.vimeo.com *.zscaler.net *.easybank.at *.americanexpress.com *.microsoftonline.com *.sbk-vs.de *.marqeta.com *.ing.de *.doubleclick.net *.rsa3dsauth.com *.facebook.com *.googletagmanager.com *.zscloud.net *.apata.io *.sparkassen-kreditkarten.de *.eewosecure.com *.agu.com *.convert.com *.3dsecure.no *.securesuite.net *.monext.fr *.securesuite.co.uk *.tradetracker.net *.sparkasse.at bing.com *.saasprotection.com vimeo.com *.n26.com *.cloudflare.com *.voyado.com caclk.com *.zscalertwo.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://www.google.nl magefan.com cm.magefan.com *.amazonaws.com *.gstatic.com *.facebook.com *.yotpo.com *.facebook.net *.google.com *.agu.com *.trustedshops.com *.tradetracker.net *.googleusercontent.com *.tiktok.com *.bing.net *.bing.com *.google-analytics.com *.vimeo.com *.h-ams.net *.doubleclick.net *.convertexperiments.com ipavatarbucket.s3.eu-central-1.amazonaws.com *.googleadservices.com yastatic.net *.trackedlink.net *.googletagmanager.com *.linkedin.com agu.com *.googleapis.com bucket-ip-website.s3.eu-central-1.amazonaws.com *.trackedweb.net google.com *.flaticon.com *.clarity.ms data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com *.convertexperiments.com *.voyado.com *.doubleclick.net *.bing.com d5yoctgpv4cpx.cloudfront.net *.kk-resources.com *.google.com *.redeal.se *.vimeo.com *.googletagmanager.com *.convert.com *.eyefitu.com *.clarity.ms *.googleapis.com *.cookie-script.com secured-pixel.com *.trustedshops.com *.tiktok.com *.trackedweb.net *.agu.com *.googleadservices.com *.tradetracker.net *.varify.io *.licdn.com *.trackedlink.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.cash.app *.sendcloud.sc *.jsdelivr.net tagmanager.google.com *.yotpo.com *.googleapis.com *.voyado.com *.gstatic.com *.googletagmanager.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.google-analytics.com *.facebook.net *.yotpo.com *.visualstudio.com *.clarity.ms *.googleapis.com *.agu.com *.gstatic.com *.trustedshops.com *.convertexperiments.com *.voyado.com *.google.com *.doubleclick.net *.facebook.com *.linkedin.com *.bing.net *.hotjar.io agu.com *.eyefitu.com *.cookie-script.com *.npass.app *.tiktok.com *.varify.io google.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.azure.com *.googleadservices.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://d3a47fe8-35b6-4db2-9ced-33cd80c05948.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-E0zexQiZ59ytD8DWs5Euww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  script-src    'self'    'unsafe-eval'    'unsafe-inline'    https://*.google.com    https://*.googleadservices.com    https://*.googlesyndication.com    https://*.googletagmanager.com    https://*.gstatic.com    https://*.doubleclick.net    https://maps.googleapis.com    https://connect.facebook.net    https://*.facebook.com    https://cdn.brevo.com    https://sibautomation.com    https://conversations-widget.sendinblue.com    https://in-automate.brevo.com    https://js.stripe.com    https://*.js.stripe.com    https://connect-js.stripe.com    https://checkout.stripe.com    https://cdn.amplitude.com    https://conversations-widget.brevo.com    https://analytics.amplitude.com    https://cdn.jsdelivr.net    https://cdnjs.cloudflare.com    https://*.go-mpulse.net    https://analytics.tiktok.com    https://bat.bing.com    https://bat.bing.net    https://static.ads-twitter.com    https://platform.twitter.com    https://analytics.twitter.com    https://challenges.cloudflare.com;  style-src     'self'    'unsafe-inline'    https://cdnjs.cloudflare.com    https://fonts.googleapis.com    https://connect-js.stripe.com    https://cdn.amplitude.com    https://cdn.amplitude.com    https://js.stripe.com    https://www.googletagmanager.com    sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk=;  img-src    'self'    https://flagcdn.com    blob: data:    https://*.googleadservices.com    https://*.googlesyndication.com    https://*.googletagmanager.com    https://*.google.fr    https://*.google.com    https://*.doubleclick.net    https://gtm.groupe-reussite.fr    https://*.facebook.com    https://*.facebook.net    https://*.fbcdn.net    https://cdnjs.cloudflare.com    https://fonts.gstatic.com    https://maps.gstatic.com    https://maps.googleapis.com    https://in-automate.brevo.com    https://*.stripe.com    https://cdn.brevo.com    https://cdn.amplitude.com    https://*.akstat.io    https://analytics.tiktok.com    https://*.tiktok.com    https://bat.bing.com    https://bat.bing.net    https://static.ads-twitter.com    https://platform.twitter.com    https://analytics.twitter.com    https://*.twitter.com    https://*.x.com    https://t.co;  font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com;  object-src 'none';  base-uri 'self';  form-action     'self'    https://*.facebook.net    https://*.facebook.com;  frame-ancestors 'none';  worker-src    'self'    blob:;  connect-src    'self'    blob:    https://*.gstatic.com    https://*.google.com    https://*.googletagmanager.com    https://*.google.fr    https://*.g.doubleclick.net    https://*.googleadservices.com    https://*.googlesyndication.com    https://*.google-analytics.com     https://*.facebook.net    https://*.facebook.com    https://cdn.brevo.com    https://sibautomation.com    https://conversations-widget.sendinblue.com    https://conversations-widget.brevo.com    https://in-automate.brevo.com    https://api.stripe.com    https://js.stripe.com    https://uploads.stripe.com    https://checkout.stripe.com    https://cdnjs.cloudflare.com    https://maps.googleapis.com    https://maps.gstatic.com    https://fonts.googleapis.com    https://fonts.gstatic.com    https://cdn.amplitude.com    https://api.amplitude.com    https://analytics.amplitude.com    https://api2.amplitude.com    https://sr-client-cfg.amplitude.com    https://region1.analytics.google.com    https://region1.google-analytics.com    https://chat.googleapis.com    https://flagcdn.com    https://*.go-mpulse.net    https://*.akstat.io    https://*.doubleclick.net    https://analytics.tiktok.com    https://business-api.tiktok.com    https://bat.bing.com    https://bat.bing.net    https://static.ads-twitter.com    https://platform.twitter.com    https://analytics.twitter.com    https://*.twitter.com    https://*.x.com    https://t.co    https://analytics-ipv6.tiktokw.us    https://*.amazonaws.com    https://challenges.cloudflare.com    https://gtm.groupe-reussite.fr;  frame-src    'self'    https://*.googletagmanager.com    https://*.googlesyndication.com    https://*.google.com    https://*.doubleclick.net    https://gtm.groupe-reussite.fr    https://*.facebook.com    https://*.facebook.net    https://js.stripe.com    https://*.js.stripe.com    https://hooks.stripe.com    https://connect-js.stripe.com    https://checkout.stripe.com    https://www.youtube.com    https://conversations-widget.sendinblue.com    https://conversations-widget.brevo.com    https://platform.twitter.com    https://syndication.twitter.com    https://*.twitter.com    https://*.x.com    https://challenges.cloudflare.com;    media-src       'self'       https://*.amazonaws.com 1
base-uri 'self' www.google-analytics.com;connect-src 'self';default-src 'self';form-action 'self' murze.be murze.be.test sendy.murze.be platform.twitter.com syndication.twitter.com;img-src 'self' * 'unsafe-inline' data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-qWkMLZZUsPw0L1FRBznEplxI6PyAt2S1' murze.be murze.be.test www.google.com www.gstatic.com cdn.jsdelivr.net avd.innity.net unpkg.com cdnjs.cloudflare.com *.googlesyndication.com 'unsafe-eval' *.bootstrapcdn.com srv.carbonads.net script.carbonads.com cdn.carbonads.com fonts.googleapis.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com platform.twitter.com *.twimg.com;style-src 'self' 'nonce-qWkMLZZUsPw0L1FRBznEplxI6PyAt2S1' murze.be murze.be.test 'unsafe-inline' www.google.com www.gstatic.com cdn.jsdelivr.net use.fontawesome.com cdnjs.cloudflare.com avd.innity.net *.googlesyndication.com *.bootstrapcdn.com fonts.googleapis.com platform.twitter.com;font-src * 'unsafe-inline' *.bootstrapcdn.com fonts.gstatic.com;frame-src platform.twitter.com syndication.twitter.com *.youtube.com www.google.com www.gstatic.com googleads.g.doubleclick.net *.googlesyndication.com 1
object-src 'none';base-uri 'self';script-src 'nonce-7_XpZuEr3ZbNHKhmmVP7uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net userlike-cdn-umm.b-cdn.net *.trustedshops.com *.gstatic.com 'self' data: data: *.stamped.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ariba.com punchoutcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.ariba.com punchoutcommerce.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net 'self' https://scontent.cdninstagram.com *.bird.eu *.googlesyndication.com bat.bing.com www.google.de *.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-web.b-cdn.net *.trustedshops.com https://widgets-qa.trustedshops.com *.usercentrics.eu *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net 'self' data: maps.googleapis.com maps.gstatic.com www.facebook.com www.gstatic.com www.google.pl *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net use.typekit.net *.magento-datasolutions.com *.magento-ds.com https://matomo.brewes.de api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net bat.bing.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.usercentrics.eu *.googletagmanager.com *.clarity.ms js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io www.google.com *.gstatic.com maps.googleapis.com maps.gstatic.com connect.facebook.net http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io *.trustedshops.com *.etrusted.com *.etrusted.site 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com *.stamped.io www.klarnapayments.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' https://scontent.cdninstagram.com *.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.sentry.io api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://matomo.brewes.de *.googlesyndication.com bat.bing.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net userlike-cdn-umm.b-cdn.net wss://umd.userlike.com googleads.g.doubleclick.net *.trustedshops.com *.etrusted.com *.etrusted.site *.usercentrics.eu *.googletagmanager.com *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com t.elasticsuite.io *.google-analytics.com *.authorize.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com 'self' 'unsafe-inline'; child-src api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-csOe5vTHTqCTPZi1bN6sLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CH5x2412Hk3UghePdK-S1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net maxcdn.bootstrapcdn.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.unzer.com *.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://h.online-metrix.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://kiwirail.co.nz/* https://www.googletagmanager.com/ www.kiwirail.co.nz/* http://www.w3.org/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com https://www.youtube.com/ https://connect.facebook.net/ 'self' 'unsafe-inline'; img-src http://www.w3.org/ https://www.facebook.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline' data:;report-uri https://www.kiwirail.co.nz/csp/v1/report;report-to csp-endpoint; 1
default-src self; script-src self bat.bing.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.clarity.ms js.hubspot.com js.usemessages.com scripts.clarity.ms; script-src-elem self acds-events.adobe.io bat.bing.com cdn-widgetsrepository.yotpo.com commerce.adobedtm.com connect.breadpayments.com connect.facebook.net d18eg7dreypte5.cloudfront.net googleads.g.doubleclick.net js.hsadspixel.net js.hs-analytics.net/analytics js.hs-banner.com js.hs-scripts.com js.hubspot.com js.usemessages.com js-agent.newrelic.com livesearch-autocomplete.magento-ds.com livesearch-metrics.magento-ds.com recommendations-sdk.adobe.io rum.hlx.page scripts.clarity.ms staticw2.yotpo.com unpkg.com www.clarity.ms www.googletagmanager.com; script-src-attr self; style-src self staticw2.yotpo.com; style-src-elem self cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com fonts.googleapis.com staticw2.yotpo.com; style-src-attr self; img-src self bat.bing.com c.clarity.ms cdn-yotpo-images-production.yotpo.com forms.hsforms.com images.north40.com p.yotpo.com perf-na1.hsforms.com pimimage.s3.us-east-2.amazonaws.com track.hubspot.com www.facebook.com www.google.com www.googletagmanager.com; font-src * cdn-widgetsrepository.yotpo.com fonts.gstatic.com staticw2.yotpo.com; connect-src self analytics.google.com api.hubapi.com api.redirect.pp-prod-ads.breadgateway.net api-cdn.yotpo.com bam.nr-data.net catalog-service.adobe.io commerce.adobe.io commerce.adobedc.net connect.breadpayments.com cta-service-cms2.hubspot.com forms.hscollectedforms.net l.clarity.ms o.clarity.ms staticw2.yotpo.com stats.g.doubleclick.net v.clarity.ms www.facebook.com www.google.com y.clarity.ms; media-src self; frame-src app.hubspot.com; form-action self www.facebook.com; report-uri report-endpoint; report-to https://north40outfitters.report-uri.com/r/t/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-G2JUyrZD-00PKh0LYdp1tQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_s89xxjCDPB_KBZZ4xwhvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-XXv1i2354OkDOTFMWMCqjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.luckyorange.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.google.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://images.unsplash.com https://*.gstatic.com *.adyen.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com dev.visualwebsiteoptimizer.com *.luckyorange.com *.googletagmanager.com *.google-analytics.com *.ksearchnet.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.feedoptimise.com cdn.feedoptimise.com *.klevu.com magefan.com cm.magefan.com *.mageside.com mageside.com https://www.magezon.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gtm.bamford.com *.googletagmanager.com *.google-analytics.com dev.visualwebsiteoptimizer.com tools.luckyorange.com loader.usehero.com cdn.usehero.com *.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.feedoptimise.com cdn.feedoptimise.com *.klevu.com *.ksearchnet.com *.google.com/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ tools.luckyorange.com dev.visualwebsiteoptimizer.com *.ksearchnet.com tagmanager.google.com *.adyen.com https://static.klaviyo.com *.klevu.com assets.braintreegateway.com fonts.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://maps.googleapis.com https://player.vimeo.com *.adyen.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googletagmanager.com *.google-analytics.com *.luckyorange.com dev.visualwebsiteoptimizer.com api.usehero.com api.addressy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-w4Y2_tL7XrXiS38UhzbU0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-KFdPRvPDNlEG5bjh3lzaiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1
default-src 'self'; script-src 'self' 'nonce-Mtvs7M7KG+PeQdDZVsnpCQ==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.meetic.fr *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.meetic.fr; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
script-src 'nonce-06pKhCQdbEiRtv5NKsAGVUojRPzXj1ihaDfeBqv6enc=' 'unsafe-eval' 'strict-dynamic' https:; frame-ancestors 'self'; report-uri https://www.thonhotels.no/api/ContentSecurityViolation/; report-to csp-endpoint; object-src 'self'; base-uri 'self' 1
script-src 'self' 'nonce-gxKVBdiNGRHN+ccWHhmIOVqYFNOOrrIpgvppvhHYBdo=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src 'self' https://accesswidget-log-receiver.acsbapp.com https://cdn.acsbapp.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com https://syndication.teleborsa.it https://ka-f.fontawesome.com/ https://*.animasgr.it https://funds.previnet.it https://www.epheso.com/ https://funds.previnet.it https://www.google.com/ https://*.iubenda.com/ data:; connect-src 'self' https://cdn.acsbapp.com/ https://cdn.linkedin.oribi.io https://eu.acsbapp.com https://eu-process.acsbapp.com https://eu-cdn.acsbapp.com https://process.acsbapp.com https://cdn.acsbapp.com https://www.google-analytics.com https://*.iubenda.com https://ka-f.fontawesome.com/ https://stats.g.doubleclick.net https://plausible.io https://vimeo.com https://www.google.com/recaptcha/ https://anima-forms-api.apps.animasgr.it/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://eu.acsbapp.com https://acsbapp.com https://kit.fontawesome.com https://www.epheso.com/ https://funds.previnet.it https://www.gstatic.com/ https://*.iubenda.com/ https://www.google.com/ https://assets.contactlab.it https://chatbot-prod.animasgr.it https://www.googletagmanager.com https://www.google-analytics.com https://ssl.p.jwpcdn.com/ https://*.animasgr.it https://plausible.io https://player.vimeo.com/; img-src 'self' data: https://px.ads.linkedin.com https://eu-cdn.acsbapp.com https://cdn.acsbapp.com https://www.google.com/ https://www.google.it/ https://www.google-analytics.com/ https://prd.jwpltx.com/ https://www.googletagmanager.com/ https://*.vimeocdn.com/; media-src 'self' data: blob: https://eu-web1.acsbapp.com https://web1.acsbapp.com https://*.animasgr.it; frame-src 'self' https://funds.previnet.it/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://syndication.teleborsa.it; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.wolterskluwer.io http://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn3.devexpress.com https://cdn.pubnub.com https://*.pndsn.com https://www.googletagmanager.com 1
object-src 'none';base-uri 'self';script-src 'nonce-hgJHkXW9Uk6ohb_Atwbsqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-v6YyoBr5ZuSjyyqQdZSHfMl0S' 'strict-dynamic'; manifest-src 'self' 1
font-src www.paypalobjects.com *.bootstrapcdn.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net consentcdn.cookiebot.com www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.a4h-tech.com maps.gstatic.com www.facebook.com bat.bing.com bat.bing.net https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com * https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bootstrapcdn.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com https://static.klaviyo.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.googleapis.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com sentry.io bat.bing.net *.cookiebot.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri  https://ac60fb03-564c-42ad-930d-a3ac0244755c.sansec.watch/; report-to report-endpoint; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 1
default-src 'nonce-43f2c5186a9df3a64b73a8bc8dbbe3b7' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
object-src 'none';base-uri 'self';script-src 'nonce-Ar6_TDQCwZEe5pS8tUiMng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' data: https://staging.eveandi.de  https://www.facebook.com  https://via.placeholder.com  https://www.paypalobjects.com  https://plugins.svn.wordpress.org  https://cdn.divisupreme.com  https://yastatic.net  https://i.ytimg.com  https://tools.roxhealth.net  https://translate.google.com  https://eveandi.de  https://marketing-staging.eveandi.de  android-webview-video-poster  https://wpforms.com  https://really-simple-ssl.com  https://fonts.gstatic.com  https://www.google.com  https://app-staging.eveandi.de  https://cdn.datatables.net  https://divisupreme.com  https://www.etracker.de  https://cdn-public.borlabs.io  https://work.eveandi.de  https://roche.eveandi.de  https://images.podigee-cdn.net  blob:  https://divi-modules.com  https://www.google.de  https://connect.facebook.net  https://connect.advancedcustomfields.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://connect.facebook.net  https://tools.roxhealth.net  https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  https://www.google.com  https://www.paypal.com  https://maps.googleapis.com  https://platform.twitter.com  https://www.gstatic.com  https://js.stripe.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://lepubu.nupigutiwo.com  https://code.etracker.com  https://www.etracker.de  about  https://cdnjs.cloudflare.com  https://unpkg.com  https://cdn.datatables.net  https://xeldurap.peazheut.com  https://me.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://www.googletagmanager.com  https://rialto-gms.s3.amazonaws.com  https://apis.google.com  https://eveandi.de  https://eveandi.health  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net  https://tools.roxhealth.net  https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  https://www.google.com  https://www.paypal.com  https://maps.googleapis.com  https://platform.twitter.com  https://www.gstatic.com  https://js.stripe.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://lepubu.nupigutiwo.com  https://code.etracker.com  https://www.etracker.de  about  https://cdnjs.cloudflare.com  https://unpkg.com  https://cdn.datatables.net  https://xeldurap.peazheut.com  https://me.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://www.googletagmanager.com  https://rialto-gms.s3.amazonaws.com  https://apis.google.com  https://eveandi.de  https://eveandi.health ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://maxcdn.bootstrapcdn.com  https://cdn.datatables.net  https://ajax.googleapis.com  https://cdnjs.cloudflare.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://eveandi.de  https://eveandi.health ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://maxcdn.bootstrapcdn.com  https://cdn.datatables.net  https://ajax.googleapis.com  https://cdnjs.cloudflare.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://eveandi.de  https://eveandi.health ; font-src 'self' https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com  https://assets.tailwindapp.com  https://player.podigee-cdn.net  https://cdn.scite.ai  moz-extension  https://eveandi.de  data:; frame-src 'self' https://www.youtube.com  https://www.facebook.com  https://www.youtube-nocookie.com  https://link.springer.com  https://platform.twitter.com  https://player.podigee-cdn.net  https://www.termedia.pl  https://audio.podigee-cdn.net  https://podcasts.apple.com  https://www.podigee.com  1PqQHFdiO  https://www.deezer.com  https://open.spotify.com  https://twitter.com  https://feedback-pa.clients6.google.com  blob:; media-src 'self' https://marketing-staging.eveandi.de  https://marketing-app.eveandi.de  https://work.eveandi.de  https://roche.eveandi.de  data:  https://eveandi.de;  connect-src 'self' https://tools.roxhealth.net  https://www.facebook.com  https://maps.googleapis.com  properties  https://www.gstatic.com  https://api.rankmath.com  https://fonts.googleapis.com  https://www.etracker.de  https://marketing-staging.eveandi.de  https://translate.googleapis.com  https://player.podigee-cdn.net  https://region1.analytics.google.com  https://www.google.nl  https://stats.g.doubleclick.net  https://apis.google.com  https://www.google.de  http://localhost  ws://localhost  https://eveandi.de;  worker-src 'self' blob:;  report-uri https://eveandi.de/wp-json/rsssl/v1/csp?rsssl_apitoken=875209884; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.addthis.com *.authorize.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com player.vimeo.com 'sha256-QDGDb+WeOOB5b/eBI08w60MMT++33NXP7SyPW/nkAF0=' 'sha256-M+S/HK4OygEmE9PBu/Hiiktl8vyfcalDUU5cBHr0Olo=' 'sha256-cYzSldWkkFjiVyFgVK5ncCuGq6uuTBkiG9iwn/gVCWM=' *.authorize.net *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.addthis.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; child-src 'self' https:; worker-src 'self' https:; report-uri /common/vendor/sysChk/csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-rp8kDrBx5dZGV1W-TXluuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'nonce-COFnF8UneS9u/rRDv92zQkILCwiSMt+61mBDY5Y4o/w='; base-uri 'none'; connect-src 'self' https://*.fontawesome.com https://*.googleapis.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; img-src data: 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://cdn.startpeople.be https://img.youtube.com https://i.ytimg.com https://imgsct.cookiebot.com https://vumbnail.com/ https://i.vimeocdn.com; object-src 'none'; style-src 'self' https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/css/bootstrap-datepicker3.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/select2@4.0.13/dist/css/select2.min.css https://cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/select2-bootstrap-5-theme.min.css https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css https://fonts.googleapis.com; frame-src 'strict-dynamic' 'self' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; report-to csp-endpoint; report-uri https://csp-dxp.rgfstaffing.be/csp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.googletagmanager.com *.google.com/ *.facebook.com *.googlesyndication.com *.roomle.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://www.magezon.com https://images.unsplash.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.cdninstagram.com *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tg www.google.tn www.google.tt google.com *.google.com *.googlesyndication.com *.highlite.com *.linkedin.com *.roomle.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.googletagmanager.com tagmanager.google.com js.klevu.com *.ksearchnet.com *.google.com/ roomle.com www.roomle.com https://chimpstatic.com *.clarity.ms *.cloudflareinsights.com *.consentmanager.net *.contentsquare.net d5yoctgpv4cpx.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.licdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com downloads.mailchimp.com tagmanager.google.com fonts.google.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com *.consentmanager.net *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.cdninstagram.com *.highlite.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://cdn.consentmanager.net https://delivery.consentmanager.net form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.googletagmanager.com *.klevu.com *.ksearchnet.com roomle.com www.roomle.com *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tg www.google.tn www.google.tt *.googlesyndication.com *.linkedin.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0194013f-df36-4016-80d8-7168d8f03fc1.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.hotjar.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com 'self' data: *.tawk.to https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.google.com *.google.it *.doubleclick.net *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com 'self' data: maps.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ https://widgets.trustedshops.com https://integrations.etrusted.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.alothemes.com *.magepow.com *.hotjar.com *.iubenda.com *.doubleclick.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.iubenda.com *.stripe.network *.stripecdn.com *.amazon.com assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google.it *.analytics.google.com *.iubenda.com *.hotjar.io *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem 'self' 'unsafe-inline' http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://assets.calendly.com/ https://js.hubspot.com https://js.intercomcdn.com https://accounts.google.com/gsi/style; default-src 'self' 'nonce-dmAPfbyKU5vnwLDPtwuxoA==' https://equityzen.com https://accounts.google.com/gsi/ http://js.hs-analytics.net http://platform.twitter.com http://static.ads-twitter.com http://widget.intercom.io http://widget.trustpilot.co http://widget.trustpilot.com https://*.bing.com https://*.clarity.ms https://*.clickcease.com https://*.cloudfront.net https://*.facebook.com https://*.google.com https://google.com https://*.hsforms.com https://*.ingest.sentry.io https://*.intercomcdn.com https://*.jsdelivr.net https://*.linkedin.com https://*.reddit.com https://*.redditstatic.com https://*.salesloft.com https://*.sentry.io https://*.stripe.com https://accounts.google.com https://ajax.googleapis.com https://analytics.google.com https://analytics.twitter.com https://api-iam.intercom.io https://api-js.mixpanel.com https://api.hubapi.com https://api.mixpanel.com https://api.sealionproxy.com https://app.hellosign.com https://app.hubspot.com https://cdnjs.cloudflare.com https://ci5.googleusercontent.com https://connect.facebook.net https://cta-service-cms2.hubspot.com https://files.readme.io https://fonts.googleapis.com https://fonts.gstatic.com https://forms.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspotfeedback.com https://kemcho-dev.s3.amazonaws.com https://kemcho-staging.s3.amazonaws.com https://kemcho.s3.amazonaws.com https://maxcdn.bootstrapcdn.com https://myip.duoduodev.com https://oss.maxcdn.com https://perf-na1.hsforms.com https://scout-cdn.salesloft.com https://stats.g.doubleclick.net https://t.co https://td.doubleclick.net https://track.hubspot.com https://www.finra.org https://www.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com wss://nexus-websocket-a.intercom.io http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://assets.calendly.com/ https://js.hubspot.com https://js.intercomcdn.com https://accounts.google.com/gsi/style 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com 1
worker-src 'self' blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googleapis.com https://*.hotjar.com data: https://*.wistia.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://fast.wistia.com https://fast.wistia.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.certcapture.com https://config.gorgias.io https://assets.gorgias.chat https://imgsct.cookiebot.com blob: 'self' https://*.wistia.com https://*.wistia.net magefan.com cm.magefan.com https://img.youtube.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com *.disqus.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com https://player.vimeo.com *.certcapture.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com fonts.googleapis.com fonts.gstatic.com https://*.hotjar.com 'unsafe-inline' https://config.gorgias.chat https://assets.gorgias.chat https://config.gorgias.io https://us-east1-898b.gorgias.chat https://storage.gorgias.chat https://api.gorgias.work cdn.jsdelivr.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com unsafe-inline https://js-agent.newrelic.com https://*.amplitude.com 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/ *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.disqus.com https://cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.stripe.network *.stripecdn.com *.amazon.com *.googleapis.com *.gstatic.com https://*.hotjar.com 'unsafe-inline' cdn.jsdelivr.net 'self' 'unsafe-inline' blob: https://fast.wistia.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com https://cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' blob: data: https://*.wistia.com https://*.wistia.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://config.gorgias.chat https://assets.gorgias.chat https://config.gorgias.io https://us-east1-898b.gorgias.chat wss://us-east1-898b.gorgias.chat https://storage.gorgias.chat https://api.gorgias.work https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://*.amplitude.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://rum.hlx.page *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src assets.gorgias.chat 'self' https://*.wistia.com https://*.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' https://www.youtube.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://i.ytimg.com https://www.google.com; frame-src https://www.youtube.com https://www.google.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-KGgYwclUQ--3JuFCWOupYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com *.google.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.despegar.com *.koin.com.br *.googletagmanager.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.despegar.com *.koin.com.br *.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com *.trackedlink.net cdn.mundipagg.com api.pagar.me *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.despegar.com *.koin.com.br *.googletagmanager.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.despegar.com *.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-JA8MpwNDHo6WpEfbR6cHrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-K3lfSnE2y4VK3QETQecI9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KvWq9rSbpKydEjKnTpW6HA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2etIH5O2kDZixkSRuRCFcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5hbA-GLKSnpT2tGqFkYQzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline' static.klaviyo.com bat.bing.com giantmicrobes.com *.giantmicrobes.com *.stripecdn.com klarna.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://www.youtube.com https://www.youtube-nocookie.com https://*.cloudfront.net js.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.tiktok.com *.certcapture.com js.stripe.com *.google.ca *.google.com.eg analytics.google.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline' *.attn.tv portal.brandlock.io giantmicrobes.attn.tv t.co *.t.co analytics.twitter.com facebook.com *.facebook.com bat.bing.com giantmicrobes.com *.giantmicrobes.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.tiktok.com *.certcapture.com s.pinimg.com cdn.ywxi.net seal.godaddy.com *.jst.ai aly.jst.ai my.jst.ai connect.facebook.net static.cloudflareinsights.com *.dwin1.com *.bing.com *.fontawesome.com cdn.attn.tv static.ads-twitter.com static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com/ portal.brandlock.io d3uz7fhqos37j7.cloudfront.net ct.pinterest.com *.google.com.eg giantmicrobes.attn.tv bat.bing.com 'self' 'unsafe-inline' giantmicrobes.com *.giantmicrobes.com https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline' giantmicrobes.com *.giantmicrobes.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.tiktok.com *.certcapture.com aly.jst.ai s3-us-west-2.amazonaws.com connect.facebook.net *.pinterest.com *.cloudflareinsights.com www.google-analytics.com analytics.google.com *.google.com.eg static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com/ ekr.zdassets.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.authorize.net *.cardinalcommerce.com *.stripe.com klarna.com *.klarnacdn.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net portal.brandlock.io bat.bing.com events.attentivemobile.com stats.g.doubleclick.net *.attn.tv giantmicrobes.attn.tv 'self' 'unsafe-inline' giantmicrobes.com *.giantmicrobes.com https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ api.braintreegateway.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';     base-uri 'self';     child-src 'self';     connect-src 'self';     font-src 'self';     form-action 'self';     frame-ancestors 'self' https://*.sanitas.com https://*.sanet17.ch;     frame-src 'self';     img-src 'self';     manifest-src 'self';     media-src 'self';     object-src 'self';     prefetch-src 'self';     script-src 'self';     script-src-attr 'self';     script-src-elem 'self';     style-src 'self';     style-src-attr 'self';     style-src-elem 'self';     worker-src 'self';     report-uri https://datadog-rum-proxy.prd.gcp.sanet17.ch/intake-proxy/api/v2/logs?dd-api-key=pub161d9c93ae7ae51dbddf3fcb1a905ef5&dd-evp-origin=content-security-policy&ddsource=csp-report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.livechatinc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.lightboxcdn.com ezup.com *.ezup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twitter.com *.payfabric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.salesforce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.stripe.com stripe.com *.bolt.com connect.bolt.com *.transifex.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com www.google.com *.google.com *.doubleclick.net www.facebook.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.youtube.com/ *.payfabric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.livechatinc.com *.artifi.net gum.criteo.com *.criteo.net *.pepperjam.com *.pepperjamnetwork.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.salesforce.com *.bolt.com *.criteo.com *.transifex.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.payfabric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ezup.nl ezup.fr ezup.eu ezup.de *.cookiepro.com ezup.com *.ezup.com *.inspectlet.com *.google.com.sg *.bing.com *.linkedin.com *.stickyadstv.com *.smartadserver.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.pubmatic.com *.clmbtech.com *.yieldmo.com *.bluekai.com *.aralego.com *.adhaven.com *.sitescout.com *.tapad.com *.deepintent.com *.smaato.net *.everesttech.net *.krxd.net *.aralego.net *.crwdcntrl.net *.1rx.io *.artifi.net *.searchspring.io *.cloudfront.net *.ivitrack.com *.liadm.com *.postrelease.com *.revcontent.com *.tremorhub.com *.mediawallahscript.com *.omnitagjs.com *.agkn.com *.tpmn.co.kr *.yotpo.com dhv2ziothpgrr.cloudfront.net *.rqtrk.eu *.adsrvr.org *.addthis.com *.nr-data.net *.pippio.com *.boast.io *.amazonaws.com blob: *.bolt.com *.emxdgt.com *.yahoo.net *.googlesyndication.com *.bidr.io *.lightboxcdn.com *.googleusercontent.com *.placeholder.com google.com *.tpmn.io *.lijit.com *.turn.com *.rezync.com *.rfihub.com pippio.com thrtle.com *.visualwebsiteoptimizer.com *.reddit.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.payfabric.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js *.searchspring.io *.cookiepro.com *.livechatinc.com *.artifi.net *.maxmind.com *.bing.com *.pepperjam.com *.licdn.com *.criteo.com *.inspectlet.com *.ezup.com *.pardot.com *.envolvetech.com *.zoominfo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.boast.io *.bolt.com *.lightboxcdn.com *.jquery.com *.visa.com *.jsdelivr.net *.visualwebsiteoptimizer.com *.posthog.com *.transifex.net *.transifex.com *.id5-sync.com *.reddit.com *.redditstatic.com *.impactcdn.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.certcapture.com webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.lightboxcdn.com *.ezup.com *.visa.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com maps.googleapis.com chart.googleapis.com *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.ezup.com blob: *.bolt.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org *.payfabric.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://beacon.searchspring.io/beacon *.cookiepro.com *.searchspring.io geoip-js.com *.inspectlet.com *.doubleclick.net *.livechatinc.com *.oribi.io *.trustpilot.com *.criteo.com *.appspot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.zoominfo.com *.boast.io *.amazonaws.com *.bolt.com *.googlesyndication.com *.googleusercontent.com *.lightboxcdn.com *.linkedin.com *.visualwebsiteoptimizer.com *.transifex.net *.posthog.com *.reddit.com *.sjv.io *.clarity.ms 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mindr5xlt5-Q5SUwdZDVyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tXRDztdtmEGc-V1xa7GUOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com use.typekit.net *.adbr.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.cookiebot.com *.adbr.io *.googletagmanager.com *.cookiebot.eu *.criteo.com *.lightwidget.com *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://cdn.clerk.io *.google.it *.zopim.io *.adbr.io *.adabra.com *.bing.com img.sct.eu1.usercentrics.eu *.clarity.ms *.bidswitch.net *.criteo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthisedge.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://api.clerk.io https://cdn.clerk.io *.cookiebot.com *.cookiebot.eu fullstory.com assets.zendesk.com static.zdassets.com cdn.jsdelivr.net *.adbr.io *.cloudflare.com *.reaktion.com *.clerk.io *.bing.com *.criteo.com *.clarity.ms *.lightwidget.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.scalapay.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com *.typekit.net *.adbr.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cookiebot.com *.g.doubleclick.net *.googlesyndication.com *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.adbr.io *.reaktion.com *.bing.com *.criteo.com *.clarity.ms *.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-HRHT5SSYWcWM-Kxyf4ZyWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
base-uri 'none'; form-action 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org; connect-src 'self' cdn.transcend.io gtm.mozilla.org https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io js.stripe.com s.ytimg.com tagmanager.google.com transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; default-src 'self' *.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; font-src 'self' www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.mozilla.org 1
default-src 'self' 'unsafe-inline'  forms-na1.hsforms.com staticcontent.fxstreet.com https://www.youtube.com  https://assets.app.lmax.com https://login-lmax.my.site.com https://img.youtube.com https://mtfclosingprices.lmax.com; font-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; frame-src 'self'  forms-na1.hsforms.com staticcontent.fxstreet.com https://www.youtube.com  https://assets.app.lmax.com https://login-lmax.my.site.com https://img.youtube.com https://mtfclosingprices.lmax.com; img-src 'self'  forms-na1.hsforms.com staticcontent.fxstreet.com https://www.youtube.com  https://assets.app.lmax.com https://login-lmax.my.site.com https://img.youtube.com https://mtfclosingprices.lmax.com data:; connect-src *; frame-ancestors 'self'  forms-na1.hsforms.com staticcontent.fxstreet.com https://www.youtube.com  https://assets.app.lmax.com https://login-lmax.my.site.com https://img.youtube.com https://mtfclosingprices.lmax.com; media-src 'self'  forms-na1.hsforms.com staticcontent.fxstreet.com https://www.youtube.com  https://assets.app.lmax.com https://login-lmax.my.site.com https://img.youtube.com https://mtfclosingprices.lmax.com data:; style-src-elem 'unsafe-inline' *; report-uri https://www.silicontrade.uk/wp-json/csp/v1/report; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/, https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' data: https://beta.idabot.net/webchat/v4-1/comp-pro/Comp-Pro/css/*; img-src 'self' data: s.w.org ps.w.org ts.w.org; font-src 'self' data: ; block-all-mixed-content; report-uri https://www.comp-pro.de?gdsih-csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com widget.freshworks.com; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com use.fontawesome.com widget.freshworks.com; img-src 'self' data: *.climateinteractive.org www.googletagmanager.com www.gstatic.com widget.freshworks.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' www.google-analytics.com widget.freshworks.com climateinteractive.freshdesk.com; child-src www.google.com www.youtube.com app.mapline.com; report-to /csp-reports 1
default-src 'self'; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: 		consent.cookiefirst.com 		*.hubspot.com 		*.hs-analytics.net 		*.hs-banner.com 		*.hsforms.net 		*.hs-scripts.com 		*.hsadspixel.net 		*.usemessages.com 		static.hsappstatic.net 		googleads.g.doubleclick.net 		tagmanager.google.com 		www.google.com 		www.googletagmanager.com 		www.googleoptimize.com 		www.gstatic.com 		*.clarity.ms 		*.hotjar.com 		track.gaconnector.com 		connect.facebook.net 		snap.licdn.com 		bat.bing.com 		www.redditstatic.com 		a.quora.com 		leadbooster-chat.pipedrive.com 		calendly.com 		assets.calendly.com 		cdn.jsdelivr.net 		cdn.demio.com 		cdn.dreamdata.cloud; 	connect-src 'self' data: wss://ws.hotjar.com 		*.cookiefirst.com 		*.hubspot.com 		api-eu1.hubapi.com 		forms-eu1.hsforms.com 		track.gaconnector.com 		region1.analytics.google.com 		region1.google-analytics.com 		stats.g.doubleclick.net 		pagead2.googlesyndication.com 		googleads.g.doubleclick.net 		*.google.com 		*.google.ee 		*.hotjar.com 		*.clarity.ms 		leadbooster-chat.pipedrive.com 		api.mapbox.com 		events.mapbox.com 		pixel-config.reddit.com 		bat.bing.com 		px.ads.linkedin.com 		www.facebook.com 		my.demio.com 		*.dreamdata.cloud; 	img-src 'self' data: 		googleads.g.doubleclick.net 		*.google.com 		*.google.ee 		*.googletagmanager.com 		*.gstatic.com 		*.hubspot.com 		*.hsforms.com 		secure.gravatar.com 		s.w.org 		ps.w.org 		www.admincolumns.com 		www.facebook.com 		q.quora.com 		alb.reddit.com 		*.ads.linkedin.com 		bat.bing.com 		ct.capterra.com; 	style-src 'self' 'unsafe-inline' 		api.fontshare.com 		fonts.googleapis.com 		fonts.gstatic.com 		*.googletagmanager.com 		tagmanager.google.com 		consent.cookiefirst.com 		calendly.com 		assets.calendly.com 		cdn.demio.com; 	font-src 'self' data: 		fonts.gstatic.com 		cdn.fontshare.com 		leadbooster-chat.pipedrive.com; 	frame-src 'self' 		*.google.com 		*.googletagmanager.com 		*.hubspot.com 		*.hsforms.com 		meet.evocon.com 		*.youtube.com 		*.youtube-nocookie.com; 	report-uri /csp-report.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-WS8PLybJ8VKggkzh4Ngvjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7A9bdjPOeDDNCvuDVE2Qsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.ksearchnet.com powertoolworld.co.uk *.powertoolworld.co.uk *.cloudflare.com *.google.co.uk *.google.com *.googleapis.com *.googleusercontent.com *.facebook.net data: *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.bugherd.com *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * powertoolworld.co.uk *.powertoolworld.co.uk *.google.co.uk *.google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.facebook.net *.geoplugin.net *.braintreegateway.com data: *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.clearpay.co.uk *.nosto.com *.nos.to js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * powertoolworld.co.uk *.powertoolworld.co.uk *.cloudflare.com *.google.co.uk *.gstatic.com *.googleapis.com *.googleusercontent.com *.facebook.net data: *.reviews.io *.braintreegateway.com *.kaptcha.com *.braintree-api.com *.geoplugin.net *.sharethis.com *.sharethis.mgr.consensu.org *.hotjar.com *.tagserve.com *.clic2buy.com *.clic2drive.com *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.afterpay.com *.clearpay.co.uk *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com powertoolworld.co.uk *.powertoolworld.co.uk *.cloudflare.com *.google.co.uk *.googleapis.com *.googleusercontent.com *.ytimg.com *.paypalobjects.com *.cloudfront.net *.payments-amazon.com *.cardinalcommerce.com *.reviews.io *.geoplugin.net *.postcodeanywhere.co.uk *.sharethis.com *.trackjs.com *.hotjar.com *.tagserve.com *.bing.com *.wisepops.com wisepops.net *.wisepops.net *.clarity.ms *.clic2buy.com *.clic2drive.com *.reviews.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com s7.addthis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com powertoolworld.co.uk *.powertoolworld.co.uk chimpstatic.com *.chimpstatic.com *.cloudflare.com *.cloudflareinsights.com *.trackedlink.net *.google.co.uk *.googleapis.com *.googleusercontent.com *.klevu.com data: *.reviews.io *.cardinalcommerce.com *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedweb.net *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.authorize.net *.cloudfront.net *.dynamicyield.com *.geoplugin.net *.postcodeanywhere.co.uk *.pcapredict.com *.sharethis.com *.trackjs.com cdn.jsdelivr.net *.hotjar.com *.tagserve.com *.zendesk.com *.zdassets.com static.zdassets.com *.zopim.com *.bing.com widget-mediator.zopim.com *.wisepops.com wisepops.net *.wisepops.net *.clarity.ms *.clic2buy.com *.clic2drive.com *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com cdn.xtento.com https://js.klevu.com https://www.powertoolworld.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.afterpay.com/ *.squarecdn.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com powertoolworld.co.uk *.powertoolworld.co.uk *.cloudflare.com *.google.co.uk *.google.com *.googleusercontent.com *.facebook.net data: *.cardinalcommerce.com *.paypal.com *.cloudfront.net *.reviews.io *.geoplugin.net *.postcodeanywhere.co.uk *.sharethis.com *.hotjar.com *.tagserve.com *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com powertoolworld.co.uk *.powertoolworld.co.uk *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com widget.freshworks.com m2epro.freshdesk.com api.addressy.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com powertoolworld.co.uk *.powertoolworld.co.uk *.cloudflare.com *.google.co.uk *.gstatic.com *.googleapis.com *.googleusercontent.com *.reviews.co.uk data: *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.braintreegateway.com *.bugsnag.com *.pusherapp.com ws.pusherapp.com *.bugherd.com *.geoplugin.net *.postcodeanywhere.co.uk *.sharethis.com *.trackjs.com *.hotjar.com *.hotjar.io *.tagserve.com *.zendesk.com *.zdassets.com static.zdassets.com *.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.wisepops.com wisepops.net *.wisepops.net *.clarity.ms *.clic2buy.com *.clic2drive.com *.cloudfront.net *.reviews.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com 'unsafe-inline' data: *.cloudflare.com mishimoto.nyc3.cdn.digitaloceanspaces.com *.mishimoto.com *.parastorage.com https://client.crisp.chat maxcdn.bootstrapcdn.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mishimoto.com *.mishimoto.com/checkout *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com *.sandbox.paypal.com creatives.attn.tv *.paypalobjects.com api.sandbox.braintreegateway.com *.google.com/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.klarna.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com 'self' 'unsafe-inline'; img-src 'unsafe-inline' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com *.certcapture.com *.google.com *.google.co.uk *.mishimoto.com *.bing.com *.clarity.ms *.cookielaw.org *.nyc3.cdn.digitaloceanspaces.com *.cloudimg.io https://image.crisp.chat magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.googleadservices.com *.googletagmanager.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.reddit.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.certcapture.com *.google-analytics.com *.googleadservices.com bam.nr-data.net *.sandbox.paypal.com *.bing.com *.mishimoto.com *.getbread.com *.breadpayments.com cdn.attn.tv *.attentivemobile.com *.clarity.ms *.cookielaw.org *.arkane.com *.nyc3.cdn.digitaloceanspaces.com *.hotjar.com cdnjs.cloudflare.com cdn.optimizely.com *.jquery.com https://client.crisp.chat *.disqus.com https://cdn.jsdelivr.net *.google.com/ connect.facebook.net *.googletagmanager.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com www.facebook.com graph.facebook.com business.facebook.com js.mollie.com assets.shipperhq.com wmvvz.mishimoto.eu cdn.bc0a.com *.logr-ingest.com *.lrkt-in.com *.redditstatic.com *.tapfiliate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.mishimoto.com mishimoto.nyc3.cdn.digitaloceanspaces.com *.parastorage.com https://client.crisp.chat https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.klarnacdn.net *.fontawesome.com assets.shipperhq.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com analytics.google.com *.googlesyndication.com stats.g.doubleclick.net *.sandbox.paypal.com bam.nr-data.net *.mishimoto.com/checkout *.mishimoto.com *.attn.tv *.clarity.ms events.attentivemobile.com *.cookielaw.org *.arkane.com *.optimizely.com *.jquery.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com rms.shipperhq.com wss://rms.shipperhq.com/ places.googleapis.com *.bc0a.com *.logr-ingest.com *.lrkt-in.com *.redditstatic.com *.reddit.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.adulttime.xxx *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.adulttime.xxx *.adulttime.com join.gammasecure.com; script-src 'self' *.adulttime.xxx *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.adulttime.xxx *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src  *.hotjar.com *.typekit.net *.sagepay.com *.globalpay.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.hotjar.com *.facebook.net *.facebook.com *.nosto.com *.nos.to *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/  *.hotjar.com  *.youtube.com *.addthis.com *.trustpilot.com *.facebook.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.bing.com *.google.com *.google.co.uk *.cutwel.co.uk https://images.unsplash.com *.trackedlink.net *.nosto.com *.nos.to *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.globalpay.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.gstatic.com *.googletagmanager.com  *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.trustpilot.com *.moatads.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.tctm.co *.bing.com *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.dynamicnumbers.mediahawk.co.uk *.nosto.com *.nos.to cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.typekit.net *.googleapis.com *.nosto.com *.nos.to cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.tctm.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com dn.mediahawk.co.uk *.nosto.com *.nos.to webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://127a7be8-dabe-43cf-ac5b-05045433d417.sansec.watch/; report-to report-endpoint; 1
font-src *.fontawesome.com fonts.gstatic.com https://geowidget.easypack24.net *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com *.alothemes.com *.magepow.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.twitter.com www.facebook.com connect.facebook.net 'self' graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors pay.google.com *.youtube.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.youtube.com *.youtube-nocookie.com pay.google.com apm.przelewy24.pl https://geowidget-app.inpost.pl/ *.twitter.com *.google.com *.addthis.com youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io github.blog https://images.unsplash.com * static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com www.google.pl *.gstatic.com ssl.ceneo.pl cdn.samito.co commerce-connector.com www.commerce-connector.com *.googleapis.com *.facebook.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js * sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.snrbox.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.snrcdn.net *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com http://127.0.0.1:63342 http://127.0.0.1:34567 https://maps.googleapis.com https://player.vimeo.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl google.com www.google.com pay.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.cloudflare.com *.twitter.com *.paypal.com bam.nr-data.net *.googleapis.com googleads.g.doubleclick.net *.saleago.com stats.g.doubleclick.net *.google-analytics.com *.snrbox.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com secure.payu.com merch-prod.snd.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://olimpstore.pl/; report-to report-endpoint; 1
object-src  'none'; connect-src 'self' *.playboyplus.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.playboyplus.com join.gammasecure.com; script-src 'self' *.playboyplus.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.playboyplus.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'none'; base-uri 'none'; report-uri /browser-report; report-to default; frame-ancestors 'none'; script-src https: 'unsafe-inline'; connect-src https:; style-src 'self' https://*.escapio.com 'unsafe-inline'; media-src data:; img-src https: data:; frame-src https:; font-src 'self' https://*.escapio.com https://fonts.gstatic.com data: 1
object-src 'none';base-uri 'self';script-src 'nonce-vU9i4KA5z9d__puXTFZg8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wit9CUX4n6_azXMVl8wkzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com widget-v4.tidiochat.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pagead2.googlesyndication.com tpc.googlesyndication.com td.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.stripe.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com tpc.googlesyndication.com cdnjs.cloudflare.com www.google.ee avatars.tidiochat.com maps.googleapis.com maps.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com self: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.cookie-script.com pagead2.googlesyndication.com widget-v4.tidiochat.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com code.tidio.co maps.googleapis.com *.googleapis.com *.google.com *.gstatic.com *.avada.io www.facebook.com graph.facebook.com business.facebook.com public.montonio.com js.stripe.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com widget-v4.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com wss://socket.tidio.co http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.sandbox-card-payments.montonio.com api.card-payments.montonio.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src socket.tidio.co stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.globalpay.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.trustpilot.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://270363f4-8181-4deb-9681-5d3de892b01b.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-jmT6emvME_U_G4s1MOSL0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src *.youtube.com 1
font-src fonts.gstatic.com use.typekit.net  use.typekit.net static.zip.co *.typekit.net *.australianplantsonline.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.omappapi.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.com bat.bing.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com  pos.baidu.com  *.baidu.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com  use.typekit.net  *.typekit.net *.australianplantsonline.com.au cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net  use.typekit.net *.typekit.net *.adobedtm.com *.australianplantsonline.com.au *.z.clarity.ms *.clarity.ms  rec.smartlook.com *.smartlook.com  t.cfjump.com *.cfjump.com *.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.com www.google.co.in *.google.co.in *.sc.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.googleadservices.com www.google-analytics.com  *.analytics.yahoo.com *.paypalobjects.com *.paypal.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ytimg.com static.afterpay.com site-assets.afterpay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io *.gstatic.com *.sandbox.paypal.com *.swagger.io *.afterpay.com *.facebook.com *.glopal.com *.glopalservice.com *.braintreegateway.com *.stamped.io d.adroll.com *.adroll.com c.bing.com *.bing.com *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com js-agent.newrelic.com *.newrelic.com *.sandbox.my.site.com hello.zonos.com *.zonos.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.app bat.bing.com *.adobe.net *.site.com dev-54ta5gq-6zoeclprllyye.ap-3.magentosite.cloud  'self' *.google.bg *.facebook.net *.doubleclick.net *.googlesyndication.com *.instant.one *.choosewine.com.au rec.smartlook.com t.cfjump.com img.youtube.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net t.zip.co cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com magefan.com cm.magefan.com *.disqus.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com https://tags.srv.stackadapt.com https://www.google.com.au/ads/ga-audiences/* https://www.google.com.au/ads/* data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.ytimg.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://api.addressfinder.io https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com  use.typekit.net typekit.net australianplantsonline.com.au *.australianplantsonline.com.au adobedtm.com adobe.com z.clarity.ms clarity.ms rec.smartlook.com smartlook.com  t.cfjump.com cfjump.com zip.co static.zipmoney.com.au zipmoney.com.au tagmanager.google.com google.com www.google.co.in adroll.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com bidswitch.net doubleclick.net casalemedia.com openx.net taboola.com outbrain.com pubmatic.com google-analytics.com 3lift.com rubiconproject.com google.co.in sc.omtrdc.net demdex.net dpm.demdex.net cm.everesttech.net everesttech.net magentocommerce.com widgets.magentocommerce.com googleadservices.com paypalobjects.com t.paypal.com paypal.com ftcdn.net behance.net p.typekit.net fpdbs.paypal.com fpdbs.sandbox.paypal.com ytimg.com validator.swagger.io static.afterpay.com site-assets.afterpay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io gstatic.com sandbox.paypal.com swagger.io afterpay.com facebook.com glopal.com glopalservice.com braintreegateway.com d.adroll.com c.bing.com bing.com googletagmanager.com ib.adnxs.com adnxs.com s3-us-west-2.amazonaws.com amazonaws.com js-agent.newrelic.com newrelic.com sandbox.my.site.com hello.zonos.com zonos.com front.optimonk.co optimonk.co qa.clevertar.app *.clevertar.com bat.bing.com cardinalcommerce.com optimonk.com a.omappapi.com googleapis.com unpkg.com magento-datasolutions.com omtrdc.net vimeocdn.com youtube.com magento-ds.com google.bg facebook.net googlesyndication.com trackedlink.net trackedweb.net ddlnk.net dotdigital-pages.com dhv2ziothpgrr.cloudfront.net yotpo.com yahoo.com instant.one addthis.com dnky.co dotdigital.internal pages.com adobe.net ccdc02.com downloads.mailchimp.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ *.magento-datasolutions.com portal.sandbox.clearpay.co.uk portal.clearpay.co.uk portal.sandbox.afterpay.com portal.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com s7.addthis.com *.instant.one *.choosewine.com.au *.winedirect.com.au *.adobedtm.com *.z.clarity.ms *.clarity.ms *.smartlook.com t.cfjump.com *.cfjump.com *.zip.co *.zipmoney.com.au *.adroll.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.google.co.in *.sc.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.ftcdn.net *.behance.net *.typekit.net *.sandbox.paypal.com *.swagger.io *.afterpay.com *.facebook.com *.glopal.com *.glopalservice.com *.braintreegateway.com *.stamped.io *.bing.com *.adnxs.com *.amazonaws.com *.newrelic.com *.sandbox.my.site.com *.zonos.com *.optimonk.co *.clevertar.app *.cardinalcommerce.com *.optimonk.com *.googleapis.com *.unpkg.com *.omtrdc.net *.dhv2ziothpgrr.cloudfront.net *.yotpo.com *.yahoo.com *.addthis.com *.dnky.co *.dotdigital.internal *.pages.com *.vimeo.com *.adobe.net *.ccdc02.com js.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com  pos.baidu.com  *.baidu.com *.disqus.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.cloudflare.com https://static.hotjar.com https://*.hotjar.com https://cdn.oribi.io https://*.srv.stackadapt.com https://*.tiktok.com https://qvdt3feo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com static.zip.co *.australianplantsonline.com.au *.a.omappapi.com *.clevertar.app *.choosewine.com.au *.cardinalcommerce.com *.googleapis.com *.googlesyndication.com *.dnky.co *.instant.one a.omappapi.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.winedirect.com.au *.yotpo.com unsafe-inline assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://*.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src  pos.baidu.com  *.baidu.com  use.typekit.net *.typekit.net *.australianplantsonline.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com dpe0djwch8671.cloudfront.net a.omappapi.com js.monitor.azure.com *.js.monitor.azure.com jfapiprod.optimonk.com cdn-limit.optimonk.com use.typekit.net  *.typekit.net bam.nr-data.net mcstaging.australianplantsonline.com.au because it violates the following Content Security Policy directive: "connect-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.telemetry-dev.adobe.io search-admin-ui.magento-ds.com telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io *.magento-datasolutions.com *.magento-ds.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com ekr.zdassets.com/ *.instant.one *.choosewine.com.au *.winedirect.com.au *.z.clarity.ms *.clarity.ms  stats.g.doubleclick.net *.g.doubleclick.net manager.eu.smartlook.cloud *.smartlook.com www.google.co.in *.adobedtm.com *.adobe.com rec.smartlook.com t.cfjump.com *.cfjump.com *.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.co.in *.sc.omtrdc.net *.demdex.net cm.everesttech.net *.everesttech.net *.magentocommerce.com widgets.magentocommerce.com *.googleadservices.com *.analytics.yahoo.com *.paypalobjects.com t.paypal.com *.paypal.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ftcdn.net *.behance.net p.typekit.net *.typekit.net fpdbs.paypal.com fpdbs.sandbox.paypal.com *.ytimg.com validator.swagger.io site-assets.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com cdn1.stamped.io checkout.paypal.com stamped.io *.gstatic.com *.sandbox.paypal.com *.swagger.io *.afterpay.com *.glopal.com *.glopalservice.com *.braintreegateway.com *.stamped.io d.adroll.com *.adroll.com c.bing.com *.bing.com *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com js-agent.newrelic.com *.newrelic.com *.sandbox.my.site.com hello.zonos.com *.zonos.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.app bat.bing.com api.omappapi.com front.optimonk.com australiaeast-1.in.applicationinsights.azure.com cdn-account.optimonk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.aptrinsic.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com api.amplitude.com https://*.tiktok.com https://*.srv.stackadapt.com https://metrics.hotjar.io wss://ws.hotjar.com/api/v2/client/ wss://ws.hotjar.com/* https://content.hotjar.io/* https://ap.stape.info/events/cb20d74d44e48d915aa610d100f8f55a4308145105fcf90c7be8fb07988b59db https://script.hotjar.com/modules.ddd41caee2adfc4aedb8.js https://script.hotjar.com https://script.hotjar.com/modules.* https://connect.facebook.net/en_US/fbevents.js https://www.googletagmanager.com/gtag/js 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.google.com use.fontawesome.com mktgen.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com webto.salesforce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.googletagmanager.com/ *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com targeting.voxus.tv editoradireito.api.useinsider.com gum.criteo.com fledge.us.criteo.com td.doubleclick.net static.criteo.net fast.player.liquidplatform.com mktgen.com.br anchor.fm podcasters.spotify.com w.soundcloud.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn.mundipagg.com api.pagar.me www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com newimgebit-a.akamaihd.net sync.srv.stackadapt.com sync-tm.everesttech.net dsp.adfarm1.adition.com ad.turn.com sync.aralego.com bat.bing.com log.api.useinsider.com px.ads.linkedin.com ad.360yield.com ib.adnxs.com www.google.com.br tags.bluekai.com sync.targeting.unrulymedia.com cm.adgrx.com r.casalemedia.com visitor.omnitagjs.com ads.yieldmo.com sync-t1.taboola.com rtb-csync.smartadserver.com x.bidswitch.net cm.g.doubleclick.net sync.1rx.io ads.stickyadstv.com www.ebitempresa.com.br cdn.pagarme.com s3.amazonaws.com i.liadm.com contextual.media.net exchange.mediavine.com c.bing.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com pixel.rubiconproject.com match.sharethrough.com gum.criteo.com s.ad.smaato.net dis.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com ade.clmbtech.com eb2.3lift.com e1.emxdgt.com fonts.gstatic.com public-prod-dspcookiematching.dmxleo.co creativecdn.com empresa.ebit.com.br mktgen.com.br cdn-loja.cursoforum.com.br match.adsrvr.org pixel-sync.sitescout.com cdn.aralego.net *.grupogen.com.br *.editoradodireito.com.br *.academiademedicina.com.br jelly.mdhv.io sync.ipredictive.com secure.adnxs.com sync.crwdcntrl.net pixel.tapad.com 1f2e7.v.fwmrm.net www.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page polyfill.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ 3ds2.pagar.me 3ds2-sdx.pagar.me www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.usebeon.io cdn.targeting.voxus.com.br www.googleoptimize.com a.omappapi.com analytics.tiktok.com targeting.voxus.com.br editoradireito.api.useinsider.com static.hotjar.com bat.bing.co tag.rmp.rakuten.com www.clarity.ms script.hotjar.com collect.vendavalida.com.br snap.licdn.com static.criteo.net sslwidget.criteo.com js-agent.newrelic.com imgs.ebit.com.br s3.amazonaws.com dynamic.criteo.com mktgen.com.br bat.bing.com cdn.siteblindado.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com c.usebeon.io a.omappapi.com use.fontawesome.com s3.amazonaws.com mktgen.com.br *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ mktgen.com.br 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com webfront-api.production.usebeon.io api.omappapi.com analytics.tiktok.com targeting.voxus.com.br api.voxus.tv logs-01.loggly.com api.reclameaqui.com.br newimgebit-a.akamaihd.net www.google.com.br bat.bing.com q.clarity.ms hit.api.useinsider.com collect.vendavalida.com.br px.ads.linkedin.com bam.nr-data.net measurement-api.criteo.com seal.siteblindado.com api.ipify.org content.hotjar.io *.hotjar.com z.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src secure.adnxs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.ib.de *.internationaler-bund.de ib-redaktion-staging.rmsdev.de; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' ib-staging.rmsdev.de *.internationaler-bund.de www.googleadservices.com *.ib.de *.raisenow.io *.raisenow.com *.raisenow.net *.stripe.com *.datatrans.com *.spreedly.com *.paypal.com *.jsdelivr.net ib-redaktion-staging.rmsdev.de *.cookiebot.com googleads.g.doubleclick.net www.google.de www.googletagmanager.com connect.facebook.net *.cookiebot.eu altruja.de *.altruja.de *.readspeaker.com *.freiwillig24.de *.emailsys1c.net *.unpkg.com unpkg.com flockler.com *.flockler.com flocklr.com *.flocklr.com *.fundraisingbox.com *.emailsys1a.net 'report-sample'; img-src 'self' data: *.ytimg.com *.emailsys1c.net ib-redaktion-2.rmsdev.de *.internationaler-bund.de www.google.de *.raisenow.io *.raisenow.com *.raisenow.net www.google.com *.jsdelivr.net www.googletagmanager.com *.ib.de ib-redaktion-staging.rmsdev.de www.facebook.com *.cookiebot.com *.cookiebot.eu *.usercentrics.eu www.entwicklungsdienst.de *.altruja.de *.openstreetmap.org *.twimg.com flockler.com *.flockler.com flocklr.com *.flocklr.com *.cdninstagram.com *.fbcdn.net *.fundraisingbox.com *.emailsys1a.net https://translate.google.com; base-uri 'self'; frame-src 'self' *.cookiebot.com *.cookiebot.eu www.facebook.com www.googletagmanager.com *.youtube-nocookie.com *.raisenow.io *.raisenow.com *.raisenow.net *.stripe.com *.datatrans.com *.spreedly.com *.paypal.com td.doubleclick.net fonts.gstatic.com googleapis.com www.google.com *.emailsys1c.net freiwillig24.de *.freiwillig24.de *.emailsys1a.net *.altruja.de flockler.com *.flockler.com flocklr.com *.flocklr.com *.cloudflarestream.com *.fundraisingbox.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.readspeaker.com use.fontawesome.com *.freiwillig24.de *.emailsys1c.net *.jsdelivr.net *.raisenow.io *.raisenow.com *.raisenow.net 'report-sample'; font-src 'self' data: use.fontawesome.com *.raisenow.io *.raisenow.com *.raisenow.net *.emailsys1a.net; media-src 'self' *.flockler.com *.flocklr.com *.twimg.com; object-src 'self' data:; connect-src 'self' *.internationaler-bund.de *.ib.de *.altruja.de stats.g.doubleclick.net *.raisenow.io *.raisenow.com *.raisenow.net *.stripe.com *.datatrans.com *.spreedly.com *.paypal.com www.facebook.com googleads.g.doubleclick.net region1.analytics.google.com www.google.com *.cookiebot.com *.cookiebot.eu *.friendlycaptcha.eu *.friendlycaptcha.com *.readspeaker.com *.openstreetmap.org formbuilder.online *.flockler.com *.flockler.app flocklr.com *.flocklr.com *.emailsys1c.net *.emailsys1a.net *.rm-solutions.de; frame-ancestors 'self' https://ibiks.ibrz.de *.internationaler-bund.de *.rmsdev.de; report-uri https://www.internationaler-bund.de/@http-reporting?csp=report&requestTime=1773717015358087&requestHash=691ae67e8be3c2be5c344fe5993af709f6807837 1
default-src 'self' https://*.lekker.de; base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' https://*.lekker.de https://*.usercentrics.eu https://*.adtelligence.de https://portal.reonic.de https://maps.googleapis.com https://*.dvinci-hr.com https://*.contentsquare.net https://*.contentsquare.com https://heapanalytics.com https://*.clarity.ms https://*.adsrvr.org https://insight.adsrvr.org https://*.bing.com https://bat.bing.net https://*.facebook.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://stats.g.doubleclick.net https://www.google.com https://google.com https://www.google.de; font-src 'self' data: https://*.lekker.de https://*.trustedshops.com https://*.adtelligence.de https://portal.reonic.de https://static.dvinci-easy.com https://heapanalytics.com; form-action 'self' https://*.lekker.de https://*.facebook.com https://*.adtelligence.de; frame-ancestors 'self' https://*.lekker.de; frame-src 'self' https://*.lekker.de https://*.usercentrics.eu https://*.adsrvr.org https://insight.adsrvr.org https://match.adsrvr.org https://*.facebook.com https://www.youtube.com https://player.vimeo.com https://portal.reonic.de https://feedback.etrusted.com https://csxd.lekker.de https://*.contentsquare.com; img-src 'self' data: blob: https://*.lekker.de https://*.usercentrics.eu https://*.trustedshops.com https://*.facebook.com https://*.facebook.net https://*.contentsquare.net https://heapanalytics.com https://*.bing.com https://bat.bing.net https://o.adtriba.com https://insight.adsrvr.org https://stats.g.doubleclick.net https://*.adtelligence.de https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://www.google.de; media-src 'self' https://*.lekker.de blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lekker.de https://*.usercentrics.eu https://*.adtelligence.de https://portal.reonic.de https://apps.reonic.de https://ga.jspm.io https://*.trustedshops.com https://widgets.etrusted.com https://connect.facebook.net https://*.facebook.com https://*.clarity.ms https://*.bing.com https://cdn.adtriba.com https://js.adsrvr.org https://*.contentsquare.net https://app.contentsquare.com https://*.contentsquare.com https://cdn.heapanalytics.com https://heapanalytics.com https://static.dvinci-easy.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.lekker.de https://*.adtelligence.de https://portal.reonic.de https://*.usercentrics.eu https://static.dvinci-easy.com https://heapanalytics.com; report-uri /csp-report; worker-src 'self' blob: data:; report-to csp 1
object-src 'none';base-uri 'self';script-src 'nonce-87Q2dgtuBSRI2Wy8XskU6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; object-src 'none'; script-src 'strict-dynamic' 'report-sample' https: 'unsafe-inline' 'nonce-8496a5f318cda580cc145d36e9068ede'; report-uri https://o109800.ingest.sentry.io/api/1323222/security/?sentry_key=23c48c605cea4da7b42d295927d29b7a 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.googleapis.com https://*.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.cartmanager.net/images2/ssl_go_daddy.gif https://images.scanalert.com/meter/www.cartmanager.net/13.gif https://*.typekit.net https://*.google.co.in https://*.gatedepot.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.paypalobjects.com *.gstatic.com *.google.co.in *.googletagmanager.com https://www.googletagmanager.com *.paypal.com https://www.clickcease.com/monitor/stat.js https://*.appspot.com https://*.typekit.net https://cdn-cookieyes.com/client_data/5e30f087baee50072105f125/script.js https://cdn.ampproject.org/v0/amp-analytics-0.1.js *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://use.fontawesome.com/releases/v5.7.1/css/all.css https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.clarity.ms https://c.bing.com; block-all-mixed-content; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' data: *.intercom.io *.sentry.io wss://nexus-websocket-a.intercom.io https://stats.g.doubleclick.net *.clarity.ms track.hubspot.com  static.cloudflareinsights.com vimeo.com; font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-ancestors 'self'; frame-src 'self' youtube.com www.youtube-nocookie.com challenges.cloudflare.com player.vimeo.com; img-src 'self' data: image-cdn.bankoflamps.com i.ytimg.com c.bing.com *.clarity.ms  i.vimeocdn.com; media-src 'self' blob-cdn.bankoflamps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com 'nonce-22QRy0YvC1qJXgeqZyd8TCL4l0et6AaGLTbnMaSNxyk=' static.cloudflareinsights.com challenges.cloudflare.com https://js.intercomcdn.com https://widget.intercom.io *.clarity.ms track.hubspot.com 'nonce-5EqEZnONJGumAZvtGgOjaw=='; style-src 'self' 'unsafe-inline'; report-uri /csp/report; worker-src 'self' blob: 1
font-src *.googleapis.com *.gstatic.com 'self' data: oct8necdneu.azureedge.net *.oct8ne.com *.fontawesome.com *.punchout2go.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com 'self' data: *.twitter.com *.facebook.com vendedoreswurth.aclonline.es *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com youtube.com *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.vimeo.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com *.twitter.com *.google.com *.addtoany.com *.facebook.com *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com https://images.unsplash.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.punchout2go.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.cookielaw.org *.magentocommerce.com *.wuerth.com vendedoreswurth.aclonline.es wurth.aclonline.es cdn.connectif.cloud *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com media.witglobal.net *.media.wuerth.com http://media.wuerth.com https://*.clarity.ms https://*.bing.com *.wurth.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.nr-data.net *.facebook.net *.bing.com *.googlesyndication.com https://maps.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.connectif.cloud *.addtoany.com *.cookielaw.org *.doubleclick.net *.jsdelivr.net *.jquery.com *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com https://*.clarity.ms *.newrelic.com *.onetrust.com bat.bing.com bat.bing.net analytics.tiktok.com *.paypalobjects.com *.sandbox.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.nr-data.net *.cookiebot.com *.googlesyndication.com *.bing.com https://maps.googleapis.com https://player.vimeo.com http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.punchout2go.com *.cloudflare.com *.twitter.com *.twimg.com *.cookielaw.org *.doubleclick.net *.analytics.google.com *.connectif.cloud *.facebook.com compliance.wurth.es *.reskyt.com https://*.launchdarkly.com https://*.mixpanel.com https://*.mxpnl.com https://*.twilio.com wss://*.twilio.com *.wuerth.com https://*.clarity.ms *.newrelic.com *.onetrust.com bat.bing.com bat.bing.net analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src-attr 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.voltlighting.com *.google.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com voltlighting.com *.voltlighting.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com amc.demdex.net fast.amc.demdex.net nsg.symantec.com *.hotjar.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com voltlighting.com nytrng.com *.attn.tv *.guarantee-cdn.com *.fls.doubleclick.net *.googlesyndication.com td.doubleclick.net app.fastbots.ai 12521576.fls.doubleclick.net ssl.kaptcha.com www.youtube.com www.google.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.weltpixel.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.voltlighting.com *.googleusercontent.com *.google.com *.klevu.com bat.bing.com www.facebook.com connect.facebook.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com nsg.symantec.com *.wpengine.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com voltlighting.com *.voltlighting.com *.trackedlink.net *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net wt.rqtrk.eu id5-sync.com *.paypalobjects.com track.hubspot.com d7keiwzj12p9.cloudfront.net ad.doubleclick.net adservice.google.com cdn-assets.affirm.com s3.amazonaws.com m.media-amazon.com 'self' blob: cdn.bfldr.com storage-us-gcs.bfldr.com cdn.userway.org yt3.ggpht.com www.youtube.com www.gstatic.com guarantee-cdn.com volt.dev csi.gstatic.com cm.everesttech.net graph.facebook.com business.facebook.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.ksearchnet.com https://redchamps.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js-na1.hs-scripts.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net *.doubleclick.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms *.lfeeder.com shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com *.google.co.in *.trackedlink.net *.googleadservices.com *.trackedweb.net *.authorize.net *.sandbox.paypal.com analytics.tiktok.com tpc.googlesyndication.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com *.cardinalcommerce.com static.elfsight.com js.hscollectedforms.net js.usemessages.com cdn.userway.org api.userway.org bigsur.ai consents-cf.bc0a.com d2mjzob2nc713b.cloudfront.net cdn1.affirm.com pixel.api.blokid.com addshoppers.s3.amazonaws.com shopper.shop.pe static.cloudflareinsights.com r.wdfl.co static-na.payments-amazon.com ssl.kaptcha.com *.adobe.com *.facebook.com *.google-analytics.com js.klevu.com app.fastbots.ai apis.google.com cdn.bc0a.com connect.facebook.net static.doubleclick.net www.google.com www.gstatic.com js-agent.newrelic.com cdn.nytrng.com universe-static.elfsightcdn.com graph.facebook.com business.facebook.com https://maps.googleapis.com maps.googleapis.com *.ksearchnet.com *.kaptcha.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com display.ugc.bazaarvoice.com www.voltlighting.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net *.socialannex.com *.amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com cdn.userway.org app.fastbots.ai *.fontawesome.com www.youtube.com *.ksearchnet.com *.tagmanager.google.com *.googletagmanager.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com bat.bing.com *.gstatic.com *.amazonaws.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.visualwebsiteoptimizer.com *.amplighting.com *.voltlighting.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net events.attentivemobile.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io *.blackcrow.ai *.authorize.net core.service.elfsight.com *.hubspot.com *.hscollectedforms.net *.elfsight.com *.safeopt.com voltlighting.wpengine.com ixfd2-api.bc0a.com statsjs.klevu.com voltlighting.tt.omtrdc.net www.affirm.com cdn-assets.affirm.com api.prod.bigsur.ai voltlighting.attn.tv firebaseremoteconfig.googleapis.com app.shop.pe dp70uvwpivouv.cloudfront.net api.userway.org cdn.userway.org cdn77.api.userway.org apay-us.amazon.com shopper.shop.pe ssl.kaptcha.com *.resolvepay.com www.youtube.com googleads.g.doubleclick.net jnn-pa.googleapis.com play.google.com app.fastbots.ai bam.nr-data.net www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com *.klevu.com *.kaptcha.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src www.voltlighting.com www.google-analytics.com pixel.tracking.blokid.com www.google.com bat.bing.com events.attentivemobile.com commerce.adobedc.net network-a.bazaarvoice.com apay-us.amazon.com app.fastbots.ai bam.nr-data.net tracker.affirm.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://fonts.gstatic.com https://use.fontawesome.com https://cdn.nlpg.com https://cdn.masterbooks.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.masterbooks.com *.nlpg.com self https: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.youtu.be *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net *.masterbooks.com *.nlpg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.youtu.be *.img.youtube.com *.trackedlink.net www.facebook.com https://online.flippingbook.com https://*.cloudfront.net https://*.masterbooks.com https://*.nlpg.com *.google.com.ar *.google.com *.googletagmanager.com https://cdn-cookieyes.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.noibu.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.zdassets.com https://online.flippingbook.com https://*.cloudfront.net https://cdn.nlpg.com https://cdn.masterbooks.com *.googletagmanager.com app.viralsweep.com https://cdn-cookieyes.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com connect.facebook.net twitter.com platform.twitter.com static.addtoany.com *.gstatic.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.nlpg.com https://cdn.masterbooks.com *.googletagmanager.com *.googleapis.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com *.youtu.be *.img.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ekr.zdassets.com https://fbo-b.flippingbook.com https://nlpg.zendesk.com wss://input.noibu.com *.noibu.com *.doubleclick.net https://cdn.nlpg.com https://cdn.masterbooks.com https://www.google.com.ar https://www.facebook.com *.cookieyes.com https://cdn-cookieyes.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com stats.addtoany.com www.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://53272415-ac62-4480-bded-0011a34ac7cd.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://css.zohocdn.com/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://*.hotjar.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com/ https://0merchantacsstag.cardinalcommerce.com/ https://1merchantacsstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://widget.reviews.co.uk/ https://gum.criteo.com/ https://*.hotjar.com/ https://www.paypalobjects.com/ https://c.sandbox.paypal.com/ https://tst.kaptcha.com/ *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com/ https://www.google.co.uk/ https://bat.bing.com/ https://www.facebook.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://cm.g.doubleclick.net/ https://r.casalemedia.com/ https://ad.360yield.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://ad.yieldlab.net/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.sxp.smartclip.net/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ https://rtb-csync.smartadserver.com/ https://widget.eu.criteo.com/ https://assets.reviews.io/ https://matching.ivitrack.com/ https://www.lyco.co.uk/ https://uat.lyco.co.uk/ https://c.sandbox.paypal.com/ https://services.postcodeanywhere.co.uk/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.hotjar.com/ https://imgs.cdn-btsg.com/ https://secure.adnxs.com/ https://bam.nr-data.net/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com bat.bing.com https://connect.facebook.net/ https://static.criteo.net/ https://widget.reviews.co.uk/ https://salesiq.zoho.eu/ https://analytics.webgains.io/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://*.hotjar.com/ https://sslwidget.criteo.com/ https://js-agent.newrelic.com/ https://js.zohocdn.com/ https://bam.nr-data.net/ https://widget.eu.criteo.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://lycod11120.pcapredict.com/ https://services.postcodeanywhere.co.uk/ https://track.webgains.com/ https://songbirdstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com https://css.zohocdn.com/ https://widget.reviews.co.uk/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://services.postcodeanywhere.co.uk/ https://*.hotjar.com/ data: *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.wepowerconnections.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net/ https://l.clarity.ms/ https://salesiq.zoho.eu/ wss://vts.zohopublic.eu/ https://bam.nr-data.net/ https://salesiq.zohopublic.eu/ https://vts.zohopublic.eu/ https://api-cache.reviews.co.uk/ https://api.reviews.co.uk/ https://k.clarity.ms/ https://a.clarity.ms/collect https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://api.reviews.io/ https://services.postcodeanywhere.co.uk/ https://api.webgains.io/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ https://writer.cardinalcommerce.com/ https://m1.openfpcdn.io/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://ekr.zdassets.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bfbb229d-bd4f-43f8-9f4d-4b9425ab248a.sansec.watch/; report-to report-endpoint; 1
font-src *.paypalobjects.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.cookiebot.com *.doubleclick.net *.pinterest.com *.pinterest.co.uk *.bat.bing.com *.paypalobjects.com *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com *.clearpay.co.uk *.trackedlink.net www.feedoptimise.com cdn.feedoptimise.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.doubleclick.net *.ometria.com *.pinterest.com *.pinterest.co.uk *.bat.bing.com *.connect.facebook.net *.clarity.ms *.google.com *.google.co.uk *.googletagmanager.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.feedoptimise.com cdn.feedoptimise.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.bing.com *.cookiebot.com *.dwin1.com *.googleoptimize.com *.ometria.com *.pinimg.com *.trustpilot.com *.connect.facebook.net *.bat.bing.com *.d.impactradius-event.com *.zdassets.com *.clarity.ms *.pinterest.com *.pinterest.co.uk *.impactcdn.com *.grahamandgreen.pxf.io grahamandgreen.pxf.io cdn.jsdelivr.net *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cookiebot.com *.doubleclick.net *.ometria.com *.pinterest.com *.pinterest.co.uk *.trustpilot.com *.clarity.ms *.grahamandgreen.pxf.io grahamandgreen.pxf.io *.bing.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pinterdev.com commerce-app.pintergration.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://belco-prod.s3-eu-central-1.amazonaws.com https://cdn.flbx.io https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://cdn.belco.io https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.avada.io *.shopify.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://*.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com wss://chat.belco.io https://cdn.belco.io https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fgnurL21ikPUQ-UvEYuFmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cjZugdObhXAVzFMbJaPAYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; report-to csp-endpoint; report-uri https://www.llb.li/rest/weak/logs/csp-reports 1
default-src * data: blob: ; script-src 'nonce-5e67e4807bf36aee823e56e3d7ddc2ef' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.realmusic.ru https://www.realrocks.ru https://*.realmusic.ru https://*.realrocks.ru https://s.ytimg.com https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.gstatic.com https://*.google.ru https://www.googletagmanager.com https://googletagmanager.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://unpkg.com/ https://cdn.jsdelivr.net https://code.jquery.com ; script-src-attr 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdn.jsdelivr.net ; media-src 'self' about: https://*.realrocks.ru https://*.realmusic.ru ; frame-ancestors 'self' https://vk.com https://*.vk.com https://away.vk.com https://www.vk.com ; report-uri /report-to.php ; report-to csp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com unsafe-inline *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.mastercard.com *.gateway.mastercard.com *.klaviyo.com *.google-analytics.com *.google.com *.google.com.lb *.livechatinc.com *.gstatic.com *.googleapis.com *.facebook.net *.facebook.com *.usercentrics.eu *.doubleclick.net *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; img-src 'self' https: data:; font-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; upgrade-insecure-requests 1
font-src *.googleapis.com *.gstatic.com https://stackpath.bootstrapcdn.com data: https://provape.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.agechecker.net https://cdn.userway.org *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com https://verifypass.com https://vars.hotjar.com https://cdn.userway.org https://widget.trustpilot.com 'unsafe-inline' data: *.google.com *.google.com.ua *.google.co.uk www.facebook.com platform.twitter.com *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://provape.com https://www.google.com.ua https://www.google.com  https://www.google.nl https://shareasale.com https://cdn.routeapp.io https://www.google.co.uk https://img.agechecker.net https://cdn.userway.org https://c.clarity.ms https://c.bing.com *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cache.validage.com cloud.validage.com https://cdn.agechecker.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://searchserverapi.com https://static.cloudflareinsights.com https://static.zdassets.com https://www.googletagmanager.com https://www.dwin1.com https://cdn.clerk.io https://api.clerk.io https://static.hotjar.com https://script.hotjar.com https://ajax.cloudflare.com https://d5yoctgpv4cpx.cloudfront.net https://cdn.userway.org https://cdn.verifypass.com https://www.clarity.ms https://cdnjs.cloudflare.com https://widget.trustpilot.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.googletagmanager.com *.doubleclick.net *.avada.io connect.facebook.net twitter.com platform.twitter.com *.authorize.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cache.validage.com cloud.validage.com static-tracking.klaviyo.com unsafe-inline fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com https://stackpath.bootstrapcdn.com https://provape.com https://cdn-asset.optimonk.com https://cdn.userway.org https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cache.validage.com cloud.validage.com https://vc.hotjar.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://provape.zendesk.com wss://widget-mediator.zopim.com https://cdn77.api.userway.org https://in.hotjar.com wss://ws30.hotjar.com https://front.optimonk.com https://jfapiprod.optimonk.com https://cdn-renderer.optimonk.com wss://ws.hotjar.com https://content.hotjar.io https://api.agechecker.net https://api.userway.org https://cdn.userway.org https://q.clarity.ms https://o.clarity.ms ekr.zdassets.com/ *.google-analytics.com *.google.com https://get.geojs.io *.avada.io *.authorize.net api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'nonce-oGD6yloiG14-mHGqOieOBg' 'strict-dynamic' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.paddle.com *.fontawesome.com; media-src 'self' data: *.masterenglish.com; img-src 'self' blob: data: https: *.twitter.com t.co; connect-src 'self' https: data:; font-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' www.facebook.com; frame-src *.paddle.com *.facebook.com *.pinterest.com *.google.com; frame-ancestors 'none'; upgrade-insecure-requests; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com 'sha256-F+QMJISS2IIkRUd2a+c+u1owMqMSoidCaHFDAmzUgOo=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-yZHeusBmoqYSsqdm5ylf993dfqVyosFaYa5gueKZDsA=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-tYfO42nmjgLnGFpnKZhoGOgw7wYzBfiiMQiHjx6Nrb8=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-tyAON9m1qi6ohM3o0cg46Xtvsbb30/ToTMjyUycPU1Y=' 'sha256-fPXetwWx4258jL256OrNtQQyvFVR4/BotkeZKtfk54Q=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-n1mhU8dmPJrwvRiPgHP/YQB7tK6Kx4rupnPq6FBFios=' 'sha256-qcT/R0HkWUs2DMxvtvcMobUms6Z5/fPtfgUe2hN67gE='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com https://sourcemap.devowl.io https://sourcemap.devowl.io/real-media-library/4.22.47/adb9a2f4ef22d5d85978840bd322bf76/index.js.map www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://my.mediahub.bnpparibas/AssetLink/1cwfu8n4ki414p6d240ff18r41ver00j.mp4 https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com blob: https://fxplus.bnpparibas.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 1merchantacsstag.cardinalcommerce.com payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com/ webservices.securetrading.net cdn.eu.trustpayments.com brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://ebizmarts-website.s3.amazonaws.com www.opayo.co.uk www.sagepay.co.uk https://firebasestorage.googleapis.com gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://magento.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com *.avada.io webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://www.google-analytics.com https://stats.g.doubleclick.net https://get.geojs.io *.avada.io o402164.ingest.sentry.io analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://s3.amazonaws.com https://request.purview.net https://chimpstatic.com https://js.hs-scripts.com https://player.vimeo.com https://scripts.mediavine.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-images.mailchimp.com https://cdn2.editmysite.com https://static.hsappstatic.net; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://cdn-images.mailchimp.com https://horosproject.us21.list-manage.com https://secure.gravatar.com https://cdn2.editmysite.com https://track.hubspot.com; frame-src https://horosproject.us21.list-manage.com https://player.vimeo.com; connect-src 'self' https://request.purview.net https://www.google-analytics.com https://track.hubspot.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://horosproject.us21.list-manage.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /csp-violation-report-endpoint/ 1
font-src cdn.jsdelivr.net fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://cdnjs.cloudflare.com *.fontawesome.com *.klarna.com *.klarnacdn.net usizy-media.s3.eu-west-1.amazonaws.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.klarna.com *.klarnaservices.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com cdn.doofinder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.jsdelivr.net magefan.com cm.magefan.com *.ekinsport.com *.klarna.com *.klarnacdn.net *.klarnaevt.com media.usizy.es static.usizy.es https://*.googleapis.com https://maps.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com cdn.jsdelivr.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com cdn.doofinder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com *.jsdelivr.net https://polyfill-fastly.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com static.axept.io static.usizy.es media.usizy.es sgtm.ekinsport.com https://*.googleapis.com *.alothemes.com *.magepow.com cdn.brevo.com sibautomation.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.jsdelivr.net *.klarna.com *.klarnacdn.net static.usizy.es *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.getalma.eu *.google-analytics.com *.facebook.com *.facebook.net *.doofinder.com wss://*.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://*.ingest.sentry.io *.klarnaservices.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaevt.com client.axept.io api.axept.io usizy.com media.usizy.es https://*.googleapis.com *.alothemes.com *.magepow.com in-automate.brevo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-S86YrUa24JLdZv5llrRf6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: https://static.zdassets.com; img-src * data: https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://cdn.segment.com https://widget.trustpilot.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://static.zdassets.com https://assets.zendesk.com https://*.smartlook.com https://*.smartlook.cloud https://connect.facebook.net https://*.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com; style-src-attr 'unsafe-inline'; connect-src 'self' ws: wss: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.segment.io https://cdn.segment.com https://axiorysupport.zendesk.com https://ekr.zdassets.com https://api2.amplitude.com https://*.smartlook.com https://*.smartlook.cloud https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://9454045.fls.doubleclick.net https://widget.trustpilot.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-6K0b5ekWNxgBHWlwHzO0KQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com.mx/api/csp-report; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com https://static.klaviyo.com *.cloudfront.net *.aws.dev *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de yotpo.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net www.facebook.com *.affirm.com *.affirm.ca *.weltpixel.com www.xtento.com landofcoder.com yotpo.com order.buywithprime.amazon.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.twitter.com *.ads-twitter.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.affirm.com *.affirm.ca www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com yotpo.com https://cdn.cookielaw.org *.aws.dev https://dev.visualwebsiteoptimizer.com https://assets.adobedtm.com https://www.medalsofamerica.com http://www-stg.medalsofamerica.com http://moaopensource.mw2consulting.com/ http://www.mw2consulting.com/ connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.fbcdn.net *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.twitter.com *.ads-twitter.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com landofcoder.com yotpo.com https://order.buywithprime.amazon.com *.hiconversion.com globalshopex.com https://cdn.cookielaw.org https://loader.wisepops.com https://wisepops.net *.cloudfront.net https://shop.pe https://shopper.shop.pe https://seal.networksolutions.com https://cdn.noibu.com https://addstrap-ui.addshoppers.com https://addshoppers.s3.amazonaws.com https://dev.visualwebsiteoptimizer.com *.avada.io connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com yotpo.com *.cloudfront.net https://addstrap-ui.addshoppers.com *.aws.dev *.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline';, manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.twitter.com *.ads-twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com landofcoder.com yotpo.com https://cdn.cookielaw.org https://app.shop.pe *.aws.dev https://geolocation.onetrust.com https://manage.safeopt.com *.obviyo.net https://featureassets.org https://prodregistryv2.org https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-3360d22570854bafe926ba39fad655781fb7d969366f8849ab1f45f730d62964' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.trustedshops.com *.eichholtz.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * www.google.com *.googletagmanager.com *.appspot.com *.cookiebot.com *.eichholtz.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com * maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com https://scontent.cdninstagram.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.elfsight.com *.cloudflare.com *.googleadservices.com *.twitter.com *.pingdom.net *.appspot.com *.cookiebot.com *.facebook.com *.eichholtz.com *.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com tagmanager.google.com *.sharethis.com *.elfsight.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.chimpstatic.com chimpstatic.com *.pingdom.net *.appspot.com *.cookiebot.com *.eichholtz.com *.hotjar.com *.clarity.ms *.mxpnl.com *.mixpanel.com *.facebook.net *.cookieconsent.io *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.typekit.net tagmanager.google.com fonts.google.com *.elfsight.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.eichholtz.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://graph.instagram.com *.googletagmanager.com *.sharethis.com *.elfsight.com *.cloudflare.com *.twitter.com *.appspot.com *.cookiebot.com *.pingdom.net *.eichholtz.com *.hotjar.com *.hotjar.io *.clarity.ms *.mixpanel.com *.cookieconsent.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://luxuryflooring.co.uk https://www.google-analytics.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.analytics.google.com api.craftyclicks.co.uk *.omappapi.com bat.bing.com bat.bing.net https://bat.bing-int.com ct.pinterest.com ekr.zdassets.com stats.g.doubleclick.net www.roomvo.com *.nr-data.net www.facebook.com www.sandbox.paypal.com *.paypal.com display.popt.in https://www.instagram.com *.hubspot.com api.hubapi.com api.hubspot.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com https://a.klaviyo.com https://fast.a.klaviyo.com https://*.klaviyo.com https://*.veinteractive.com https://*.ve.com https://forms.hscollectedforms.net https://api.retargeted.co/ https://api.webgains.io https://logs.convertexperiments.com https://*.convertexperiments.com https://10041910.metrics.convertexperiments.com https://click.prod.mplat-ppcprotect.com https://pclick.prod.mplat-ppcprotect.com/ https://pclick.prod.mplat-ppcprotect.com https://luxury-flooring.s3.amazonaws.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://publicsuffix.org/list/public_suffix_list.dat https://www.clarity.ms https://*.bing.com https://*.clarity.ms https://api-js.datadome.co https://hubspot-forms-static-embed.s3.amazonaws.com https://www.googleadservices.com https://analytics.tiktok.com https://yoast.com/feed/widget/ https://api.bannercrowd.net https://analytics-ipv6.tiktokw.us ; font-src 'self' data: https://luxuryflooring.co.uk fonts.gstatic.com v2.zopim.com *.googleapis.com https://a.omappapi.com https://static.klaviyo.com ; form-action 'self' https://luxuryflooring.co.uk www.facebook.com ct.pinterest.com forms.hsforms.com forms.hubspot.com ; frame-src 'self' data: www.facebook.com www.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.google.in www.powr.io www.roomvo.com bid.g.doubleclick.net https://ct.pinterest.com/ tr.pinterest.com www.pinterest.co.uk www.pinterest.com www.pinterest.de www.pinterest.ie www.pinterest.se za.pinterest.com player.vimeo.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.wesupply.xyz *.weltpixel.com gsa://onpageload *.hubspot.com https://*.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.usemessages.com https://js.hsforms.net https://widget.trustpilot.com https://12301984.fls.doubleclick.net https://12506955.fls.doubleclick.net https://www.youtube.com https://consentcdn.cookiebot.com https://js.stripe.com https://td.doubleclick.net https://admin.revenuehunt.com https://event.getblue.io https://consentcdn.cookiebot.com https://impact.carma.earth https://www.youtube-nocookie.com ; frame-ancestors 'self' ; img-src 'self' data: https://luxuryflooring.co.uk bat.bing.com bat.bing.net www.facebook.com www.paypalobjects.com www.roomvo.com workers.cloudflare.com *.omappapi.com www.pinterest.com ct.pinterest.com log.pinterest.com www.instagram.com www.gstatic.com s.ytimg.com *.vimeocdn.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validate.fishpig.co.uk *.paypal.com *.roomvo.com www.xtento.com cdn.xtento.com connect.facebook.net img.luxuryflooringandfurnishings.co.uk secure.gravatar.com track.hubspot.com https://*.google.com https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.co.uk https://*.google.ie https://*.google.im https://www.googleadservices.com https://www.googletagmanager.com *.hubspot.com forms.hsforms.com *.nr-data.net https://share.hsforms.com https://perf.hsforms.com https://js.hsforms.net https://a.klaviyo.com https://static.klaviyo.com https://px.ads.linkedin.com https://www.linkedin.com https://prf.hn https://*.prf.hn https://12301984.fls.doubleclick.net https://ad.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://luxury-flooring.s3.amazonaws.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com/ https://*.googlesyndication.com https://c.bing.com https://*.clarity.ms https://*.ytimg.com https://forms-na1.hsforms.com https://*.convertexperiments.com https://admin.revenuehunt.com https://*.tribalfusion.com ; object-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' https://luxuryflooring.co.uk *.omappapi.com *.nr-data.net bat.bing.com bat.bing.net cdn.roomvo.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com static.cloudflareinsights.com cdnjs.cloudflare.com ajax.cloudflare.com static.zdassets.com www.google-analytics.com www.google.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.powr.io js-agent.newrelic.com *.nr-data.net maps.googleapis.com video.google.com www.youtube.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sagepay.com www.xtento.com cdn.xtento.com tagmanager.google.com a.omappapi.com s.pinimg.com apiv2.popupsmart.com ssl.google-analytics.com google.co.uk optimize.google.com www.google.co.uk cdn.popt.in https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com https://*.klarnacdn.net https://*.klarnaservices.com https://static-tracking.klaviyo.com https://static.klaviyo.com https://widget.trustpilot.com https://config1.veinteractive.com https://s.retargeted.co https://snap.licdn.com https://woobox.com https://cdn-4.convertexperiments.com https://js.stripe.com https://analytics.webgains.io https://admin.revenuehunt.com https://collect.bannercrowd.net https://client.prod.mplat-ppcprotect.com https://ct.pinterest.com https://event.getblue.io https://widget.getblue.io https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.clarity.ms https://analytics.fatmedia.io https://no-cdn.convertexperiments.com https://analytics.tiktok.com https://a.tribalfusion.com https://s.tribalfusion.com https://bat.bing-int.com https://cdn.jsdelivr.net/npm/swiper@11/ https://scripts.clarity.ms ; style-src 'self' 'unsafe-inline' https://luxuryflooring.co.uk fonts.googleapis.com www.googletagmanager.com *.googleapis.com tagmanager.google.com translate.googleapis.com optimize.google.com https://static.klaviyo.com https://a.omappapi.com https://*.veinteractive.com https://static-tracking.klaviyo.com https://cdn.jsdelivr.net/npm/swiper@11/ ; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com ; worker-src 'self' blob: ; default-src 'self' ; base-uri https://luxuryflooring.co.uk; report-uri https://uktf.report-uri.com/r/t/csp/reportOnly 1
report-uri https://abgtr7ca.uriports.com/reports/report; report-to default; connect-src 'self' https://vz-865b183f-ef4.b-cdn.net https://analytics.weddybird.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://s.pinimg.com https://ct.pinterest.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://connect.facebook.net https://api.refiner.io https://api.rollbar.com https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com; font-src 'self' https://cdn.wbsrv.de https://fonts.bunny.net data: https://fonts.gstatic.com https://beacon-v2.helpscout.net; frame-src 'self' https://preview.weddybird.com/ https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://td.doubleclick.net https://www.facebook.com https://www.facebook.net https://connect.facebook.net https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://beacon-v2.helpscout.net https://s.pinimg.com https://ct.pinterest.com https://js.refiner.io https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com https://sibforms.com/ https://*.sibforms.com/ bytedance: sslocal:; manifest-src 'self' https://weddybird.com/; media-src 'self' blob: https://vz-865b183f-ef4.b-cdn.net https://beacon-v2.helpscout.net; style-src 'self' 'unsafe-inline' https://cdn.wbsrv.de https://fonts.bunny.net https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://beacon-v2.helpscout.net https://js.refiner.io https://storage.refiner.io https://*.paypal.com https://*.paypalobjects.com https://*.venmo.com; form-action 'self' https://www.facebook.com https://www.mollie.com 1
default-src * data: blob: ; script-src 'nonce-cb22ddc92e6c139564ad7f75e4774d68' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.realmusic.ru https://www.realrocks.ru https://*.realmusic.ru https://*.realrocks.ru https://s.ytimg.com https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.gstatic.com https://*.google.ru https://www.googletagmanager.com https://googletagmanager.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://unpkg.com/ https://cdn.jsdelivr.net https://code.jquery.com ; script-src-attr 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdn.jsdelivr.net ; media-src 'self' about: https://*.realrocks.ru https://*.realmusic.ru ; frame-ancestors 'self' https://vk.com https://*.vk.com https://away.vk.com https://www.vk.com ; report-uri /report-to.php ; report-to csp 1
upgrade-insecure-requests ; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com *.mountain.com *.cloudfront.net *.reviews.io *.reviews.co.uk wordpress.mosherco.biz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com https://seo.mageplaza.com *.google.com *.mountain.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * wordpress.mosherco.biz 'self' 'unsafe-inline'; frame-ancestors wordpress.mosherco.biz 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.brsrvr.com cdn.brcdn.com bsapi-w.brsrvr.com *.powerreviews.com *.typekit.net *.calendly.com js.stripe.com www.recaptcha.net accounts.google.com nbf2021.my.site.com *.my.salesforce-scrt.com *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com app.vwo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * wordpress.mosherco.biz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.brsrvr.com *.bloomreach.cloud www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://www.magezon.com 3.21.189.22 *.wordpress.mosherco.biz *.scene7.com *.mountain.com *.nationalbusinessfurniture.com *.bbb.org *.google.hu *.igodigital.com *.powerreviews.com *.calendly.com *.facebook.com 172.31.16.67 *.cloudfront.net *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com wordpress.mosherco.biz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com cdn.brcdn.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kaptcha.com *.goadopt.io *.dxpapi.com *.brsrvr.com bsapi-w.brsrvr.com *.powerreviews.com *.calendly.com *.adobedtm.com *.cardinalcommerce.com *.paypal.com *.paypalobjects.com js.stripe.com *.google-analytics.com *.googletagmanager.com www.recaptcha.net accounts.google.com script.google.com script.googleusercontent.com *.clarity.ms cdn.segment.io *.pendo.io *.pcapredict.com *.yottaa.com *.brcdn.com cdn.ywxi.net *.hlx.page *.igodigital.com *.my.salesforce-scrt.com nbf2021.my.site.com *.invocacdn.com pnapi.invoca.net *.mountain.com connect.facebook.net cdn.sprig.com js.appboycdn.com unsafe-inline *.wordpress.mosherco.biz s7d9.scene7.com *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com app.vwo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com wordpress.mosherco.biz https://cdn.brcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.typekit.net *.powerreviews.com *.mountain.com *.calendly.com unsafe-inline *.wordpress.mosherco.biz *.cloudfront.net *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com app.vwo.com assets.braintreegateway.com wordpress.mosherco.biz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.scene7.com wordpress.mosherco.biz 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.dxpapi.com thm.visa.com *.kaptcha.com api.addressy.com *.goadopt.io *.brsrvr.com cdn.brcdn.com *.bsapi-w.brsrvr.com *.powerreviews.com *.calendly.com *.typekit.net *.mountain.com *.clarity.ms *.yottaa.net *.openstreetmap.org cdn.segment.io *.pendo.io *.facebook.net *.google-analytics.com script.google.com script.googleusercontent.com *.doubleclick.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.visualwebsiteoptimizer.com app.vwo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com wordpress.mosherco.biz 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com wordpress.mosherco.biz http: https: blob: 'self' 'unsafe-inline'; default-src *.powerreviews.com *.scene7.com *.mountain.com *.invocacdn.com *.pcapredict.com *.yottaa.com *.hlx.page *.igodigital.com *.google.com *.calendly.com *.visualwebsiteoptimizer.com app.vwo.com wordpress.mosherco.biz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://tr.snapchat.com/config/ https://connect.facebook.net/ https://sc-static.net/ https://unpkg.com/ https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://code.highcharts.com/ https://api.kartverket.no/ https://embed.typeform.com/ https://historier.ks.no/ https://*.vo.msecnd.net/ https://ajax.aspnetcdn.com/ https://code.jquery.com/ https://*.cloudfront.net/ https://*.gosquared.com/ https://web103.reachmee.com/ https://dl.episerver.net/ https://www.youtube.com/ https://cloud.highcharts.com/ https://e.infogram.com/ https://public.tableau.com/ https://s.infogram.com/ https://cloud-api.highcharts.com/ https://amp.azure.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com embed.typeform.com dl.episerver.net  amp.azure.net; img-src 'self' https://imgsct.cookiebot.com/  https://www.google-analytics.com/  https://px.ads.linkedin.com/  https://www.facebook.com/  https://www.googletagmanager.com/  https://i.ytimg.com/  https://px4.ads.linkedin.com/ https://historier.ks.no/  https://airtable.com/ https://*.airtable.com/ https://*.global.siteimproveanalytics.io/ https://ssl.siteimprove.com/ https://www.google.com/ https://www.google.no/ https://stats.g.doubleclick.net/ https://dl.episerver.net/; connect-src 'self' https://consentcdn.cookiebot.com/  https://region1.google-analytics.com/  https://www.google-analytics.com/  https://px.ads.linkedin.com/wa/  https://tr.snapchat.com/ https://tr6.snapchat.com/ https://statistikk.ks.no/ https://dc.services.visualstudio.com/ https://api.kartverket.no/ https://historier.ks.no/ https://cloud-api.highcharts.com/ https://dev.ks.statistikk.no/ https://statistikk-test.ks.no/  https://stats.g.doubleclick.net/ https://hotell.difi.no/ https://ws.geonorge.no/ https://cdn.linkedin.oribi.io/; font-src 'self' https://region1.google-analytics.com/ https://www.google-analytics.com/ https://px.ads.linkedin.com/wa/ https://tr.snapchat.com/p https://tr6.snapchat.com/p https://fonts.gstatic.com/s/materialicons/v143/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2 https://fonts.gstatic.com/s/materialicons/v143/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2; object-src 'self' ; media-src 'self' https://historier.ks.no/  https://airtable.com/  https://*.airtable.com/; frame-src 'self' https://consentcdn.cookiebot.com  https://tr.snapchat.com/  https://www.youtube.com/  https://player.pippa.io/  https://embed.acast.com/ https://e.infogram.com/ https://form.typeform.com/ https://learning.elucidat.com/ https://ahmonday.com/ https://www.ahmonday.com/ https://historier.ks.no/ https://airtable.com/ https://*.airtable.com/  https://consent.cookiebot.com/ https://login.windows.net/ https://login.microsoftonline.com/ https://app.everviz.com/ https://player.acast.com/  https://play.acast.com/ https://ksagenda.trippelm.tv/ https://ks-kart.carto.com/ https://video.qbrick.com/ https://player.vimeo.com/ https://vimeo.com/ https://livestream.com/ https://sway.cloud.microsoft/ https://sway.office.com/ https://app.powerbi.com/ https://web103.reachmee.com/ https://cloud.highcharts.com/ https://ivks.dev.bouvet.no/ https://youtube.com/ https://www.youtube.com/ https://ks-test.imagevault.app/ https://ks.imagevault.app/ https://iv.nytest.ks.no/ https://iv.nyprod.ks.no/ https://public.tableau.com/ https://s.infogram.com/ https://cloud-api.highcharts.com/ https://forms.office.com/ https://office.com/ https://create.plandisc.com/; child-src 'self' ; form-action 'self' ; frame-ancestors 'self' ; base-uri 'self' ; worker-src 'self' ; manifest-src 'self' ; navigate-to 'self' ;  report-uri https://www.ks.no/api/reporting/;  report-to csp-endpoint; 1
default-src 'self' *.scorito.com; frame-ancestors 'self' *.scorito.com; form-action 'self' *.scorito.com betalen.rabobank.nl *.wlp-acs.com *.arcot.com *.americanexpress.com *.paypal.com; script-src-elem 'unsafe-inline' blob: *.scorito.com *.cdn.adyen.com static.cloudflareinsights.com cdnjs.cloudflare.com *.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.youtube.com https://*.googlesyndication.com apis.google.com ajax.googleapis.com *.adtrafficquality.google *.hotjar.com *.leadinfo.net *.lfeeder.com snap.licdn.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net live.steam.eu.com app.termly.io sdk.privacy-center.org platform.twitter.com; script-src 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.scorito.com static.cloudflareinsights.com cdnjs.cloudflare.com https://*.gleap.io www.googletagmanager.com *.g.doubleclick.net www.google-analytics.com *.adtrafficquality.google snap.licdn.com *.nr-data.net js-agent.newrelic.com app.termly.io; img-src data: blob: *.scorito.com *.scorito-sports.com https://*.cdn.adyen.com https://*.gleap.io https://www.googletagmanager.com https://www.google.com www.google.nl https://i.ytimg.com www.googleadservices.com *.g.doubleclick.net https://*.googlesyndication.com fonts.gstatic.com *.adtrafficquality.google *.lfeeder.com *.ads.linkedin.com https://assets.morrizz.com *.podbean.com *.steam.eu.com https://syndication.twitter.com; style-src 'unsafe-inline' 'unsafe-hashes' *.scorito.com snap.licdn.com app.termly.io; style-src-elem 'unsafe-inline' *.scorito.com *.cdn.adyen.com fonts.googleapis.com live.steam.eu.com; connect-src data: *.scorito.com *.scorito-sports.com live-signalr.service.signalr.net wss://live-signalr.service.signalr.net *.adyen.com *.paypal.com static.cloudflareinsights.com *.gleap.io www.googletagmanager.com www.google.com *.googlesyndication.com *.google-analytics.com *.gstatic.com www.googleadservices.com *.analytics.google.com analytics.google.com *.g.doubleclick.net *.adtrafficquality.google *.hotjar.io *.hotjar.com *.leadinfo.net *.leadinfo.com *.ads.linkedin.com login.microsoftonline.com *.nr-data.net js-agent.newrelic.com feed.podbean.com live.steam.eu.com *.termly.io platform.twitter.com; font-src data: *.scorito.com fonts.gstatic.com; manifest-src *.scorito.com; media-src data: *.scorito.com https://*.gleap.io live.steam.eu.com; frame-src *.scorito.com *.cdn.adyen.com checkoutshopper-*.adyen.com *.wlp-acs.com betalen.rabobank.nl *.arcot.com *.americanexpress.com *.paypal.com https://*.gleap.io *.googletagmanager.com *.safeframe.googlesyndication.com cm.g.doubleclick.net youtube.com *.youtube.com *.adtrafficquality.google login.microsoft.com login.microsoftonline.com app.termly.io platform.twitter.com syndication.twitter.com; worker-src blob: *.scorito.com; report-uri https://cspviolations.scorito.com/report; report-to csp-endpoint; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: chrome-extension:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; report-uri /csp-report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.zopim.com *.zopim.io *.techgeese.com *.google.com *.klaviyo.com *.fabglassandmirror.com https://*.google.com *.yotpo.com *.convertexperiments.com *.flipsnack.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com *.yotpo.com https://*.google.com *.doubleclick.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors self *.youtube.com *.sandbox.paypal.com www.paypal.com *.twitter.com *.techgeese.com *.klaviyo.com *.adobe.com *.google.com *.yotpo.com *.flipsnack.com www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.techgeese.com *.klaviyo.com *.yotpo.com *.flipsnack.com www.google.com www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.amazon.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.fabglassandmirror.com *.facebook.com *.facebook.net *.mailchimp.com *.yotpo.com *.cloudfront.net *.googleapis.com *.amazonaws.com fab.glass https://*.google.com *.kaltura.com *.google.com.pk *.hubspot.com *.hsforms.com *.flipsnack.com *.yotpoapi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com report-sample self unsafe-eval unsafe-inline inline unsafe-hashes nonce prodregistryv2.org featureassets.org *.klarna.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.jsdelivr.net *.facebook.com *.amazon.com *.braintreepayments.com *.techgeese.com *.klaviyo.com *.wisernotify.com *.fabglassandmirror.com *.kaltura.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com wss://ws.hotjar.com/ *.hotjar.io *.tiktok.com *.mczbf.com *.pinterest.com *.paypal.com *.swellrewards.com *.ytimg.com https://*.google.com *.leadsy.ai *.apollo.io https://aplo-evnt.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net static.cloudflareinsights.com *.hubspot.com *.convertexperiments.com *.flipsnack.com *.yotpoapi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.kaltura.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.amazon.com *.braintreepayments.com *.techgeese.com *.klaviyo.com *.fabglassandmirror.com *.wisernotify.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com https://*.google.com *.convertexperiments.com *.flipsnack.com *.yotpoapi.com https://static.klaviyo.com *.google.com assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.techgeese.com *.kaltura.com *.flipsnack.com *.yotpoapi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.kaltura.com prodregistryv2.org featureassets.org *.cloudfront.net www.google-analytics.com *.cloudflare.com *.twitter.com *.facebook.com *.gstatic.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net *.googletagmanager.com *.braintree.com *.klaviyo.com googleads.g.doubleclick.net *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com *.techgeese.com admin.techgeese.com wss://techgeese.com:6001/ *.wisermapp.com *.azurewebsites.net wss://ws.hotjar.com/ *.hotjar.io *.fabglassandmirror.com api.rollbar.com *.yotpo.com https://*.google.com *.bing.com https://aplo-evnt.com *.hubspot.com *.convertexperiments.com *.flipsnack.com *.yotpoapi.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com places.googleapis.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.fabglassandmirror.com/csp; report-to report-endpoint; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-d0ba77cb642945f78a1c503ec274e92a'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-d0ba77cb642945f78a1c503ec274e92a'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=132-2969650-7382655:rid=9C2EB2BD9F924FD2A103:sn=www.amazongamestudios.com 1
style-src *.searchspring.net *.klaviyo.com platform-api.sharethis.com *.adobe.com fonts.googleapis.com https://fonts.googleapis.com assets.braintreegateway.com *.yotpo.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; media-src *.kaltura.com *.zdassets.com *.elfsightcdn.com *.d3k81ch9hvuctc.cloudfront.net ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm.s3.us-east-1.amazonaws.com *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; img-src *.elfsightcdn.com *.googlesyndication.com *.clarity.ms *.adtrafficquality.google *.kaltura.com *.bing.com *.zonos.com d3k81ch9hvuctc.cloudfront.net *.searchspring.io *.ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm.s3.us-east-1.amazonaws.com *.sharethis.com *.wisepops.com *.zendesk.com *.google.com.py *.zdusercontent.com *.google.es *.bing.net *.google.ca *.google.com.ar *.google.rs *.google.com.br *.google.cz *.google.com.pe *.google.pl *.google.hr *.google.com.ph *.google.de *.google.co.jp *.google.co.in *.google.co.uk *.google.fr *.google.ch *.google.co.za *.google.ie ccspersistenceprod-contentstaticassets04b201d4-1apqb8dyegznm.s3.us-east-1.amazonaws.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.getbread.com *.breadpayments.com *.rbcpayplan.com maps.gstatic.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com https://extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; connect-src *.wisepops.net *.elfsight.com *.wisepops.com *.clarity.ms *.adtrafficquality.google *.acsbapp.com *.bing.com *.breadgateway.net *.zdassets.com *.zonos.com *.gstatic.com *.searchspring.io *.googlesyndication.com *.zendesk.com *.zopim.com *.sharethis.com *.bing.net *.datadome.co *.google.com.ar *.google.rs *.elfsightcdn.com *.google.com.ph *.google.fr *.google.ch platform-api.sharethis.com wisepops.net wss://widget-mediator.zopim.com browser.sentry-cdn.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com https://*.helloextend.com https://*.ingest.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.route.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.refersion.com https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src *.elfsight.com *.googlesyndication.com *.polyfill-fastly.io *.cloudflareinsights.com *.wisepops.net *.hotjar.com *.clarity.ms *.acsbapp.com *.adtrafficquality.google *.bing.com *.searchspring.net *.zdassets.com *.zopim.com *.zonos.com *.sharethis.com *.wisepops.com *.scriptcdn.net *.elfsightcdn.com *.highpointscientific.com *.googletagmanager.com platform-api.sharethis.com elfsightcdn.com wisepops.net assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.googleapis.com https://*.helloextend.com https://browser.sentry-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com polyfill-fastly.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.routeapp.io fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.avada.io *.refersion.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src *.klaviyo.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com https://www.googletagmanager.com/ *.refersion.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.webwinkelkeur.nl maxcdn.bootstrapcdn.com static.lipscore.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.google.nl *.webwinkelkeur.nl *.usercentrics.eu img.sct.eu1.usercentrics.eu bat.bing.net bat.bing.com *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.demdex.net id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.1rx.io sync.targeting.unrulymedia.com magefan.com cm.magefan.com *.disqus.com static.lipscore.com blob: img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.calendly.com *.beslist.nl *.pinimg.com *.criteo.com *.criteo.net *.cloudflareinsights.com *.pinterest.com *.disqus.com static.lipscore.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com widget.tagembed.com api.taggbox.com cdn.tagbox.com static.dhlecommerce.nl maxcdn.bootstrapcdn.com static.lipscore.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.pinterest.com *.criteo.com *.beslist.nl widget.tagembed.com api.taggbox.com cdn.tagbox.com wapi.lipscore.com users.lipscore.com *.pay.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.halfords.nl/paynl/csp/report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-wOS9SpFJf6UE66leU5So9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.ahrefs.com https://static.reo.dev https://static.hsappstatic.net https://snap.licdn.com https://vercel.live https://www.googletagmanager.com https://*.google.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://last9.ghost.io https://last9.github.io https://prod-files-secure.s3.us-west-2.amazonaws.com https://cdn.simpleicons.org https://www.gravatar.com https://i.ytimg.com https://images.unsplash.com data: https://px.ads.linkedin.com https://www.google.es https://www.google.it https://www.google.ru https://www.google.fi https://www.google.de https://www.google.no https://www.google.fr https://www.google.pl https://www.google.lk https://www.google.dk https://www.google.ro https://*.google.com https://*.google.co.in https://*.doubleclick.net; connect-src 'self' https://analytics.ahrefs.com https://api.reo.dev https://px.ads.linkedin.com https://analytics.google.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.google.pl https://*.google.com https://*.google.co.in; frame-src 'self' https://meetings.hubspot.com https://www.youtube.com https://www.loom.com https://vercel.live https://www.googletagmanager.com https://td.doubleclick.net; font-src 'self' https://fonts.gstatic.com data:; report-to csp-endpoint; report-uri https://last9.io/api/csp-report/ 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1jxo7J3hkwmWRSNOp1AXrQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com https://*.cookiebot.com *.trustpilot.com www.facebook.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.google.de https://services.postcodeanywhere.co.uk https://*.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://dildoking.de https://*.dildoking.de https://*.cloudfront.net *.hsforms.net *.hsforms.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg https://www.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.cookiebot.com https://rec.smartlook.com https://click11202.pcapredict.com https://services.postcodeanywhere.co.uk *.trustpilot.com jsd-widget.atlassian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://js-agent.newrelic.com https://*.channeladvisor.com https://*.payments-amazon.com https://bam.nr-data.net *.hsforms.net *.hsforms.com www.gstatic.com connect.facebook.net https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://services.postcodeanywhere.co.uk *.trustpilot.com https://static.klaviyo.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://clickpool.tt.omtrdc.net https://*.cookiebot.com https://*.smartlook.cloud https://googleads.g.doubleclick.net https://services.postcodeanywhere.co.uk https://pagead2.googlesyndication.com jsd-widget.atlassian.com api-private.atlassian.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.paypal.com https://*.amazon.com https://bam.nr-data.net t.elasticsuite.io *.hsforms.net *.hsforms.com www.googleapis.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://www.weps.org; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com cdn.gtranslate.net https://cdnjs.cloudflare.com https://www.weps.org; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; frame-ancestors 'self' 1
frame-src 'self' https://bioland.we.network/; frame-ancestors 'self' https://bioland.we.network/ https://my.dlv.de/ 1
font-src *.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com cdn.rawgit.com cdn.jsdelivr.net data: maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com cdn.dnky.co *.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com bid.g.doubleclick.net *.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bird.eu ebizmarts-website.s3.amazonaws.com *.cloudflare.com www.google.com *.google.com.hk *.google.com.sg *.googleadservices.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net keewah.com *.keewah.com googleads.g.doubleclick.net p.teads.tv 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com *.plugins.emarsys.net *.scarabresearch.com *.cloudflare.com google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com appleid.cdn-apple.com googleads.g.doubleclick.net assets.emarsys.net p.teads.tv s7.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.scarabresearch.com *.eservice.emarsys.net *.cloudflare.com commerce.adobedc.net api.comapi.com analytics.google.com www.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com api.ipify.org api.hashify.net vmp.eftpay.com.cn ekr.zdassets.com/ *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.keewah.com/; report-to report-endpoint; 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2u2GjwMA9q_eiqKg5HCQ6WqgWnyE_O8O5rs_5vhjwTVHSzKUOOo6KznuzliyG76vE5uwlKAGy0C9uQWbsWBt1dP5ppWyVV03wAuGxliL4Qrg== ; block-all-mixed-content ; default-src 'none' ; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'nonce-NONCEPLACEHOLDER' 'strict-dynamic' ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' https: data: ; connect-src 'report-sample' 'self' https://www.facebook.com https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://bar.stunning.co https://rs.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://bam.nr-data.net ; style-src 'report-sample' https://font.typeform.com 'unsafe-inline' ; font-src 'report-sample' https://font.typeform.com https://fonts.gstatic.com data: ; frame-src 'report-sample' https://www.google.com https://www.facebook.com https://tpc.googlesyndication.com ; 1
object-src 'none';base-uri 'self';script-src 'nonce-lrBF5erG8tp7oJG1N3FWWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.svea.com https://*.vipps.no https://*.trustly.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com https://*.svea.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com vjs.zencdn.net player.vimeo.com https://*.svea.com chimpstatic.com downloads.mailchimp.com *.list-manage.com static.lipscore.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com wapi.lipscore.com users.lipscore.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.varmefag.no *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: fonts.gstatic.com static.lipscore.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; style-src https://pim.varmefag.no *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com vjs.zencdn.net fonts.googleapis.com downloads.mailchimp.com static.lipscore.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; img-src https://pim.varmefag.no assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com static.lipscore.com blob: img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.alicdn.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.google.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com *.twitter.com t.co https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.google.com.cy www.google.co.id www.google.com.qa www.google.com.co www.google.com.bh *.googletagmanager.com www.google.com.tw www.google.com.om www.google.cv www.google.tt www.google.com.sg www.google.nl www.google.co.in *.media-amazon.com www.google.gg www.google.ge www.google.lk www.google.by www.google.gl www.google.com.lb yastatic.net www.google.ad www.google.at www.google.al www.google.ro www.google.no www.google.rs www.google.com.sv www.google.ie www.google.co.ke www.google.hr www.google.cm www.google.com.pa www.google.co.ve www.google.ae www.google.com.pg www.google.pl www.google.com.fj www.google.com.tr www.google.com.kw www.google.dk www.google.com.uy www.google.com.np www.google.pt www.google.se www.google.mg www.google.com.pe www.google.be www.google.co.il www.google.com.mx www.google.mu www.google.hn www.google.ru www.google.com.bn www.google.jo www.google.co.cr www.google.it www.google.co.zm www.google.com.et www.google.ch www.google.ee www.google.com.py *.paradoxlabs.com www.google.hu www.google.co.ao www.google.sm www.google.com.pr www.google.iq www.google.ca www.google.com.na www.google.li www.google.gy www.google.sn www.google.com.mm www.google.md www.google.co.jp www.google.sr www.google.am www.google.de www.google.cl www.google.to www.google.com.vc www.google.im www.google.com.ni www.google.es www.google.co.za www.google.td www.google.lt paradoxlabs.com www.google.is www.google.com.bo www.google.co.nz www.google.lu www.google.com.bz www.google.co.uk www.google.com.do www.google.co.zw *.orionplatform.com www.google.com.eg www.google.com.gt www.google.co.ma www.google.la www.google.com.br www.google.com.jm www.google.com.bd www.google.ht www.google.fi www.google.sk www.google.dm www.google.kz www.google.co.ug www.google.com.ph www.google.je www.google.co.tz www.google.com.au www.google.si www.google.tg www.google.mn www.google.bs www.google.lv www.google.com.ec www.google.com.mt www.google.ba www.google.mk www.google.me www.google.com.kh www.google.com.sa www.google.kg www.google.so www.google.bj www.google.cz www.google.dj www.google.co.th www.google.co.kr www.google.dz www.google.ci www.google.com.vn www.google.ps www.google.com.hk www.google.fm www.google.co.vi www.google.co.bw www.google.com.ua www.google.com.af www.google.co.mz www.google.com.ar *.doubleclick.net www.google.com.tj www.google.com.gh www.google.com.sl www.google.az www.google.com.ly www.google.bg www.google.co.uz www.google.com.my www.google.com.pk www.google.gr www.google.com.gi www.google.fr www.google.com.ng data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://ajax.cloudflare.com *.ads-twitter.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com *.luckyorange.com *.orionplatform.com *.rfihub.net *.google.com *.marketo.net *.googletagmanager.com *.rfihub.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.typekit.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com *.googleapis.com tagmanager.google.com *.gstatic.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.addthis.com https://graph.instagram.com *.google-analytics.com www.google.cz www.google.com.pr www.google.com.bd www.google.ee www.google.co.ao www.google.lv www.google.com.gt www.google.tt www.google.fm www.google.com.ar www.google.co.uz www.google.co.zw www.google.ae www.google.gr www.google.com.py www.google.ro www.google.com.ni www.google.ci www.google.co.tz www.google.es www.google.com.np www.google.lu www.google.com.lb www.google.com.jm www.google.at www.google.com.pk www.google.bs www.google.cm www.google.gl www.google.ge www.google.sr www.google.se www.google.md www.google.pl www.google.so www.google.com.hk www.google.ie www.google.com.vn www.google.de www.google.co.ve www.google.sn www.google.co.za *.twitter.com www.google.co.kr www.google.fi www.google.kz www.google.com.sv www.google.cl www.google.be www.google.im www.google.com.pa www.google.com.ec www.google.dz www.google.co.cr www.google.co.ke www.google.com.uy *.doubleclick.net www.google.ba www.google.co.nz www.google.dj www.google.jo www.google.com.pg www.google.nl www.google.ch www.google.com.bz www.google.az www.google.bg www.google.gg www.google.hn www.google.pt www.google.rs www.google.hu www.google.com.mx www.google.com.kh www.google.com.ua www.google.co.il www.google.co.uk www.google.fr www.google.co.in www.google.gy www.google.am www.google.iq www.google.co.jp www.google.co.bw www.google.com.br www.google.no www.google.kg www.google.com.om www.google.com.tw www.google.je www.google.com.pe www.google.lt www.google.com.kw www.google.dk www.google.com.tr www.google.hr www.google.co.ug www.google.com.au www.google.ru www.google.com.et www.google.li www.google.sk www.google.com.sa www.google.by www.google.ca www.google.com.qa www.google.com.sg www.google.com.eg *.luckyorange.com www.google.co.id www.google.me www.google.it www.google.al www.google.com.af www.google.com.bh www.google.mg www.google.co.vi www.google.is www.google.com.mm www.google.com.do www.google.co.th www.google.com.ng www.google.ad www.google.com.ph www.google.com.bo www.google.com.na www.google.co.ma www.google.com.cy www.google.com.co www.google.ht www.google.com.mt www.google.com.my www.google.si www.google.mk 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd502fbf-1da4-4546-8d33-9ec4da26110c.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: https://cdn.checkout.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net x.klarnacdn.net css.zohocdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.trustpilot.com *.pcapredict.com *.postcodeanywhere.co.uk testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com geostag.cardinalcommerce.com geo.cardinalcommerce.com *.sagepay.com *.nosto.com *.nos.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://js.checkout.com *.klarna.com *.clearpay.co.uk *.trustpilot.com *.pcapredict.com *.postcodeanywhere.co.uk *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com asp.alliedgoldltd.com *.sagepay.com *.nosto.com *.nos.to *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com www.commercepartnerhub.com www.googletagmanager.com *.weltpixel.com td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.afterpay.com *.clearpay.co.uk *.trustpilot.com *.pcapredict.com *.postcodeanywhere.co.uk *.google.com *.google.co.uk www.gstatic.com alliedstorage.blob.core.windows.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.nosto.com *.nos.to *.awin1.com *.zenaps.com www.wepowerconnections.com *.bing.com *.clarity.ms *.thejewelhut.co.uk cdn.flockr.co *.facebook.net osm.klarnaservices.com eu1-files.zohopublic.eu css.zohocdn.com *.facebook.com *.segmentify.com www.google.co.uk *.doubleclick.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.checkout.com *.klarnacdn.net *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.trustpilot.com *.pcapredict.com *.postcodeanywhere.co.uk *.google-analytics.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com asp.alliedgoldltd.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnaservices.com house11167.pcapredict.com *.sagepay.com *.avada.io *.shopify.com https://adsagentserverprod-ekd5fygyhpbvh9bd.b01.azurefd.net https://adsagentserverfalconfleet-bngehndwc9auegh4.b01.azurefd.net https://adsagentclientafd-b7hqhjdrf3fpeqh2.b01.azurefd.net https://adsagentsclientbundles.blob.core.windows.net https://adsaiagents.z5.web.core.windows.net http://localhost:86 *.nosto.com *.nos.to *.awin1.com www.dwin1.com *.zenaps.com the.sciencebehindecommerce.com cdn.flockr.co static.cloudflareinsights.com ajax.cloudflare.com bat.bing.com *.clarity.ms *.thejewelhut.co.uk apis.google.com js.klarna.com salesiq.zohopublic.eu *.zohocdn.com nosto.stackla.com d21m4dsqdd3b9h.cloudfront.net cdn.jsdelivr.net analytics.tiktok.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com cdn.segmentify.com cdn.sgmntfy.com *.doubleclick.net https://www.thejewelhut.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://cdn.checkout.com *.afterpay.com/ *.squarecdn.com *.trustpilot.com *.postcodeanywhere.co.uk widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net https://adsagentclientafd-b7hqhjdrf3fpeqh2.b01.azurefd.net https://adsagentsclientbundles.blob.core.windows.net https://adsaiagents.z5.web.core.windows.net *.nosto.com *.nos.to cdn.flockr.co x.klarnacdn.net css.zohocdn.com d21m4dsqdd3b9h.cloudfront.net tagmanager.google.com cdn.segmentify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.bing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://js.checkout.com *.klarnaevt.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.pcapredict.com *.postcodeanywhere.co.uk *.google-analytics.com https://stats.g.doubleclick.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com geostag.cardinalcommerce.com geo.cardinalcommerce.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com services.postcodeanywhere.co.uk *.sagepay.com https://get.geojs.io *.avada.io https://adsagentserverprod-ekd5fygyhpbvh9bd.b01.azurefd.net https://adsagentserverfalconfleet-bngehndwc9auegh4.b01.azurefd.net https://adsagentclientafd-b7hqhjdrf3fpeqh2.b01.azurefd.net https://adsagentsclientbundles.blob.core.windows.net https://adsaiagents.z5.web.core.windows.net https://browser.events.data.microsoft.com http://localhost:86 *.nosto.com *.nos.to the.sciencebehindecommerce.com *.flockr.co *.bing.com *.thejewelhut.co.uk google.com pay.google.com *.facebook.com *.clarity.ms js.klarna.com bat.bing.net x.klarnacdn.net eu.klarnaevt.com salesiq.zohopublic.eu wss://vts.zohopublic.eu d21m4dsqdd3b9h.cloudfront.net analytics.tiktok.com *.facebook.net gandalf-eu.segmentify.com *.trustpilot.com pagead2.googlesyndication.com *.google.com *.doubleclick.net www.google.co.uk 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0ef6f58f-2fe5-4f67-b795-60e7a4c811e4.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; img-src 'self' data: cdn.cookielaw.org cdn.sanity.io https://www.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.google.co.uk https://google.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com www.zego.com; connect-src 'self' api.segment.io app.launchdarkly.com b79fd5h4.api.sanity.io cdn.cookielaw.org cdn.segment.com clientstream.launchdarkly.com events.launchdarkly.com geolocation.onetrust.com jscloud.net privacyportal-de.onetrust.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://googletagmanager.com https://www.google.com https://www.google.co.uk https://google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://sdk.fra-02.braze.eu www.zego.com; script-src 'self' 'unsafe-inline' cdn.cookielaw.org cdn.segment.com d.la1-c2-lo2.salesforceliveagent.com d.la1-core1.sfdc-5pakla.salesforceliveagent.com jscloud.net service.force.com widget.trustpilot.com www.youtube.com https://www.google.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://js.appboycdn.com www.zego.com; style-src 'self' 'unsafe-inline' service.force.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com www.zego.com; frame-src 'self' service.force.com widget.trustpilot.com www.youtube.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com www.zego.com; frame-ancestors 'none'; report-uri https://o53180.ingest.us.sentry.io/api/4507583918637056/security/?sentry_key=3a1e5c7ad4a38458d3a2ba8757c90d2f&sentry_release=zego-website-cms&sentry_environment=production; report-to csp-endpoint; 1
default-src 'self' *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-accent.bloomreach.co api.smooch.io applepay.cdn-apple.com *.googleadservices.com *.braintreegateway.com assets.braintreegateway.com/web *.bazaarvoice.com *.doubleclick.net storage.googleapis.com/workbox-cdn www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cfjump.skechers.com.au cfjump.skechers.co.nz *.fullstory.com www.googletagmanager.com analytics.tiktok.com cdn.unidays.world *.truefitcorp.com www.paypalobjects.com/api/checkout.min.js *.klaviyo.com t.cfjump.com *.zdassets.com connect.facebook.net maps.googleapis.com dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js js-agent.newrelic.com js.datadome.co ct.captcha-delivery.com *.adobedtm.com *.afterpay.com *.demdex.net *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.useinsider.com *.roymorgan.com s.pinimg.com/ct lantern.roeyecdn.com/lantern_global_cf42725.min.js *.adobemc.com js-sandbox.squarecdn.com api.myunidays.com player.vimeo.com ct.pinterest.com js.squarecdn.com *.stg.qantasloyalty.com/appcache/wid-redemptions-button/master/ *.stg.qantasloyalty.com/ ; style-src 'self' 'unsafe-inline' display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com/font-awesome *.typekit.net fonts.googleapis.com assets.braintreegateway.com *.adobetm.com foursixty.com *.adobemc.com static.klaviyo.com/onsite/js ; img-src data: 'self' api-accent.bloomreach.co *.zendesk.com dpm.demdex.net www.googleadservices.com/ccm www.magentocommerce.com/products/media *.skechers.co.nz *.skechers.com.au cm.everesttech.net/cm/dd googleads.g.doubleclick.net ad.doubleclick.net www.google.com/ccm www.paypalobjects.com www.google.com www.google.com.au www.google.co.nz www.google.com.vn maps.gstatic.com/mapfiles scontent.cdninstagram.com *.afterpay.com *.accentgra.com www.googletagmanager.com www.facebook.com *.bazaarvoice.com t.paypal.com duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d3nocrch4qti4v.cloudfront.net *.google-analytics.com *.pinterest.com *.tiktok.com *.useinsider.com maps.googleapis.com/maps developers.google.com *.zopim.io *.zdassets.com blob amcglobal.sc.omtrdc.net adservice.google.com lantern.roeye.com i.vimeocdn.com/video ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' api-accent.bloomreach.co analytics.google.com/g/collect iq.afterpay.com/us/v1 iq.afterpay-beta.com/us/v1 *.my.sentry.io wss://api.smooch.io *.accentgra.com www.facebook.com/tr google.com www.google.com collect-ap2.attraqt.io smetrics.skechers.co.nz *.fullstory.com *.klaviyo.com smetrics.skechers.com.au api-js.datadome.co *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.forter.com *.foursixty.com google.com/ccm www.google.com/ccm *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.truefitcorp.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com facebook.com *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io vimeo.com wss://widget-mediator.zopim.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com api.myunidays.com ct.pinterest.com/stats ct.pinterest.com/static ct.pinterest.com/v3 ct.pinterest.com/user lantern.roeye.com *.useinsider.com www.googletagmanager.com/td ad.doubleclick.net *.stg.qantasloyalty.com/ ; font-src data: 'self' maxcdn.bootstrapcdn.com/font-awesome fonts.gstatic.com *.truefitcorp.com *.useinsider.com static.klaviyo.com use.typekit.net ; frame-src 'self' api-accent.bloomreach.co www.googletagmanager.com geo.captcha-delivery.com *.formstack.com *.afterpay.com *.bazaarvoice.com *.demdex.net *.doubleclick.net *.facebook.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com facebook.com foursixty.com google.com www.google.com vimeo.com *.pinterest.com *.qlstg.qantas.com/ ; worker-src 'self' blob: *.accentgra.com *.skechers.co.nz *.skechers.com.au; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://a.clarity.ms https://scripts.clarity.ms https://www.clarity.ms https://connect.facebook.net https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://static.privally.io https://app.privally.global https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d335luupugsy2.cloudfront.net https://cdn.botframework.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://app.privally.global; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net data:; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://*.clarity.ms https://www.clarity.ms https://api.privally.global https://static.privally.io https://px.ads.linkedin.com https://www.facebook.com https://cdn.botframework.com https://forms.rdstation.com.br; frame-src 'self' https://forms.rdstation.com.br https://cdn.botframework.com https://www.googletagmanager.com; worker-src 'self' blob:; manifest-src 'self'; report-uri https://2485f2b0cdba1a938adefc959ac3c8ce.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: cdnjs.cloudflare.com 'self' data: https://static.klaviyo.com/  *.livehelpnow.net *.clearbags.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.certcapture.com *.trustpilot.com js.driftt.com vars.hotjar.com photos.pixlee.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.mollie.com https://www.google.com https://recaptcha.google.com clearbags.sjv.io https://static.klaviyo.com https://www.klaviyo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.certcapture.com *.cloudfront.net *.edgecastcdn.net wac.edgecastcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: seal-memphis.bbb.org *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://staging.clearbags.cloud/ *.brandlock.io *.bing.com *.trkn.us trkn.us *.adsrvr.org *.tvsquared.com *.linkedin.com *.rlcdn.com *.clearbags.com *.facebook.com *.google.pl *.livehelpnow.net *.bizrate.com *.xg4ken.com *.pixlee.com *.simpleanalyticscdn.com *.sansec.io *.itstarsbuilding.com editor-upload-cdn.optimonk.com *.google.com *.bbb.org *.visualwebsiteoptimizer.com *.ojrq.net *.facebook.net *.venus.clearbags.cloud bam.nr-data.net clearbags.sjv.io *.logs-01.loggly.com https://www.klaviyo.com https://trk.klaviyo.com https://www.google-analytics.com https://static.klaviyo.com https://*.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.attn.tv events.attentivemobile.com *.certcapture.com *.trustpilot.com *.hotjar.com chimpstatic.com *.mailchimp.com *.list-manage.com js.driftt.com cdn.searchspring.net *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com https://cdn.searchspring.net https://cdn.prod.us.five9.net *.thoughtmetric.io *.impactcdn.com https://applepay.cdn-apple.com *.googletagmanager.com tagmanager.google.com *.pinimg.com *.amazonawx.com *.pixlee.com *.rakuten.com *.cnnx.link *.licdn.com *.bing.com *.cloudfront.net *.tvsquared.com *.clarity.ms *.taboola.com *.facebook.com *.livehelpnow.net *.amazonaws.com *.facebook.net *.noibu.com *.xg4ken.com *.linksynergy.com *.liadm.com *.pxlecdn.com *.clearbags.com *.osano.com *.pinterest.com *.itstarsbuilding.com https://www.ssa.gov/accessibility/andi/andi.js front.optimonk.com gs-cdn.optimonk.com cdn-asset.optimonk.com 'unsafe-inline' 'unsafe-eval' 'sha256-be3gDU3Bgvxyz6aPEVAafrrXZP6snvriog08Cj9IgK0=' 'sha256-cBV2B+1pc853590KqjR87W41InutkyD/TBMHBMUFjQI=' 'sha256-f7EXcs0hOO9ROJo/VAJjWKWc95wpKN633rmMcFF+3J8=' 'sha256-B9SJKFx7vy60+sayY1/6y6g+PUqjUTRdFQwVb6Wdy1I=' 'sha256-maykMM26RvjkcOo4mhZWFNHiuu2B7zF4jXXWh6bzHZE=' 'sha256-av9dQdAFBRGgtiiG6ANHS+DzoE2TDKbYKcfW9YdS1do=' *.visualwebsiteoptimizer.com js-agent.newrelic.com js-agent.nr-data.net https://www.google.com https://www.gstatic.com 'sha256-5KwepQNyStLFSYq6mlDLiyCQ9Caaun+feyZ0nCpH90M=' clearbags.sjv.io *.static.klaviyo.com *.klaviyo.com 'sha256-JJHnACSRNfzJl5OE9iEB7y3E+b+8COlBOLbY3jyvb7Y=' 'sha256-5FqwCpOd6dDfJPpAIxZNrfBPbmwtp1zrNkSfHVcNQz4=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com cdnjs.cloudflare.com cdn.searchspring.net *.turnto.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com 'unsafe-inline' *.noibu.com *.livehelpnow.net *.clearbags.com https://www.ssa.gov/accessibility/andi/andi.css cdn-asset.optimonk.com front.optimonk.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.attn.tv events.attentivemobile.com *.certcapture.com in.hotjar.com *.hotjar.io *.turnto.com *.searchspring.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.visualwebsiteoptimizer.com *.thoughtmetric.io *.itstarsbuilding.com https://cdn.prod.us.five9.net *.osano.com *.optimonk.com *.analytics.google.com *.googletagmanager.com *.livehelpnow.net *.clarity.ms *.noibu.com *.demdex.net *.pinterest.com *.linkedin.com *.facebook.com *.taboola.com wss://input.noibu.com *.liadm.com wss://app.livehelpnow.net *.doubleclick.net *.pixlee.com *.userway.org *.brandlock.io bat.bing.com *.sjv.io *.ip-api.com *.usbrowserspeed.com *.alocdn.com *.amazonaws.com bam.nr-data.net bam-cell.nr-data.net collector.newrelic.com https://www.google.com https://recaptcha.google.com clearbags.sjv.io https://a.klaviyo.com https://b.klaviyo.com https://trk.klaviyo.com https://analytics.klaviyo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-olc2UY_h8Oy3hBABx9oYXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://apis.google.com/ https://www.gstatic.com/ https://www.google.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/; img-src 'self' data: https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://img.youtube.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src  'self' https://fonts.gstatic.com/ data:; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://players.brightcove.net/ https://www.google.com/ https://pagead2.googlesyndication.com/; report-uri /csp-report;  1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-lnsemSeztzg7hv0i3vd1og' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: moz-extension ms-browser-extension; img-src 'self' http: data: s3.amazonaws.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/axe-core https://www.google.com/recaptcha/api.js https://ssl.google-analytics.com/ga.js https://js-agent.newrelic.com; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/axe-core https://www.google.com/recaptcha/api.js https://ssl.google-analytics.com/ga.js https://js-agent.newrelic.com; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https:; media-src 'self' data:; worker-src 'self' blob:; connect-src 'self' https://bam.nr-data.net wss://127.0.0.1:* wss://localhost:* https://rum.browser-intake-us5-datadoghq.com; report-uri /csp_violations/report 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.bing.com *.bootstrapcdn.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.nl *.google.at *.google.de *.google.be *.google.fr *.google.it www.googletagmanager.com *.trustpilot.com *.pinterest.com *.criteo.com *.criteo.net *.cookiebot.com https://squeezely.tech 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sooqr.com *.spotlersearch.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mailcampaigns.nl/ *.linkedin.com *.pinterest.com *.google.com.ua *.google.de *.google.nl *.google.at *.google.be *.google.fr *.google.it *.yahoo.com *.webwinkelkeur.nl *.cookiebot.com *.criteo.com *.criteo.net *.bing.com *.jmango360.com *.run2day.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr chimpstatic.com *.criteo.net *.robinhq.com *.mailcampaigns.nl *.cloudflareinsights.com *.hotjar.com *.trustpilot.com *.dhlparcel.nl *.criteo.com *.cookiebot.com *.bing.com *.msecnd.net *.pinterest.com *.clarity.ms *.pinimg.com *.licdn.com https://squeezely.tech *.billygrace.com *.googleoptimize.com *.ecookie.nl https://ecookie.nl *.livechatinc.com *.shoppingminds.com *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sooqr.com *.spotlersearch.com unsafe-inline assets.braintreegateway.com *.mailcampaigns.nl *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.dhlparcel.nl *.klaviyo.com *.bing.com https://unpkg.com *.bootstrapcdn.com *.omappapi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io *.sooqr.com *.spotlersearch.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.mailcampaigns.nl *.visualstudio.com *.pinterest.com *.google.nl *.google.at *.google.de *.google.be *.google.it *.google.fr *.bing.com *.linkedin.com *.hotjar.com *.hotjar.io *.trustpilot.com *.doubleclick.net *.googletagmanager.com wss://ws.hotjar.com/ *.criteo.com *.criteo.net *.cookiebot.com *.clarity.ms *.amazonaws.com https://squeezely.tech *.jsdelivr.net https://cognito-identity.eu-central-1.amazonaws.com *.omappapi.com *.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://o4507074569371648.ingest.us.sentry.io/api/4507074575138816/security/?sentry_key=1c5564ddd2e9ce6c2e59cd7575479435; report-to csp-endpoint; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.builder.io https://*.builder.io https://googletagmanager.com https://www.googletagmanager.com https://translate.google.com https://translate.googleapis.com https://*.hubspot.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.hs-analytics.net https://*.hsadspixel.net https://js.hscta.net https://js-eu1.hscta.net https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://translate-pa.googleapis.com https://*.adsrvr.org https://js.adsrvr.org https://connect.facebook.net https://*.facebook.net https://snap.licdn.com https://*.licdn.com https://cdn.mouseflow.com https://*.mouseflow.com https://analytics.tiktok.com https://*.tiktok.com https://bat.bing.com https://bat.bing.net https://*.criteo.com https://*.criteo.net https://*.adsafeprotected.com https://*.rlcdn.com https://di.rlcdn.com https://*.casalemedia.com https://*.2mdn.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://cdn2.hubspot.net; img-src 'self' data: blob: https: http://*.rlcdn.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.supabase.co https://*.supabase.in https://*.sentry.io https://*.ingest.sentry.io https://api.mixpanel.com https://decide.mixpanel.com https://*.mapbox.com https://*.statsig.com https://*.statsigcdn.com https://prodregistryv2.org https://featureassets.org https://*.builder.io https://*.hubspot.com https://*.hubapi.com https://*.hs-scripts.com https://js.hscta.net https://js-eu1.hscta.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.googleapis.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://ad.doubleclick.net https://*.adsrvr.org https://connect.facebook.net https://*.facebook.net https://*.facebook.com https://snap.licdn.com https://*.licdn.com https://ads.linkedin.com https://analytics.tiktok.com https://*.tiktok.com https://bat.bing.com https://bat.bing.net https://*.bing.com https://di.rlcdn.com https://*.linkedin.com https://*.adsrvr.org https://*.doubleclick.net https://*.rlcdn.com https://cdn.mouseflow.com https://*.mouseflow.com https://*.criteo.com https://*.criteo.net https://*.adsafeprotected.com https://*.casalemedia.com https://ade.googlesyndication.com; frame-src https://*.builder.io https://builder.io https://www.googletagmanager.com https://tagmanager.google.com https://*.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://*.adsrvr.org https://*.facebook.com https://*.facebook.net; frame-ancestors https://*.builder.io https://builder.io; base-uri 'self'; form-action 'self' https://*.facebook.com; object-src 'none' 1
default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'strict-dynamic' 'nonce-Gw6SSPbUX9dj0UBsSEbiN0XBO5gaLMHa4SSY8Jg1f0Y='; connect-src 'self' https://vitruv.uni-tuebingen.de https://services.dnb.de; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://*.tile.osm.org https://*.tile.osm.org https://services.dnb.de; font-src 'self'; base-uri 'self'; frame-src 'self'; 1
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com cdn.luigisbox.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; worker-src 'self' blob:; report-uri https://elnino.report-uri.com/r/d/csp/enforce 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://checkout.culqi.com https://connect.facebook.net https://maps.googleapis.com https://platform.twitter.com https://static-content.vnforapps.com https://unpkg.com https://www.google.com https://www.instagram.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://ojo-publico.com; style-src-attr 'self'; frame-ancestors * 1
worker-src blob:; font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.ampproject.net https://www.youtube.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://i.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.ampproject.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.ampproject.org *.ampproject.net https://connect.facebook.net https://www.google-analytics.com https://www.facebook.com/tr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'; 1
default-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; connect-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com *.oktacdn.com *.mixpanel.com *.mapbox.com bwia.kerberos.okta.com bwia.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; frame-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' bwia.okta.com bwlogin.iaproducers.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.iaproducers.com 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: https://ws.colissimo.fr https://static.lyra.com/static/ *.stape.io *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com www.google.com https://www.youtube.com https://form.typeform.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io www.gstatic.com apis.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * sibautomation.com api.socloz.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.cdninstagram.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com placehold.co axeptio.imgix.net *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.stape.io https://static.addtoany.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com analytics.ahrefs.com *.axept.io *.bing.com *.brevo.com sibautomation.com *.socloz.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://static.lyra.com/static/ *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com analytics.ahrefs.com *.axept.io *.bing.com *.brevo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self'; script-src 'unsafe-eval' 'unsafe-inline'; report-uri https://njunktr7.uriports.com/reports/report; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.silktide.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.cookiebot.com https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapchat.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://heatmaps.monsido.com https://app-script.monsido.com https://sc-static.net https://connect.facebook.net https://js.hs-analytics.net https://js.hs-banner.com https://script.hotjar.com https://cdn.unibuddy.co https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com https://www.google.nl https://www.google.com https://googleads.g.doubleclick.net https://*.cookiebot.com https://www.facebook.com https://connect.facebook.net https://*.snapchat.com https://track.hubspot.com https://forms-na1.hsforms.com https://*.linkedin.com https://tracking.monsido.com https://projectenportfolio.nl https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://a.eu.silktide.com https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.ads.linkedin.com https://www.facebook.com https://*.hsforms.net https://*.hsforms.com https://*.snapchat.com https://heatmaps.monsido.com https://cdn.unibuddy.co https://content.hotjar.io wss://ws.hotjar.com; media-src 'self'; object-src 'none'; frame-src 'self' https://*.cookiebot.com https://www.facebook.com https://*.snapchat.com https://unibuddy.co https://popcard.unibuddy.co https://www.youtube.com https://open.spotify.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.hsforms.net https://*.hsforms.com https://www.facebook.com; report-uri https://hz.nl/index.php?p=actions/csp/report 1
default-src 'self'; script-src 'self' *.tawk.to *.jsdelivr.net/emojione/ *.jsdelivr.net/ghost/ cors.bridged.cc *.segment.com *.tiktok.com *.googleapis.com *.google.com *.googletagmanager.com *.youtube.com *.gstatic.com *.segment.io vercel.live va.vercel-scripts.com *.hotjar.com *.google-analytics.com *.adroll.com *.bing.com *.bing.net *.facebook.net googleads.g.doubleclick.net widget.trustpilot.com www.googleadservices.com https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js join.com *.join.com *.licdn.com *.clarity.ms *.locationiq.com eu-assets.i.posthog.com 'nonce-OTI3NGUzNTMtNjYyOS00MDgzLWJiNTctYWRhM2JmNzUxYzQy' 'sha256-uX+XoKJ05/+HuYuDFIJWtfn5cpqNRoOz2kXq7ObarMs=' 'sha256-4LlEhJn74jj+GqYX/Oi7MTy3C+KHEtfnbEWfeqgMgZg=' 'sha256-/Z6+Dk2ZTVo1CBDYPQcWgzgsjU6hM6J0WRF4PdAOT84=' 'sha256-mnvsF5SZMx1z2VfaUJ/O5Rqs+i01Wv7mPwqYFHSj6K4='; style-src 'self' 'unsafe-inline' *.googleapis.com *.tawk.to/ cdn.join.com app-static.eu.posthog.com; connect-src 'self' https://*.tawk.to wss://*.tawk.to https://api.pflegia.de/graphql wss://api.pflegia.de/graphql *.vercel-insights.com *.segment.com *.googleapis.com *.segment.io *.tiktok.com *.lottiefiles.com *.microsoftonline.com *.s3.eu-west-1.amazonaws.com *.sentry.io analytics.google.com *.analytics.google.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com analytics.pangle-ads.com adservice.google.com vercel.live join.com cdn.join.com facebook.com *.facebook.com google.com *.google.com googleads.g.doubleclick.net cors.bridged.cc *.linkedin.com *.clarity.ms eu.i.posthog.com internal-e.posthog.com; media-src *.tawk.to; font-src 'self' data: *.gstatic.com cdn.join.com use.typekit.net *.tawk.to; img-src 'self' blob: data: *.tawk.to cdn.jsdelivr.net chaos-prod.s3.eu-west-1.amazonaws.com static.ghost.org pflegia.ghost.io images.unsplash.com www.pflegia.de www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.in www.google.co.uk www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.in www.google.it www.google.lu www.google.ma www.google.nl www.google.pl www.google.ro www.google.ru www.google.si www.google.sk www.google.tn www.google.tr www.google.com.br *.s3.eu-west-1.amazonaws.com maps.googleapis.com *.github.io *.slack-edge.com *.gravatar.com *.wp.com *.gstatic.com bat.bing.com www.facebook.com d.adroll.com www.google-analytics.com www.googletagmanager.com dsum-sec.casalemedia.com x.bidswitch.net pixel.rubiconproject.com us-u.openx.net sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com sync.taboola.com eb2.3lift.com ib.adnxs.com i.ytimg.com googleads.g.doubleclick.net cm.g.doubleclick.net idsync.rlcdn.com pippio.com tags.rd.linksynergy.com segments.company-target.com cdn.join.com *.linkedin.com *.adroll.com *.bing.com *.bing.net; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' www.facebook.com; frame-src 'self' *.youtube.com *.google.com *.microsoftonline.com td.doubleclick.net www.facebook.com view.officeapps.live.com widget.trustpilot.com *.adroll.com *.bing.com *.bing.net *.clarity.ms *.googletagmanager.com 1
default-src 'none'; connect-src 'self' https: policy.app.cookieinformation.com; font-src https:; frame-src https:; img-src 'self' data: https:; manifest-src 'self' https:; media-src 'self' https:; script-src 'unsafe-inline' https: maps.google.com; style-src 'unsafe-inline' https:; worker-src https:; base-uri https:; form-action https:; frame-ancestors 'self' https:; report-uri https://www.version2.dk/log-report-uri/reportOnly 1
font-src instantcredit.net test.instantcredit.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io instantcredit.net test.instantcredit.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com instantcredit.net *.instantcredit.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-osTNsB8tYmWRSgqqZrAOFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com 'self' data: 3efe134ec6.nxcli.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.yotpo.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; frame-ancestors 3efe134ec6.nxcli.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.yotpo.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.facebook.com *.googletagmanager.com www.xtento.com *.weltpixel.com *.doubleclick.net *.typeform.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.yotpo.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adroll.com *.klarna.com *.googleadservices.com *.google.com *.google.co.uk *.twitter.com *.twimg.com *.ytimg.com *.herokuapp.com *.pooldawg.com *.bing.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com 3efe134ec6.nxcli.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.plugins.emarsys.net *.scarabresearch.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com twitter.com platform.twitter.com *.yotpo.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adroll.com *.klaviyo.com *.googleadservices.com *.gstatic.com *.google-analytics.com *.bing.com *.mountain.com *.criteo.net *.criteo.com *.conversionwax.com *.attn.tv www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.googletagmanager.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.yotpo.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.ctctcdn.com *.klaviyo.com *.google.com *.googletagmanager.com *.tagmanager.google.com *.typeform.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.scarabresearch.com *.eservice.emarsys.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com d.adroll.com *.doubleclick.net *.bing.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 3efe134ec6.nxcli.io http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 3efe134ec6.nxcli.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.googleapis.com *.narvar.com *.narvar.qa *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com landofcoder.com *.buywithprime.amazon.com *.pinterest.com *.livechatinc.com *.afterpay.com *.googletagmanager.com www.googletagmanager.com *.cardinalcommerce.com *.doubleclick.net *.adtrafficquality.google https://*.exacttarget.com *.herokuapp.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa *.online-metrix.net getrockerbox.com *.googletagmanager.com tagmanager.google.com *.google.com ssl.gstatic.com *.cardinalcommerce.com *.google.rs ep1.adtrafficquality.google https://pagead2.googlesyndication.com *.herokuapp.com *.virtuelabs.com *.virtueflourish.com *.virtueprofessional.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com *.exponea.com utt.impactcdn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.authorize.net landofcoder.com *.buywithprime.amazon.com *.bloomreach.com getrockerbox.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.evgnet.com *.tiktok.com *.bing.com *.facebook.net *.upsellit.com *.cdn-apple.com *.cloudfront.net *.iesnare.com *.cloudflare.com *.evergage.com https://utt.impactcdn.com https://cdn.impactcdn.com *.collect.igodigital.com https://7295774.collect.igodigital.com https://script.hotjar.com https://*.exacttarget.com https://*.shopmy.us *.herokuapp.com *.virtuelabs.com *.virtueflourish.com *.virtueprofessional.com https://www.googletagmanager.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-eval' 'nonce-eWtrbjMxOTIwd3dvNzk5c3p4aXU2dHlsMHJmbnI5ZWg=' 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8=' 'sha256-F9ZjdH6KZZ/OQYCXuVrhU9s4UhLIRpF8vfMBhSoSXFE=' 'sha256-xBBj7y2m2odaO1eEHhqtWa5krtIC4XwfNI7nxM/at+Y=' 'sha256-XtBpUSZu52CP7zsoqr85SHz2B8lKfNjFwxDWepGFWqk=' 'sha256-yUMYwnLESbaXoS7OTnNOz4jRL/etTRlzd9EXBxAJ8uU=' 'sha256-Umf4XdDT2jU+W6kBElYNVCfHdypDvQ+hP0N25TF8spw=' 'sha256-fxIIiV/UkD1qBH84xOcYKL2Udw95xiIuZ8dCqyBgqkw=' 'sha256-sCNgwSOg1ilvVplXvgrvrmp0pEugiAg6BLdsMXn3EVE=' 'sha256-QwDPTOv7DnssR14XIEwQveE176ZTtI+2O9ODcXlA6No=' 'sha256-x+21YgSzPwcXB65O7nXIpUsWFLsVdoPUSdOEolX00Lk='; style-src fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app *.certcapture.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.narvar.com *.narvar.qa *.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com *.exponea.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.online-metrix.net *.authorize.net landofcoder.com *.bloomreach.com *.google-analytics.com *.doubleclick.net *.tiktok.net *.googletagmanager.com *.iesnare.com *.cloudflare.com *.evergage.com *.virtuelabs.com ep1.adtrafficquality.google t.getletterpress.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://aa.agkn.com https://*.shopmy.us *.herokuapp.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: *.fontawesome.com *.azureedge.net *.oct8ne.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com ecommerce.raiffeisen.al *.upc.ua 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com *.instagram.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.addtoany.com *.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com *.googleapis.com *.cdninstagram.com *.trackedlink.net magefan.com cm.magefan.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.disqus.com *.cloudflare.com *.amazonaws.com *.facebook.com *.doubleclick.net *.pinterest.com *.taboola.com r1-t.trackedlink.net *.azureedge.net oct8necdneu.azureedge.net *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://bank.paysera.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com connect.facebook.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.disqus.com *.cloudflare.com *.doubleclick.net *.facebook.net *.addtoany.com *.oct8ne.com *.taboola.com js.klevu.com *.ksearchnet.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net *.addtoany.com maxcdn.bootstrapcdn.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.doubleclick.net *.facebook.com *.oct8ne.com *.gstatic.com *.cloudflare.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io http://dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: data:; style-src 'self' https: data:; connect-src 'self' https: data: wss:; frame-src https: 'self' 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.insight.sitefinity.com wss://*.hotjar.com *.hotjar.io dc.services.visualstudio.com www.google-analytics.com analytics.google.com *.analytics.google.com www.google.com/ccm/collect *.eloqua.com *.pingdom.net *.googleapis.com *.hsforms.com *.hubspot.com api.bing.microsoft.com media.imi.chat s.yimg.com; font-src 'self' data: media.imi.chat fonts.gstatic.com static.hsappstatic.net; frame-ancestors 'self'; form-action 'self' forms.hsforms.com; media-src 'self'; img-src 'self' data: i.vimeocdn.com www.google-analytics.com *.eloqua.com *.googleapis.com *.hsforms.com track.hubspot.com www.googletagmanager.com maps.gstatic.com ad.doubleclick.net www.google.com/pagead/ www.facebook.com/tr www.facebook.com/tr/ www.facebook.com/privacy_sandbox/ sp.analytics.yahoo.com; object-src 'none'; frame-src 'self' vimeo.com www.youtube.com *.hsforms.com media.imi.chat player.vimeo.com www.googletagmanager.com apis.google.com www.google.com/recaptcha/ td.doubleclick.net 8826991.fls.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com media.imi.chat use.fortawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' az416426.vo.msecnd.net cdnjs.cloudflare.com *.googleapis.com www.google.com/recaptcha/ *.insight.sitefinity.com www.google-analytics.com media.imi.chat use.fortawesome.com *.eloqua.com www.youtube.com *.pingdom.net js.hubspot.com *.en25.com *.hotjar.com www.googletagmanager.com api.midmark.com apis.google.com www.gstatic.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com cdn.inpwrd.net origin.acuityplatform.com e.acuityplatform.com connect.facebook.net googleads.g.doubleclick.net s.yimg.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://midmark.report-uri.com/r/d/csp/reportOnly 1
worker-src *.google.com *.zzz-worker-src.com blob:; font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.klaviyo.com *.zzz-font-src.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.boatoutfitters.com *.outdoornativitysets.com *.buildasurface.com *.osano.com *.bazaarvoice.com *.list-manage.com *.zzz-form-action.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.google.com *.zzz-frame-ancestors.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://api.boldcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * photos.pixlee.co js.mollie.com *.boatoutfitters.com *.outdoornativitysets.com *.buildasurface.com *.osano.com *.smartsheet.com *.wufoo.com *.doubleclick.net *.google.com ct.pinterest.com *.paylocity.com paypalobjects.com www.paypalobjects.com vimeo.com www.vimeo.com www.youtube.com *.zzz-frame-src.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io widgets.automizely.com widgets.automizely.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://static.boldcommerce.com https://static.xx.fbcdn.net https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com wac.edgecastcdn.net *.klevu.com *.ksearchnet.com https://www.mollie.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.boatoutfitters.com *.outdoornativitysets.com *.buildasurface.com boatoutfitters.com outdoornativitysets.com buildasurface.com *.osano.com *.bazaarvoice.com *.bing.com bat.bing.com cdn.cookielaw.org optanon.blob.core.windows.net *.azurewebsites.net *.pointmediatracker.com *.linkedin.com *.ads.linkedin.com *.reddit.com *.bidswitch.net *.adnxs.com *.mediawallahscript.com *.casalemedia.com *.criteo.com *.stickyadstv.com *.360yield.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.smartadserver.com *.taboola.com *.tapad.com *.teads.tv *.tremorhub.com *.clmbtech.com *.tpmn.co.kr *.3lift.com *.1rx.io *.agkn.com *.crwdcntrl.net *.adsrvr.org *.tpmn.io *.gorgias.chat *.redinuid.imrworldwide.com *.targeting.unrulymedia.com *.lijit.com *.mathtag.com *.prod.bidr.io *.mrtnsvr.com *.liadm.com *.turnto.com *.userway.org *.nrich.ai *.dmxleo.com *.cloudfront.net *.rezync.com *.turn.com *.rfihub.com pippio.com *.pippio.com *.blisspointmedia.com *.simpli.fi *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.clarity.ms *.zzz-img-src.com *.zebco.com *.criteo.net *.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com *.certcapture.com https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.turnto.com *.klevu.com *.ksearchnet.com js.mollie.com *.googletagmanager.com tagmanager.google.com *.boatoutfitters.com *.outdoornativitysets.com *.buildasurface.com *.osano.com *.wufoo.com wufoo.com cdn.cookielaw.org *.hotjar.com bat.bing.com *.azurewebsites.net *.newrelic.com *.zdassets.com s.pinimg.com analytics.tiktok.com ct.pinterest.com utt.impactcdn.com *.gorgias.chat *.licdn.com *.redditstatic.com *.jst.ai *.criteo.com *.pixeltracker.co *.invocacdn.com *.cloudfront.net *.upfluence.co *.spn.so *.userway.org *.123formbuilder.com *.123contactform.com *.amplitude.com *.tctm.co *.googleapis.com *.gstatic.com *.google.com google.com *.ggpht.com *.googleusercontent.com video.google.com www.youtube.com www.google.com/recaptcha www.gstatic.com/recaptcha static.hotjar.com *.clarity.ms googleads.g.doubleclick.net js-agent.newrelic.com analytics.google.com payments.braintree-api.com business.facebook.com pixel-config.reddit.com cdn-ws.turnto.com js.klevu.com statsjs.klevu.com vpsy1npuua.execute-api.us-east-1.amazonaws.com we.turnto.com eucs30v2.ksearchnet.com rr4---sn-5uaezny6.googlevideo.com stats.ksearchnet.com photos.pixlee.co unpkg.com zdticketintegration.boatoutfitters.com *.agkn.com *.zzz-script-src.com spn.so *.id5-sync.com js.zi-scripts.com upf.ai *.doubleclick.net blob: data: unsafe-eval https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.certcapture.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.turnto.com *.klevu.com *.ksearchnet.com tagmanager.google.com fonts.google.com *.userway.org *.cloudflare.com *.zzz-style-src.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.secureserver.net *.zzz-media-src.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io api.automizely.com api.automizely.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com *.certcapture.com https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.turnto.com *.klevu.com *.ksearchnet.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.boatoutfitters.com *.outdoornativitysets.com *.buildasurface.com *.osano.com cdn.cookielaw.org stats.g.doubleclick.net *.hotjar.io bat.bing.com geolocation.onetrust.com *.azurewebsites.net bam.nr-data.net *.zdassets.com analytics.tiktok.com ct.pinterest.com *.gorgias.chat *.ads.linkedin.com *.reddit.com *.redditstatic.com *.pixeltracker.co *.invoca.net *.criteo.com *.jst.ai *.userway.org *.amazonaws.com *.amplitude.com *.googleapis.com *.gstatic.com assets.adobedtm.com www.googleadservices.com js.braintreegateway.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googletagmanager.com www.google.com/recaptcha www.gstatic.com/recaptcha static.hotjar.com *.clarity.ms googleads.g.doubleclick.net js-agent.newrelic.com analytics.google.com payments.braintree-api.com business.facebook.com ipv6check.ksearchnet.com stats.ksearchnet.com zdticketintegration.boatoutfitters.com *.zzz-connect-src.com *.tiktokw.us *.datadome.co *.zi-scripts.com *.tinuiti.com *.zoominfo.com wss://ws.hotjar.com/api/v2/client/ws wss://*.gorgias.chat data: blob: wss://zdticketintegration.boatoutfitters.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.googleapis.com https://fast.wistia.com *.fontawesome.com *.googleapis.com *.gstatic.com blog.avery.ca data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://dpotest.print.avery.ca https://*.avery.ca self *.canadapost-postescanada.ca *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.canadapost.ca https://sso.epost.ca blog.avery.ca 'self' 'unsafe-inline'; frame-ancestors blog.avery.ca 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com accounts.google.com blog.avery.ca 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.facebook.com https://www.google.ca/ads/ga-audiences https://*.doubleclick.net https://assets.avery.ca https://*.wistia.com https://bat.bing.com https://c.bing.com/ https://c.clarity.ms/ https://dpotest.print.avery.ca https://*.avery.ca https://*.avery.com self https://s3.amazonaws.com https://averycamedia.blob.core.windows.net https://d3fr11die0a4t8.cloudfront.net/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com *.gstatic.com *.trackedlink.net blog.avery.ca data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://fast.wistia.net https://fast.wistia.com https://*.glancecdn.net https://bat.bing.com https://*.clarity.ms https://*.facebook.net https://*.pingdom.net https://*.livechatinc.com https://api.ipstack.com https://*.jquery.com/* https://*.avery.ca https://static.cloudflareinsights.com/beacon.min.js https://ws1.postescanada-canadapost.ca/js/addresscomplete-2.50.min.js https://pulse.clickguard.com/s/acckzZHxHmJmO/astNWLAlQk0ke js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.google.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal accounts.google.com *.fontawesome.com blog.avery.ca 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.wistia.com https://*.googleapis.com https://ws1.postescanada-canadapost.ca/css/addresscomplete-2.50.min.css unsafe-inline assets.braintreegateway.com *.fontawesome.com *.googleapis.com accounts.google.com blog.avery.ca 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.avery.ca https://*.facebook.com blog.avery.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.doubleclick.net https://fast.wistia.net https://*.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io/ https://pipedream.wistia.com https://distillery.wistia.com https://*.avery.ca https://*.glance.net https://*.clarity.ms/collect https://*.facebook.net https://www.facebook.com/tr/ https://rum-collector-2.pingdom.net https://*.livechatinc.com https://pulse.clickguard.com https://bat.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com accounts.google.com blog.avery.ca 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.avery.ca http: https: blob: 'self' 'unsafe-inline'; default-src blog.avery.ca 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Op7OQev2LLTsydnyYh1AXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zjLN89lHCmgqToytlaka4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors https://cms-stage.mediashop.bloomreach.cloud https://cms.mediashop.bloomreach.cloud 'self'; frame-src 'self' https://*.doubleclick.net meine-einkaufswelt.prod.welocal.cloud http://www.meine-einkaufswelt.tv https://www.meine-einkaufswelt.tv https://*.paypal.com *.usercentrics.eu youtube.com www.youtube.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: meine-einkaufswelt.prod.welocal.cloud http://www.meine-einkaufswelt.tv *.nosto.com *.cloudfront.net https://*.paypal.com *.usercentrics.eu https://cdn.tms.www.mediashop.tv https://tms.www.mediashop.tv www.youtube.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.usercentrics.eu https://tms.www.mediashop.tv https://i.ytimg.com; font-src 'self' data: https:; connect-src 'self' https: *.nosto.com https://*.paypal.com *.usercentrics.eu https://tms.www.mediashop.tv; media-src 'self' data: blob: https:; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-5da69cade5b456668744efe0d84642e9fcadf242' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
default-src 'self' *.contractorcommerce.com 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://*.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com https://accounts.google.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://images.unsplash.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com https://accounts.google.com https://www.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com https://accounts.google.com https://www.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-lphW1n7IG6ubccfIt4Dypw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.githubusercontent.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com *.meetanshi.com *.doubleclick.net *.googletagmanager.com *.yotpo.com https://meetanshi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io *.adobedtm.com *.demdex.net *.magentocommerce.com *.doubleclick.net *.google.com *.ytimg.com *.meetanshi.com *.yotpo.com *.bing.com *.googleapis.com *.solutionsstores.com https://firebasestorage.googleapis.com https://meetanshi.com/media/logo.png https://meetanshi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.googleapis.com *.yotpo.com widget.freshworks.com m2epro.freshdesk.com *.avada.io *.shopify.com player.vimeo.com *.meetanshi.com https://meetanshi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu *.googleapis.com *.demdex.net *.cardinalcommerce.com *.meetanshi.com *.yotpo.com *.freshworks.com *.freshdesk.com *.avada.io *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.bing.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io https://meetanshi.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu 'self' 'unsafe-inline' 'strict-dynamic'; script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu 'self' 'unsafe-inline' 'strict-dynamic'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://www.googletagmanager.com *.googleapis.com webcachex-eu.datareporter.eu *.fontawesome.com 'self' data: *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com tagmanager.google.com https://www.googletagmanager.com *.datareporter.eu js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.datareporter.eu *.fontawesome.com assets.braintreegateway.com *.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src ; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.datareporter.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; base-uri 'self' 'unsafe-inline'; report-uri https://www.regalraum.com/rest/V1/configurable-csp/request ; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.bootstrapcdn.com *.edrone.me *.googleapis.com *.google.com/recaptcha *.google-analytics.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.payline.com *.gstatic.com *.google.com/recaptcha *.google.com *.google-analytics.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.payline.com *.criteo.com *.facebook.net *.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha *.hotjar.com *.google-analytics.com *.cookiebot.com *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.dhl.pl *.dhl24.com.pl *.packeta.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.cookiebot.com https://img.youtube.com https://i.ytimg.com *.google-analytics.com *.googleadservices.com *.google.pl *.ssl.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha https://csr.onet.pl *.inistrack.net *.pixel.wp.pl https://pixel.wp.pl/api *.clarity.ms https://t.co *.bing.com *.yahoo.com *.criteo.com https://x.bidswitch.net https://ib.adnxs.com https://secure.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://eb2.3lift.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://ad.yieldlab.net https://dpm.demdex.net https://beacon.krxd.net https://a.twiago.com https://s.thebrighttag.com https://static.paynow.pl *.disqus.com *.addthisedge.com *.twitter.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com 'self' 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.ssl.google-analytics.com *.googleadservices.com *.criteo.com *.criteo.net *.savecart.pl *.trustedshops.com *.edrone.me *.cloudfront.net *.googleapis.com http://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js *.goadservices.com *.onet.pl *.tagmanager.google.com https://ocdn.eu *.cardinalcommerce.com *.hotjar.com https://live-chat.chatbotize.com/chatbotize-entrypoint.min.js *.pixel.wp.pl https://pixel.wp.pl/w/tr.js https://pixel.wp.pl *.inistrack.net https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js *.cookiebot.com *.bing.com *.twitter.com *.inis360.com *.cdngazeta.com *.cdngazeta.pl cdngazeta.pl *.googleoptimize.com *.clarity.ms https://artemis-cdn.ocdn.eu https://p.gsitrix.com https://o.gsitrix.com/sys.php https://bam.eu01.nr-data.net https://static.ads-twitter.com https://analytics.tiktok.com https://ec.monplat-cdn.com *.luigisbox.com https://static.paynow.pl https://cdnjs.cloudflare.com *.disqus.com *.addthis.com *.moatads.com *.addthisedge.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.easypack24.net *.inpost.pl *.packeta.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' googleadservices.com cdn.luigisbox.com 'unsafe-eval' dwin1.com awin1.com zenaps.com the.sciencebehindecommerce.com *.clickonometrics.pl *.luigisbox.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.bootstrapcdn.com *.edrone.me *.trustedshops.com *.google.com/recaptcha *.tagmanager.google.com *.google-analytics.com *.cookiebot.com *.savecart.pl *.luigisbox.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.easypack24.net *.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' cdn.luigisbox.com imgsct.cookiebot.com fonts.googleapis.com  cdnjs.cloudflare.com widgets.trustedshops.com *.luigisbox.tech 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src https://tolpapl.savecart.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.edrone.me *.trustedshops.com *.google.com/recaptcha http://d3bo67muzbfgtl.cloudfront.net/externals *.cardinalcommerce.com *.onet.pl *.hotjar.com https://www.googleapis.com/pagespeedonline *.googleapis.com *.savecart.pl *.cookiebot.com *.clarity.ms https://p.gsitrix.com https://bam.eu01.nr-data.net https://clk.leadexpert.pl https://analytics.tiktok.com *.luigisbox.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.packeta.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-eval' pixel.wp.pl dwin1.com awin1.com zenaps.com the.sciencebehindecommerce.com *.luigisbox.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.iubenda.com *.criteo.com *.klaviyo.com applepay.cdn-apple.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.thron.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.iubenda.com *.klaviyo.com *.criteo.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.klarna.com *.thron.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.iubenda.com *.criteo.com *.google.it *.klarnaservices.com *.klaviyo.com *.thron.com *.cloudfront.net https://cdn.clerk.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.chervo.com *.clerk.io *.iubenda.com *.criteo.com *.klaviyo.com *.igodigital.com *.thron.com *.zdassets.com *.zendesk.com *.hotjar.com https://api.clerk.io https://cdn.clerk.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.chervo.com *.clerk.io *.iubenda.com *.criteo.com *.klaviyo.com https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net https://static.klaviyo.com maxcdn.bootstrapcdn.com *.thron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thron.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.iubenda.com *.clerk.io *.criteo.com *.hotjar.io *.klaviyo.com *.sentry.io *.thron.com *.zdassets.com *.zendesk.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.chervo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self' *.smartenergygb.org; connect-src 'self' *.smartenergygb.org *.clarity.ms *.doubleclick.net *.google.co.uk *.google.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.linkedin.com *.reciteme.com *.snapchat.com *.teads.tv *.webtrends-optimize.com *.webtrends-optimize.workers.dev analytics.tiktok.com api.getaddress.io capig.tandpgroup.com cdn-ukwest.onetrust.com ct.pinterest.com geolocation.onetrust.com google.com pixel-config.reddit.com privacyportal-uk.onetrust.com s.yimg.com www.redditstatic.com tr.blismedia.com i0lne9atrk.execute-api.eu-west-2.amazonaws.com o4506903028891648.ingest.us.sentry.io; default-src 'self' *.smartenergygb.org *.clarity.ms marketplace.umbraco.com our.umbraco.com; font-src 'self' data: *.smartenergygb.org *.clarity.ms *.hotjar.com *.reciteme.com fonts.gstatic.com; frame-ancestors 'self' *.smartenergygb.org *.vimeo.com *.youtube.com vimeo.com youtube.com; frame-src 'self' *.smartenergygb.org *.clarity.ms *.doubleclick.net *.googletagmanager.com *.teads.tv *.youtube.com ct.pinterest.com form.typeform.com insight.adsrvr.org smartenergygb.viznav.liquona.com tr.snapchat.com youtube.com; form-action 'self' *.smartenergygb.org; img-src 'self' data: *.smartenergygb.org *.adalyser.com *.adswizz.com *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.google.co.uk *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.linkedin.com *.nextdoor.com *.reciteme.com *.teads.tv *.webtrends-optimize.com ads-twitter.com ads-api.twitter.com alb.reddit.com analytics.twitter.com cdn-ukwest.onetrust.com dashboard.umbraco.com google.com googletagmanager.com i.ytimg.com our.umbraco.com sp.analytics.yahoo.com t.co tr.blismedia.com; media-src 'self' *.smartenergygb.org *.clarity.ms *.reciteme.com; object-src 'self' *.smartenergygb.org *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartenergygb.org *.adalyser.com *.clarity.ms *.doubleclick.net *.google.co.uk *.google.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.nextdoor.com *.reciteme.com *.teads.tv *.webtrends-optimize.com *.webtrends-optimize.workers.dev *.youtube.com ads-twitter.com ads-api.twitter.com analytics.tiktok.com analytics.twitter.com cdn.jsdelivr.net cdn-ukwest.onetrust.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net ct.pinterest.com googletagmanager.com js.adsrvr.org platform.twitter.com s.pinimg.com s.yimg.com sc-static.net sitepixel.blis.com snap.licdn.com static.ads-twitter.com static.cloudflareinsights.com tr.snapchat.com translations.signapsesolutions.com unpkg.com www.redditstatic.com youtube.com; style-src 'self' 'unsafe-inline' *.smartenergygb.org *.clarity.ms *.google.co.uk *.google.com *.googletagmanager.com *.hotjar.com *.reciteme.com *.webtrends-optimize.com *.webtrends-optimize.workers.dev fonts.googleapis.com googletagmanager.com 1
connect-src 'self' *.giveffect.com *.googleapis.com doublethedonation.com *.paypal.com *.google.com *.google.ca *.linkedin.com *.google-analytics.com *.g2crowd.com *.doubleclick.net *.hscollectedforms.net *.hubspot.com *.facebook.com *.facebook.net *.adroll.com *.googleadservices.com *.gstatic.com *.calendly.com calendly.com wss://widget-mediator.zopim.com vimeo.com *.hsforms.com; default-src 'none'; font-src * data:; frame-src 'self' *.giveffect.com h.online-metrix.net *.google.com *.stripe.com *.paypal.com *.youtube.com *.doubleclick.net *.paypalobjects.com *.vimeo.com *.adroll.com *.facebook.com *.calendly.com calendly.com; img-src * blob: data:; media-src * blob: data:; object-src 'self'; script-src 'self' *.giveffect.com 'unsafe-inline' 'unsafe-eval' giveffect-assets.s3.amazonaws.com cdnjs.cloudflare.com connect.facebook.net *.googleapis.com *.google.com cdn.jsdelivr.net doublethedonation.com/api/js/ *.paypal.com *.stripe.com www.gstatic.com *.bootstrapcdn.com *.calendly.com calendly.com code.jquery.com d3js.org h64.online-metrix.net js.hscollectedforms.net cdn.datatables.net *.twitter.com *.hs-scripts.com *.hs-banner.com www.googletagmanager.com *.google-analytics.com snap.licdn.com *.g2crowd.com *.hubspot.com *.paypalobjects.com *.hs-analytics.net *.adroll.com *.vimeo.com; style-src 'self' 'unsafe-inline' giveffect-assets.s3.amazonaws.com *.googleapis.com cdnjs.cloudflare.com doublethedonation.com *.calendly.com cdn.jsdelivr.net *.bootstrapcdn.com fonts.googleapis.com *.googletagmanager.com; report-uri https://www.giveffect.com/csp_reports 1
worker-src https://www.google.com/recaptcha/api2/ https://www.smilemakers.com blob: 'self'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://web-modules-de-na1.niceincontact.com *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.fontawesome.com https://smilemakers.com https://smilemakerscanada.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com core.spreedly.com https://smilemakers.us19.list-manage.com 'self' 'unsafe-inline'; frame-ancestors *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com core.spreedly.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://web-modules-de-na1.niceincontact.com https://smi.az1.qualtrics.com https://otc.az1.qualtrics.com *.google.com https://smilemakers.com https://bat.bing.com *.bing.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com *.gstatic.com https://px.ads.linkedin.com https://insight.adsrvr.org https://www.facebook.com https://www.google.co.in https://www.googletagmanager.com https://connect.facebook.net https://api.bluecore.app/api/ https://cdnjs.cloudflare.com https://www.smilemakers.com/media/ https://www.smilemakers.com/smk_inc/ *.cloudflare.com *.zopim.com *.qualtrics.com https://www.smilemakers.com https://smilemakerscanada.com https://bat.bing.com *.bing.com https://www.smilemakerscanada.com/static/ https://www.smilemakerscanada.com/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.apptrian.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com core.spreedly.com *.subscribepro.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com https://web-modules-de-na1.niceincontact.com https://js.adsrvr.org https://snap.licdn.com https://cmp.osano.com https://www.smilemakers.com https://api.bluecore.com https://livechat-static-de-na1.niceincontact.com https://script.crazyegg.com https://cdn.quantummetric.com https://www.google-analytics.com https://connect.facebook.net https://bat.bing.com *.bing.com https://e.monetate.net https://se.monetate.net https://f.monetate.net https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://core.spreedly.com/iframe/ https://s3.amazonaws.com https://www.datadoghq-browser-agent.com *.google.com https://static.cloudflareinsights.com *.crazyegg.com *.zdassets.com *.foresee.com *.qualtrics.com *.fontawesome.com https://js-agent.newrelic.com *.bluecore.com *.cloudflareinsights.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.subscribepro.com tagmanager.google.com https://web-modules-de-na1.niceincontact.com https://fonts.googleapis.com/css https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://e.monetate.net https://script.crazyegg.com https://cdn-images.mailchimp.com *.googleapis.com *.monetate.net *.crazyegg.com *.foresee.com *.zdassets.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.zopim.com https://fonts.gstatic.com https://www.smilemakers.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.subscribepro.com core.spreedly.com https://www.google-analytics.com *.google.com https://app-de-na1.niceincontact.com https://web-modules-de-na1.niceincontact.com https://insight.adsrvr.org https://www.smilemakers.com https://analytics.google.com https://ingest.quantummetric.com https://www.google.com/recaptcha/api2/ https://channels-de-na1.niceincontact.com https://siteassets.bluecore.com https://px.ads.linkedin.com wss://chat-gw-de-na1.niceincontact.com https://location-de-na1.niceincontact.com https://cdnjs.cloudflare.com https://consent.api.osano.com https://stats.g.doubleclick.net/g/ https://100.20.58.101 https://34.215.155.61 https://44.238.122.172 https://35.85.84.151 https://35.160.46.251 https://44.228.85.26 *.cloudflare.com *.zopim.com wss://*.zopim.com *.crazyegg.com *.zdassets.com *.foresee.com *.qualtrics.com https://www.datadoghq-browser-agent.com https://bam.nr-data.net https://onsitestats.bluecore.com https://api.bluecore.app https://site.bluecore.com *.bluecore.com https://bat.bing.com *.bing.com https://cdn.quantummetric.com *.quantummetric.com *.cloudflareinsights.com *.newrelic.com https://cmp.osano.com https://www.facebook.com/privacy_sandbox https://digital-oauth-de-na1.niceincontact.com https://js-agent.newrelic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
media-src 'self' *.amazonaws.com *.scanova.io; frame-src 'self' *.youtube.com *.amazonaws.com *.googletagmanager.com *.scanova.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflare.com static.cloudflareinsights.com qcg-media.s3.us-west-2.amazonaws.com qcg-media.scanova.io qcg-media.s3.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.youtube.com *.bootstrapcdn.com *.amazonaws.com d3w59vk119vao7.cloudfront.net dls9myz2twfto.cloudfront.net *.jsdelivr.net *.facebook.net googleads.g.doubleclick.net *.licdn.com cdn.scnv.io; style-src-elem 'self' 'unsafe-inline' *.googleapis.com qcg-media.s3.amazonaws.com qcg-media.scanova.io qcg-media.s3.us-west-2.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.bootstrapcdn.com *.amazonaws.com *.flaticon.com d3w59vk119vao7.cloudfront.net dls9myz2twfto.cloudfront.net cdn.scnv.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.amazonaws.com *.scanova.io; img-src 'self' data: https://* *.amazonaws.com *.scanova.io; frame-ancestors 'self' https://*; default-src 'self' *.amazonaws.com d3w59vk119vao7.cloudfront.net dls9myz2twfto.cloudfront.net cdn.scnv.io; connect-src 'self' *.google.com *.amazonaws.com *.cloudfare.com *.linkedin.com *.scanova.io; form-action 'self'; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com *.bootstrapcdn.com *.amazonaws.com *.scanova.io *.flaticon.com d3w59vk119vao7.cloudfront.net dls9myz2twfto.cloudfront.net cdn.scnv.io; report-uri https://scanova.uriports.com/reports/report/ 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-mZx4MQN5kCogiYxc7UtumQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.co.uk https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
; worker-src 'strict-dynamic'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.managed-protection.com https://www.googletagmanager.com; report-uri https://acronis.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nx5xTJcGjDGeu4ss-pZoGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ZojhoKksmMH6yah3_dWcgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-ldWh1upOUNO7Y1EH3_2Q3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://snap.licdn.com https://googleads.g.doubleclick.net https://maps.googleapis.com unpkg.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.vopak.com/cspreport 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://ekr.zdassets.com http://ekr.zdassets.com ekr.zdassets.com https://*.zopim.com http://*.zopim.com *.zopim.com wss://widget-mediator.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.cookiepro.com http://*.cookiepro.com *.cookiepro.com https://*.google.com http://*.google.com *.google.com https://*.podscribe.com http://*.podscribe.com *.podscribe.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://pixel-config.reddit.com http://pixel-config.reddit.com pixel-config.reddit.com https://www.redditstatic.com http://www.redditstatic.com www.redditstatic.com https://www.facebook.com http://www.facebook.com www.facebook.com https://sessions.bugsnag.com http://sessions.bugsnag.com sessions.bugsnag.com wss://ws-mt1.pusher.com https://*.postcodeanywhere.co.uk http://*.postcodeanywhere.co.uk *.postcodeanywhere.co.uk https://*.zendesk.com http://*.zendesk.com *.zendesk.com https://*.googlesyndication.com http://*.googlesyndication.com *.googlesyndication.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net https://*.zopim.com http://*.zopim.com *.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.bugherd.com http://*.bugherd.com *.bugherd.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com http://www.facebook.com www.facebook.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://t.co http://t.co t.co https://www.facebook.com http://www.facebook.com www.facebook.com https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://alb.reddit.com http://alb.reddit.com alb.reddit.com https://bat.bing.com http://bat.bing.com bat.bing.com https://*.cookiepro.com http://*.cookiepro.com *.cookiepro.com https://verifi.podscribe.com http://verifi.podscribe.com verifi.podscribe.com https://d2iiunr5ws5ch1.cloudfront.net http://d2iiunr5ws5ch1.cloudfront.net d2iiunr5ws5ch1.cloudfront.net https://*.postcodeanywhere.co.uk http://*.postcodeanywhere.co.uk *.postcodeanywhere.co.uk https://placehold.co http://placehold.co placehold.co https://*.googlesyndication.com http://*.googlesyndication.com *.googlesyndication.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com https://static.zdassets.com http://static.zdassets.com static.zdassets.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://static.zdassets.com http://static.zdassets.com static.zdassets.com https://*.twitter.com http://*.twitter.com *.twitter.com https://static.ads-twitter.com http://static.ads-twitter.com static.ads-twitter.com https://*.facebook.net http://*.facebook.net *.facebook.net https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://cdn.co-buying.com http://cdn.co-buying.com cdn.co-buying.com https://*.bugherd.com http://*.bugherd.com *.bugherd.com https://*.postcodeanywhere.co.uk http://*.postcodeanywhere.co.uk *.postcodeanywhere.co.uk https://*.pcapredict.com http://*.pcapredict.com *.pcapredict.com https://*.cookiepro.com http://*.cookiepro.com *.cookiepro.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.bing.com http://*.bing.com *.bing.com https://*.redditstatic.com http://*.redditstatic.com *.redditstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.postcodeanywhere.co.uk http://*.postcodeanywhere.co.uk *.postcodeanywhere.co.uk 'unsafe-inline' 1
default-src 'self' ; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' * blob:; font-src data: 'unsafe-inline' *; style-src 'unsafe-inline' *; media-src * blob:; report-uri https://www.senate.be/_csp 1
style-src-elem cdn.jsdelivr.net fonts.googleapis.com *.bootstrapcdn.com *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch *.bing.com *.ratepay.com; script-src-elem cdn.jsdelivr.net www.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com cdn.usersnap.com api.usersnap.com *.facebook.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.usercentrics.eu *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch *.adcell.com *.etrusted.com *.bounce-commerce.de *.belboon.de *.trk42.net *.mediards.de sibautomation.com unpkg.com *.bing.com *.ratepay.com *.trustedshops.com *.sovendus.com tr.mediards.com; font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: online.swagger.io *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com www.google.com *.google.com *.facebook.com *.hubspot.com *.usercentrics.eu *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch *.belboon.com sibautomation.com *.mpay24.com *.sovendus-connect.com www.xtento.com www.jsctool.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net online.swagger.io cdn.usersnap.com cdn.jsdelivr.net www.facebook.com www.google.at *.ecxdev.io *.hsforms.com *.hubspot.com *.usercentrics.eu *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch www.xtento.com cdn.xtento.com d.ratepay.com https://redchamps.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com *.klarnaservices.com *.avada.io *.fontawesome.com polyfill.io *.usersnap.com *.google.com *.gstatic.com *.payments-amazon.com *.facebook.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.net *.hubspot.com *.usemessages.com *.usercentrics.eu *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch www.xtento.com cdn.xtento.com d.ratepay.com www.jsctool.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch d.ratepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io api.usersnap.com *.algolianet.com *.algolia.net *.amazon.com *.paypal.com *.google-analytics.com *.hscollectedforms.net *.hsforms.com *.hubspot.com *.usercentrics.eu *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch *.bounce-commerce.de *.brevo.com *.sovendus.com d.ratepay.com www.jsctool.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval';, base-uri *.ddev.site *.cbd-vital.at *.cbd-vital.de *.cbd-vital.cc *.cbd-vital.it *.cbd-vital.fr *.vitrasan.com *.aquatadeus.at *.aquatadeus.de *.spermidin-plus.at *.spermidin-plus.de *.spermidin-plus.ch 'self' 'unsafe-inline'; 1
prefetch-src live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud; worker-src live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud; font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.elfsightcdn.com *.feefo.com *.onetrust.com lantern.roeye.com *.sweetanalytics.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.elfsight.com euwa.puzzel.com *.feefo.com berrythompson.innocraft.cloud *.puzzel.com *.onetrust.com *.sweetanalytics.com unpkg.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; object-src live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflarestream.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sagepay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.puzzel.com *.feefo.com *.elfsight.com berrythompson.innocraft.cloud *.onetrust.com *.sweetanalytics.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com live.opayo.eu.elavon.com *.opayo.eu sandbox.opayo.eu.elavon.com assets.ci.opayo.cloud assets.opayo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a19bde59-13ef-45e6-afd8-1c13b7fc2c39.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.scite.ai https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com www.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.doubleclick.net *.facebook.com *.googletagmanager.com www.google.ae www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.ec www.google.com.hk www.google.com.ly www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.pe www.google.com.pk www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.kz www.google.lt www.google.lv www.google.nl www.google.pl www.google.pt www.google.se www.google.si www.google.sk https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.google.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.hotjar.com *.zdassets.com https://browser.sentry-cdn.com *.kaptcha.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudflare.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.typeform.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com downloads.mailchimp.com *.fonts.net *.googletagmanager.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.tagmanager.google.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.bamboohr.com *.doubleclick.net *.facebook.com *.hotjar.com *.hotjar.io *.zdassets.com www.google.ae www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com.au www.google.com.br www.google.com.co www.google.com.mx www.google.com.my www.google.com.pk www.google.com.pr www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gr www.google.ht www.google.it www.google.lv www.google.nl www.google.pl www.google.pt www.google.se www.google.sk https://*.ingest.sentry.io *.kaptcha.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.run.app *.typeform.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://2a23ab1b-97ea-4c5d-acc0-9b094bdc7879.sansec.watch/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://images.unsplash.com https://eprel.ec.europa.eu cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://maps.googleapis.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tweakwise.com *.tweakwisenavigator.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://player.vimeo.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tweakwise.com *.tweakwisenavigator.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.juntadeandalucia.es juntadeandalucia.es;                            img-src 'self' data:  *.juntadeandalucia.es juntadeandalucia.es cdn.juntadeandalucia.es *.googletagmanager.com;                                     script-src 'self' *.juntadeandalucia.es juntadeandalucia.es  *.googletagmanager.com *.google-analytics.com dub01.online.tableau.com 'unsafe-inline' 'unsafe-eval' blob:;                                     connect-src 'self' *.google-analytics.com cdn.juntadeandalucia.es datos.juntadeandalucia.es;                                     style-src 'self' *.juntadeandalucia.es juntadeandalucia.es fonts.googleapis.com 'unsafe-inline';                                     style-src-elem 'self' *.juntadeandalucia.es juntadeandalucia.es fonts.googleapis.com 'unsafe-inline';                            font-src 'self' *.juntadeandalucia.es fonts.gstatic.com;                            object-src 'none';                                     frame-src 'self' https://www.youtube.com https://tableaupublico.juntadeandalucia.es https://storagecdnvlc.codev8.net;                                     media-src 'self' https://storagecdnvlc.codev8.net; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-4R3UQVvLQBSvupUoocNaHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
base-uri 'self'; form-action 'self'; default-src 'self'; connect-src 'self' data: https://stats.nederhost.nl/ https://zammad.nederhost.nl/ wss://zammad.nederhost.nl/; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; report-to csp-endpoint; report-uri /_/report_csp_violation; script-src 'self' 'nonce-Zju2Jik0f5HKoKz3' 'unsafe-eval' https://stats.nederhost.nl/ https://cdn.matomo.cloud/stats.nederhost.nl/ https://zammad.nederhost.nl/; style-src 'self' data: 'nonce-Zju2Jik0f5HKoKz3' https://zammad.nederhost.nl/; style-src-attr 'unsafe-inline'; 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ https://pay.google.com/ https://*.paysafe.com https://api.test.paysafe.com https://applepay.cdn-apple.com/ https://www.datadoghq-browser-agent.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com https://fonts.googleapis.com/css; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/ https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://www.google.com/recaptcha/ https://*.paysafe.com https://api.test.paysafe.com https://browser-intake-datadoghq.eu/; font-src * data:; object-src 'none'; 1
default-src 'self'; script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-39f3029711'; script-src-attr 'nonce-39f3029711' https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js; style-src 'self' https://d10lpsik1i8c69.cloudfront.net https://tags.srv.stackadapt.com https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://*.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com; img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://td.doubleclick.net/; font-src 'self' data:; base-uri 'self'; manifest-src 'self'; object-src 'none'; worker-src blob: ; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.google.com maps.googleapis.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
base-uri 'self'; child-src 'self'; connect-src 'self' sicoob.com.br *.sicoob.com.br google.com *.google.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com clarity.ms *.clarity.ms; default-src 'self' sicoob.com.br *.sicoob.com.br; font-src 'self'; frame-src 'self'; media-src 'self'; script-src 'self' sicoob.com.br *.sicoob.com.br google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com google.com *.google.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZAsmeQbvGs2__LuqCICSKqwkoufBWoLzprmgTTQwjeA-1773716079-1.0.1.1-7v.5txfvzbYEMDijSePwJyhpnmaQXJdrJGRH8K_GaYKS9FLy6lqvfbX1JLuRPGx0g.OYDsjPgoa20Y2b0tP9H6RqCiSV4szj32AqKbVXfWyPavSFO7gDBZVHEEj0XraiLH6A8FKHNIUrKXbmbwkuOUR1Db1PyKkG6_tS.US0LvsAQnFmosX3E.h8EorFax8jpLvfuUv3ORVubMWACY8jhw; report-to cf-siwaqgakesqvnjcd 1
font-src https://*.gstatic.com *.fontawesome.com *.gstatic.com data: https://*.hotjar.com https://fonts.gstatic.com https://www.tommeetippee.com https://cdn.channelsight.com https://*.cloudfront.net https://shop.tommeetippee.com https://*.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.xtento.com https://*.demdex.net https://*.adyen.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com https://*.cloudiq.com https://optimize.google.com https://widget.trustpilot.com https://*.quiq-cdn.com https://*.pinterest.com https://*.mention-me.com https://shop.tommeetippee.com accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://*.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com https://optimize.google.com https://cdn.channelsight.com https://secure.tommeetippee.com https://*.pixriot.com https://www.storeimaging.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.cloudfront.net https://shop.tommeetippee.com *.pixriot.com *.storeimaging.com https://site-assets.afterpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.adyen.com *.exponea.com www.xtento.com cdn.xtento.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com https://*.paypal.com https://*.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://static.cloudflareinsights.com https://*.quiq-api.com https://*.quiq-cdn.com https://*.pixriot.com https://js.monitor.azure.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.fullstory.com  https://apps.storystream.ai https://www.dwin1.com https://*.px-cloud.net https://*.px-cdn.net https://*.mention-me.com https://cdn.stape.io https://shop.tommeetippee.com https://*.klarnaservices.com https://chat.digitalgenius.com *.avada.io accounts.google.com https://js.afterpay.com https://*.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.fontawesome.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://*.googleapis.com/ https://optimize.google.com https://cdn.channelsight.com https://*.cloudfront.net https://www.googletagmanager.com https://shop.tommeetippee.com https://*.klarnacdn.net accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.exponea.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com https://*.cloudiq.com https://*.paypal.com https://*.googleapis.com https://api.channelsight.com https://*.pixriot.com https://dc.services.visualstudio.com https://*.fullstory.com https://*.clarity.ms https://*.google-analytics.com https://*.px-cloud.net https://*.px-cdn.net https://*.cloudfront.net https://*.nr-data.net https://*.mention-me.com *.dxpapi.com https://shop.tommeetippee.com https://*.klarnaservices.com *.pixriot.com *.storeimaging.com https://get.geojs.io *.avada.io accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Dx6Q6e__g2utmeOAVcZYKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'unsafe-inline' *; base-uri 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; frame-ancestors 'none'; worker-src 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-f56kwOGJEkrhV1prALAFNQ=='; object-src 'none'; media-src *; font-src 'self' data:; img-src blob: data: * 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com mcstaging.packersproshop.com www.packersproshop.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.google.com *.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com 'self' 'unsafe-inline' adobe.com *.affirm.com *.bing.com *.bing.net *.scorecardresearch.com *.cloudfront.net *.cookielaw.org *.google.com.au *.googlesyndication.com *.mathtag.com *.mimecast.com *.zonos.com mcstaging.packersproshop.com www.packersproshop.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com  *.bing.com d1z2jf7jlzjs58.cloudfront.net *.c212.net *.cookielaw.org *.everestjs.net *.iglobalstores.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com www.google.com *.mathtag.com *.onetrust.com *.scorecardresearch.com *.packersproshop.com *.tiktok.com *.zonos.com acds-events.adobe.io js-agent.newrelic.com mcstaging.packersproshop.com www.packersproshop.com https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com mcstaging.packersproshop.com www.packersproshop.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.adobedtm.com bam.nr-data.net *.bing.com *.bing.net *.cardinalcommerce.com *.scorecardresearch.com *.cloudfront.net *.cookielaw.org *.demdex.net *.everesttech.net *.google-analytics.com *.googlesyndication.com *.gstatic.com www.google.com *.omtrdc.net *.onetrust.com *.parsely.com *.tiktok.com *.zonos.com sedge.nfl.com mcstaging.packersproshop.com www.packersproshop.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com mcstaging.packersproshop.com www.packersproshop.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://1a78f49d-a75b-466e-a8d0-2a6f25a8e22d.sansec.watch/; report-to report-endpoint; 1
default-src 'self';          connect-src corvirtus.com 'self';         frame-src www.facebook.com;         script-src-elem ajax.aspnetcdn.com cdnsrc.asp.net www.google-analytics.com connect.facebook.net 'self';         style-src-elem maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'sha256-o6wSC15InKzMdQsAjlOwalELkGSpN0I4/fzIfw2Ckvg=';         font-src maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com *.flixfacts.com *.flixcar.com *.googleapis.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.clarity.ms *.bing.com *.doubleclick.net *.criteo.com *.criteo.net *.facebook.com *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.googletagmanager.com *.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.loadbee.com *.flixfacts.com *.flixgvid.com *.flixcar.com *.flix360.io *.cookiebot.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.hotjar.com *.newrelic.com *.nr-data.net *.adobedtm.com *.adobe.com *.authorize.net *.braintreegateway.com *.paypalobjects.com *.ytimg.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.google.com *.cardinalcommerce.com *.bazaarvoice.com *.iesnare.com *.buckaroo.nl *.dotdigital.com *.dotdigital-pages.com *.trackedlink.net *.trackedweb.net *.ccdc02.com *.googleoptimize.com *.hs-scripts.com *.hsforms.net *.hubspot.com *.hscollectedforms.net *.hs-banner.net *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.com *.hs-banner.com *.hs-analytics.com *.hsadspixel.com *.amazonaws.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com track-eu1.hubspot.com forms-eu1.hsforms.com *.facebook.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.tweakwise.com *.clarity.ms *.bing.com *.criteo.com *.criteo.net *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.loadbee.com *.flixcar.com *.publitas.com *.cookiebot.com *.hotjar.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.clarity.ms *.bing.com *.doubleclick.net *.criteo.com *.criteo.net *.facebook.com *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.googletagmanager.com *.hsforms.com *.hubspot.com *.hs-sites-eu1.com *.visualwebsiteoptimizer.com *.aiden.cx 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com *.loadbee.com *.flixfacts.com *.flixgvid.com *.flixcar.com *.flix360.io *.google.com *.google.nl *.electroworld.nl *.dewitgoedspecialist.nl *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net *.magentocommerce.com *.googleadservices.com *.paypalobjects.com *.vimeo.com *.ytimg.com *.swagger.io *.bazaarvoice.com *.buckaroo.nl *.braintreegateway.com *.googleapis.com *.hubspot.com *.hscollectedforms.net *.hs-banner.net *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.com *.hs-banner.com *.hs-analytics.com *.hsadspixel.com *.amazonaws.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com track-eu1.hubspot.com forms-eu1.hsforms.com *.360yield.com *.smartclip.net *.yieldlab.net *.bing.com *.krxd.net *.adform.net *.doubleclick.net *.media.net *.adscale.de *.tremorhub.com *.teads.tv *.criteo.com *.criteo.net *.3lift.com *.mediavine.com *.liadm.com *.adnxs.com *.id5-sync.com *.rlcdn.com *.sharethrough.com *.rubiconproject.com *.casalemedia.com *.smartadserver.com *.thebrighttag.com *.pubmatic.com *.yieldmo.com *.taboola.com *.outbrain.com *.omnitagjs.com *.facebook.com *.bidswitch.net *.witgoedspecialist.nl *.tweakwise.com *.clarity.ms *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.googletagmanager.com id5-sync.com *.ivitrack.com *.jwpsrv.com *.jwplayer.com *.squeezely.tech *.hsappstatic.net *.visualwebsiteoptimizer.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com *.loadbee.com *.flixfacts.com *.flixgvid.com *.flixcar.com *.flix360.io *.publitas.com *.cookiebot.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.hotjar.com *.adobedtm.com *.authorize.net *.paypal.com *.paypalobjects.com *.ytimg.com *.googleapis.com *.vimeo.com *.cardinalcommerce.com *.bazaarvoice.com *.iesnare.com *.buckaroo.nl *.dotdigital.com *.dotdigital-pages.com *.trackedlink.net *.trackedweb.net *.ccdc02.com *.googleoptimize.com *.hs-scripts.com *.hsforms.net *.hubspot.com *.hscollectedforms.net *.hs-banner.net *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.com *.hs-banner.com *.hs-analytics.com *.hsadspixel.com *.amazonaws.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com track-eu1.hubspot.com forms-eu1.hsforms.com *.facebook.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.tweakwise.com *.clarity.ms *.bing.com *.criteo.com *.criteo.net *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com https://extreme-ip-lookup.com *.hubspotfeedback.com *.beslist.nl *.convertexperiments.com *.survicate.com squeezely.tech *.squeezely.tech *.funnelytics.io *.mouseflow.com *.visualwebsiteoptimizer.com unpkg.com *.aiden.cx *.kieskeurig.nl *.adnxs.com *.uxcam.com *.heap-api.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com *.flixcar.com *.googleapis.com *.gstatic.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.clarity.ms *.bing.com *.doubleclick.net *.criteo.com *.criteo.net *.facebook.com *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.googletagmanager.com *.ditiseentest.nl *.survicate.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.flixcar.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.loadbee.com *.flixfacts.com *.flixgvid.com *.flixcar.com *.flix360.io *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.paypalobjects.com *.cardinalcommerce.com *.bazaarvoice.com *.buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital.com *.dotdigital-pages.com *.googleapis.com *.hubspot.com *.hscollectedforms.net *.hs-banner.net *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.com *.hs-banner.com *.hs-analytics.com *.hsadspixel.com *.amazonaws.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com track-eu1.hubspot.com forms-eu1.hsforms.com *.facebook.com *.electroworld.nl *.dewitgoedspecialist.nl *.witgoedspecialist.nl *.tweakwise.com *.clarity.ms *.bing.com *.criteo.com *.criteo.net *.id5-sync.com *.yahoo.com *.facebook.net *.channelsight.com *.extreme-ip-lookup.com *.hubapi.com *.googletagmanager.com *.hotjar.io *.beslist.nl *.googlesyndication.com *.funnelytics.workers.dev *.funnelytics.io *.visualwebsiteoptimizer.com *.aiden.cx *.uxcam.com *.convertexperiments.com *.heap-api.com wss://ws.hotjar.com *.kieskeurig.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://client.crisp.chat https://cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net https://jqwidgets.com http://jquerygrid.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://maps.google.com/ *.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://image.crisp.chat cdn.jsdelivr.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://client.crisp.chat cdn.jsdelivr.net *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://client.crisp.chat cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app maxcdn.bootstrapcdn.com *.zip.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com magefan.com cm.magefan.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://img.youtube.com t.zip.co static.zipmoney.com.au static.zip.co https://imgs.signifyd.com https://*.online-metrix.net back3nd-zc8erm2098.camerahouse.com.au camerahouse.staging.overdose.digital *.camerahouse.com.au https://www.google.com.vn/ https://www.google.com.au/ x.bidswitch.net cm.g.doubleclick.net ib.adnxs.com tg.socdm.com r.casalemedia.com cs.adingo.jp ads.stickyadstv.com ad.360yield.com idsync.rlcdn.com contextual.media.net c.bing.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com s.ad.smaato.net rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv ade.clmbtech.com eb2.3lift.com sync-criteo.ads.yieldmo.com sync.1rx.io dis.criteo.com sync.targeting.unrulymedia.com image8.pubmatic.com ups.analytics.yahoo.com image4.pubmatic.com ad.doubleclick.net sync.aralego.com rtb.openx.net cdn.aralego.net um.simpli.fi public-prod-dspcookiematching.dmxleo.com vc.hotjar.io cdn.livechat-files.com bpi.zip.co zip.co maps.gstatic.com maps.google.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com https://cdn.searchspring.net/intellisuggest/is.min.js static.zipmoney.com.au static.zip.co zip.co https://cdn-scripts.signifyd.com https://imgs.signifyd.com back3nd-zc8erm2098.camerahouse.com.au *.camerahouse.com.au *.jst.ai *.livechatinc.com *.studio19.com *.crazyegg.com *.hotjar.com *.criteo.com *.google.com *.criteo.net *.studio19.com.au *.zip.co h64.online-metrix.net *.pcapredict.com *.searchspring.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.zip.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://beacon.searchspring.io/beacon https://imgs.signifyd.com back3nd-zc8erm2098.camerahouse.com.au *.camerahouse.com.au *.googleapis.com *.jst.ai *.doubleclick.net *.criteo.com *.crazyegg.com *.studio19.com.au *.zipmoney.com.au *.zip.co *.searchspring.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.liadm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://www.gstatic.com https://*.hsforms.net https://*.marker.io https://www.youtube.com/s/player/010fbc8d/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://*.hsadspixel.net https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hubspot.com https://*.hsleadflows.net https://*.hs-banner.com https://*.usemessages.com https://*.clarity.ms https://*.jsdelivr.net https://cdnjs.cloudflare.com https://js.zi-scripts.com https://googleads.g.doubleclick.net https://*.pixel.ad https://*.hs-scripts.com https://unpkg.com https://code.jquery.com https://*.spinutech.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://analytics.tiktok.com https://bat.bing.com https://cdn.mxpnl.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.taboola.com https://ddwl4m2hdecbv.cloudfront.net/b/ https://*.liadm.com https://b2bjsstore.s3.us-west-2.amazonaws.com https://*.stackadapt.com https://www.redditstatic.com; connect-src 'self' https://www.googleadservices.com https://www.googletagmanager.com https://*.zoominfo.com https://*.hsforms.com https://*.marker.io https://*.linkedin.com https://*.bing.com https://*.bing.net https://*.stape.biz https://*.facebook.net https://*.facebook.com https://*.clarity.ms https://*.hscollectedforms.net https://*.hubspot.com https://*.hubapi.com https://js.zi-scripts.com https://*.spinutech.com https://google.com https://www.google.com https://*.google.com https://*.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://px.ads.linkedin.com https://cdn.mxpnl.com https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://*.stackadapt.com https://pixel-config.reddit.com; img-src * 'self' data: android-webview-video-poster https://*.stackadapt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://cdn.jsdelivr.net https://*.stackadapt.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; manifest-src 'self' https://www.spinutech.com; frame-src 'self' https://*.hsforms.com https://www.google.com https://www.youtube.com https://*.sitescout.com https://www.googletagmanager.com https://mozbar.moz.com https://block.opendns.com https://*.doubleclick.net https://*.spinutech.com; worker-src 'self' blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com; report-uri https://services.spinudev.com/csp/cspreport; 1
object-src  'none'; connect-src 'self' *.devilsfilm.com *.famedigital.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.devilsfilm.com *.famedigital.com join.gammasecure.com; script-src 'self' *.devilsfilm.com *.famedigital.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.devilsfilm.com *.famedigital.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self'; script-src 'self' 'unsafe-eval' data: 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.cookiebot.com https://*.doubleclick.net https://*.googletagservices.com https://*.youtube.com https://*.vimeo.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.typekit.net; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.cookiebot.com https://securepubads.g.doubleclick.net https://*.googletagservices.com https://i.ytimg.com https://*.google.nl https://*.google.com https://*.typekit.net https://*.googleapis.com https://*.gstatic.com https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://*.wp.com; frame-src https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.cookiebot.com https://*.doubleclick.net https://*.googletagservices.com https://*.googletagmanager.com https://challenges.cloudflare.com; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.cookiebot.com https://*.vimeo.com https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.googleapis.com https://yoast.com; object-src 'none'; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fonts.net *.annefontaine.com mediacdn.espssl.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.annefontaine.com * *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hotjar.com *.vimeo.com vimeo.com secure.livechatinc.com *.pinterest.com *.criteo.com *.annefontaine.com *.weltpixel.com * *.sendcloud.sc *.jsdelivr.net *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.certcapture.com *.meetanshi.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.pinterest.com *.annefontaine.com *.listrakbi.com bat.bing.net *.zonos.com *.ubiconproject.com *.doubleclick.net *.gorgias.chat *.gorgias.io cdn.cookielaw.org cdn.files-text.com cdn.livechat-static.com id5-sync.com x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com gum.criteo.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com sync.1rx.io pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv sync.targeting.unrulymedia.com dis.criteo.com aa.agkn.com * *.bing.com *.bing.net *.bird.eu *.amazonaws.com guarantee-cdn.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.certcapture.com *.meetanshi.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com maps.gstatic.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com f.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://na-library.klarnaservices.com *.fonts.net *.listrakbi.com *.listrak.com g792337341.co *.hotjar.com *.facebook.com js-agent.newrelic.com bam.nr-data.net https://cdn.cookielaw.org *.appspot.com *.zonos.com vimeo.com *.bing.com https://bat.bing.com *.pinimg.com *.gorgias.chat *.criteo.com *.clarity.ms https://www.clarity.ms *.akamaized.net *.adscale.de *.casalemedia.com https://static.criteo.net https://dynamic.criteo.com https://sslwidget.criteo.com/ https://acsbapp.com *.annefontaine.com cdn.weglot.com cdn.livechatinc.com api.livechatinc.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page *.sendcloud.sc *.jsdelivr.net *.cloudflare.com guarantee-cdn.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.tiktok.com *.certcapture.com *.meetanshi.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com maps.googleapis.com ajax.googleapis.com *.instagram.com https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fonts.net *.listrakbi.com cdn.listrakbi.com *.annefontaine.com *.cash.app *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.certcapture.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.listrakbi.com *.pinterest.com bam.nr-data.net *.doubleclick.net stats.g.doubleclick.net *.zonos.com *.acsbapp.com acsbapp.com *.clarity.ms https://fonts.googleapis.com https://cdn.cookielaw.org *.criteo.com *.annefontaine.com cdn.weglot.com https://na-library.klarnaservices.com eu.klarnaevt.com *.gorgias.chat wss://us-east1-898b.gorgias.chat api.livechatinc.com cdn.livechatinc.com bat.bing.net *.onetrust.com * *.bing.com *.bing.net *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.facebook.com *.facebook.net *.googlesyndication.com *.tiktok.com *.certcapture.com *.meetanshi.com *.pinterdev.com commerce-app.pintergration.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gorgias.chat *.annefontaine.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com 'self' data: https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com www.google.com *.klarna.com *.google.com/ sc.bausep.de vars.hotjar.com ssl.hurra.com cdn.consentmanager.net googletagmanager.com www.paypalobjects.com googleads.g.doubleclick.net payment.unzer.com *.phoenix-media.cloud https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com googleadservices.com *.consentmanager.net widgets.trustedshops.com static.unzer.com google.com www.google.de paypal.com sc.bausep.de *.bausep.de bs-magento2-master.phoenix-media.cloud *.bing.com *.bing.net *.phoenix-media.cloud *.hsforms.net *.hsforms.com 'self' data: https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com ssl.hurra.com googletagmanager.com *.consentmanager.net widgets.trustedshops.com *.hotjar.com *.g.doubleclick.net payment.unzer.com *.bausep.de *.bing.com *.phoenix-media.cloud *.hsforms.net *.hsforms.com *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.bausep.de ssl.hurra.com *.hotjar.com googletagmanager.com google.de www.google.de www.google.com *.g.doubleclick.net payment.unzer.com *.bing.com *.bing.net *.phoenix-media.cloud t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com www.lochcarron.co.uk https://fonts.gstatic.com/ https://script.hotjar.com/ https://fonts.googleapis.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.lochcarron.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com www.lochcarron.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com www.google.com https://www.googletagmanager.com/ www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com www.lochcarron.co.uk *.issuu.com *.pinterest.com *.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com translate.googleapis.com services.postcodeanywhere.co.uk feed.amasty.net www.google.pl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.lochcarron.co.uk www.xtento.com cdn.xtento.com lochcarron.d6staging.co.uk *.google.com *.google.co.uk *.feefo.com *.facebook.com *.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ translate.googleapis.com translate.google.com translate-pa.googleapis.com services.postcodeanywhere.co.uk ct.pinterest.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com www.lochcarron.co.uk https://chimpstatic.com lochcarron.d6staging.co.uk *.zendesk.com *.zdassets.com *.facebook.com *.facebook.net *.doubleclick.net *.feefo.com *.pcapredict.com *.cloudflareinsights.com https://s.pinimg.com/ https://*.hotjar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.gstatic.com register.feefo.com services.postcodeanywhere.co.uk downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com assets.braintreegateway.com www.lochcarron.co.uk lochcarron.d6staging.co.uk https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.lochcarron.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com translate.googleapis.com services.postcodeanywhere.co.uk form-assets.mailchimp.com *.intuit.com *.amazonaws.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.lochcarron.co.uk *.zendesk.com *.zdassets.com *.feefo.com https://*.analytics.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.lochcarron.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.lochcarron.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.threatview.app/report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com static.addtoany.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com mcstaging.trainworld.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com static.addtoany.com connect.facebook.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://cdn.jsdelivr.net www.facebook.com graph.facebook.com business.facebook.com *.authorize.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com http://dpm.demdex.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-gwKBKp9plsNuynWOTJLKig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.bootstrapcdn.com js.klevu.com *.zopim.com xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com www.elesi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.googlesyndication.com *.tiktok.com www.facebook.com *.americanexpress.com *.arcot.com *.monzo.com *.securesuite.co.uk authentication-acs.marqeta.com www.elesi.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.elesi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com www.google.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.awin1.com *.zenaps.com assets.braintreegateway.com tst.kaptcha.com c.paypal.com *.zopim.com speedsize.com *.speedsize.com ct.pinterest.com *.freshchat.net *.freshchat.com *.useinsider.com *.arcot.com *.monzo.com *.securesuite.co.uk authentication-acs.marqeta.com account.fetchify.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com *.weltpixel.com www.elesi.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bing.com *.clarity.ms js.klevu.com cdn-cookieyes.com speedsize.com *.speedsize.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ct.pinterest.com www.google.co.uk *.googleapis.com *.ggpht *.sagepay.co.uk xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com *.easyfundraising.org.uk *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.elesi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com 'self' bat.bing.com js.klevu.com *.clarity.ms c.paypal.com chimpstatic.com cdn-cookieyes.com *.hotjar.com sentry.bigeyedeers.dev browser.sentry-cdn.com speedsize.com *.speedsize.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ tags.creativecdn.com player.vimeo.com *.youtube.com *.googleapis.com t.elesi.com t.soholighting.com porjs.com widget.trustpilot.com s.pinimg.com ct.pinterest.com *.freshchat.net *.freshchat.com fw-cdn.com xmpp-contact.unlimitedhorizon.co.uk www.paidonresults.net widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com www.elesi.com https://js.klevu.com https://el.elesi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.bootstrapcdn.com *.typekit.net js.klevu.com speedsize.com *.speedsize.com https://static.klaviyo.com *.freshchat.net *.freshchat.com xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com tagmanager.google.com www.elesi.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com speedsize.com *.speedsize.com www.elesi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.sandbox.braintree-api.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.trustpilot.com *.hotjar.com sentry.bigeyedeers.dev speedsize.com *.speedsize.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.google.co.uk ct.pinterest.com *.useinsider.com capig.stape.gl widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com www.elesi.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com www.elesi.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com elesi.com www.elesi.com cdn.elesi.com static.elesi.com soholighting.com www.soholighting.com cdn.soholighting.com static.soholighting.com lighteningbox.com www.lighteningbox.com cdn.lighteningbox.com static.lighteningbox.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.bigeyedeers.dev/api/6/security/?sentry_key=476f7497936cfb1dfb62eeeaa2a7f1cb; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ib-AdDgAO33DSadyTQM7eA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dTGGDPe0430uI-hoY-chRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HaV9R_KVM1hURRYlS9gP-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-P19p-bIU62TlsUeW623iCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
connect-src 'self' https://b.clarity.ms https://bat.bing.com https://ekr.zdassets.com https://numberbarn.zendesk.com wss://api.smooch.io; default-src 'none'; font-src 'report-sample' 'self' https://fonts.gstatic.com; form-action 'report-sample' 'self'; frame-ancestors 'report-sample' 'self'; frame-src 'self' https://js.stripe.com https://www.google.com; img-src 'report-sample' 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://static.zdassets.com https://www.facebook.com https://www.google.com; report-to default; report-uri https://www.tierra.net/special/report/csp; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://api.smooch.io https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.stripe.com https://snap.licdn.com https://static.zdassets.com https://www.clarity.ms https://www.clearhello.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com 1
object-src 'none';base-uri 'self';script-src 'nonce-u8wNpXwRRZZT74qq8MkmjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.cookiebot.com *.googletagmamanger.com https://*.google.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.twitter.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com magefan.com cm.magefan.com *.disqus.com www.magmodules.eu *.squeezely.tech i0.wp.com *.leef.nl *.linkedin.com *.varuvo.nl *.yourskin.nl *.zorghulpdrogist.nl https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com *.sooqr.com *.spotlersearch.com https://www.mollie.com *.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.disqus.com squeezely.tech www.squeezely.tech *.squeezely.tech *.clarity.ms cognito-identity.eu-central-1.amazonaws.com/ *.converterexperiments.com *.cookiebot.com *.corewebvitals.io developer.adobe.com *.facebook.net/ firehose.eu-central-1.amazonaws.com/ http://*.googleadservers.com *.google-analytics.com *.googlesyndication.com *.googletagmamanger.com *.hotjar.com *.licdn.com magento.com *.spotlersearch.com *.spotlersearchanalytics.com *.trustpilot.com *.zdassets.com *.zopim.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com *.sooqr.com spotlersearchanalytics.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com squeezely.tech *.squeezely.tech *.clarity.ms cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com *.linkedin.com *.zdassets.com *.zendesk.com *.zopim.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://97d26445-15c1-4709-bc48-e71e0c43973e.sansec.watch; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.clarity.ms https://connect.podium.com https://s.adroll.com https://d.adroll.com https://flask.nextdoor.com https://js.appboycdn.com https://c.hrzn-nxt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://connect.podium.com https://tags.srv.stackadapt.com; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://analytics.google.com https://mind-flayer.podium.com https://connect.podium.com https://app.launchdarkly.com https://events.launchdarkly.com https://d.adroll.com https://s.adroll.com https://flask.nextdoor.com https://www.clarity.ms https://apexchat.azurewebsites.net; frame-src 'self' https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com; media-src 'self' https://assets.podium.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yWexcNq-I1urUwE2JL-2Bg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com *.brooktaverner.us *.cloudflare.com *.gstatic.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.slant.co *.smassets.net *.typekit.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bugherd.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn account.fetchify.com *.mention-me.com *.convert.com *.doubleclick.net *.evri.com *.facebook.com *.gnatta.com google.com *.google.com *.googletagmanager.com *.surveymonkey.com *.termly.io *.trustpilot.com *.vimeo.com vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sweetanalytics.com *.brooktaverner.us *.ometria.com *.visualwebsiteoptimizer.com *.bing.com *.clarity.ms *.google.co.uk *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://maps.gstatic.com *.adalyser.com *.adroll.com *.bing.net brippo.s3.amazonaws.com *.brooktaverner.co.uk *.cloudflare.com *.convertexperiments.com d3k81ch9hvuctc.cloudfront.net *.doubleclick.net ebizmartsextensions.s3.amazonaws.com *.facebook.com *.facebook.net gnattawatchtower.blob.core.windows.net *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.so www.google.tg www.google.tn www.google.tt www.google.vu google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com mageside.com *.omguk.com *.smassets.net t.co *.twitter.com *.vimeo.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.glopal.com *.sweetanalytics.com *.ometria.com *.ads-twitter.com *.twitter.com *.googletagmanager.com *.visualwebsiteoptimizer.com *.zdassets.com *.bing.com *.clarity.ms *.adroll.com *.bugherd.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://maps.googleapis.com *.mention-me.com *.33across.com *.adalyser.com *.brooktaverner.co.uk brooktaverner.us *.brooktaverner.us *.cloudflare.com *.cloudflareinsights.com *.convert.com *.convertexperiments.com *.doubleclick.net *.evri.com *.facebook.net *.getelevar.com *.gnatta.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.klaviyo.com *.omguk.com *.paypal.com *.surveymonkey.com *.termly.io *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.glopal.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.brooktaverner.co.uk *.brooktaverner.us *.gnatta.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.ometria.com *.sweetanalytics.com *.zopim.com *.clarity.ms *.google-analytics.com brooktaverner.zendesk.com *.zdassets.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.mention-me.com *.bing.com *.bing.net *.brooktaverner.co.uk *.brooktaverner.us *.convertexperiments.com *.datadome.co *.doubleclick.net *.facebook.com *.getelevar.com *.gnatta.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.so www.google.tn www.google.tt www.google.vu *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.klaviyo.com *.sentry.io t.co *.termly.io *.twitter.com vimeo.com *.visualwebsiteoptimizer.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c07a795d-56fb-4453-8188-078c928ca0fb.sansec.watch/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com/; style-src-elem 'self' https://fonts.googleapis.com/ 'unsafe-inline'; report-to csp-reports; report-uri https://www.transact-online.co.uk/csp_reporting 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com consentcdn.cookiebot.com www.googletagmanager.com googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com * *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com *.typekit.net *.fontawesome.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com ws: *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-kOPuilLEpvxJGapzEoT8Jg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-dubMziz65maQD64jz_jkWA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-9ZjVtrCdHCN30wh6cbqr1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
worker-src blob:; form-action *.cardinalcommerce.com *.paypal.com www.sandbox.paypal.com *.amazon.com *.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.googletagmanager.com *.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.paypal.com www.sandbox.paypal.com player.vimeo.com *.google.com *.braintreegateway.com google.com js.stripe.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.net www.commercepartnerhub.com assets.braintreegateway.com plumrocket.com *.authorize.net *.artifi.net www.googleadservices.com assets.pinterest.com ct.pinterest.com www.paypalobjects.com i.liadm.com *.securly.com gateway.zscalerthree.net ep2.adtrafficquality.google 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.newrelic.com *.nr-data.net *.authorize.net *.commerce-payment-services.com *.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klaviyo.com fast.a.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.shopify.com *.sandbox.braintreegateway.com *.popt.in *.cloudflare.com celebrosnlp.com *.celebros-analytics.com *.artifi.net maps.googleapis.com www.googletagservices.com cdn.gladly.qa cdn.gladly.com *.monetate.net *.visualwebsiteoptimizer.com *.cloudfront.net s.pinimg.com bat.bing.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.pinterest.com cdn.noibu.com *.hotjar.com b-code.liadm.com secure.merchantadvantage.com *.celebros.com ep2.adtrafficquality.google static.lillianvernon.com lillianv-ac.celebros.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.lillianvernon.com/pr-csp/report/add/; report-to report-endpoint; 1
frame-ancestors 'self' etickets.infomaniak.com manager.infomaniak.com; report-uri /csp-reports; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.livechatinc.com *.plyr.io https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net https://fonts.bunny.net *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.net *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.iubenda.com *.googletagmanager.com *.pinterest.com *.livechatinc.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.klarna.com https://www.googletagmanager.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net cdn.livechat-files.com *.iubenda.com pixel.mathtag.com sync.mathtag.com *.trustedshops.com *.linkedin.com *.google.de *.facebook.net *.facebook.com *.livechatinc.com *.yahoo.com *.truoptik.com *.pinterest.com maps.gstatic.com *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.clarity.ms *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com api.braintreegateway.com client-analytics.braintreegateway.com *.adobedtm.com *.iubenda.com chimpstatic.com *.roomvo.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.klarna.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ downloads.mailchimp.com *.list-manage.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com *.avada.io *.alothemes.com *.magepow.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com cdn.klarna.com jsctool.com d.payla.io c.paypal.com pay.google.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets-qa.trustedshops.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net https://fonts.bunny.net *.alothemes.com *.magepow.com d.ratepay.com d.payla.io dr.payla.io assets.braintreegateway.com *.googleapis.com *.gstatic.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.clarity.ms api.braintreegateway.com client-analytics.braintreegateway.com *.google-analytics.com *.gstatic.com *.googletagmanager.com cdn.eye-able.com *.iubenda.com *.roomvo.com chimpstatic.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.linkedin.oribi.io *.linkedin.com *.klarnaevt.com *.klarna.com *.noembed.com *.plyr.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.etrusted.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://integrations.etrusted.site landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7t6ooXqOc5BypfmHhx2MRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.houseofwine.gr *.fontawesome.com https://fonts.bunny.net *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.vivapayments.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.findbar.io https://www.googletagmanager.com https://www.facebook.com *.houseofwine.gr *.google.gr *.googleadservices.com *.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.vivapayments.com *.findbar.io https://www.googletagmanager.com http://www.googletagmanager.com https://connect.facebook.net *.houseofwine.gr https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.findbar.io *.houseofwine.gr https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.findbar.io *.houseofwine.gr *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.findbar.io https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://www.facebook.com https://graph.facebook.com *.houseofwine.gr https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-38a7b59e13a54fa2a28de6545e054974'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-38a7b59e13a54fa2a28de6545e054974'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=145-3917136-4137906:rid=C4576334119545A8B8EF:sn=www.amazongamestudios.com 1
object-src 'none';base-uri 'self';script-src 'nonce-CQgIuL20VYS2F_8AWPm6ig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://prototype.local.next.helmholtz-munich.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' https://*.dzd-ev.de https://images.admiralcloud.com https://prototype.local.next.helmholtz-munich.de; base-uri 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://view.genial.ly https://view.genially.com https://spenden.twingle.de; connect-src 'self' https://*.dzd-ev.de wss://*.dzd-ev.de/ https://sentry2.in2code.de/api/62/security/ wss://prototype.local.next.helmholtz-munich.de/ https://hmwa.helmholtz-munich.de https://spenden.twingle.de; style-src 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://prototype.local.next.helmholtz-munich.de 'report-sample'; script-src-elem 'self' https://*.dzd-ev.de https://prototype.local.next.helmholtz-munich.de https://hmwa.helmholtz-munich.de https://spenden.twingle.de 'report-sample'; font-src 'self' https://*.dzd-ev.de https://prototype.local.next.helmholtz-munich.de; report-uri https://sentry2.in2code.de/api/62/security/?sentry_key=c8671bb1cf909cd134a5b859fc8d36e1 1
font-src *.googleapis.com *.gstatic.com https://widgets.trustedshops.com fonts.gstatic.com https://x.klarnacdn.net *.getflowbox.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.trustpilot.com widget.trustpilot.com creativecdn.com www.googletagmanager.com consentcdn.cookiebot.com td.doubleclick.net sts.buddhatobuddha.com ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com inv-nets.admixer.net us.ck-ie.com www.facebook.com www.google.nl bat.bing.com t.squeezely.tech imgsct.cookiebot.com sync.e-planning.net sync.console.adtarget.com.tr onetag-sys.com cm.mgid.com s-cs.rmp.rakuten.com region1.analytics.google.com region1.google-analytics.com sync.connectad.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com https://js.klarna.com https://js.playground.klarna.com *.getflowbox.com widget.trustpilot.com integrations.etrusted.com connect.getflowbox.com v1.widget.futy.io invitejs.trustpilot.com consent.cookiebot.com connect.facebook.net static.hotjar.com s.pinimg.com www.dwin1.com squeezely.tech creativecdn.com bat.bing.com consentcdn.cookiebot.com ct.pinterest.com static.buckaroo.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com tagmanager.google.com fonts.google.com https://x.klarnacdn.net *.getflowbox.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://js.playground.klarna.com https://*.klarnaevt.com https://*.playground.klarnaevt.com *.getflowbox.com region1.analytics.google.com api.widget.futy.io widget.trustpilot.com consentcdn.cookiebot.com ct.pinterest.com sts.buddhatobuddha.com www.google.com pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.buddhatobuddha.com *.buddhatobuddha.com bat.bing.com bat.bing.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;   connect-src https: ws://10.1.13.34;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;   font-src https: 'self' data:;   img-src 'self' data: https: https://zradio.org;   style-src 'self' https: 'unsafe-inline';   object-src 'none';   frame-src 'self' blob:;   report-uri https://csp.zradio.org/ 1
frame-ancestors 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-KTfDGuhIx8hYdaMsBkkSXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/health_google 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.globalpay.com https://fonts.gstatic.com *.pricespider.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://plumrocket.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.globalpay.com *.pricespider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com *.pricespider.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.pricespider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://google.com/pay *.pricespider.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xDX5vpgajyU85dOxMavq0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://*.gstatic.com https://*.google.com *.hubspot.com *.facebook.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.facebook.net https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.hubapi.com *.facebook.com static.hsappstatic.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sift.com www.googletagmanager.com analytics.tiktok.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net us1.clevertap-prod.com cdnjs.cloudflare.com/ajax/libs/jqueryui-touch-punch/ sc-static.net www.google-analytics.com s.axon.ai static.ads-twitter.com cdn-public.liftoffintl.io tr.snapchat.com *.applovin.com static.opentok.com d2r1yp2w7bby2u.cloudfront.net www.google.com www.gstatic.com unpkg.com/web-vitals@5.0.1/ cdnjs.cloudflare.com/ajax/libs/intl-tel-input/; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com; img-src * 'self' data: ph-profile-photo.s3.amazonaws.com hexagon-analytics.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' *.pubnub.com *.snapchat.com analytics.google.com analytics.tiktok.com www.facebook.com b.applovin.com analytics-ipv6.tiktokw.us analytics.liftoff.io bat.bing.com hlg.tokbox.com www.google-analytics.com www.google.com stats.g.doubleclick.net re.applovin.com api-standard.opentok.com config.opentok.com graph.facebook.com *.analytics.google.com *.prod.tokbox.com www.googletagmanager.com api.airbrake.io bat.bing.net wss://*.media.prod.tokbox.com ph-profile-photo.s3.amazonaws.com; media-src * 'self'; child-src blob:; frame-src tr.snapchat.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com open.spotify.com; worker-src 'self' blob:; report-uri https://siteuri.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' d.bongo4u.com; script-src 'self' data: 'unsafe-inline' d.bongo4u.com blob: 'unsafe-eval' bongo4u.com *.bongo4u.com *.emerge2.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com chimpstatic.com *.ipify.org jsonip.com *.amazonaws.com/downloads.mailchimp.com/ *.jquery.com *.hotjar.com acsbapp.com *.bootstrapcdn.com googleads.g.doubleclick.net *.elfsight.com *.createsend1.com *.roomvo.com; connect-src 'self' data: 'unsafe-inline' d.bongo4u.com comments.emerge2.com util.emerge2.com bongo4u.com *.emerge2.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com acsbapp.com *.acsbapp.com *.elfsight.com createsend.com *.ipify.org *.mailchimp.com *.catalog-display.com *.roomvo.com *.opencagedata.com *.googleusercontent.com; frame-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.google.com *.google.ca *.googleapis.com *.googletagmanager.com *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.adobe.com *.hotjar.com *.storefrontcloud.io *.roomvo.com *.loom.com; object-src 'self' data: 'unsafe-inline' d.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src 'self' https: data: blob: d.bongo4u.com *.bongo4u.com *.ytimg.com *.orgill.com android-webview-video-poster; media-src 'self' https: data: d.bongo4u.com; style-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.bongo4u.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.cloudflare.com/ajax/libs/; font-src 'self' data: 'unsafe-inline' d.bongo4u.com *.googleapis.com fonts.gstatic.com *.bootstrapcdn.com fonts.cdnfonts.com *.googleusercontent.com *.cloudflare.com/ajax/libs/ *.hotjar.com *.acsbapp.com;  report-uri https://util.emerge2.com/csp_violations_tracker.php; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ucDaDiq7VKND3-ooua_z9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com assets.reviews.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 1merchantacsstag.cardinalcommerce.com payments.securetrading.net *.cardinalcommerce.com *.securetrading.net *.trustpayments.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://js.mollie.com account.fetchify.com *.securetrading.net *.trustpayments.com brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com *.secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.mastercard.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.doofinder.com https://s3.amazonaws.com https://aggregate-imgs.s3.eu-north-1.amazonaws.com https://fsc-images.s3.eu-north-1.amazonaws.com magefan.com cm.magefan.com https://images.unsplash.com www.google.co.uk assets.reviews.io c.clarity.ms *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.doofinder.com https://js.mollie.com https://*.ngrok.app https://maps.googleapis.com cdn-eu.pagesense.io *.clarity.ms widget.reviews.co.uk seal.digicert.com *.zoho.eu gtm.adt313.net googletagmanager.com static.cloudflareinsights.com self unsafe-inline webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com *.trustpayments.com *.securetrading.net pay.google.com *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com cc-cdn.com maxcdn.bootstrapcdn.com assets.reviews.io data: *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com https://*.fero.com https://*.ngrok.app wss://*.ngrok.app wss://fero.ngrok.app:3000/ws api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://maps.googleapis.com https://player.vimeo.com stats.g.doubleclick.net cnv.adt623.net log.adtraction.fail api.reviews.co.uk pagesense-collect.zoho.eu salesiq.zohopublic.eu googleads.g.doubleclick.net *.zoho.eu o402164.ingest.sentry.io *.cardinalcommerce.com google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ bolt-cover-assets.s3.eu-west-1.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5138b325-f342-4866-ad48-54385dfcfca7.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://maps-api-ssl.google.com https://www.youtube.com https://*.matomo.cloud https://letscast.fm https://cdn.weglot.com https://download.digiaccess.org https://recaptcha.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://assets.familienservice.de https://*.eye-able.com https://maps.google.com https://player.vimeo.com https://maps.googleapis.com https://googleads.g.doubleclick.net; script-src-elem 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.eye-able-cdn.com https://*.eye-able.com https://*.letscast.fm https://letscast.fm https://www.recaptcha.net https://www.gstatic.com https://cdn.weglot.com https://cdn.matomo.cloud https://*.digiaccess.org https://familienservice.matomo.cloud https://*.eye-able-cdn.com www.google.com; style-src-elem 'self' 'unsafe-inline' https://*.eye-able-cdn.com https://*.eye-able.com https://*.letscast.fm https://letscast.fm https://cdn.weglot.com assets.familienservice.de www.googletagmanager.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://letscast.fm cdn.weglot.com https://*.eye-able-cdn.com https://*.eye-able.com https://assets.familienservice.de https://fonts.googleapis.com;object-src 'none';frame-src 'self' https://www.yumpu.com https://www.googletagmanager.com https://www.youtube.com *.recaptcha.net *.google.com recaptcha.net https://*.vimeo.com/ https://letscast.fm;child-src 'self';img-src 'self' https://*.eye-able-cdn.com https://*.eye-able.com https://familienservice.matomo.cloud https://googleads.g.doubleclick.net https://maps-api-ssl.google.com https://www.google.de https://www.google.ie https://www.google.it https://www.google.at https://www.googletagmanager.com data: www.familienservice.de https://google.de https://www.google.de https://www.google.com https://*.letscast.fm www.gstatic.com/recaptcha https://userlike-cdn-operators.userlike.com/ https://*.eye-able-cdn.com https://*.eye-able.com https://maps.gstatic.com https://maps.google.com;font-src 'self' https://userlike-cdn-umm.b-cdn.net https://fonts.gstatic.com;connect-src 'self' wss://umd.userlike.com/ https://google.com https://cdn-api-weglot.com https://assets.familienservice.de/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com https://*.matomo.cloud https://stats.g.doubleclick.net https://*.analytics.google.com https://www.google.com https://letscast.fm *.weglot.com api.digiaccess.org https://maps.googleapis.com;manifest-src 'self';base-uri 'self';form-action 'self' https://*.cleverreach.com;media-src 'self' data www.familienservice.de;prefetch-src 'self';worker-src 'self' www.recaptcha.net; report-uri https://csplog-www-production.familienservice.de/log; report-to reporter 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-l7NheefpNWqN3GSbXu0tvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-9PoLa6jSmik6f5w9yL1aZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'  blob: localhost host.docker.internal:59000 unpkg.com cdn.jsdelivr.net *.githubusercontent.com *.hellobar.com *.googletagmanager.com *.google-analytics.com *.totalenergies.be *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com *.my.salesforce-scrt.com *.bing.com *.google.com *.googleapis.com *.doubleclick.net *.trustcommander.net *.youtube.com maps.gstatic.com *.lampiris.be *.optimizely.com *.amazonaws.com *.contentsquare.net *.pinimg.com *.sentry-cdn.com *.trustcommander.net *.pingdom.net *.facebook.net *.pinterest.com *.agconsult.com *.alchemer.eu *.teads.tv *.outbrain.com *.adlooxtracking.com *.licdn.com *.aticdn.net 1
default-src 'self'; report-uri https://pointsbet.com.au/_report/csp; script-src 'nonce-NGRmYjJlMGIxYQ/ZDFhYWQ3N2UyOTMwMTg=' 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' http:; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://use.fontawesome.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://heapanalytics.com https://*.googletagmanager.com https://paywithmybank.com https://*.sportradar.com https://*.pointsbet.com https://*.pointsbet.com.au https://pointsbet.com https://www.gstatic.com https://pointsbet.com.au:*; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.braze.com https://api.segment.io https://bat.bing.com/actionp/0 https://bpoint.linkly.com.au https://cdn.segment.com https://dc.services.visualstudio.com https://heapanalytics.com https://obs.cheqzone.com/ct https://*.g.doubleclick.net https://us-central1-adaptive-growth.cloudfunctions.net https://*.google-analytics.com https://*.googletagmanager.com https://ekr.zdassets.com https://*.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io wss://api.smooch.io https://*.zopim.com wss://*.zopim.com wss://*.zendesk.com https://*.jwpsrv.com https://*.jwplayer.com https://*.jwpltx.com https://www.facebook.com https://www.redditstatic.com https://*.reddit.com https://prompts.maze.co *.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com *.cardinalcommerce.com https://*.akamaized.net https://*.sportradar.com https://*.snapchat.com https://*.paypal.com https://clientresauprodyol0stntm.blob.core.windows.net https://*.pointsbet.com https://*.pointsbet.com.au wss://*.pointsbet.com wss://*.pointsbet.com.au https://pointsbet.com https://analytics.twitter.com https://t.co https://www.googleadservices.com https://gateway.pmnts.io https://pixels.spotify.com ws://localhost https://*.googleapis.com:* https://insight.adsrvr.org:* https://analytics.tiktok.com:* cloudflareinsights.com https://ad.doubleclick.net:* https://*.google.com:* https://*.google.co.us:* https://*.google.com.us:* https://*.google.us:* https://pointsbet.com.au:* https://*.tiktokw.us:* wss://*.sportradar.com http://localhost:* https://js.monitor.azure.com https://px.adentifi.com; font-src 'self' https://applepay.cdn-apple.com https://*.hotjar.com https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com data: chrome-extension: ms-browser-extension https://cdn-uicons.flaticon.com https://cdnjs.cloudflare.com moz-extension; frame-src 'self' * https://pointsbet.com.au:*; img-src 'self' blob: data: https://*.hotjar.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://analytics.twitter.com https://bat.bing.com https://heapanalytics.com https://t.co https://tr.snapchat.com https://google.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://static.zdassets.com https://*.zendesk.com https://media.smooch.io https://*.zdusercontent.com https://v2assets.zopim.io https://*.adentifi.com https://*.jwplayer.com https://*.jwpltx.com https://www.facebook.com https://alb.reddit.com assets.braintreegateway.com *.paypal.com https://*.sportradar.com https://fonts.gstatic.com www.paypalobjects.com https://*.jwpsrv.com appboy-images.com braze-images.com cdn.braze.eu https://*.pointsbet.com.au https://pointsbet.com http://*.pointsbet.com https://analytics.tiktok.com https://i.ytimg.com https://www.gravatar.com https://*.google.com:* https://*.google.co.us:* https://*.google.com.us:* https://*.google.us:* https://pointsbet.com.au:* https://f.performlt.com https://clientresauprodyol0stntm.blob.core.windows.net https://www.googleadservices.com https://*.adsrvr.org:* https://*.tiktokw.us:* https://*.bidswitch.net:*; manifest-src 'self'; media-src 'self' blob: https://*.jwpsrv.com https://*.akamaized.net https://static.zdassets.com https://*.jwplayer.com https://*.jwpltx.com https://ssl.gstatic.com; worker-src 'self' blob:; child-src *.paypal.com assets.braintreegateway.com; form-action *; report-to csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-N8GmJ88aug2dAvxpBnY0WQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' blob: data: https://ad.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://lhr1.qualtrics.com https://maps.googleapis.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://s3.amazonaws.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://storage.googleapis.com https://translate.google.com https://wpm.ccmp.eu https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.co.id https://www.google.co.in https://www.google.co.ke https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.cy https://www.google.com.gi https://www.google.com.hk https://www.google.com.mt https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.it https://www.google.je https://www.google.kz https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; script-src-elem 'self' 'unsafe-inline' blob: https://app.optimizely.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.gbqofs.com https://cdn.jsdelivr.net https://cdn.optimizely.com https://cdn3.optimizely.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://js.monitor.azure.com https://maps.googleapis.com https://me.kis.v2.scr.kaspersky-labs.com https://sc-static.net https://script.infinity-tracking.com https://siteintercept.qualtrics.com https://snap.licdn.com https://unpkg.com https://web-sdk-eu.aptrinsic.com https://widget.trustpilot.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zn7umza3pq82vcil4-nfumutual.siteintercept.qualtrics.com; worker-src 'self' blob:; script-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://cdn.cookielaw.org https://cdn.gbqofs.com https://cdn.jsdelivr.net https://cdn.optimizely.com https://cdnjs.cloudflare.com https://connect.facebook.net https://js.monitor.azure.com https://maps.googleapis.com https://rialto-gms.s3.amazonaws.com https://script.infinity-tracking.com https://siteintercept.qualtrics.com https://snap.licdn.com https://widget.trustpilot.com https://www.clickcease.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zn7umza3pq82vcil4-nfumutual.siteintercept.qualtrics.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://ff.kis.v2.scr.kaspersky-labs.com https://fonts.googleapis.com https://gc.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; connect-src 'self' data: wss: https://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://bat.bing.com https://bat.bing.net https://c1001.report.gbss.io https://cdn.cookielaw.org https://esp-eu.aptrinsic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fts.lon.infinity-tracking.com https://geolocation.onetrust.com https://ict.infinity-tracking.net https://logx.optimizely.com https://maps.googleapis.com https://maps.gstatic.com https://monitor.clickcease.com https://nas.lon.infinity-tracking.com https://pagead2.googlesyndication.com https://privacyportal-eu.onetrust.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://rum.optimizely.com https://s.qualtrics.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://tapi.optimizely.com https://translate-pa.googleapis.com https://translate.googleapis.com https://web.lon.infinity-tracking.com https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://www.google.co.in https://www.google.co.nz https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.co https://www.google.com.hk https://www.google.com.ng https://www.google.com.ph https://www.google.com.sg https://www.google.de https://www.google.es https://www.google.fr https://www.google.gg https://www.google.ie https://www.google.im https://www.google.je https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com; frame-src 'self' http://13822689.fls.doubleclick.net.x.7fb9ff97023e304fe5089b604f226d2e776e.d0452329.id.opendns.com http://8047475.fls.doubleclick.net.x.6c605f67053a9048aa09deb0691692c92a11.d0452329.id.opendns.com http://td.doubleclick.net.x.a59ad4430722e043e60b0370fb79dd7e0a94.d045227d.id.opendns.com https://11385707.fls.doubleclick.net https://13822689.fls.doubleclick.net https://8047475.fls.doubleclick.net https://a22654210373.cdn.optimizely.com https://login.microsoftonline.com https://nfumutual.qualtrics.com https://td.doubleclick.net https://toolkit.financialexpress.net https://widget.trustpilot.com https://www.google.com https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; font-src 'self' data: https://app.optimizely.com https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://use.fontawesome.com https://use.typekit.net; media-src 'self' data:; default-src 'self' https: wss:; base-uri 'self'; child-src 'self'; form-action 'self' https://nfumutual.qualtrics.com; frame-ancestors 'self'; manifest-src 'self' https://www.nfumutual.co.uk; object-src 'self'; 1
default-src 'self'; script-src 'self' https://euc-widget.freshworks.com https://cdn.polyfill.io; style-src 'self' https://euc-widget.freshworks.com; connect-src 'self'; img-src 'self' data: https://images.ctfassets.net; base-uri 'self'; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/friendly-challenge@0.9.8/widget.module.min.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.matomo.cloud https://juwi.matomo.cloud https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://snap.licdn.com/li.lms-analytics/insight.min.js 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' https://juwi.matomo.cloud https://imgsct.cookiebot.com/ https://tile.openstreetmap.org https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect data:; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube-nocookie.com https://www.facebook.com; media-src 'self'; style-src 'self' 'unsafe-inline' https://juwi.matomo.cloud https://unpkg.com 'report-sample'; font-src 'self'; worker-src 'self' blob: 'report-sample'; connect-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://juwi.matomo.cloud https://api.friendlycaptcha.com https://api.friendlycaptcha.com/api/v1/puzzle https://www.facebook.com/privacy_sandbox/topics/registration/ https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/; report-uri https://www.juwi.de/@http-reporting?csp=report&requestTime=1773712152599207&requestHash=463a7a7af1f348a702f9be613fa66dfbb2ca6da3 1
default-src 'self'; 		script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' *.epichosted.com *.smilegenerationmychart.com *.gstatic.com *.vimeo.com *.onetrust.com adobedc.demdex.net assets.adobedtm.com cdn.cookielaw.org service.force.com www.datadoghq-browser-agent.com *.salesforceliveagent.com maps.googleapis.com static.cloud.coveo.com js.web-2-tel.com www.youtube.com e.issuu.com cdnjs.cloudflare.com cdn.userway.org gallery-prod8.sprinklr.com platform.twitter.com 'unsafe-inline'; 		connect-src 'self' 'wasm-unsafe-eval' *.onetrust.io *.userway.org *.gstatic.com *.onetrust.com adobedc.demdex.net cdn.plot.ly *.vimeo.com *.coveo.com api.geoapify.com *.googleapis.com edge.adobedc.net js.web-2-tel.com cdn.cookielaw.org rum.browser-intake-datadoghq.com data:; 		img-src 'self' *.day.com *.userway.org *.smilegeneration.com i.ytimg.com i.vimeocdn.com s7d9.scene7.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com 1.smilegeneration.com image.isu.pub thumb.sprinklr.com data: blob: 'unsafe-inline'; 		frame-src 'self'  *.google.com *.epichosted.com *.smilegenerationmychart.com e.issuu.com player.vimeo.com www.youtube.com service.force.com; 		style-src 'self' *.epichosted.com *.smilegenerationmychart.com service.force.com e.issuu.com *.userway.org gallery-prod8.sprinklr.com static.cloud.coveo.com fonts.googleapis.com 'unsafe-inline'; 		font-src 'self' *.userway.org fonts.gstatic.com static.isu.pub platform.twitter.com storage.googleapis.com *.coveo.com *.sfdcstatic.com data:; 		worker-src blob:; 		frame-ancestors 'self' https://www.smilegenerationmychart.com https://mychart-np.et1079.epichosted.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-4uXS9drlIjixA_AKSGCnhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com https://static.afterpay.com https://site-assets.afterpay.com/ maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com accounts.google.com maps.googleapis.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com accounts.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://www.youtube.com https://ct.pinterest.com https://pixel-sync.sitescout.com *.pitai.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com https://extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com magefan.com cm.magefan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com www.mypillow.com https://www.mypillow.com https://trkn.us https://bat.bing.com https://obs.segreencolumn.com https://pixel.sitescout.com *.riskified.com *.pitai.io *.listrakbi.com https://mediacdn.espssl.com *.google.com *.google.pl https://static-na.payments-amazon.com https://t.co/ https://analytics.twitter.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net data: *.mypillow.com *.listrakbi.com https://bat.bing.com https://analytics.tiktok.com *.zdassets.com https://www.youtube.com https://sdk.helloextend.com https://static.cloudflareinsights.com https://script.hotjar.com *.listrak.com https://s.pinimg.com https://www.google-analytics.com/analytics.js https://obs.segreencolumn.com https://franktpin.pitai.io https://beacon.riskified.com https://tags.srv.stackadapt.com *.basis.net https://ct.pinterest.com https://pixel-sync.sitescout.com https://a.ads.rmbl.ws https://sandbox-api.epicpay.com *.hotjar.com *.noibu.com *.segreencolumn.com https://static.ads-twitter.com/ https://api.epicpay.com/ https://maps.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com https://tags.srv.stackadapt.com *.listrakbi.com https://kit.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net https://input.noibu.com https://obs.segreencolumn.com wss://input.noibu.com *.zdassets.com *.analytics.google.com https://ct.pinterest.com *.pitai.io *.listrak.com *.listrakbi.com https://tags.srv.stackadapt.com *.riskified.com *.breadgateway.net *.doubleclick.net *.hotjar.io https://bat.bing.com wss://ws.hotjar.com/ https://mystorellc.zendesk.com/ https://maps.googleapis.com/ https://cdn.noibu.com/collect-worker.js 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce--ipnXlyhG2Uwkna4yBL7jj77Zc9Axml69hzSB-ciiuXFfn41uRsalQ' data: https://*.openstreetmap.org 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://piwik.bbaw.de 'sha256-QJhK1t3PbpK4R2y7PrGp942vSpP4VEqfbTkFYEs1yjo=' 'sha256-PKMHQiOkpruXTmR/PCNVaFPE4Rewld/oFM5wp7y0qDc=' 'sha256-F9F0yaA4wMQxEX8h0sM3s1eVneKs7Zy5wY60XzkFiuY=' 'sha256-Woav+1MZpih8Q/UI5sY34DVZwjGLaXtzjtYjzaXGnuo=' 'sha256-A1KDZ6CTgI16YJ4cUNyyCFExM5+Sv4ApvahuZIQRXPA=' 'sha256-iA14rSZJnceodOBl+eFqe/5nM4VjszKoqH4SkTA7pVA=' blob: 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.ytimg.com https://*.vimeocdn.com https://vimeo.com https://*.bbaw.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com https://vimeo.com; style-src-elem 'self' 'nonce--ipnXlyhG2Uwkna4yBL7jj77Zc9Axml69hzSB-ciiuXFfn41uRsalQ' 'sha256-F9F0yaA4wMQxEX8h0sM3s1eVneKs7Zy5wY60XzkFiuY=' 'sha256-QJhK1t3PbpK4R2y7PrGp942vSpP4VEqfbTkFYEs1yjo=' 'sha256-PKMHQiOkpruXTmR/PCNVaFPE4Rewld/oFM5wp7y0qDc=' 'sha256-Woav+1MZpih8Q/UI5sY34DVZwjGLaXtzjtYjzaXGnuo=' 'sha256-A1KDZ6CTgI16YJ4cUNyyCFExM5+Sv4ApvahuZIQRXPA=' 'sha256-iA14rSZJnceodOBl+eFqe/5nM4VjszKoqH4SkTA7pVA=' 'report-sample'; connect-src 'self' data: https://*.openstreetmap.org https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.bbaw.de blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; worker-src 'self' 'nonce--ipnXlyhG2Uwkna4yBL7jj77Zc9Axml69hzSB-ciiuXFfn41uRsalQ' data: https://*.openstreetmap.org 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://piwik.bbaw.de 'sha256-QJhK1t3PbpK4R2y7PrGp942vSpP4VEqfbTkFYEs1yjo=' 'sha256-PKMHQiOkpruXTmR/PCNVaFPE4Rewld/oFM5wp7y0qDc=' 'sha256-F9F0yaA4wMQxEX8h0sM3s1eVneKs7Zy5wY60XzkFiuY=' 'sha256-Woav+1MZpih8Q/UI5sY34DVZwjGLaXtzjtYjzaXGnuo=' 'sha256-A1KDZ6CTgI16YJ4cUNyyCFExM5+Sv4ApvahuZIQRXPA=' 'sha256-iA14rSZJnceodOBl+eFqe/5nM4VjszKoqH4SkTA7pVA=' blob:; form-action 'self'; report-uri https://www.ethikrat.org/@http-reporting?csp=report&requestTime=1773714823182427&requestHash=99b4cc73bce9378f9180008247ae28b7b7c48f89 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1Z3NZVmKrj8i9HFpa6u9Ew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'none';script-src 'unsafe-eval' 'self' https://connect.facebook.net https://*.qualtrics.com https://*.googleapis.com https://www.google.com https://*.clarity.ms https://js.arcgis.com https://www.gstatic.com https://*.sawater.com.au https://squizlabs.github.io https://www.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://analytics.google.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://js.arcgis.com https://*.sawater.com.au https://squizlabs.github.io https://fonts.googleapis.com;img-src 'self' data: blob: https://*.gstatic.com https://*.geohub.sa.gov.au https://www.google.com https://*.sawater.com.au https://squizlabs.github.io https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com;font-src 'self' https://js.arcgis.com https://*.sawater.com.au https://*.gstatic.com https://fonts.googleapis.com;connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.geohub.sa.gov.au https://*.qualtrics.com https://*.clarity.ms https://js.arcgis.com https://*.sawater.com.au https://www.googletagmanager.com https://maps.googleapis.com https://analytics.google.com;frame-src 'self' https://*.sawater.com.au https://www.googletagmanager.com https://maps.googleapis.com;worker-src 'self' https://*.sawater.com.au blob:;base-uri 'self';form-action 'self' https://*.sawater.com.au;media-src 'self' https://*.sawater.com.au;object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.core.windows.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com magefan.com cm.magefan.com *.core.windows.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io widget.freshworks.com m2epro.freshdesk.com *.core.windows.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl widget.freshworks.com m2epro.freshdesk.com *.core.windows.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com widget.freshworks.com m2epro.freshdesk.com *.core.windows.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e30f6215-74d1-4da1-8d7d-134f535ab5ab.sansec.watch/; report-to report-endpoint; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://clients2.google.com/gr/gr_full_2.0.6.js https://clients2.google.com/gr/gr_sync.js https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_ZA.3jxIv6s2fKQ.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 1
script-src 'self' https: https://www.google-analytics.com https://cdn.amplitude.com 'unsafe-eval' 'unsafe-inline' data: 'nonce-0yYmsVq5S/JC74WeAN3TTA=='; worker-src blob: data:; report-uri https://us.sentry.io/api/4506690010480640/security/?sentry_key=aab2498373841041d6b48d721aefbdc1&sentry_environment=production&sentry_release=6e5e852657c55fe7ba5ce5e4a9992856dde8e466 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.yotpo.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.yotpo.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';connect-src 'self' https: ws: wss: blob: data:;frame-ancestors 'self' https://*.enkatfabriken.com https://enkatfabriken.com;frame-src 'self' http://www.youtube.com https://*.imbox.io https://*.klarna.com https://*.youtube.com https://*.visualwebsiteoptimizer.com https://11004371.fls.doubleclick.net https://app.vwo.com https://cancerfonden.atlassian.net https://consentcdn.cookiebot.com https://filterly.cancerfonden.se https://iframely.shorthand.com https://js.stripe.com https://osm.klarnaservices.com https://tr.snapchat.com https://www.googletagmanager.com https://www.youtube-nocookie.com;img-src 'self' data: blob: https: http://res.cloudinary.com;media-src 'self' https:;script-src 'nonce-JBFx3xb158Gz6tVRtl4Dtw==' 'strict-dynamic' 'unsafe-eval' 'self' https://*.cookiebot.com https://*.imbox.io https://*.visualwebsiteoptimizer.com https://analytics.tiktok.com https://app.vwo.com https://bat.bing.com https://cancerfonden.atlassian.net https://cancerfonden.shorthandstories.com https://cdn.amcharts.com https://d3mi6d1ao3fzsg.cloudfront.net https://googleads.g.doubleclick.net https://iframely.shorthand.com https://js.stripe.com https://sc-static.net https://script.hotjar.com https://snap.licdn.com https://tr.snapchat.com https://www.googletagmanager.com https://www.youtube.com https://x.klarnacdn.net;style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cancerfonden.shorthandstories.com https://www.gstatic.com;font-src 'self' https: data:;worker-src 'self' blob:;report-uri /csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com *.googleapis.com *.cloudflare.com *.google-analytics.com *.twitter.com *.twimg.com *.global-e.com *.yotpo.com *.klevu.com data: *.mention-me.com *.daylesford.com *.ksearchnet.com *.fontawesome.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com *.twitter.com *.bglobale.com *.hotjar.com *.hotjar.io *.duel.me *.vimeo.com *.shipperhq.com *.ometria.com *.ometria.email *.addtoany.com/ *.pinterest.com *.visualwebsiteoptimizer.com *.daylesford.com *.cookiebot.com *.luckyorange.com *.googletagmanager.com *.mention-me.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com https://*.gstatic.com *.googleapis.com *.cloudflare.com *.google.com *.google.co.uk maps.googleapis.com *.google-analytics.com *.googleadservices.com *.global-e.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.ometria.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.daylesford.com *.kaltura.com *.pinterest.com *.facebook.net *.facebook.com *.sendtric.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.pushcrew.com wingify-assets.s3.amazonaws.com chart.googleapis.com *.rakuten.com track.linksynergy.com *.cookiebot.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com *.luckyorange.com *.ksearchnet.com *.contentsquare.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://maps.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.gtm.daylesford.com maps.googleapis.com *.twitter.com *.twimg.com *.bglobale.com *.yotpo.com js-agent.newrelic.com *.doubleclick.net *.ometria.com *.hotjar.com *.hotjar.io *.duel.me *.postcodeanywhere.co.uk *.pcapredict.com *.shipperhq.com *.zdassets.com www.bugherd.com *.klevu.com *.addtoany.com *.zendesk.com *.kaltura.com *.pinterest.com *.pinimg.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.pushcrew.com *.rakuten.com track.linksynergy.com *.adobedtm.com *.googleadservices.com *.cookiebot.com tagmanager.google.com *.disqus.com 'unsafe-eval' gtm.daylesford.com tools.luckyorange.com loader.usehero.com cdn.usehero.com *.contentsquare.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com *.mention-me.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'self' data: *.twitter.com *.typekit.net *.twimg.com getfirebug.com *.yotpo.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.myfonts.net *.zendesk.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.pushcrew.com s3.amazonaws.com *.rakuten.com track.linksynergy.com *.daylesford.com *.cookiebot.com tagmanager.google.com fonts.google.com tools.luckyorange.com *.ksearchnet.com *.adyen.com https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com/ *.zendesk.com *.kaltura.com *.daylesford.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.cloudflare.com *.google-analytics.com *.twitter.com *.twimg.com *.yotpo.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.postcodeanywhere.co.uk *.shipperhq.com wss://rms.shipperhq.com wss://widget-mediator.zopim.com *.zdassets.com *.ksearchnet.com *.zendesk.com *.pinterest.com *.sendtric.com *.yes track.linksynergy.com *.daylesford.com *.cookiebot.com *.googlesyndication.com *.analytics.google.com *.googletagmanager.com *.luckyorange.com dev.visualwebsiteoptimizer.com api.usehero.com *.contentsquare.net api.addressy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-yXiIPmZrPtK0Sn/FOvB8+VvUhIk=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
default-src 'self' https://js.intercomcdn.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://trusted.cdn.com https://www.googletagmanager.com https://connect.facebook.net https://gtm.billo.app https://script.tapfiliate.com https://consent.cookiebot.com https://static.hotjar.com https://widget.intercom.io https://bat.bing.com https://snap.licdn.com https://analytics.tiktok.com https://www.googleadservices.com https://www.clarity.ms https://js.intercomcdn.com https://cdn.mxpnl.com https://static.klaviyo.com https://dev.visualwebsiteoptimizer.com https://widget.trustpilot.com https://api-iam.intercom.io/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://code.jquery.com/ https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' data: https://stats.wp.com/ https://ddwl4m2hdecbv.cloudfront.net/ https://scripts.clarity.ms/ https://analytics.ahrefs.com/analytics.js https://www.redditstatic.com/ads/pixel.js https://trusted.cdn.com https://www.googletagmanager.com https://connect.facebook.net https://gtm.billo.app https://script.tapfiliate.com https://consent.cookiebot.com https://static.hotjar.com https://widget.intercom.io https://bat.bing.com https://snap.licdn.com https://analytics.tiktok.com https://www.googleadservices.com https://www.clarity.ms https://js.intercomcdn.com https://cdn.mxpnl.com https://static.klaviyo.com https://dev.visualwebsiteoptimizer.com https://widget.trustpilot.com https://script.hotjar.com/ https://consentcdn.cookiebot.com/ https://static-tracking.klaviyo.com/ https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://www.tiktok.com/ https://sf16-website-login.neutral.ttwstatic.com/ https://assets.calendly.com/ https://pagead2.googlesyndication.com/ https://api-iam.intercom.io/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://code.jquery.com/ https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://sf16-website-login.neutral.ttwstatic.com/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com/ https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/ https://www.youtube.com/; img-src 'self' data: https://pixel.wp.com/ https://alb.reddit.com/ https://trusted.images.com https://www.facebook.com https://www.google-analytics.com https://analytics.tiktok.com https://static.klaviyo.com https://cdn.mxpnl.com https://www.clarity.ms https://www.googleadservices.com https://secure.gravatar.com/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://www.google.com/ https://www.google.lt/ https://imgsct.cookiebot.com/ https://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ https://www.youtube.com/ https://c.clarity.ms/ https://c.bing.com https://www.googletagmanager.com/ https://i.ytimg.com/ https://bat.bing.net/ https://downloads.intercomcdn.com/ https://static.intercomassets.com/ https://js.intercomcdn.com/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://cdnjs.cloudflare.com/ https://imgsct.cookiebot.com/ https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://d3k81ch9hvuctc.cloudfront.net/; font-src 'self' data: https://fonts.gstatic.com https://static.klaviyo.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://manage.billo.app https://billo.app/ https://s.clarity.ms https://www.instagram.com https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://static.billo.app/; connect-src 'self' https://z.clarity.ms/collect https://analytics.ahrefs.com/api/event https://pixel-config.reddit.com/pixels/a2_hg53cwjcn9f1/config https://www.google-analytics.com https://gtm.billo.app https://widget.intercom.io https://analytics.tiktok.com https://cdn.mxpnl.com https://static.klaviyo.com https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://your-api-endpoint.com https://www.google.com https://px.ads.linkedin.com/ https://region1.analytics.google.com/ https://api-iam.intercom.io/ https://bat.bing.com/ wss://nexus-websocket-a.intercom.io https://a.clarity.ms/ https://consentcdn.cookiebot.com/ https://fast.a.klaviyo.com/ https://api-js.mixpanel.com/ https://static-forms.klaviyo.com/ https://www.googleadservices.com/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://bat.bing.net/ https://www.facebook.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://www.tiktok.com/ https://metrics.hotjar.io/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://a.klaviyo.com https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://analytics-ipv6.tiktokw.us/ https://www.google.lt/pagead/; frame-src 'self' https://www.youtube.com https://www.facebook.com https://widget.trustpilot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://gtm.billo.app/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://www.tiktok.com/ https://calendly.com/ http://intercom-sheets.com/ https://billo.app/ https://s.clarity.ms https://www.instagram.com https://vc.hotjar.io/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://googleads.g.doubleclick.net/ 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-8yCjyk/ut2j6MU+xETa7b7pZ'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-mmNQ7vGEIrmsRoKBhNX80Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com secure-gateway.hipay-tpp.com *.hipay.com https://www.googletagmanager.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net www.google.com *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org www.google.fr *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com polyfill.io secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com www.googletagmanager.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net cdn.jsdelivr.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net www.google.com *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googleoptimize.com *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.hipay.com *.fontawesome.com cdn.jsdelivr.net *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.criteo.net *.criteo.com *.bing.com *.facebook.net *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.doubleclick.net *.adnxs.com *.smartadserver.com *.3lift.com *.yahoo.com *.360yield.com *.outbrain.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.ad-stir.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.hipay.com wss://mpsnare.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com *.iadvize.com *.verbolia.com *.skeepers.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval' https://cmp.osano.com; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1
default-src *; script-src *; style-src *; img-src *; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.gstatic.com hooks.stripe.com *.braintreegateway.com *.kaptcha.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com bat.bing.com cdn.jsdelivr.net *.google.com *.google.de *.bitpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ landofcoder.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.cloudflareinsights.com bat.bing.com connect.facebook.net google.co.in  widget.trustpilot.com *.google.com *.gstatic.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com landofcoder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.googletagmanager.com *.youtube.com *.youtu.be 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com www.facebook.com; font-src 'self' fonts.gstatic.com; form-action 'self' *.facebook.com; frame-src 'self' https://mozbar.moz.com *.twitter.com *.facebook.com *.youtube.com; img-src 'self' blob: *.twitter.com *.facebook.com *.google-analytics.com www.googletagmanager.com data:; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'sha256-t7PRulDBsBN40urjjgytSFhjqGMYT5Kl3fdRE2ubvSE='  'sha256-vL/UzBZz8IbbPTmdNOgTwTx9iMwsGVM+gcN65JsVkDs=' 'sha256-S0XUzHZoDoB9/hx7r05o2BA44KqBY0GRS7uUeOn7m6w=' 'sha256-HKRD3wb0LE1gQr+YGmAPtJeS7e6cc/VmvLqzykg7RC4=' 'sha256-uFV0NPG/pWXptUbx5XcwBHbhPGDxz/9Y++GGxxJ9COg=' 'sha256-Hx522ue/2keAMYU+UzkDxVexE9HoQ154EbuSno7RyXo=' 'sha256-2NqnatcPqy5jjBXalTpZyJMO/0fUaYUb3ePlviUP4II=' 'sha256-3HKyJTHCclaNd/c73eY3lARVMZ5HhgL//Z4Y9iyZwS0=' 'sha256-tz5dYCqMXXIUZgYND7s9k+WMYO0xLf1k1ao2qJ4SfIg=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k=' 'sha256-Vqqy1EC4o2NeucB3SDVgIye7XvqKdlrCBRF2Y8vEbQo=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI='  'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-Xj7O0zUcSSSgumEShX6kqyjYSm510v2xE+EL2bbKW9E=' 'sha256-sSOWNIawm+pckUcq4r55z6eSntM9zhX789Fk1No4c80=' 'sha256-JOWRgjcky15TFNId0Eriikp+RUe5xMIjiBWFj28khRI=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-Hx522ue/2keAMYU+UzkDxVexE9HoQ154EbuSno7RyXo=' 'sha256-Afstol4nLODtvjRLyF6XmhANHJHIQi+roPlGB9DC8Ho=' *.facebook.net *.twitter.com *.norton.com *.google-analytics.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'sha256-UTCVm60QfQFHVOpQI3OLoctvejHNx0+HULCqezCINhY=' 'sha256-Xj7O0zUcSSSgumEShX6kqyjYSm510v2xE+EL2bbKW9E=' 'sha256-sSOWNIawm+pckUcq4r55z6eSntM9zhX789Fk1No4c80=' 'sha256-JOWRgjcky15TFNId0Eriikp+RUe5xMIjiBWFj28khRI=' 'sha256-KjPEOuxv7NuVC7z0lYu6dL4wI0jzM3ITmXypoty3jSw=' 'sha256-VKAaJ2oQNivaQjh0ZN2vS9EPAmX80LShK/wQBqviYk4=' 'sha256-LPfty6rGPdwB3t78TnFfkcK5f0bAtVn45Lio4LNK3NI=' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://csp.isecurenet.in/_csp_exim 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: cdnjs.cloudflare.com cloud.tagbox.com *.cloudflare.com https://fonts.gstatic.com *.slant.co *.tagbox.com *.taggbox.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com challenges.cloudflare.com *.cloudflare.com maps.googleapis.com maps.gstatic.com *.pinterest.com *.snapchat.com *.tagbox.com *.taggbox.com *.twitter.com www.googletagmanager.com www.youtube.com *.googleapis.com *.google.com *.weltpixel.com *.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudflare.com fonts.googleapis.com plant.gertens.com plants.gertens.com *.qscaping.com *.snapchat.com *.tagbox.com *.taggbox.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ challenges.cloudflare.com apis.google.com cdn.jsdelivr.net cloud.tagbox.com *.cloudflare.com s.pinimg.com *.pinterest.com *.shipperhq.com sc-static.net *.snapchat.com *.tagbox.com *.taggbox.com analytics.tiktok.com *.twitter.com www.google.com www.gstatic.com assets.shipperhq.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.hsforms.net *.hsforms.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cloud.tagbox.com *.cloudflare.com https://fonts.googleapis.com maps.googleapis.com maps.gstatic.com static.klaviyo.com *.tagbox.com *.taggbox.com *.typekit.net assets.shipperhq.com https://static.klaviyo.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.cloudflare.com *.facebook.com *.klaviyo.com *.pinterest.com *.snapchat.com *.tagbox.com *.taggbox.com *.tiktok.com www.google.com rms.shipperhq.com https://rms.shipperhq.com wss://rms.shipperhq.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net ovs.shipperhq.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com https://payflowlink.paypal.com https://www.mollie.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.nrcwebwinkel.nl https://www.facebook.com https://web.facebook.com https://bid.g.doubleclick.net https://payflowlink.paypal.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://td.doubleclick.net https://www.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com flagpedia.net https://www.mollie.com www.google.com.ua www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgsct.cookiebot.com https://imgsct.cookiebot.eu https://static-na.payments-amazon.com https://www.paypalobjects.com https://m.media-amazon.com https://bat.bing.com https://www.facebook.com https://www.google.com https://google.com https://www.google.co.in https://googleads.g.doubleclick.net *.fastcloudnetwork.com https://*.hotjar.com https://dev.visualwebsiteoptimizer.com https://load.sst.nrcwebwinkel.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu https://bat.bing.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com/ https://*.voyado.com https://*.hotjar.com https://*.redeal.se https://*.privacy-center.org/ https://www.mollie.com https://dev.visualwebsiteoptimizer.com https://js-agent.newrelic.com https://load.sst.nrcwebwinkel.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://*.hotjar.com https://*.voyado.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://*.voyado.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://dev.visualwebsiteoptimizer.com https://www.mollie.com https://*.privacy-center.org https://bam.eu01.nr-data.net https://load.sst.nrcwebwinkel.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.gstatic.com https://s3-eu-west-1.amazonaws.com/globale-prod/Images/Help-Center/fonts/TitilliumWeb-Regular.ttf https://s3.global-e.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.gomoxie.solutions *.snapchat.com *.doubleclick.net *.paypalobjects.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.sprinklr.com *.global-e.com *.bglobale.com *.ietf.org *.cookielaw.org *.google.ca *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com https://static.queue-it.net https://assets.queue-it.net https://edge.adobedc.net *.global-e.com *.bglobale.com https://analytics.tiktok.com https://queue.cokestore.com https://ct.pinterest.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com *.coke.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com *.global-e.com *.bglobale.com https://cdn.userway.org d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sprinklr.com *.global-e.com *.bglobale.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com https://edge.adobedc.net *.sprinklr.com https://analytics.tiktok.com https://privacyportal.onetrust.com https://smetrics.coca-colastore.com https://gem-storefront-service-stg.bglobale.com https://webservices.global-e.com/ https://stgepi.bglobale.com https://gepi.global-e.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.doubleclick.net *.coca-cola.com *.coke.com *.b2clogin.com *.facebook.com ct.pinterest.com *.userway.org api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com vars.hotjar.com consentcdn.cookiebot.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com www.google.it www.google.de px.ads.linkedin.com *.omappapi.com *.gstatic.com *.cookiebot.com https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com unpkg.com *.doofinder.com *.hotjar.com consent.cookiebot.com *.omappapi.com static.zdassets.com snap.licdn.com consentcdn.cookiebot.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.adiacent.space *.activehosted.com js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com unpkg.com *.omappapi.com *.doofinder.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com *.doofinder.com www.google.com googleads.g.doubleclick.net *.google-analytics.com ekr.zdassets.com *.omappapi.com erreahelp.zendesk.com wss://widget-mediator.zopim.com consentcdn.cookiebot.com bam.nr-data.net *.googlesyndication.com *.clarity.ms *.linkedin.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com https://fonts.bunny.net www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.facebook.com *.arcot.com *.securesuite.co.uk *.mycardsecure.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.wlp-acs.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com *.facebook.net www.factory-direct-flooring.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.hotjar.com *.facebook.com *.addthis.com *.arcot.com *.securesuite.co.uk *.pinterest.com *.mycardsecure.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com www.youtube.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.bing.com *.pinterest.com *.google.co.uk *.limely.co.uk *.gravatar.com *.googletagmanager.com *.postcodeanywhere.co.uk *.addthis.com *.factory-direct-flooring.co.uk *.carpetworlduk.co.uk *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adobedtm.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googletagmanager.com *.facebook.net apis.google.com cdn.livechatinc.com *.hotjar.com *.bing.com *.pinimg.com *.pcapredict.com *.postcodeanywhere.co.uk *.pinterest.com *.addthis.com *.addthisedge.com *.gstatic.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.youtube.com player.vimeo.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com *.googleapis.com *.postcodeanywhere.co.uk *.gstatic.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://fonts.bunny.net assets.braintreegateway.com *.trustpilot.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com *.google.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googleapis.com *.pinterest.com *.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.postcodeanywhere.co.uk *.facebook.com *.doubleclick.net *.bing.com *.addthis.com *.reviews.co.uk api.amplitude.com stats.g.doubleclick.net www.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.plyr.io noembed.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.factory-direct-flooring.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://factorydirectflooring.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com api.mapbox.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-P/AHe5MHm9khAH7EUgHn1A=='; report-uri https://send.hsbrowserreports.com/csp/report 1
object-src  'none'; connect-src 'self' *.girlsway.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.girlsway.com join.gammasecure.com; script-src 'self' *.girlsway.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.girlsway.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src www.paypalobjects.com *.affilitizer.com *.googleusercontent.com *.jsdelivr.net https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com bid.g.doubleclick.net js.mollie.com *.cookiebot.com *.doubleclick.net *.google.com *.googletagmanager.com *.jobrad.org www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://www.mollie.com *.authorized.by *.cookiebot.com *.doubleclick.net *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.trustedshops.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.com.ar www.google.com.bd www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.jm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.is www.google.it www.google.jo www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tg www.google.tn https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com app.authorized.by player.vimeo.com js.mollie.com *.authorized.by *.cloudflare.com *.cookiebot.com *.google.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.trustedshops.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.authorized.by *.googleapis.com *.gstatic.com *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src *.cookiebot.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com app.authorized.by api.friendlycaptcha.com eu-api.friendlycaptcha.eu *.adm-services.goog *.affilitizer.com *.cookiebot.com *.doubleclick.net *.googleapis.com www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.co.in www.google.co.jp www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.com.ar www.google.com.bd www.google.com.br www.google.com.co www.google.com.eg www.google.com.mx www.google.com.ng www.google.com.pk www.google.com.tr www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9d149a5d-cd44-43a1-b850-cd1f930c5061.sansec.watch/; report-to report-endpoint; 1
object-src  'none'; connect-src 'self' *.girlfriendsfilms.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.girlfriendsfilms.com join.gammasecure.com; script-src 'self' *.girlfriendsfilms.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.girlfriendsfilms.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self'; connect-src 'self' consentcdn.cookiebot.com *.youtube.com *.google.com *.googleapis.com *.klinikum-nuernberg.de home.textkernel.nl *.dvinci-easy.com *.dvinci.de *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiebot.com consentcdn.cookiebot.com tenor.com www.youtube.com s.ytimg.com *.dvinci-easy.com *.dvinci.de home.textkernel.nl www.googletagmanager.com maps.googleapis.com www.gstatic.com www.google.com googleads.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiebot.com consentcdn.cookiebot.com tenor.com www.youtube.com s.ytimg.com *.dvinci-easy.com *.dvinci.de home.textkernel.nl www.googletagmanager.com maps.googleapis.com www.gstatic.com www.google.com googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com; img-src 'self' data: imgsct.cookiebot.com maps.googleapis.com maps.gstatic.com i.ytimg.com www.gstatic.com img.youtube.com yt3.ggpht.com home.textkernel.nl *.dvinci-easy.com *.dvinci.de *.klinikum-nuernberg.de *.google.de *.google.com *.google-analytics.com https://googleads.g.doubleclick.net *.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.gstatic.com www.youtube.com www.gstatic.com *.dvinci-easy.com *.dvinci.de https://www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com *.dvinci-easy.com *.dvinci.de; frame-src 'self' consentcdn.cookiebot.com www.googletagmanager.com www.yumpu.com www.youtube.com youtube.com www.google.com *.dvinci-easy.com *.dvinci.de *.klinikum-nuernberg.de; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.ads-twitter.com *.googleapis.com *.paypal.com https://cdn.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://player.vimeo.com https://bat.bing.com https://analytics.tiktok.com https://dev.elganso.com https://cdn.elganso.com https://www.elganso.com https://prerender.io https://use.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://td.doubleclick.net/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in 'self' data: blob: 'unsafe-inline' data: *.cloudflare.com https://cdn.klarna.com t.co https://s.ytimg.com https://player.vimeo.com https://bat.bing.com https://analytics.tiktok.com https://dev.elganso.com https://cdn.elganso.com https://www.elganso.com https://prerender.io https://use.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://www.google.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com *.avada.io *.shopify.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu *.naiz.fit *.twitter.com ads-twitter.com *.aplazame.com https://player.vimeo.com https://bat.bing.com https://analytics.tiktok.com https://dev.elganso.com https://cdn.elganso.com https://www.elganso.com https://prerender.io https://use.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.typekit.net *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.cloudflare.com *.googleapis.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://get.geojs.io *.avada.io ws: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.g.doubleclick.net *.cloudflare.com *.googleapis.com https://player.vimeo.com https://bat.bing.com https://analytics.tiktok.com https://dev.elganso.com https://cdn.elganso.com https://www.elganso.com https://prerender.io https://use.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://player.vimeo.com https://bat.bing.com https://analytics.tiktok.com https://dev.elganso.com https://cdn.elganso.com https://www.elganso.com https://prerender.io https://use.typekit.net https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net; script-src 'self' 'unsafe-inline'; font-src 'self' https://www.bayreuther-festspiele.de https://use.typekit.net; img-src 'self' data:; worker-src blob:; report-uri https://csp-rep.tmt.de/csp-report; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'nonce-HZI9lkGBHkhrv50qA8ZTzIJ3AifLsIXhgUiquzhAIVXmVdMYs8OlAg' https://cdn.trackboxx.info 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://nordlb.de https://*.nordlb.de https://nordlb.com https://*.nordlb.com https://hit.trackboxx.info; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://mailing.nordlb.de; media-src 'self' blob:; script-src-elem 'self' 'nonce-HZI9lkGBHkhrv50qA8ZTzIJ3AifLsIXhgUiquzhAIVXmVdMYs8OlAg' https://cdn.trackboxx.info 'sha256-Ml5Nkwfy8xmyalWIgp9Vfjfh9EFc1pjxIXVNc5/1jQc=' 'sha256-6u/HC5w+unW3nJuE+d9WlbUor3ayO+8YsjtFnxTPwaA=' 'sha256-8ZuOkTvJhr9SQhAirWN4+9TCVRFC9vYDrBAGqVsRyOo=' 'sha256-X3XjG8kdxszkIHrgG3yPcJ7w6k+FnZ+KYhp/uDUrpho=' 'report-sample'; style-src 'self' 'sha256-Ml5Nkwfy8xmyalWIgp9Vfjfh9EFc1pjxIXVNc5/1jQc=' 'sha256-GqiEX9BuR1rv5zPU5Vs2qS/NSHl1BJyBcjQYJ6ycwD4=' 'report-sample'; worker-src blob:; connect-src 'self' https://hit.trackboxx.info; object-src 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://www.nordlb.de/@http-reporting?csp=report&requestTime=1773716861250278&requestHash=ebbf44014a3f65d3fe9ca409e3c1e42950ad2bad 1
object-src 'none';base-uri 'self';script-src 'nonce-J13v5o0x_6jTIQ0RY6Fv1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.oney.io *.staging.oney.io https://cdnjs.cloudflare.com https://*.swaven.com/ data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.swaven.com/ https://app.trustt.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay.com *.oney.io *.staging.oney.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.adnxs.com/ https://axeptio.imgix.net/ https://*.bing.com/ https://*.clarity.ms/ https://*.google.fr/pagead/ https://*.leanature.com/media/ https://mcstaging2.leanature.fr/media/ https://*.cloudfront.net/ https://*.swaven.com/ https://app.trustt.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.oney.io *.staging.oney.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://*.adnxs.com/ https://*.amazon-adsystem.com/ https://*.axept.io/ https://*.bing.com/ https://*.clarity.ms/ https://*.leanature.com/ https://*.newrelic.com/ https://*.mikmak.ai/ https://static-sb.com/js/ https://*.swaven.com/ https://*.tiktok.com https://*.iadvize.com https://app.trustt.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.hipay.com *.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.googleapis.com/gtv-videos-bucket https://app.trustt.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.adnxs.com/ https://*.amazon-adsystem.com/ https://*.bing.com/ https://*.leanatureboutique.com/ https://*.swaven.com/ https://*.axept.io/ https://*.clarity.ms/ https://*.google-analytics.com/ https://*.google.com/pagead/ https://googleads.g.doubleclick.net/ https://*.nr-data.net/ https://*.paa-reporting-advertising.amazon/ https://social-sb.com/ https://*.tiktok.com https://*.iadvize.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QS-OlfdZRn5-vM5vUbVW9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.googleusercontent.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.wistia.com yotpo-stool.s3.amazonaws.com *.zohocdn.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.b0e8.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.mageside.com mageside.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.attentivemobile.com *.attn.tv *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.net *.ggpht.com *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.tg www.google.tl www.google.tn www.google.to www.google.vu www.google.ws google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.kaltura.com *.linksynergy.com *.listrakbi.com *.ometria.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.spode.co.uk *.wistia.com yastatic.net *.yotpoapi.com yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.attn.tv events.attentivemobile.com *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.b0e8.com *.bc0a.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ometria.com https://cdn-ukwest.onetrust.com https://cdn.attn.tv https://www.portmeirion.co.uk *.bing.com *.clarity.ms d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaltura.com *.klevu.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.rakuten.com *.sentry-cdn.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com d21m4dsqdd3b9h.cloudfront.net *.googletagmanager.com *.gstatic.com *.listrakbi.com *.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.kaltura.com video-s3-bucket.s3.eu-west-2.amazonaws.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.attn.tv events.attentivemobile.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.hub-box.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.ometria.com *.attentivemobile.com *.bc0a.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.tg www.google.tl www.google.tn www.google.vu www.google.ws *.googlesyndication.com *.hotjar.com *.hotjar.io *.kaltura.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.samsung.com *.spode.com *.spode.co.uk *.wistia.com *.yotpoapi.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://32ede476-ded8-4814-88cb-f8ecfa864227.sansec.watch/; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.fls.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.awin1.com *.zenaps.com *.google.com *.klarna.com secure.pay1.de *.hotjar.com *.modehaus.dev *.page2flip.de js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net https://*.etracker.com https://*.etracker.de https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net flagpedia.net *.amazonaws.com s3.eu-central-1.amazonaws.com *.s3.eu-central-1.amazonaws.com modehaus-ai-generated.s3.eu-central-1.amazonaws.com *.google.co.in scontent-ham3-1.cdninstagram.com ix.a8.styla.com *.modehaus.de my.page2flip.de *.etracker.de *.google.de x.bidswitch.net www.clarity.ms *.casalemedia.com *.sitecockpit.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.com https://*.etracker.de *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com maps.googleapis.com *.modehaus.de *.modehaus2.de *.baltz.de *.etracker.com *.etracker.de api.signalize.com graph.instagram.com *.styla.com styla.com *.page2flip.de *.hotjar.com *.adcell.com *.ad-srv.net cdnjs.cloudflare.com *.hyj.mobi *.bidswitch.net *.casalemedia.com *.smaato.net *.marker.io *.axonix.com *.adform.net *.hotjar.io *.clarity.ms *.sitecockpit.com *.bing.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com cdn.klarna.com jsctool.com d.payla.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com *.styla.com cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.de *.doubleclick.net *.googlesyndication.com *.tiktok.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.de *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com *.modehaus.de *.baltz.de *.etracker.de *.styla.com *.pay1.de *.page2flip.de *.adcell.com *.picalike.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com https://elements.sandbox.fortis.tech https://elements.fortis.tech 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.certcapture.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com optimize.google.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.adobedc.net *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.barkerandstonehouse.co.uk wss://*.zendesk.com *.google-analytics.com *.klevu.com api.exponea.com ct.pinterest.com *.abtasty.com *.adobedc.net *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com *.zendesk.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com https://cdn.livehelpnow.net/ https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.payfabric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.twitter.com *.bootstrapcdn.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.payfabric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.outbrain.com *.casalemedia.com *.rubiconproject.com *.advertising.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.google.co.in *.adroll.com *.magentocommerce.com *.livehelpnow.net *.inspectlet.com https://c.clarity.ms https://c.bing.com *.alothemes.com *.magepow.com *.payfabric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.cloudfront.net *.springbot.com *.pinterest.com *.adroll.com *.facebook.net *.consensu.org *.reviewability.com *.ampproject.org *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.ubembed.com *.marketo.net *.livehelpnow.net *.inspectlet.com https://capturly.com/ https://www.clarity.ms https://js-agent.newrelic.com/ https://7000858.collect.igodigital.com/ https://s.pinimg.com/ https://js.hs-scripts.com/ https://assets.pcrl.co/ https://googleads.g.doubleclick.net http://7000858.collect.igodigital.com https://luckkystar.shop/ *.googleapis.com *.alothemes.com *.magepow.com *.payfabric.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.getfirebug.com *.dnky.co https://developer.livehelpnow.net/ *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bootstrapcdn.com *.youtube.com *.crwdcntrl.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.google.com *.google-analytics.com *.doubleclick.net *.adroll.com *.gatherup.com *.ampproject.org *.google.co.in *.inspectlet.com *.mktoresp.com https://collector.capturly.com/ https://l.clarity.ms/ https://developer.livehelpnow.net/ wss://app.livehelpnow.net/ https://bam.nr-data.net/ https://capturly.com/ https://ct.pinterest.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com *.payfabric.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.analytics.google.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sharethis.com www.xtento.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.sharethis.com https://cdn.clerk.io *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net *.facebook.com www.google.it *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io cdnjs.cloudflare.com *.clerk.io *.clarity.ms connect.facebook.net *.cloudfront.net *.bing.com www.xtento.com cdn.xtento.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com network.oliunid.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.openstreetmap.org https://maps.googleapis.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com network.oliunid.com https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Sviw8yTvXtKhs73a9HS5Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://stopkillerrobots.org?gdsih-csp-report; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.recaptcha.net https://www.google.com https://accounts.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.gstatic.com https://www.gstatic.com https://*.gstatic.cn https://*.googlesyndication.com https://www.instagram.com https://graph.instagram.com https://platform.instagram.com https://static.cdninstagram.com https://connect.facebook.net https://www.facebook.com https://*.fbcdn.net https://*.facebook.net https://analytics.tiktok.com https://lf16-gecko-source.tiktokcdn.com https://sc-static.net https://cf-st.sc-cdn.net https://snap.licdn.com https://tr.snapchat.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://vimeocdn.com https://visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.azureedge.net https://watermelon.ai https://chatwidget-prod.web.app https://fonts.googleapis.com https://*.aanmelder.nl https://connexys.nl https://cdnjs.cloudflare.com https://*.hotjar.com https://secured-pixel.com https://*.secured-pixel.com https://embed.intractive.app https://web.intractive.app https://assets-eur.mkt.dynamics.com https://*.mkt.dynamics.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net 'nonce-/CBZWPdh6wwCGjt8EGuXyg=='; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.recaptcha.net https://www.google.com https://accounts.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.gstatic.com https://www.gstatic.com https://*.gstatic.cn https://*.googlesyndication.com https://www.instagram.com https://graph.instagram.com https://platform.instagram.com https://static.cdninstagram.com https://connect.facebook.net https://www.facebook.com https://*.fbcdn.net https://*.facebook.net https://analytics.tiktok.com https://lf16-gecko-source.tiktokcdn.com https://sc-static.net https://cf-st.sc-cdn.net https://snap.licdn.com https://tr.snapchat.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://vimeocdn.com https://visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.azureedge.net https://watermelon.ai https://chatwidget-prod.web.app https://fonts.googleapis.com https://*.aanmelder.nl https://connexys.nl https://cdnjs.cloudflare.com https://*.hotjar.com https://secured-pixel.com https://*.secured-pixel.com https://embed.intractive.app https://web.intractive.app https://assets-eur.mkt.dynamics.com https://*.mkt.dynamics.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net; style-src 'self' https: fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; img-src 'self' https: https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.recaptcha.net https://www.google.com https://accounts.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.gstatic.com https://www.gstatic.com https://*.gstatic.cn https://*.googlesyndication.com https://www.instagram.com https://graph.instagram.com https://platform.instagram.com https://static.cdninstagram.com https://connect.facebook.net https://www.facebook.com https://*.fbcdn.net https://*.facebook.net https://analytics.tiktok.com https://lf16-gecko-source.tiktokcdn.com https://sc-static.net https://cf-st.sc-cdn.net https://snap.licdn.com https://tr.snapchat.com data: blob: https://akamaized.net https://cdninstagram.com https://amazonaws.com https://fonts.gstatic.com https://storage.googleapis.com zadkine-production-images-356480229392.s3.eu-central-1.amazonaws.com https://watermelon.ai https://imgsct.cookiebot.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://js.hsadspixel.net https://assets-eur.mkt.dynamics.com; font-src 'self' https: data: fonts.gstatic.com; media-src 'self' https: data: blob:; connect-src 'self' https: data: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.recaptcha.net https://www.google.com https://accounts.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.gstatic.com https://www.gstatic.com https://*.gstatic.cn https://*.googlesyndication.com https://www.instagram.com https://graph.instagram.com https://platform.instagram.com https://static.cdninstagram.com https://connect.facebook.net https://www.facebook.com https://*.fbcdn.net https://*.facebook.net https://analytics.tiktok.com https://lf16-gecko-source.tiktokcdn.com https://sc-static.net https://cf-st.sc-cdn.net https://snap.licdn.com https://tr.snapchat.com https://visualwebsiteoptimizer.com https://app.vwo.com https://watermelon.ai https://mktdplp102cdn.azureedge.net https://chatwidget-prod.web.app https://*.hotjar.com wss://*.hotjar.com wss://*.aanmelder.nl https://js.hs-analytics.net https://js.hs-scripts.com https://assets-eur.mkt.dynamics.com https://*.mkt.dynamics.com; frame-src 'self' https: https://www.youtube.com https://vimeo.com https://player.vimeo.com https://vimeocdn.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.recaptcha.net https://www.google.com https://accounts.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.gstatic.com https://www.gstatic.com https://*.gstatic.cn https://*.googlesyndication.com https://connexys.nl https://bookings.zenchef.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' https:; base-uri 'self'; report-uri /csp-reports 1
default-src 'self'; connect-src 'self' *.appmaster.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com  https://forms.hsforms.com https://maps.googleapis.com https://stats.g.doubleclick.net www.google.com; font-src 'self' data: https: ; img-src 'self' data: blob: https: ; media-src 'self' data: blob: https: ; object-src 'none'; frame-src 'self' *.appmaster.io *.recaptcha.net *.youtube.com widget.canny.io; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.appmaster.io *.hsforms.net https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ *.recaptcha.net *.canny.io; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' *.appmaster.io *.hs-scripts.com *.hs-analytics.net *.hs-banner.com www.googletagmanager.com chat.appmaster.io;  style-src 'self' 'unsafe-inline' 'report-sample' *.appmaster.io https://fonts.googleapis.com; worker-src data: blob: studio.appmaster.io; report-uri https://s.appmaster.io/api/3/security/?sentry_key=f3a1f5e566804120856802b6ba1adda8; report-to apms; 1
font-src *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://*.hotjar.com https://static.klaviyo.com https://surveys-static.survicate.com *.cookie-script.com cookie-script.com *.paybyrd.com 'self' data: *.stripecdn.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com *.paybyrd.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com *.stripe.com stripe.com *.paybyrd.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ google.com https://static.addtoany.com/ https://www.googletagmanager.com/ www.google.com www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.revolut.com *.google.com *.cdn-apple.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com secure.authorize.net test.authorize.net js.stripe.com m.stripe.com x.klarnacdn.net *.weltpixel.com vars.hotjar.com *.doubleclick.net *.paybyrd.com *.link.com *.amazon.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com https://cosmetis.com *.mcusercontent.com *.cloudflare.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://c.bing.com https://googleads.g.doubleclick.net https://cosmetis.boost.propelbon.com https://static.zdassets.com *.doofinder.com *.criteo.com *.cookie-script.com cookie-script.com *.paybyrd.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://static.addtoany.com/ apis.google.com cdn.doofinder.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.avada.io *.shopify.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.revolut.com *.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.pt *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com https://*.hotjar.com 'unsafe-inline' *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net https://*.clarity.ms https://surveys-static.survicate.com https://api6.ipify.org *.cookie-script.com cookie-script.com https://iic.cosmetis.com *.doofinder.com *.criteo.com api6.ipify.org *.survicate.com api64.ipify.org *.paybyrd.com *.hsforms.net *.hsforms.com *.stripe.network *.stripecdn.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline' https://surveys-static.survicate.com *.cookie-script.com cookie-script.com *.paybyrd.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com *.paybyrd.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.doofinder.com wss://*.doofinder.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com ws://127.0.0.1:35729/livereload *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://www.google.pt https://care4ict.nl/health_check.php wss://pod-18.zendesk.com https://gtm.cosmetis.com https://survey.survicate.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://iic.cosmetis.com wss://*.doofinder.com/ *.criteo.com https://*.criteo.com/ *.cookie-script.com cookie-script.com *.sentry.io *.paybyrd.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://84a5a812-f528-4463-ba29-abdbc1fc7d38.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.checkout.com *.careem-pay.com *.klevu.com *.ksearchnet.com *.stape.io *.fontawesome.com https://fonts.bunny.net maps.googleapis.com fonts.intercomcdn.com maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://js.checkout.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net *.tap.company *.careem-pay.com platform.twitter.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io maps.googleapis.com *.decibelinsight.net checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net pinterest.com assets.pinterest.com syndication.twitter.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com maps.googleapis.com livecdn.petzone.com storage.inhabitad.com petzone.com www.google.co.in downloads.intercomcdn.com js.intercomcdn.com statsjs.klevu.com analytics.tiktok.com *.decibelinsight.net flagpedia.net checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.tamara.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://*.checkout.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.b-cdn.net *.careem-pay.com *.cloudflare.com twitter.com platform.twitter.com *.klevu.com *.ksearchnet.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io maps.googleapis.com polyfill.io  googleapis.com delivery.inhabitad.com static.cloudflareinsights.com widget.intercom.io js.intercomcdn.com statsjs.klevu.com https://statsjs.klevu.com stape.petzone.com www.clarity.ms scripts.clarity.ms analytics.tiktok.com cdn.decibelinsight.net widget.decibelinsight.net *.decibelinsight.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.tamara.co https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com *.b-cdn.net *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net maps.googleapis.com storage.inhabitad.com *.decibelinsight.net maxcdn.bootstrapcdn.com *.gstatic.com *.tamara.co https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://js.checkout.com *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dev.tap.company *.tap.company *.klevu.com *.ksearchnet.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io wss://nexus-websocket-a.intercom.io maps.googleapis.com 'self' https://api.petzone.com delivery.inhabitad.com static.cloudflareinsights.com cloudflareinsights.com api-iam.intercom.io nexus-websocket-a.intercom.io *.intercom.io f.clarity.ms www.clarity.ms analytics.tiktok.com collection.decibelinsight.net wss://collection.decibelinsight.net *.decibelinsight.net capig.stape.cloud www.gstatic.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.tamara.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://maps.googleapis.com/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.pwc.com https://assets.adobedtm.com https://*.akamaihd.net https://platform.twitter.com https://*.demdex.net https://*.twing.com https://www.googletagmanager.com https://cm.everesttech.net https://optanon.blob.core.windows.net https://pwc.sc.omtrdc.net https://syndication.twitter.com https://www.googleoptimize.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net https://script.crazyegg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://www.google.com https://www.google.ca https://accounts.google.com https://www.youtube.com https://i.ytimg.com https://jwpltx.com https://ssl.gstatic.com https://ton.twimg.com https://www.google.com.tr https://www.pwc.nl https://www.pwc.co.uk http://download.pwc.com https://apis.google.com https://ssl.p.jwpcdn.com https://www.gstatic.com https://ton.twimg.com data:; 1
default-src 'self' https://*.pixum.com;base-uri 'self';img-src 'self' https://assets.pixum.com https://cdn.pixum.com https://pixum-cms.imgix.net data: blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pixum.com https://app.usercentrics.eu https:// https://1hbotx6kw4.kameleoon.eu https://*.trustpilot.com https://widgets.trustedshops.com https://*.clarity.ms https://*.scarabresearch.com https://storage.googleapis.com/photo-prints-journey-builds/ https://*.pagent.ai https://spot.photoprintit.com https://www.paypal.com/sdk/js https://website-overlay.zenloop.com https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js https://zenloop-website-overlay-production.s3.amazonaws.com https://tag.mention-me.com https://static.mention-me.com https://pixum-assets.imgix.net https://unpkg.com/core-js-bundle@3.16.2/index.js https://tcan97.pixum.co.uk;connect-src 'self' https://*.pixum.com https://*.pixum-api.com https://api.usercentrics.eu https://www.pixum.de https://1hbotx6kw4.kameleoon.eu https://eu-data.kameleoon.eu https://pixum-assets.imgix.net https://consent-api.service.consent.usercentrics.eu https://storage.googleapis.com/pixum-api-images/ https://*.clarity.ms https://webchannel-content.eservice.emarsys.net https://*.scarabresearch.com wss://peer-service.pixum-api.com https://www.pixum.be/5fixu6 https://www.pixum.co.uk/tcan97 https://tcan97.pixum.co.uk https://api.zenloop.com https://channels-api.zenloop.com https://website-overlay.zenloop.com https://graphql.usercentrics.eu https://tag.mention-me.com https://www.paypal.com/xoplatform/logger/api/logger https://guarantee-log.trustedshops.com https://*.pagent.ai https://aggregator.service.usercentrics.eu wss://chatbot-de.photoprintit.com https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://pixum-cms.imgix.net https://photospicker.googleapis.com/v1/sessions/ blob: data: https://api.trustedshops.com/rest/internal/ https://api.trustbadge.etrusted.com/accounts/ https://data.kameleoon.eu https://mention-me.com/api/v2/event/ https://gum.criteo.com https://www.gstatic.com/draco/versioned/decoders/1.4.1/ https://faro-collector-prod-eu-west-0.grafana.net/collect/;style-src 'self' 'unsafe-inline' https://*.pixum.com;media-src 'self' data: https://cdn.pixum.com;font-src 'self' data: https://*.pixum.com https://assets.zenloop.com;frame-src 'self' https://widget.trustpilot.com https://dls.photoprintit.com https://mention-me.com https://www.youtube.com https://www.paypal.com blob:;worker-src 'self' blob:;child-src 'self' blob:; report-to csp-report-only; report-uri https://psi.pixum.com/?ns=content-security-policy-report-only&service=base&module=status&action=report 1
default-src 'self'; script-src 'self' https://stock.limz.com/ https://limz.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://stock.limz.com/ https://limz.org 'unsafe-inline'; img-src 'self' https://stock.limz.com/ https://limz.org data: blob:; font-src 'self' https://stock.limz.com/ https://limz.org data:; frame-src 'self' https://stock.limz.com/ https://limz.org ; connect-src 'self' https://stock.limz.com/ https://limz.org wss:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; report-uri /en/limz-core-cspReport 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-kCjMGxFF4BfMvVlURzsSWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src null 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src *.authorize.net *.bing.com *.cloudflare.com *.compliancesigns.com *.doubleclick.net *.googleadservices.com *.google.com *.googlecommerce.com *.googletagmanager.com *.hotjar.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.net *.hs-scripts.com *.hubspot.com *.licdn.com *.payments-amazon.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.tctm.co *.trustpilot.com *.turnto.com *.usemessages.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.amazon.com *.authorize.net *.bing.com *.cloudflare.com *.compliancesigns.com *.doubleclick.net *.googleadservices.com *.google.com *.googlecommerce.com *.googletagmanager.com *.hotjar.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.net *.hs-scripts.com *.hubspot.com *.licdn.com *.payments-amazon.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.tctm.co *.trustpilot.com *.turnto.com *.usemessages.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.cloudflare.com *.compliancesigns.com *.googletagmanager.com *.turnto.com *.visualwebsiteoptimizer.com app.vwo.com *.cloudflare.com *.compliancesigns.com *.googletagmanager.com *.turnto.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src *.compliancesigns.com compliancesigns.com *.bing.com *.doubleclick.net *.googleadservices.com google.com *.google.com *.googletagmanager.com *.hscollectedforms.net *.hubspot.com *.linkedin.com *.payments-amazon.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.turnto.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.media-amazon.com *.amazon.com jsgibuild.com *.bing.com *.cloudflare.com *.doubleclick.net *.googleadservices.com google.com *.google.com *.googletagmanager.com *.hscollectedforms.net *.hubspot.com *.linkedin.com *.payments-amazon.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.turnto.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src *.authorize.net *.bing.com *.compliancesigns.com *.doubleclick.net *.googleadservices.com *.google.com google.com *.googletagmanager.com *.hotjar.com *.hscollectedforms.net *.hubspot.com *.linkedin.com *.payments-amazon.com *.searchspring.io *.turnto.com *.visualwebsiteoptimizer.com app.vwo.com *.amazon.com *.authorize.net *.bing.com *.compliancesigns.com *.doubleclick.net *.googleadservices.com *.google.com google.com *.googletagmanager.com *.hotjar.com *.hscollectedforms.net *.hubspot.com *.licdn.com *.linkedin.com *.payments-amazon.com *.searchspring.io *.turnto.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; font-src *.cloudflare.com *.compliancesigns.com *.hotjar.com *.cloudflare.com *.compliancesigns.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src null 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.bing.com *.bing.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-src *.authorize.net *.authorize.net *.bing.com *.cloudflare.com *.doubleclick.net *.google.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hubspot.com *.trustpilot.com *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.amazon.com *.authorize.net *.bing.com *.cloudflare.com *.doubleclick.net *.google.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hubspot.com *.linkedin.com *.trustpilot.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes';report-uri https://9d5bcf97-219a-452a-a7ad-f99e63b52def.sansec.watch/ 1
object-src 'none';base-uri 'self';script-src 'nonce-RNm7xlRL9XajwG6D7dtn6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-jrMjPcrsE2bF8wIx3q3UKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-meAUSJsYFnNY5AIermkb5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-NvRDQcYP0lakVKw9HEEz8g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-H_1xVKa-BKnN-8i5OwaBCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'nonce-01e3080d-c97f-45a3-b95e-58c79be647e5' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https://*.mediavine.com https://adtrafficquality.google.com https://ep1.adtrafficquality.google.com https://*.googlesyndication.com https://fundingchoicesmessages.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.grow.me https://*.growplow.events https://growmefrontendassetsstack-growheadlessbucket79e0b0-aqcqbhbrt0qb.s3.amazonaws.com https://*.casalemedia.com https://*.rubiconproject.com https://*.3lift.com https://*.openx.net https://*.pubmatic.com https://*.criteo.com https://*.adsrvr.org https://*.33across.com https://*.id5-sync.com https://id5-sync.com https://*.eu-1-id5-sync.com https://*.eu-2-id5-sync.com https://*.us-1-id5-sync.com https://*.crwdcntrl.net https://*.optable.co https://*.ccgateway.net https://*.360yield.com https://*.rlcdn.com https://*.ozone-project.com https://*.the-ozone-project.com https://elb.the-ozone-project.com https://*.consentmanager.net https://*.quantcast.com https://*.bidswitch.net https://*.adnxs.com https://*.amazon-adsystem.com https://*.sharethrough.com https://*.spotxchange.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smartadserver.com https://*.yieldmo.com https://*.opti-digital.com https://*.connatix.com https://*.lijit.com https://*.smilewanted.com https://*.kargo.com https://*.trustx.org https://*.a-mo.net https://*.extend.tv https://*.plista.com https://*.intentiq.com https://*.a-mx.com https://*.nr-data.net https://*.bidr.io https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://adtrafficquality.google https://*.receptivity.io https://*.scorecardresearch.com https://pghub.io https://*.opecloud.com https://*.googleapis.com https://*.liveintent.com https://*.liveramp.com https://*.adsymptotic.com https://*.simpli.fi https://*.exchange.mediavine.com https://*.smaato.net https://*.krxd.net https://*.e-volution.ai https://*.demdex.net; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://*.mediavine.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://fundingchoicesmessages.google.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://*.casalemedia.com https://*.rubiconproject.com https://*.3lift.com https://*.openx.net https://*.pubmatic.com https://*.criteo.com https://*.adsrvr.org https://*.33across.com https://*.id5-sync.com https://id5-sync.com https://*.360yield.com https://*.ozone-project.com https://*.the-ozone-project.com https://*.safeframe.googlesyndication.com https://*.bidswitch.net https://*.adnxs.com https://*.amazon-adsystem.com https://*.sharethrough.com https://*.spotxchange.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smartadserver.com https://*.yieldmo.com https://*.opti-digital.com https://*.connatix.com https://*.lijit.com https://*.smilewanted.com https://*.kargo.com https://*.trustx.org https://*.a-mo.net https://*.extend.tv https://*.plista.com https://*.intentiq.com https://*.a-mx.com https://*.nr-data.net https://*.bidr.io https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://adtrafficquality.google https://*.receptivity.io https://*.scorecardresearch.com https://pghub.io https://*.opecloud.com https://*.googleapis.com https://*.pubnation.com https://*.journeymv.com https://*.grow.me https://www.googleadservices.com https://*.googleadservices.com https://*.rapidedge.io https://*.ingage.tech https://*.dxtech.ai https://*.1rx.io https://*.undertone.com https://*.chicoryapp.com https://*.contextweb.com https://*.gumgum.com https://*.media.net https://*.turn.com https://*.unrulymedia.com https://*.postrelease.com https://*.tapad.com https://*.connectad.io; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://use.typekit.net https://www.goodsalt.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com https://www.goodsalt.com https://td.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com maps.gstatic.com https://www.goodsalt.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://browser.sentry-cdn.com https://cdn.lr-ingest.io maps.googleapis.com https://www.goodsalt.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://www.goodsalt.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io maps.googleapis.com https://www.goodsalt.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; media-src https:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 'self'; img-src https:; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com; frame-src 'self' https: 1
default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://acsbapp.com https://cdn.acsbapp.com https://snap.licdn.com https://use.fontawesome.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://unpkg.com https://sc.lfeeder.com https://tr-rc.lfeeder.com https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://cdn.jsdelivr.net https://fonts.bunny.net https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://cdn.jsdelivr.net https://fonts.bunny.net https://cdnjs.cloudflare.com; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com https://www.google.com https://www.google.bg https://px.ads.linkedin.com https://px4.ads.linkedin.com https://maps.gstatic.com https://i.ytimg.com https://www.youtube.com https://cdn-ukwest.onetrust.com https://chubb.local https://dev.chubbfs.com http://chubb.local https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com data:; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://cdn.acsbapp.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://log.cookieyes.com https://cdn-cookieyes.com https://sc.lfeeder.com https://tr-rc.lfeeder.com https://api.wordpress.org 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: https://*.paypal.com https://*.paypalobjects.com 'nonce-Ier_pu_pMJpSZpH9__EkqgeiGWV-QlhI'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
block-all-mixed-content;script-src 'self' https://*.vistek.ca https://*.klaviyo.com https://*.criteo.com https://*.doubleclick.net https://*.google.com https://*.googleadbuilder.Services.com https://*.googlesyndication.com https://*.googletagbuilder.Services.com https://*.yahoo.com https://*.klarnaservices.com https://acsbapp.com https://ajax.aspnetcdn.com https://apis.google.com https://cdn.browsiprod.com https://connect.facebook.net https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://forms.hsforms.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hubspot.com https://osm.klarnabuilder.Services.com https://platform.linkedin.com https://query.yahooapis.com https://sslwidget.criteo.com https://static.criteo.net https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.yimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadbuilder.Services.com https://www.googletagmanager.com https://static.www.turnto.com https://vistek.bamboohr.com/ https://www.gstatic.com https://s3.amazonaws.com https://www.paypalobjects.com https://x.klarnacdn.net https://js.klarna.com https://cdn.equalweb.com https://www.googleadservices.com https://www.paypal.com https://maps.googleapis.com https://code.jquery.com https://aq.flippenterprise.net 'unsafe-eval' 'unsafe-inline';style-src 'self' *.licdn.com *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com static.www.turnto.com x.klarnacdn.net vistek.bamboohr.com static.klaviyo.com static-tracking.klaviyo.com aq.flippenterprise.net 'unsafe-inline';child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.criteo.net *.criteo.com app.hubspot.com connect.facebook.net forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com aq.flippenterprise.net;form-action 'self' *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com https://*.cardinalcommerce.com https://*.cardinaltrusted.com;object-src *.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://www.youtube.com https://gum.criteo.com https://fledge.us.criteo.com/ https://accounts.google.com https://www.turnto.com https://static.www.turnto.com https://forms.hsforms.com https://www.google.com https://www.google.ca https://www.googletagmanager.com https://www.sandbox.paypal.com https://www.paypal.com https://js.playground.klarna.com https://js.klarna.com https://*.cardinalcommerce.com https://*.cardinaltrusted.com https://googleads.g.doubleclick.net https://app.hubspot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://aq.flippenterprise.net;worker-src 'self' blob: www.google.com;base-uri 'self' *.yahoo.com;report-uri /error/csp 1
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' cdn.matomo.cloud diateam.matomo.cloud; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com platform.twitter.com syndication.twitter.com www.youtube.com; block-all-mixed-content; report-uri https://www.diateam.net/.csp/report 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.dinhvan.com https://fonts.gstatic.com https://ws.colissimo.fr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu https://www.youtube.com https://form.typeform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dinhvan.com *.doubleclick.net *.google.fr *.googlesyndication.com *.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.dinhvan.com *.tiktok.com *.axept.io chimpstatic.com s.pinimg.com ct.pinterest.com *.facebook.net downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.dinhvan.com downloads.mailchimp.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.dinhvan.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.axept.io *.google.fr *.dinhvan.com analytics.tiktok.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com ct.pinterest.com s.pinimg.com *.vimeocdn.com vimeo.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-KEO_kAb8KofItRcmu5Pltg' 'strict-dynamic'; script-src-elem 'self' 'nonce-KEO_kAb8KofItRcmu5Pltg' 'strict-dynamic' https://challenges.cloudflare.com https://www.googletagmanager.com https://js.hsforms.net; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://static.designer.ddt.cimpress.io; img-src 'self' data: blob: https: http://ib.adnxs.com; font-src 'self' https://cdnjs.cloudflare.com https://script.hotjar.com https://fonts.documents.cimpress.io; media-src 'self' https:; connect-src *; frame-src *; object-src 'none'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; base-uri 'self' 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com static.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.affirm.com *.affirm.ca *.google.com/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.affirm.com *.affirm.ca https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net insight.adsrvr.org bat.bing.com www.google.co.in log.olark.com static.olark.com img-msg.tb-list.com pixel.rubiconproject.com match.adsrvr.org *.doubleclick.net *.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com https://cdnjs.cloudflare.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org cdn-in.pagesense.io sf.bayengage.com bat.bing.com app.targetbay.com static.olark.com knrpc.olark.com www.gstatic.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com static.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com settings.luckyorange.net pagesense.zoho.in locationapi.cdn-in.pagesense.io pagesense-collect.zoho.in app.targetbay.com knrpc.olark.com bat.bing.com sfc-api.bayengage.com www.google.co.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-UUkKYScYjPdOVoSO3LGyaQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
script-src-elem ; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com *.stripe.network *.google.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com imgsct.cookiebot.com *.stripe.com *.stripe.network *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.clerk.io https://cdn.clerk.io *.cloudflare.com graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com player.vimeo.com consent.cookiebot.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.facebook.com connect.facebook.net business.facebook.com *.bglobale.com *.global-e.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-UT8fwRybWVq6-OdpXKGLsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-D1hxiU1Hjmkap_UqJ2go0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-v5wJMIQdMgsByrjFyZodRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-R3pmMTBbCnK3NI+0V9/DdA==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://cdn.ampproject.org https://consent.bumble.com https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/pagead *.googlesyndication.com *.typeform.com *.typeformcdn.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com *.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-4yBSXjf2X4ICEkzdQPbsyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mhs6AWLG83KS-AcHD2v71A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-lmSrlxKOl-mGojCnK5IGfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-WdxWelqDrr6kZJ234xM5kg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.klarnacdn.net *.hspvst.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.hspvst.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com *.hspvst.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.langshop.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vimeo.com *.oct8ne.com *.cookiebot.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hspvst.com *.doubleclick.net www.xtento.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tapad.com *.rlcdn.com *.reson8.com *.cookiebot.com *.rawgit.com *.jsdelivr.net *.hspvst.com hspvst.com *.w55c.net w55c.net hotjar.com *.hotjar.com *.arkeero.net *.kelkoogroup.net *.mailchimp.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com google.pt *.google.pt *.bidswitch.net *.outbrain.com *.openx.net *.rubiconproject.com *.pubmatic.com *.yahoo.com *.taboola.com *.adnxs.com *.3lift.com *.casalemedia.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adsmurai.com *.criteo.com *.hspvst.com hspvst.com *.w55c.net w55c.net hotjar.com *.hotjar.com *.arkeero.net *.kelkoogroup.net *.mailchimp.com *.amazonaws.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com *.kk-resources.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.stripe.com klarna.com *.klarnaevt.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.googletagmanager.com *.hspvst.com hspvst.com *.w55c.net w55c.net *.arkeero.net *.kelkoogroup.net *.mailchimp.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com 'self' 'unsafe-inline'; object-src *.hspvst.com 'self' 'unsafe-inline'; media-src *.adobe.com *.hspvst.com 'self' 'unsafe-inline'; manifest-src *.hspvst.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.cookiebot.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.hspvst.com *.adroll.com *.adsmurai.com *.googlesyndication.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.hspvst.com http: https: blob: 'self' 'unsafe-inline'; default-src *.hspvst.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.hspvst.com 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.21naturals.com *.21members.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.21naturals.com *.21members.com join.gammasecure.com; script-src 'self' *.21naturals.com *.21members.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.21naturals.com *.21members.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-g5AZTFxLwFXTynRjIRO1NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.clover.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.clover.com checkout.sandbox.dev.clover.com checkout.clover.com *.happyfoxchat.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com *.clover.com checkout.sandbox.dev.clover.com checkout.clover.com fhc-usa.com staging-aws.fhc-usa.com *.clarity.ms *.bing.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.clover.com checkout.sandbox.dev.clover.com checkout.clover.com *.clarity.ms *.happyfoxchat.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com checkout.sandbox.dev.clover.com checkout.clover.com *.clarity.ms *.happyfoxchat.com happyfoxchat.com avl.happyfoxchat.com www.google.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce--iW9KMzWHn2FOMhPF_miAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-EdwygctYw6aeynRK5vB5bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-lCapa-hye3OEdYmQYVBmwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-KPaEKDyeaWgP3_WCd6tORw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-w1RI4c3lTg-I3BItiCBSJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-sMLd3Ta_l_agXeazDEocwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.wonderpush.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.monetico-services.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.chomette.com *.criteo.com *.canva.com *.wonderpush.com *.worldline-solutions.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.iadvize.com *.hsforms.net *.hsforms.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.openstreetmap.org https://maps.googleapis.com *.disqus.com 'self' data: *.cookielaw.org/ *.matomo.cloud *.hotjar.com *.clarity.ms *.google.com *.google.fr *.google.de *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.criteo.com *.affilae.com *.bing.com *.dialoginsight.com *.mydialoginsight.com *.stripe.com *.worldline-solutions.com *.wonderpush.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.iadvize.com *.hsforms.net *.hsforms.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.disqus.com *.gstatic.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.cookielaw.org/ *.matomo.cloud *.hotjar.com *.clarity.ms *.google.fr *.google.de *.googletagmanager.com *.facebook.com *.facebook.net *.criteo.com *.affilae.com *.bing.com *.dialoginsight.com *.mydialoginsight.com *.worldline-solutions.com *.paypal.com *.wonderpush.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.monetico-services.com *.iadvize.com t.elasticsuite.io *.hsforms.net *.hsforms.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.openstreetmap.org https://maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.cookielaw.org/ *.onetrust.com/ *.matomo.cloud *.hotjar.com *.clarity.ms *.google.fr *.google.de *.googletagmanager.com *.doubleclick.net *.facebook.com *.facebook.net *.criteo.com *.affilae.com *.bing.com *.bing.net *.dialoginsight.com *.mydialoginsight.com *.worldline-solutions.com *.wonderpush.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data:; connect-src 'self' https://plausible.io *.webanalytics.italia.it *.sentry.io *.sentry-cdn.com *.opencontent.io *.opencontent.it *.opencityitalia.it *.stanzadelcittadino.it wss://stregatto.opencityitalia.it https://nominatim.openstreetmap.org https://servizi.comune.verona.it; font-src 'self' data: *.opencontent.io *.opencontent.it *.opencityitalia.it; frame-src 'self' *.youtube.com *.vimeo.com; img-src 'self' data: blob: https://flyimg.opencityitalia.it https://flyimg-qa.opencityitalia.it *.openstreetmap.org *.ytimg.com https://s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://www.googletagmanager.com *.sentry-cdn.com *.webanalytics.italia.it *.opencontent.io *.opencontent.it *.opencityitalia.it https://servizi.comune.verona.it; style-src 'self' 'unsafe-inline' https:; report-uri https://csp-collector.opencontent.it/csp?env=production&app=cms; worker-src 'self' blob: 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.demdex.net *.hubspot.com *.hsforms.com *.hsforms.net wave-utility-stage.azurewebsites.net/ wave-utility.azurewebsites.net/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: *.uber.com *.ubereats.com maps.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.linkedin.com *.salsify.com *.hubspot.com *.hsforms.com i.vimeocdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://*.customily.com https://*.amazonaws.com https://*.mapbox.com maps.googleapis.com unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.salsify.com *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.licdn.com *.usemessages.com api.ipify.org *.elfsight.com f.vimeocdn.com www.gstatic.com *.hotjar.com *.jsdelivr.net *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://*.mapbox.com *.fontawesome.com maxcdn.bootstrapcdn.com f.vimeocdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.newrelic.com *.nr-data.net *.google.com *.salsify.com *.hubspot.com *.hsforms.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: maps.googleapis.com unpkg.com *.unpkg.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.salsify.com *.linkedin.com *.hubspot.com *.hsforms.com *.hubapi.com *.hscollectedforms.net *.elfsight.com *.cloudflare.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fresnel-events.vimeocdn.com player-telemetry.vimeo.com commerce.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://cdn-app.giga.chat https://cdn-app.sberdevices.ru; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdn-app.giga.chat https://cdn-app.sberdevices.ru/ https://mc.yandex.ru; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn-app.giga.chat https://cdn-app.sberdevices.ru; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://api.eye.sbdv.ru ymetrica1.com yandexmetrica.com:30103 yandexmetrica.com:29010 https://mc.yandex.md https://mc.yandex.by https://mc.yandex.kz https://sentry-api.sberdevices.ru https://cdn-app.giga.chat https://cdn-app.sberdevices.ru https://mc.yandex.ru https://metrics.prom.third-party-app.sberdevices.ru https://yandexmetrica.com https://mc.yandex.com https://adservings.ru/Serving/adServer.bs; font-src 'self' data: https://cdn-app.giga.chat https://cdn-app.sberdevices.ru https://fonts.gstatic.com/s/comforter/v7/H4clBXOCl8nQnlaql3Qq65u9qKS-awhq.woff2; frame-src 'self' https://mc.yandex.ru https://mc.yandex.md https://kanzas.prom.app.sberdevices.ru https://developers.sber.ru; img-src 'self' data: https://favicon.yandex.net https://cdn-app.giga.chat https://cdn-app.sberdevices.ru https://mc.yandex.ru https://mc.yandex.md https://mc.yandex.com; manifest-src 'self'; media-src data: 'self' https://cdn-app.giga.chat https://cdn-app.sberdevices.ru; frame-ancestors https://developers.sber.ru; report-uri https://sentry-api.sberdevices.ru/api/164/security/?sentry_key=097d19023b1c48cfa9e9a8f0e5ca26c9; worker-src 'none' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ZOvc43bNJAJzTYuat_1qVg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.fontawesome.com static.rayher.com https://static.unzer.com https://applepay.cdn-apple.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.pinterest.com *.googletagmanager.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms *.rayher.com *.bing.com https://*.bing.net *.pinterest.com *.facebook.com https://www.google.com https://www.google.de https://lantern.roeye.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.rayher.com *.clarity.ms *.bing.com connect.facebook.net *.pinimg.com www.dwin1.com *.taboola.com https://lantern.roeyecdn.com https://matomo.rayher.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com static.rayher.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com google.com *.rayher.com *.clarity.ms https://*.googlesyndication.com *.pinterest.com *.taboola.com https://*.g.doubleclick.net *.bing.com https://*.bing.net https://*.facebook.com https://*.googleapis.com https://*.mapbox.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-lZ_-DjDMLagOhYHt68SYpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-Ysvn3AN9d1hNg4qrPSn9Pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-ljdX0mXcl-Vqu8JYUiNRdQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-WgjwMqL7lyHmofrkAqQ1LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self'; style-src 'self'; report-uri /csp-report; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-C4alsAHiesL8C3mIOk-HkA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-UG6sfcqLoIXpFx+oaag3' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-WAqd--hU9eVQc7N3pcMFMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-5l5ikw4oMHEFvKDa0JJ6Fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; connect-src https: 'unsafe-eval' 'unsafe-inline' wss://pubsubsec.usedesk.ru; script-src https: 'unsafe-eval' 'unsafe-inline' pubsubsec.usedesk.ru; style-src https: 'unsafe-inline' pubsubsec.usedesk.ru; img-src https: data:; font-src https: data:; report-uri /csp-report 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1idQOJ4hTwgCRGdmlhDSsA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nQyogP_sfB_qii8zpxZwyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 1
default-src 'self'; img-src 'self' data: https://www.datocms-assets.com https://image.mux.com https://*.usercentrics.eu https://app.usercentrics.eu https://*.myshopify.com https://cdn.shopify.com; script-src 'self' https://www.googletagmanager.com https://web.cmp.usercentrics.eu http://privacy-proxy.usercentrics.eu 'unsafe-inline' https://*.usercentrics.eu https://app.usercentrics.eu https://www.google.com https://app.cituro.com https://wtb-tag.mikmak.ai https://www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' https: data:; connect-src 'self' https://www.googletagmanager.com https://stream.mux.com http://privacy-proxy.usercentrics.eu https://privacy-proxy.usercentrics.eu https://v1.api.service.cmp.usercentrics.eu https://*.usercentrics.eu https://app.usercentrics.eu https://app.cituro.com https://www.google.com https://www.google.com/* https://ricolagroupag--devservice.sandbox.my.salesforce.com https://*.mux.com https://*.myshopify.com; frame-src https://www.googletagmanager.com https://web.cmp.usercentrics.eu https://*.usercentrics.eu https://app.usercentrics.eu https://app.cituro.com https://www.google.com https://www.google.com/* https://*.myshopify.com; media-src 'self' blob: https://stream.mux.com https://*.usercentrics.eu https://app.usercentrics.eu https://*.myshopify.com; report-uri /.netlify/functions/csp-reporting-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-RvTNgZz9XKZv1s4MeVEw-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src blob: data: https: 'self'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: data: https: 'self'; connect-src blob: data: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self'; script-src blob: 'unsafe-eval' 'unsafe-inline' 'self' https://*.adform.net/ https://*.hotjar.com/ https://*.go-mpulse.net https://*.outbrain.com/ https://*.volvo.com/ https://*.volvotrucks.com/ https://ajax.googleapis.com/ajax/libs/jquery https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://connect.facebook.net/ https://documentservices.adobe.com/ https://googleads.g.doubleclick.net/ https://unpkg.com/blip-chat-widget https://*.scene7.com/ https://script.e-space.se/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googletagmanager.com/ https://www.youtube.com/; report-to csp-endpoint; report-uri https://knxzhhty06.execute-api.eu-west-1.amazonaws.com/prod/browser-reporting/csp; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com www.034motorsport.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; frame-ancestors www.034motorsport.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca maps.gstatic.com *.calcurates.com validate.fishpig.co.uk 'self' data: * flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com www.034motorsport.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.googleapis.com *.avada.io * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com www.034motorsport.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com www.034motorsport.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.034motorsport.com http: https: blob: 'self' 'unsafe-inline'; default-src www.034motorsport.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kGDdt-Sgl-wACzL4TQFsyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com static.klaviyo.com fonts.gstatic.com *.newrelic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.newrelic.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com bat.bing.com *.newrelic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apis.google.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com js.klevu.com *.ksearchnet.com *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com fonts.googleapis.com bat.bing.com *.newrelic.com *.google.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.certcapture.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.newrelic.com *.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.nr-data.net *.newrelic.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com *.newrelic.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-3glU0bFUTNrskIJWNg-s2A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com userlike-cdn-umm.b-cdn.net *.priv.center *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com userlike-cdn-operators.userlike.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://browser.sentry-cdn.com userlike-cdn-umm.b-cdn.net *.priv.center *.truendo.com matomo.cottonclassics.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://*.ingest.sentry.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.truendo.com https://*.sentry.io matomo.cottonclassics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5158972f-f033-4936-8c48-824117bef6af.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; img-src https: http: blob: data:; style-src 'self' 'unsafe-inline' https://scripts.gmod.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scripts.gmod.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://www.google.com/js/ https://vbg-version.vbulletin.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://scripts.gmod.de https://www.google.com/recaptcha/ https://www.youtube.com; object-src 'none'; upgrade-insecure-requests; report-uri https://tunnat.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.popt.in *.amazonaws.com *.on.aws *.cloudfront.net cdnjs.cloudflare.com cdn.popt.in fonts.salesfire.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com *.addthis.com *.google.com/ *.weltpixel.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://www.magezon.com cdn.doofinder.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.popt.in *.cloudfront.net https://redchamps.com https://maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com api.feefo.com services.postcodeanywhere.co.uk cdn-ukwest.onetrust.com analytics.twitter.com www.google.co.in bat.bing.com c.bing.com c.clarity.ms lantern.roeye.com admin.hedgesdirect.co.uk register.feefo.com www.admin.hedgesdirect.co.uk octave-7902-adswizz.attribution.adswizz.com pixel.tapad.com cdn.salesfire.co.uk dev.visualwebsiteoptimizer.com stats.g.doubleclick.net image.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.google.com/ *.disqus.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.popt.in *.cloudflare.com *.jsdelivr.net *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net api.feefo.com ruler.nyltx.com willi11165.pcapredict.com register.feefo.com js-agent.newrelic.com code.jquery.com services.postcodeanywhere.co.uk hedge11123.pcapredict.com cdn-ukwest.onetrust.com cdn.popt.in eu1-config.doofinder.com analytics.nyltx.com cdnjs.cloudflare.com bat.bing.com static.ads-twitter.com www.clarity.ms cdn.requestmetrics.com cdn.mouseflow.com static.cloudflareinsights.com script.crazyegg.com s.pinimg.com cdn.salesfire.co.uk ct.pinterest.com www.best4hedging.co.uk dev.visualwebsiteoptimizer.com cdn.noibu.com app.answerai.co.uk https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://cdn.jsdelivr.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.popt.in *.cloudflare.com *.jsdelivr.net *.on.aws *.amazonaws.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com register.feefo.com services.postcodeanywhere.co.uk fonts.popt.in cdn.popt.in cdnjs.cloudflare.com tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws fonts.salesfire.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.cloudflare.com *.popt.in www.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app bam.nr-data.net api.feefo.com collect.feefo.com services.postcodeanywhere.co.uk px.ads.linkedin.com analytics.nyltx.com cdn-ukwest.onetrust.com display.popt.in geolocation.onetrust.com n.clarity.ms w.clarity.ms in.requestmetrics.com l.clarity.ms ct.pinterest.com live.smartmetrics.co.uk hit.salesfire.co.uk dev.visualwebsiteoptimizer.com ss.hedgesdirect.co.uk input.noibu.com cdn.noibu.com ss.best4hedging.co.uk wss://input.noibu.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TkV5SioV7t_GhAxB8A3qZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yCFFTYIROYqNilc_es1ZiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-OpvXAmO-gPEH9kr0q-oCmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' bcbolt-uktv.akamaized.net uktv.brightcovecdn.com *.brightcove.net; script-src 'self' 'nonce-ZTQ1NjZkMDUtODdlNC00MDc2LTkwOTYtMWIyNGZhODkzZWZl' 'sha256-PGOSsZtvDKqZ+myXb5DE395jRSa3aOFSIEbmfmin1yc=' 'sha256-f1m9UGZ2ljCQQQ1wMdfXdMrRTWacFIRtepSeAClkohI=' *.2cnt.net *.adalyser.com *.boltdns.net uktv.brightcovecdn.com *.brightcove.com *.brightcove.net cdn-ukwest.onetrust.com client.rum.us-east-1.amazonaws.com *.doubleclick.net *.fwmrm.net connect.facebook.net js.appboycdn.com *.googletagmanager.com mp.simplestream.com tag.aticdn.net tags.tiqcdn.com uktvltd.hb.omtrdc.net vjs.zencdn.net; style-src 'self' 'unsafe-inline' use.fontawesome.com; img-src 'self' data: https: *.2cnt.net *.adalyser.com *.ati-host.net *.brightcove.com uktv.brightcovecdn.com *.fwmrm.net *.doubleclick.net appboy-images.com braze-images.com c4-ads-creative-prod.s3.eu-west-1.amazonaws.com cdn-ukwest.onetrust.com cdn.braze.eu https://uktv-res.cloudinary.com uktv-static.s3.eu-west-1.amazonaws.com; font-src 'self' data: https: https://use.typekit.net appboy-images.com braze-images.com cdn.braze.eu use.fontawesome.com; connect-src 'self' *.2cnt.net *.ati-host.net bcbolt-uktv.akamaized.net uktv.brightcovecdn.com *.boltdns.net *.brightcove.com *.brightcove.net dataplane.rum.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com sts.eu-west-1.amazonaws.com *.doubleclick.net *.google.com www.googleadservices.com *.fwmrm.net *.litix.io *.mppglobal.com *.onetrust.com sdk.fra-02.braze.eu *.sentry.io *.uktvapi.co.uk *.uktv.co.uk; frame-src 'self' *.doubleclick.net; worker-src 'self' blob: https:; media-src 'self' blob: https: *.boltdns.net uktv.brightcovecdn.com; report-uri https://o59029.ingest.us.sentry.io/api/4510029393428480/security/?sentry_key=8a2537262166e290fbc1a00cd2a20fa3; report-to csp-reporting-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-fSugmTGh3NhPVygd6arGkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://error-tracking.spenderservice.net/api/15/security/?sentry_key=0db3389048bb4735b406e7e1b5b9cb38 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-uGxFx71g2-S9moxVph0l-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.kindlycdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com js.mollie.com *.hotjar.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com *.playground.kustom.co *.kustom.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.klevu.com *.ksearchnet.com https://www.mollie.com *.facebook.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com https://player.vimeo.com *.klarna.com *.klarnacdn.net x.klarnacdn.net static.lipscore.com *.klarnaservices.com js.klevu.com *.ksearchnet.com js.mollie.com *.hotjar.com *.getflowbox.com *.spinnaker-js.com *.facebook.com *.facebook.net *.kindlycdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com *.playground.kustom.co *.kustom.co youtu.be tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com tagmanager.google.com fonts.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com www.youtube.com youtu.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net wapi.lipscore.com users.lipscore.com *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com *.hotjar.com *.g.doubleclick.net *.spinnaker-js.com *.kindlycdn.com *.cookieinformation.com *.app.cookieinformation.com *.doubleclick.net *.td.doubleclick.net *.googletagmanager.com *.cevoid.com *.gallery.cevoid.com *.embed.cevoid.com *.api.cevoid.com *.granit.com *.playground.kustom.co *.kustom.co *.google-analytics.com *.analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.hsappstatic.net *.jsdelivr.net *.preply.com *.slant.co *.fonts.net *.yotpo.com *.zip.co *.zopim.com unpkg.com *.alicdn.com https://www.gstatic.com https://fonts.gstatic.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com https://*.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com 'self' data: https://*.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trackedlink.net *.afterpay.com *.bing.com *.bing.net *.clarity.ms *.facebook.com *.ggpht.com *.google.com *.pinterest.com *.prreqcroab.icu *.quantserve.com *.rlets.com *.stackadapt.com *.yotpo.com *.zip.co prreqcroab.icu www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.ca www.google.cd www.google.ch www.google.cl www.google.cm www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.tn www.google.tt zip.co *.googleapis.com *.zopim.com www.google.as www.google.bs www.google.bt www.google.by www.google.ci www.google.co.ao www.google.co.ck www.google.co.ls www.google.com.af www.google.com.bz www.google.com.ec www.google.com.gi www.google.com.ly www.google.com.mm www.google.com.ni www.google.com.pa www.google.com.py www.google.com.sl www.google.com.tj www.google.com.uy www.google.com.vc www.google.dm www.google.ga www.google.je www.google.kg www.google.kz www.google.la www.google.md www.google.mg www.google.ps www.google.sh www.google.so www.google.sr www.google.tl www.google.to www.google.vu www.google.ws *.google-analytics.com *.googleadservices.com *.magentocommerce.com *.trackedweb.net google.com www.google.bf www.google.co.mz www.google.co.vi www.google.com.cu www.google.gg www.google.gm www.google.li www.google.ml www.google.nr *.zipmoney.com.au www.google.tg *.vimeo.com *.jquery.com www.google.gl www.google.tm connect.facebook.net graph.facebook.com business.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com https://*.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bing.com *.clarity.ms *.cometlytrack.com *.fullstory.com *.newrelic.com *.pinimg.com *.pinterest.com *.quantcount.com *.quantserve.com *.rlets.com *.stackadapt.com *.yotpo.com *.zdassets.com *.zip.co *.zipmoney.com.au *.zopim.com localhost unpkg.com *.google.com *.googleapis.com googletagmanager.com savingsslider-a.akamaihd.net eckersleys.snapforms.com.au *.googleadservices.com *.instagram.com *.vimeo.com d18eg7dreypte5.cloudfront.net connect.facebook.net graph.facebook.com business.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.stackadapt.com *.fonts.net *.yotpo.com https://fonts.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com www.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.bing.com *.bing.net *.clarity.ms *.cometlytrack.com *.fullstory.com *.localiq.com *.nr-data.net *.openfpcdn.io *.pinterest.com *.quantcount.com *.rlets.com *.stackadapt.com *.zdassets.com *.zendesk.com *.zip.co *.zipmoney.com.au *.zopim.com wss://widget-mediator.zopim.com localhost www.google.ae www.google.al www.google.am www.google.at www.google.be www.google.bg www.google.bj www.google.ca www.google.cd www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.do www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.lk www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.tt *.facebook.com savingsslider-a.akamaihd.net www.google.ad www.google.as www.google.az www.google.ba www.google.bt www.google.by www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.ls www.google.co.ug www.google.com.bn www.google.com.co www.google.com.cy www.google.com.ec www.google.com.et www.google.com.gi www.google.com.kh www.google.com.ly www.google.com.mm www.google.com.ni www.google.com.pa www.google.com.pr www.google.com.py www.google.com.sl www.google.com.sv www.google.com.uy www.google.dm www.google.ee www.google.gy www.google.jo www.google.kz www.google.la www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.ps www.google.rw www.google.sk www.google.sn www.google.sr www.google.tl www.google.tn www.google.to www.google.vu www.google.ws *.googleadservices.com *.prreqcroab.icu *.quantserve.com prreqcroab.icu www.google.cm www.google.co.uz www.google.co.vi www.google.com.bo www.google.com.cu www.google.gg www.google.gm www.google.kg www.google.ml www.google.nr zip.co www.google.com.bz www.google.sh www.google.tg www.google.je *.jquery.com connect.facebook.net graph.facebook.com business.facebook.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.zip.co *.clarity.ms *.stackadapt.com 'self' 'unsafe-inline'; report-uri https://463a2327-4119-4a41-98e3-32586d517d30.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-sn-DoT8FiIcoq4viCPT-MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-bsWY0Iqx38vLXMJS8-6ZNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-x8e2ExnEgfh5_hSC-okHrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-TcI3Jn3Qdd8-BCUN5imFwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' https://mc.yandex.ru https://www.googletagmanager.com https://api-maps.yandex.ru/ https://yastatic.net https://core-renderer-tiles.maps.yandex.net data:;report-uri https://planetarf.ru/debug/csp/csp.php; img-src 'self' data: maps.yandex.net https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://yandex.ru/clck/counter* https://*; connect-src 'self' https://mc.yandex.ru https://bestcon.planetarf.ru https://planetarf.ru https://www.google-analytics.com https://api-maps.yandex.ru https://taxi-routeinfo.taxi.yandex.net; child-src blob: https://mc.yandex.ru; frame-src blob: https://mc.yandex.ru https://planetarf.ru; style-src 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.dotdigital-pages.com *.dotdigital.com *.mention-me.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.trackedlink.net magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' ads.travelaudience.com adservice.google.com adservice.google.com.au cfjump.auntbetty.com ep2.adtrafficquality.google googleads.g.doubleclick.net pagead2.googlesyndication.com partner.googleadservices.com sslwidget.criteo.com static.criteo.net t.cfjump.com tpc.googlesyndication.com www.googleadservices.com analytics.skyscanner.net bat.bing.com cdn.inspectlet.com connect.facebook.net script.hotjar.com static.hotjar.com www.google-analytics.com www.googletagmanager.com www.googletagservices.com scripts.clarity.ms www.clarity.ms e.fomo.com geocode.usefomo.com load.fomo.com checkoutshopper-live-au.adyen.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com flex.cybersource.com pay.google.com testflex.cybersource.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com 0eafstag.cardinalcommerce.com assets.loginwithamazon.com cdn.cookielaw.org gordian-static.herokuapp.com sdk.gordiansoftware.com testbws.amadeus.com widget.trustpilot.com ajax.cloudflare.com az416426.vo.msecnd.net maps.googleapis.com static.cloudflareinsights.com use.fontawesome.com www.google.com www.gstatic.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8XY8L5VRyHaqOR5hEnFnyeduvg1MghF_ktSl0sWBHuo-1773716520.8547406-1.0.1.1-k6h171UQKHq.A0T5FrqDteG1WrbUnVigTMLYFyFhFdfz2k3lL753S7d5I_4mZoFw0_soOEo4iTgjBW_03I8fQ7a8jfYx2lDRh_wiU5lzs1UbE3UcBPA1u5Sqfae6sYj9P6Mha63aDTYDLwTge8NsWIZgEbsUHornadyAvapSbkNofTuF1BJrfN2JN1B7XrSuWlAPG_Rt0n1BcAuqdLSuZA; report-to cf-kfagrydlkgrhniuk 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.ddlnk.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com https://www.magezon.com *.klarna.com *.sargarme.com *.awd-it.co.uk *.google.com *.google.co.uk *.facebook.com *.dycdn.net *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.klarna.com *.klarnaservices.com *.webgains.io instant.page webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com *.klarnacdn.net x.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com https://www.awd-it.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.klarnacdn.net webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net https://static.klaviyo.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaservices.com *.doubleclick.net *.smartmetrics.co.uk webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e123f666-3955-4cf2-a104-3830ab3a94ec.sansec.watch/; report-to report-endpoint; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-AbEKp08nOyqBa3RZplVGww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-8w1g0rWlXI6_QOWcBjLeTQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-a04ic93OckzwKZc-TfeGcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' translate.googleapis.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com myccpay.com *.myccpay.com paynearme.com *.paynearme.com; default-src 'self'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://use.typekit.net https://croissant-services-data-public-assets-us-east-2-production.s3.us-east-2.amazonaws.com gstatic.com *.gstatic.com; form-action 'self' https://translate.googleapis.com https://www.creditviewdashboard.com https://creditviewsv-test.ctf.tuint.com; frame-src 'self' https://www.paynearme-sandbox.com https://www.paynearme.com; img-src 'self' data: https://analytics.twitter.com https://bat.bing.com https://sp.analytics.yahoo.com https://t.co https://images.totalcardinc.com https://images.staging.totalcardinc.com https://images.dev.totalcardinc.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://translate.google.com https://fonts.gstatic.com https://api.fillr.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com myccpay.com *.myccpay.com paynearme.com *.paynearme.com pure.cloud *.pure.cloud secured-pixel.com *.secured-pixel.com totalcardinc.com *.totalcardinc.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.paynearme-sandbox.com https://www.paynearme.com https://fonts.googleapis.com 'sha256-7VXlcg/uSZugHSa6UtIG2/44ju460LiO4M0CyQfraX8='; worker-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=laESaXMG8wthMSx1xFh72xE9OVMPPo9nJc5IOKGP.c4-1773719321.2946818-1.0.1.1-7JkHzRAYoMeTnK0IGcsMF7tzo.FyQI8Uly6GsqTI9r_EeLs.6zTeSjehb5swHaNSHjEShXb2oiScU1ozmbei_9XojQWVQbAobUPogW2e0_Qx__dh7Iyo0B7nh4UvTOcVvF6L3LbpnVhpIdxbbdGIEHZGp131JFQ3GIxtzQDCazBafIZiXIsvuXC4S527MTlI; report-to cf-kycrddhyomgptcpy 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://tubededentifrice.com https://pagead2.googlesyndication.com https://partner.googleadservices.com; frame-src 'self' https://www.facebook.com https://partner.googleadservices.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com; font-src 'self' data:; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com *.staticflickr.com nominatim.openstreetmap.org matomo1.telmedia.fr; style-src 'unsafe-inline' *.pasdecalais.fr; img-src 'self' data: map.telmedia.fr; frame-src *.youtube.com *.youtube.fr; report-uri /report-csp-violation 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.magmodules.eu *.squeezely.tech data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://static.dhlecommerce.nl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-chSlOaXABGZqNxsZxIB56A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://87503b26d4ffaacb536687865166eb4e.report-uri.com/r/t/csp/wizard 1
font-src *.fontawesome.com edwineurope.app.baqend.com *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.weltpixel.com consentcdn.cookiebot.com ct.pinterest.com www.googletagmanager.com td.doubleclick.net www.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com bat.bing.com ct.pinterest.com www.google.co.ma cdn.edwin-europe.com www.google.de imgsct.cookiebot.com www.xtento.com cdn.xtento.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com edwineurope.app.baqend.com consent.cookiebot.com bat.bing.com cdn.scarabresearch.com script.hotjar.com static.hotjar.com s.pinimg.com a.opumo.net consentcdn.cookiebot.com ct.pinterest.com analytics.tiktok.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com blob: tagmanager.google.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com mcprod.edwin-europe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.nlservice.edwin-europe.com:8443/subscribe edwineurope.app.baqend.com ipapi.co a.opumo.net ct.pinterest.com consentcdn.cookiebot.com stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com recommender.scarabresearch.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-jVyYtPQClFAYapnoElG8og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.fontawesome.com *.cloudflare.com ct.pinterest.com *.googleapis.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com s.pinimg.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net sdk.privacy-center.org https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.facebook.com *.gstatic.com maxcdn.bootstrapcdn.com *.payline.com *.cdn.payline.com *.twitter.com *.wlp-acs.com *.cic.fr *.monext.fr *.banque-accord.fr *.bpce.fr *.lcl.fr *.creditmutuel.fr *.bnpparibas.com *.e-cartebleue.com *.cardinalcommerce.com *.visa.com *.modirum.com sdk.privacy-center.org 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com maxcdn.bootstrapcdn.com *.payline.com *.cdn.payline.com *.twitter.com https://td.doubleclick.net *.criteo.com *.wlp-acs.com *.cic.fr *.monext.fr *.banque-accord.fr *.bpce.fr *.lcl.fr *.creditmutuel.fr *.bnpparibas.com *.e-cartebleue.com *.cardinalcommerce.com *.visa.com *.modirum.com sdk.privacy-center.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org https://maps.googleapis.com ct.pinterest.com *.cloudflare.com cdn.cookielaw.org *.google-analytics.com *.googleadservices.com *.google.com *.google.fr *.googletagmanager.com *.klarna.com *.lightemporium.com *.linkedin.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.paypal.com *.pinimg.com *.pinterest.com s.pinimg.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.facebook.com maps.googleapis.com maps.gstatic.com *.google.es sdk.privacy-center.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com cdn.cookielaw.org ct.pinterest.com *.doubleclick.net *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com snap.licdn.com s.pinimg.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu https://bam.eu01.nr-data.net *.googleoptimize.com *.criteo.com *.actito.com *.aticdn.net https://2453.userly.net naturalia.local *.abtasty.com maps.googleapis.com sdk.privacy-center.org https://cdnjs.cloudflare.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com rct-livechat.alc-crm.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.payline.com *.cdn.payline.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.openstreetmap.org https://maps.googleapis.com *.cloudflare.com cdn.cookielaw.org ct.pinterest.com *.doubleclick.net livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.paypal.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com s.pinimg.com *.twimg.com *.twitter.com https://bam.eu01.nr-data.net *.onetrust.com https://cdn.linkedin.oribi.io *.criteo.com https://region1.analytics.google.com *.xiti.com https://naturalia.local maps.googleapis.com *.google.com *.abtasty.com *.linkedin.com *.facebook.com sdk.privacy-center.org *.reach5.co *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com *.nhslothian.scot *.nhslothian.scot.nhs.uk secure.worldpay.com www.dermatology.nhs.scot noop.style; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
default-src 'self'; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; img-src 'self' https: data:; script-src 'self' https:; style-src 'self' https:; font-src 'self' https: data:; connect-src 'self' https:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com; connect-src 'self' *.gyandhan.com wss: http://localhost:3000 http://localhost:3001 fonts.googleapis.com cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; font-src 'self'  https: data:; frame-src 'self'  *.gyandhan.com blob: *.amazonaws.com http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; img-src 'self'  *.amazonaws.com data: https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; media-src 'self'  *.gyandhan.com blob: *.amazonaws.com http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; object-src *.gyandhan.com *.amazonaws.com http://localhost:3000 http://localhost:3001 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; script-src 'self'  'unsafe-inline' 'unsafe-eval' https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; style-src 'self'  'unsafe-inline' https: http://localhost:3000 cdn.ckeditor.com d1i7580riw15wg.cloudfront.net *.clarity.ms connect.facebook.net *.gdinternal.com fonts.googleapis.com static.addtoany.com *.digio.in *.razorpay.com *.avanse.com *.signzy.tech *.karza.in *.recaptcha.net code.jquery.com cdnjs.cloudflare.com cke4.ckeditor.com *.gyandhan.com *.youtube-nocookie.com *.gyandhan.localhost px.ads.linkedin.com stats.addtoany.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com *.youtube.com; report-uri /csp_reports?report_only=true 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/k_rcv; 1
default-src 'self' 'unsafe-inline' https: *.google.com *.gstatic.com *.youtube-nocookie.com *.livechatinc.com; 1
img-src *.force.com slack-imgs-mil-dev.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://payments.salesforce.com/icons/ https://www.facebook.com https://cdn.cookielaw.org https://login.salesforce.com/icons/ https://*.springcm.com *.adnxs.com https://alpixtrack.com https://www.gstatic.com *.slack-edge-gov.com https://deltadentalwiblog.com *.my-salesforce.com https://cti-client.talkdeskapp.com *.cloudinary.com https://pixel.advertising.com blob: https://insight.adsrvr.org slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://ssl.gstatic.com *.twimg.com *.google.com https://deltadentalwi.my.site.com https://usa376.sfdc-yfeipo.salesforce.com/icons/ https://s.yimg.com https://*.docusign.net https://api.mixpanel.com https://www.googleadservices.com *.slack.com https://www.paypal.com https://*.mytalkdesk.com *.slack-imgs.com slack-imgs-gov.com https://deltadentalwi.file.force.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://assets.ceros.com *.salesforce-experience.com https://deltadentalwi.my.salesforce.com https://*.clm.docusign.mil https://simage2.pubmatic.com *.doubleclick.net https://maps.a.forceusercontent.com slack-imgs-gov-dev.com *.slack-edge.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ *.krxd.net https://*.docusign.com https://connect.facebook.net slack-mil-dev.com *.onetrust.com https://www.gstatic.com/recaptcha/ https://tags.tiqcdn.com https://pixel.rubiconproject.com https://www.google.com/recaptcha/ https://bat.bing.com *.slack-edge.mil https://www.sandbox.paypal.com https://sp.analytics.yahoo.com https://*.clmfed.docusign.com https://i.vimeocdn.com https://aa.agkn.com https://www.googletagmanager.com https://www.google-analytics.com https://pixel.sitescout.com *.salesforce.com https://*.adyen.com slack-imgs.mil data:; report-to sfdc-csp-ep; report-uri https://deltadentalwi.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DA0000000IEY9&networkId=0DM0H000000Cie4&type=communities 1
font-src cash-f.squarecdn.com fonts.googleapis.com fonts.gstatic.com zenloop-assets.s3.eu-west-1.amazonaws.com assets.zenloop.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.zenaps.com *.fls.doubleclick.net amc.demdex.net *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net *.cleverpush.com *.justspices.de *.justspices.es *.justspices.co.uk *.sovendus.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com maps.gstatic.com *.googletagmanager.com *.trustedshops.com *.facebook.com *.justspices.de *.justspices.es *.justspices.co.uk *.justspices.com *.criteo.com a.twiago.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net ads.stickyadstv.com cdn.stickyadstv.com cm.adform.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv exchange.mediavine.com i.liadm.com ih.adscale.de cotads.adscale.de match.sharethrough.com matching.ivitrack.com pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com s.ad.smaato.net secure.adnxs.com ib.adnxs.com visitor.omnitagjs.com x.bidswitch.net *.analytics.yahoo.com ads.yahoo.com *.doubleclick.net eb2.3lift.com r.casalemedia.com rtb-csync.smartadserver.com simage2.pubmatic.com sync.outbrain.com *.bing.com *.clarity.ms i.geistm.com *.taboola.com *.google.com *.google.de d3k81ch9hvuctc.cloudfront.net www.awin1.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com www.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com s7.addthis.com *.google.com cdnjs.cloudflare.com	 *.googletagmanager.com *.googleadservices.com *.hotjar.com *.trustedshops.com *.facebook.net *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.criteo.net *.criteo.com *.datatables.net *.shopgate.com *.bing.com cdn.cookielaw.org *.onetrust.com *.pinterest.com s.pinimg.com analytics.tiktok.com *.clarity.ms static.cleverpush.com *.taboola.com www.dwin1.com ssl.geoplugin.net sleeknotecustomerscripts.sleeknote.com static.spott.ai *.sovendus.com the.sciencebehindecommerce.com zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com *.fullstory.com *.justspices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.googleapis.com *.trustpilot.com cdn.jsdelivr.net *.klaviyo.com *.adyen.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.facebook.com *.justspices.de *.justspices.es *.justspices.co.uk *.justspices.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ maps.googleapis.com maps.gstatic.com *.hotjar.com *.hotjar.io *.zendesk.com *.clarity.ms bat.bing.com cdn.cookielaw.org *.noibu.com wss://input.noibu.com justspices-privacy.my.onetrust.com *.onetrust.com *.criteo.com stats.g.doubleclick.net *.taboola.com *.facebook.com static-forms.klaviyo.com *.cleverpush.com *.sovendus.com *.trustpilot.com *.trustedshops.com *.zenloop.com zenloop-website-overlay-production.s3.amazonaws.com *.sciencebehindecommerce.com trustbadge.api.etrusted.com	 *.fullstory.com *.justspices.de *.google-analytics.com *.pinterest.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1FKdkz81H8RXIWnyxPTYmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.bounceexchange.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net *.nosto.com *.nos.to www.xtento.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.cookiebot.com *.rakuten.com *.linksynergy.com *.xg4ken.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net sandbox-assets.secure.checkout.visa.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.salesforce.com api.smooch.io *.online-metrix.net *.fbot.me *.rakuten.com *.linksynergy.com *.xg4ken.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.nosto.com *.nos.to *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.nosto.com *.nos.to *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com cdn.noibu.com www.google.com *.analytics.google.com *.salesforce.com *.fbot.me https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://fr.tuto.com/a_reportcsp/log 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://cdn.jsdelivr.net https://connect.facebook.net https://dntfctn.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.synaxon.com https://stackpath.bootstrapcdn.com https://*.gstatic.com https://*.adform.net https://*.google.com https://www.youtube.com https://*.googlesyndication.com https://*.twitter.com https://pixel.mathtag.com https://widget.tabnav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com https://stackpath.bootstrapcdn.com; img-src 'self' data: 'self' data: https: https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://*.gstatic.com https://px.ads.linkedin.com https://www.facebook.com https://*.google.com https://www.google.de https://www.googletagmanager.com; font-src 'self' data: https://*.gstatic.com https://static2.sharepointonline.com https://*.wp.com; connect-src 'self' https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://px.ads.linkedin.com https://region1.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.clarity.ms https://analytics.synaxon.com https://web-api.synaxon.de https://www.facebook.com https://www.google-analytics.com https://region1.analytics.google.com https://*.adform.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.hotjar.io wss://*.hotjar.com https://analytics.google.com https://*.googlesyndication.com https://widget-config.tabnav.com; media-src 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; report-uri /csp-report-endpoint; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; script-src-attr 'self'; style-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src-attr 'self'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
style-src-elem fonts.googleapis.com tags.srv.stackadapt.com *.dibspayment.eu 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com static.klaviyo.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.ingrid.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.mczbf.com *.emjcd.com *.klarna.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.disqus.com https://firebasestorage.googleapis.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://cdn-int.safecharge.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://secure.safecharge.com/ *.googleapis.com *.googleusercontent.com cdn.cookielaw.org *.adzerk.net bat.bing.net s.zkcdn.net ad.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.disqus.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com  https://magento.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://cdn-int.safecharge.com https://play.google.com cdn.cookielaw.org *.googleapis.com *.gstatic.com widget.trustpilot.com static.fbot.me campaign.fbot.me tags.srv.stackadapt.com acsbapp.com bat.bing.com www.clarity.ms scripts.clarity.ms unpkg.com *.ingrid.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mczbf.com *.emjcd.com *.klarna.com *.klarnaevt.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com  https://fonts.googleapis.com assets.braintreegateway.com *.dibspayment.eu https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net  https://sdkmon.safecharge.com https://ppp-test.safecharge.com https://ppp-test.nuvei.com https://secure.safecharge.com https://play.google.com cdn.cookielaw.org *.onetrust.com *.googleapis.com *.gstatic.com cdn.acsbapp.com tags.srv.stackadapt.com bat.bing.net l.clarity.ms eu-tracks.trackingplan.com *.ingrid.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.mczbf.com *.emjcd.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rXrETspRSVU3ti4WVXccYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.seosuite.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src www.googletagmanager.com https://connect.bolt.com https://*.bolt.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.twitter.com *.addthis.com *.facebook.com *.mixkit.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; base-uri headlightdepo.com headlightsdepot.com headlamprestoration.com www.discountpartsmonster.com www.google.com parts.americantoyota.com 'self' 'unsafe-inline'; media-src www.bing.com prod-streaming-video-msn-com.akamaized.net ssl.gstatic.com s-static.innovid.com m.media-amazon.com service.rvchat.com dict-dn.pstatic.net fonts.ninja app.guidemaker.com *.adobe.com 'self' 'unsafe-inline'; font-src code.ionicframework.com cdn.honey.io cdn.ivaws.com www.slant.co static.zip.co duckduckgo.com at.alicdn.com t-azmaps.azurelbs.com static3.avast.com puhuiti.oss-cn-hangzhou.aliyuncs.com www.tacomaworld.com www.headlightsdepot.com use.typekit.net simplycodes.com svcs.tql.com 35312385-2e8b-4f12-9f6d-051b45cbddbe de6ae568-06cd-4ef3-bd2f-95324c25c108 ee072aac-1d74-4dde-8f52-366c475f83b6 croissant-services-data-public-assets-us-east-2-production.s3.us-east-2.amazonaws.com images.simplycodes.com themes.googleusercontent.com cdn.scite.ai de1f9189-80b0-4de9-8f24-bbed06fd3bc2 sc-static.net fonts.cdnfonts.com 5b958cef-f97f-4d45-9869-523cf430a43f maxcdn.bootstrapcdn.com cdnjs.cloudflare.com account.affilitizer.com aceify.ai cdn.megabonus.com cdn.ziplyne.com static.hsappstatic.net fonts.gstatic.com migaku-public-data.migaku.com 9edcdc02-2a60-4848-b69c-3914d7e5dc96 f2d7cc05-a340-44a3-b759-3d4f7e835101 6e7f3874-5f08-4aa9-b470-d75f72b7282e cdn.jsdelivr.net c4927bf1-3ae6-4126-9a55-faaf7e3ce4d1 jcmcbmdmfmelmlelagelpfhmohipjjia static.preply.com assets.alicdn.com 2f2ac7e5-6cf1-4510-b3ed-13304c356efb ef1d9e3d-150b-4a00-a3b5-199e09a7a1b0 c8b67a02-2485-4a85-898f-7e6b178bc8d2 static.zohocdn.com unpkg.com cdn-uicons.flaticon.com res-1.cdn.office.net stylesheets.pixiebrix.com fonts.bunny.net r2cdn.perplexity.ai b3e26938-323d-431c-b510-27c82cbe4ca1 261d6510-f003-4e76-a1ff-777a00d81807 837e3089-a6c6-4737-b46a-50910e946806 96380900-aaf2-46f5-abb3-a45fe8bdc86b 3f2fe2db-34e8-488c-90b6-1c1afc92f97e 88e25ded-aa73-4463-b8e6-219f2cd442e4 7765fe7f-eb32-4f97-b671-09c78e68992e stwleprodwus.blob.core.windows.net static.shopback.com 8192f8ea-aade-4abd-8c2b-4a221da7aa45 a1ddf9dd-bd09-4a32-b960-82eccbe9631d *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; style-src www.gstatic.com code.ionicframework.com cdn.honey.io app.certcapture.com maxcdn.bootstrapcdn.com pwm-image.trendmicro.com www.headlightsdepot.com fonts.googleapis.com static-tracking.klaviyo.com markups.kdanmobile.com l-sou.com js-c.etc4.com www.6ppn.com ext.dianxiaobao.net decision.etc4.com tool-bcg.bwe.io www.l-sou.com pwm-image.trendmicro.jp https://connect.bolt.com https://*.bolt.com https://src.mastercard.com *.aexp-static.com *.assets.mastercard.com *.visa.com *.bc.earlywarning.com bc.earlywarning.com *.discover.com *.discover-src.com *.discovercard.com *.googleapis.com *.mastercard.com *.bolt.com *.earlywarning.com a7.mylivechat.com *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com https://static.klaviyo.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com assets.braintreegateway.com 'self' 'unsafe-inline'; frame-ancestors www.headlightsdepot.com 'self'; object-src connect.bolt.com headlightsdepot.quiq-api.com www.google.com www.youtube.com accounts.google.com gateway.zscaler.net challenges.cloudflare.com noop.style ckr01.leb.k12.in.us static.quiq-cdn.com order.buywithprime.amazon.com dupe.com refid-43baf178-9e2f-4f17-bd51-552fc8d68e83.24c72b3988728ff6c9d6353367592355.resolve-id.block.wandera.com 'self' 'unsafe-inline'; connect-src bam.nr-data.net w.clarity.ms cdn.noibu.com input.noibu.com stats.g.doubleclick.net headlightsdepot.quiq-api.com rum-collector-2.pingdom.net bat.bing.com q.clarity.ms r.clarity.ms x.clarity.ms u.clarity.ms www.google.es t.clarity.ms o.clarity.ms p.clarity.ms s.clarity.ms m.clarity.ms e.clarity.ms j.clarity.ms notify.bugsnag.com z.clarity.ms v.clarity.ms h.clarity.ms www.facebook.com d.clarity.ms y.clarity.ms f.clarity.ms www.clarity.ms b.clarity.ms a.clarity.ms www.google.fr i.clarity.ms k.clarity.ms www.google.ca www.google.com.pr n.clarity.ms www.google.co.ke adservice.google.com www.google.co.nz www.google.ae www.google.co.uk www.google.nl www.google.co.jp www.google.com.pe clientstream.launchdarkly.com www.google.gr www.google.si www.google.com.tr www.google.ru www.google.com.ua cdn.acsbapp.com www.google.bs www.google.com.ag servail.com app.certcapture.com www.google.com.mx translate.googleapis.com api.killadsapi.com api.global-data-lab.com www.google.com.do www.google.com.au www.google.com.tw www.google.jo www.google.com.sa www.google.co.za www.google.co.in www.google.co.ve www.google.com.jm www.google.com.ec get663.com www.google.hr www.google.com.bh w88p9x.com api.datacloudstat.com overbridgenet.com www.google.co.th ad.doubleclick.net www.google.com.br www.google.ch www.google.com.gt www.google.co.cr www.google.hn www.google.cz www.google.sr www.google.co.il www.google.pt www.google.com.ph www.google.co.id www.google.bg www.google.com.sv www.google.lt www.google.ge www.google.tt subwayblaze.com www.google.com.gh sessions.bugsnag.com www.google.com.my www.google.cl www.google.rs www.google.kz www.google.am www.google.de www.google.com.pk www.google.md www.google.dm www.google.fi www.google.com.ng www.google.sn www.google.com.hk www.google.com.ly www.google.com.na www.google.it www.google.vu www.google.tm www.google.al logs.convertexperiments.com 10046935.metrics.convertexperiments.com www.google.ht www.google.kg www.google.no www.google.ie www.google.iq www.google.ro www.google.com.co api.amcreativemedia.com www.google.com.om d1lkfzu2puirk6.cloudfront.net translate-pa.googleapis.com www.google.com.ar www.google.com.lb www.google.com.pa www.google.com.kw www.google.lk www.google.co.kr www.google.com.ni fcgt742.com www.google.lv www.google.co.vi www.google.com.eg www.google.at www.google.com.mt www.google.com.qa www.headlightsdepot.com api.privacy-protector-adblocker.com api.mkmediaworks.com www.google.dz www.google.co.ao www.google.mg www.google.hu www.google.com.bo www.google.com.cy yandex.ru retcode-us-west-1.arms.aliyuncs.com www.google.pl www.google.az api.highdataanalytics.com api.awesomeblocker.com www.google.ee www.google.com.bz www.google.mu wedata.net www.google.co.mz www.google.sk www.i-shunxi.com sourcemaps.quiq.sh www.google.gy www.google.co.ug www.google.me src.mastercard.com secure.checkout.visa.com srcdcf.americanexpress.com content.discovercard.com h.online-metrix.net thm.visa.com www.google.com.sg ecmacore.com www.google.cm www.google.com.et www.google.mn www.google.com.mm g.clarity.ms l.clarity.ms api.fbanalytics.org api.video-adblock.com 127.0.0.1 acsbap.com accesswidget-log-receiver.acsbapp.com new229.com api.socialsolutionapp.com api.global-analytic.com www.google.be www.google.dk o19233.ingest.sentry.io www.google.mk www.google.is api.solarspireconsulting.com www.google.com.kh fonts.googleapis.com maxcdn.bootstrapcdn.com www.google.co.tz api.redirects-4.com gjtrack.ucweb.com www.google.se adtonus.com code.jquery.com rktds.net www.google.by www.google.as www.google.com.fj www.google.co.uz www.google.rw api.ciuvo.com www.bing.com www.google.so everyview.info topodat.info api.software-downloading.com www.google.cd www.google.com.bd api.solaranalyticscorp.com n.emojikeyboardforchrome.com analytics.google.com api.ultimateaderaser.com d3k81ch9hvuctc.cloudfront.net www.google.com.vn www.google.co.ma sbgse.com a.emojikeyboardforchrome.com www.google.ba n.sdmextension.com a.sdmextension.com api-js.datadome.co api.crystal-blocker.com publickeyservice.keys.adm-services.goog api.adblock360.net www.google.com.np readaloud.googleapis.com s3.ap-east-1.amazonaws.com s.pagerefresh-extension.com n.pagerefresh-extension.com upload.wikimedia.org www.google.com www.google.tn api.browsekeeper.com n.wistiaextension.com www.google.com.py sentry.goquiq.com n.noadsadblocker.com t.noadsadblocker.com live.noibu.com apis.google.com resource-proxy.noibu.com s.wistiaextension.com www.google-analytics.com api.rainbowblocker.com update.adblock360.org www.google.tg www.google.com.pg localhost l-sou.com www.google.gm www.google.bj c.colorchanger.net a.colorchanger.net api.vid-adblocker.com cr-input.mxpnl.net www.google.com.bn www.google.sh connect.facebook.net i.abfc-extension.com n.abfc-extension.com www.google.lu www.google.com.af www.google.bt www.google.co.zm infragrid.v.network www.google.ci bat.bing.net www.google.com.uy utq.vvipquan.com hm.baidu.com api.daily-guard.net api.adsfight.com www.google.co.zw s.blipshotextension.com api.earthyandenergy.com cdnmma.global-cache.online tl.ytlogs.ru d2rol5dpdbtxxu.cloudfront.net www.google.ps o622089.ingest.us.sentry.io www.google.co.bw api.freevideoguard.org api.nimblecapture.com r.nimblecapture.com www.google.mw search.standartanalog.com www.google.com.sl www.google.ws sbfse.com cap.nimblecapture.com o0rmue7xt0.execute-api.il-central-1.amazonaws.com api.blocksly.org polyfilljs.org www.google.cv api.aituria.com api.range-offer.com api.extremesecurityadblocker.com www.google.ne m.abu-xt.com prod-website-gateway.fetch.com ext.dianxiaobao.net decision.etc4.com 2ndstllc.com api.tokenmint.global fiendgamers.com api.adblockertool.com api.ginger-analytics.com www.6ppn.com at.alicdn.com www.google.ga www.google.bf www.google.mv www.google.com.tj d1r22q6sxlmkhx.cloudfront.net savingsslider-a.akamaihd.net stickyid-a.akamaihd.net ajax.googleapis.com www.google.com.vc search.firstmacs.com www.google.li www.google.co.ls www.google.ml n8.devzen.site www.google.je www.google.gg n.soundenhancementextension.com fast.a.klaviyo.com static-forms.klaviyo.com www.babylist.com www.google.dj www.google.fm headlightsdepot.com skincareadvertsking.com www.google.la metrics-dra.dt.dbankcloud.cn www.gstatic.com connect.bolt.com oob.script.ac backend.acsbapp.com px.wpk.quark.cn www.google.gl mon.tiktokv.com js-c.etc4.com www.googleadservices.com https://connect.bolt.com https://*.bolt.com https://src.mastercard.com https://src.apis.discover.com local.adblock360.com google.com rum.browser-intake-us5-datadoghq.com fonts.gstatic.com 10.135.209.243 browser-intake-datadoghq.com search.eportalmobile.com singleview.site sevendata.fun cdnmmh.global-cache.online service.gstatic-cache.com www.google.sc adban.net cdn.shopimgs.com digital-cloak.net www.google.tl report.clarity.ms effectssdk.ai error-analytics-sessions-production.shopifysvc.com nip.sinaydove.com www.google.bi uc.gre scripts.clarity.ms static.quiq-cdn.com static.cloudflareinsights.com ep1.adtrafficquality.google cdn.segment.com api.segment.io core-api.thebump.com secdomcheck.online www.google.cg events.binsiad.com dd.binsiad.com www.google.com.cu rum-static.pingdom.net api.disqometer.com nenlahapcbofgnanklpelkaejcehkggg emalgedpdlghbkikiaeocoblajamonoh bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi m.ctrip.com tessdata.projectnaptha.com log.finansavisen.no googleads.g.doubleclick.net headlightsdepo.com api.onsleek.ai publicsuffix.org www.google.com.gi sentry-uit.line-apps.com safesearchinc.com fivestat.com api.coralanalytic.com tausearch.com statsdata.online dpm.demdex.net amcglobal.sc.omtrdc.net www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com *.google.com *.braintreegateway.com *.braintree-api.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.g.doubleclick.net *.addthis.com *.pinterest.com blob: https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; script-src cdn.noibu.com www.clarity.ms js-agent.newrelic.com ajax.cloudflare.com bat.bing.com static.cloudflareinsights.com connect.facebook.net rum-static.pingdom.net headlightsdepot.quiq-api.com static.quiq-cdn.com tracking.godatafeed.com www.googletagmanager.com www.headlightsdepot.com connect.bolt.com acsbap.com app.certcapture.com googleads.g.doubleclick.net apis.google.com get663.com infimv.com www.google-analytics.com conoret.com cdn-4.convertexperiments.com no-cdn.convertexperiments.com app.convert.com foodin.site www.google.com static01.tobeecloud.com sc-static.net exhabigou.com www.facebook.net trk.dolbanews.com px.srvcdn.net static.klaviyo.com toolsmagick.com hublosk.com jullyambery.net autroliner.com bootstrap.prod.scoville.dubai.aws.dev z7yj.82omyo.com 3001.scriptcdn.net translate.googleapis.com translate-pa.googleapis.com vacceedpasian.com lottingem.com infirc.com emojikeyboardforchrome.com tracksmall.com rialto-gms.s3.amazonaws.com www.googleadservices.com sdmextension.com noadsadblocker.com themesforytextension.com pagerefresh-extension.com wistiaextension.com appassets.androidplatform.net localhost in.masterquizzes.com l-sou.com colorchanger.net abfc-extension.com www.gstatic.com infird.com utq.vvipquan.com blipshotextension.com mainf.global-cache.online api.nimblecapture.com s3.amazonaws.com ritrag.com abu-xt.com crossydashcom-a.akamaihd.net ext.dianxiaobao.net fiendgamers.com js-c.etc4.com www.6ppn.com mstat.acestream.net decision.etc4.com blobby-boi.github.io js.userflow.com preach645.cloud cdn.optitc.com acsbapp.com search.firstmacs.com secured-pixel.com soundenhancementextension.com cdn.segment.com static-tracking.klaviyo.com lf26-cdn-tos.bytecdntp.com t7a.g4ui.com d3rhd9mxub2k80.cloudfront.net retagro.com images.uc.cn g.alicdn.com edge.eu1.fullstory.com https://connect.bolt.com https://*.bolt.com https://src.mastercard.com sofz9.82omyo.com 10.135.209.243 i7sqe0.82omyo.com s.skimresources.com scripts.clarity.ms www.l-sou.com cdn.mathjax.org embed.tawk.to cdn.mxpnl.com pagead2.googlesyndication.com ep2.adtrafficquality.google sb.scorecardresearch.com static.clmbtech.com static.ads-twitter.com static.chartbeat.com my.hellobar.com survey.survicate.com cdn.parsely.com cdn.cookielaw.org static.hotjar.com script.hotjar.com snap.licdn.com js.hs-scripts.com www.redditstatic.com tags.srv.stackadapt.com mc.yandex.ru cdn.binsiad.com cdn.browsiprod.com static.goquiq.com api.disqometer.com youwanoss.oss-cn-shanghai.aliyuncs.com mikkiload.com shortstack.services.atlassian.com www.myregistry.com node22.aizhantj.com node31.aizhantj.com a7.mylivechat.com cdn.livechatinc.com api.livechatinc.com static.tripcdn.com webresource.c-ctrip.com sf1-scmcdn-tos.pstatp.com unpkg.com log.finansavisen.no bdimg.share.baidu.com maps.googleapis.com emcharts.dfcfw.com cdn.doofinder.com assets.adobedtm.com *.adobe.com analytics.google.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.facebook.net https://ajax.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src www.headlightsdepot.com www.google.co.in www.facebook.com www.google.es bat.bing.com c.clarity.ms www.google.com.tr api.fillr.com www.google.com.au www.google.pl www.google.fr c.bing.com www.google.co.nz www.google.ca www.google.ae www.google.com.pr www.google.co.jp www.google.co.ke storage.googleapis.com www.google.co.th static.afterpay.com www.google.com.sa www.bing.com www.google.com.mx googleads.g.doubleclick.net www.google.co.ve lh3.googleusercontent.com www.google.fi www.google.lk upload.wikimedia.org www.google.com.co www.google.com.pe www.google.bs www.google.com.kw www.google.si www.google.co.id www.google.rs www.google.ie images.capitaloneshopping.com www.google.gr www.google.se cdn.ivaws.com www.google.cz cdn.honey.io www.google.am www.google.iq www.google.ru www.google.com.bo www.google.at www.google.com.lb www.google.com.sg www.google.com.ag app.certcapture.com s3.amazonaws.com www.google.cn www.google.com.tw www.google.is www.google.com.do www.google.com.sv www.google.jo www.google.ne www.google.ge www.google.co.za www.google.com www.google.co.il www.google.com.jm www.google.ee yastatic.net www.google.com.ec www.google.com.pk www.google.hr www.google.com.my www.google.co.kr www.google.com.bh www.google.hn www.google.dk www.google.lv www.google.co.cr content.discovercard.com www.google.com.bz www.google.com.ph www.google.com.pa www.google.com.ni ad.doubleclick.net www.google.az www.google.com.br www.google.ch www.google.com.vn www.google.com.kh www.google.kz www.google.com.om www.google.com.gt www.pdiadmin.work cdn.exchmapdata.com www.google.gy www.google.sr www.google.pt www.google.lt www.google.com.ar www.google.bg www.google.com.ng www.google.tt connect.facebook.net www.google.com.gh www.google.cl www.google.com.qa www.google.com.ly s.cmptch.com www.google.ro www.google.com.bd www.google.md www.google.dm www.google.mw www.google.bj www.google.ml www.google.com.eg www.google.no www.google.je www.google.tn www.google.sn www.google.it www.google.com.hk www.google.co.vi www.google.ci www.google.com.na www.google.co.ug www.google.lu www.google.vu www.google.tm www.google.al www.google.hu abtest-img-upload.s3.eu-west-2.amazonaws.com www.google.ht logs.convertexperiments.com www.google.kg www.google.cm www.google.mk www.google.co.ao www.googletagmanager.com www.google.ba www.google.com.uy www.google.com.mt tpc.googlesyndication.com www.google.sk www.google.com.py www.google.com.cy www.google.com.tj www.google.by www.google.dz www.google.cg www.google.mg m.media-amazon.com i.ebayimg.com www.google.gl www.google.co.ma www.google.gm www.google.co.bw www.google.cd www.google.mu l.mbs.zip www.google.rw www.google.co.mz www.google.me www.google.com.sb d2j6dbq0eux0bg.cloudfront.net www.google.com.et cdn.simplycodes.com www.google.com.af white-mushroom-097d4720f-testing.eastus2.azurestaticapps.net www.google.mn www.google.com.mm d3k81ch9hvuctc.cloudfront.net www.google.com.bn toolsmagick.com www.google.com.fj www.google.co.tz cdn.joinmoolah.com www.google.com.np magecloud.com www.google.as www.google.dj translate.googleapis.com www.google.co.uz www.google.so www.google.com.gi cdn-images.mailchimp.com www.google.li www.google.co.zm www.google.bf dz310nzuyimx0.cloudfront.net images.carid.com www.esptruck.com tracksmall.com www.google.com.pg www.google.com.sl joko-mobile-app-media.s3.eu-west-1.amazonaws.com www.google.com.vc www.google.co.zw responsible-defenders-pages-production.s3.amazonaws.com maxcdn.bootstrapcdn.com www.google.mv i5.walmartimages.com www.google.ga api.v12.estore.catalograck.com www.google.ps www.google.td www.google.tg www.google.cv www.google.sh 2ol9uikb2smmh33igrfuajp3rzdbfn26dexlgukbbe1964cfade0ae5bsac.d.aa.online-metrix.net d1z0mfyqx7ypd2.cloudfront.net www.google.gg www.google.bt cdn.shopify.com bat.bing.net qpdzbdfymkxrfamkovac.supabase.co speechit.pro hm.baidu.com www.google.la www.google.im assets.jivox.com www.google.ws huaban.com thm.visa.com 2ol9uikbvvw5624jk7etmgjmapvmvxbomknoygioe458c65801c51665sac.d.aa.online-metrix.net www.coupert.com bank.gov.ua csi.gstatic.com www.google.co.ls pos.baidu.com www.google.nl cloud-tr.devzen.site dupe.com mc.yandex.ru headlights.com www.google.sc jonypractic.net app.dataspidy.com 2ol9uikbdkqasbim2e2unhyjwhbwnlo7rldi7ng7c2a4320ba2880877sac.d.aa.online-metrix.net static.xx.fbcdn.net www.google.bi performanceparts.ford.com www.couponscdn.com assets.grammarly.com www.google.ad softwaresuggest.imgix.net yt3.ggpht.com www.google.fm cdn.leanlibrary.app favicon.yandex.net www.google.com.cu www.adbstr.com l.facebook.com www.magentocommerce.com throtl.com cdn.menardc.com images.globalindustrial.com static.summitracing.com www.truevalue.com www.landmsupply.com scene7.samsclub.com linqcdn.avbportal.com svcs.tql.com www.searchencrypt.com google.com https://connect.bolt.com https://*.bolt.com https://src.mastercard.com www.googleadservices.com cars245.com images.orgill.com cdn10.bigcommerce.com db73q1dut0rlp.cloudfront.net auxbeam.com www.morimotohid.com cdn-product-images.revolutionparts.io www.yhqdashi.com di2ponv0v5otw.cloudfront.net cdn11.bigcommerce.com da8h1v3w8q6n5.cloudfront.net thumbs.smartframe.io www.google.tl shop.spencehardware.com www.partsgeek.com etc.roboform.com ep1.adtrafficquality.google sb.scorecardresearch.com ping.chartbeat.net t.skimresources.com track-na2.hubspot.com vehiclepartimages.com 2ol9uikbgw2kux4lk7h5utwwgpxnjg6k3kjiuxka46ead17deeeabb11sac.d.aa.online-metrix.net h.online-metrix.net static.rshughes.com m-api-01.coupert.com img.alicdn.com mikkiload.com library.iterable.com d15k2d11r6t6rl.cloudfront.net rockysandstudio.com static.cloudflareinsights.com www.google.co.ck www.google.to api.phia.com www.google.ki headlightsdepot.com cur.cursors-4u.net 2ol9uikb5l4fumvolnucvdqhenm4m6p4ngm4iymtb5c9de9a95d597d4sac.d.aa.online-metrix.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.google-analytics.com bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline';report-uri https://www.headlightsdepot.com/fl32csp/report/; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://client.crisp.chat https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com static.addtoany.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; img-src data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://image.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s3.antoineonline.com *.doubleclick.net *.ytimg.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.googleadservices.com *.amazonaws.com antoine-images.com *.olx.com.lb *.ibb.co cdn-cookieyes.com https://maps.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://client.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s3.antoineonline.com *.cardinalcommerce.com *.doubleclick.net *.paypal.com *.ytimg.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.mastercard.com *.gateway.mastercard.com pay.google.com static.addtoany.com cdn-cookieyes.com *.livechatinc.com 'self' data: https://maps.googleapis.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://client.crisp.chat https://static.klaviyo.com *.googleapis.com *.addtoany.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s3.antoineonline.com *.cardinalcommerce.com analytics.google.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.cookieyes.com cdn-cookieyes.com *.livechatinc.com 'self' data: https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-CExIIuqpIYV1AlaKniE3xA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-TY4MT4xaq-6qW86sNn0A4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua maps.gstatic.com 1rx.io *.1rx.io 360yield.com *.360yield.com 3lift.com *.3lift.com adnxs.com *.adnxs.com billiger.de *.billiger.de bing.com *.bing.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.de *.google.de idealo.com *.idealo.com media.net *.media.net omnitagjs.com *.omnitagjs.com roeye.com *.roeye.com roeyecdn.com *.roeyecdn.com sharethrough.com *.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com teads.tv *.teads.tv tremorhub.com *.tremorhub.com twiago.com *.twiago.com uimserv.net *.uimserv.net usd.de *.usd.de usercentrics.eu *.usercentrics.eu yieldlab.net *.yieldlab.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com https://a.timeshop24.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com bing.com *.bing.com criteo.com *.criteo.com cdnsrv.de *.cdnsrv.de clickcease.com *.clickcease.com df-srv.de *.df-srv.de fatmedia.io *.fatmedia.io facebook.net *.facebook.net id5-sync.com *.id5-sync.com kuponacdn.de *.kuponacdn.de livechatinc.com *.livechatinc.com pinimg.com *.pinimg.com roeyecdn.com *.roeyecdn.com shopgate.com *.shopgate.com uicdn.com *.uicdn.com usercentrics.eu *.usercentrics.eu googletagmanager.com *.googletagmanager.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com https://www.dwin1.com https://a.timeshop24.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com googletagmanager.com *.googletagmanager.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com livechatinc.com *.livechatinc.com pinterest.com *.pinterest.com usercentrics.eu *.usercentrics.eu *.wepowerconnections.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://a.timeshop24.de 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qlFR8gETFD0LOGZslZ4pwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-0a--CEOY2KC4gYexr8EY5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-G3mcZi3dZUJM4/1NQLDrQA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=3dlm9_OZ3vNXtZmh-UVM0OBkStiT6QAAeAJ9u3qaM48Yg61nd0AhKp7h4SCBo0YiGUKwg1mx0js22oPR-6U=&policy_id=2&user_id=&request_id=919b1904-2e3e-4da5-a528-936af82197fe; report-to csp-endpoint-dlmozvnxtzmhuvmobkstitqaaeajuqamygndahkphscboyigukwgmxjsopru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
script-src 'nonce-CbQqP6jRSfT11wne+2mOpw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=pM1Ju_oOROuj5R9e8fBEmX3jzsIWSp5-6wJwPmGQDX6jZzd83T6EXgh8vYGycrIQGC64ieqky0rU&policy_id=2&user_id=&request_id=95f6ac4d-9838-4618-8fb7-3fa607967f46; report-to csp-endpoint-pmjuooroujrefbemxjzsiwspwjwpmgqdxjzzdtexghvygycriqgcieqkyru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src fonts.gstatic.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.boxnow.gr *.boxnow.cy *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.vivapayments.com https://seo.mageplaza.com *.cardlink.gr *.eurocommerce.gr *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com *.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.facebook.com *.facebook.net *.instagram.com *.google.com *.google.gr *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.boxnow.gr *.boxnow.cy https://www.google.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com *.googleapis.com *.google.com *.acscourier.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.cloudflare.com eadn-wc04-4786488.nxedge.io *.mage2.gr *.facebook.com *.facebook.net *.instagram.com *.google.gr *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.boxnow.gr *.boxnow.cy https://www.magezon.com *.glami.bg *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com *.vivapayments.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.facebook.com *.facebook.net *.google.com googleads.g.doubleclick.net *.doubleclick.net *.instagram.com *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.boxnow.gr *.boxnow.cy *.googleapis.com *.avada.io https://www.google.com https://www.gstatic.com *.cloudflare.com *.glami.bg ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.cloudflare.com eadn-wc04-4786488.nxedge.io *.mage2.gr *.skroutz.gr *.swagger.io *.glami.gr *.contactpigeon.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com *.trustmark.gr consent.cookiefirst.com edge.cookiefirst.com t.themarketer.com cdn1.themarketer.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google-analytics.com *.paypal.com *.facebook.com *.doubleclick.net *.instagram.com *.skroutz.gr *.tiktok.com *.swagger.io *.glami.gr *.contactpigeon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.boxnow.gr *.boxnow.cy http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9VLKVg5PvW8ag2JVHq9BbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-5QmUj6LaAisGw3xjO3Wdxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rxndR35fjvX4qV_nXxH0Lg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-t8d0g2Chsl1x3t6D4cPsTw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://*.healthroundprince.com https://cdn.privacy-mgmt.com https://cdn.ablyft.com https://static.cloudflareinsights.com https://connect.facebook.net https://service.force.com https://googleads.g.doubleclick.net https://d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com; frame-ancestors 'none'; report-uri https://oapi.oskar.de/api/v3/tenant/1/language/1/shared/log/csp-violation; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-m24XCwOCbv9mFbJeL0xGbg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-szbdgEotOBGzqxNmKhDyDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src i.icomoon.io fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.googletagmanager.com ct.pinterest.com www.facebook.com *.adobedtm.com *.omniture.com *.matomo.org *.hotjar.com *.crazyegg.com tags.tiqcdn.com *.facebook.net snap.licdn.com platform.linkedin.com *.twitter.com cdn.taboola.com trc.taboola.com cdn.optimizely.com cdn.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.salesforce.com *.exacttarget.com chimpstatic.com mc.us1.list-manage.com *.sendgrid.com hubspot.com hsforms.com hs-analytics.net assets.pinterest.com *.instagram.com static.zdassets.com static.zendesk.com widget.intercom.io api.intercom.io js.driftt.com js-agent.newrelic.com cdn.cookielaw.org cdn.onetrust.com *.cookiebot.com *.tiktok.com *.klaviyo.com *.bing.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com www.facebook.com *.omniture.com *.mxpnl.com *.matomo.org *.hotjar.com *.crazyegg.com snap.licdn.com platform.linkedin.com *.twitter.com cdn.taboola.com trc.taboola.com cdn.optimizely.com cdn.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.salesforce.com *.exacttarget.com chimpstatic.com mc.us1.list-manage.com *.sendgrid.com hubspot.com hsforms.com hs-analytics.net assets.pinterest.com *.instagram.com static.zdassets.com static.zendesk.com widget.intercom.io api.intercom.io cdn.cookielaw.org cdn.onetrust.com *.cookiebot.com *.tiktok.com *.klaviyo.com *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ moogento.com *.moogento.com *.multisafepay.com https://redchamps.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com *.hotjar.com *.facebook.net s.pinimg.com ct.pinterest.com *.omniture.com *.adobedtm.com *.mxpnl.com *.matomo.org *.crazyegg.com tags.tiqcdn.com snap.licdn.com platform.linkedin.com *.twitter.com cdn.taboola.com trc.taboola.com cdn.optimizely.com cdn.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.salesforce.com *.exacttarget.com chimpstatic.com mc.us1.list-manage.com *.sendgrid.com hubspot.com hsforms.com hs-analytics.net assets.pinterest.com *.instagram.com static.zdassets.com static.zendesk.com widget.intercom.io api.intercom.io js.driftt.com js-agent.newrelic.com cdn.cookielaw.org cdn.onetrust.com *.cookiebot.com *.tiktok.com *.klaviyo.com *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ l2.moogento.com *.multisafepay.com https://pay.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src i.icomoon.io fonts.googleapis.com *.typekit.net *.google-analytics.com analytics.google.com *.omniture.com *.adobedtm.com *.mxpnl.com *.matomo.org *.hotjar.com *.crazyegg.com tags.tiqcdn.com *.facebook.net snap.licdn.com platform.linkedin.com *.twitter.com cdn.taboola.com trc.taboola.com cdn.optimizely.com cdn.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.salesforce.com *.exacttarget.com chimpstatic.com mc.us1.list-manage.com *.sendgrid.com hubspot.com hsforms.com hs-analytics.net assets.pinterest.com *.instagram.com static.zdassets.com static.zendesk.com widget.intercom.io api.intercom.io js.driftt.com js-agent.newrelic.com cdn.cookielaw.org cdn.onetrust.com *.cookiebot.com *.tiktok.com *.klaviyo.com *.bing.com https://static.klaviyo.com *.multisafepay.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net maps.googleapis.com ct.pinterest.com www.facebook.com *.hotjar.io *.google.com *.googleadservices.com pagead2.googlesyndication.com *.omniture.com *.mxpnl.com *.matomo.org *.hotjar.com *.crazyegg.com *.facebook.net snap.licdn.com platform.linkedin.com *.twitter.com trc.taboola.com dev.visualwebsiteoptimizer.com *.salesforce.com *.exacttarget.com chimpstatic.com mc.us1.list-manage.com *.sendgrid.com hubspot.com hsforms.com hs-analytics.net *.pinterest.com *.instagram.com static.zdassets.com static.zendesk.com widget.intercom.io api.intercom.io js.driftt.com bam.nr-data.net rum-static.pingdom.net *.cookiebot.com *.tiktok.com *.klaviyo.com *.bing.com api-js.datadome.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.youtube.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.sharethis.com *.certcapture.com *.userway.org www.google.fr *.join-stories.com *.stories.studio https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.adobedtm.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com https://load.sst.lexon-design.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.sharethis.com *.certcapture.com *.userway.org *.queue-it.net queue.musart.com www.facebook.com js-agent.newrelic.com *.axept.io *.join-stories.com *.stories.studio https://maps.googleapis.com/maps/api/mapsjs https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.youtube.com player.vimeo.com *.googletagmanager.com tagmanager.google.com https://load.sst.lexon-design.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com *.certcapture.com https://static.klaviyo.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com video-previews.elements.envatousercontent.com *.join-stories.com *.stories.studio *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.certcapture.com *.userway.org *.axept.io bam.nr-data.net *.join-stories.com *.stories.studio https://maps.googleapis.com/maps/api/mapsjs https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdn.plyr.io noembed.com *.googletagmanager.com https://load.sst.lexon-design.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'nonce-bpTWQAKd66nUNd50P3mSvg==' 'strict-dynamic' 'self' 'report-sample'; report-uri https://us.i.posthog.com/report/?token=phc_xdBVCyOkYw40Pqd7xp5Er88lGq2IGFd4kZHRiKvvkjr&v=3 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://recaptcha.google.com/recaptcha/ https://www.google.com https://www.google.com/recaptcha/;script-src 'nonce-bc5e01b62b844546b377d048ce646b0f' https://www.mypremisehealth.com 'self' https://www.google.com https://www.googletagmanager.com/gtag/js?id=G-HNEDQ0L1ZB;img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.mypremisehealth.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-ZA9NVZpPRFDsZ6MTtosL5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-CmVwHtLSbYDRDfeI2moQYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com *.typekit.net https://*klaviyo.com *.jaguarlandroverclassic.com *.jaguar.co.uk *.landrover.co.uk https://*.klevu.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.salesfire.co.uk fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://*.hotjar.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://*.freshchat.com *.visualwebsiteoptimizer.com *.jaguarlandroverclassic.com *.jaguar.co.uk *.landrover.co.uk *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.salesfire.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.doubleclick.net https://www.google.com https://www.google.co.uk *.cloudfront.net imgsct.cookiebot.com imgsct.cookiebot.eu *.landrover.co.uk *.jaguar.co.uk https://*.postcodeanywhere.co.uk https://*.clarity.ms https://*.bing.com *.visualwebsiteoptimizer.com *.jaguarlandroverclassic.com https://*.klaviyo.com https://*.facebook.net https://*.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.postcodeanywhere.co.uk https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com consent.cookiebot.com consent.cookiebot.eu https://www.gstatic.com https://googleads.g.doubleclick.net https://script.crazyegg.com https://*.freshchat.com https://*.cookiebot.com https://*.coremetrics.com https://*.bing.com https://*.clarity.ms https://*.landrover.co.uk https://*.jaguar.co.uk *.visualwebsiteoptimizer.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.salesfire.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.googleapis.com *.typekit.net https://*.postcodeanywhere.co.uk https://*.freshchat.com *.jaguarlandroverclassic.com *.jaguar.co.uk *.landrover.co.uk *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.salesfire.co.uk fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://*.hotjar.io https://*.doubleclick.net https://*.google-analytics.com https://script.crazyegg.com https://*.postcodeanywhere.co.uk https://*.clarity.ms https://*.cookiebot.com *.visualwebsiteoptimizer.com *.jaguarlandroverclassic.com *.jaguar.co.uk *.landrover.co.uk https://*.mida.so *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.salesfire.co.uk *.smartmetrics.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com *.cloudflare.com *.kuhnrikon.com *.bazaarvoice.com *.feefo.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com https://*.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.addtoany.com *.linkedin.com *.kuhnrikon.com *.etrusted.com *.bing.com *.bing.net *.facebook.net *.licdn.com *.google.ch *.google.com *.google.de *.tiktok.com *.googletagmanager.com *.typography.com *.usercentrics.eu *.ometria.com *.getback.ch *.cloudflare.com *.clarity.ms *.wisepops.com *.wisepops.net *.mediards.com *.redintelligence.net *.ct0.ch *.cookielaw.org https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com *.feefo.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://img.youtube.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.klaviyo.com *.pinterest.com *.pinimg.com *.google-analytics.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googleapis.com *.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.addtoany.com *.linkedin.com *.kuhnrikon.com *.etrusted.com *.bing.com *.bing.net *.facebook.net *.licdn.com *.google.ch *.google.com *.tiktok.com *.googletagmanager.com *.typography.com *.usercentrics.eu *.ometria.com *.getback.ch *.cloudflare.com *.clarity.ms *.wisepops.com wisepops.net *.mediards.com *.redintelligence.net *.ct0.ch *.cookielaw.org *.dwin1.com stapecdn.com *.profity.ch *.ilish.site https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.feefo.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.jsdelivr.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.avada.io cdn.jsdelivr.net maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleadservices.com *.redditstatic.com *.reddit.com *.ads-twitter.com *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.addtoany.com *.linkedin.com *.kuhnrikon.com kuhnrikon.com *.etrusted.com *.bing.com *.bing.net *.facebook.net *.licdn.com *.google.ch *.google.com *.tiktok.com *.googletagmanager.com *.typography.com *.usercentrics.eu *.ometria.com *.getback.ch *.cloudflare.com *.clarity.ms *.wisepops.com wisepops.net *.mediards.com *.redintelligence.net *.ct0.ch *.ilish.site https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.feefo.com downloads.mailchimp.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.fontawesome.com https://fonts.bunny.net cdn.jsdelivr.net *.gstatic.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.tagmanager.google.com *.typeform.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.addtoany.com *.linkedin.com *.kuhnrikon.com *.etrusted.com *.bing.com *.bing.net *.facebook.net *.licdn.com *.google.ch *.google.com *.tiktok.com *.googletagmanager.com *.typography.com *.usercentrics.eu *.ometria.com *.getback.ch *.cloudflare.com *.clarity.ms *.wisepops.com wisepops.net *.mediards.com *.redintelligence.net *.ct0.ch *.cookielaw.org *.bazaarvoice.com *.googlesyndication.com *.facebook.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.feefo.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustedshops.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.redditstatic.com *.reddit.com *.twitter.com *.ads-twitter.com *.klaviyo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.youtube-nocookie.com *.youtube.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://*.walmart.com https://dev.walmart.com:4200 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Mq1Xk71syXWr7GABrpWdtQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://s3.amazonaws.com *.disqus.com https://img.youtube.com https://www.magezon.com store.paradoxlabs.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com media.sezzle.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://standby.comm100vue.com https://comm100vue.com https://use.fontawesome.com https://chimpstatic.com https://searchserverapi.com https://maxcdn.bootstrapcdn.com https://*.adobe.com https://fonts.googleapis.com https://downloads.mailchimp.com https://*.searchserverapi.com https://searchanise-ef84.kxcdn.com https://static.hotjar.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.disqus.com *.google.com/ *.authorize.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://use.fontawesome.com https://fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://www.google-analytics.com https://olegnax.com https://api.instagram.com https://graph.instagram.com/ *.authorize.net api.amplitude.com stats.g.doubleclick.net gateway.sezzle.com sandbox.gateway.sezzle.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://files1.vinci-immobilier.com https://files6.vinci-immobilier.com https://www.vinci-immobilier.com https://files3.vinci-immobilier.com https://files2.vinci-immobilier.com; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src 'self' https://files1.vinci-immobilier.com https://files6.vinci-immobilier.com https://files3.vinci-immobilier.com https://files2.vinci-immobilier.com https://www.vinci-immobilier.com https://www.vinci-immobilier.com/api/offres https://www.vinci-immobilier.com/api/v4 https://www.vinci-immobilier.com/api/profils https://www.vinci-immobilier.com/api/geo https://www.vinci-immobilier.com/api/marketing https://www.vinci-immobilier.com/api/simulateur 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-4dNmBc026Q8prIRVnkt-aA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.careem-pay.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://fonts.bunny.net use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.kpaytest.com.kw *.kpay.com.kw *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.weltpixel.com cdn.moengage.com/ *.kpaytest.com.kw *.kpay.com.kw *.b-cdn.net *.tap.company *.careem-pay.com http://www.sandbox.paypal.com *.twitter.com checkout.tabby.ai static.addtoany.com/ *.google-analytics.com *.gstatic.com *.pinterest.com *.facebook.com 'self' 'unsafe-inline'; img-src 'self' data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.gstatic.com moe-email-campaigns.s3.amazonaws.com/ image.moengage.com/ *.b-cdn.net *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.braintreegateway.com *.amazonaws.com antoine-images.com *.olx.com.lb *.ibb.co cdn-cookieyes.com https://firebasestorage.googleapis.com https://www.magezon.com *.pinterest.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.moengage.com/webpush/moe_webSdk.min.latest.js cdn.moengage.com/webpush/modules/inapp.js cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js app-cdn.moengage.com/ cdn.moengage.com/release/dc_2/moe_webSdk.min.latest.js *.b-cdn.net *.careem-pay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.cardinalcommerce.com *.doubleclick.net *.paypal.com *.ytimg.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.mastercard.com *.gateway.mastercard.com static.addtoany.com cdn-cookieyes.com *.livechatinc.com 'self' data: *.avada.io *.shopify.com *.pinterest.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.googleapis.com *.b-cdn.net *.fontawesome.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com https://fonts.bunny.net use.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sdk-02.moengage.com/ sdk-02.moengage.com *.kpaytest.com.kw *.kpay.com.kw *.dev.tap.company *.tap.company *.cloudflare.com *.twitter.com *.cookieyes.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.cardinalcommerce.com analytics.google.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io cdn-cookieyes.com *.livechatinc.com 'self' data: maps.googleapis.com https://get.geojs.io *.avada.io stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com/gtm.js https://*.purechat.com https://prod.purechatcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-fqb3td-iPOIarVspe0hElw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-kkO3UboPnNVouz0GQ10K5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-9E29eyNUypBIOOekRrdNOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qJlPe19PnYueECieI2qc1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-VeFt2nUZqDkRPxr14mySEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com *.googleapis.com https://*.hotjar.com https://*.hotjar.io https://apps.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com www.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * syf.demdex.net *.syfpos.com *.syf.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com e.issuu.com www.youtube.com youtube.com woobox.com www.woobox.com facebook.com www.facebook.com instagram.com www.instagram.com s7.addthis.com assets.pinterest.com ecwportal.vertexsmb.com *.hotjar.com *.hotjar.io *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.mysynchrony.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.addthis.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com log.pinterest.com www.facebook.com *.googleadservices.com www.google.pl *.familyfarmandhome.com https://*.hotjar.com https://*.hotjar.io *.google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.syf.com *.tiqcdn.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com https://chimpstatic.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net woobox.com www.woobox.com s7.addthis.com m.addthis.com v1.addthisedge.com assets.pinterest.com ecwportal.vertexsmb.com connect.facebook.net freegeoip.app api.ipbase.com *.google-analytics.com *.hotjar.com *.hotjar.io widgets.syfpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com downloads.mailchimp.com assets.braintreegateway.com *.syfpos.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net s7.addthis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://*.doubleclick.net *.connect.facebook.net *.facebook.com www.google.pl www.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-jL1P6v4qtwLw0w3zt6g-yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yt84OhKMlVw2CiIly9CRSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nAXFK9JRirZEoknV-wD1QA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-sqBblvJwmhJYWhPVxbYh1A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com connect.facebook.net chimpstatic.com platform.twitter.com *.twitter.com apis.google.com *.google.com;         style-src 'self' 'unsafe-inline' fonts.googleapis.com;         font-src 'self' fonts.gstatic.com;         img-src 'self' data: https:;         connect-src 'self' *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com connect.facebook.net;         frame-src 'self' *.systempay.fr *.scellius.com *.google.com *.facebook.com platform.twitter.com *.youtube.com;         form-action 'self' *.systempay.fr *.scellius.com 1
default-src 'self' 'unsafe-inline' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; connect-src 'self' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; base-uri 'self'; form-action 'self'; img-src 'self' data: upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; script-src 'self' 'unsafe-inline' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-CVJ48XbMzt_Ht3Z-xGHqlw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src https://*.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.klaviyo.com *.typekit.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://tr.snapchat.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://widget.trustpilot.com https://tr.snapchat.com https://ad4mat.net https://ad4m.at https://s7.addthis.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.google.com *.googletagmanager.com *.doubleclick.net *.redintelligence.net *.trustpilot.com *.googlesyndication.com *.dwin1.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://scontent.cdninstagram.com https://tr.outbrain.com https://bat.bing.com https://x.klarnacdn.net https://www.zenaps.com https://www.awin1.com https://lh4.googleusercontent.com https://r.adserver01.de https://secure.adnxs.com https://adservice.google.co.uk https://ads.creative-serving.com https://aa.agkn.com https://adadvisor.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.disqus.com https://firebasestorage.googleapis.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net blob: *.google.com *.google.co.uk *.gstatic.com *.googlesyndication.com *.bing.com *.bing.net *.cloudflare.com *.cloudfront.net *.roeye.com *.freshchat.com *.clarity.ms *.wisepops.com wisepops.net *.soreto.com *.tiktok.com *.squeezely.tech *.doubleclick.net ts.tradetracker.net www.magmodules.eu *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://amplify.outbrain.com https://tr.outbrain.com https://static.zdassets.com https://widget.trustpilot.com https://bat.bing.com https://www.dwin1.com https://sc-static.net https://ad4m.at https://z.moatads.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com https://bam.eu01.nr-data.net *.disqus.com *.avada.io *.shopify.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com maps.googleapis.com google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.tiktok.com *.taboola.com *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.withcubed.com *.roeyecdn.com *.klaviyo.com *.trustpilot.com *.visualwebsiteoptimizer.com fw-cdn.com cdn-sitegainer.com *.ip-api.com *.cloudflare.com *.cloudfront.net *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.googleapis.com *.vimeo.com *.freshchat.com *.hotjar.com *.varify.io *.pinimg.com *.tag4arm.com *.squeezely.tech squeezely.tech *.getflowbox.com *.pinterest.com *.feedbackcompany.com *.123jaloezie.nl tm.tradetracker.net tagmanager.google.com https://app.varify.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ cc-cdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com data: *.googleapis.com *.googlesyndication.com *.typekit.net *.seersco.com *.klaviyo.com *.freshchat.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.zopim.com wss://widget-mediator.zopim.com https://makemyblinds.zendesk.com https://ekr.zdassets.com https://telemetrics.klaviyo.com https://bat.bing.com https://m.addthis.com https://ipinfo.io/json https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.taboola.com *.tiktok.com *.tiktokw.us *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.awinblackfriday.com *.freshchat.com *.amazonaws.com *.googletagmanager.com *.dwin1.com *.trustpilot.com *.varify.io *.tag4arm.com *.pinterest.com *.hotjar.io *.hotjar.com *.squeezely.tech squeezely.tech *.workers.dev *.feedbackcompany.com *.123jaloezie.nl *.google-analytics.com *.analytics.google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://js.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-pevcgAKq38eHekRrEuXA5g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.source-werbeartikel.com *.tawk.to fonts.googleapis.com celebrosnlp.com cdnjs.cloudflare.com assets.reviews.io Source-search.celebros.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors cdn.jsdelivr.net *.twyn.com *.tawk.to wss://*.tawk.to 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de https://sandbox.crefopay.de https://api.crefopay.de *.amazon.com *.payments-amazon.com *.wesupply.xyz https://wesupplylabs.com *.source-werbeartikel.com *.tawk.to cdn.jsdelivr.net *.twyn.com tawk.to wss://*.tawk.to *.facebook.com *.doubleclick.net *.source-werbeartikel.at *.source-werbeartikel.ch *.source-promo.be *.weltpixel.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.payments-amazon.com *.media-amazon.com *.source-werbeartikel.com www.gstatic.com wss://*.tawk.to *.tawk.to tawk.link cdn.jsdelivr.net www.google.ge *.tawk.link bat.bing.com brandingcalculator.source-werbeartikel.com app.promotron.com *.facebook.com *.google.pl *.google.de px.ads.linkedin.com assets.reviews.io *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.novalnet.de cdn.barzahlen.de applepay.cdn-apple.com maps.googleapis.com *.payments-amazon.com https://sandbox.crefopay.de/ https://api.crefopay.de https://code.jquery.com/jquery-3.3.1.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js *.cloudflare.com *.convertexperiments.com *.source-werbeartikel.com tawk.to *.tawk.to https://www.googletagmanager.com https://www.google.com/pagead/ twyn.com *.twyn.com cdn.jsdelivr.net ai2.celebros-analytics.com app.promotron.com cdn.mouseflow.com www.gstatic.com bat.bing.com connect.facebook.net cdn.leadinfo.net snap.licdn.com *.source-werbeartikel.at *.source-werbeartikel.ch *.source-promo.be *.data.source-werbeartikel.com *.klaviyo.com *.clarity.ms widget.reviews.io js.intercomcdn.com widget.intercom.io *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com pantone-color.source-werbeartikel.com celebrosnlp.com ai.celebros-analytics.com ajax.googleapis.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.convertexperiments.com *.source-werbeartikel.com https://embed.tawk.to *.tawk.to cdnjs.cloudflare.com assets.reviews.io app.intercom.com widget.reviews.io *.reviews.io *.tagmanager.google.com *.googletagmanager.com *.typeform.com pantone-color.source-werbeartikel.com celebrosnlp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.source-werbeartikel.com embed.tawk.to *.tawk.to tawk.link *.twyn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com payport.novalnet.de secure.novalnet.de places.googleapis.com https://sandbox.crefopay.de https://api.crefopay.de *.amazon.com *.config-security.com *.tawk.to wss://*.tawk.to *.twyn.com www.google-analytics.com *.doubleclick.net *.leadinfo.net *.googleadservices.com www.google.com www.google.ge *.leadinfo.com stats.g.doubleclick.net app.promotron.com tagging.source-werbeartikel.com *.google.pl *.google.de analytics.google.com *.mouseflow.com *.source-werbeartikel.com *.ads.linkedin.com *.linkedin.com *.klaviyo.com *.clarity.ms api.reviews.io widget.reviews.io api-iam.intercom.io bat.bing.com lg.hyr.so wss://*.intercom.io *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com pantone.develop stage-pantone-color.source-werbeartikel.com pantone-color.source-werbeartikel.com *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.convertexperiments.com stats.g.doubleclick.net *.tawk.to *.source-werbeartikel.com collector.leadinfo.net api.leadinfo.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-l_7EBXbF6zPebBG28NEmNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube-nocookie.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.hotjar.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.doubleclick.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cards-accept.bm.pl cards.bm.pl pay.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.hotjar.com https://cdn.jsdelivr.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.przelewy24.pl https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com *.doubleclick.net http://localhost:10003/socket.io/ https://localhost:10003/socket.io/ wss://localhost:10003/socket.io/ http://localhost:10003/broadcast/ http://localhost:10003/consumer http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com ws://localhost:10003 https://localhost:10003/broadcast https://localhost:10003/consumer 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-FD_05PVEFaVBLlFLPc__Zw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rDkgf3-p35AWNYrVKTU84Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-to novy_csp;report-uri https://novy.report-uri.com/r/d/csp/reportOnly;default-src 'self';base-uri 'self';frame-ancestors 'none';frame-src https://*.youtube.com https://www.youtube-nocookie.com https://*.cookiebot.com https://*.googletagmanager.com https://td.doubleclick.net https://*.fls.doubleclick.net https://ct.pinterest.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.hs-sites-eu1.com;script-src 'nonce-BmQkf2Ts4U+1y5+rSIwfbQ==' 'strict-dynamic' https://*.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://*.cookiebot.com https://www.youtube.com https://*.facebook.net https://*.hotjar.com https://*.bing.com https://*.pinimg.com https://*.hs-banner.com https://*.hs-analytics.net https://js.hsadspixel.net https://js.hsleadflows.net https://js.hscollectedforms.net https://*.hubspot.com https://ct.pinterest.com https://*.usemessages.com 'report-sample' 'unsafe-eval';style-src 'self' 'report-sample' https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com 'unsafe-inline';style-src-elem 'self' 'report-sample' https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline';img-src 'self' data: https://middleby-cdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://maps.googleapis.com https://*.gstatic.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://www.google.com https://www.google.be https://www.google.de https://www.google.nl https://www.google.lu https://www.google.fr https://www.google.es https://www.google.it https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.cz https://www.google.co.uk https://www.google.co.il https://www.google.ie https://www.google.at https://www.google.ee https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.py https://www.google.ca https://www.google.ch https://www.google.com.mt https://www.google.com.py https://*.hsforms.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://exceptions.hs-embed-reporting.com;font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/;connect-src 'self' https://capig.novy.com https://*.cookiebot.com https://*.googletagmanager.com https://www.google.com https://www.google.be https://www.google.de https://www.google.nl https://www.google.lu https://www.google.fr https://www.google.es https://www.google.it https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.cz https://www.google.co.uk https://www.google.co.il https://www.google.ie https://www.google.at https://www.google.ee https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.py https://www.google.ca https://www.google.ch https://www.google.com.mt https://www.google.com.py https://*.hubapi.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com/ https://*.g.doubleclick.net https://ad.doubleclick.net https://maps.googleapis.com https://ct.pinterest.com https://*.hubspot.com https://*.hsforms.com/embed/ https://forms.hscollectedforms.net wss://ws.hotjar.com https://*.hotjar.io https://bat.bing.com https://*.googlesyndication.com https://www.facebook.com;object-src 'none';worker-src 'none';form-action 'self';manifest-src 'self';media-src 'self'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-hx1kXYMNymFc4BM4Bxl2cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-7EIN9Chc9Q29AX3qB2l0zg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'self'; report-uri https://infosupport.com/csp-report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-yOr_7q_61sQZ3SvzBD146w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.com.hr https://www.myheritage.com.hr  'unsafe-eval' 'nonce-bec9268555c041ff5ab8330a25b97e5b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.com.hr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-mFkxvOnwxMt03F9UDq9xOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-2ORQRmtBYIeEVjdGWIQbhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' *.umbraco.com https://stats.g.doubleclick.net *.wandel.nl *.avond4daagse.nl *.pinterest.com *.cookiebot.com *.google-analytics.com packages.umbraco.org our.umbraco.org www.gravatar.com our.umbraco.com *.akamaized.net *.vimeo.com *.vimeocdn.com https://youtu.be https://www.youtube.com cdnjs.cloudflare.com *.facebook.com *.hotjar.com *.hotjar.io;              object-src 'none';              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com wandel.blueconic.net *.avond4daagse.nl *.umbraco.com https://s.pinimg.com https://snap.licdn.com https://connect.facebook.net *.wandel.nl https://script.hotjar.com https://static.hotjar.com https://wandel.blueconic.net https://cdn.blueconic.net *.cookiebot.com ajax.aspnetcdn.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com https://tagmanager.google.com https://spotlerscript.com https://maps.googleapis.com https://t.spotlerleads.nl cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.avond4daagse.nl cdn.blueconic.net static.hotjar.com script.hotjar.com www.google-analytics.com *.pinimg.com *.facebook.net *.facebook.com cdn.jsdelivr.net www.googletagmanager.com *.wandel.nl wandel.blueconic.net *.cookiebot.com *.atleta.cc;              style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com *.umbraco.com *.typekit.net *.wandel.nl https://tagmanager.google.com https://fonts.googleapis.com cdnjs.cloudflare.com;              img-src 'self' data: *.umbraco.com *.pinterest.com *.umbraco.com *.facebook.com *.facebook.net *.linkedin.com www.gravatar.com umbraco.tv our.umbraco.org our.umbraco.com dashboard.umbraco.org https://i.ytimg.com https://csi.gstatic.com https://maps.gstatic.com www.gravatar.com umbraco.tv *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com cdnjs.cloudflare.com *.azureedge.net *.wandel.nl *.googletagmanager.com *.facebook.com wandel.gxcloud.net www.github.com www.bing.com *.vimeocdn.com     *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;              font-src 'self' data: *.umbraco.com *.cookiebot.com https://use.typekit.net https://fonts.gstatic.com data: cdnjs.cloudflare.com *.avast.com *.facebook.net;              frame-src 'self' *.umbraco.com https://www.pinterest.com https://vars.hotjar.com *.cookiebot.com youtu.be www.youtube.com www.google.com https://player.vimeo.com *.pinterest.com *.facebook.com *.googletagmanager.com https://atleta.cc;     connect-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com wandel.blueconic.net *.avond4daagse.nl *.facebook.com *.hotjar.com *.hotjar.io code.jquery.com *.cookiebot.com *.umbraco.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ZE5ETof9nSIrF-fAMfOK4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-BAmSd3cbochzKBy05g5iDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ZY2SNEHW55mvmGb0B_VUgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-L8rqs9B2kTclrl0SRN3k4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.pepleroptics.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.pepleroptics.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com www.pepleroptics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pepleroptics.com *.vimeo.com *.hotjar.com vars.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.pepleroptics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.feefo.com bat.bing.com bat.bing.net *.pepleroptics.com *.vimeo.com *.google.co.uk moneypennychat.appspot.com *.postcodeanywhere.co.uk www.pepleroptics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.feefo.com bat.bing.com bat.bing.net *.pepleroptics.com ajax.cloudflare.com *.hotjar.com moneypennychat.appspot.com *.postcodeanywhere.co.uk *.pcapredict.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.pepleroptics.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com 'unsafe-inline' assets.braintreegateway.com *.postcodeanywhere.co.uk www.pepleroptics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.pepleroptics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com bat.bing.com bat.bing.net *.google.co.uk stats.g.doubleclick.net *.feefo.com *.d.clarity.ms *.pepleroptics.com *.googlesyndication.com *.hotjar.com wss://ws.hotjar.com/ *.hotjar.io moneypennychat.appspot.com *.postcodeanywhere.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.pepleroptics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.pepleroptics.com http: https: blob: 'self' 'unsafe-inline'; default-src www.pepleroptics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.cloudflare.com *.digitalbridgehq.com *.elev.io *.fixtuur.com *.goinstore.com *.honey.io *.tawk.to https://www.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.arcot.com *.cardinalcommerce.com *.facebook.com *.realexpayments.com *.touch.tech *.tawk.to 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com account.fetchify.com *.acdcproc.com *.addthis.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.criteo.com *.criteo.net *.digitalbridgehq.com *.doubleclick.net *.fixtuur.com *.flashtalking.com *.google.co.uk *.googlesyndication.com *.hotjar.com *.jotform.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.lloydsbankinggroup.com *.modirum.com *.monzo.com *.pinterest.com *.playground.klarna.com *.playground.klarnaservices.com *.realexpayments.com *.rsa3dsauth.co.uk *.sandbox.paypal.com *.touch.tech *.zenaps.com ct.pinterest.com servedby.flashtalking.com *.tawk.to magento-cloudflare.jetrails.com js.mollie.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.360yield.com *.addthis.com *.adform.net *.adnxs.com *.ads.yieldmo.com *.advertising.com *.amazon-adsystem.com *.amazonaws.com *.awin1.com *.bidswitch.net *.bing.com *.bluekai.com *.bnmla.com *.casalemedia.com *.creativecdn.com *.criteo.com *.criteo.net *.digitaleast.mobi *.dmxleo.com *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.exelator.com *.feefo.com *.goinstore.com *.google.com *.google.ie *.googleapis.com *.honey.io *.imrworldwide.com *.ivitrack.com *.liadm.com *.mediavine.com *.mediawallahscript.com *.narrative.io *.outbrain.com *.pinterest.com *.postcodeanywhere.co.uk *.pubmatic.com *.revcontent.com *.rubiconproject.com *.sagepay.co.uk *.semasio.net *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.tapad.com *.thebrighttag.com *.trackedlink.net *.tvsquared.com *.twiago.com *.yahoo.com *.yieldlab.net *.zdassets.com *.zemanta.com *.zenaps.com *.zendesk.com bat.bing.com beacon.krxd.net contextual.media.net coviyr.modafurnishings.co.uk criteo-partners.tremorhub.com criteo-sync.teads.tv eb2.3lift.com google.com id5-sync.com jadserve.postrelease.com maps.googleapis.com match.sharethrough.com static.elfsight.com visitor.omnitagjs.com www.coupert.com www.google.ae www.google.cn www.google.co.in www.google.co.ma www.google.co.uk www.google.co.za www.google.com.ag www.google.com.au www.google.com.bd www.google.com.eg www.google.com.lb www.google.com.my www.google.com.ph www.google.com.sa www.google.com.tr www.google.com.ua www.google.de www.google.es www.google.fr www.google.gg www.google.im www.google.it www.google.je www.google.lu www.google.nl *.tawk.to *.cdninstagram.com *.mollie.com *.ytimg.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.tawk.to *.app-us1.com *.bing.com *.clickguard.com *.craftyclicks.co.uk *.criteo.com *.criteo.net *.digitalbridgehq.com *.dwin1.com *.dynamicyield.com *.elev.io *.elfsight.com *.feefo.com *.finance-calculator.co.uk *.fixtuur.com *.goinstore.com *.hotjar.com *.jsdelivr.net *.opentok.com *.pcapredict.com *.pennies.org.uk *.pinimg.com *.pureclarity.net *.responsetap.com *.sciencebehindecommerce.com *.tvsquared.com *.vimeo.com *.zdassets.com *.zenaps.com trackcmp.net *.mollie.com *.googleapis.com *.salesfire.co.uk js.mollie.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com cc-cdn.com *.braintreegateway.com *.digitalbridgehq.com *.feefo.com *.finance-calculator.co.uk *.fixtuur.com *.goinstore.com *.google.com *.tawk.to *.trustpilot.com assets.braintreegateway.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.snplow.net commerce.adobedc.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.addthis.com *.amazonaws.com *.app-us1.com *.bing.com *.cardinalcommerce.com *.clickguard.com *.cookiebot.com *.digitalbridgehq.com *.doubleclick.net *.dynamicyield.com *.elev.io *.elfsight.com *.feefo.com *.finance-calculator.co.uk *.fixtuur.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.jsdelivr.net *.loggly.com *.my.sentry.io *.pennies.org.uk *.pinterest.com *.postcodeanywhere.co.uk *.sciencebehindecommerce.com *.smooch.io *.tokbox.com *.trustpilot.com *.ucweb.com *.zdassets.com *.zendesk.com *.zuko.io adservice.google.com bat.bing.com eu.prd.impact.fixtuur.com maps.googleapis.com www.google.co.uk www.google.it www.google.je www.google.nl www.wepowerconnections.com wss://*.tawk.to *.tawk.to *.instagram.com *.smartmetrics.co.uk *.salesfire.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Nemlze61nHEj9ElIoYNxjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-aQO9mB5olNcTMzhg5-mAFA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-uu-BlNvc5gfWkAASuOD9nA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; font-src 'self' data: https://cdn.rawgit.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://pro.fontawesome.com https://www.erblearn.org https://fonts.typekit.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdn.jsdelivr.net; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://cdn.datatables.net https://cdn.erblearn.org https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.5.1.min.js https://kit.fontawesome.com/8e16178960.js https://cdn.jsdelivr.net https://kit.fontawesome.com/3a3e8d3071.js https://www.googletagmanager.com/gtag/js https://use.fontawesome.com/cdc1a032d4.js http://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__en.js https://kendo.cdn.telerik.com/2021.3.1109/js/jszip.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://cdn.erblearn.org https://cdn.rawgit.com https://fonts.googleapis.com https://pro.fontawesome.com https://fonts.typekit.net https://use.fontawesome.com https://kendo.cdn.telerik.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/ https://fast.fonts.net https://code.jquery.com; frame-src https://www.facebook.com https://player.vimeo.com; connect-src 'unsafe-inline' 'self' https://ka-p.fontawesome.com https://worldtimeapi.org https://www.google-analytics.com https://stats.g.doubleclick.net; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-mszb4_gFToh8zGE8JOdZzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-VAEYtpcS0WB3nqeG0f5Chg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qWkj3EYSLWI4juOb3hP8UA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bionat.gr *.tawk.to *.userway.org *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.bionat.gr *.tawk.to www.facebook.com *.twitter.com *.modirum.com *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bionat.gr *.facebook.com *.cookiebot.com *.hotjar.com *.tawk.to *.userway.org *.google.gr https://www.youtube.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com data: maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com *.bionat.gr *.userway.org *.tawk.to *.facebook.com *.google.gr *.jsdelivr.net tawk.link http://bionat.gr https://bionat.gr https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com *.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.bionat.gr 'self' data: *.cookiebot.com *.userway.org *.tawk.to *.hotjar.com *.jsdelivr.net https://www.youtube.com analytics.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.bionat.gr *.tawk.to *.userway.org *.jsdelivr.net 'self' 'unsafe-inline' * *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: http://bionat.gr https://bionat.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.bionat.gr 'self' data: blob: *.userway.org *.tawk.to *.hotjar.com 'unsafe-inline' wss: wss: *.doubleclick.net *.jsdelivr.net wss://*.tawk.to *.google.gr https://*.googleapis.com https://*.gstatic.com analytics.tiktok.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: https://use.fontawesome.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * google.com gstatic.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.trackedlink.net https://scontent-bom1-1.cdninstagram.com/ https://scontent-bom1-2.cdninstagram.com https://scontent-bom1-2.xx.fbcdn.net https://scontent-bom1-1.xx.fbcdn.net magefan.com cm.magefan.com *.disqus.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com google.com gstatic.com *.cloudflare.com *.google.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://scontent-bom1-2.cdninstagram.com/ https://scontent-bom1-1.cdninstagram.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-awcIQ3n1N9hWIZQFK55iVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-i4MuF0vwaUkrNVD8JVYB7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://paymentsafe.experianhealth.com;script-src 'nonce-1846c78233754cc6ac7985bb71bfabc2' https://www.thechristhospitalmychart.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.thechristhospitalmychart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-AhDjbmg7GQD4mW0OoSx0Bw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'nonce-yjF//VSREAhw/njWW8kgUg==' 'unsafe-inline' https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *; img-src * data:; font-src * data:; connect-src *; frame-src 'self' https://challenges.cloudflare.com; frame-ancestors https://replit.com https://lovable.dev https://bolt.new https://v0.app; upgrade-insecure-requests; worker-src 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb28ba93eb59013963476c6dd6c190040&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to csp-datadog 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.cloudflare.com *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com https://cdn.tbibank.support *.cloudfront.net https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com maps.googleapis.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://beta.tbibank.support *.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: data: *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.fontawesome.com *.authorize.net *.facebook.net *.facebook.com *.bootstrapcdn.com *.hubspot.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com *.dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com xtento.com *.xtento.com *.cloudmaestro.com *.unpkg.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.youtube.com *.apptrian.com www.apptrian.com *.vimeo.com *.use.typekit.net *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' * data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.iglobalstores.com *.authorize.net *.spreedly.com *.hubspot.com *.getbread.com paypal.com *.braintree-api.com *.addthis.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.yotpo.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.g.doubleclick.net *.cloudmaestro.com vimeo.com *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.b0e8.com https://images.unsplash.com *.cloudfront.net *.reviews.io *.reviews.co.uk magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://img.youtube.com *.google.com www.google-analytics.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.magentocommerce.com *.zonos.com *.yotpo.com yotpo.com www.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com www.xtento.com cdn.xtento.com px.ads.linkedin.com bat.bing.com pippio.com *.cloudmaestro.com *.events.bouncex.net *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com www.shareasale.com *.shareasale.com *.bouncex.net ciqtracking.com *.doubleclick.net widget.reviews.io jsstore.s3-us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com 'self' * *.hsforms.net *.hsforms.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.b0e8.com *.bc0a.com https://maps.googleapis.com https://player.vimeo.com *.reviews.io *.reviews.co.uk *.disqus.com *.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com acsbapp.com *.impactcdn.com *.trustedshops.com *.usercentrics.eu *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.bootstrapcdn.com bam.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com undefined/api/v2/sites/74088/recordings/content unpkg.com *.unpkg.com *.cloudfront.net d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js tr2.smarterhq.io *.apptrian.com hello.zonos.com staticw2.yotpo.com brainmd.com stats.g.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.go2sdk.com ciqtracking.com *.doubleclick.net script.crazyegg.com *.crazyegg.com js.adsrvr.org cdn.attn.tv container.pepperjam.com forms.hscollectedforms.net js.hscollectedforms.net salsify-ecdn.com fs19.formsite.com *.s3.amazonaws.com *.amazonaws.com s3.amazonaws.com s3-us-west-2.amazonaws.com *.execute-api.us-west-2.amazonaws.com alocdn.com b-code.liadm.com *.liadm.com api.retention.com cdn.oribi.io www.snapengage.com www.mnpa6gtrk.com shop.pe *.shop.pe static.cloudflareinsights.com cdn.cookie.pii.ai widget.reviews.io 'self' *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://cdn.jsdelivr.net assets.braintreegateway.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com getfirebug.com *.klaviyo.com *.bootstrapcdn.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com www.sandbox.paypal.com *.fls.doubleclick.net 11158761.fls.doubleclick.net tr2.smarterhq.io *.smarterhq.io js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com widget.reviews.io 'self' * data: tagmanager.google.com fonts.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.zdassets.com *.tinymce.com *.tiny.cloud cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com *.yotpo.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com *.fls.doubleclick.net 11158761.fls.doubleclick.net js.authorize.net *.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net ciqtracking.com 'self' * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com https://maps.googleapis.com https://player.vimeo.com *.cloudfront.net *.reviews.io *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com map.googleapis.com maps.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.adobedtm.com *.acsbapp.com *.impactcdn.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.facebook.net *.facebook.com bam.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com cdn.iglobalstores.com *.licdn.com *.bing.com dwin1.com www.dwin1.com *.bounceexchange.com linkedin.com *.adsymptotic.com p.adsymptotic.com *.cdnbasket.net *.cdnwidget.com *.iglobalstores.com yotpo.com www.yotpo.com xtento.com *.xtento.com *.cloudmaestro.com undefined/api/v2/sites/74088/recordings/content unpkg.com *.unpkg.com d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js tr2.smarterhq.io *.apptrian.com hello.zonos.com staticw2.yotpo.com brainmd.com stats.g.doubleclick.net js.authorize.net ssl.kaptcha.com *.kaptcha.com *.bouncex.net *.go2sdk.com ciqtracking.com *.doubleclick.net retail-client-events-service.internal.salsify.com script.crazyegg.com salsify-ecdn.com forms.hscollectedforms.net js.hscollectedforms.net events.attentivemobile.com *.attentivemobile.com shelterlogic-us.attn.tv *.attn.tv shelterlogic.sjv.io *.sjv.io tracking.crazyegg.com assets-tracking.crazyegg.com *.crazyegg.com api.retention.com b-code.liadm.com *.liadm.com *.execute-api.us-west-2.amazonaws.com manage.safeopt.com app.shop.pe alocdn.com shopper.shop.pe cdn.cookie.pii.ai geo.pii.ai consent-api.pii.ai api.reviews.io *.bc0a.com insight.adsrvr.org 'self' t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-KYTMoJEdVgOYAym8UEZAow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qO5mdobgxLpbTtVwmt4-aQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com instantcredit.net test.instantcredit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.google.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube.com/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://td.doubleclick.net/ https://scontent-ams4-1.cdninstagram.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://stats.g.doubleclick.net/ https://buttons-config.sharethis.com https://l.sharethis.com https://www.google.com.vn https://platform-cdn.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com maps.googleapis.com *.trackedlink.net *.maps.gstatic.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net https://platform-api.sharethis.com https://stats.g.doubleclick.net/ https://cdn-cookieyes.com/ https://script.hotjar.com/ https://app.wishloop.com/ https://buttons-config.sharethis.com https://l.sharethis.com https://static.hotjar.com https://scontent-ams4-1.cdninstagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://scontent-ams4-1.cdninstagram.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com instantcredit.net *.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.kxcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://consent.cookiefirst.com https://static.cookiefirst.com *.weglot.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.weglot.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://secure.pay1.de https://d.ratepay.com https://www.jsctool.com https://consent.cookiefirst.com https://static.cookiefirst.com *.doubleclick.net *.clarity.ms *.weglot.com *.googletagmanager.com *.trustpilot.com *.mondu.ai/ *.mondu.local localhost:*/ connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://i.ytimg.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.cdninstagram.com *.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://mageside.com https://consent.cookiefirst.com https://static.cookiefirst.com *.facebook.com *.facebook.net *.google.de *.google.at *.google.ch *.google.nl *.google.ie *.google.pl *.google.dk *.google.no *.google.se *.google.fi https://cx.atdmt.com https://img.idealo.com https://www.googletagmanager.com https://widgets.trustedshops.com *.doubleclick.net *.shopvote.de *.bing.com *.clarity.ms *.amazonaws.com *.meetanshi.com *.weglot.com blob: *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.pay1.de https://d.ratepay.com https://consent.cookiefirst.com https://static.cookiefirst.com data: *.shopvote.de *.doubleclick.net *.s24.com *.bing.com *.clarity.ms *.weglot.com *.trustpilot.com matomo.baushop-express.com *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js www.facebook.com graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.stripe.network *.stripecdn.com https://static.klaviyo.com https://consent.cookiefirst.com https://static.cookiefirst.com *.shopvote.de *.weglot.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.baushop-express.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.pay1.de https://d.ratepay.com https://analytics.google.com https://consent.cookiefirst.com *.cookiefirst.com https://api.cookiefirst.com https://stats.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.nl *.google.ie *.google.pl *.google.dk *.google.no *.google.se *.google.fi data: *.shopvote.de *.facebook.com *.doubleclick.net https://googleads.g.doubleclick.net *.bing.com *.clarity.ms *.weglot.com *.google-analytics.com *.googlesyndication.com https://google.com matomo.baushop-express.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /tools/report/index; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-DRF6RGAV3viGQSrHJcktUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net magefan.com cm.magefan.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com https://img.youtube.com https://meetanshi.com/media/logo.png https://maps.gstatic.com https://maps.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ s7.addthis.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com expressentry.melissadata.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com ekr.zdassets.com/ https://maps.googleapis.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://d3f6h8s0w402y5.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com seal.digicert.com widget.trustpilot.com cdn.what3words.com cdn.evgnet.com walls.io l.getsitecontrol.com guidedrec.preferabli.com www.google.com www.gstatic.com services.postcodeanywhere.co.uk c1.rfihub.net d3f6h8s0w402y5.cloudfront.net www.tag4arm.com snap.licdn.com static.ads-twitter.com cdn.taboola.com s.pinimg.com connect.facebook.net smct.co s.yimg.com static.chartbeat.com assets.apollo.io client.prod.mplat-ppcprotect.com cdn.datalabsgroup.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net 6261229.collect.igodigital.com trc.taboola.com bat.bing.com s2.getsitecontrol.com ct.pinterest.com apis.google.com accounts.google.com a.img-statics.com service.force.com d.la11-core1.sfdc-cehfhs.salesforceliveagent.com d.la1-c1-cdg.salesforceliveagent.com static.lightning.force.com virginwines.my.salesforce-sites.com www.fastuktrack.com apps.rokt.com virginwines.my.salesforce.com s.kk-resources.com blob: netfree.link secured-pixel.com data1.klastaf.com js.braintreegateway.com assets.braintreegateway.com songbird.cardinalcommerce.com c.paypal.com www.paypal.com *.webtrends-optimize.com *.webtrends-optimize.workers.dev *.azurewebsites.net *.contentsquare.net app.contentsquare.com *.tradedoubler.com a.imgstatics.com apis.google.com accounts.google.com *.googleapis.com xzdeav5g.micpn-eu.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com https://*.sovendus.com virginwines.my.site.com ads.nextdoor.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com guidedrec.preferabli.com services.postcodeanywhere.co.uk d3f6h8s0w402y5.cloudfront.net service.force.com virginwines.my.salesforce-sites.com virginwines.my.salesforce.com *.webtrends-optimize.com *.webtrends-optimize.workers.dev https://*.sovendus.com virginwines.my.site.com; frame-src 'self' *; connect-src 'self' l.getsitecontrol.com region1.google-analytics.com api-js.mixpanel.com services.postcodeanywhere.co.uk api.preferabli.com guidedrec.preferabli.com px.ads.linkedin.com region1.analytics.google.com bat.bing.com c.contentsquare.net 6261229.collect.igodigital.com www.tag4arm.com stats.g.doubleclick.net psb.taboola.com click.prod.mplat-ppcprotect.com aplo-evnt.com api.ipify.org ct.pinterest.com events.getsitectrl.com srm.ba.contentsquare.net s.yimg.com trc-events.taboola.com k-aeu1.contentsquare.net pclick.prod.mplat-ppcprotect.com zu7k3v809b.execute-api.eu-west-1.amazonaws.com www.facebook.com s.kelkoogroup.net virginwines.my.salesforce-sites.com trc.taboola.com apis.google.com analytics.google.com www.google.co.uk www.google-analytics.com ad.doubleclick.net a.imgstatics.com bat.bing.net api.privacy-protector-adblocker.com pagead2.googlesyndication.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com www.paypal.com *.cloudfront.net *.cardinalcommerce.com *.contentsquare.net *.contentsquare.com fonts.googleapis.com *.webtrends-optimize.com *.webtrends-optimize.workers.dev *.azurewebsites.net apis.google.com accounts.google.com *.googleapis.com https://www.google.com google.com 6abynomjpa.execute-api.eu-west-1.amazonaws.com www.googleadservices.com *.google.com *.pinterest.com kg668dbov0.execute-api.us-east-1.amazonaws.com api.what3words.com https://www.facebook.com *.doubleclick.net *.conviva.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com virginwines.my.salesforce-scrt.com flask.nextdoor.com pips.taboola.com cds.taboola.com; font-src 'self' https: data:; img-src 'self' https: data: analytics.twitter.com t.co ad.doubleclick.net px.ads.linkedin.com *.webtrends-optimize.com *.contentsquare.net  https://*.sovendus.com flask.nextdoor.com; report-to csp-collector; 1
default-src 'self'; connect-src 'self' https://cdn-ilecmmd.nitrocdn.com https://amp.azure.net https://www.google.com https://to.getnitropack.com https://ka-f.fontawesome.com; script-src 'strict-dynamic' 'nonce-{VALUE}'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.stripe.com *.contactpigeon.com *.boxnow.gr https://www.googletagmanager.com *.skroutz.gr 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.contactpigeon.com https://firebasestorage.googleapis.com *.googletagmanager.com *.google.com *.google.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com js.stripe.com *.vivapayments.com https://ping.contactpigeon.com *.avada.io *.shopify.com https://www.octocom.ai https://go.linkwi.se https://zevioo.com *.googletagmanager.com *.skroutz.gr *.boxnow.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.bunny.net *.googletagmanager.com *.zevioo.com https://zevioo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.contactpigeon.com https://get.geojs.io *.avada.io *.zevioo.com https://zevioo.com *.skroutz.gr *.boxnow.gr *.google.gr 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.google.com.ua *.fbcdn.net www.google.com.ua *.ringostat.com blob: magefan.com cm.magefan.com *.disqus.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.ringostat.com *.disqus.com cdn.jsdelivr.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.ringostat.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com www.google.com www.google.com.ua *.ringostat.com *.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-PKUJGH61wpuMH1WQAYJ4qA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.credova.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.credova.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.credova.com/ https://*.clarity.ms https://*.bing.com *.yotpo.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://img.youtube.com https://firebasestorage.googleapis.com moogento.com *.moogento.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.credova.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.credova.com/ https://*.avmws.com https://*.livechatinc.com https://statsjs.klevu.com https://*.bing.com https://*.crazyegg.com https://*.clarity.ms *.yotpo.com js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com l2.moogento.com *.authorize.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://*.credova.com/ 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.credova.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.credova.com/ https://*.clarity.ms https://statsjs.klevu.com https://*.livechatinc.com *.yotpo.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.authorize.net *.automaticffl.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-XvquEC5izjL6ai6K3vjTchgqA4xlm8vIjUgHWjOZp_sc69Jz7VDzKg' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'nonce-XvquEC5izjL6ai6K3vjTchgqA4xlm8vIjUgHWjOZp_sc69Jz7VDzKg' 'report-sample'; report-uri https://www.graf.info/de/@http-reporting?csp=report&requestTime=1773720690725029&requestHash=66530c45568be34339dbbe71eaddb6061bcff559 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com cdn.userway.org *.userway.org *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.facebook.com platform.twitter.com https://plumrocket.com www.clarity.ms *.clarity.ms cdn.userway.org *.userway.org js.mollie.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.klevu.com *.ksearchnet.com www.clarity.ms *.clarity.ms cdn.userway.org *.userway.org store.paradoxlabs.com https://firebasestorage.googleapis.com https://www.mollie.com media.sezzle.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.plugins.emarsys.net *.scarabresearch.com connect.facebook.net twitter.com platform.twitter.com js.klevu.com *.ksearchnet.com www.clarity.ms *.clarity.ms cdn.userway.org *.userway.org *.authorize.net widget.freshworks.com m2epro.freshdesk.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com *.avada.io js.mollie.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com www.clarity.ms *.clarity.ms cdn.userway.org *.userway.org widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.cdnfonts.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.scarabresearch.com *.eservice.emarsys.net *.klevu.com *.ksearchnet.com www.clarity.ms *.clarity.ms cdn.userway.org *.userway.org api.userway.org *.authorize.net widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /csp-report-endpoint.php 1
default-src 'self'; script-src 'self' https://unpkg.com https://www.googletagmanager.com https://www.google.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.gstatic.com; style-src 'self' https://fonts.googleapis.com 'sha256-CJA/8o3lKgIsSMFoOMXs8tM1vlmEDT6OlAFy7+UCbI0='; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com data:; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-esB7PY74ZDLC8iCHeC_fJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
connect-src 'self' https://jspreadsheet.com data: https://*.paypal.com https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/ https://pa.grokacademy.org https:// https://beacon-v2.helpscout.net wss://realtime.groklearning.com wss://dualsite-terminal.comp.gl wss://terminal.problemrunner.grokacademy.org wss://sandbox.comp.gl dualsite-cybersecurity.comp.gl dualsite-scratch.comp.gl dualsite-pxtmicrobit.comp.gl https://systemsareeverywhere.grokacademy.org https://dualsite-preview.comp.gl https://*.dualsite-preview.comp.gl https://sandbox.comp.gl https://*.sandbox.comp.gl; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/ https://pa.grokacademy.org https:// https://beacon-v2.helpscout.net dualsite-cybersecurity.comp.gl dualsite-scratch.comp.gl dualsite-pxtmicrobit.comp.gl https://systemsareeverywhere.grokacademy.org https://dualsite-preview.comp.gl https://*.dualsite-preview.comp.gl https://sandbox.comp.gl https://*.sandbox.comp.gl 'nonce-NxGllg8QH1fY9YTiLwGCIg=='; style-src 'self' 'unsafe-inline' https://*.paypal.com https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/; img-src 'self' https://www.gravatar.com data: blob: https://*.paypal.com https://*.paypalobjects.com https://code.org https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/ https://pa.grokacademy.org https:// https://beacon-v2.helpscout.net; worker-src 'self' blob:; default-src 'self'; base-uri 'self'; style-src-attr 'self' 'unsafe-inline'; media-src 'self' https://*.paypal.com https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/; font-src 'self' data: https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/; form-action 'self' https://*.paypal.com; frame-src 'self' https://www.youtube.com https://dualsite-author-assets.dev.comp.gl/ dualsite-cybersecurity.comp.gl dualsite-scratch.comp.gl dualsite-pxtmicrobit.comp.gl https://systemsareeverywhere.grokacademy.org https://dualsite-preview.comp.gl https://*.dualsite-preview.comp.gl https://sandbox.comp.gl https://*.sandbox.comp.gl https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com https://wc.grokacademy.org https://groklearning-cdn.com https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://djtflbt20bdde.cloudfront.net https://d12wqas9hcki3z.cloudfront.net https://beaconapi.helpscout.net https://beacon-v2.helpscout.net https://assets.learn.groklearning-cdn.com https://*.gstatic.com/; report-uri https://sentry.grokacademy.org/api/4/security/?sentry_key=c762995966bb5918c06995c9f19e851d&sentry_environment=prod 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com airwallex.com *.airwallex.com google.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ static-demo.airwallex.com pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com imgs.signifyd.com airwallex.com *.airwallex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net google.com validator.swagger.io *.online-metrix.net/ checkout.airwallex.com imgs.signifyd.com checkout-demo.airwallex.com airwallex.com *.airwallex.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ static-demo.airwallex.com static.airwallex.com cdn-scripts.signifyd.com bws-demo.airwallex.com bws.airwallex.com imgs.signifyd.com h64.online-metrix.net airwallex.com *.airwallex.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ bws-demo.airwallex.com bws.airwallex.com api-demo.airwallex.com api.airwallex.com o11y-demo.airwallex.com o11y.airwallex.com imgs.signifyd.com airwallex.com *.airwallex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src airwallex.com *.airwallex.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src airwallex.com *.airwallex.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://langara.ca; script-src 'self' 'unsafe-inline' https://sites.langara.ca https://iweb.langara.ca https://www.googletagmanager.com  https://www.google-analytics.com https://js-agent.newrelic.com https://code.tidio.co https://langara.lndo.site https://seckit-langarscript-src-elema.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://cdn.jsdelivr.net https://langaratest.h5p.com https://langara.h5p.com https://public.tableau.com https://langara.libwizard.com https://api3-ca.libcal.com https://lgapi-ca.libapps.com https://unpkg.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://script.crazyegg.com https://analytics.tiktok.com https://www.redditstatic.com https://tags.srv.stackadapt.com https://sc-static.net https://tr.snapchat.com https://snap.licdn.com https://script.crazyegg.com blob: https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.google.com https://www.gstatic.com https://widget.lightcastcc.com; object-src 'self' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://lgapi-ca.libapps.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://tags.srv.stackadapt.com https://bbox.blackbaudhosting.com; img-src 'self' data: https://cdnjs.cloudflare.com https://www.google-analytics.com https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://public.tableau.com https://www.googleadservices.com https://www.google.ca https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://px.ads.linkedin.com https://alb.reddit.com https://www.googletagmanager.com https://www.googletagmanager.so https://www.googletagmanager.mx https://tracking.crazyegg.com https://*.googletagmanager.com https://www.google.com.tw https://px4.ads.linkedin.com https://bbox.blackbaudhosting.com https://www.linkedin.com https://www.google.co.jp https://connect.facebook.net https://www.google.fr https://www.google.com.br; media-src 'self' https://code.tidio.co https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io; frame-src 'self' https://sites.langara.ca https://iweb.langara.ca https://www.youtube.com https://code.tidio.co https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://langaratest.h5p.com https://langara.h5p.com https://public.tableau.com https://forms.office.com https://login.microsoftonline.com https://langara.libwizard.com https://outlook.office365.com https://www.googletagmanager.com https://tr.snapchat.com https://alb.reddit.com https://bbox.blackbaudhosting.com https://bbox.blackbaudhosting.com https://www.google.com https://www.facebook.com https://widget.lightcastcc.com; frame-ancestors 'self' https://sites.langara.ca https://iweb.langara.ca https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://www.google.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://code.tidio.co https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://lgapi-ca.libapps.com; connect-src 'self' https://www.google.com https://www.google-analytics.com https://bam.nr-data.net https://code.tidio.co wss://socket.tidio.co https://langara.lndo.site https://seckit-langara.pantheonsite.io https://dev-langara.pantheonsite.io https://test-langara.pantheonsite.io https://live-langara.pantheonsite.io https://langara.libcal.com https://lgapi-ca.libapps.com https://unpkg.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://tr.snapchat.com https://tags.srv.stackadapt.com https://www.redditstatic.com https://analytics-ipv6.tiktokw.us https://www.google.ca https://pixel-config.reddit.com https://tr6.snapchat.com https://www.googleadservices.com https://script.crazyegg.com https://px.ads.linkedin.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://*.crazyegg.com https://www.facebook.com https://www.googletagmanager.com https://region1.google-analytics.com https://www.google.fr https://www.google.com.br; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: platform.instagram.com www.instagram.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com *.google.* google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: blob: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' blob: www.instagram.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: www.youtube.com www.googletagmanager.com; disown-opener; block-all-mixed-content; report-uri https://porter.com.br?gdsih-csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com https://hpp.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://secure-test.worldpay.com/shopper/3ds/ddc.html https://secure.worldpay.com/shopper/3ds/ddc.html https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://pay.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.cookiebot.com consentcdn.cookiebot.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://pay.google.com https://secure-test.worldpay.com https://hpp.worldpay.com/ *.googleapis.com *.newrelic.com *.facebook.com *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: https://images.unsplash.com imgsct.cookiebot.com imgsct.cookiebot.eu *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.cookiebot.com consent.cookiebot.eu connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js *.soundcloud.com *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com https://fonts.googleapis.com/css *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.cookiebot.com consentcdn.cookiebot.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google.com/pay https://pay.google.com/gp/p/web_manifest.json https://pay.google.com/gp/p/payment_method_manifest.json https://pay.google.com/ https://google.com/pay *.worldpay.com https://hpp.worldpay.com/app/hpp/135-0/telemetry https://hpp.worldpay.com/app/hpp/135-0/payment/paypalsmartbutton/continue https://payments.worldpay.com/app/hpp/135-0/telemetry/iframe *.googlesyndication.com *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.hsforms.net *.unpkg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-HTAxPR1mzAhlP-Ih7wDMhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.eands.com.au *.alicdn.com *.flaticon.com *.fontawesome.com *.slant.co *.bazaarvoice.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.googlesyndication.com *.tiktok.com api.bazaarvoice.com stg.api.bazaarvoice.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.eands.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.eands.com.au *.criteo.com *.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.gstatic.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.agkn.com *.360yield.com *.3lift.com *.adnxs.com *.baidu.com *.bazaarvoice.com *.bidswitch.net *.bing.com *.bing.net *.casalemedia.com *.clarity.ms *.criteo.com *.criteo.net *.google.com *.googleadservices.com *.jobadder.com *.mediawallahscript.com *.pinterest.com *.prreqcroab.icu *.quantserve.com *.smartadserver.com *.subzero-wolf.com *.taboola.com *.turn.com *.wisepops.com google.com prreqcroab.icu s3.amazonaws.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gm www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tn www.google.to www.google.vu www.google.ws *.1rx.io *.adingo.jp *.adsrvr.org *.afterpay.com *.cdninstagram.com *.clmbtech.com *.crwdcntrl.net *.dmxleo.com *.google-analytics.com *.gumgum.com *.imrworldwide.com *.liadm.com *.lijit.com *.media.net *.mediavine.com *.openx.net *.outbrain.com *.paypalobjects.com *.postrelease.com *.pubmatic.com *.revcontent.com *.rezync.com *.rfihub.com *.rlcdn.com *.rubiconproject.com *.socdm.com *.sonobi.com *.stickyadstv.com *.tapad.com *.teads.tv *.tpmn.co.kr *.tpmn.io *.tremorhub.com *.twiago.com *.unrulymedia.com *.where-to-buy.co *.yahoo.com *.ytimg.com id5-sync.com pippio.com thrtle.com www.google.bj www.google.cn www.google.co.ck www.google.co.vi www.google.com.pr www.google.fm www.google.gg www.google.ki www.google.mw www.google.tm www.google.tt https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.eands.com.au *.newrelic.com *.nr-data.net *.googleapis.com *.criteo.net *.criteo.com *.adnxs.com *.bazaarvoice.com *.bing.com *.clarity.ms *.googleadservices.com *.hotjar.com *.jobadder.com *.pinimg.com *.pinterest.com *.quantcount.com *.quantserve.com *.wisepops.com *.zdassets.com googletagmanager.com wisepops.net *.paypal.com polyfill-fastly.io https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.instagram.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com display.ugc.bazaarvoice.com downloads.mailchimp.com *.eands.com.au *.typography.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.eands.com.au 'self' 'unsafe-inline'; media-src *.adobe.com *.eands.com.au *.zdassets.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.eands.com.au 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.eands.com.au *.nr-data.net *.newrelic.com *.googleapis.com *.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.criteo.com *.criteo.net *.google.com *.googleadservices.com *.hotjar.com *.hotjar.io *.pinterest.com *.quantcount.com *.wisepops.com *.zdassets.com google.com localhost wisepops.net www.google.ad www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cn www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tl www.google.to www.google.vu www.google.ws *.geoedge.com *.prreqcroab.icu *.quantserve.com *.typography.com *.zdassets-backup.com prreqcroab.icu www.google.cm www.google.co.ao www.google.co.ck www.google.co.vi www.google.com.bz www.google.com.na www.google.com.pr www.google.fm www.google.gg www.google.gy www.google.je www.google.kg www.google.la www.google.tg www.google.tm www.google.tn https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src *.eands.com.au assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eands.com.au *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://def893e4-f6e2-42b0-83af-ead3f58ab21a.sansec.watch/; report-to report-endpoint; 1
default-src 'self' *.alkompis.se;
								script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alkompis.se *.google.com *.twitter.com *.cloudflarestream.com *.vimeo.com *.youtube.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.youtube.com *.termly.io *.googletagmanager.com *.facebook.net *.google *.ampproject.org *.cookiebot.com *.holid.io;
								style-src 'self' 'unsafe-inline' *.alkompis.se *.googleapis.com;
								connect-src 'self' *.alkompis.se *.termly.io *.cookiebot.com *.google-analytics.com *.googlesyndication.com *.google.com *.doubleclick.net *.google *.adform.net *.holid.io;
								font-src 'self' data: *.alkompis.se *.gstatic.com;
								media-src 'self' data: *.alkompis.se;
								frame-src 'self' *.twitter.com *.soundcloud.com *.youtube.com *.googletagmanager.com *.facebook.com *.adtrafficquality.google *.cloudflarestream.com *.vimeo.com *.zendesk.com *.googlesyndication.com *.doubleclick.net *.google.com *.holid.io *.rubiconproject.com *.cookiebot.com;
								img-src 'self' data: *.alkompis.se *.vimeocdn.com *.adtrafficquality.google *.ytimg.com *.facebook.com *.googlesyndication.com *.google.com *.google.se *.doubleclick.net *.googletagmanager.com *.cookiebot.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-So-Nkv1k5hYbdbSFaOvPKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.googleapis.com *.cloudflare.com *.twitter.com *.certcapture.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff2 https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.bc0a.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.certcapture.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.certcapture.com *.amazonaws.com *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.bc0a.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.certcapture.com *.amazonaws.com *.twimg.com *.vimeocdn.com  *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net analytics.google.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com b.stats.paypal.com data.adxcel-ec2.com www.lionsden.com pixel.sitescout.com pixel.tapad.com secure.adnxs.com insight.adsrvr.org bob.dmpxs.com segment.prod.bid segment.prod.bidr.io su.addthis.com match.adsrvr.org ads.scorecardresearch.com eb2.3lift.com match.sync.ad.cpe.dotomi.com tags.rd.linksynergy.com dmp.truoptik.com i.liadm.com *.bc0a.com www.yextstatic.com us.yextevents.com tags.srv.stackadapt.com https://www.mollie.com www.sandbox.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.certcapture.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com http://www.w3.org/2000/svg https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.sharethis.com https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.basis.net *.cdn.bc0a.com *.secure.wufoo.com *.wufoo.com *.consents-cf.bc0a.com *.bc0a.com acsbapp.com *.acsbapp.com tags.srv.stackadapt.com js.adsrvr.org sites.yext.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.certcapture.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.bc0a.com tags.srv.stackadapt.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.certcapture.com *.amazonaws.com *.zopim.com *.zopim.io https://static.zdassets.com/ https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.bc0a.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.google-analytics.com *.cloudflare.com *.twitter.com *.certcapture.com *.amazonaws.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.bc0a.com acsbapp.com *.acsbapp.com tags.srv.stackadapt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline'; frame-ancestors *.youtube.com salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.twitter.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com youtube.com salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.hsforms.net *.hsforms.com www.google.pl ssl.ceneo.pl allekurier.pl icd.pl www.icd.pl cdn.samito.co icdpl.savecart.pl commerce-connector.com www.commerce-connector.com *.impartner.io savecart.pl *.savecart.pl *.cookiebot.com salesbot.trafficwatchdog.pl *.trafficwatchdog.pl data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.avada.io player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com googletagmanager.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com bam-cell.nr-data.net js-agent.newrelic.com bam.nr-data.net ssl.ceneo.pl cdn.allekurier.pl *.saleago.com icdpl.savecart.pl *.impartner.io *.hotjar.com savecart.pl *.savecart.pl *.cookiebot.com trafficscanner.pl *.trafficscanner.pl salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.bootstrapcdn.com icdpl.savecart.pl savecart.pl *.savecart.pl salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline'; object-src *.youtube.com salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com bam.nr-data.net *.googleapis.com googleads.g.doubleclick.net *.saleago.com icdpl.savecart.pl stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com savecart.pl *.savecart.pl *.cookiebot.com trafficscanner.pl *.trafficscanner.pl salesbot.trafficwatchdog.pl *.trafficwatchdog.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.icd.pl/; report-to report-endpoint; 1
style-src 'self' 'unsafe-inline' https://*.styla.com https://fast.fonts.net https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://delivery-assets.squarelovin.com https://fonts.googleapis.com https://cdn.parcellab.com https://www.gstatic.com https://cdn.behamics.com; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://strellson.com https://*.strellson.com https://app.usercentrics.eu https://web.cmp.usercentrics.eu https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://*.fls.doubleclick.net https://pay.google.com https://www.paypal.com https://*.adyen.com https://*.global-e.com https://www.facebook.com https://bat.bing.com https://*.cdn-apple.com; img-src 'self' blob: data: https:; connect-src 'self' https://strellson.com https://*.strellson.com https://*.usercentrics.eu https://*.service.usercentrics.eu https://*.kameleoon.io https://*.kameleoon.eu https://blackbit-styla.s3.eu-central-1.amazonaws.com  https://*.styla.com https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://squarelovin-main-app.s3.eu-central-1.amazonaws.com https://tracking-api.squarelovin.com https://www.paypal.com https://*.adyen.com https://*.clarity.ms https://ad.doubleclick.net https://*.bing.com https://*.bing.net https://ct.pinterest.com https://px.ads.linkedin.com https://ib.adnxs.com/pixie/up https://www.facebook.com https://connect.facebook.net https://*.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com https://google.com https://*.google.com:* https://*.analytics.google.com https://*.googleapis.com https://*.googletagmanager.com:* https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.parcellab.com https://bt.fraud0.com https://recommender.scarabresearch.com https://in.hotjar.com https://analytics-ipv6.tiktokw.us:* https://*.behamics.com; child-src 'self' https://strellson.com https://*.strellson.com; object-src 'none'; worker-src 'self' https://strellson.com https://*.strellson.com; media-src 'self' https://strellson.com https://*.strellson.com data: https://styla-prod-us.imgix.net https://cdn.kameleoon.com https://cdn-vid.squarelovin.com; frame-ancestors 'self' https://strellson.com https://*.strellson.com; default-src 'self' https://strellson.com https://*.strellson.com; font-src 'self' data: https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://fast.fonts.net https://fonts.gstatic.com https://s3.global-e.com https://script.hotjar.com https://*.cdn-apple.com; report-uri https://strellson.com/csp/report; report-to csp-endpoint; 1
worker-src blob:; font-src *.gstatic.com data: *.googleapis.com fonts.gstatic.com *.kxcdn.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://cdn.loadbee.com/js/loadbee_integration.js 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn https://service.loadbee.com/ http://www.paypal.com http://www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.cdninstagram.com *.fbcdn.net *.stripe.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.avada.io https://cdn.loadbee.com/js/loadbee_integration.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://availability.loadbee.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qdo6AVjUNTfB9ApmS5vt-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-H6Eys7twOwz9ugwDZ75LNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.paddypallin.com.au data: *.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net *.paypal.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.paddypallin.com.au https://*.facebook.com https://*.google.com *.braintree-api.com *.braintreegateway.com *.dotdigital-pages.com *.dotdigital.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.google.com *.cardinaltrusted.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com p.typekit.net *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.paddypallin.com.au *.nextopia.net https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net https://api.feefo.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.gstatic.com *.google.com *.google.com.au *.google.co.in *.zip.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js https://*.zip.com.au *.paddypallin.com.au *.nextopia.net *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com connect.facebook.net https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net *.google.com https://*.cloudfront.net *.zopim.com *.afterpay.com *.braintree-api.com *.braintreegateway.com https://api.feefo.com https://register.feefo.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.afterpaycdn.com *.squarecdn.com *.cash.app www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.nextopia.net *.googleapis.com *.gstatic.com static.client.cardinaltrusted.com *.hotjar.com *.jsdelivr.net app.anyroad.com static.hotjar.com static.klaviyo.com stats.g.doubleclick.net *.google.co.in cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.googletagmanager.com tagmanager.google.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.paddypallin.com.au data: https://fonts.googleapis.com *.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.afterpay.com *.paypal.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.nextopia.net *.zip.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.paddypallin.com.au *.zdassets.com *.paypal.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon *.zopim.com *.google-analytics.com *.googleapis.com https://*.zipmoney.com.au *.paddypallin.com.au https://*.cloudfront.net https://*.zip.co https://*.zip.com.au *.nr-data.net *.zendesk.com *.zdassets.com *.afterpay.com *.braintreegateway.com https://api.feefo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.nextopia.net *.cardinaltrusted.com *.barilliance.net www.barilliance.net api.barilliance.net stats.g.doubleclick.net *.hotjar.io static.hotjar.com ws15.hotjar.com capig.stape.gl static.klaviyo.com widget-mediator.zopim.com *.google.co.in webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-evQvP8FtXZq2Xblca1oeNg==' 1
font-src *.gstatic.com data: *.stamped.io maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.worldpay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.meetanshi.com maps.googleapis.com maps.gstatic.com www.facebook.com www.gstatic.com *.cloudfront.net www.google.pl *.stamped.io *.paypal.com *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.bing.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.meetanshi.com maps.googleapis.com maps.gstatic.com connect.facebook.net www.google.com http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com pay.google.com www.klarnapayments.com *.affirm.com *.routeapp.io *.bing.com cdn.ampproject.org *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com *.stamped.io www.klarnapayments.com www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.google.com *.meetanshi.com *.paypal.com *.authorize.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com www.paypalobjects.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.bing.com cdn.ampproject.org *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0tkb3dl1VUQnAnbeaXpjFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem https://*.magentosite.cloud https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.listrakbi.com https://*.azureedge.net https://*.bootstrapcdn.com 'unsafe-inline' https://*.yotpo.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/; script-src-elem https://*.magentosite.cloud https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.hotjar.com https://*.searchspring.io https://*.searchspring.net https://*.azureedge.net https://www.googletagmanager.com https://acsbapp.com https://*.blob.core.windows.net https://*.listrakbi.com https://*.listrak.com 'self' https://*.licdn.com https://*.bing.com https://*.pinimg.com https://*.pinterest.com https://*.pepperjam.com https://*.tctm.co https://*.facebook.net https://*.youtube.com https://*.jsdelivr.net 'unsafe-inline' https://*.newrelic.com https://*.googleapis.com *.bing.com *.calendly.com *.clarity.ms *.doubleclick.net *.facebook.net *.google.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.inspectlet.com *.jsdelivr.net *.kaltura.com *.licdn.com *.listrak.com *.listrakbi.com *.newrelic.com *.paypal.com *.paypalobjects.com *.pepperjam.com *.pinimg.com *.pinterest.com *.searchspring.net *.searchspring.io *.tctm.co *.tiktok.com *.twitter.com *.yotpo.com *.youtube.com acsbapp.com *.cloudfront.net *.azureedge.net *.blob.core.windows.net sc-static.net tagmanager.google.com analytics.google.com unpkg.com https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/; font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com https://*.googleapis.com https://*.gstatic.com data: https://*.fontawesome.com maxcdn.bootstrapcdn.com https://*.magentosite.cloud https://purdys.local https://*.purdys.local https://purdys.com https://*.purdys.com https://*.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.yotpo.com https://*.azureedge.net 'unsafe-inline' https://*.cloudfront.net *.flaticon.com sc-static.net https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ https://cash-f.squarecdn.com/ dhv2ziothpgrr.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com maps.googleapis.com maps.gstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com maps.googleapis.com maps.gstatic.com *.addthis.com https://*.moneris.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.yotpo.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com https://www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.meetanshi.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.magentosite.cloud purdys.local *.purdys.local *.bing.com *.clarity.ms *.doubleclick.net *.ggpht.com *.google.com *.googleusercontent.com *.inspectlet.com *.kaltura.com *.linkedin.com *.listrakbi.com *.pinterest.com *.searchspring.net *.twitter.com *.yandex.ru *.yotpo.com *.azureedge.net *.blob.core.windows.net swiperjs.com https://purdys.com https://*.purdys.com https://*.bing.com https://*.google.com 'self' https://*.google.ca https://*.linkedin.com https://*.cloudfront.net https://*.listrakbi.com https://*.searchspring.io https://*.doubleclick.net https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://franklin-assets.s3.amazonaws.com/ https://static.sandbox.afterpay.com/ https://static.afterpay.com/ https://static.sandbox.afterpay.com/logo/ *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.google-analytics.com *.googletagmanager.com dhv2ziothpgrr.cloudfront.net guarantee-cdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://*.moneris.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.magentosite.cloud https://purdys.com https://*.purdys.com *.googletagmanager.com tagmanager.google.com *.google.com *.facebook.net unpkg.com https://*.searchspring.io https://acsbapp.com https://*.blob.core.windows.net https://*.listrakbi.com 'self' acsbapp.com *.bing.com *.calendly.com *.clarity.ms *.doubleclick.net *.googleadservices.com *.googleoptimize.com *.hotjar.com *.inspectlet.com *.jsdelivr.net *.kaltura.com *.licdn.com *.listrak.com *.listrakbi.com *.paypalobjects.com *.pepperjam.com *.pinimg.com *.pinterest.com *.searchspring.net *.searchspring.io *.tctm.co *.tiktok.com *.twitter.com *.yotpo.com *.cloudfront.net *.azureedge.net *.blob.core.windows.net sc-static.net https://purdys.local https://*.purdys.local https://*.hotjar.com https://*.azureedge.net https://*.licdn.com https://*.bing.com https://*.pinimg.com https://*.tctm.co 'unsafe-inline' https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ *.redditstatic.com *.reddit.com *.ads-twitter.com *.klaviyo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com guarantee-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net https://*.moneris.com/ *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' assets.braintreegateway.com https://*.azureedge.net https://*.listrakbi.com https://*.yotpo.com *.cloudflare.com *.googletagmanager.com *.gstatic.com *.jsdelivr.net *.listrakbi.com *.azureedge.net *.blob.core.windows.net https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ *.tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com maps.googleapis.com maps.gstatic.com *.bing.com *.gstatic.com *.kaltura.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.magentosite.cloud https://purdys.local https://*.purdys.local *.bing.com *.clarity.ms *.cloudflare.com *.doubleclick.net *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.hotjar.io *.inspectlet.com *.jsdelivr.net *.kaltura.com *.licdn.com *.pepperjam.com *.pinimg.com *.tctm.co acsbapp.com *.cloudfront.net *.azureedge.net *.blob.core.windows.net www.google.ae www.google.am www.google.at https://purdys.com https://*.purdys.com https://*.listrakbi.com https://*.acsbapp.com https://*.pinterest.com https://*.linkedin.com https://*.velaro.com https://*.nr-data.net https://*.searchspring.io https://*.doubleclick.net https://*.hotjar.com https://*.tiktok.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://api.lab.amplitude.com/sdk/vardata https://sandbox.plaid.com/ https://production.plaid.com/ *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.run.app dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://beacon.searchspring.io/beacon *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f0d1d91f-01e4-4d5d-a8d9-5469b5b19d14.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-4QKCFiS9NDOu03_NdJj59A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_other/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-egxaQD-zsJEc4Abi2hKlkQ' 'unsafe-inline' 'strict-dynamic' https: http: 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com test.saferpay.com www.saferpay.com saferpay.com ai.stoeckli.ch red-mud-07164bb03-test.westeurope.5.azurestaticapps.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net https://www.magezon.com cembrapay.ch www.cembrapay.ch www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://rum.hlx.page www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com *.googletagmanager.com tagmanager.google.com https://7258763.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com ai.stoeckli.ch red-mud-07164bb03-test.westeurope.5.azurestaticapps.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.cembrapay.ch cembrapay.ch test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.facebook.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.addtoany.com/ *.instagram.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.paymentexpress.com *.windcave.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://popup.laybuy.com https://td.doubleclick.net https://placement-api.sandbox.afterpay.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.paymentexpress.com *.windcave.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.co.nz https://www.google.com https://integration-assets.laybuy.com 'self' data: t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.addtoany.com/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com cdn.jsdelivr.net *.reviews.io *.reviews.co.uk *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.paymentexpress.com *.windcave.com https://chimpstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com https://stats.addtoany.com/menu www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://www.google-analytics.com https://stats.g.doubleclick.net https://google.com https://www.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.empowerfcu.com analytics.google.com *.google-analytics.com *.inpwrd.net *.outbrain.com *.salemove.com api.glia.com autolink.io efraudprevention.net empowerfculocator.wave2.io fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net tags.srv.stackadapt.com www.googletagmanager.com; child-src www.culookup.com www.youtube.com; connect-src data: *.twilio.com connect.facebook.net *.googleapis.com www.google.com; font-src data: cdn.fontshare.com use.fontawesome.com; img-src blob: data: assets.orb.alkamitech.com i.ytimg.com images l.facebook.com www.livenation.com translate.google.com ui.autolink.io; media-src data:; script-src connect.facebook.net; script-src-elem blob: ajax.cloudflare.com apis.google.com; style-src blob:; style-src-elem use.fontawesome.com; form-action 'self' my.empowerfcu.com; frame-src *.efraudprevention.net empowerfculocator.wave2.io td.doubleclick.net tel www.culookup.com www.googletagmanager.com www.youtube.com content.inpwrd.net www.optoutprescreen.com; frame-ancestors 'self' *.empowerfcu.com *.zagclients.net; report-to https://empower.report-uri.com/r/t/csp/wizard 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.iubenda.com cs.iubenda.com www.googletagmanager.com *.google-analytics.com www.google.com challenges.cloudflare.com static.cloudflareinsights.com sibautomation.com; style-src 'self' 'unsafe-inline' cdn.iubenda.com; img-src 'self' data: assets.photoephemeris.com imagedelivery.net *.photoephemeris.com cdn.iubenda.com www.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net; font-src 'self'; connect-src 'self' data: api.photoephemeris.com bamburgh.photoephemeris.com cdn.iubenda.com idb.iubenda.com challenges.cloudflare.com *.google-analytics.com analytics.google.com *.analytics.google.com www.google.com *.doubleclick.net cloudflareinsights.com sibautomation.com in-automate.brevo.com o381349.ingest.us.sentry.io; frame-src widget.radiantdrift.com challenges.cloudflare.com www.youtube.com www.youtube-nocookie.com www.iubenda.com cdn.iubenda.com player.vimeo.com td.doubleclick.net www.google.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; manifest-src 'self'; worker-src 'self' blob: challenges.cloudflare.com; report-uri https://csp-reports.photoephemeris.com/csp-report 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com.tr/api/csp-report; report-to csp-endpoint 1
script-src 'self' blob: https://prod-bk-web.gb.rbi.tools/en/static/js/vendor.b8000af4.js https://prod-bk-web.gb.rbi.tools/en/static/js/main.6b4b7989.js https://prod-bk-web.gb.rbi.tools/en/static/js/runtime.be1116e2.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.gb.rbi.tools/en/static/js/vendor.bdb39402.js https://prod-bk-web.gb.rbi.tools/en/static/js/main.d02277f3.js https://prod-bk-web.gb.rbi.tools/en/static/js/runtime.1d3f553f.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https: 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://googletagmanager.com   https://www.googletagmanager.com   https://www.google-analytics.com   https://googleads.g.doubleclick.net   https://www.google.com   https://www.gstatic.com   https://analytics.tiktok.com   https://analytics-ipv6.tiktokw.us   https://sc-static.net   https://tr.snapchat.com   https://tr6.snapchat.com   https://connect.facebook.net   https://s.pinimg.com   https://js.adsrvr.org   https://c1.rfihub.net   https://live.rezync.com   https://chimpstatic.com   https://cdn.mouseflow.com   https://cdn.pricespider.com   https://locate.pricespider.com   https://omni.pricespider.com   https://wtbevents.pricespider.com   https://a.omappapi.com   https://cdn.cookielaw.org   https://tracker.pixeltracker.co   https://ipv6-pixelconnector.pixeltracker.co   https://apps.bazaarvoice.com   https://display.ugc.bazaarvoice.com   https://api.bazaarvoice.com   https://network.bazaarvoice.com   https://analytics-static.ugc.bazaarvoice.com   https://player.vimeo.com   https://api.tiles.mapbox.com   https://cdnjs.cloudflare.com;  style-src 'self' 'unsafe-inline'   https://use.typekit.net   https://p.typekit.net   https://a.omappapi.com   https://cdn.cookielaw.org   https://fonts.googleapis.com   https://www.gstatic.com   https://display.ugc.bazaarvoice.com   https://cdn.pricespider.com   https://api.tiles.mapbox.com;  font-src 'self' data:   https://use.typekit.net   https://p.typekit.net   https://fonts.gstatic.com;  img-src 'self' data: blob:   https://trkn.us   https://cdn.cookielaw.org   https://ct.pinterest.com   https://log.pinterest.com   https://ad.doubleclick.net   https://googleads.g.doubleclick.net   https://stats.g.doubleclick.net   https://analytics.google.com   https://adservice.google.com   https://www.google.com   https://*.google.com   https://*.google.*   https://www.gstatic.com   https://www.googletagmanager.com   https://connect.facebook.net   https://www.facebook.com   https://live.rezync.com   https://cm.g.doubleclick.net   https://ib.adnxs.com   https://dpm.demdex.net   https://image2.pubmatic.com   https://us-u.openx.net   https://p.rfihub.com   https://contextual.media.net   https://wt.rqtrk.eu   https://i.liadm.com   https://dsum-sec.casalemedia.com   https://idsync.rlcdn.com   https://partners.tremorhub.com   https://aa.agkn.com   https://x.bidswitch.net   https://sync-tm.everesttech.net   https://r.turn.com   https://network-a.bazaarvoice.com   https://network.bazaarvoice.com   https://display.ugc.bazaarvoice.com   https://photos-us.bazaarvoice.com   https://contentorigin.bazaarvoice.com   https://a.omappapi.com   https://cdn.pricespider.com   https://embeddedcloud.pricespider.com   https://wwwassets.pricespider.com   https://scontent-*.cdninstagram.com;  connect-src 'self'   https://www.google-analytics.com   https://analytics.google.com   https://ad.doubleclick.net   https://googleads.g.doubleclick.net   https://stats.g.doubleclick.net   https://capi.chickenofthesea.com   https://gtm.chickenofthesea.com   https://www.googletagmanager.com   https://insight.adsrvr.org   https://tr.snapchat.com   https://tr6.snapchat.com   https://analytics.tiktok.com   https://analytics-ipv6.tiktokw.us   https://live.rezync.com   https://cdn.mouseflow.com   https://cdn.cookielaw.org   https://api.omappapi.com   https://dual-pixelconnector.pixeltracker.co   https://ipv4-pixelconnector.pixeltracker.co   https://ipv6-pixelconnector.pixeltracker.co   https://ct.pinterest.com   https://apps.bazaarvoice.com   https://api.bazaarvoice.com   https://network.bazaarvoice.com   https://geolocation.onetrust.com   https://privacyportal-eu.onetrust.com   https://z.omappapi.com   https://a.omappapi.com   https://omni.pricespider.com   https://wtbevents.pricespider.com   https://wtbstream.pricespider.com   wss://wtbstream.pricespider.com   https://www.facebook.com   https://www.google.com   https://www.googleadservices.com   https://api.mapbox.com   https://events.mapbox.com;  frame-src 'self'   https://www.googletagmanager.com   https://gtm.chickenofthesea.com   https://9828219.fls.doubleclick.net   https://20848051p.rfihub.com   https://a.rfihub.com   https://insight.adsrvr.org   https://ct.pinterest.com   https://player.vimeo.com   https://match.adsrvr.org   https://tr.snapchat.com   https://display.ugc.bazaarvoice.com   https://api.bazaarvoice.com;  worker-src 'self' blob:; media-src 'self' data: blob:;  report-uri https://5u9h19we.uriports.com/reports/report; report-to default; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://analytics.tiktok.com https://graph.tiktok.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com *.fonts.googleapis.com data: *.cloudflare.com static.olark.com *.zohocdn.com *.userway.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com www.google.com www.gstatic.com apis.google.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com https://accounts.google.com *.addthis.com *.pinterest.com googleads.g.doubleclick.net www.google.co.in https://salesiq.zoho.com https://*.zohopublic.com https://*.zohopublic.in *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com *.bayengage.com *.b0e8.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.facebook.com *.pinterest.com assets.pinterest.com syndication.twitter.com *.facebook.com https://maps.gstatic.com https://maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.cdninstagram.com insight.adsrvr.org bat.bing.com www.google.co.in log.olark.com static.olark.com img-msg.tb-list.com pixel.rubiconproject.com match.adsrvr.org *.doubleclick.net *.meetanshi.com *.authorize.net *.zonos.com *.reddit.com *.userway.org primera.com *.primera.com marvel-b1-cdn.bc0a.com https://*.zohopublic.com https://*.zohopublic.in https://css.zohocdn.com http://translate.google.com *.linkedin.com *.outbrain.com *.mgid.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com *.bayengage.com https://wh.bayengage.com/magento *.b0e8.com *.bc0a.com *.kaptcha.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com *.disqus.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.facebook.com twitter.com platform.twitter.com static.addtoany.com https://maps.googleapis.com https://maps.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com maps.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org cdn-in.pagesense.io sf.bayengage.com bat.bing.com app.targetbay.com static.olark.com knrpc.olark.com www.gstatic.com verify.authorize.net *.userway.org sc-static.net *.redditstatic.com *.reddit.com *.pinimg.com *.snapchat.com *.googleoptimize.com *.zohopublic.in *.zohocdn.com *.zonos.com *.unpkg.com unpkg.com https://salesiq.zoho.com https://*.zohocdn.com https://*.zohopublic.in https://*.zohopublic.com *.facebook.net *.zoho.com *.linkedin.com *.licdn.com *.clarity.ms *.mgid.com *.outbrain.com *.taboola.com *.clickguard.com *.trustpilot.com www.xtento.com cdn.xtento.com https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com static.olark.com *.userway.org *.zohocdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com static.zohocdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com *.bayengage.com https://wh.bayengage.com/magento *.kaptcha.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io stats.addtoany.com https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://accounts.google.com maps.googleapis.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com settings.luckyorange.net pagesense.zoho.in locationapi.cdn-in.pagesense.io pagesense-collect.zoho.in app.targetbay.com knrpc.olark.com bat.bing.com sfc-api.bayengage.com www.google.co.in cart2quote.zendesk.com *.zonos.com *.snapchat.com *.reddit.com *.redditstatic.com *.userway.org *.pinterest.com *.zohopublic.in *.g.doubleclick.net trustpilot.com *.trustpilot.com https://salesiq.zohopublic.com https://*.zohopublic.in https://*.zohopublic.com wss://*.zohopublic.com ws://*.zohopublic.com *.typesense.net vts.zohopublic.com *.demdex.net *.linkedin.com *.outbrain.com *.clarity.ms *.taboola.com *.clickguard.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.8wines.com *.8wines.de *.8wines.cz *.8wines.it *.8wines.pl *.8wines.nl *.8wines.fr *.8wines.be *.tawk.to *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com js.stripe.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com https://accounts.google.com https://bid.g.doubleclick.net *.kaptcha.com/ https://app.usercentrics.eu https://sandbox.bluesnap.com https://ad4m.at https://www.bluesnap.com https://checkout.bluesnap.com https://www.awin1.com https://ad.ad-srv.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.googletagmanager.com x.adroll.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com data: 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com flagpedia.net https://redchamps.com 8wines.com *.8wines.com *.8wines.de *.8wines.cz *.8wines.it *.8wines.pl *.8wines.nl *.8wines.fr *.8wines.be http://bat.bing.com https://www.google.com https://www.google.com.ua https://widgets.trustedshops.com *.inspectlet.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://integrations.etrusted.com https://app.usercentrics.eu https://www.heureka.cz https://mywebconect.com https://ad.yieldlab.ne https://as.ad4m.at https://x.bidswitch.net https://dsum-sec.casalemedia.com https://ad.yieldlab.net https://glp8.net https://www.awin1.com https://www.wepowerconnections.com https://usync.vrtcal.com https://rtb-csync.smartadserver.com https://ad.360yield.com https://sync.outbrain.com https://pixel.rubiconproject.com https://inv-nets.admixer.net https://ups.analytics.yahoo.com https://e1.emxdgt.com https://sync-eu.connectad.io https://s.ad.smaato.net https://s.pubmine.com https://ih.adscale.de https://simage2.pubmatic.com https://a.twiago.com https://csync.loopme.me https://ad11.adfarm1.adition.com https://dsum.casalemedia.com https://d3k81ch9hvuctc.cloudfront.net https://uct.service.usercentrics.eu https://c1.adform.net *.adform.net https://sync.1rx.io https://us-u.openx.net x.adroll.com d.adroll.com idsync.rlcdn.com image2.pubmatic.com ml314.com pixel.tapad.com sync.taboola.com eb2.3lift.com ib.adnxs.com um.simpli.fi capi.connatix.com lrp.mxptint.net cs.media.net rtb.adentifi.com c.bing.com tags.rd.linksynergy.com cm.adgrx.com bcp.crwdcntrl.net sync.ipredictive.com sync.tidaltv.com segments.company-target.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.google.bg https://www.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://accounts.google.com widget.freshworks.com m2epro.freshdesk.com *.disqus.com maps.googleapis.com 8wines.com *.8wines.com *.8wines.de *.8wines.cz *.8wines.it *.8wines.pl *.8wines.nl *.8wines.fr *.8wines.be *.trustedshops.com https://embed.tawk.to http://bat.bing.com https://googleads.g.doubleclick.net *.tawk.to https://cdn.jsdelivr.net *.inspectlet.com *.bluesnap.com https://static.ads-twitter.com https://integrations.etrusted.com https://app.usercentrics.eu https://analytics.tiktok.com https://s.yimg.com https://s.retargeted.co https://app.ardalio.com https://js.admediasales.com https://s2.adform.net https://track.adform.net https://im9.cz https://static.cloudflareinsights.com https://www.dwin1.com https://pix.hyj.mobi https://analytics.webgains.io https://ad4m.at https://www.awin1.com https://www.wepowerconnections.com https://tm.ad-srv.net https://c.seznam.cz https://ehub.cz https://postback.affiliateport.eu https://tag.facemyads.co https://ct.beslist.nl https://www.google.com https://www.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://widgets.trustedshops.com *.termly.io s.adroll.com d.adroll.com s.kk-resources.com widget.usersnap.com www.clarity.ms trkwwtarget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com 8wines.com *.8wines.com *.8wines.de *.8wines.cz *.8wines.it *.8wines.pl *.8wines.nl *.8wines.fr *.8wines.be https://fonts.googleapis.com *.jsdelivr.net *.inspectlet.com https://integrations.etrusted.com https://embed.tawk.to *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.wepowerconnections.com https://the.sciencebehindecommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com www.gstatic.com maps.googleapis.com 8wines.com *.8wines.com *.8wines.de *.8wines.cz *.8wines.it *.8wines.pl *.8wines.nl *.8wines.fr *.8wines.be https://stats.g.doubleclick.net https://www.google-analytics.com *.tawk.to wss://vsa2.tawk.to https://www.google.com *.inspectlet.com wss://ws.inspectlet.com/ https://integrations.etrusted.com https://googleads.g.doubleclick.net https://s.yimg.com https://analytics.tiktok.com https://api.usercentrics.eu https://aggregator.service.usercentrics.eu https://api.trustedshops.com https://shops-si.trustedshops.com https://api.trustbadge.etrusted.com https://trustbadge.api.etrusted.com https://api.retargeted.co wss://vsa121.tawk.to wss://vsa5.tawk.to wss://vsa32.tawk.to wss://vsa55.tawk.to wss://vsa65.tawk.to https://www.wepowerconnections.com wss://*.tawk.to https://t.affiliateport.eu https://app.ardalio.com https://consent-api.service.consent.usercentrics.eu *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustedshops.com *.etrusted.com app.termly.io u.clarity.m u.clarity.ms d.adroll.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: maxcdn.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.authorize.net test.authorize.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com secure.authorize.net test.authorize.net *.weltpixel.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com maps.googleapis.com www.gstatic.com connect.facebook.net secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net https://www.googletagmanager.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.gstatic.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com www.googleapis.com apitest.authorize.net jstest.authorize.net https://www.google-analytics.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-tgorUneAOl3Aigf7K9ts6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://www.googletagmanager.com; default-src 'self'; img-src https://www.google-analytics.com https://www.googletagmanager.com; script-src https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' seedtable.kit.com seedtable.ck.page f.convertkit.com browser.sentry-cdn.com js.sentry-cdn.com www.googletagmanager.com cdn.jsdelivr.net tally.so; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' seedtable.kit.com seedtable.ck.page f.convertkit.com browser.sentry-cdn.com js.sentry-cdn.com www.googletagmanager.com cdn.jsdelivr.net tally.so; connect-src 'self' www.google-analytics.com region1.google-analytics.com *.sentry.io plausible.io tally.so app.convertkit.com app.kit.com; frame-src 'self' tally.so; font-src 'self' data: tally.so fonts.gstatic.com; img-src 'self' data: *.cloudfront.net www.googletagmanager.com imagedelivery.net *.r2.cloudflarestorage.com golden-storage-production.golden-support.com tally.so; style-src 'self' 'unsafe-inline' fonts.googleapis.com tally.so; default-src 'self'; report-uri https://o4508421764284416.ingest.de.sentry.io/api/4508421765464144/security/?sentry_key=049f58b24919aec388d9ee6189c45396; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://pay.instamed.com https://premier.trustcommerce.com;script-src 'nonce-c0439506ef614cccb1f92221a12a91c9' https://elriomychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://elriomychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src 'self'; img-src data: blob: *; media-src * blob:; font-src 'self' data: fonts.gstatic.com framerusercontent.com app.framerstatic.com use.typekit.net widget.usepylon.com; script-src 'self' 'unsafe-eval' *.amazonaws.com www.googletagmanager.com events.framer.com; script-src-elem 'unsafe-inline' 'self' *.liadm.com vercel.live www.googletagmanager.com *.amazonaws.com framerusercontent.com events.framer.com widget.usepylon.com connect.facebook.net challenges.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com vercel.live widget.usepylon.com; connect-src 'self' * wss://api.assemblyai.com wss://streaming.assemblyai.com wss://api.listenlabs.ai; worker-src 'self' blob:; frame-src 'self' https:; report-uri /api/reporting/content-security 1
font-src *.alothemes.com *.magepow.com fonts.gstatic.com *.forms.app *.googleusercontent.com *.hsappstatic.net *.klaviyo.com *.shopify.com *.slant.co *.typekit.net unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net https://app-wallee.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.googletagmanager.com *.addtoany.com *.bing.com *.cookiebot.com *.doubleclick.net *.forms.app forms.app *.google.com *.opendns.com *.sg.ch 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://app-wallee.com https://img.youtube.com *.alothemes.com *.magepow.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.za www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gl www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.kg www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.td www.google.tg www.google.tm www.google.tn *.google.com google.com *.googlesyndication.com *.googleusercontent.com *.gstatic.com *.kreando.ch *.researchsolutions.com s3.amazonaws.com *.shopify.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes';, script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net https://polyfill-fastly.io https://browser.sentry-cdn.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com *.alothemes.com *.magepow.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.addtoany.com app-wallee.com *.bing.com *.clarity.ms *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.net forms.app *.googleapis.com *.google.com *.googlesyndication.com *.klaviyo.com *.opendns.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://static.klaviyo.com https://cdn.jsdelivr.net https://app-wallee.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com *.forms.app *.googleapis.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io https://app-wallee.com https://assets.secure.checkout.visa.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com app-wallee.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.doubleclick.net *.googleapis.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.za www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.is www.google.it www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.td www.google.tg www.google.tm www.google.tn *.googlesyndication.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a6e15cd5-e9b8-4f46-a176-3fcce39765e1.sansec.watch/; report-to report-endpoint; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv30.%7Dv56o-19cf9bc33f3-0x1704#pd 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.typekit.net *.sharethis.com www.ilfordphoto.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn www.ilfordphoto.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.ilfordphoto.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn www.xtento.com www.ilfordphoto.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com store.paradoxlabs.com *.typekit.net *.sharethis.com www.xtento.com cdn.xtento.com www.ilfordphoto.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.authorize.net *.sharethis.com *.typekit.net www.xtento.com cdn.xtento.com www.ilfordphoto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.typekit.net www.ilfordphoto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.ilfordphoto.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.stripe.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net *.typekit.net *.sharethis.com stats.g.doubleclick.net www.ilfordphoto.com 'self' 'unsafe-inline'; child-src www.ilfordphoto.com http: https: blob: 'self' 'unsafe-inline'; default-src www.ilfordphoto.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-i8kzZ4IFZpXG3JCScUMa_Q' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.googleapis.com https://static.klaviyo.com https://klaviyo.com *.fontawesome.com https://fonts.bunny.net https://d1cwup7r903a1d.cloudfront.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com https://static.klaviyo.com https://klaviyo.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * gstatic.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ https://images.unsplash.com *.googleapis.com https://*.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://klaviyo.com https://www.google.co.in https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://analytics.google.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://klaviyo.com https://cdn-cookieyes.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com gstatic.com cdn.routeapp.io https//fonts.googleapis.com https://protect-quote-q.route.com protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com https://static.klaviyo.com https://klaviyo.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com https//fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net fonts.cdnfonts.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://klaviyo.com https://log.cookieyes.com https://cdn-cookieyes.com https://api.lab.amplitude.com https://api.amplitude.com https://region1.amplitude.com https://region2.amplitude.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com gstatic.com api.route.com https://protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.whisbi.com script.hj.contentsquare.net *.contentsquare.net; https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com connect.facebook.net *.luxtrust.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com open.spotify.com *.facebook.net *.iadvize.com csxd.orange.lu orely.test.luxtrust.com orely.luxtrust.com *.ariadnext.io *.csxd.orange.lu *.csxd.checkout-revamp-uwj4pqq-76psfv3wag3fe.eu-6.magentosite.cloud *.csxd.integration-5ojmyuq-76psfv3wag3fe.eu-6.magentosite.cloud *.csxd.mcstaging.orange.lu csxd.checkout-revamp-uwj4pqq-76psfv3wag3fe.eu-6.magentosite.cloud csxd.integration-5ojmyuq-76psfv3wag3fe.eu-6.magentosite.cloud csxd.mcstaging.orange.lu payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com magefan.com cm.magefan.com tr.snapchat.com *.storyblok.com *.placeholder.com px.ads.linkedin.com *.whisbi.com t.co *.iadvize.com *.contentsquare.net app.ekoo.co *.app.ekoo.co www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js-agent.newrelic.com bam.nr-data.net script.crazyegg.com snap.licdn.com static.ads-twitter.com sc-static.net track.adform.net *.whisbi.com www.google.fr sdk.privacy-center.org *.adform.net analytics.twitter.com *.iadvize.com *.contentsquare.net app.contentsquare.com app.ekoo.co *.app.ekoo.co payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.whisbi.com *.iadvize.com app.ekoo.co *.app.ekoo.co https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudflarestream.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es script.crazyegg.com bam.nr-data.net tracking.crazyegg.com *.whisbi.com *.iadvize.com wss://*.iadvize.com wss://*.twilio.com *.contentsquare.net *.contentsquare.com app.ekoo.co *.app.ekoo.co ad.doubleclick.net *.doubleclick.net  *.videobot.com api.videobot.com mcstaging.orange.lu *.mcstaging.orange.lu payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ZfVy2bbQHs3hTqPzPYiPdA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-sinWQqifyjTXNBsZ8c4Uhw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-kOW65cxerzS6fFhY6n_2nw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.wp.com/ https://fonts.googleapis.com/; img-src 'self' data: https://*.wp.com/ https://secure.gravatar.com/ https://*.w.org/  ; font-src 'self' data: https://*.wp.com/ https://fonts.gstatic.com/; connect-src 'self' https://www.google-analytics.com/ ; frame-src 'self' https://*.wp.com/ ‘unsafe-inline’;script-src 'self'  https://www.googletagmanager.com/ https://*.wp.com/ ; 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-i9ENv2vgHHvo-CfQXXM1Jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com va.vercel-scripts.com vitals.vercel-insights.com challenges.cloudflare.com tags.srv.stackadapt.com *.tiktok.com *.tiktokw.us *.attn.tv *.attentivemobile.com *.crispnow.com *.honeybook.com *.facebook.com connect.facebook.net *.cloudfront.net *.userway.org *.formstack.com *.clarity.ms; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net tags.srv.stackadapt.com *.googleapis.com *.tiktok.com *.tiktokw.us *.attn.tv *.attentivemobile.com *.crispnow.com *.userway.org *.formstack.com; img-src 'self' data: blob: *.clarity.ms cdn.shopify.com picsum.photos *.placehold.co api.mapbox.com events.mapbox.com *.tiles.mapbox.com *.tile.openstreetmap.org *.google.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com tags.srv.stackadapt.com *.tiktok.com *.tiktokw.us *.attn.tv *.attentivemobile.com *.crispnow.com *.facebook.com connect.facebook.net *.honeybook.com *.userway.org *.formstack.com cdn.sanity.io *.sanity.io *.apicdn.sanity.io; media-src 'self' cdn.shopify.com; font-src 'self' use.typekit.net p.typekit.net data: *.googleapis.com *.gstatic.com swig.franconnect.net *.formstack.com; connect-src 'self' *.google.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com va.vercel-scripts.com vitals.vercel-insights.com api.mapbox.com events.mapbox.com *.tiles.mapbox.com challenges.cloudflare.com tags.srv.stackadapt.com *.tiktok.com *.tiktokw.us *.attn.tv *.attentivemobile.com *.crispnow.com *.facebook.com connect.facebook.net *.honeybook.com *.cloudfront.net *.userway.org *.salesforce-sites.com *.formstack.com *.clarity.ms cdn.sanity.io *.sanity.io *.apicdn.sanity.io; frame-src 'self' challenges.cloudflare.com www.googletagmanager.com *.google.com *.googlesyndication.com *.doubleclick.net *.tiktok.com *.tiktokw.us *.attn.tv *.attentivemobile.com *.crispnow.com *.honeybook.com *.facebook.com connect.facebook.net swig.franconnect.net *.swig.franconnect.net *.formstack.com 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net maxcdn.bootstrapcdn.com fonts.gstatic.com designpanels.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.facebook.net designpanels.de 'self' 'unsafe-inline'; frame-ancestors designpanels.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.klarna.com *.facebook.com *.facebook.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com designpanels.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.facebook.com *.facebook.net mageside.com maps.googleapis.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com designpanels.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.facebook.com *.facebook.net player.vimeo.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com designpanels.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com designpanels.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com designpanels.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.facebook.com *.facebook.net *.google-analytics.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com designpanels.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com designpanels.de http: https: blob: 'self' 'unsafe-inline'; default-src designpanels.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com sgtm.goodfellow.com consentcdn.cookiebot.com app-eu1.hubspot.com *.hs-sites-eu1.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.goodfellow.local *.goodfellow.com mcprod.goodfellow.com mcstaging.goodfellow.com *.feefo.com *.hubspot.com *.linkedin.com *.socialintents.com *.vimeo.com *.cookiebot.com *.bing.com *.businessintuition247.com *.clarity.ms *.google.co.uk *.google.com *.doubleclick.net *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com *.licdn.com *.iweb.co.uk *.mida.so *.hsforms.com goodfellow.com openfpcdn.io *.hubapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.goodfellow.local *.feefo.com *.hubspot.com *.linkedin.com *.socialintents.com *.vimeo.com *.cookiebot.com *.bing.com *.businessintuition247.com *.clarity.ms *.google.co.uk *.doubleclick.net *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com *.licdn.com *.iweb.co.uk *.mida.so *.hsforms.com *.goodfellow.com goodfellow.com openfpcdn.io *.hubapi.com bam.nr-data.net js-eu1.usemessages.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.goodfellow.local *.feefo.com *.hubspot.com *.linkedin.com *.socialintents.com *.vimeo.com *.cookiebot.com *.bing.com *.businessintuition247.com *.clarity.ms *.google.co.uk *.doubleclick.net *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com *.licdn.com *.iweb.co.uk *.mida.so *.hsforms.com *.goodfellow.com goodfellow.com openfpcdn.io *.hubapi.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com *.goodfellow.local *.feefo.com *.hubspot.com *.linkedin.com *.socialintents.com *.vimeo.com *.cookiebot.com *.bing.com *.businessintuition247.com *.clarity.ms *.google.co.uk *.google-analytics.com *.doubleclick.net *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com *.licdn.com *.iweb.co.uk *.mida.so *.hsforms.com *.goodfellow.com goodfellow.com openfpcdn.io *.hubapi.com static.hsappstatic.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.goodfellow.com/csp-report; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-EQ0S7kkVymwC4nTJ3CV+3A=='; report-uri https://send.hsbrowserreports.com/csp/report 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-FVkMhc9DiTzAUbGSS_c7cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self' *.aer.ca devaer.aer.ca *.ags.aer.ca uat-ags.aer.ca devags.aer.ca static.aer.ca www.google-analytics.com blob: *.google.com.com *.google.com.ad *.google.com.ae *.google.com.com.af *.google.com.com.ag *.google.com.al *.google.com.am *.google.com.co.ao *.google.com.com.ar *.google.com.as *.google.com.at *.google.com.com.au *.google.com.az *.google.com.ba *.google.com.com.bd *.google.com.be *.google.com.bf *.google.com.bg *.google.com.com.bh *.google.com.bi *.google.com.bj *.google.com.com.bn *.google.com.com.bo *.google.com.com.br *.google.com.bs *.google.com.bt *.google.com.co.bw *.google.com.by *.google.com.com.bz *.google.com.ca *.google.com.cd *.google.com.cf *.google.com.cg *.google.com.ch *.google.com.ci *.google.com.co.ck *.google.com.cl *.google.com.cm *.google.com.cn *.google.com.com.co *.google.com.co.cr *.google.com.com.cu *.google.com.cv *.google.com.com.cy *.google.com.cz *.google.com.de *.google.com.dj *.google.com.dk *.google.com.dm *.google.com.com.do *.google.com.dz *.google.com.com.ec *.google.com.ee *.google.com.com.eg *.google.com.es *.google.com.com.et *.google.com.fi *.google.com.com.fj *.google.com.fm *.google.com.fr *.google.com.ga *.google.com.ge *.google.com.gg *.google.com.com.gh *.google.com.com.gi *.google.com.gl *.google.com.gm *.google.com.gr *.google.com.com.gt *.google.com.gy *.google.com.com.hk *.google.com.hn *.google.com.hr *.google.com.ht *.google.com.hu *.google.com.co.id *.google.com.ie *.google.com.co.il *.google.com.im *.google.com.co.in *.google.com.iq *.google.com.is *.google.com.it *.google.com.je *.google.com.com.jm *.google.com.jo *.google.com.co.jp *.google.com.co.ke *.google.com.com.kh *.google.com.ki *.google.com.kg *.google.com.co.kr *.google.com.com.kw *.google.com.kz *.google.com.la *.google.com.com.lb *.google.com.li *.google.com.lk *.google.com.co.ls *.google.com.lt *.google.com.lu *.google.com.lv *.google.com.com.ly *.google.com.co.ma *.google.com.md *.google.com.me *.google.com.mg *.google.com.mk *.google.com.ml *.google.com.com.mm *.google.com.mn *.google.com.com.mt *.google.com.mu *.google.com.mv *.google.com.mw *.google.com.com.mx *.google.com.com.my *.google.com.co.mz *.google.com.com.na *.google.com.com.ng *.google.com.com.ni *.google.com.ne *.google.com.nl *.google.com.no *.google.com.com.np *.google.com.nr *.google.com.nu *.google.com.co.nz *.google.com.com.om *.google.com.com.pa *.google.com.com.pe *.google.com.com.pg *.google.com.com.ph *.google.com.com.pk *.google.com.pl *.google.com.pn *.google.com.com.pr *.google.com.ps *.google.com.pt *.google.com.com.py *.google.com.com.qa *.google.com.ro *.google.com.ru *.google.com.rw *.google.com.com.sa *.google.com.com.sb *.google.com.sc *.google.com.se *.google.com.com.sg *.google.com.sh *.google.com.si *.google.com.sk *.google.com.com.sl *.google.com.sn *.google.com.so *.google.com.sm *.google.com.sr *.google.com.st *.google.com.com.sv *.google.com.td *.google.com.tg *.google.com.co.th *.google.com.com.tj *.google.com.tl *.google.com.tm *.google.com.tn *.google.com.to *.google.com.com.tr *.google.com.tt *.google.com.com.tw *.google.com.co.tz *.google.com.com.ua *.google.com.co.ug *.google.com.co.uk *.google.com.com.uy *.google.com.co.uz *.google.com.com.vc *.google.com.co.ve *.google.com.co.vi *.google.com.com.vn *.google.com.vu *.google.com.ws *.google.com.rs *.google.com.co.za *.google.com.co.zm *.google.com.co.zw *.google.com.cat 'unsafe-inline' www.googletagmanager.com cdn.jsdelivr.net kit.fontawesome.com *.feedbucket.app 'unsafe-eval' *.jquery.com cdn.datatables.net ajax.googleapis.com web-sdk.smartlook.com komito.net datamart.github.io snap.licdn.com www.cognitoforms.com unpkg.com cdnjs.cloudflare.com app.addsearch.com cdn.walkme.com connect.facebook.net fonts.googleapis.com cdn-images.mailchimp.com www.gstatic.com data: *.blob.core.windows.net *.cloudfront.net *.ytimg.com translate.google.com www.google.ca px.ads.linkedin.com fonts.gstatic.com _.google.com www.google.com._ youtube.com www.youtube.com vimeo.com aercclrsprdaerwebdat03.blob.core.windows.net gateway.zscalerthree.net *.fontawesome.com at.alicdn.com *.addsearch.com *.google-analytics.com *.google.ca *.google.com assets-proxy.smartlook.cloud web-writer.us.smartlook.cloud manager.eu.smartlook.cloud analytics.google.com stats.g.doubleclick.net marketingplatform.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src  'none'; connect-src 'self' *.hardx.com *.xempire.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.hardx.com *.xempire.com join.gammasecure.com; script-src 'self' *.hardx.com *.xempire.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.hardx.com *.xempire.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-x3QZJS2CHFPX_fy30wrv1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://connect.facebook.net/ connect.facebook.net graph.facebook.com business.facebook.com apis.google.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://static-m.meteo.cat; font-src 'self' https://fonts.gstatic.com; 1
script-src https://content.vistana.com 'self' https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://www.facebook.com https://pal-test.adyen.com https://track.sv.rkdms.com https://*.clicktale.net https://c.az.contentsquare.net https://images.securedvisit.com https://assets.adobedtm.com https://api.securedvisit.com https://*.contentsquare.com https://pay.google.com https://track.securedvisit.com https://dpm.demdex.net blob: https://t.contentsquare.net/uxa/f3e2b0b1cfa35.js https://zn3wuecdqd6sxvlyu-marriottvacationclub.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval' 'unsafe-inline' https://payments.salesforce.com/ https://content.securedvisit.com https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://mvwvo--exppod2--c.sandbox.vf.force.com https://checkoutshopper-live.adyen.com/ https://s32171.pcdn.co https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://privacy-portal-mvwc-cdn.my.onetrust.com https://maps.a.forceusercontent.com https://connect.facebook.net https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://geolocation.onetrust.com https://*.kampyle.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://mordev.112.2o7.net https://mvwvo--exppod2--c.sandbox.vf.force.com/resource/1669023906000/x7smvtestimage https://s20426.pcdn.co https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://cdn.cookielaw.org/ https://bat.bing.com https://js.stripe.com/ https://cdn.tt.omtrdc.net https://t.contentsquare.net https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://*.contentsquare.net; report-to sfdc-csp-ep; report-uri https://mvwvo.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D4x000006sQxi&networkId=0DM4x000000dPWp&type=communities 1
default-src 'self' https://assetspwa.bananarepublic.com.mx; script-src 'self' https://assetspwa.bananarepublic.com.mx; script-src 'self' https://assetspwa.bananarepublic.com.mx* 'unsafe-inline'; font-src 'self' https://assetspwa.bananarepublic.com.mx; script-src https://assetspwa.bananarepublic.com.mx; style-src 'self' https://assetspwa.bananarepublic.com.mx 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-2ua0UEXp9rDmezkxsUyjbw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://console.accessibleweb.com https://maxcdn.bootstrapcdn.com https://polyfill-fastly.io https://static.addtoany.com https://unpkg.com https://www.google.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.google.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.app.goo.gl *.hotjar.com *.newrelic.com *.nr-data.net *.google-analytics.com https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ www.google.ca www.google.com songbirdstag.cardinalcommerce.com c.paypal.com js.braintreegateway.com assets.braintreegateway.com api.braintreegateway.com client-analytics.braintreegateway.com *.cloudflare.com *.fontawesome.com *.twitter.com *.twimg.com *.trustedshops.com scontent.cdninstagram.com cdn.lightwidget.com pay.google.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com *.usercentrics.eu *.google.com maps.googleapis.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.app.goo.gl *.hotjar.io wss://ws.hotjar.com/ *.newrelic.com *.nr-data.net *.google-analytics.com https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ www.google.ca www.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.famedigital.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.famedigital.com join.gammasecure.com; script-src 'self' *.famedigital.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.famedigital.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rE44Pc4GwvK1Q9A_WI1uHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com https://static.dhlecommerce.nl https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.trustpilot.com 'self' 'unsafe-inline'; img-src cdn.verfwinkel.nl data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://www.mollie.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://static.dhlecommerce.nl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://hcaptcha.com https://*.hcaptcha.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.ie https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://*.ravecapture.com https://trustspot-app-assets.s3.amazonaws.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.circularhub.com https://flyers.canex.ca https://td.doubleclick.net https://www.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com maps.googleapis.com https://services.postcodeanywhere.co.uk https://ws1.postescanada-canadapost.ca https://www.google.ca https://www.facebook.com https://*.ravecapture.com https://ravecapture-app-assets.s3.amazonaws.com https://*.canex.ca https://*.flippenterprise.net https://*.wishabi.net https://*.wishabi.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com imgs.signifyd.com *.hsforms.net *.hsforms.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com maps.googleapis.com developers.google.com https://s7.addthis.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://trustspot.io https://*.ravecapture.com https://www.circularhub.com https://acsbap.com https://acsbapp.com https://cdn.acsbapp.com https://ws1.postescanada-canadapost.ca https://cdn.jsdelivr.net https://commerce.adobedtm.com https://unpkg.com https://connect.facebook.net https://*.hotjar.com https://h64.online-metrix.net https://*.flippenterprise.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com cdn-scripts.signifyd.com imgs.signifyd.com *.hsforms.net *.hsforms.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://trustspot.io https://ws1.postescanada-canadapost.ca https://*.flippenterprise.net https://*.ravecapture.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.gstatic.com *.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://acsbap.com https://cdn.acsbapp.com https://ws1.postescanada-canadapost.ca https://stats.g.doubleclick.net https://*.hotjar.io https://connect.facebook.net https://*.facebook.com https://*.flippenterprise.net https://*.flippback.com https://*.flipp.com https://*.ravecapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://db82ede2-bcf0-414d-936f-71c652e4bd68.sansec.watch; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.avada.io *.shopify.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de apple-pay-gateway.apple.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de eu-prod.ppipe.net/ test.ppipe.net/ oppwa.com/ test.oppwa.com/ pay.google.com apple-pay-gateway.apple.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de www.gstatic.com/ apple-pay-gateway.apple.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdn.jsdelivr.net cdn.klarna.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de pay.google.com apple-pay-gateway.apple.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de apple-pay-gateway.apple.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com vr-pay-ecommerce.de test.vr-pay-ecommerce.de pay.google.com www.google.com/pay apple-pay-gateway.apple.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/script.js https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/banner.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/api.js https://www.gstatic.com:*; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@glidejs/glide@3.6.0/dist/css/glide.core.min.css https://fonts.googleapis.com/css2 https://use.typekit.net/wtm0jxv.css https://p.typekit.net/p.css; img-src 'self' data: image/svg+xml https://cdn-cookieyes.com/assets/images/revisit.svg https://cdn-cookieyes.com/assets/images/close.svg https://cdn-cookieyes.com/assets/images/poweredbtcky.svg https://www.googletagmanager.com:*; font-src 'self' data: https://fonts.gstatic.com:* https://use.typekit.net:* application/x-font-woff; connect-src https://www.google.com/ccm/collect https://log.cookieyes.com/api/v1/log https://www.google-analytics.com/g/collect https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/rFE9TVe8.json https://www.google-analytics.com/privacy-sandbox/register-conversion https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/config/wC2wr8GQ.json https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/translations/m3Rl7gng.json https://cdn-cookieyes.com/client_data/94a4f13a0cb959b98cc4a48f/audit-table/k_7S_mH5.json https://pagead2.googlesyndication.com/ccm/collect; frame-src https://www.googletagmanager.com/ https://player.vimeo.com/ https://cloud.fully.holmesmurphy.com/ https://www.google.com/; worker-src blob: https://www.holmesmurphy.com/5efe1b50-d93c-47e3-86b9-cab1697897e7 1
object-src 'none';base-uri 'self';script-src 'nonce-vTfPxVM6vd7V4PdLY15TCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com checkout.getbread.com *.paypal.com *.google-analytics.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.nr-data.net *.newrelic.com *.google.com *.clarity.ms analytics.google.com tgscript.s3.amazonaws.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com js.klevu.com data: *.shopperapproved.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.iadvize.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com hpp-sandbox.worldpay.com payments-test.worldpay.com payments.worldpay.com https://www.shopperapproved.com *.authorize.net *.twitter.com *.facebook.com connect.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com hpp.worldpay.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ hpp-sandbox.worldpay.com payments-test.worldpay.com payments.worldpay.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net *.liveperson.net checkout.getbread.com *.doubleclick.net *.lpsnmedia.net *.google.com *.googletagmanager.com *.facebook.com platform.twitter.com td.doubleclick.net *.twitter.com *.google.co.in www.xtento.com photos.pixlee.co *.weltpixel.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.paypalobjects.com airtable.com *.lightingwarehouse.com e.sprinklerwarehouse.com hpp.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io widgets.automizely.com widgets.automizely.io https://www.shopperapproved.com *.trackedlink.net *.klevu.com *.ksearchnet.com https://maps.gstatic.com https://maps.googleapis.com *.ftcdn.net *.behance.net https://images.unsplash.com *.googleadservices.com blob: https://meetanshi.com/media/logo.png *.cloudflare.com *.gstatic.com *.google.com *.google.co.in *.facebook.com *.klarna.com *.google-analytics.com *.paypal.com * *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com *.trustgaurd.com content.sprinklerwarehouse.com bat.bing.com www.xtento.com cdn.xtento.com wac.edgecastcdn.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io hpp-sandbox.worldpay.com payments-test.worldpay.com payments.worldpay.com https://www.shopperapproved.com https://direct.shopperapproved.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/ *.authorize.net *.liveperson.net *.lpsnmedia.net cdn.searchspring.net checkout.getbread.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com bat.bing.com *.mouseflow.com services.nofraud.com *.doubleclick.net widgets.turnto.com js.klevu.com stats.g.doubleclick.net static.trackedweb.net tgscript.s3.amazonaws.com *.clarity.ms platform.twitter.com connect.facebook.net cdn-ws.turnto.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.paypal.com chimpstatic.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com player.vimeo.com content.sprinklerwarehouse.com www.xtento.com cdn.xtento.com *.turnto.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com googletagmanager.com *.lightingwarehouse.com code.jquery.com *.sprinklerwarehouse.com *.vimeo.com *.shopperapproved.com *.breadpayments.com *.gstatic.com accdn.lpsnmedia.net lpcdn.lpsnmedia.net static.elfsight.com halc.iadvize.com cdn.brcdn.com *.iadvize.com elfsightcdn.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com cdn.searchspring.net widgets.turnto.com js.klevu.com tgscript.s3.amazonaws.com *.bootstrapcdn.com *.turnto.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com  *.bootstrapcdn.com cdn.dnky.co *.yotpo.complete content.sprinklerwarehouse.com *.lightingwarehouse.com *.nr-data.net *.iadvize.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lpsnmedia.net data: *.trustguard.com content.sprinklerwarehouse.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.automizely.com api.automizely.io hpp-sandbox.worldpay.com payments-test.worldpay.com payments.worldpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com https://maps.googleapis.com *.authorize.net *.lpsnmedia.net data: *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com checkout.getbread.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.clarity.ms tgscript.s3.amazonaws.com content.sprinklerwarehouse.com *.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.lightingwarehouse.com adservice.google.com fonts.googleapis.com core.service.elfsight.com maps.googleapis.com *.fontawesome.com halc.iadvize.com api.iadvize.com cdn.brcdn.com services.nofraud.com learn.sprinklerwarehouse.com p.brsrvr.com *.iadvize.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src checkout.getbread.com *.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nJ9_lqubg8QEan6nipQcSQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn-app.pathfactory.com https://fast.wistia.com https://assets.rampmetrics.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://tag.demandbase.com; worker-src 'self' blob:; connect-src 'self' https: wss: data: https://region1.analytics.google.com https://carrotfertility-privacy.my.onetrust.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.onetrust.com wss://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io; child-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' https: blob: https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn-app.pathfactory.com https://fast.wistia.com https://assets.rampmetrics.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://tag.demandbase.com; font-src 'self' data: https:; img-src 'self' data: https: blob: https://cdn.heapanalytics.com https://heapanalytics.com; media-src 'self' blob: https: data:; frame-src 'self' https: blob:; object-src 'none'; base-uri 'self'; report-uri https://endpoint4.collection.sumologic.com/receiver/v1/http/ZaVnC4dhaV21hVEVZajDbg0Ny6DGuhlZwgREhqPubL0JuMkEPxF6CUVMjd6NvN-PaeE5lKT_nGGFc9ltjvf7fbhVJIGsFfDI8FC4xKqz7SFAOR8N-1knHQ==; 1
object-src 'none';base-uri 'self';script-src 'nonce-2bLUtoP9ZqH5GqHI1K8GoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://*.bistum-eichstaett.de https://*.bistum-eichstaett.info 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://*.bistum-eichstaett.de https://cms.ai-gelb.de; base-uri 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com; connect-src 'self' https://*.bistum-eichstaett.de https://*.bistum-eichstaett.info https://cms.ai-gelb.de https://streaming.ai-gelb.de https://sentry2.in2code.de/api/65/security/; style-src 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' https://*.bistum-eichstaett.de https://*.bistum-eichstaett.info 'report-sample'; font-src 'self' https://*.bistum-eichstaett.de; report-uri https://sentry2.in2code.de/api/65/security/?sentry_key=3f69c8194ff9168d1db803c1b6fd2f50 1
font-src *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com *.fontawesome.com www.nighthawkcustom.com fonts.gstatic.com pro.fontawesome.com fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.iubenda.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com js.mollie.com cdn.userway.org *.authorize.net *.weltpixel.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com https://images.unsplash.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com https://www.mollie.com www.nighthawkcustom.com nighthawkcustom.com yt3.ggpht.com www.gstatic.com phosphor.utils.elfsightcdn.com cdn.userway.org l.sharethis.com platform-cdn.sharethis.com *.facebook.com *.reddit.com *.google-analytics.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com https://maps.googleapis.com https://player.vimeo.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net js.mollie.com cdn.userway.org www.nighthawkcustom.com cs.iubenda.com cdn.iubenda.com static.klaviyo.com static.elfsight.com static-tracking.klaviyo.com www.google.com www.gstatic.com platform-api.sharethis.com buttons-config.sharethis.com *.authorize.net *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.typeform.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.googletagmanager.com *.fontawesome.com www.nighthawkcustom.com cdn.jsdelivr.net fonts.cdnfonts.com pro.fontawesome.com cdn.userway.org www.gstatic.com *.tagmanager.google.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog region1.analytics.google.com www.nighthawkcustom.com fast.a.klaviyo.com static-forms.klaviyo.com core.service.elfsight.com idb.iubenda.com googleads.g.doubleclick.net api.userway.org jnn-pa.googleapis.com rr1---sn-gqn-jawz.googlevideo.com storage.elfsight.com cdn.userway.org cdn77.api.userway.org l.sharethis.com *.authorize.net *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.nighthawkcustom.com www.google.ro play.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://*.gstatic.com data: https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.trustpilot.com https://*.salesfire.co.uk https://*.google.com https://*.hotjar.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.paypal.com https://*.salesfire.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.paypal.com https://*.trustpilot.com https://*.salesfire.co.uk https://*.smartmetrics.co.uk https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://secure.leadforensics.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.avada.io *.shopify.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://js.klevu.com https://www.heamar.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://*.cloudfront.net https://*.googleapis.com https://*.salesfire.co.uk https://*.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.typekit.net *.stripe.network *.stripecdn.com *.amazon.com https://www.heamar.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://*.freshdesk.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com api.addressy.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.smartmetrics.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn-ru.bitrix24.ru https://mywork.bitrix24.ru https://mc.yandex.ru https://www.google-analytics.com https://www.googletagservices.com https://td.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://mywork.bitrix24.ru; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://cdn-ru.bitrix24.ru https://mc.yandex.ru https://td.doubleclick.net https://ad.mail.ru; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdn-ru.bitrix24.ru https://mc.yandex.ru https://td.doubleclick.net; frame-src 'self' https://www.googletagmanager.com https://mc.yandex.ru https://td.doubleclick.net; frame-ancestors 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Zrx6G9ErQZBhDMlA-x4PZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_other/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Q6GSbdvCyd7sXZP8JUmUMA' 'unsafe-inline' 'strict-dynamic' https: http: 1
object-src 'none';base-uri 'self';script-src 'nonce-Z_0w1Pkc5BK_neNiC8zbYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-wabZpL4NYeJaMp4pgGSlPA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=pM1Ju_oOROuj5R9e8fBEmX3jzsIWSp5-6wJwPmGQDX6jZzd83T6EXgh8vYGycrIQGC64ieqky0rU&policy_id=2&user_id=&request_id=f37dd0ec-55dc-4e7c-a089-f884c17a0097; report-to csp-endpoint-pmjuooroujrefbemxjzsiwspwjwpmgqdxjzzdtexghvygycriqgcieqkyru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.certcapture.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * calendly.com *.google.com *.cappasity.com www.facebook.com https://api.intellimize.co https://117202619.intellimizeio.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.webdamdb.com *.rectorseal.com rectorseal.com *.img-us3.com *.amazon.com *.amazonaws.com *.cloudfront.net *.linkedin.com *.google.com *.adsymptotic.com 'self' data: *.cappasity.com www.facebook.com *.hubspot.com *.hsforms.com maps.gstatic.com maps.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com landofcoder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.calendly.com *.cloudfront.net *.licdn.com *.googletagmanager.com connect.facebook.net *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net static.oktopost.com oktopost.rectorseal.com polyfill-fastly.io js.hubspot.com *.hsforms.com *.hsforms.net 'unsafe-eval' https://*.intellimize.co maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.typekit.net 'unsafe-inline' tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io cdn.ampproject.org *.googleapis.com *.certcapture.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.hubapi.com *.doubleclick.net *.fullstory.com *.google-analytics.com px.ads.linkedin.com *.hubspot.com *.hsforms.com *.hsforms.net https://api.intellimize.co https://log.intellimize.co maps.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com 'self' data: 'unsafe-inline' data: *.jsdelivr.net *.jotfor.ms *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.jotform.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' blob: *.cookiebot.com *.jotform.io *.jotform.com *.doubleclick.net *.pinterest.com *.cxpress.io *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: 'unsafe-inline' data: *.google.com *.google.pt *.facebook.com *.www.google.com *.jotfor.ms *.jotform.com *.googleapis.com *.avada.io *.weglot.com placehold.jp *.hubspot.com *.hsforms.com *.userguiding.com *.cookiebot.com *.clarity.ms *.bing.com *.googleadservices.com *.googletagmanager.com *.consentmanager.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.fontawesome.com *.cookiebot.com *.googletagmanager.com *.facebook.net *.cloudflareinsights.com *.hipay.com *.hipay-tpp.com *.iesnare.com *.cloudflare.com *.jotform.com *.jotfor.ms *.cookiefirst.com *.jsdelivr.net *.hotjar.com *.googleapis.com *.instagram.com *.twitter.com *.weglot.com *.hs-scripts.com *.usemessages.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.userguiding.com/ *.tiktok.com *.buckaroo.nl *.pinimg.com *.clarity.ms *.livechatinc.com *.pinterest.com *.bing.com *.consentmanager.net *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.freshchat.com *.typekit.net *.jsdelivr.net *.hipay.com *.gstatic.com *.jotfor.ms *.weglot.com *.buckaroo.nl *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.iesnare.com 'unsafe-inline' data: 'self' data: data: *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com log.pinterest.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.amazon.com *.doubleclick.net *.cookiebot.com *.hipay.com wss://mpsnare.iesnare.com/star *.cookiefirst.com *.hotjar.com *.googleapis.com *.weglot.com cdn-api-weglot.com *.klaviyo.com *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.userguiding.com *.tiktok.com *.clarity.ms *.pinterest.com *.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self' blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bestpractice.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.livechatinc.com email.filmtools.com *.contivio.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.shopperapproved.com *.facebook.com email.filmtools.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.facebook.com *.eventbrite.com docs.google.com *.livechatinc.com email.filmtools.com *.weltpixel.com *.punchout2go.com *.tradecentric.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.trackedlink.net https://www.shopperapproved.com *.amazon-adsystem.com *.filmtools.com *.facebook.net *.facebook.com maps.googleapis.com maps.gstatic.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com *.reddit.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://www.shopperapproved.com https://direct.shopperapproved.com *.livechatinc.com connect.facebook.net *.eventbrite.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com https://unpkg.com *.punchout2go.com *.tradecentric.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com *.zmags.com email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com use.fontawesome.com *.punchout2go.com *.tradecentric.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.livechatinc.com email.filmtools.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net maps.googleapis.com *.zmags.com bam.nr-data.net *.livechatinc.com email.filmtools.com *.googlesyndication.com *.facebook.com *.shopperapproved.com *.answerbase.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-gZvz1HbtSDfUwpV9AxyK3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DloNvinrGc9jLNWSYQHsEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.reevoo.com/ *.feefo.com *.speedex.gr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com unpkg.com *.unpkg.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.snappibank.com.gr unpkg.com *.unpkg.com cdnjs.cloudflare.com *.addthis.com data 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.findbar.io https://images.unsplash.com unpkg.com *.unpkg.com *.disqus.com *.hsforms.net *.hsforms.com *.mydesigndrops.com mddhyva.magedeploy.com media.mydesigndrops.com *.cdninstagram.com sp.analytics.yahoo.com *.cookiebot.com *.google.gr *.sharethrough.com *.outbrain.com *.bidswitch.net *.dnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.adnxs.com *.id5-sync.com *.pubmatic.com *.postrelease.com *.rubiconproject.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.emxdgt.com *.yieldmo.com *.unrulymedia.com *.1rx.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.findbar.io unpkg.com *.unpkg.com cdnjs.cloudflare.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io cdn.simpler.so sdk.local.simpler.so *.hsforms.net *.hsforms.com *.mydesigndrops.com *.feefo.com *.clarity.ms skroutza.skroutz.gr *.skroutz.gr dynamic.criteo.com sslwidget.criteo.com widgets.reevoo.com go.linkwi.se s.yimg.com measurement-api.criteo.com metrics.find.gr plausible.io *.cookiebot.com *.hotjar.com *.pinimg.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.findbar.io unpkg.com *.unpkg.com https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.reevoo.com/ *.feefo.com *.speedex.gr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.snappibank.com.gr *.findbar.io unpkg.com *.unpkg.com https://get.geojs.io *.avada.io button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so t.elasticsuite.io *.hsforms.net *.hsforms.com *.feefo.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io widgets.reevoo.com skynet.reevoo.com measurement-api.criteo.com s.yimg.com metrics.find.gr plausible.io *.doubleclick.net *.pinterest.com *.clarity.ms *.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fer0TxTyI91EqKYHNEbO8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Pu3tPrBVAN6Mi3tsjiOCbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://salesiq.zoho.com https://*.zoho.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://*.zoho.com https://*.googleapis.com wss:; frame-src 'self' https://*.zoho.com https://*.staygrid.com; object-src 'self' https://*.staygrid.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-WlPTO4zGawni_Ld7sVWfRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-src 'self'; object-src 'none'; 1
font-src *.fontawesome.com https://fonts.bunny.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com *.google.co.in www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com media.ltmuseumshop.co.uk *.google.co.in www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.co.in www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.feefo.com *.google.co.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.co.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://online.flippingbook.com/; report-to report-endpoint; 1
style-src-elem 'self' 'unsafe-inline' *.maestra-static.io 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.cookiebot.eu *.maestra.io *.maestra-static.io *.pay1.de *.klarnacdn.net maps.googleapis.com *.dwin1.com *.facebook.net *.roeyecdn.com https://browser.sentry-cdn.com 'unsafe-inline'; font-src *.fontawesome.com *.facebook.com *.braintreegateway.com *.google.com *.paypal.com *.vimeo.com *.vimeocdn.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.facebook.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.pinterest.com *.youtube.com *.cloudflare.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com *.gstatic.com 'self' data: *.hsappstatic.net *.popmechanic.io data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.doubleclick.net *.googletagmanager.com *.bing.com *.vimeo.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.pinterest.com *.cloudflare.com documentcloud.adobe.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.maestra-static.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.facebook.com *.braintreegateway.com *.google.com *.vimeo.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.facebook.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.pinterest.com *.youtube.com *.cloudflare.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.awin1.com *.ggpht.com *.googleadservices.com *.googleapis.com google.com *.googleusercontent.com *.gstatic.com hoegl.com *.klarnaevt.com *.maestra.io *.mindbox.cloud *.roeye.com *.usercentrics.eu yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.maestra-static.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.facebook.com *.braintreegateway.com *.google.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.facebook.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.youtube.com *.cloudflare.com documentcloud.adobe.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com *.hsforms.net *.hsforms.com *.gstatic.com maps.googleapis.com 'self' *.awin1.com *.cookiebot.eu *.dwin1.com *.googleadservices.com *.googleapis.com *.klarnacdn.net *.maestra.io *.mindbox.cloud *.pay1.de *.pinterest.com *.roeyecdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src 'unsafe-inline' *.maestra-static.io *.fontawesome.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.facebook.com *.braintreegateway.com *.google.com *.paypal.com *.vimeo.com *.vimeocdn.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.facebook.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.pinterest.com *.youtube.com *.cloudflare.com documentcloud.adobe.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com *.googleapis.com *.gstatic.com 'self' *.maestra.io *.mindbox.cloud 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.gstatic.com hoegl.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.maestra-static.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.facebook.com *.braintreegateway.com *.vimeo.com *.vimeocdn.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.facebook.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.pinterest.com *.youtube.com *.cloudflare.com *.cookiebot.com *.adobe.io *.googlesyndication.com *.googletagservices.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.cookiebot.eu *.googleadservices.com *.googleapis.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.maestra.io *.mindbox.cloud 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, report-uri https://3ef0dfbf-4946-43cf-b582-5322b3d2eb53.sansec.watch/; report-to report-endpoint; 1
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.adsafeprotected.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.adtrafficquality.google *.crwdcntrl.net *.id5-sync.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.tagman.ca *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org sdk.privacy-center.org snap.licdn.com tag.aticdn.net sc-static.net *.uidapi.com *.jsdelivr.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.adsafeprotected.com *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.adtrafficquality.google *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com sdk.privacy-center.org https://api.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net *.uplynk.com *.gvt1.com ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com *.googleadservices.com *.adtrafficquality.google ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.adtrafficquality.google *.gstatic.com *.gvt1.com *.linkedin.com *.llnw.net *.tagman.ca *.scorecardresearch.com *.tiktok.com *.tv5unis.ca *.uplynk.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sdk.privacy-center.org sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net *.uidapi.com vendorlist.consensu.org https://api.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com *.googleapis.com *.olark.com *.optimonk.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.weltpixel.com *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.searchspring.net *.cookielaw.org magefan.com cm.magefan.com *.disqus.com *.facebook.com *.facebook.net *.nextopia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.insightexpressai.com *.m1314.com *.semasio.net *.3lift.com *.rkdms.com *.pubmatic.com *.adsrvr.org *.basis.net *.bing.com *.bing.net *.bolt.com d3cgm8py10hi0z.cloudfront.net *.doubleclick.net flippingbook.com *.flippingbook.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.lk www.google.lt www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tm www.google.tn www.google.tt www.google.ws google.com *.google.com *.googlesyndication.com *.nobleoutfitters.com *.olark.com *.optimonk.com *.pixel.ad s3.amazonaws.com *.schleich-s.com *.searchspring.io *.sitescout.com *.tvsquared.com *.vibe.co *.videoly.co data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cookielaw.org *.onetrust.com widget.freshworks.com m2epro.freshdesk.com *.disqus.com *.facebook.com *.facebook.net cdn.nextopia.net *.ecomm-nav.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com *.adoric-om.com *.basis.net *.bing.com *.bolt.com *.brandcdn.com *.crazyegg.com d10lpsik1i8c69.cloudfront.net *.doubleclick.net *.flippingbook.com *.googleapis.com *.google.com *.googlesyndication.com *.hotjar.com *.livesession.io localhost *.nextopiasoftware.com *.olark.com *.openwidget.com *.optimonk.com *.ravm.tv recruitingbypaycor.com *.ryzeo.com s3.amazonaws.com *.screenpopper.com *.searchspring.io *.searchspring.net *.statstrk01.com *.tvsquared.com unpkg.com *.vibe.co *.videoly.co 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com downloads.mailchimp.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com cdn.nextopia.net unsafe-inline assets.braintreegateway.com tagmanager.google.com *.adoric.com *.googleapis.com *.olark.com *.optimonk.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com *.olark.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.fbcdn.net *.cookielaw.org *.onetrust.com widget.freshworks.com m2epro.freshdesk.com *.facebook.com *.facebook.net *.nextopia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon *.google-analytics.com *.adoric.com *.adoric-om.com *.bing.com *.bing.net browser-intake-datadoghq.com *.crazyegg.com *.doubleclick.net *.flippingbook.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.livesession.io localhost *.luckyorange.net *.olark.com *.openwidget.com *.optimonk.com *.ravm.tv *.searchspring.io *.vibe.co *.videoly.co *.w55c.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.searchspring.io *.w55c.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://dd0d288c-1057-4eb0-bc5a-6dfdc4b3109b.sansec.watch/; report-to report-endpoint; 1
img-src 'self' data: https://track.hubspot.com  https://www.googletagmanager.com  about  https://forms.hsforms.com  https://forms-na1.hsforms.com  https://p.typekit.net  https://www.seopress.org  https://cdn.userway.org  https://px.ads.linkedin.com  https://really-simple-ssl.com  https://perf-na1.hsforms.com  https://8095717.fs1.hubspotusercontent-na1.net  https://www.google.pt  https://www.google.com.mx  https://www.google.co.jp  https://www.googleadservices.com  https://i.ytimg.com  https://stats.g.doubleclick.net  https://www.google.com.au  https://www.google.co.in  https://www.google.se  https://www.google.com.sg  https://static6.businessinsider.com  https://www.google.co.uk  https://www.google.hu  https://www.google.com.br  https://www.google.tg  https://www.google.nl  https://www.google.com.ph  https://imgick.pennlive.com  https://decanter.media.ipcdigital.co.uk  https://www.google.de  https://www.google.gr  https://www.thespiritsbusiness.com  https://www.google.cz  https://www.google.com.ar  https://www.google.ht  https://www.thedrinksbusiness.com  https://imgick.lehighvalleylive.com  https://www.gannett-cdn.com  https://www.google.kz  https://googleads.g.doubleclick.net  https://www.google.com.pe  https://www.google.es  https://www.google.it  https://resources2.news.com.au  https://cdn.datatables.net  https://www.google.si  https://www.google.co.za  https://www.google.fr  https://www.google.ca  https://www.google.cl  https://www.google.ie  https://www.google.co.tz  blob:  https://www.google.com.pk  https://www.google.bs  https://www.google.ps  https://www.google.no  https://pbs.twimg.com  https://www.google.lu  https://images.smh.com.au  https://www.google.lv  https://www.google.hr  https://www.google.com.co  https://www.google.mk  https://www.google.pl  https://www.google.co.ve  https://cdn.gretawire.foxnewsinsider.com  https://www.google.ro  https://www.google.ch  https://www.google.at  https://www.google.gm  https://www.google.tn  https://www.google.com.pr  https://www.google.ae  https://d1ynl4hb5mx7r8.cloudfront.net  https://www.google.com.hk  https://www.google.com.ng  https://cmsimg.stargazette.com  https://www.google.co.kr  https://www.google.is  https://www.google.co.il  https://translate.google.com  https://www.google.co.th  https://www.browndailyherald.com  https://www.google.sk  https://www.trbimg.com  https://www.google.md  https://www.google.dk  https://cdn.honey.io  https://www.google.com.do  https://www.google.com.vn  https://www.google.com.np  https://fonts.gstatic.com  https://healthyalcoholmarket.com  https://www.google.ee  https://www.google.am  https://www.google.lt  https://www.google.be  https://www.beveragemedia.com  https://extras.mnginteractive.com  https://encrypted-tbn2.gstatic.com  https://encrypted-tbn3.gstatic.com  https://www.google.co.ug  https://www.google.com.eg  https://www.google.com.kw  https://www.winefashionista.com  https://www.google.ru  https://encrypted-tbn0.gstatic.com  https://www.google.com.tw  https://www.google.az  https://www.google.com.tr  https://www.google.ge  https://s1.reutersmedia.net  https://www.google.com.ec  https://www.google.hn  https://www.google.com.uy  https://www.google.co.cr  https://www.google.co.nz  https://svcs.tql.com  https://www.google.com.ni  https://mediad.publicbroadcasting.net  https://global.fncstatic.com  https://www.google.com.ua  https://assets.bizjournals.com  https://www.google.com.jm  https://www.google.bg  https://www.google.co.ma  https://www.google.tt  https://www.google.com.mt  https://yastatic.net  https://www.google.com.gt  https://www.google.com.bd  https://www.google.com.my  https://www.google.com.lb  https://www.cogminy.org  https://triblive.com  https://www.google.al  https://www.google.com.sv  https://bloximages.chicago2.vip.townnews.com  https://www.azcentral.com  https://www.google.co.id  https://sphotos-a.xx.fbcdn.net  https://www.google.kg  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://cdnjs.cloudflare.com  https://cdn.datatables.net  https://www.google.com  https://www.googletagmanager.com  https://www.gstatic.com  https://static.hotjar.com  https://js.hsforms.net  https://cdn.userway.org  https://js.hscollectedforms.net  https://use.typekit.net  https://js.hs-scripts.com  https://js.hs-banner.com  https://googleads.g.doubleclick.net  https://js.hs-analytics.net  https://js.hsadspixel.net  https://script.hotjar.com  https://snap.licdn.com  https://maps.googleapis.com  https://www.buzzsprout.com  https://js.hubspot.com  https://static.hsappstatic.net  https://www.google-analytics.com  https://connect.facebook.net  https://s.apprl.com  blob:  https://infird.com  https://www.youtube.com  https://apis.google.com  https://www.parkstreet.com  https://scripts.api.disqometer.com  http://cdn.datatables.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://static.ads-twitter.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com  https://cdn.datatables.net  https://www.google.com  https://www.googletagmanager.com  https://www.gstatic.com  https://static.hotjar.com  https://js.hsforms.net  https://cdn.userway.org  https://js.hscollectedforms.net  https://use.typekit.net  https://js.hs-scripts.com  https://js.hs-banner.com  https://googleads.g.doubleclick.net  https://js.hs-analytics.net  https://js.hsadspixel.net  https://script.hotjar.com  https://snap.licdn.com  https://maps.googleapis.com  https://www.buzzsprout.com  https://js.hubspot.com  https://static.hsappstatic.net  https://www.google-analytics.com  https://connect.facebook.net  https://s.apprl.com  blob:  https://infird.com  https://www.youtube.com  https://apis.google.com  https://www.parkstreet.com  https://scripts.api.disqometer.com  http://cdn.datatables.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://static.ads-twitter.com ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net  https://www.gstatic.com  https://fonts.googleapis.com  https://cdn.userway.org  https://cdn.honey.io  https://www.parkstreet.com  https://www.googletagmanager.com ; style-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net  https://www.gstatic.com  https://fonts.googleapis.com  https://cdn.userway.org  https://cdn.honey.io  https://www.parkstreet.com  https://www.googletagmanager.com ; font-src 'self' https://use.typekit.net  https://fonts.gstatic.com  https://cdn.userway.org  https://r2cdn.perplexity.ai  https://account.affilitizer.com  https://stylesheets.pixiebrix.com  data:; frame-src 'self' https://forms.hsforms.com  https://static.hsappstatic.net  https://www.google.com  https://app.hubspot.com  https://www.youtube.com  https://open.spotify.com  https://td.doubleclick.net  https://www.googletagmanager.com  https://cdn.userway.org  https://embed.podcasts.apple.com  https://view.vzaar.com  https://spotify.app.link  https://www.buzzsprout.com  https://toolytics.pa.clients6.google.com  https://block.opendns.com  blob:; connect-src 'self' https://api.userway.org  https://analytics.google.com  https://forms.hsforms.com  https://api.hubapi.com  https://www.googleadservices.com  https://www.google-analytics.com  https://stats.g.doubleclick.net  https://forms.hscollectedforms.net  https://cdn.userway.org  https://cdn.linkedin.oribi.io  https://maps.googleapis.com  https://ai.elegantthemes.com  https://vc.hotjar.io  https://content.hotjar.io  https://cta-service-cms2.hubspot.com  https://api.rankmath.com  https://px.ads.linkedin.com  https://cdn77.api.userway.org  https://www.googletagmanager.com  https://hubspot-forms-static-embed.s3.amazonaws.com  https://www.google.com.mx  https://localhost  https://region1.analytics.google.com  wss://ws.hotjar.com  https://metrics.hotjar.io  https://www.google.co.in  https://www.google.ie  https://www.google.hu  https://www.google.co.uk  https://www.google.at  https://www.google.co.za  https://www.google.com.ng  https://www.google.com.au  https://www.google.com.ph  https://www.google.com.hk  https://www.google.fr  https://www.google.pl  https://www.google.es  https://www.google.it  https://www.google.de  https://www.google.com.pk  https://www.google.dk  https://www.google.com.br  https://www.google.com.jm  https://www.google.com.np  https://www.google.com.co  https://www.google.mk  https://www.google.co.jp  https://cdn.datatables.net  https://www.google.nl  https://www.google.ca  https://www.google.pt  https://www.google.co.th  https://www.google.com.sv  https://www.google.me  https://www.google.lu  https://www.google.md  https://www.google.com.ar  https://www.google.com.cy  https://www.google.co.tz  https://www.google.com.do  https://www.google.com.my  https://www.google.com.pr  https://translate.googleapis.com  https://www.google.com.eg  https://www.google.com.kw  https://www.gstatic.com  https://www.google.ru  https://www.google.bj  https://perf-na1.hsforms.com  https://www.google.com.vn  https://fonts.gstatic.com  https://www.google.am  https://www.google.tn  https://www.google.com.ni  https://www.google.com.ec  https://www.google.se  https://www.google.co.kr  https://www.google.cl  https://www.google.sk  https://www.google.com.tw  https://www.google.gr  https://www.google.ae  https://www.google.ch  https://www.google.be  https://cdnjs.cloudflare.com  https://static.hsappstatic.net  https://www.google.cz  https://www.google.tg  https://www.google.com.tr  https://scripts.api.disqometer.com  https://www.google.com.pe  https://www.google.ht  https://singleview.site  https://api.parkstreet.com;  media-src 'self' data:;  worker-src 'self' blob:;  report-uri https://www.parkstreet.com/wp-json/rsssl/v1/csp?rsssl_apitoken=831554005; 1
object-src 'none';base-uri 'self';script-src 'nonce-IkGf4O0CjJVunS8YKxfWgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com platform.twitter.com https://plumrocket.com https://accounts.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com blueskytechmage.com mageblueskytech.com placehold.jp https://firebasestorage.googleapis.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.avada.io twitter.com platform.twitter.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://accounts.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.facebook.net https://connect.facebook.net https://app.termly.io https://tracking.recommend.pro https://js.klevu.com https://foursixty.com https://loader.wisepops.com https://wisepops.net https://wisepops.com https://*.wisepops.com https://*.hotjar.com https://*.trackedweb.net https://*.trackedlink.net https://*.googlesyndication.com https://pay.google.com https://static.zdassets.com https://track.sweetanalytics.com https://www.dwin1.com https://lantern.roeyecdn.com https://*.pcapredict.com https://services.postcodeanywhere.co.uk https://www.paypal.com https://www.paypalobjects.com https://googleads.g.doubleclick.net https://static.cloudflareinsights.com https://*.dotdigital-pages.com https://*.awin1.com https://www.awinblackfriday.com https://the.sciencebehindecommerce.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.klevu.com https://foursixty.com https://cdn.jsdelivr.net https://services.postcodeanywhere.co.uk https://www.gstatic.com; img-src 'self' data: blob: https://www.paypalobjects.com https://www.facebook.com https://*.google.com https://*.google.co.uk https://*.google.fr https://*.google.ca https://*.google.com.au https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.penelopechilvers.co.uk https://js.klevu.com https://cdn.jsdelivr.net https://*.gstatic.com https://fonts.gstatic.com https://penelopechilvers.com https://track.sweetanalytics.com https://lantern.roeye.com https://t.paypal.com https://services.postcodeanywhere.co.uk https://*.adyen.com https://www.zenaps.com https://scontent.cdninstagram.com https://foursixty.com https://*.facebook.net https://*.wisepops.com https://*.trackedlink.net https://tracking.recommend.pro https://pagead2.googlesyndication.com https://track.linksynergy.com https://*.awin1.com https://www.awinblackfriday.com https://www.youtube.com; connect-src 'self' https://*.google.com https://google.com https://*.googleapis.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://app.termly.io https://tracking.recommend.pro https://foursixty.com https://metrics.foursixty.com https://wisepops.net https://wisepops.com https://*.wisepops.com https://capig.stape.de https://*.trackedweb.net https://*.trackedlink.net https://www.facebook.com https://ekr.zdassets.com https://penelopechilvershelp.zendesk.com https://track.sweetanalytics.com wss://widget-mediator.zopim.com wss://ws.hotjar.com https://*.ksearchnet.com https://*.sentry.io https://*.adyen.com https://services.postcodeanywhere.co.uk https://*.google-analytics.com https://*.consent.api.termly.io https://*.hotjar.io https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://www.awinblackfriday.com https://www.paypal.com; font-src 'self' https://fonts.gstatic.com https://js.klevu.com https://penelopechilvers.com data:; object-src 'none'; media-src 'self' https://static.zdassets.com blob:; frame-src 'self' https://www.googletagmanager.com https://*.cloudflarestream.com https://pay.google.com https://www.facebook.com https://*.adyen.com https://*.dotdigital-pages.com https://*.awin1.com https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self' blob:; report-uri /csp-violations; 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=PCAgDAdqMcBpkH514DFY6gtXtpukPiRg9NMjv0Kb0i_lk7yGTk2vJtolFEkps_ly3D8=&policy_id=71&user_id=&request_id=addf76b3-90a9-4415-b397-4f4a3020924e; report-to csp-endpoint-pcagdadqmcbpkhdfygtxtpukpirgnmjvkbilkygtkvjtolfekpslyd; frame-ancestors 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-yIJK5KJH2u5NmuTxr1RaFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.awin1.com *.zenaps.com *.fls.doubleclick.net display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.trustpilot.com landofcoder.com https://pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.facebook.com https://lantern.roeyecdn.com https://lantern.roeye.com https://network-eu-stg-a.bazaarvoice.com https://apps.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.trustpilot.com landofcoder.com https://api.bluecore.com https://connect.facebook.net https://siteassets.bluecore.com https://www.facebook.com https://lantern.roeyecdn.com https://apps.bazaarvoice.com *.bazaarvoice.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval' * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app display.ugc.bazaarvoice.com *.fontawesome.com https://static.klaviyo.com *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.googleapis.com *.ipinfo.io *.wepowerconnections.com https://the.sciencebehindecommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com https://siteassets.bluecore.com https://onsitestats.bluecore.com https://pay.google.com https://google.com/pay 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com https://static.lyra.com/static/ *.fontawesome.com https://cdnjs.cloudflare.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://js.stripe.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ https://secure-magenta.dalenys.com https://redchamps.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com js.stripe.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://checkout.stripe.com/checkout.js https://js.stripe.com/v3/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.lyra.com/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' vars.hotjar.com *.braintreegateway.com tst.kaptcha.com hemsync.clickagy.com *.google.com https://*.moneris.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.visualwebsiteoptimizer.com 'self' data: js.hsforms.net track.hubspot.com cds.taboola.com *.magidglove.com maps.gstatic.com seal.digicert.com black.bird.eu cdn.klarna.com *.facebook.com connect.facebook.net *.bing.com *.googletagmanager.com code.visitor-track.com *.google.com *.google.co.in dev.visualwebsiteoptimizer.com *.hsforms.com forms-na1.hsforms.com *.jwpltx.com *.jwpsrv.com/ *.jwplatform.com *.jwplayer.com *.payu.in *.linkedin.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.contextual.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.criteo-sync.teads.tv *.3lift.com *.yahoo.com *.socdm.com *.casalemedia.com *.dable.io *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.aralego.com *.emxdgt.com *.bbb.org *.unrulymedia.com *.adingo.jp *.1rx.io *.criteo.com *.adingo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudfront.net *.uat-rfk.magidglove.com *.rfk.magidglove.com js.hs-scripts.com js.hsforms.net forms.hsforms.com js.hs-analytics.net js.hs-banner.com *.hotjar.com *.taboola.com *.facebook.net clients-liveguide01us.netop.com maps.googleapis.com bam.nr-data.net seal.digicert.com *.facebook.com *.bing.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net *.mczbf.com *.hsleadflows.net *.google.com *.jwplatform.com ssl.p.jwpcdn.com *.jwplayer.com *.bootstrapcdn.com *.progmxs.com *.upsellit.com *.noibu.com *.hsadspixel.net *.criteo.com *.adnxs.com secure.adnxs.com *.snap.licdn.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com *.datadome.co *.adingo.com *.zi-scripts.com *.magidglove.com *.hs-scripts.com https://*.moneris.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline' d26opx5dl8t69i.cloudfront.net rfk-staticfiles-uat.s3.amazonaws.com rfk-staticfiles-prod.s3.amazonaws.com cdn.jsdelivr.net *.cloudfront.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com https://*.moneris.com/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' data: blob: *.jwpplayer.com *.jwpsrv.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' *.taboola.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com *.doubleclick.net bam.nr-data.net in.hotjar.com dev.visualwebsiteoptimizer.com *.sjwoe.com *.mczbf.com *.hsforms.com *.hubspot.com *.cloudfront.net gstatic.com settings.luckyorange.net *.jwplatform.com *.jwpsrv.com/ *.jwplayer.com *.hotjar.io *.noibu.com input.noibu.com *.criteo.com *.hubapi.com *.visualwebsiteoptimizer.com *.googlesyndication.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com *.datadome.co *.unrulymedia.com *.adingo.com *.zi-scripts.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=.PPiThGWWT0WGgMpu1zKaaiDZTYKuap_RbKS3_FScvg-1773719294.039791-1.0.1.1-vqgg8o7pXUiPr0bFzvdI8opZc16hfkfdsmMOIYfu0kRHTl9K5dUA6Q.TyeFIWWb_S58f_Y_zvtyqkrdWXkU.7bA8bHPaFp8FA5eWKdY4oXMOQm0IkYdNy60z1cVwCy.7Q36d2VT9jCo8RlZt5bR4t9jD8GIJiMdX9hHhVfU.MdM; report-to cf-csp-endpoint 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-g33dubcaqpH2MUbpLdSGng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com data: https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.certcapture.com www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.certcapture.com *.saint-louis.com *.ytimg.com *.google.fr *.cookielaw.org magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.cookielaw.org *.facebook.net sibautomation.com *.pinimg.com *.clarity.ms *.brevo.com *.pinterest.com https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app assets.braintreegateway.com *.certcapture.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.certcapture.com *.cookielaw.org *.onetrust.com *.google.fr *.db-ip.com in-automate.brevo.com ct.pinterest.com i.clarity.ms www.merchant-center-analytics.goog https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com 'self' data: *.gstatic.com *.zopim.com *.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * betalen.rabobank.nl bobmail.nl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.addthis.com *.demdex.net *.google.com/ https://*.dpdconnect.nl https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.amazonaws.com *.google.nl *.magmodules.eu https://snm-portal.com *.zopim.com imgsct.cookiebot.com *.googlesyndication.com bat.bing.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.addthis.com *.addthisedge.com *.jsdelivr.net *.moatads.com *.zdassets.com *.zopim.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com https://*.dpdconnect.nl http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.sendcloud.sc https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.googleapis.com *.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.addthis.com *.zdassets.com wss://widget-mediator.zopim.com cdn.jsdelivr.net dutchexpatshop.zendesk.com consentcdn.cookiebot.com bat.bing.net bat.bing.com *.googlesyndication.com *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://www.google-analytics.com *.pay.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://localhost/paynl/csp/report; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.stape.io *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io https://cdn.jsdelivr.net *.avada.io *.shopify.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com maps.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-2a46a581ae5b4d64b6fd983e22b90aa7' https://epic-mychartprod.coh.org 'self';img-src https://* 'self' blob: data:;style-src https://epic-mychartprod.coh.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-8cadf440596c928d058cf8ef38a07a3e' 'strict-dynamic' https://www.googletagmanager.com/ https://securepubads.g.doubleclick.net/tag/js/gpt.js https://static.hotjar.com/ https://cdn.cookielaw.org/ https://imasdk.googleapis.com/ https://*.hotjar.io/ https://connect.facebook.net/ https://*.facebook.com/ https://*.facebook.net/ https://analytics.tiktok.com/ https://galt.hit.gemius.pl/  ; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://fonts.googleapis.com/ https://www.biathlonworld.com/embedded-player.css https://www.atletiek.nl/build/css/css-ebu.build.css; img-src 'self' data: https://imageservice.evsports.opentv.com/images/v1/image/Sport/ https://cabi.evsports.sports.opentv.com/ https://*.sports.opentv.com/ https://www.googletagmanager.com/ https://static.hotjar.com/ https://cdn.cookielaw.org/logos/ https://www.google.com/ https://www.google.co.uk/ https://www.facebook.com/ https://*.g.doubleclick.net/ https://ep1.adtrafficquality.google/pagead/ https://*.googlesyndication.com/ https://www.ebu.ch/files/live/sites/ebu/files/images/ https://*.cloudfront.net/EBU/; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://cdn.cookielaw.org/ https://api.evsports.opentv.com/metadata/delivery/ https://www.google.com/pagead/form-data/ https://www.google.com/ccm/form-data/ https://*.sports.opentv.com/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://ep1.adtrafficquality.google/getconfig/sodar https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/gampad/ https://analytics.tiktok.com/ https://www.facebook.com/ https://*.tiktokw.us/ https://*.hotjar.com/ https://galt.hit.gemius.pl/ https://firebase.googleapis.com/ https://firebaseremoteconfig.googleapis.com/v1/projects/eurovision-sport-prod-772510/ https://firebaseinstallations.googleapis.com/v1/projects/eurovision-sport-prod-772510/ https://firebaseremoteconfig.googleapis.com/v1/projects/eurovision-sport-dev-511366/ https://firebaseinstallations.googleapis.com/v1/projects/eurovision-sport-dev-511366/ https://*.facebook.com/ https://*.fbcdn.net/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.hotjar.io/ wss://ws.hotjar.com/ https://*.akamaized.net/ https://*.anycast.nagra.com/ https://evs-dtvsports-vod-secure2.akamaized.net/ https://*.ampproject.org/ https://api.evsports.opentv.com/ https://api.evsports.opentv.com/useractivityvault/v1/useractivity/; frame-src https://files.eurovisionsport.com/ https://www.google.com/ https://ep2.adtrafficquality.google/ https://www.googletagmanager.com/ https://*.g.doubleclick.net/ https://*.safeframe.googlesyndication.com/ http://imasdk.googleapis.com/ http://console.googletagservices.com/ https://www.ebu.ch/ https://eurovisionsport.com/; media-src 'self' blob: https://*.akamaized.net/ https://*.anycast.nagra.com/ https://*.sports.opentv.com/; script-src-elem 'self' 'nonce-8cadf440596c928d058cf8ef38a07a3e' https://cdn.ampproject.org/ https://*.hotjar.com/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://securepubads.g.doubleclick.net/ https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.hotjar.io/; object-src 'none'; base-uri 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' chrome-extension: https://api-maps.yandex.ru 'unsafe-eval' https://www.google.com https://www.googletagmanager.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.facebook.com chrome-extension: https://mc.yandex.ru https://www.googletagmanager.com; object-src 'self'; report-uri /cspreportonly; 1
font-src maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de fonts.gstatic.com *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.theirishjewelrycompany.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.gstatic.com *.google.com *.google.co.in *.google.com.ua https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com stats.g.doubleclick.net/ *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com stats.g.doubleclick.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src api.adyenpaylink.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.googletagmanager.com *.facebook.net www.termsfeed.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdnjs.cloudflare.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com ewniosek.credit-agricole.pl sandbox.przelewy24.pl secure.przelewy24.pl wniosek.eraty.pl api.santanderconsumer.pl *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com www.google.com ewniosek.credit-agricole.pl pay.google.com apm.przelewy24.pl *.googletagmanager.com secure.payu.com merch-prod.snd.payu.com wniosek.eraty.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://ssl.ceneo.pl https://*.google.pl https://*.bing.com *.wp.pl https://*.fbcdn.net https://*.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com *.focusgarden.pl *.focus-garden.cz static.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.bing.com *.google.pl *.analytics.google.com *.bidswitch.net *.doubleclick.net *.pubmatic.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.postrelease.com *.outbrain.com *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.1rx.io *.agkn.com *.facebook.com *.facebook.net *.media.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google.de *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://*.ceneo.pl https://unpkg.com https://*.criteo.com https://*.facebook.net https://*.hotjar.com *.pinimg.com *.bing.com https://*.pinimg.com *.favicdn.net *.onet.pl *.wp.pl *.tiktok.com *.startquestion.com *.clarity.ms sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.googletagmanager.com tagmanager.google.com https://cdnjs.cloudflare.com secure.payu.com secure.snd.payu.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com sgtm.focusgarden.pl focusgarden.pl *.facebook.net *.googlesyndication.com *.criteo.com *.pinterest.com *.hotjar.com *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ewniosek.credit-agricole.pl https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io *.tiktok.com *.pinterest.com *.startquestion.com *.wp.pl *.ocdn.eu *.onet.pl https://*.doubleclick.net sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com secure.payu.com merch-prod.snd.payu.com api.santanderconsumer.pl wniosek.eraty.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com sgtm.focusgarden.pl focusgarden.pl *.facebook.net *.googlesyndication.com *.favicdn.net *.hotjar.com *.hotjar.io *.pinimg.com wss://ws.hotjar.com *.bing.com *.cloudflare.com *.twitter.com *.twimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-m7MQyqlmc7WPbc8G9Vfm2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-RIIZGYUvsITmm0kFkb0WpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-zLb9uQC9jUYD4yMhNFUXoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' https://s1749.t.eloqua.com data: 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://img.en25.com/i/elqCfg.min.js https://img.en25.com/i/elqCfg.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net platform.twitter.com *.cookiebot.com *.pixlee.co assets.braintreegateway.com *.dotdigital-pages.com *.dotdigital.com https://www.googletagmanager.com/ photos.pixlee.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com https://*.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com imgsct.cookiebot.com *.pinterest.com *.paypalobjects.com *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ wac.edgecastcdn.net *.pixlee.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com https://*.gstatic.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com js.klevu.com assets.pinterest.com platform.twitter.com connect.facebook.net *.googletagmanager.com consent.cookiebot.com unpkg.com consentcdn.cookiebot.com js-agent.newrelic.com assets.pixlee.com r1-t.trackedlink.net www.gstatic.com f.vimeocdn.com *.turnto.com *.paypal.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.pixlee.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.pxlecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.gstatic.com f.vimeocdn.com widgets.turnto.com *.turnto.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.klevu.com syndication.twitter.com consentcdn.cookiebot.com bam.nr-data.net vod-adaptive-ak.vimeocdn.com cdn-ws.turnto.com we.turnto.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.turnto.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.ksearchnet.com api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://inbound-analytics.pixlee.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net commerce.adobedc.net *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f11810e5-a37d-4a04-bc29-8ffba24771db.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-qfYjoxaf0oziPRjao4PHZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-c_oCIWseaapbMkj88X_5Aw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-ldAdV3uGtAXK7PQctCmSFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'report-sample' 'unsafe-inline' 'self' https://js.stripe.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://www.dwin1.com/16164.js https://analytics.tiktok.com/i18n/ https://connect.facebook.net/ https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/850511572/; style-src 'report-sample' 'unsafe-inline' 'self'; form-action 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://www.google.com/ https://zunl7r6b5x-dsn.algolia.net/ https://testingu72jz6o2va-dsn.algolia.net/ https://pagead2.googlesyndication.com/ https://privacyportal-de.onetrust.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://analytics.tiktok.com/; font-src 'self' data:; frame-src 'self' https://js.stripe.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/; frame-ancestors 'self'; child-src 'none'; img-src 'self' https://cdn.cookielaw.org/ https://eu-images.contentstack.com/ https://bat.bing.com/ https://www.google.co.uk/ https://www.googletagmanager.com/ https://www.facebook.com/; manifest-src 'self'; media-src 'self'; worker-src 'none'; upgrade-insecure-requests; 1
frame-src 'self' *.loadbee.com *.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com www.googleadservices.com blob: cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com js.monitor.azure.com static.hotjar.com script.hotjar.com *.dvinci-easy.com *.clarity.ms *.loadbee.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.kiprotect.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com 1
object-src 'none';base-uri 'self';script-src 'nonce-EkwqphZ1nyj4j-sQ1NdFCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://*.zi-scripts.com https://googleads.g.doubleclick.net https://*.hotjar.com https://munchkin.marketo.net https://ddzuuyx7zj81k.cloudfront.net https://dss6ntp5q2r0o.cloudfront.net https://vortexa-europe-marketing-website.c15t.dev https://api.mapbox.com https://marketinfo.vortexa.com https://*.zoominfo.com https://snap.licdn.com https://static.ads-twitter.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://vercel.live; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://*.hotjar.com https://marketinfo.vortexa.com https://*.marketo.com https://fonts.googleapis.com https://*.googletagmanager.com; img-src 'self' blob: data: https://images.ctfassets.net https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://content.hotjar.io https://*.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://t.co https://*.vimeocdn.com https://*.facebook.com https://bat.bing.net https://*.clarity.ms https://*.bing.com https://marketinfo.vortexa.com; font-src 'self' data: https://content.hotjar.io https://*.hotjar.com https://marketinfo.vortexa.com https://*.marketo.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self' https://marketinfo.vortexa.com https://*.mktoresp.com https://*.marketo.com https://www.facebook.com; frame-src 'self' https:; frame-ancestors 'self' https://app.contentful.com; connect-src 'self' https://graphql.contentful.com https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://js.zi-scripts.com https://*.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://vc.hotjar.io https://*.services.infinigrow.com https://marketinfo.vortexa.com https://*.mktoresp.com https://*.linkedin.com https://vortexa-europe-marketing-website.c15t.dev https://vortexa-europe-vortexa.c15t.dev https://api.mapbox.com https://dss6ntp5q2r0o.cloudfront.net https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://vimeo.com https://*.facebook.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms; media-src 'self' blob: https://*.hotjar.com https://*.ctfassets.net 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.firstdata.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.firstdata.com *.ipg-online.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.firstdata.com https://pay.google.com https://pay.sandbox.google.com https://pay.google.co.uk https://pay.google.ie https://applepay.cdn-apple.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://apple-pay-gateway-nc-pod1.apple.com https://apple-pay-gateway-pr-pod1.apple.com *.ipg-online.com https://ci.checkout-lane.com *.stripe.com *.google.com/ *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.firstdata.com *.ipg-online.com https://www.gstatic.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://www.magezon.com https://cdn-cookieyes.com https://www.google.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.firstdata.com self unsafe-inline https://pay.google.com https://pay.sandbox.google.com https://pay.google.co.uk https://pay.google.ie https://applepay.cdn-apple.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://apple-pay-gateway-nc-pod1.apple.com https://apple-pay-gateway-pr-pod1.apple.com *.ipg-online.com https://ci.checkout-lane.com *.stripe.com *.google.com/ *.sagepay.com *.opayo.eu.elavon.com https://cdn-cookieyes.com https://chimpstatic.com https://connect.facebook.net https://s7.addthis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.firstdata.com *.ipg-online.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.firstdata.com *.ipg-online.com https://pay.google.com https://pay.sandbox.google.com https://pay.google.co.uk https://pay.google.ie https://payments.google.com https://applepay.cdn-apple.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://apple-pay-gateway-nc-pod1.apple.com https://apple-pay-gateway-pr-pod1.apple.com https://ci.checkout-lane.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com googleapis.com data: https://www.googletagmanager.com *.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.book2look.com static.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.openstreetmap.org https://maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.tile.openstreetmap.org connect.ekomi.de google.com google.at www.google.at www.book2look.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.google.com www.gstatic.com static.addtoany.com connect.ekomi.de cdn.public.n1ed.com appjs.blickinsbuch.de www.blickinsbuch.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.gstatic.com www.book2look.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.openstreetmap.org https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com google-analytics.com doubleclick.net stats.g.doubleclick.net www.book2look.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://hsw.et1267.epichosted.com/HSWeb_PRD/;frame-src 'self' epichttp: https://mychart.personapay.com;script-src 'nonce-ad51e5a9b0d34d248167ea0475e5c46e' https://www.mcleodmychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.mcleodmychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-RzJbbglkOIkbPmUvQpG4gQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net; report-uri /.webscale/csp-report 1
default-src 'none'; img-src blob: data: *; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-HWQk6+nak01+4UXifY5itA=='; frame-ancestors 'none'; object-src 'none'; font-src 'self' data:; worker-src 'none'; style-src 'unsafe-inline' *; media-src *; base-uri 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.unbxdapi.com *.unbxd.io *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.productreview.com.au *.bootstrapcdn.com *.clickcease.com *.clarity.ms *.bing.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.unbxdapi.com *.unbxd.io *.coupahost.com app.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.clickcease.com *.clarity.ms *.productreview.com.au *.bing.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.ariba.com *.t1cloud.com https://seo.mageplaza.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.ariba.com *.coupahost.com *.t1cloud.com app.instapunchout.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.unbxdapi.com *.unbxd.io *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.clickcease.com *.clarity.ms *.productreview.com.au *.bing.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * hcaptcha.com *.hcaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.unbxdapi.com *.unbxd.io *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.bing.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.magezon.com *.productreview.com.au *.paypalobjects.com *.google.co.in *.googleapis.com *.clickcease.com *.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com magefan.com cm.magefan.com *.disqus.com instant-imgs.s3.ap-southeast-2.amazonaws.com southland.com.au *.southland.com.au https://firebasestorage.googleapis.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://api.addressfinder.io *.unbxdapi.com *.unbxd.io *.klevu.com *.googleapis.com *.cloudfront.net *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.clickcease.com *.clarity.ms *.productreview.com.au *.bing.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com *.instant.one *.instant-dpryor.ngrok.dev instant-dpryor.ngrok.dev *.instant-tschipke.ngrok.dev instant-tschipke.ngrok.dev hcaptcha.com *.hcaptcha.com *.avada.io connect.facebook.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.tawk.to cdn.jsdelivr.net landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.fontawesome.com *.unbxdapi.com *.unbxd.io *.klevu.com *.googleapis.com *.fontawsome.com *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.bootstrapcdn.com *.clickcease.com *.clarity.ms *.productreview.com.au *.bing.com assets.braintreegateway.com hcaptcha.com *.hcaptcha.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.unbxdapi.com *.unbxd.io *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.clickcease.com *.clarity.ms *.productreview.com.au *.bing.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com api.magento.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.unbxdapi.com *.unbxd.io *.coupahost.com *.instapunchout.com *.microsoftazuread-sso.com *.microsoftonline.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypalobjects.com https://get.geojs.io *.tawk.to *.productreview.com.au *.clickcease.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.api.instant.one *.instant.one instant-imgs.s3.ap-southeast-2.amazonaws.com unbxd-console-platform.s3.amazonaws.com hcaptcha.com *.hcaptcha.com *.avada.io *.analytics.google.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com wss://*.tawk.to landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.customily.com https://*.amazonaws.com 'self' data: maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://*.google.com https://*.google.co.uk https://*.gstatic.com https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.personalisedgiftsshop.co.uk https://*.personalisedweddinggifts.co.uk https://*.yookiki.com https://*.google.com 'self' 'unsafe-inline'; frame-ancestors https://*.personalisedgiftsshop.co.uk https://*.personalisedweddinggifts.co.uk https://*.yookiki.com https://*.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://*.personalisedgiftsshop.co.uk https://*.personalisedweddinggifts.co.uk https://*.yookiki.com https://*.google.com sandbox-buy.paddle.com buy.paddle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.customily.com https://*.amazonaws.com 'self' data: *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.feefo.com https://*.gstatic.com https://*.elfsightcdn.com https://*.elfsight.com https://*.ggpht.com https://*.dycdn.net https://cdn-cookieyes.com https://bat.bing.com https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.customily.com https://*.amazonaws.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ cdn.jsdelivr.net *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com maps.googleapis.com js.mollie.com * https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com https://*.google.com https://*.google.co.uk https://*.elfsight.com https://cdn-cookieyes.com https://bat.bing.com https://cdn.paddle.com/paddle/v2/paddle.js https://public.profitwell.com buy.paddle.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://*.feefo.com https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com https://cdn-cookieyes.com https://bat.bing.com sandbox-cdn.paddle.com cdn.paddle.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com https://*.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.customily.com https://*.amazonaws.com 'self' data: *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com * https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com https://cdn-cookieyes.com https://bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://*.google.com https://personalisedgiftsshop.co.uk https://*.personalisedgiftsshop.co.uk https://personalisedweddinggifts.co.uk https://*.personalisedweddinggifts.co.uk https://yookiki.com https://*.yookiki.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /rest/V1/csp/storefront/report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * js.stripe.com *.hotjar.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com bat.bing.com *.google.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk *.hsforms.net *.hsforms.com *.civiccomputing.com *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.clerk.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.hsforms.net *.hsforms.com *.civiccomputing.com *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.clerk.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.hsforms.net *.hsforms.com *.civiccomputing.com *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.clerk.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-K5Gfab5rMjWRkdHBpoeELA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 1
object-src 'none';base-uri 'self';script-src 'nonce-Kwcy61a4YMrsj7JjMUqkuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.vivid.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.vivid.com join.gammasecure.com; script-src 'self' *.vivid.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.vivid.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-5CFG-rd0fpfH5m3Y4yI3UQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.googleapis.com *.almapay.com localhost *.louispion.fr *.evermaps.io *.octipas.net https://cdnjs.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com localhost *.louispion.fr *.evermaps.io *.octipas.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.doubleclick.net *.facebook.com *.criteo.com *.leadplace.fr *.pinterest.com *.vimeo.com *.rolex.com localhost *.louispion.fr *.evermaps.io *.octipas.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.googletagmanager.com/ js.mollie.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://images.unsplash.com *.cookielaw.org *.stickyadstv.com *.bing.com *.facebook.com *.teads.tv *.rubiconproject.com *.dmxleo.com *.liadm.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.mediavine.com *.smaato.net *.doubleclick.net *.yahoo.com *.emxdgt.com *.tremorhub.com *.adnxs.com *.analytics.yahoo.com *.bidswitch.net *.criteo.com *.thebrighttag.com *.krxd.net *.yieldmo.com id5-sync.com *.yieldlab.net *.pinterest.com *.rolex.com *.googletagmanager.com *.doubleclick.net  px.ads.linkedin.com *.bing.net localhost *.louispion.fr *.evermaps.io *.octipas.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline' 'strict-dynamic'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page cdn.jsdelivr.net *.googleapis.com *.gstatic.comm https://maps.googleapis.com player.vimeo.com maps.googleapis.com *.googletagmanager.com *.cookielaw.org *.early-birds.fr *.msecnd.net *.onetrust.com *.beeroot.io *.bing.com *.facebook.net *.facebook.com advgame.fr *.cloudfront.net *.teads.tv *.doubleclick.net *.clarity.ms *.criteo.net *.criteo.com *.adnxs.com *.leadplace.fr *.pinimg.com *.h1d3n0tsoo-staging-easiwebforms.net *.easiconnect.io *.adleadevent.com *.rolex.com *.booxi.eu *.naver.net payment.direct.worldline-solutions.com *.hotjar.com *.hotjar.io wisepops.net louispion.fr.bhglmag2.dnd.fr rqz-galerieslafayette.com.bhglmag2.dnd.fr *.louispion.fr *.rqz-galerieslafayette.com payment.preprod.direct.worldline-solutions.com rum.hlx.page localhost *.evermaps.io *.octipas.net https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.googletagmanager.com localhost *.louispion.fr *.evermaps.io *.octipas.net https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src localhost *.louispion.fr *.evermaps.io 'self' 'unsafe-inline'; media-src *.adobe.com localhost *.louispion.fr *.evermaps.io *.youtube-nocookie.com *.octipas.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com ct.pinterest.com *.google.fr *.gstatic.comm *.cookielaw.org *.onetrust.com *.clarity.ms *.advalo.com *.teads.tv *.beeroot.io *.bing.com *.pinterest.com *.googlesyndication.com *.adleadevent.com *.abstractapi.com *.data.gouv.fr *.rolex.com *.adobedtm.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com wisepops.com *.wisepops.com wisepops.net *.wisepops.net louispion.fr.bhglmag2.dnd.fr rqz-galerieslafayette.com.bhglmag2.dnd.fr *.louispion.fr *.rqz-galerieslafayette.com payment.preprod.direct.worldline-solutions.com payment.direct.worldline-solutions.com *.googletagmanager.com px.ads.linkedin.com *.bing.net *.adnxs.com *.adsrvr.org localhost *.evermaps.io *.octipas.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'strict-dynamic'; child-src localhost *.louispion.fr *.evermaps.io assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: *.eventdata.co.uk *.eventdata.uk eventdata.uk *.google-analytics.com px.ads.linkedin.com connect.facebook.com connect.facebook.net syndication.twitter.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.eventdata.co.uk *.eventdata.uk eventdata.uk pay.dnapayments.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.tiny.cloud app.webreg.me snap.licdn.com connect.facebook.net use.fontawesome.com platform.linkedin.com platform.twitter.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; style-src 'self' *.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net app.gleanin.com connect.facebook.com www.gov.uk; frame-src www.booking.com platform.twitter.com pay.dnapayments.com; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://connect.facebook.net; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' https:; report-uri /report-csp-violation 1
default-src 'self' refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io; script-src 'self' 'unsafe-inline' 'wasm-eval' 'unsafe-eval' refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io gstatic.com *.gstatic.com google.com *.google.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net jquery.com *.jquery.com cloudflare.com *.cloudflare.com matomo.netgen.host cdn-cookieyes.com *.cdn-cookieyes.com indeed.com *.indeed.com siteimproveanalytics.com *.siteimproveanalytics.com googleadservices.com *.googleadservices.com adform.net *.adform.net licdn.com *.licdn.com tiktok.com *.tiktok.com dropbox.com *.dropbox.com live.net *.live.net blob: jobcloud.ai *.jobcloud.ai activehosted.com *.activehosted.com googlesyndication.com *.googlesyndication.com infird.com *.infird.com; style-src 'self' 'unsafe-inline' refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com fontawesome.com *.fontawesome.com bunny.net *.bunny.net; font-src 'self' data: refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io gstatic.com *.gstatic.com fontawesome.com *.fontawesome.com bunny.net *.bunny.net faircado.com *.faircado.com; img-src 'self' data: blob: refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io gstatic.com *.gstatic.com google.com *.google.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com vimeocdn.com *.vimeocdn.com kununu.com *.kununu.com glassdoor.ch *.glassdoor.ch sfx.ms *.sfx.ms jobcloud.ai *.jobcloud.ai linkedin.com *.linkedin.com indeed.com *.indeed.com dropbox.com *.dropbox.com ytimg.com *.ytimg.com google.ch *.google.ch adnxs.com *.adnxs.com seadform.net *.seadform.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net googleadservices.com *.googleadservices.com; connect-src 'self' blob: data: refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io gstatic.com *.gstatic.com google.com *.google.com googleapis.com *.googleapis.com firebaseio.com *.firebaseio.com vimeo.com *.vimeo.com kununu.com *.kununu.com pdfjs.express *.pdfjs.express googlesyndication.com *.googlesyndication.com tiktok.com *.tiktok.com tiktokw.us *.tiktokw.us linkedin.com *.linkedin.com matomo.netgen.host doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com overbridgenet.com googleadservices.com *.googleadservices.com; worker-src 'self' blob:; media-src 'self' blob: data:; frame-src 'self' refline.io *.refline.io refline.ch *.refline.ch reflinejobs.io *.reflinejobs.io gstatic.com *.gstatic.com google.com *.google.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com kununu.com *.kununu.com hug-familie.ch *.hug-familie.ch indeed.com *.indeed.com jobcloud.ai *.jobcloud.ai amazonaws.com *.amazonaws.com adform.net *.adform.net; object-src 'none'; report-to uriports; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.globalpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com staging.quba.com www.google.co.in www.facebook.com *.clarity.ms c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com static.hotjar.com www.clarity.ms cdnjs.cloudflare.com script.hotjar.com connect.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com https://google.com/pay api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com stats.g.doubleclick.net u.clarity.ms p.clarity.ms ws.hotjar.com content.hotjar.io n.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.drankgigant.nl *.drankgigant.de 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com www.googletagmanager.com widget.trustpilot.com 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com www.google.nl www.google.be www.google.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com static.buckaroo.nl checkout.buckaroo.nl d5yoctgpv4cpx.cloudfront.net invitejs.trustpilot.com widget.trustpilot.com cdn.optimizely.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com checkout.buckaroo.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com google.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-uRz_dQkfs-YeXfe5qVtUkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-FyjVQAjDFZvFjO2PgUeg7w==' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Kn0ehe0Ue2UqqjdpvNuyoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-CuqkTqoiw4vgboAgIAcrfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://fonts.gstatic.com *.bootstrapcdn.com *.jsdelivr.net *.bunny.net *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://*.dpdconnect.nl js.mollie.com *.trustpilot.com *.hotjar.com *.googletagmanager.com *.cookiebot.eu *.pinterest.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://www.mollie.com https://redchamps.com www.sleiderink.nl staging.sleiderink.nl sleiderinkupd.hypernode.io *.cloudflare.com *.cloudimage.io *.cloudimg.io *.linkedin.com *.adsymptotic.com *.google.com *.google.nl *.trengo.eu *.bing.com *.feedbucket.app sleiderink.stimmt.dev *.usercentrics.eu *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.dpdconnect.nl https://browser.sentry-cdn.com js.mollie.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.googletagmanager.com *.chimpstatic.com *.adobetm.com polyfill.io *.doubleclick.net *.cookiebot.eu *.bing.com *.clarity.ms *.clarity.ms/collect *.pinimg.com *.pinterest.com *.trengo.eu *.feedbucket.app *.jsdelivr.net *.facebook.net *.leadinfo.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com *.bunny.net *.feedbucket.app *.jsdelivr.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://*.ingest.sentry.io *.cloudflare.com *.pingdom.net *.hotjar.com *.doubleclick.net *.usercentrics.eu *.pinterest.com *.bing.com *.trengo.eu *.clarity.ms *.clarity.ms/collect *.cookiebot.eu *.feedbucket.app *.facebook.com *.facebook.net *.leadinfo.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sleiderink.dev/; report-to report-endpoint; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.nl/api/csp-report; report-to csp-endpoint 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Ypx1cCrZCSJVO9YGrSG6cw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-60FnLI67lWm5ktGiZiXGAA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-8JmIPqGL2yk_6wvTRd2vdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-hashes' https://an.yandex.ru/system/context.js https://counter.rambler.ru/top100.jcn https://mc.yandex.ru/metrika/tag.js https://privacy-cs.mail.ru/static/sync-loader.js https://site.yandex.net/v2.0/js/all.js https://top-fwz1.mail.ru/js/code.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://yandex.ru/ads/system/context.js https://yastatic.net/share2/share.js; style-src 'report-sample' 'self' 'unsafe-hashes'; object-src 'none'; base-uri 'self'; connect-src 'self' https://an.yandex.ru https://kraken.rambler.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://www.google-analytics.com https://yandex.ru; font-src 'self' https://yastatic.net; frame-src 'self' https://vk.com https://yastatic.net; img-src 'self' data: https://avatars.mds.yandex.net https://counter.yadro.ru https://favicon.yandex.net https://informer.yandex.ru https://mc.yandex.com https://top-fwz1.mail.ru; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-JrI5DxaZjwUTITApqr1_RA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-MSdV8HUqsXn6EUotDYZwPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://shopstatic.magflags.de https://static.car-flags.eu https://static.car-flag.co.uk https://static.auto-fahnen.net https://static.auto-flaggen.at https://static.car-flags.net https://static.magflags.net https://static.autofahne.ch data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://shopstatic.magflags.de https://static.car-flags.eu https://static.car-flag.co.uk https://static.auto-fahnen.net https://static.auto-flaggen.at https://static.car-flags.net https://static.magflags.net https://static.autofahne.ch https://media.magflags.de https://media.car-flags.eu https://media.car-flag.co.uk https://media.auto-fahnen.net https://media.auto-flaggen.at https://media.car-flags.net https://media.magflags.net https://media.autofahne.ch data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network https://*.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://assets.adobedtm.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://m.stripe.network https://*.stripecdn.com https://*.hcaptcha.com https://track.magflags.de https://shopstatic.magflags.de https://static.car-flags.eu https://static.car-flag.co.uk https://static.auto-fahnen.net https://static.auto-flaggen.at https://static.car-flags.net https://static.magflags.net https://static.autofahne.ch 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://shopstatic.magflags.de https://static.car-flags.eu https://static.car-flag.co.uk https://static.auto-fahnen.net https://static.auto-flaggen.at https://static.car-flags.net https://static.magflags.net https://static.autofahne.ch https://www.magflags.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com autocomplete2.postdirekt.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com wss://ws.hotjar.com https://content.hotjar.io https://*.stripe.com https://www.google-analytics.com https://www.google.com https://api.braintreegateway.com https://track.magflags.de https://shopstatic.magflags.de https://static.car-flags.eu https://static.car-flag.co.uk https://static.auto-fahnen.net https://static.auto-flaggen.at https://static.car-flags.net https://static.magflags.net https://static.autofahne.ch 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-VCThIkw7H5S0OBo8STRNyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-uncfoaFpcp2P98rVJkQdsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net https://static.lyra.com/static/ *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.modehaus.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cleverreach.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ fklingenthal.jobbase.io *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com *.googleapis.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.googletagmanager.com *.klarna.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ snapwidget.com secure.pay1.de *.hotjar.com *.modehaus.dev *.page2flip.de fklingenthal.jobbase.io fklingenthal.onlyfy.jobs c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.cloudfront.net https://*.etracker.com https://*.etracker.de https://www.magezon.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ flagpedia.net *.amazonaws.com s3.eu-central-1.amazonaws.com *.s3.eu-central-1.amazonaws.com modehaus-ai-generated.s3.eu-central-1.amazonaws.com *.google.co.in my.page2flip.de app.klingenthal.modehaus.de api.region-bayreuth.de scontent-ham3-1.cdninstagram.com fklingenthal.jobbase.io www.etracker.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.com https://*.etracker.de connect.facebook.net *.googleadservices.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ maps.googleapis.com *.modehaus.de *.modehaus2.de *.klingenthal.de *.etracker.com *.etracker.de snapwidget.com *.widgetwhats.com *.hotjar.com www.etracker.de *.modehaus.dev *.page2flip.de fklingenthal.jobbase.io fklingenthal.onlyfy.jobs api.signalize.com *.hotjar.io *.adcell.com *.hyj.mobi *.ad-srv.net ipdpx.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://static.lyra.com/static/ *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com *.widgetwhats.com *.bootstrapcdn.com *.modehaus.dev fklingenthal.jobbase.io assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.de *.googletagmanager.com stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com *.modehaus.de *.klingenthal.de *.widgetwhats.com *.hotjar.com *.modehaus.dev *.page2flip.de fklingenthal.jobbase.io www.etracker.de wss://*.hotjar.com *.hotjar.io *.adcell.com *.hyj.mobi *.ad-srv.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src www.askmid.com; script-src  www.askmid.com  'unsafe-inline' 'unsafe-eval'; style-src www.askmid.com 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-hfWyABb_fLIwnOaTlBFznw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://www.googletagmanager.com/ https://js.hsforms.net/ https://js.hubspot.com/; script-src  'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.gstatic.com/ https://js.hsforms.net/ https://www.google.com/ https://www.google-analytics.com/ https://amplify.review-alerts.com/ https://cdn.callrail.com/ https://script.crazyegg.com/  https://js.hsadspixel.net/ https://*.facebook.net/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://tag.marinsm.com/ https://js.hubspot.com/ https://addtocalendar.com/ https://unpkg.com/ https://cdn.jsdelivr.net/ https://maps.googleapis.com/ https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/; style-src  'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://js.hsforms.net https://www.google.com https://www.google-analytics.com https://addtocalendar.com/ https://unpkg.com/  https://fonts.googleapis.com/; img-src 'self' data: https://forms-na1.hsforms.com https://www.google-analytics.com/ https://www.googletagmanager.com https://*.linkedin.com/ https://www.facebook.com https://perf-na1.hsforms.com/ https://track.hubspot.com/ https://www.google.co.in/ https://*.gstatic.com/ https://*.googleapis.com/ https://rtx-source-icons.s3.amazonaws.com/ https://i.ytimg.com https://translate.google.com/ ; media-src  'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://hemsync.clickagy.com/ https://www.googletagmanager.com/ https://*.hsforms.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src  'self' https://*.hsforms.com https://*.hsforms.net https://www.googletagmanager.com  https://www.google-analytics.com https://analytics.google.com https://*.linkedin.com https://*.hubspot.com https://api.hubapi.com/ https://stats.g.doubleclick.net/ https://amplify.review-alerts.com/ https://maps.googleapis.com https://api.ipify.org https://aorta.clickagy.com/ https://hemsync.clickagy.com/ https://ws.zoominfo.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://js.zi-scripts.com/; report-uri https://685dce7e841f0014a4c0cc1c.endpoint.csper.io/?v=0; upgrade-insecure-requests 1
worker-src *.useinsider.com *.api.useinsider.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.fontawesome.com *.useinsider.com *.api.useinsider.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://plumrocket.com *.useinsider.com *.api.useinsider.com landofcoder.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.trackedlink.net *.ddlnk.net *.useinsider.com *.api.useinsider.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.api.useinsider.com landofcoder.com static.zipmoney.com.au static.zip.co zip.co https://www.horseland.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.useinsider.com *.api.useinsider.com 'self' 'unsafe-inline'; object-src *.useinsider.com *.api.useinsider.com landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.trustpilot.com *.googletagmanager.com sst.parfumerie.nl ct.pinterest.com www.facebook.com widget.trustpilot.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com flagpedia.net https://www.mollie.com *.hsforms.net *.hsforms.com *.cdn.imgeng.in 'self' data: www.google.com.ua *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://images.parfumerie.nl sst.parfumerie.nl https://ct.pinterest.com https://s.pinimg.com www.facebook.com https://analytics.tiktok.com nd3wrk1b.cdn.imgeng.in lantern.roeye.com www.google.nl cdn-cookieyes.com bat.bing.com *.analytics.google.com www.google.be/ads/ga-audiences stats.g.doubleclick.net https://sst.parfumerie.nl data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net use.typekit.net *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com maps.googleapis.com js.mollie.com *.hsforms.net *.hsforms.com *.cdn.imgeng.in *.google.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com sst.parfumerie.nl https://s.pinimg.com https://connect.facebook.net https://analytics.tiktok.com cdn-cookieyes.comm static.klaviyo.com widget.trustpilot.com invitejs.trustpilot.com static-tracking.klaviyo.com www.dwin1.com s.pinimg.com d5yoctgpv4cpx.cloudfront.net cdn-cookieyes.com lantern.roeyecdn.com analytics.tiktok.com ct.pinterest.com bat.bing.com connect.facebook.net product-library.widgets.scentxp.net/index.iife.js scentbot.widgets.scentxp.net/index.iife.js https://sst.parfumerie.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.gstatic.com *.adobedtm.com *.cdn.imgeng.in *.googleapis.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.sentry.io https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.gstatic.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com sst.parfumerie.nl https://graph.facebook.com https://analytics.tiktok.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com widget.trustpilot.com ct.pinterest.com cdn-cookieyes.com directory.cookieyes.com log.cookieyes.com analytics-ipv6.tiktokw.us bat.bing.net bat.bing.com y1e7qslep5.execute-api.eu-west-2.amazonaws.com https://sst.parfumerie.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com bat.bing.com log.cookieyes.com commerce.adobedc.net analytics.tiktok.com bat.bing.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://parfumerie.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; report-to wizard 1
default-src *.facebook.com *.fbcdn.net *.instagram.com blob:;script-src *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-Gx5CRJku' blob: 'self' 'wasm-unsafe-eval' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com https://accounts.google.com;connect-src *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://accounts.google.com;font-src *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com *.tenor.co *.tenor.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.fbsbx.com data: blob: https://*.giphy.com *.tenor.co *.tenor.com;child-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;manifest-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;object-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
object-src 'none';base-uri 'self';script-src 'nonce-6pCtFNHRDImAUyCXxOpjpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com *.static.klaviyo.com static.klaviyo.com *.certcapture.com *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.certcapture.com https://www.merchante-solutions.com https://hostedpayments.merchante.com https://merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://elements.sandbox.fortis.tech https://elements.fortis.tech www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.certcapture.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.doubleclick.net www.activemerchandiser.com my.matterport.com ct.pinterest.com *.cdn-lg.accentdecor.com *.fortis.tech *.cardinalcommerce.com https://www.googletagmanager.com/ magento-cloudflare.jetrails.com www.youtube.com *.google.com/ https://merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com maps.gstatic.com *.certcapture.com https://www.magezon.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com developers.google.com maps.googleapis.com *.accentdecor.com *.doubleclick.net ct.pinterest.com *.fortis.tech galleryuseastprod.blob.core.windows.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech *.fortis.tech https://elements.sandbox.fortis.tech elements.fortis.tech www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.certcapture.com *.curalate.com *.mailchimp.com *.paypal.com *.googletagmanager.com *.googleanalytics.com *.merchante-solutions.com *.adobetm.com *.braintreegateway.com *.yotpo.com js-agent.newrelic.com bam.nr-data.net chimpstatic.com eastprodcdn.azureedge.net mc.us1.list-manage.com *.accentdecor.com  maps.googleapis.com *.fullstory.com s.pinimg.com *.cloudfront.net *.static.cloudflareinsights.com static.cloudflareinsights.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.ajax.cloudflare.com ct.pinterest.com cdn.appifycommerce.com appifycommerce.com *.merchant-solutions.com *.cardinalcommerce.com challenges.cloudflare.com *.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.certcapture.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com *.static-tracking.klaviyo.com static-tracking.klaviyo.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.certcapture.com *.curalate.com *.amazonpay.com *.amazon.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com  maps.googleapis.com *.fullstory.com *.velaro.com ct.pinterest.com *.analytics.google.com *.google-analytics.com https://analytics.google.com *.cloudflareinsights.com cdn.appifycommerce.com appifycommerce.com *.fortis.tech api.merchant-solutions.com *.cardinalcommerce.com eastprodcdn.azureedge.net challenges.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com https://writer.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-gF7ZhD8PU-CN4Ky0-uDxUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'self'  https://cdn.suitableshop.net https://bat.bing.com https://d5yoctgpv4cpx.cloudfront.net https://tggng.suitableshop.nl 'unsafe-inline' ; 1
default-src 'self' *.google-analytics.com *.google.com *.bing.com *.facebook.com *.clarity.ms data: *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.youtube.com *.cdn.jsdelivr.net *.atbnd.com *.tiktok.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app; connect-src 'self' *.google.com *.cookielaw.org *.doubleclick.net cdn.cookielaw.org *.clarity.ms *.hotjar.com *.google-analytics.com *.nr-data.net *.onetrust.com *.bing.com *.hotjar.io *.taboola.com *.googlesyndication.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.empathy.co *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.cdn.jsdelivr.net *.atbnd.com *.linkedin.com *.licdn.com *.visualwebsiteoptimizer.com *.tiktok.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.gstatic.com *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.cdn.jsdelivr.net *.atbnd.com *.tiktok.com *.analytics.tiktok.com *.facebook.com; frame-src 'self' *.hotjar.com *.addtoany.com *.doubleclick.net *.cookielaw.org *.facebook.com *.totalenergies.es *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.youtube.com *.cdn.jsdelivr.net *.atbnd.com *.googletagmanager.com *.tiktok.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app; img-src 'self' *.google-analytics.com *.google.com *.bing.com *.facebook.com *.clarity.ms data: *.b26net.com *.invibes.com *.acquia-sites.com *.quantserve.com *.mookie1.com *.cookielaw.org *.adnxs.com *.google.es *.googletagmanager.com *.doubleclick.net *.analytics.google.com *.g.doubleclick.net *.googlesyndication.com *.empathy.co https://totalenergies.com *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.google.com.uy *.cdn.jsdelivr.net *.atbnd.com *.linkedin.com *.licdn.com *.visualwebsiteoptimizer.com *.totalenergies.es *.tiktok.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app about: https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-eval' *.cloudflare.com *.addtoany.com *.unpkg.com *.fontwesome.com *.quantserve.com *.taboola.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.cdn.jsdelivr.net *.atbnd.com https://totalenergies.com *.tiktok.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app cdn.jsdelivr.net cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://static.addtoany.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.newrelic.com *.facebook.net *.bing.com *.unpkg.com *.cookielaw.org *.google-analytics.com *.doubleclick.net *.mookie1.com *.hotjar.com *.nr-data.net *.clarity.ms *.quantcount.com *.quantserve.com *.kaspersky-labs.com *.empathy.co *.taboola.com trc-events.taboola.com *.googlesyndication.com *.totalenergies.es *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.youtube.com *.cdn.jsdelivr.net *.atbnd.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.tiktok.com *.visualwebsiteoptimizer.com *.analytics.tiktok.com *.bat.bing.net *.analytics-ipv6.tiktokw.us *.mpc-prod-18-s6uit34pua-uc.a.run.app cdn.jsdelivr.net cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://static.addtoany.com https://www.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net https://unpkg.com *.fontawesome.com *.cdn.jsdelivr.net *.atbnd.com *.tiktok.com *.analytics.tiktok.com *.facebook.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com *.cdn.jsdelivr.net *.atbnd.com *.licdn.com *.tiktok.com *.analytics.tiktok.com *.facebook.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com; frame-ancestors 'self' 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.klarnacdn.net https://fonts.bunny.net *.acsbapp.com static.sizebay.technology www.corneliani.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com www.corneliani.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io www.corneliani.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.klarna.com *.playground.klarna.com calendly.com *.doubleclick.net *.cookiebot.com *.dacast.com *.nextingcompany.com *.2trk.info www.xtento.com static.criteo.net new-shoe-experience.sizebay.technology vfr-v3-production.sizebay.technology measurements-table.sizebay.technology www.corneliani.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.clerk.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarnaevt.com https://firebasestorage.googleapis.com *.amazonaws.com pixel.quantserve.com *.cloudfront.net cx.atdmt.com *.clerk.io *.1rx.io *.adsymptotic.com *.bing.com *.google.it *.doubleclick.net *.clarity.ms *.calendly.com *.bidswitch.net *.adnxs.com *.adscale.de *.omnitagjs.com *.casalemedia.com *.360yield.com *.yieldlab.net *.media.net *.mediavine.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartclip.net *.tremorhub.net *.tremorhub.com *.3lift.com *.acsbapp.com *.equalweb.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.emxdgt.com *.adform.net id5-sync.com *.ivitrack.com *.yieldmo.com *.krxd.net *.thebrighttag.com *.cookiebot.com blob: *.unrulymedia.com www.xtento.com cdn.xtento.com www.google.at www.google.co.ma www.google.co.uk www.google.lv www.google.co.uz www.google.fr www.google.gr www.google.co.in www.google.ro www.google.ie www.google.se connect.facebook.net www.google.be www.google.de www.google.no www.google.com.sa www.google.es www.google.by csm.fr3.eu.criteo.net www.google.dk www.google.ch www.google.cd www.google.sk www.google.cz www.google.co.za www.google.com.ua www.google.pl csm.us5.us.criteo.net www.google.jo csm.nl3.eu.criteo.net www.google.pt www.google.co.il www.google.ba www.google.com.tr www.google.com.co www.google.co.kr www.google.ru www.google.ae www.google.ca www.google.hn www.google.hu www.google.me www.google.iq www.google.com.au www.google.com.mx www.google.com.ph www.google.bg www.google.hr www.google.kg www.google.fi www.google.rs lh3.ggpht.com www.google.az www.google.kz www.google.com.cy www.google.com.eg www.google.com.ng www.google.tn www.facebook.com www.google.com.vn www.google.am static.sizebay.technology www.corneliani.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.clerk.io https://cdn.clerk.io *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net *.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com utt.impactcdn.com *.klarna.com x.klarnacdn.net *.avada.io https://cdn.scalapay.com *.clerk.io *.doubleclick.net/ *.quantserve.com rules.quantcount.com *.adform.net 127.0.0.1 commerce.adobedc.net *.aptrinsic.com *.iubenda.com *.cloudfront.net *.tremorhub.com acsbapp.com *.acsbapp.com *.equalweb.com *.calendly.com *.myfeelback.com *.bing.com clarity.ad *.clarity.ad *.cookiebot.com *.sizebay.technology *.preciso.net www.xtento.com cdn.xtento.com custom.clerk.io dynamic.criteo.com vfr-v3-production.sizebay.technology static.sizebay.technology www.corneliani.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.klarnacdn.net https://fonts.bunny.net *.calendly.com *.equalweb.com x.klarnacdn.net static.sizebay.technology vfr-v3-production.sizebay.technology www.corneliani.com 'self' 'unsafe-inline'; object-src www.corneliani.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com https://corneliani.eu-central-1.linodeobjects.com www.corneliani.com 'self' 'unsafe-inline'; manifest-src www.corneliani.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net x.klarnacdn.net *.klarna.com https://get.geojs.io *.avada.io *.doubleclick.net *.iubenda.com acsbapp.com *.acsbapp.com *.equalweb.com *.myfeelback.com *.googlesyndication.com *.criteo.com *.bing.com *.cookiebot.com *.sizebay.technology maps.googleapis.com translate.googleapis.com www.google.com vfr-v3-production.sizebay.technology www.corneliani.com 'self' 'unsafe-inline'; child-src www.corneliani.com http: https: blob: 'self' 'unsafe-inline'; default-src www.corneliani.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.corneliani.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.openstreetmap.org https://maps.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net https://player.vimeo.com https://www.youtube.com *.hsforms.net *.hsforms.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.openstreetmap.org https://maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-lglwYsTvCKhJRU3tJdsr5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src https://fonts.gstatic.com fonts.gstatic.com *.fontawesome.com *.miraphone.com 'self' data: *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.powr.io *.google.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://img.youtube.com *.stats.g.doubleclick.net *.facebook.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io *.google.com *.googletagmanager.com *.gstatic.com *.powr.io *.facebook.net https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.miraphone.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://miraphone.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.cdnfonts.com *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: *.fontawesome.com https://fonts.bunny.net *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.wwhardware.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com www.wwhardware.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com platform.twitter.com *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.yotpo.com www.wwhardware.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com *.wwhardware.com pixel.tapad.com ml314.com *.cloudflare.com *.bing.com *.zonos.com *.marchex.io *.google.com *.pinterest.com *.adroll.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.company-target.com *.instinctiveads.com *.dca0.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.certcapture.com *.cloudflare.com *.twitter.com *.fontawesome.com *.marchex.io *.hotjar.com *.bing.com *.googletagmanager.com *.pinterest.com http://chimpstatic.com *.zonos.com *.adroll.com *.dca0.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.jsdelivr.net *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.wwhardware.com https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com https://static.klaviyo.com https://fonts.bunny.net assets.braintreegateway.com fonts.cdnfonts.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.wwhardware.com www.wwhardware.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.certcapture.com a.klaviyo.com *.cloudflare.com *.hotjar.com *.zonos.com *.google-analytics.com *.doubleclick.net *.adroll.com *.dca0.com *.attentivemobile.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.wwhardware.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com www.wwhardware.com http: https: blob: 'self' 'unsafe-inline'; default-src www.wwhardware.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wwhardware.com/; report-to report-endpoint; 1
font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net 'self' data: www.searchanise.com *.searchserverapi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com meetanshi.com *.multisafepay.com https://pay.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com meetanshi.com *.multisafepay.com https://pay.google.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.feedaty.com *.disqus.com https://firebasestorage.googleapis.com *.meetanshi.com meetanshi.com *.multisafepay.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.feedaty.com upstream.heidipay.com sbx-upstream.heidipay.io *.disqus.com *.google.com *.avada.io *.meetanshi.com meetanshi.com *.multisafepay.com https://pay.google.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.doofinder.com downloads.mailchimp.com *.feedaty.com *.google.com https://fonts.bunny.net *.multisafepay.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com *.doofinder.com wss://*.doofinder.com *.feedaty.com upstream.heidipay.com sbx-upstream.heidipay.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com meetanshi.com *.multisafepay.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.amplitude.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://ws.ephapay.net/ https://pp.ephapay.net/ https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://castle.verseapps.co.uk https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://*.azurewebsites.net https://*.onetrust.com https://*.cloudfront.net https://*.privacy-center.org https://privacy-center.org https://*.sjv.io https://forms.airship.co.uk https://verifi.podscribe.com https://ipv4.podscribe.com https://www.recaptcha.net browns-restaurants.co.uk *.browns-restaurants.co.uk 'unsafe-inline' 'unsafe-eval' *.dynatrace.com *.eagleeye.com *.gstatic.com https://stage65-az *.quandoo-partner.com *.jsdelivr.net fonts.googleapis.com *.sc-static.net data: clicksandmortar-production.com *.clicksandmortar-production.com mbplc.io *.mbplc.io facebook.com *.facebook.com *.designmynight.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=b50etstBD4EPbfgPvnB4ENkjJ5QfcTEZYRzNFbj86PU-1773711023-1.0.1.1-nYN5XKLR3nz6mkABWxS2pprTenZWXOaLZa_4gsAFD_S7i2NzMtHdPOHI41TrDn989pY1gRsqaZMZpaGPbKl1CN5RyRjOjN.tLd8mTQ1N4j6oGWclLRcMtjylyV2WJXBiAr9FBKCRWlEhR3El3EV.Kmh21o2Qef37SmAn_wvTLZXyYTf9h5Hb334kjLRLVxvG2UfFzLLvwXgZ4hU1FoqW.ahPneh9vWiANC.nPRnDFfo; report-to cf-wgwdhywxmksvhfam 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=25657&v=v1.0&payload=ArFBRLoHxOoGu3d8FIyIjKV84BV7-M2TZb2PBPB9JKY67c6NSaZ--LtvU3tcj2R-1kY2bLpxQaUh8I16sMCFJSXb22Ft1BiH5ikFTTThcZsEy3ajBLgcHJofuuRxf1dqaDwwSN301VgzPsBVCez-2fsUPi0eV_k7tNf9J3AueZ8=; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-MZSDPt2b50B8OSy7aYGdv0yM6' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://*.gstatic.com data: *.globalpay.com https://fonts.gstatic.com https://*.realexpayments.com https://*.prommt.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://*.securesuite.co.uk https://securesuite.co.uk https://*.realexpayments.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://*.securesuite.co.uk https://securesuite.co.uk https://pay.google.com https://payments.google.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.trustpilot.com https://*.realexpayments.com https://www.googletagmanager.com https://consentag.eu https://*.prommt.com https://*.google.com https://*.hotjar.com js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://*.gstatic.com *.googleapis.com *.globalpay.com https://www.gstatic.com/instantbuy/svg/dark/pay/en.svg https://www.gstatic.com/instantbuy/svg/light/pay/en.svg https://www.gstatic.com/instantbuy/svg/dark/en.svg https://www.gstatic.com/instantbuy/svg/light/en.svg https://*.googleapis.com https://*.google.com https://*.paypal.com https://*.usercentrics.eu https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net services.postcodeanywhere.co.uk https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://*.securesuite.co.uk https://securesuite.co.uk https://payments.google.com https://www.google.com https://*.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.paypal.com https://*.trustpilot.com https://unpkg.com https://*.unpkg.com https://*.usercentrics.eu https://*.realexpayments.com https://*.prommt.com https://www.googletagmanager.com https://static.ads-twitter.com https://*.licdn.com https://*.clarity.ms https://connect.facebook.net https://*.data-crypt.com https://consentag.eu https://*.pcapredict.com/js/sensor.js https://*.hotjar.com https://secure.leadforensics.com api.addressy.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://*.cloudfront.net https://*.googleapis.com https://*.realexpayments.com https://*.prommt.com https://*.typekit.net api.addressy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net https://*.realexpayments.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://google.com/pay https://pay.google.com *.globalpay.com https://js.globalpay.com https://js-cert.globalpay.com https://*.securesuite.co.uk https://securesuite.co.uk https://payments.google.com https://*.freshdesk.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://unpkg.com https://*.unpkg.com https://*.usercentrics.eu https://*.realexpayments.com https://*.prommt.com https://www.googletagmanager.com https://static.ads-twitter.com https://*.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://connect.facebook.net https://*.data-crypt.com https://consentag.eu https://*.adobedc.net https://*.nr-data.net api.addressy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://www.googleadservices.com https://www.youtube.com https://maps.googleapis.com https://*.recruitnow.nl https://*.jobster.com https://*.olympia.nl https://code.jquery.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com/consentconfig/ https://www.googletagmanager.com https://olympia-prelive.recruitnowcockpit.nl https://bat.bing.com https://snap.licdn.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://cdn.infisecure.com; style-src 'unsafe-inline' 'report-sample' 'self' https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://api.pdok.nl https://www.google.nl https://maps.googleapis.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://www.googletagmanager.com https://*.recruitnow.nl https://olympia-prelive.recruitnowcockpit.nl https://*.olympia.nl https://region1.analytics.google.com https://googleads.g.doubleclick.net https://bat.bing.com https://px.ads.linkedin.com https://www.google.com https://translate.googleapis.com; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net; img-src 'self' data: https://*.doubleclick.net https://*.ytimg.com https://*.talent.com https://maps.gstatic.com https://maps.googleapis.com https://imgsct.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.cockpit.recruitnow.nl https://www.facebook.com https://px.ads.linkedin.com https://bat.bing.com https://www.google.com https://www.google.nl https://fonts.gstatic.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https:; connect-src 'self' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src 'self' https:; report-uri https://fea288dc3a293a645b8e665215b90747.report-uri.com/r/d/csp/reportOnly; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://*.tidiochat.com https://*.tidio.co https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.google.com *.doubleclick.net *.facebook.com *.youtube-nocookie.com https://*.hulla-cdn.com live.hullabalook.com https://*.pinterest.com https://online-mi.flexiti.fi https://online.flexiti.fi https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.s3.amazonaws.com cdnjs.cloudflare.com unpkg.com https://*.google.ca https://onlineapi-mi.flexiti.fi https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com https://*.hotjar.com https://*.omappapi.com https://*.privacy-center.org *.googleapis.com https://*.hulla-cdn.com https://*.hullabalook.com https://*.tidio.co https://*.tidiochat.com https://*.clarity.ms https://*.pinterest.com https://*.klaviyo.com https://*.pinimg.com https://hosted.paysafe.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com maxcdn.bootstrapcdn.com https://*.hullabalook.com https://*.hulla-cdn.com https://*.omappapi.com https://*.klaviyo.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.tidiochat.com https://*.tidio.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ vimeo.com maps.googleapis.com https://*.privacy-center.org wss://*.hotjar.com/ https://*.hotjar.com https://*.hotjar.io https://*.omappapi.com wss://*.tidio.co/ https://*.tidio.co https://*.hulla-cdn.com https://*.hullabalook.com https://*.pinterest.com/ https://*.googlesyndication.com https://*.g.doubleclick.net/ https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.privacy-center.org https://*.hullabalook.com https://*.hulla-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net; script-src 'nonce-931563a6f2a1492ca821799bbd951110'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net; style-src 'self' 'nonce-931563a6f2a1492ca821799bbd951110'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.playthroneandliberty.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dl1f6y24yx1ap.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=146-5095282-3135800:rid=5065B3B1D5154983803C:sn=www.playthroneandliberty.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com www.beautyrewards.shop data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.pinterest.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.trustedshops.com cdn.cookielaw.org res.cloudinary.com www.b2c-nfinity.com t.squeezely.tech cdn-icons-png.flaticon.com docker.creative-serving.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.etrusted.com *.pinterest.com bat.bing.com *.adyen.com *.facebook.com img.youtube.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.co.uk *.google.ca b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net *.amazonaws.com blob: www.google.ge magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.trustedshops.com squeezely.tech bat.bing.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be unpkg.com cdn.jsdelivr.net commerce.adobe.net *.googletagmanager.com cdn.doofinder.com analytics.tiktok.com *.google.co.uk *.google.ca s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net *.trustpilot.com *.sendcloud.sc *.jsdelivr.net https://connect.facebook.net *.google.fr *.disqus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com beautyrewards.shop www.beautyrewards.shop api.odicci.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.etrusted.com *.pinterest.com *.sendcloud.sc *.jsdelivr.net *.fontawesome.com assets.braintreegateway.com use.typekit.net p.typekit.net beautyrewards.shop www.beautyrewards.shop 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com youtu.be www.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.google.lk analytics.topdrinks.nl ws.hotjar.com wss://ws.hotjar.com content.hotjar.io analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.adyen.com maps.googleapis.com nominatim.openstreetmap.org *.onyourmap.com *.mapbox.com *.doofinder.com wss://*.doofinder.com analytics.tiktok.com ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.sendcloud.sc *.cdn.jsdelivr.net https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca www.beautyrewards.shop beautyrewards.shop *.beautyrewards.shop 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com https://www.trustedsite.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com https://cdn.ywxi.net guarantee-cdn.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://cdn.ywxi.net https://www.trustedsite.com *.trustpilot.com *.cloudflare.com guarantee-cdn.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.frizbit.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.disqus.com *.avada.io *.oppwa.com oppwa.com *.peachpayments.com *.yotpo.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.frizbit.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net oppwa.com *.oppwa.com *.peachpayments.com *.yotpo.com *.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.frizbit.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.ingrid.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klaviyo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klaviyo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.cookielaw.org *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net static.klaviyo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klaviyo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.cookielaw.org *.onetrust.io *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com fonts.gstatic.com *.fontawesome.com *.findologic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.googleapis.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com www.youtube.com *.google.com *.google.com/ js.mollie.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com https://cdn.clerk.io cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com widgets.trustedshops.com *.google.de *.usercentrics.eu https://firebasestorage.googleapis.com quickchart.io img.youtube.com https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.google.com *.clarity.ms *.findologic.com widgets.trustedshops.com *.adform.net *.googlecommerce.com *.kk-resources.com *.usercentrics.eu *.s24.com *.avada.io *.google.com/ js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io d.ratepay.com d.payla.io dr.payla.io widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.findologic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.clarity.ms *.usercentrics.eu *.demdex.net https://get.geojs.io *.avada.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.moengage.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com *.olaelectric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com/ *.moengage.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.moengage.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://*;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* blob:;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*;  style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*;  font-src 'self' data: https://fonts.gstatic.com https://*;  img-src 'self' data: blob: https://*;  connect-src 'self' https://* http://* wss://*;  frame-src 'self' https://*; 1
default-src 'self' googletagmanager.com *.googletagmanager.com google.com.au *.google.com.au google.com *.google.com google-analytics.com *.google-analytics.com cloudflare.com *.cloudflare.com doubleclick.net *.doubleclick.net afterpay.com *.afterpay.com facebook.net *.facebook.net klaviyo.com *.klaviyo.com youtube.com *.youtube.com amxsuperstores.com.au *.amxsuperstores.com.au; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=hU7CrZtw5SDU7kF2hn_R8xdqYNiBkEeHHGsMkw53f7s-1773716172.8634508-1.0.1.1-lPbm59xN.zOzpC6h_l2SZD3GAmZ2UuvnWd06boFlfxzXjHQw7BCz1cajrxZCkuH0uQTj7HABv3zQ1c5Oh1EUdmEiR.WGGlCxkg1aZIn0huD.M3NA71LusUzLYEhXrVNc5kWAd8W5xQRZ5FR3NHENtF.z8alQK_MhYYqnQLCjauFongzMwV9hbfhszwbL9xOJL9qY1xWDHwh8SKGmjwi9gA; report-to cf-mlqsgfeyfggttdhj 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.useinsider.com https://www.gstatic.com https://fonts.gstatic.com https://*.typekit.net https://fonts.googleapis.com *.alicdn.com *.bazaarvoice.com *.googleusercontent.com *.homehardware.com.au *.hotjar.com *.hsappstatic.net *.slant.co *.zip.co *.alipayobjects.com *.cloudflare.com *.fontawesome.com *.fonts.net *.fontshare.com *.googleapis.com *.migaku.com *.mitre10.com.au *.qantas.com *.ziplyne.com *.crisp.chat *.bootstrapcdn.com *.shopback.com yastatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://app.contentful.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.useinsider.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.b0e8.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.mitre10.com.au https://*.openstreetmap.org https://scontent.cdninstagram.com https://tracker.unbxdapi.com *.dotomi.com *.eyeota.net *.googleapis.com *.mitre10.com.au *.openx.net *.pubmatic.com www.google.bf www.google.ca www.google.ch www.google.cm www.google.co.ck www.google.co.id www.google.co.in www.google.co.kr www.google.co.nz www.google.co.ug www.google.co.uk www.google.co.za www.google.co.zm www.google.com.au www.google.com.bd www.google.com.fj www.google.com.gh www.google.com.hk www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vn www.google.de www.google.dk www.google.es www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.nl www.google.pl www.google.rs www.google.se *.amazon-adsystem.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bt www.google.by www.google.ci www.google.cl www.google.co.bw www.google.co.cr www.google.co.il www.google.co.jp www.google.co.ke www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.th www.google.co.tz www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sb www.google.com.sl www.google.com.tr www.google.com.ua www.google.com.uy www.google.cz www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hn www.google.im www.google.iq www.google.jo www.google.ki www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mk www.google.mu www.google.mw www.google.no www.google.pt www.google.ro www.google.ru www.google.sc www.google.si www.google.sk www.google.sn www.google.tn www.google.tt www.google.vu www.google.ws zip.co *.afterpay.com *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.cursors-4u.net *.google.com *.googleusercontent.com *.pinterest.com *.qualtrics.com *.shopback.com *.snapchat.com *.zipmoney.com.au dakotaram.com s3.amazonaws.com web-cockroach.herokuapp.com www.google.ad www.google.al www.google.as www.google.az www.google.bj www.google.bs www.google.cd www.google.cg www.google.co.ao www.google.com.af www.google.com.ag www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.bz www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.mm www.google.com.ni www.google.com.om www.google.com.py www.google.com.sv www.google.com.vc www.google.cv www.google.dj www.google.fm www.google.ga www.google.gm www.google.gy www.google.ht www.google.is www.google.je www.google.kg www.google.kz www.google.me www.google.mg www.google.ml www.google.mn www.google.mv www.google.nr www.google.ps www.google.rw www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to yastatic.net *.alicdn.com *.googleadservices.com www.google.com.gi www.google.dm www.google.gl www.google.nu www.google.pn www.google.sh www.google.td *.ctfassets.net metcashgiftcards.com.au *.baidu.com *.bing.com *.google-analytics.com *.hotjar.com *.humm-group.com speechit.pro www.google.li www.google.sm www.google.st *.ivaws.com sevr.au www.xtento.com cdn.xtento.com t.zip.co static.zip.co *.hsforms.net *.hsforms.com https://images.ctfassets.net https://images.secure.ctfassets.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.b0e8.com *.bc0a.com *.plugins.emarsys.net *.scarabresearch.com *.useinsider.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://libraries.unbxdapi.com https://d21gpk1vhmjuf5.cloudfront.net https://s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js https://cdn.optimizely.com https://rum.optimizely.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.zip.co https://cdn.scarabresearch.com *.cloudflare.com *.dotomi.com *.googleapis.com *.newrelic.com *.unbxdapi.com *.bazaarvoice.com *.ctnsnet.com *.homehardware.com.au *.hotjar.com *.mitre10.com.au *.shophumm.com.au *.zip.co *.zipmoney.com.au d21gpk1vhmjuf5.cloudfront.net https://d3m8huu8gvuyn3.cloudfront.net/rex_template_content/unbxd_rex_template_sdk.js *.afterpay-beta.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.instagram.com *.p-a.io *.particularaudience.com *.pinimg.com *.pinterest.com *.qualtrics.com *.snapchat.com *.tableau.com consentag.eu dakotaram.com googletagmanager.com nexuspublications.com.au sc-static.net *.crisp.chat *.walkme.com *.humm-au.com static.cloudflareinsights.com rum.hlx.page *.bootstrapcdn.com *.vimeo.com localhost yastatic.net *.disqometer.com *.dotdigital-pages.com static.client.cardinaltrusted.com www.xtento.com cdn.xtento.com static.zip.co zip.co *.hsforms.net *.hsforms.com https://cdn.jsdelivr.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com display.ugc.bazaarvoice.com *.useinsider.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com https://*.typekit.net https://maps.googleapis.com https://libraries.unbxdapi.com *.typekit.net *.homehardware.com.au *.shophumm.com.au *.unbxdapi.com *.zip.co *.bazaarvoice.com *.fontawesome.com *.fonts.net *.mitre10.com.au *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.mitre10.com.au *.youtube.com *.globalshop.com.au *.bing.com *.paypal.com vimeo.com youtube.com *.ctfassets.net *.bondall.com https://videos.ctfassets.net https://videos.secure.ctfassets.net 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.sharethis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.scarabresearch.com *.eservice.emarsys.net *.useinsider.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://search.unbxd.io https://www.instagram.com https://graph.instagram.com https://*.sandbox.afterpay.com https://api.sandbox.zipmoney.com.au https://sand.merchant-api.com https://merchant-api.com https://api.zipmoney.com.au https://*.sandbox.zip.co https://*.zip.co *.googleapis.com *.nr-data.net *.typekit.net localhost www.google.co.id www.google.co.in www.google.co.nz www.google.co.za www.google.com.au www.google.com.bd www.google.com.fj www.google.com.hk www.google.com.ph www.google.com.sa www.google.com.sg www.google.de www.google.dk www.google.hu www.google.pt www.google.rs *.bazaarvoice.com *.crwdcntrl.net *.ctnsnet.com *.homehardware.com.au *.shophumm.com.au *.unbxd.io *.zip.co *.zipmoney.com.au www.google.ae www.google.am www.google.at www.google.ba www.google.be www.google.bf www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zw www.google.com.ar www.google.com.br www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pe www.google.com.pk www.google.com.qa www.google.com.sb www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.ie www.google.it www.google.jo www.google.la www.google.lk www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.ro www.google.ru www.google.se www.google.sk www.google.tn www.google.tt www.google.vu www.google.ws *.alicdn.com *.clarity.ms *.contentsquare.net *.curalate.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mitre10.com.au *.p-a.io *.particularaudience.com *.pinterest.com *.qualtrics.com *.snapchat.com *.stbuttons.click *.unbxdapi.com www.google.al www.google.az www.google.bg www.google.bs www.google.cd www.google.ci www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.il www.google.co.mz www.google.co.zm www.google.com.bh www.google.com.bn www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gt www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.om www.google.com.pa www.google.com.pg www.google.com.pr www.google.com.sv www.google.com.uy www.google.ga www.google.gm www.google.gy www.google.ht www.google.iq www.google.je www.google.kg www.google.kz www.google.lt www.google.lu www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mv www.google.mw www.google.nr www.google.ps www.google.rw www.google.sc www.google.si www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tm www.google.to zip.co *.crisp.chat www.google.as www.google.bj www.google.cg www.google.cm www.google.co.ls www.google.com.af www.google.com.bo www.google.com.gi www.google.com.py www.google.com.vc www.google.dm www.google.im www.google.is www.google.ki www.google.ml www.google.nu www.google.pn *.walkme.com d3mewz86hy02zo.cloudfront.net kg668dbov0.execute-api.us-east-1.amazonaws.com rum.hlx.page www.google.gl *.baidu.com *.bing.com *.cloudflare.com *.humm-au.com *.jquery.com consentag.eu sc-static.net www.google.ad www.google.com.ag www.google.com.ni www.google.com.sl www.google.cv www.google.dj www.google.li *.conversionsapigateway.com mpc2-prod-1-is5qnl632q-uc.a.run.app *.ctfassets.net *.disqometer.com www.google.gg *.cardinaltrusted.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.useinsider.com a.tribalfusion.com aa.agkn.com ad.turn.com ads.dotomi.com ads.scorecardresearch.com ads.stickyadstv.com aorta.clickagy.com ap.lijit.com bh.contextweb.com bpi.rtactivate.com c1.adform.net capi.connatix.com ce.lijit.com cm.g.doubleclick.net cms.analytics.yahoo.com cms.quantserve.com contextual.media.net cookies.nextmillmedia.com crb.kargo.com creativecdn.com cs.admanmedia.com cs.openwebmp.com csync.loopme.me dclk-match.dotomi.com dm-us.hybrid.ai dmp.brand-display.com dp-sync.dotomi.com dpm.demdex.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com edgedl.me.gvt1.com eu-u.openx.net exchange-match.mediaplex.com gw-iad-bid.ymmobi.com i.liadm.com i.w55c.net i6.liadm.com ib.adnxs.com id.rlcdn.com idpix.media6degrees.com idsync.live.streamtheworld.com idsync.rlcdn.com image2.pubmatic.com image4.pubmatic.com image8.pubmatic.com login.dotomi.com login-ds.dotomi.com match.adsby.bidtheatre.com match.adsrvr.org match.deepintent.com match.justpremium.com match.prod.bidr.io match.sharethrough.com match.sync.ad.cpe.dotomi.com openx-ums.acuityplatform.com openx.adhaven.com openx2-match.dotomi.com oxp.mxptint.net p.rfihub.com partners.tremorhub.com pippio.com pixel-sync.sitescout.com pixel.adsafeprotected.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pmp.mxptint.net pr-bh.ybp.yahoo.com ps.eyeota.net pubmatic-match.dotomi.com px.ads.linkedin.com px.owneriq.net rtb-csync.smartadserver.com rtb.adentifi.com rtb.openx.net s.ad.smaato.net s.amazon-adsystem.com s.tribalfusion.com server.cpmstar.com simage2.pubmatic.com ssbsync.smartadserver.com stags.bluekai.com sync-tm.everesttech.net sync.1rx.io sync.bfmio.com sync.crwdcntrl.net sync.ipredictive.com sync.mathtag.com sync.search.spotxchange.com sync.smartadserver.com sync.srv.stackadapt.com sync.targeting.unrulymedia.com t.adx.opera.com tags.bluekai.com tr.blismedia.com u.openx.net um.simpli.fi ups.analytics.yahoo.com us-east.ads.audio.thisisdax.com us-u.openx.net us.ck-ie.com vop.sundaysky.com x.bidswitch.net yahoo-match.dotomi.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.braintreegateway.com *.googletagmanager.com *.paypal.com consentag.eu 'self' 'unsafe-inline'; report-uri https://67a80eb9-c7b9-48b5-86c1-b4eafb6424c2.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-eqGaSk8CK76Ry77-JoZk1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IQeTK1tObwarwt-rJuQe5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-hexIhdFTk2i5oFIKOPDYhVp90' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'self'; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl/; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl/matomo.js; style-src 'self'; style-src-elem 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.examenblad.nl/log-report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-jpqdFRX53DC8NAizGe_RvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; child-src https: blob:; font-src https: data:; connect-src https: wss:; report-uri /report-csp-violation 1
script-src 'self' lendmark.ux.teamdms.dev https://api.s10h.io/ surfly.com google.com www.google.com www.gstatic.com ajax.aspnetcdn.com cdn.moengage.com cdnjs.cloudflare.com kit.fontawesome.com maps.googleapis.com connect.facebook.net edge.fullstory.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' lendmark.ux.teamdms.dev https://api.s10h.io/ surfly.com google.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net bat.bing.com cdn.lr-in.com cdnjs.cloudflare.com connect.facebook.net kit.fontawesome.com edge.fullstory.com www.google-analytics.com cdn.moengage.com app-cdn.moengage.com ajax.aspnetcdn.com maps.googleapis.com www.google.com www.gstatic.com ssl.google-analytics.com translate.google.com www.googleadservices.com; style-src-elem 'self' 'unsafe-inline' surfly.com google.com fonts.bunny.net fonts.googleapis.com app-cdn.moengage.com cdnjs.cloudflare.com; style-src-attr 'unsafe-inline'; img-src 'self' data: app-cdn.moengage.com bat.bing.com www.facebook.com www.gstatic.com images.ctfassets.net maps.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net google.com *.google.com *.analytics.google.com stats.g.doubleclick.net image.moengage.com www.google.co.in www.google.com.au www.google.com.mx www.google.sc fonts.gstatic.com streetviewpixels-pa.googleapis.com translate.google.com api.fillr.com www.google.co.id www.google.com.br; font-src 'self' fonts.bunny.net data: app-cdn.moengage.com fonts.gstatic.com ka-p.fontawesome.com themes.googleusercontent.com; connect-src 'self' lendmark.ux.teamdms.dev https://api.s10h.io/ surfly.com https://checkip.amazonaws.com/ app-cdn.moengage.com edge.fullstory.com ka-p.fontawesome.com kit.fontawesome.com sdk-01.moengage.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google.com google.com analytics.google.com adservice.google.com rs.fullstory.com bat.bing.com maps.googleapis.com dashboard-01.moengage.com properties www.facebook.com translate.googleapis.com google.com translate-pa.googleapis.com; frame-src 'self' https://www.googletagmanager.com surfly.com cdn.moengage.com td.doubleclick.net *.g.doubleclick.net google.com www.google.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net; worker-src 'self' blob:; frame-ancestors 'self'; media-src ; report-uri https://lendmark.report-uri.com/r/d/csp/wizard 1
default-src 'self'; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src blob:; frame-ancestors 'self' https://sms.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl https://act.ziggo.nl https://act.vodafone.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://cdn.conversationalsdevelopment.nl https://api.seamly-app.com https://static.cloudflareinsights.com https://www.dwin1.com https://lantern.roeyecdn.com https://www.awin1.com https://bat.bing.com https://embed.binkies3d.com https://az589851.vo.msecnd.net https://cdn.blueconic.net https://vodafoneziggo.blueconic.net https://ct.contentsquare.net https://t.contentsquare.net https://connect.facebook.net https://platform.linkedin.com https://nebula-cdn.kampyle.com https://cdn.cookielaw.org https://d5yoctgpv4cpx.cloudfront.net https://sc-static.net https://www.sc.pages03.net https://tr.snapchat.com https://static.customersaas.com https://static-accept.customersaas.com https://cloud.51degrees.com https://the.sciencebehindecommerce.com https://cdn.amplitude.com; connect-src 'self' https://login.hollandsnieuwe.nl https://nebula-cdn.kampyle.com https://www.google.com https://googleads.g.doubleclick.net https://srm.ba.contentsquare.net https://k-aeu1.contentsquare.net https://q-aeu1.contentsquare.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.googlesyndication.com https://cdn.conversationalsdevelopment.nl https://api.seamly-app.com wss://api.seamly-app.com https://api.digitalcx.com https://embed.binkies3d.com https://az589851.vo.msecnd.net https://binkiesproductionweu.servicebus.windows.net https://vodafoneziggo.blueconic.net https://c.contentsquare.net https://udc-neb.kampyle.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com https://o245079.ingest.sentry.io https://tr.snapchat.com https://tr6.snapchat.com https://tms.data.hollandsnieuwe.nl https://api.prod.dcat.ziggo.io https://www.vodafone.nl https://hollandsnieuwe.billing.nl https://api-accept.customersaas.com https://static-accept.customersaas.com https://cloud.51degrees.com https://the.sciencebehindecommerce.com https://cdn.amplitude.com https://api.eu.amplitude.com; img-src 'self' blob: data: https://www.tracebuzz.com https://az589851.vo.msecnd.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.google.nl https://googleads.g.doubleclick.net https://api.seamly-app.com https://lantern.roeye.com https://www.awin1.com https://bat.bing.com https://c.contentsquare.net https://www.facebook.com https://udc-neb.kampyle.com https://cdn.cookielaw.org https://www.pages03.net https://is-accept.customersaas.com https://static.customersaas.com https://d35v9wsdymy32b.clouvdfront.net https://www.wepowerconnections.com; frame-src 'self' https://*.fls.doubleclick.net https://*.doubleclick.net https://www.awin1.com https://nebula-cdn.kampyle.com https://tr.snapchat.com https://*.googletagmanager.com; font-src 'self' data: https://cdn.conversationalsdevelopment.nl https://static.customersaas.com; style-src 'self' 'unsafe-inline' https://api.seamly-app.com https://static.customersaas.com https://d1r5etm691cejh.cloudfront.net; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0TzDC8mxxZ2YB20_taMv1LptI8K97AJkb4YP9tccDPk-1707906598-1-Afy3yZhc08_yVv_Cfhfz1rf1gOMzf_NyAb8jiOVdfjNmh68AlIM8LFk5Sli-2KoYZkNCAoCRN7M2HfDwTk_nHT-LO7kSkEvGVfwlWOW4ACpo_1objwrdvoAdJw_ttEWBp9pXdVeLyjeP0kbKj-rZHN4IZ4_RVSBe3cL1GJld-B5D; report-to cf-csp-endpoint; 1
default-src 'self' https://www.youtube.com; connect-src 'self' https://metrics.hotjar.io https://www.google.com https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.googleadservices.com https://load.collect.chat https://www.google.co.in https://api.collect.chat https://secure.ccavenue.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://play.google.com https://onesignal.com https://*.googlevideo.com https://securegw.paytm.in; img-src 'self' http://myamcat.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.co.in https://www.google.com https://www.facebook.com https://d1igbv7ujk9jkv.cloudfront.net https://d13dtqinv406lk.cloudfront.net https://dujk9xa5fr1wz.cloudfront.net https://s3.amazonaws.com https://www.gstatic.com https://ssl.gstatic.com https://i.ytimg.com https://yt3.ggpht.com https://avatars.collectcdn.com https://collectcdn.com https://dashboard.ccavenue.com https://secure.ccavenue.com https://www.edx.org https://www.udemy.com data:; font-src 'self' https://collectcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com data:; style-src 'self' 'unsafe-inline' https://code.jquery.com https://www.gstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://onesignal.com https://secure.ccavenue.com; media-src 'self' https://collectcdn.com https://www.youtube-nocookie.com https://*.googlevideo.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://onesignal.com https://ssl.google-analytics.com https://storage.googleapis.com https://widgets.getsitecontrol.com https://www.google-analytics.com https://diffuser-cdn.app-us1.com https://www.googletagmanager.com https://www.gstatic.com https://static.hotjar.com https://s3.amazonaws.com https://collectcdn.com https://script.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://connect.facebook.net https://survey.survicate.com https://prism.app-us1.com https://www.google.com https://maxcdn.bootstrapcdn.com https://www.s.ytimg.com https://static.doubleclick.net https://cdn.onesignal.com https://secure.ccavenue.com/scripts/ https://securegw.paytm.in; object-src 'self' http://www.vimeo.com; base-uri 'self'; form-action 'self' 'unsafe-inline' https://www.facebook.com https://www.google.com https://secure.ccavenue.com https://securegw.paytm.in; frame-ancestors 'self'; frame-src 'self' https://bid.g.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://www.google.com https://player.youku.com https://content.googleapis.com https://accounts.google.com 1
base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' data: https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https: data:; form-action 'self' *.bauhaus.cz *.facebook.com *.mail-komplet.cz; frame-ancestors 'self'; frame-src https:; img-src https: data:; media-src 'self' https://widget.molin.ai; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://kosik.bauhaus.cz/csp_report; report-to bauhaus-csp; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com static.klaviyo.com www.oxygenconcentratorstore.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com gum.criteo.com fledge.eu.criteo.com fledge.us.criteo.com x.adroll.com widget.trustpilot.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com bat.bing.com c.bing.com m.media-amazon.com www.gstatic.com segment.prod.bidr.io i.liadm.com cdn-assets.affirm.com d.adroll.com x.adroll.com ib.adnxs.com dsum-sec.casalemedia.com sync.outbrain.com ml314.com us-u.openx.net pixel.rubiconproject.com sync.taboola.com eb2.3lift.com image2.pubmatic.com x.bidswitch.net pixel.tapad.com cdn.ywxi.net criteo-partners.tremorhub.com ad.360yield.com sync-t1.taboola.com simage2.pubmatic.com jadserve.postrelease.com criteo-sync.teads.tv tapestry.tapad.com r.casalemedia.com contextual.media.net exchange.mediavine.com dis.criteo.com sync.targeting.unrulymedia.com aa.agkn.com ade.clmbtech.com ad.tpmn.io www.oxygenconcentratorstore.com www.shareasale.com *.g.doubleclick.net gum.criteo.com ads.stickyadstv.com trends.revcontent.com rtb-csync.smartadserver.com ad.tpmn.co.kr sync.1rx.io www.facebook.com partner.mediawallahscript.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.affirm.com *.affirm.ca www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de device.maxmind.com static.klaviyo.com static-tracking.klaviyo.com static.criteo.net services.nofraud.com bat.bing.com static.cloudflareinsights.com www.google.com www.gstatic.com static-na.payments-amazon.com www.clarity.ms widget.eu.criteo.com apis.google.com js-agent.newrelic.com eastprodcdn.azureedge.net www.dwin1.com solutions.invocacdn.com s.vibe.co d2hrivdxn8ekm8.cloudfront.net acdn.adnxs.com sslwidget.criteo.com action.media6degrees.com s.adroll.com d.adroll.com connect.facebook.net cdn1.affirm.com cdn.ywxi.net widget.trustpilot.com action.dstillery.com www.oxygenconcentratorstore.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de device.maxmind.com fast.a.klaviyo.com static-forms.klaviyo.com gum.criteo.com j.clarity.ms apay-us.amazon.com api-visitor-us-east.velaro.com bam.nr-data.net api-main-us-east.velaro.com d-ipv6.mmapiws.com t.vibe.co measurement-api.criteo.com tte-prod.telemetry.vaultdcr.com pnapi.invoca.net api-engagement-us-east.velaro.com dp70uvwpivouv.cloudfront.net x.adroll.com www.google.com www.affirm.com cdn-assets.affirm.com featureassets.org s3-us-west-2.amazonaws.com widget.trustpilot.com prodregistryv2.org ib.adnxs.com services.nofraud.com *.clarity.ms cloudflareinsights.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src j.clarity.ms www.google.com fledge.eu.criteo.com apay-us.amazon.com bat.bing.com bam.nr-data.net fledge.us.criteo.com csm.us5.us.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-5ghkCJB7zLOlg-Z4ZUSINw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io d3dc1lgancj6l0.cloudfront.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com http://*.facebook.com https://*.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://www.googletagmanager.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ http://*.facebook.com https://*.facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://ct.pinterest.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com https://cdn.consentmanager.net https://delivery.consentmanager.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.consentmanager.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.linkedin.com https://*.linkedin.com http://*.facebook.com https://*.facebook.com http://www.google.com/ http://www.google.de/ https://www.google.de/ https://www.googletagmanager.com http://www.googletagmanager.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://widgets.trustedshops.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com https://cdn.consentmanager.net https://delivery.consentmanager.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io unsafe-inline userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com http://www.google.com/recaptcha/ https://widgets.trustedshops.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com consentmanager.net *.googleadservices.com https://cdn.nagich.com https://s.pinimg.com https://analytics.tiktok.com https://ct.pinterest.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://cdn.consentmanager.net https://delivery.consentmanager.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.baby-born.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://cdn.consentmanager.net https://delivery.consentmanager.net form-assets.mailchimp.com *.intuit.com *.amazonaws.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://salesviewer.org/ userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com https://www.google.com/ccm/collect https://ct.pinterest.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com imgsct.cookiebot.com imgsct.cookiebot.eu *.trackedlink.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com *.typekit.net *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com *.amazon.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://233a377d-1420-456f-9376-009a10f60e15.sansec.watch/; report-to report-endpoint; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
script-src-elem *.afterpay.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.adobe.com *.braintree-api.com *.openpay.com.au *.amplitude.com *.dpm.demdex.net *.nr-data.net *.cardinalcommerce.com *.ccdc02.com *.doubleclick.net *.paypal.com *.braintreegateway.com *.googleapis.com *.instagram.com *.unpkg.com *.trustpilot.com *.scarabresearch.com *.zipmoney.com.au *.emarsys.net *.useinsider.com *.zendesk.com cdn.jsdelivr.net *.facebook.net *.squarecdn.com *.hotjar.com 'self' 'unsafe-inline'; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com data: https://www.googletagmanager.com dc89tf1ynkwmh.cloudfront.net font.static.useinsider.com *.cloudfront.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.iequalchange.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com wss://pod-15.zendesk.com/sc/faye *.afterpay.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.instagram.com www.google.com *.trustpilot.com *.kaptcha.com e.issuu.com nationaltiles.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net *.prontoavenue.biz *.hotjar.com data: *.useinsider.com www.youtube-nocookie.com *.iequalchange.com http://www.sandbox.paypal.com *.twitter.com *.dpm.demdex.net *.openpay.com.au 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.cdninstagram.com www.nationaltiles.com.au hnd.stats.paypal.com v2assets.zopim.io scontent-syd2-1.cdninstagram.com static.openpay.com.au log.api.useinsider.com site-assets.afterpay.com nationaltiles-ardemo-eau.azurewebsites.net *.google.com.au *.google.com.vn *.google.com.ph image.useinsider.com *.google.com *.facebook.com *.useinsider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com connect.facebook.net *.hotjar.com eitri.api.useinsider.com *.openpay.com.au *.google.com.au *.google.com.vn *.google.com.ph data: *.useinsider.com *.iequalchange.com apps.jobadder.com static.zdassets.com wss://pod-15.zendesk.com/sc/faye *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.braintree-api.com *.amplitude.com *.dpm.demdex.net *.cardinalcommerce.com *.ccdc02.com *.doubleclick.net *.unpkg.com *.trustpilot.com *.zipmoney.com.au *.emarsys.net cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com assets.api.useinsider.com *.useinsider.com *.cloudflare.com *.braintree-api.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com 'self' 'unsafe-inline'; object-src nationaltiles-ardemo-eau.azurewebsites.net 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zdassets.com nationaltiles-ardemo-eau.azurewebsites.net data: *.useinsider.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com socialproof.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net api.zipmoney.com.au *.zip.co location.api.useinsider.com carrier.useinsider.com segment.api.useinsider.com stats.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io abacus.api.useinsider.com data: *.useinsider.com wss://pod-15.zendesk.com/sc/faye www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zopim.io https://stats.g.doubleclick.net *.openpay.com.au *.amplitude.com *.dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.googletagmanager.com/ *.google.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com js.monei.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://www.magezon.com *.connectif.cloud ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.motive.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.connectif.cloud chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ *.motive.co *.cloudflare.com js.monei.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.connectif.cloud http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.motive.co api.monei.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://premier.trustcommerce.com;script-src 'nonce-87b9dd0dd58f44d9862500b95078f637' https://myconnection.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://myconnection.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src https://geowidget.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com play.google.com *.autopay.eu https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.trefl.com *.pinterest.com *.doubleclick.net *.facebook.com *.google.com *.issuu.com *.salesmanago.pl *.wedare.pl www.google.co.uk www.google.pl youtube.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://firebasestorage.googleapis.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.trefl.com *.amazonaws.com *.usercentrics.eu *.doubleclick.net *.facebook.com *.fbcdn.net *.googleapis.com *.googlesyndication.com *.gstatic.com *.ibb.co *.wedare.pl *.yandex.ru www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.za www.google.com.au www.google.com.bd www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.hk www.google.com.lb www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ph www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.lt www.google.lv www.google.md www.google.me www.google.mg www.google.nl www.google.no www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.pl yastatic.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org mapa.orlenpaczka.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.avada.io *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.analyticharbor.com/ *.trefl.com *.usercentrics.eu *.googleapis.com *.pinimg.com *.pinterest.com *.addthis.com *.bing.com *.doubleclick.net *.facebook.net *.googlesyndication.com *.wedare.pl tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.autopay.eu *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com sandbox-easy-geowidget-sdk.easypack24.net *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trefl.com *.googletagmanager.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com https://*.ingest.sentry.io *.easypack24.net *.inpost.pl *.openstreetmap.org nominatim.openstreetmap.org https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://get.geojs.io *.avada.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analyticharbor.com/ *.pinterest.com *.trefl.com https://www.sentry.macopedia-dev.pl *.amazonaws.com https://js-agent.newrelic.com *.doubleclick.net *.googleapis.com *.facebook.com *.google.com *.googlesyndication.com *.saleago.com *.usercentrics.eu google.com www.google.ae www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.in www.google.co.kr www.google.co.nz www.google.co.uk www.google.com.do www.google.com.ec www.google.com.hk www.google.com.lb www.google.com.mx www.google.com.my www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.lt www.google.mg www.google.nl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.tn www.google.pl *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e784be6e-bb2f-4390-bb3c-a4e377629b11.sansec.watch/; report-to report-endpoint; 1
font-src 'self' data: moz-extension: cdn.scite.ai fonts.gstatic.com r2cdn.perplexity.ai; img-src 'self' data: *.cerge-ei.cz *.cuni.cz *.facebook.com *.facebook.net *.google.com *.google.cz *.googleadservices.com *.googletagmanager.com *.linkedin.com cerge-ei.cz googleads.g.doubleclick.net i.ytimg.com pagead2.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net snap.licdn.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-to csp-endpoint; report-uri https://www.cerge-ei.cz/assets/csp-endpoint.php; frame-ancestors 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.corelogic.com https://apps.pingone.com/ https://code.jquery.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://allfont.net/ https://unpkg.com/; font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://ka-f.fontawesome.com/ https://cdnjs.cloudflare.com/ https://qaript.corelogic.com/ https://unpkg.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.corelogic.com https://apps.pingone.com/ https://snippet.maze.co/ https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://content.realquest.com/ https://maxcdn.bootstrapcdn.com/ https://h.online-metrix.net/ https://unpkg.com/; img-src 'self' data: *.infosolco.net *.googleapis.com *.google-analytics.com *.online-metrix.net *.corelogic.com https://maps.gstatic.com/ https://www.google.com/ https://code.jquery.com/ https://content.realquest.com/ https://www.googletagmanager.com/ https://dummyimage.com/ https://lh3.ggpht.com/ https://www.google.co.uk/; connect-src 'self' *.google-analytics.com *.maze.co *.realquest.com https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://content.realquest.com/ https://ka-f.fontawesome.com/ https://region1.analytics.google.com/; frame-src 'self' *.online-metrix.net *.opendns.com *.realquest.com https://play.vidyard.com/ https://players.brightcove.net/ https://content.realquest.com/ https://batch.realquest.com/; object-src 'none'; frame-ancestors 'self';report-uri /csp/report-uri; 1
default-src 'self' pure.okta.com *.oktacdn.com; connect-src 'self' pure.okta.com pure-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com pure.kerberos.okta.com pure.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: sso.pureinsurance.com *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-tYLH-D92C96X6Ez7IIJaHg' 'self' 'report-sample' pure.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-tYLH-D92C96X6Ez7IIJaHg' 'self' 'report-sample' pure.okta.com *.oktacdn.com; frame-src 'self' pure.okta.com pure-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' pure.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' pure.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.googleapis.com static.lipscore.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.circleoftrust.nl *.googletagmanager.com ct.pinterest.com *.cookiebot.com *.googleapis.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.bird.eu https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://cdn.clerk.io static.lipscore.com blob: img.youtube.com *.circleoftrust.nl bat.bing.com *.cookiebot.com *.googleapis.com https://www.magezon.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.fontawesome.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io static.lipscore.com *.cookiebot.com custom.clerk.io *.circleoftrust.nl *.clarity.ms *.hotjar.com bat.bing.com *.pinimg.com *.pinterest.com analytics.tiktok.com https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://api.clerk.io https://cdn.clerk.io static.lipscore.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com wapi.lipscore.com users.lipscore.com ct.pinterest.com *.cookiebot.com analytics.tiktok.com z.clarity.ms bat.bing.com *.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sIJfe5cD9ATqW3GTdiiCPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HimIvONE5ZQLtY1qqJETlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src https:; object-src 'none'; base-uri 'self'; form-action 'self'; 1
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self' https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self'; img-src 'self' data:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to stott-security-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-G9-hqkiIQ8lPlDa6wN6Fxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com *.bootstrapcdn.com *.woonoutlet07.nl data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.cookiebot.com https://plugins.flockler.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.disqus.com *.sooqr.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cookiebot.com *.adnxs.com https://woonoutlet07.nl https://www.woonoutlet07.nl https://www.woonboulevardpoortvliet.nl https://woonboulevardpoortvliet.nl data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl static.buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.sooqr.com *.googletagmanager.com tagmanager.google.com *.cookiebot.com static.hotjar.com https://tagging.woonboulevardpoortvliet.nl https://woonoutlet07.nl https://widget.simplybook.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sooqr.com tagmanager.google.com fonts.google.com *.bootstrapcdn.com https://woonoutlet07.nl/wbp/fonts/stylesheet.css https://www.woonoutlet07.nl/wbp/fonts/stylesheet.css https://www.woonoutlet07.nl/web/css/custom.min.css https://woonoutlet07.nl/web/css/custom.min.css https://woonoutlet07.nl/wbp/css/custom.min.css https://woonoutlet07.nl/wbp/css/custom.dev.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src https://woonoutlet07.nl 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com/maps/api/geocode/json *.googlesyndication.com *.postcode-checkout.nl https://consent.cookiebot.com static.buckaroo.nl *.hotjar.com *.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com data: *.bglobale.com *.global-e.com maxcdn.bootstrapcdn.com *.amazonaws.com *.bootstrapcdn.com *.livechatinc.com www.softstarshoes.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.softstarshoes.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.softstarshoes.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.bglobale.com *.global-e.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com www.softstarshoes.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bglobale.com *.global-e.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com magefan.com cm.magefan.com *.softstarshoes.com www.softstarshoes.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.bglobale.com *.global-e.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.facebook.net *.google.com *.cloudflare.com chimpstatic.com *.braintreegateway.com *.cloudflareinsights.com *.livechatinc.com *.gorgias.chat www.softstarshoes.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.bglobale.com *.global-e.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com www.softstarshoes.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.softstarshoes.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.addthis.com www.softstarshoes.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com www.softstarshoes.com http: https: blob: 'self' 'unsafe-inline'; default-src www.softstarshoes.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: *.google.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.google.com/ https://www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://player.vimeo.com https://www.youtube-nocookie.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.gstatic.com *.googleapis.com https://firebasestorage.googleapis.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com cdn.mundipagg.com api.pagar.me guarantee-cdn.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.google.com/ player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagseguro.com.br *.pagseguro.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com *.cloudflare.com guarantee-cdn.com ajax.googleapis.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.google-analytics.com *.googleapis.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.pagseguro.com.br *.pagseguro.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://static.addtoany.com https://unpkg.com https://www.google.com https://www.recaptcha.net; script-src-elem * 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem * 'unsafe-inline'; webrtc 'allow'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-lsikLQapQ5hdS1sfPBEZ0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com *.typekit.net *.certcapture.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.falconstudios.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.falconstudios.com join.gammasecure.com; script-src 'self' *.falconstudios.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.falconstudios.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
base-uri 'self' https://avo.africa https://ad.doubleclick.net;frame-ancestorshttps://*.tt.omtrdc.net https://*.adobe.com https://*.onecart.co.za https://*.nedbank.co.za https://*.nedsecure.co.za https://*.numetro.co.za https://*.avo.africa  https://*.wakago.net https://avo.africa/ https://*.cloudflare.com https://*.cleverwebserver.com https://*.payflex.co.za https://*.pgcoza.biz https://*.demdex.net https://google.com/ https://*.google.com  https://*.doubleclick.net;font-src 'self' data: https://*.avo.africa https://*.gstatic.com https://*.appsflyer.com https://cdn.scite.ai https://use.typekit.net https://cdn.megabonus.com https://*.dynatrace.com https://*.tvst.travel https://static.zohocdn.com/;style-src 'self' 'unsafe-inline'  https://*.google.com https://*.googleapis.com https://*.google.com https://*.breezyx.space;style-src-elem 'self' 'unsafe-inline' data: https://*.avo.africa https://*.googleapis.com https://*.cloudflare.com https://*.opera-mini.net https://*.kaspersky-labs.com https://*.gstatic.com https://cdn.honey.io https://*.google.com https://*.breezyx.space https://*.bugsnag.com https://*.it4profit.com https://*.google-analytics.com https://breezy.band https://embed.helpcrunch.com https://*.google.com;connect-src 'self' properties: wss://*.avo.africa https://avo.africa/ https://*.avo.africa https://*.doubleclick.net https://edge.adobedc.net https://play-lh.googleusercontent.com https://*.googletagmanager.com https://appleid.cdn-apple.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.adobedc.net https://*.adobedtm.com https://*.gstatic.com https://*.browser-intake-datadoghq.eu https://analytics.tiktok.com https://*.demdex.net https://*.google.co.uk https://nedbank.d3.sc.omtrdc.net https://*.cleverwebserver.com https://*.googleapis.com https://*.twitter.com https://*.ads-twitter.com https://*.google.co.za https://*.google.co.in https://*.google.sk https://*.cloudflare.com https://*.googleadservices.com https://*.pgcoza.biz https://*.payflex.co.za https://*.onelink.me https://*.opendns.com https://security.it.nednet.co.za ws://localhost:12387 https://*.google-analytics.com https://www.makro.co.za https://service.gstatic-cache.com https://*.googleapis.com https://cr-input.mxpnl.net wss://localhost:9888 https://metrics-dra.dt.dbankcloud.cn https://gjtrack.ucweb.com https://overbridgenet.com https://*t.co https://*.breezyx.space https://*.bugsnag.com https://*.it4profit.com https://breezy.band https://embed.helpcrunch.com https://*.googleadservices.com https://bf31087tmv.bf.dynatrace.com https://*.nedbank.co.za https://*.dynatrace.com https://mpc-prod-2-1053047382554.us-central1.run.app/events/ https://*.tvst.travel wss://trvlitsanuatcentralservicesignalr.service.signalr.net https://trvlitsanuatcentralservicesignalr.service.signalr.net https://gateway.zscloud.net https://cdn.taboola.com/scripts/  https://*demo-1.conversionsapigateway.com https://*.g.doubleclick.net https://*.tt.omtrdc.net https://*.appsflyer.com https://mpc-prod-15-s6uit34pua-uw.a.run.app/events/ https://mpc2-prod-24-is5qnl632q-uw.a.run.app/events https://trvlitsanprodcentralservicesignalr.service.signalr.net wss://trvlitsanprodcentralservicesignalr.service.signalr.net https://mpc2-prod-24-is5qnl632q-uw.a.run.app https://demo-1.conversionsapigateway.com;child-src 'self'https://*.avo.africa https://*.breezyx.space https://*.bugsnag.com https://*.it4profit.com https://*.google-analytics.com https://breezy.band https://embed.helpcrunch.com;manifest-src 'self' https://*.avo.africa;media-src 'self' https://*.avo.africa;script-src-attr 'self' 'unsafe-inline'https://*.avo.africa https://*.dynatrace.com https://mpc2-prod-24-is5qnl632q-uw.a.run.app/events;object-src 'self' https://*.avo.africa;worker-src 'self' https://*.avo.africa;frame-src 'self' https://*.cardinalcommerce.com https://*.nedbank.co.za https://mozbar.moz.com https://google.com/ https://*.doubleclick.net https://*.demdex.net https://*.paygate.co.za https://*.avo.africa https://*.cleverwebserver.com https://*.payflex.co.za https://*.pgcoza.biz https://*.adobe.com https://*.facebook.com https://*.tt.omtrdc.net https://*.googletagmanager.com https://*.nedsecure.co.za https://*.dpopayments.io https://*.opendns.com https://3dsbrowser.capitecbank.co.za https://*.standardbank.co.za https://foriseu-vbv.mycardplace.com https://*.bankserv.co.za https://verify.monzo.com https://apm-rum-sgp.inf.miui.com https://*.zscalertwo.net https://*.tymedigital.com https://acs-challenge.apata.io https://safekey-1.americanexpress.com https://eu.3ds.acssecure.com https://secure2.arcot.com https://*.google.com https://*.breezyx.space https://*.bugsnag.com https://*.it4profit.com https://*.google-analytics.com https://breezy.band https://embed.helpcrunch.com https://*.facebook.net https://*.appsflyer.com https://blockedpage.visa.com https://*.zscaler.net https://*.dynatrace.com https://security.it.nednet.co.za https://*.za1.3ds.entersekt.com https://*.g.doubleclick.net https://gateway.zscloud.net https://emv3dsauth.secureacs.com https://secure-acs2ui-bk2-indmum-mumrdc.wibmo.com https://acs.capitalone.com https://acs2.3ds.modirum.com https://*.googleapis.com https://client.cardinaltrusted.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.avo.africa https://*.google.com https://*.appsflyer.com https://analytics.tiktok.com https://appleid.cdn-apple.com https://*.facebook.net https://*.doubleclick.net https://nedbank.d3.sc.omtrdc.net https://*.ads-twitter.com https://*.googleadservices.com https://*.googletagmanager.com https://*.cleverwebserver.com https://*.payflex.co.za https://secure.pgcoza.biz https://*.googleapis.com  https://*.adobedtm.com;img-src 'self' 'unsafe-inline' blob: data: *;script-src-elem 'self' 'unsafe-inline' blob: https://*.gstatic.com https://*.cleverwebserver.com https://appleid.cdn-apple.com https://google.com/ https://*.google.com.na https://*.ads-twitter.com https://nedbank.d3.sc.omtrdc.net https://*.googletagmanager.com https://analytics.tiktok.com https://*.doubleclick.net https://*.facebook.net https://*.googleapis.com https://*.googleads.com https://*.googleadservices.com https://*.payflex.co.za https://*.pgcoza.biz https://*.appsflyer.com https://*.cloudflare.com https://*.adobe.com https://cdn.jsdelivr.net https://unpkg.com https://security.it.nednet.co.za https://*.g.doubleclick.ne https://*.kaspersky-labs.com https://*.avo.africa https://www.datadoghq-browser-agent.com  https://*.appsflyer.com https://mainf.global-cache.online https://infird.com http://*.clarity.ms https://cdn.segment.com https://cdn.alsgp0.fds.api.mi-img.com https://*.google.com https://*.breezyx.space https://*.bugsnag.com https://*.it4profit.com https://*.google-analytics.com https://breezy.band https://embed.helpcrunch.com https://*.adobedtm.com https://*.zscaler.net https://secured-pixel.com https://*.google.com  https://*.dynatrace.com https://*.g.doubleclick.net https://*.facebook.net https://gateway.zscloud.net https://cdn.taboola.com/scripts/ https://*.dynatrace.com https://*.g.doubleclick.net https://*.googletagmanager.com https://*.tt.omtrdc.net https://*.ads-twitter.com; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Y3PFHmniPiZI_mvgp8BFhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9mq9NNbpH4TpIFzAGwdq_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline';   img-src 'self' https://images.medaviebc.ca https://images.protectionplusbenefits.ca https://dev.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://forms.hsforms.com https://track.hubspot.com https://media.msg.dotomi.com https://docs.medaviebc.ca https://docs.protectionplusbenefits.ca https://login.dotomi.com https://perf-na1.hsforms.com https://www.google.com https://www.google.ca https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://i.vimeocdn.com https://maps.gstatic.com https://raw.githubusercontent.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://google.com googleads.g.doubleclick.net www.google.com google.com https://ad.doubleclick.net https://ade.googlesyndication.com https://r3.visualwebsiteoptimizer.com https://qc.croixbleue.ca https://sdk.privacy-center.org https://r1.visualwebsiteoptimizer.com https://pluginicons.craft-cdn.com https://s3.us-east-1.amazonaws.com https://www.linkedin.com https://pluginscreenshots.craft-cdn.com https://s3.ca-central-1.amazonaws.com https://forms-na1.hsforms.com data:;   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://pro.fontawesome.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;   font-src 'self' https://fonts.gstatic.com https://pro.fontawesome.com data:;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.appdynamics.com https://js.hs-scripts.com https://static.hotjar.com https://dev.visualwebsiteoptimizer.com https://js.stripe.com https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://js.hsbanner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hsleadflows.net https://js.hsadspixel.net https://script.hotjar.com https://s.pinimg.com https://js.adsrvr.org https://www.google-analytics.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://ct.pinterest.com https://connect.facebook.net https://snap.licdn.com https://www.vimeo.com https://vimeo.com https://maps.googleapis.com https://maps.googleapis.com https://cdn.datatables.net https://*.googletagmanager.com https://www.googleadservices.com www.googleadservices.com www.google.com google.com www.googletagmanager.com https://www.google.com www.googleadservices.com googleads.g.doubleclick.net https://f.vimeocdn.com https://sdk.privacy-center.org https://api.privacy-center.org https://urldefense.com https://js.hsforms.net blob:;   connect-src 'self' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://r2.visualwebsiteoptimizer.com https://forms.hscollectedforms.net https://api.hubapi.com https://cta-service-cms2.hubspot.com https://stats.g.doubleclick.net https://ct.pinterest.com https://forms.hubspot.com https://px.ads.linkedin.com https://resource-navigator-mbc.herokuapp.com https://google.com https://maps.googleapis.com https://api.medavie.bluecross.ca https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://r3.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://api.privacy-center.org https://r1.visualwebsiteoptimizer.com https://feed-proxy.craftcms.com https://api.craftcms.com https://forms.hsforms.com;   frame-src 'self' https://*.medaviebc.ca https://js.stripe.com https://td.doubleclick.net https://insight.adsrvr.org https://ct.pinterest.com https://player.vimeo.com https://www.googletagmanager.com https://bid.g.doubleclick.net bid.g.doubleclick.net td.doubleclick.net https://match.adsrvr.org;   object-src 'none';   report-uri https://staging.medaviebc.ca/csp-report-endpoint.php 1
frame-ancestors 'self'; script-src assets.adobedtm.com *.adobe.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.trustedshops.com *.google-analytics.com *.googleadservices.com *.bing.com *.bing.net *.hotjar.com *.hotjar.io *.taboola.com *.facebook.net *.doubleclick.net *.online-metrix.net *.elfsight.com *.cloudflare.com *.visualwebsiteoptimizer.com *.vwo.com *.pushcrew.com *.cookieyes.com cdn-cookieyes.com js.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; default-src *.adobe.com fonts.googleapis.com cash-f.squarecdn.com *.typekit.net *.visualwebsiteoptimizer.com *.vwo.com *.pushcrew.com wingify-assets.s3.amazonaws.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.youtube.com p.typekit.net *.paypal.com * https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.bing.com *.facebook.com *.google.com *.google.at *.google.de *.google.ch *.google.it *.google.nl *.elfsight.com *.elfsightcdn.com *.cookieyes.com cdn-cookieyes.com https://www.magezon.com magefan.com cm.magefan.com https://www.mollie.com 'self' data: https://static.unzer.com https://h.online-metrix.net https://www.gstatic.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adobe.io use.typekit.net *.sentry.io *.braintreegateway.com *.braintree-api.com vimeo.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ *.analytics.google.com *.appspot.com *.taboola.com *.hotjar.com *.hotjar.io *.google-analytics.com *.trustedshops.com *.etrusted.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h64.online-metrix.net https://google.com/pay https://pay.google.com/ https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com fast.amc.demdex.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net https://www.googletagmanager.com/ *.mollie.com *.google.com/ js.mollie.com https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com fonts.gstatic.com https://applepay.cdn-apple.com *.cleverreach.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.bootstrapcdn.com 'self' data: *.threatview.app data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.threatview.app 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net *.threatview.app 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.dotdigital-pages.com *.dotdigital.com www.google.com *.certcapture.com https://www.googletagmanager.com/ *.authorize.net *.doubleclick.net *.weltpixel.com paypalobjects.com *.paypalobjects.com *.adroll.com *.threatview.app 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net *.certcapture.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.com *.google.co.in ups.analytics.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.bing.com *.listrakbi.com *.clarity.ms 'self' data: *.ads.linkedin.com *.linkedin.com *.adroll.com *.yahoo.com *.analytics.yahoo.com lhasaoms.com listrakbi.com *.tapad.com *.threatview.app data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.authorize.net *.lhasaoms.com *.facebook.net *.bing.com *.clarity.ms *.listrakbi.com https://www.googletagmanager.com tagmanager.google.com *.adroll.com *.licdn.com wisepops.net *.wisepops.com lhasaoms.com *.threatview.app 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com *.bootstrapcdn.com *.listrakbi.com *.trackedweb.net *.googleapis.com *.gstatic.com tagmanager.google.com *.threatview.app 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.threatview.app 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.certcapture.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.authorize.net *.clarity.ms *.bing.com *.google-analytics.com https://www.google-analytics.com *.adroll.com *.linkedin.com *.threatview.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.threatview.app 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.cloudfront.net https://www.googletagmanager.com https://connect.facebook.net/ https://s7.addthis.com https://s.adroll.com blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://www.gstatic.com; media-src https:; style-src 'self' https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 'self'; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://script.crazyegg.com https://d2dq2ahtl5zl1z.cloudfront.net data: blob:; frame-src 'self' *.google.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-_wSOGzZje3A5AkFTHcKjPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net fonts.googleapis.com https://static.payzen.eu/static/ *.kampyle.com *.medallia.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.facebook.com *.google.be connect.facebook.net *.youtube.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.google.com service.force.com *.google.be decathlonpro.my.salesforce.com decathlonpro.my.site.com *.kampyle.com *.medallia.com *.sandbox.my.site.com www.gstatic.com apis.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.hsforms.net *.hsforms.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ *.decapro.com contents.mediadecathlon.com *.decathlonpro.fr *.facebook.com www.google.fr c.contentsquare.net pixel.advertising.com/ups/55980/ *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com *.beyable.com *.doubleclick.net *.google.be *.google.ch *.google.ca *.google.it *.google.co.ma bat.bing.com *.privacy-center.org *.y-track.com *.googletagmanager.com *.kampyle.com *.medallia.com media.decathlonpro.fr *.facebook.net *.disqus.com flagpedia.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.hsforms.net *.hsforms.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.force.com *.salesforceliveagent.com *.privacy-center.org *.cloudfront.net *.facebook.net *.contentsquare.net decathlonpro.my.salesforce.com beyableprod.blob.core.windows.net *.beyable.com *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com *.cloudflare.com browser-intake-datadoghq.eu *.datadoghq-browser-agent.com *.my.site.com *.my.salesforce-scrt.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.sandbox.my.salesforce.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.y-track.com *.googletagmanager.com *.kampyle.com *.medallia.com *.amplitude.com rum.hlx.page *.booxi.eu *.disqus.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.payzen.eu/static/ *.my.site.com *.sandbox.my.site.com decathlonpro.my.salesforce.com *.force.com decathlonpro--uat.sandbox.my.salesforce.com *.googletagmanager.com *.kampyle.com *.medallia.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io t.elasticsuite.io *.hsforms.net *.hsforms.com maps.googleapis.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.blob.core.windows.net front.lytics.beyable.com *.doubleclick.net *.contentsquare.net *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com browser-intake-datadoghq.eu *.datadoghq-browser-agent.com *.privacy-center.org *.my.site.com *.my.salesforce-scrt.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com decathlonpro.force.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.y-track.com *.kampyle.com *.medallia.com *.googlesyndication.com *.amplitude.com www.facebook.com wfltqdt.pa-cd.com rum.hlx.page http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.stgairasia.com;  worker-src 'self' blob: *.stgairasia.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stgairasia.com https://www.google-analytics.com *.googletagservices.com *.googletagmanager.com *.recaptcha.net *.gstatic.com *.g.doubleclick.net *.adtrafficquality.google *.googlesyndication.com https://*.hcaptcha.com https://storage.googleapis.com https://static.clevertap.com https://cdn.moengage.com https://cdn-aitg.widerplanet.com https://astg.widerplanet.com https://*.clarity.ms https://redshield-cdn-stg.airasia.com https://s3-eu-west-1.amazonaws.com https://bat.bing.com https://*.cloudfront.net https://connect.facebook.net https://*.criteo.com https://t1.daumcdn.net https://analytics.tiktok.com https://*.hotjar.com https://*.clevertap-prod.com; style-src 'self' 'unsafe-inline' *.stgairasia.com https://fonts.googleapis.com https://*.hcaptcha.com;  img-src 'self' data: blob: https:;  font-src 'self' data: *.stgairasia.com https://fonts.googleapis.com https://fonts.gstatic.com;   connect-src 'self' *.stgairasia.com https://*.hcaptcha.com https://*.clarity.ms https://*.hotjar.com https://*.google-analytics.com https://*.doubleclick.net https://*.moengage.com https://analytics.tiktok.com https://www.google.com https://a.staticaa.com https://*.airasia.com https://www.googletagmanager.com https://*.stg-apiairasia.com https://*.conviva.com https://www.facebook.com https://www.googletagservices.com https://storage.googleapis.com https://images.contentstack.io https://analytics.tiktok.com https://aps.wowscale.com; frame-src 'self' *.stgairasia.com *.airasia.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.recaptcha.net https://ls.cdn-gw-dv.vip https://ep2.adtrafficquality.google https://*.hcaptcha.com https://astg.widerplanet.com https://*.moloco.com https://*.hotjar.com https://*.criteo.com https://*.daumcdn.net;  frame-ancestors 'self' *.stgairasia.com;  base-uri 'self';   form-action 'self';   report-uri https://report-uri.stgairasia.com; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://staticw2.yotpo.com data: *.webtrends-optimize.com *.azurewebsites.net *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * core.spreedly.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://checkout-sandbox.getbread.com https://checkout.getbread.com *.google.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com *.stackadapt.com https://www.paypal.com https://gum.criteo.com/ *.affirm.com *.webtrends-optimize.com *.azurewebsites.net *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * core.spreedly.com *.yotpo.com swellrewards.com *.swellrewards.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://cdn.searchspring.net https://dev.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://d.impactradius-event.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://a-60239872.cdn.ns8ds.com https://commerce.adobedtm.com https://www.facebook.com https://p.yotpo.com *.ns8ds.com *.loggly.com https://www.google.com *.google.com *.stackadapt.com *.webtrends-optimize.com *.azurewebsites.net *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.affirm.com https://static.scarabresearch.com https://static.addtoany.com https://geolocation.onetrust.com https://cdn.searchspring.net https://dev.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://d.impactradius-event.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://a-60239872.cdn.ns8ds.com https://commerce.adobedtm.com https://a-42369024.cdn.ns8ds.com https://cdn.scarabresearch.com https://d22q3dafggn5rg.cloudfront.net https://a-42369024.nscontrol.com https://staticw2.yotpo.com https://www.googletagmanager.com *.loggly.com *.bing.com *.adobe.net *.facebook.net *.hotjar.com *.criteo.net *.criteo.com *.google.com https://resources.xg4ken.com https://www.googlecommerce.com https://www.paypal.com *.stackadapt.com *.webtrends-optimize.com *.azurewebsites.net *.convertexperiments.com *.zdassets.com *.newrelic.com *.affirm.ca *.plugins.emarsys.net *.scarabresearch.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com core.spreedly.com *.subscribepro.com www.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://tags.srv.stackadapt.com https://cdn.searchspring.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://staticw2.yotpo.com *.stackadapt.com *.webtrends-optimize.com *.azurewebsites.net https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.subscribepro.com www.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; connect-src www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com cdn.ampproject.org https://bam-cell.nr-data.net https://tracker.affirm.com https://sandbox.affirm.com https://recommender-eu.scarabresearch.com https://webchannel-content.eservice.emarsys.net *.searchspring.net https://dev.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://d.impactradius-event.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://a-60239872.cdn.ns8ds.com https://commerce.adobedtm.com https://www.facebook.com https://staticw2.yotpo.com https://commerce.adobedc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://recommender.scarabresearch.com https://in.hotjar.com https://w2.yotpo.com *.searchspring.io *.google.com *.affirm.com *.stackadapt.com *.webtrends-optimize.com *.azurewebsites.net *.zendesk.com https://ekr.zdassets.com https://bam.nr-data.net *.affirm.ca *.scarabresearch.com *.eservice.emarsys.net https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.subscribepro.com core.spreedly.com *.yotpo.com swellrewards.com *.swellrewards.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; base-uri 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; 1
default-src 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; connect-src 'self' informer.okta.com informer-admin.okta.com sso.scheduleexpress.com *.oktacdn.com *.mixpanel.com *.mapbox.com informer.kerberos.okta.com https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' informer.okta.com sso.scheduleexpress.com *.oktacdn.com; frame-src 'self' informer.okta.com informer-admin.okta.com sso.scheduleexpress.com login.okta.com *.vidyard.com; img-src 'self' informer.okta.com sso.scheduleexpress.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' informer.okta.com sso.scheduleexpress.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.scheduleexpress.com 1
object-src 'none';base-uri 'self';script-src 'nonce-BS5UQ0Z4wW5IyHHjHaBoDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.ccavenue.com *.razorpay.com view.officeapps.live.com www.google.com use.fontawesome.com www.youtube-nocookie.com www.youtube.com; connect-src 'self' *.elitmus.com *.elitmus.net *.nr-data.net sentry.elitmusmail.com *.google-analytics.com www.googletagmanager.com api.mixpanel.com api.github.com/ wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' blob: cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com www.googletagmanager.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' blob: 'unsafe-inline' *.newrelic.com *.nr-data.net cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com accounts.google.com *.criteo.com *.criteo.net *.leasestation.com *.quickspark.com *.8x8.com *.creditkey.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com *.certcapture.com *.shopperapproved.com seal-toledo.bbb.org *.google-analytics.com *.cpscentral.com *.cloudfront.net *.googletagmanager.com *.criteo.net https://*.bing.com *.hsforms.com *.google.com https://*.google.co.in *.creditkey.com *.burkett.com *.facebook.com *.hubspot.com *.criteo.com https://*.doubleclick.net https://*.bidswitch.net https://*.adnxs.com https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.pubmatic.com *.outbrain.com https://*.rubiconproject.com https://*.smaato.net *.teads.tv *.media.net *.8x8.com ade.clmbtech.com *.3lift.com *.yieldmo.com *.aralego.net *.aralego.com *.dmxleo.com *.unrulymedia.com *.simpli.fi *.yahoo.com *.stickyadstv.com *.1rx.io *.amazonaws.com *.affirm.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com maps.gstatic.com *.reddit.com *.doubleclick.net maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.certcapture.com *.tctm.co *.hs-scripts.com *.hubspot.com *.quickspark.com acsbapp.com *.criteo.com static.criteo.net *.bing.com *.cpscentral.com *.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net *.shopperapproved.com js.hs-banner.com static-na.payments-amazon.com static.cloudflareinsights.com *.cloudflare.com *.google.com/ *.google-analytics.com *.googleadservices.com *.doubleclick.net *.workable.com js-agent.newrelic.com bam.nr-data.net *.8x8.com connect.facebook.net *.creditkey.com *.burkett.com *.yotpo.com *.adobedtm.com https://*.cloudfront.net *.googletagmanager.com *.unpkg.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.maxmind.com maps.googleapis.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.quickspark.com tagmanager.google.com *.creditkey.com *.googleapis.com *.8x8.com *.burkett.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.certcapture.com cdn.acsbapp.com api.hubapi.com *.hubspot.com *.hscollectedforms.net *.google-analytics.com stats.g.doubleclick.net *.jumpfly.com 101054.tctm.co *.criteo.com *.criteo.net bam.nr-data.net *.8x8.com *.google.com *.facebook.com *.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.mmapiws.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://*.bing.com *.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.therascience.com *.googletagmanager.com *.clarity.ms *.criteo.com *.dwin1.com *.cawita.com *.doubleclick.net *.cookiebot.com *.hotjar.com *.skeepers.io *.avis-verifies.com; font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://cdn.checkout.com static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com 'self' data: *.checkout.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.monetico-services.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.monetico-services.com https://js.checkout.com *.klarna.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://www.youtube.com https://www.googletagmanager.com/ *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com www.xtento.com *.checkout.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.addthisedge.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' data: www.xtento.com cdn.xtento.com *.therascience.com *.dmxleo.com *.openstreetmap.org *.hotjar.com *.hotjar.io *.cookiebot.com *.google.fr *.googleapis.com *.googlesyndication.com *.gstatic.com *.skeepers.io *.avis-verifies.com *.bidswitch.net *.doubleclick.net *.media.net *.casalmedia.com *.criteo.com *.postrelease.com *.id5-sync.com *.360yield.com *.pubmatic.com *.outbrain.com blob: *.checkout.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com https://*.checkout.com *.klarnacdn.net *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.plugins.emarsys.net *.scarabresearch.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.fontawesome.com *.googleapis.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com *.therascience.com *.colissimo.fr *.clarity.ms *.openstreetmap.org *.cookiebot.com *.hotjar.com *.hotjar.io *.googlesyndication.com *.skeepers.io *.avis-verifies.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://cdn.checkout.com static.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.monetico-services.com https://js.checkout.com *.klarnaevt.com *.runconverge.com *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.pinimg.com ssl.gstatic.com www.gstatic.com *.scarabresearch.com *.eservice.emarsys.net https://nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.checkout.com *.browser-intake-datadoghq.com *.colissimo.fr *.mapbox.com *.clarity.ms *.openstreetmap.org *.hotjar.com *.hotjar.io *.therascience.com *.cookiebot.com *.googleapis.com *.googlesyndication.com *.skeepers.io *.avis-verifies.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-L-49jX7kISn023e-rDXT2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XLEdVz70OuglEsu03ntwqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; media-src 'self'; frame-src 'self' https://*.autopay.io https://stonly.com https://*.stonly.com https://player.vimeo.com *.europe-west1.firebasedatabase.app https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' *.europe-west1.firebasedatabase.app cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'; connect-src 'self' *.autopay.io *.googleapis.com *.google-analytics.com *.europe-west1.firebasedatabase.app wss://*.europe-west1.firebasedatabase.app sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com *.stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://*.autopay.io/ *.tile.osm.org www.google-analytics.com https://*.vimeocdn.com https://www.gstatic.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-H_YzrkWsNZtOXhP4ry1NCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com https://tr.snapchat.com *.itxuc.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.klarna.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://js.klarna.com https://js.playground.klarna.com https://online2.superoffice.com *.fls.doubleclick.net  https://tr.snapchat.com https://vars.hotjar.com *.itxuc.com/ https://secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://x.klarnacdn.net/ https://visitanalytics.userreport.com https://ad.doubleclick.net  https://ib.adnxs.com https://adservice.google.com https://www.google.com https://www.google.se https://www.google.no https://www.facebook.com *.itxuc.com/ flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://js.klarna.com https://js.playground.klarna.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://cdn-ukwest.onetrust.com/ https://www.tryggehandel.no/ https://online2.superoffice.com https://www.googleoptimize.com https://static.hotjar.com https://sc-static.net https://connect.facebook.net  *.adnxs.com https://track.adform.net https://script.hotjar.com *.itxuc.com/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.54proxy.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com *.kustom.co https://bam.eu01.nr-data.net https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com https://maps.googleapis.com *.itxuc.com/ *.klarnacdn.net *.klarna.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.weerplaza.nl https://*.windguru.cz https://*.buienradar.nl https://*.knmi.nl; base-uri 'self'; frame-src 'self' https://*.windguru.cz; frame-ancestors 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Iatah2doz2r-PBsoMNtqYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.google.com *.doubleclick.net *.facebook.com https://www.paypal.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.multisafepay.com https://redchamps.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.multisafepay.com https://pay.google.com *.gstatic.com tm.tradetracker.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.google-analytics.com *.facebook.com *.facebook.net wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-80tMrGVyX8GKytWXKY3ohg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com 'self' data: https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.oxomi.com/ *.google.com https://widgets.trustedshops.com https://oxomi.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com secure.authorize.net test.authorize.net js.braintreegateway.com 'self' data: cdn.novalnet.de cdn.barzahlen.de *.authorize.net *.ytimg.com *.google.com *.paypal.com *.trustedshops.com consent.cookiefirst.com *.oxomi.com https://oxomi.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.klarnacdn.net *.fontawesome.com 'self' data: *.oxomi.com https://widgets.trustedshops.com https://oxomi.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com 'self' data: secure.authorize.net test.authorize.net *.trustedshops.com *.oxomi.com *.etrusted.com https://gc.kes.v2.scr.kaspersky-labs.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://oxomi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sdmage2.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-LQPNXSqxRFR6jB_k5tmwhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.ca/api/csp-report; report-to csp-endpoint 1
base-uri 'self'; form-action 'self' https://forms.hsforms.com/; frame-ancestors 'self' https://form.texarkanacollege.edu; connect-src https://api.hubapi.com https://stats.g.doubleclick.net https://forms.hubspot.com https://api.hubspot.com https://www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com https://td.doubleclick.net/ https://www.collegevine.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://app.hubspot.com https://js.hsforms.net https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net/  https://player.vimeo.com https://www.googletagmanager.com/ https://www.collegevine.com/; img-src 'self' https://track.hubspot.com https://www.google.com https://www.google-analytics.com https://www.youtube.com https://perf.hsforms.com https://www.collegevine.com/; media-src 'self' https://www.youtube.com https://vimeo.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://js.hsforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-banner.com https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://forms.hsforms.com https://www.collegevine.com/ https://player.vimeo.com ; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://js.hsforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-banner.com https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://forms.hsforms.com https://player.vimeo.com ; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.outdoorcap.com outdoorcap.my.salesforce.com data: *.gstatic.com holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com holbal.formstack.com *.hsforms.net *.hsforms.com *.kbmax.com *.hotjar.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.outdoorcap.com outdoorcap.my.salesforce.com *.paypal.com *.duosecurity.com *.gstatic.com *.google.com holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.outdoorcap.com outdoorcap.my.salesforce.com *.facebook.com *.facebook.net *.pinterest.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com *.hotjar.com track.hubspot.com cardjs.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.sharethis.com *.googleapis.com player.vimeo.com *.outdoorcap.com outdoorcap.my.salesforce.com service.force.com *.salesforceliveagent.com *.googletagmanager.com *.google.com *.gstatic.com holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com dh98j2ed63lww.cloudfront.net *.hotjar.com *.hsadspixel.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com *.facebook.net api.paytrace.com api.sandbox.paytrace.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.outdoorcap.com outdoorcap.my.salesforce.com *.googleapis.com *.gstatic.com holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.googleapis.com *.outdoorcap.com outdoorcap.my.salesforce.com *.google-analytics.com https://stats.g.doubleclick.net holbal.formstack.com *.hsforms.net *.hsforms.com *.zoomcats.com *.kbmax.com *.hotjar.com api.hubapi.com *.facebook.com api.paytrace.com api.sandbox.paytrace.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.nextdoorstudios.com *.asgmax.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.nextdoorstudios.com *.asgmax.com join.gammasecure.com; script-src 'self' *.nextdoorstudios.com *.asgmax.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.nextdoorstudios.com *.asgmax.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com/ *.yotpo.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-bKmZtz4Nj0QfqVD-Mb9z1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src *; script-src-attr 'self'; script-src-elem 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://moderate.cleantalk.org https://platform.twitter.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.recaptcha.net; style-src *; style-src-attr 'self'; style-src-elem 'self' addtocalendar.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net cash-f.squarecdn.com *.fontawesome.com https://attachments-ldn.imiengage.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://age.yoti.com js.stripe.com *.hotjar.com https://attachments-ldn.imiengage.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net * https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://age.yoti.com www.facebook.com bat.bing.com *.google.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk *.stephensons.com *.feefo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://age.yoti.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.google-analytics.com *.googleapis.com googletagmanager.com googleadservices.com *.feefo.com *.cloudflare.com *.zdassets.com https://attachments-ldn.imiengage.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cash.app cc-cdn.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://age.yoti.com services.postcodeanywhere.co.uk *.typekit.net *.cloudflare.com *.feefo.com https://attachments-ldn.imiengage.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net * api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://age.yoti.com https://attachments-ldn.imiengage.io https://ekr.zdassets.com *.feefo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' data: *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.hotjar.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.hotjar.com *.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://olammatomo.azurewebsites.net/ *.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.hotjar.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://olammatomo.azurewebsites.net/ https://www.google.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ *.livechatinc.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shopqa.olammarkets.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magento-cloudflare.jetrails.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.meetanshi.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.googleapis.com https://*.gstatic.com www.apptrian.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ytimg.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.meetanshi.com *.google.com *.googleadservices.com *.googletagmanager.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://minicar-parts.nl https://mylivechat.com https://uk.mylivechat.com https://integrations.etrusted.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com https://*.gstatic.com www.apptrian.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.meetanshi.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://www.postcode-checkout.nl/api/international/v1/autocomplete/* https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com https://*.widget.trengo.eu https://www.clarity.ms https://consent.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://uk.mylivechat.com https://integrations.etrusted.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com https://*.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com www.apptrian.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.meetanshi.com *.googletagmanager.com stats.g.doubleclick.net https://www.postcode-checkout.nl/api/international/v1/autocomplete/* *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com https://*.widget.trengo.eu https://inc.minicar-parts.nl https://*.clarity.ms https://*.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com *.cloudflare.com *.matcha.wine *.avis-verifies.com *.doofinder.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.doofinder.com *.mainadv.com *.redintelligence.net *.pinterest.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com www.googletagmanager.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.doofinder.com *.cloudflare.com *.matcha.wine *.avis-verifies.com bat.bing.com lantern.roeye.com imgsct.cookiebot.com www.zenaps.com www.awin1.com trc.taboola.com *.google.fr *.googlesyndication.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.doofinder.com *.cloudflare.com *.matcha.wine *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.bing.com *.roeyecdn.com *.advcredirect.com *.clarity.ms *.pinimg.com *.pinterest.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com *.cloudflare.com *.matcha.wine *.avis-verifies.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.doofinder.com wss://*.doofinder.com *.cloudflare.com *.matcha.wine *.avis-verifies.com *.cookiebot.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com psb.taboola.com pips.taboola.com cds.taboola.com bat.bing.com lantern.roeye.com lantern.roeyecdn.com mainadv.com widget.trustpilot.com region1.analytics.google.com sb.advcredirect.com *.redintelligence.net mpc-prod-18-s6uit34pua-uc.a.run.app demo-1.conversionsapigateway.com www.google.com www.google.fr *.clarity.ms *.googlesyndication.com *.pinterest.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' googletagmanager.com *.googletagmanager.com localizedirect.cdn.gridly.com *.gridly.com; script-src 'nonce-QkePBoDBJ/yY/YN/ciBuuzI/lw12z3C8' 'unsafe-eval' 'unsafe-inline' 'self' https: http: 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' localizedirect.cdn.gridly.com *.gridly.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com onetrust.com *.onetrust.com doubleclick.net *.doubleclick.net; connect-src 'self' hsforms.net *.hsforms.net hsforms.com *.hsforms.com onetrust.com *.onetrust.com google.com *.google.com doubleclick.net *.doubleclick.net; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' localizedirect.cdn.gridly.com *.gridly.com fonts.googleapis.com google.com *.google.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' localizedirect.cdn.gridly.com *.gridly.com fonts.googleapis.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; font-src 'self' data: fonts.gstatic.com; base-uri 'self'; form-action 'self'; report-uri /.netlify/functions/__csp-violations 1
font-src *.googleapis.com *.gstatic.com data: *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.kaltura.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.zdassets.com *.kaltura.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.zendesk.com *.zdassets.com *.signifyd.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; style-src 'report-sample' 'self' 'unsafe-inline' ; object-src 'none'; img-src 'self' *.regenwald.org data: ; connect-src 'self' ; block-all-mixed-content; report-uri /csp-violation-report/85538e9d-75 1
default-src 'self' data: 'unsafe-inline' *.google-analytics.com *.okta.com *.networkhealth.com networkhealth.com *.facebook.com *.google.com *.doubleclick.net networkhealthfdb.adaptiverx.com *.cloudflare.com *.googleapis.com *.gstatic.com *.googleapis.com *.oktacdn.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com www.google-analytics.com *.networkhealth.com *.cloudflare.com *.facebook.net *.doubleclick.net *.googleapis.com *.oktacdn.com *.okta.com; connect-src 'self' *.networkhealth.com *.okta.com; object-src 'self' *.networkhealth.com; frame-ancestors 'self' *.adaptiverx.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.trbo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.mainadv.com opt.kuponacdn.de ad4m.at *.redintelligence.net *.doubleclick.net *.ad-srv.net d.c.cdnsrv.de ban.tangooserver.com *.trbo.com https://www.googletagmanager.com/ www.xtento.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.jeans-fritz.de www.facebook.com lantern.roeye.com insight.adsrvr.org adservice.google.com as.ad4m.at imagesrv.adition.com track.adform.net secure.adnxs.com t.uimserv.net widgets.trustedshops.com dsum-sec.casalemedia.com maps.gstatic.com www.google.de rtb-csync.smartadserver.com *.adfarm1.adition.com *.doubleclick.net *.twiago.com *.pubmatic.com *.adscale.de *.trbo.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.xtento.com cdn.xtento.com https://www.mollie.com data: 'self' 'unsafe-inline';, script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://maps.googleapis.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com www.jeans-fritz.de www.dwin1.com s.uicdn.com retrack-kupona.kuponacdn.de cdn.taboola.com amplify.outbrain.com widgets.trustedshops.com *.cloudfront.net connect.facebook.net opt.kuponacdn.de ad4m.at *.gsitrix.com *.ad-srv.net analytics.fatmedia.io trc.taboola.com *.adfarm1.adition.com analytics.tiktok.com *.adform.net pixel.mathtag.com mastertag.kpcustomer.de d.c.cdnsrv.de maps.googleapis.com ban.solocpm.com cdn.tangooserver.com eu-assets.i.posthog.com *.trbo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.xtento.com cdn.xtento.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.trbo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline';, connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com payments-eu.amazon.com https://maps.googleapis.com https://player.vimeo.com *.wepowerconnections.com https://the.sciencebehindecommerce.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com psb.taboola.com www.jeans-fritz.de *.gsitrix.com analytics.fatmedia.io trc-events.taboola.com retrack-kupona.kuponacdn.de maps.googleapis.com eu.i.posthog.com analytics.tiktok.com *.trbo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.friendlycaptcha.com eu-api.friendlycaptcha.eu 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.jeans-fritz.de www.google.com analytics.tiktok.com commerce.adobedc.net www.wepowerconnections.com *.posthog.com *.trbo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9f59f850-840a-442b-b604-22d85b9ebc07.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://www.supercoach.com.au/csp-reports 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-6jhB4kFZY1pufnY6mGe83w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' 'nonce-'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: *.bugsnag.com; report-uri /csp-violation-report-endpoint 1
font-src https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://troquer.zendesk.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.sandbox.paypal.com *.paypalobjects.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://sealserver.trustwave.com *.zdassets.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://api.smooch.io *.signifyd.com https://h64.online-metrix.net https://embed.typeform.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.sandbox.paypal.com *.paypalobjects.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.typeform.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://troquer.zendesk.com *.zdassets.com wss://api.smooch.io *.signifyd.com *.typeform.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.sandbox.paypal.com *.paypalobjects.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicstream.s3.amazonaws.com/AAPOS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com widgets.trustedshops.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudfront.net https://cdn.consentmanager.net https://delivery.consentmanager.net https://d.delivery.consentmanager.net *.google.de *.google.com *.facebook.com https://widgets.trustedshops.com https://b.delivery.consentmanager.net https://bat.bing.com magefan.com cm.magefan.com *.sooqr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://d.delivery.consentmanager.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://connect.facebook.net https://widgets.trustedshops.com https://cognito-identity.eu-central-1.amazonaws.com https://b.delivery.consentmanager.net https://bat.bing.com https://www.clarity.ms *.sooqr.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widgets.trustedshops.com maxcdn.bootstrapcdn.com *.fontawesome.com *.sooqr.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://d.delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://region1.google-analytics.com https://cognito-identity.eu-central-1.amazonaws.com https://cdn1.api.trustedshops.com https://y.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com 'self' data: *.skroutz.gr *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.bing.com *.zdassets.com *.google.com *.google.gr *.converse.com *.soundestlink.com *.googletagmanager.com *.klarna.com *.pennie.gr *.adobe.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.facebook.net *.doubleclick.net *.contactpigeon.com *.newrelic.com *.nr-data.net applepay.cdn-apple.com *.klarnacdn.net https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.google.gr *.facebook.com *.skroutz.gr *.zopim.com *.cloudflare.com *.converse.com *.klarna.com www.facebook.com *.contactpigeon.com *.pennie.gr *.moosend.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net widget-v3.boxnow.gr/ widget-v5.boxnow.cy cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.skroutz.gr *.zopim.com *.cloudflare.com *.google.gr *.sandbox.paypal.com *.twitter.com *.converse.com td.doubleclick.net *.soundestlink.com widget-v3.boxnow.gr *.googletagmanager.com *.pinterest.com *.klarna.com *.contactpigeon.com www.facebook.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.omnisnippet1.com *.omnisendlink.com *.google.gr *.google.com *.google.nl *.google.co.in connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.skroutz.gr *.moosend.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.io *.doubleclick.net *.converse.com *.soundestlink.com *.mastercard.com *.klarnaevt.com *.klarnacdn.net https://trustmark.gr *.tiktok.com *.contactpigeon.com *.pennie.gr www.facebook.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.gstatic.com pay.google.com applepay.cdn-apple.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com https://omnisnippet1.com https://wt.soundestlink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytic.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.skroutz.gr *.moosend.com *.adobedtm.com *.cloudflare.com *.google.gr *.vimeo.com *.converse.com *.soundestlink.com widget-v3.boxnow.gr *.unpkg.com boxlockersloadfiles.blob.core.windows.net region1.analytics.google.com *.omnisnippet1.com *.omnisendlink.com *.pinimg.com *.pinterest.com *.klarna.com *.klarnacdn.net x.klarnacdn.net 'self' data: *.tiktok.com *.pennie.gr www.facebook.com *.doubleclick.net *.google-analytics.com *.contactpigeon.com https://trustmark.gr/badge/dist/index.js https://static.adman.gr/adman.js https://greca.adman.gr int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.klarnaservices.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com https://omnisnippet1.com https://forms.soundestlink.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.converse.com *.soundestlink.com *.unpkg.com *.googletagmanager.com *.klarna.com www.googleadservices.com www.google-analytics.com vimeo.com *.pennie.gr *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.contactpigeon.com *.newrelic.com *.nr-data.net *.hotjar.com *.klarnacdn.net https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.gr *.zopim.com *.skroutz.gr *.klarna.com *.cloudflare.com *.converse.com 'self' data: *.contactpigeon.com *.pennie.gr *.moosend.com 'self' 'unsafe-inline'; manifest-src *.pennie.gr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google.gr *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net https://stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms connect.facebook.net *.datatrics.com *.skroutz.gr region1.analytics.google.com *.cloudflare.com *.converse.com *.soundestlink.com boxlockersloadfiles.blob.core.windows.net wss://*.hotjar.com *.pinterest.com *.omnisendlink.com *.klarna.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.googleadservices.com *.googleapis.com *.gstatic.com *.mastercard.com *.google.com *.googletagmanager.com *.tiktok.com *.contactpigeon.com *.pennie.gr https://googleads.g.doubleclick.net/ api.zevioo.com https://pagead2.googlesyndication.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.klarnaservices.com https://get.geojs.io *.avada.io www.facebook.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' *.motoreasy.com fonts.gstatic.com feed.motors.co.uk cdnjs.cloudflare.com/ajax/libs/slick-carousel/ data:; report-to csp-endpoint; report-uri https://www.motoreasy.com/security/csp-violation-report; script-src * 'unsafe-inline' 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.ca https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com cdn.cookielaw.org https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com ma.protected.ca cdn.cookielaw.org js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ma.protected.ca cdn.cookielaw.org geolocation.onetrust.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com fonts.gstatic.com *.directplant.nl *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action www.routexl.com *.facebook.com *.directplant.nl 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.paypal.com *.trustpilot.com *.newrelic.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.aiden.cx *.bing.com *.cookiebot.com *.facebook.com *.google.com google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com bat.bing.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.baidu.com *.cookiebot.com directplant.nl *.directplant.nl *.facebook.net *.ggpht.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.bs www.google.by www.google.ca www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.za www.google.co.zm www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.td www.google.tn google.com *.googlesyndication.com *.googleusercontent.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com bat.bing.com api.ipify.org *.trustpilot.com *.hsforms.net *.hsforms.com *.google.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.aiden.cx *.cookiebot.com *.directplant.nl *.google-analytics.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com *.directplant.nl 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.googleapis.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com bat.bing.com www.feedbackcompany.com www.routexl.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.aiden.cx *.cookiebot.com *.directplant.nl *.facebook.com www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.in www.google.co.jp www.google.co.ma www.google.com.au www.google.com.br www.google.com.eg www.google.com.lb www.google.com.mt www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.it www.google.je www.google.la www.google.lt www.google.lu www.google.lv www.google.md www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk www.google.sr *.google.com google.com *.googlesyndication.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://159deafb-d168-41e7-a7b8-8d8b5d09888c.sansec.watch/; report-to report-endpoint; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: blob: https://*.s3.us-east-2.amazonaws.com https://s3.us-east-2.amazonaws.com https://*.ender.com https://ender.com https://googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.stripe.com; connect-src 'self' https://*.ender.com https://*.ingest.us.sentry.io https://www.google-analytics.com https://edge.fullstory.com https://rs.fullstory.com https://api.sentry.io https://maps.googleapis.com https://*.googleapis.com https://maps.gstatic.com https://api.stripe.com https://*.s3.us-east-2.amazonaws.com https://s3.us-east-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://production.plaid.com/; font-src 'self' https://fonts.gstatic.com data:; frame-src https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app.hellosign.com https://cdn.plaid.com; script-src 'self' 'unsafe-inline' https://*.js.stripe.com https://cdn.jsdelivr.net https://js.stripe.com https://maps.googleapis.com https://cdn.plaid.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://*.googletagmanager.com http://edge.fullstory.com https://cdn.hellosign.com; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none'; frame-ancestors 'none'; report-to csp-endpoint; report-uri https://dev.ender.com/csp/reports 1
object-src 'none';base-uri 'self';script-src 'nonce-mwECyZuz_RFP1A6wH21Sww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.careem-pay.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: www.searchanise.com *.searchserverapi.com searchserverapi1.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://checkout.payfort.com www.searchanise.com *.searchserverapi.com *.twitter.com searchserverapi1.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com tagassistant.google.com *.b-cdn.net *.tap.company *.careem-pay.com https://player.vimeo.com https://www.youtube-nocookie.com www.searchanise.com *.searchserverapi.com *.twitter.com searchserverapi1.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.b-cdn.net flagpedia.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com searchserverapi1.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.visa.com *.mastercard.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.b-cdn.net *.careem-pay.com *.cloudflare.com *.avada.io maps.googleapis.com https://player.vimeo.com https://www.youtube.com 'unsafe-inline' searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com searchserverapi1.com searchserverapi.com cdn.amplitude.com https://ipinfo.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.b-cdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com searchserverapi1.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com region1.google-analytics.com *.dev.tap.company *.tap.company https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.amplitude.com stats.g.doubleclick.net searchserverapi1.com api2.amplitude.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint *.paypal.com *.kaptcha.com *.google.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint www.apptrian.com www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint *.paypal.com *.pureclarity.net *.google.com *.chimpstatic.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mention-me.com maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.braintreegateway.com *.csp-reporting-service.com *.braintree-api.com *.csp-reporting-service.com/my-project/endpoint *.pureclarity.net www.apptrian.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mention-me.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com landofcoder.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ccbuchner.de www.ccbuchner.de https://secure.ogone.com https://ogone.test.v-psp.com captcha.wirth-horn.de cookiemanager.wirth-horn.de whstatistics-api.wirth-horn.de https://www.click-and-teach.de https://www.click-and-study.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://adservice.google.com *.g.doubleclick.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://*.googleusercontent.com https://www.instagram.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://services.ccbuchner.de; report-uri /csp-report.cfm 1
object-src 'none';base-uri 'self';script-src 'nonce-6slTiVlNVykXS8a0uSvPPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube-nocookie.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.xtento.com www.facebook.com h.online-metrix.net vars.hotjar.com www.google.com checkoutshopper-test.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net content.staging.b2c.hirsch.sneakpeek.cc content.develop.b2c.hirsch.sneakpeek.cc *.trustedshops.com www.xtento.com cdn.xtento.com magefan.com cm.magefan.com www.facebook.com www.google.at h.online-metrix.net maps.googleapis.com maps.gstatic.com content.hirschthebracelet.com cx.atdmt.com *.outbrain.com *.ccm19.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.instagram.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com analytics.tiktok.com *.trustedshops.com www.xtento.com cdn.xtento.com connect.facebook.net www.google.com geoip-js.com h.online-metrix.net cdnjs.cloudflare.com js.authorize.net jstest.authorize.net www.gstatic.com static.hotjar.com script.hotjar.com maps.googleapis.com checkoutshopper-test.adyen.com *.outbrain.com *.ccm19.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.ccm19.de assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com analytics.tiktok.com content.staging.b2c.hirsch.sneakpeek.cc content.develop.b2c.hirsch.sneakpeek.cc *.analytics.google.com geoip-js.com stats.g.doubleclick.net h.online-metrix.net *.hotjar.com *.hirschthebracelet.com vc.hotjar.io checkoutshopper-test.adyen.com maps.googleapis.com *.google-analytics.com *.ccm19.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.ccm19.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1_OUuQSwQSMeb_WzOBnBNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'nonce-e719e3f2-0d00-4e66-a2b3-1dad6b88c5a5'  *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' https://media.imi.chat; script-src 'self' 'nonce-e719e3f2-0d00-4e66-a2b3-1dad6b88c5a5' https://cdn-widget.us.webexengage.com https://media.imi.chat; connect-src 'self' https://media.imi.chat https://cdn-widget.us.webexengage.com; img-src 'self' https://media.imi.chat data:; frame-src 'self' https://media.imi.chat; style-src-elem 'self' 'unsafe-inline' https://media.imi.chat; font-src 'self' https://media.imi.chat https://media.imi.chat/widget; object-src 'none'; base-uri 'none' 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * https://www.shopperapproved.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.hotjar.com https://plumrocket.com *.weltpixel.com *.cloudflare.com *.doubleclick.net *.facebook.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.shopperapproved.com https://*.hotjar.com *.klevu.com *.ksearchnet.com *.gstatic.com *.adsrvr.org *.amplifieddigitalagency.com *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com google.com tvspix.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.shopperapproved.com https://direct.shopperapproved.com https://*.hotjar.com https://connect.facebook.net https://bat.bing.com js.klevu.com *.ksearchnet.com *.googleapis.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.amplifieddigitalagency.com *.bing.com *.cloudflare.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.doubleclick.net *.facebook.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.klevu.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com tagmanager.google.com *.cloudflare.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.klevu.com *.ksearchnet.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com *.bing.com *.bing.net *.cloudflare.com *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com google.com *.gstatic.com *.hotjar.com *.hotjar.io *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleadservices.com *.google-analytics.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri 'self' 'unsafe-inline'; report-uri https://14050275-8828-4f9f-b9b6-e1d4d98e6996.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com fonts.googleapis.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardlink.gr *.alphaecommerce.gr *.eurocommerce.gr *.qcb.gov.qa *.snapchat.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.infobip.com *.snapchat.com *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io calc.tbibank.gr https://www.magezon.com *.facebook.net *.facebook.com *.twitter.com t.co *.google.gr *.cookiefirst.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com calc.tbibank.gr *.facebook.net *.facebook.com *.infobip.com *.cloudflareinsights.com *.google.gr *.googlesyndication.com *.twitter.com *.ads-twitter.com sc-static.net *.doubleclick.net *.iconify.design scripts.bestprice.gr skroutza.skroutz.gr analytics.skroutz.gr 360.bestprice.gr *.clarity.ms *.cookiefirst.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cookiefirst.com *.klarnacdn.net *.fontawesome.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com calc.tbibank.gr *.infobip.com *.facebook.com *.snapchat.com *.doubleclick.net *.clarity.ms *.cookiefirst.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-cZ2x7B1HQCCqnoloha-9-Q1M_kjUBAdT'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/searchplayground_google 1
default-src 'self'; script-src 'self' ajax.cloudflare.com; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cookiebot.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com.ua *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com sst.zemiceurope.com imgsct.cookiebot.com *.google.nl *.google.de *.google.fr *.google.com *.taggrs.io *.linkedin.com *.bing.com new-collect.albacross.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com sst.zemiceurope.com *.cookiebot.com *.licdn.com *.tawk.to *.bing.com *.hotjar.com *.albacross.com *.clarity.ms *.omappapi.com static.cloudflareinsights.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com https://fonts.googleapis.com *.fontawesome.com *.omappapi.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com sst.zemiceurope.com consentcdn.cookiebot.com *.omappapi.com *.bing.com *.linkedin.com *.clarity.ms *.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-C6qZhInd9L0UuuCCuVKD8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://mychart-cc-bsh-nchmd.org/ https://mychart-cc-ewp-nchmd.org/ https://mychart-cc-ida-nchmd.org/ https://mychart-cc-ipg-nchmd.org/ https://mychart-cc-ncc-nchmd.org/ https://mychart-cc-nhw-nchmd.org/ https://mychart-cc-sghu-nchmd.org/ https://mychart-nchmd.org https://nchmd.org https://nchstaging.wpengine.com;frame-src 'self' epichttp: https://cdnapisec.kaltura.com https://mychart-nchmd.org https://pay.instamed.com https://www.youtube.com;script-src 'nonce-5d350df783774828a4409ba204b48d52' https://mychart-nchmd.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://*.app.st-1233.epiccloud.io https://www.youtube.com/ wss://*.webpubsub.azure.com;style-src https://mychart-nchmd.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.schedulr.ch js.zohostatic.eu app.reflinejobs.io cdn.refline.io www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn.cookiehub.eu www.googletagmanager.com tagmanager.google.com; img-src 'self' data: accounts.zoho.eu data: www.googletagmanager.com; connect-src 'self' https://cdn.cookiehub.eu https://app.schedulr.ch desk.zoho.eu www.googletagmanager.com; font-src 'self' data: data:; object-src 'none' ; frame-src 'self' app.reflinejobs.io www.googletagmanager.com; child-src 'self' www.googletagmanager.com; worker-src 'self' blob:; form-action 'self' ; frame-ancestors 'none' ; block-all-mixed-content; 1
frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://o175096.ingest.us.sentry.io/api/4510166077276160/security/?sentry_key=038d8f317a9d638ab14b7999e65fdf79; 1
font-src fonts.gstatic.com use.typekit.net https://dev--americasbest--national-vision.aem.live https://www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://commercehub-secure-data-capture.fiservapps.com https://prod.api.fiservapps.com https://cert.api.fiservapps.com https://assets.adobedtm.com https://vto-advanced.fittingbox.com https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com *.adobeaemcloud.com  data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: https://assets.adobedtm.com https://images.unsplash.com https://dev--americasbest--national-vision.aem.live  blob:  'self'   *  data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://experience.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://rum.hlx.page https://commercehub-secure-data-capture.fiservapps.com https://prod.api.fiservapps.com https://cert.api.fiservapps.com https://assets.adobedtm.com https://maps.googleapis.com https://vto-advanced-integration-api.fittingbox.com https://dev--americasbest--national-vision.aem.live https://rum.hlx.page/.rum/@adobe/helix-rum-js@%5E2/dist/rum-standalone.js https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://assets.adobedtm.com https://dev--americasbest--national-vision.aem.live https://www.paypalobjects.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com  blob:  data:  'self'   *  'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://assets.adobedtm.com https://maps.googleapis.com https://player.vimeo.com https://dev--americasbest--national-vision.aem.live https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kFX0ypr26zifIkj5wCHc0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob: wss://*.tawk.to; report-uri /_resources/php/csp-report.php 1
default-src 'self'; style-src 'self'; script-src 'self' 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com pay.elavonpaymentgateway.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.consentmanager.net pay.elavonpaymentgateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.consentmanager.net pay.elavonpaymentgateway.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.consentmanager.net pay.elavonpaymentgateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.consentmanager.net pay.elavonpaymentgateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-w-6OzdjQnOa7bszQNAnosw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WZQ9wukTRZMygtUJN3KpMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com web.facebook.com www.facebook.com consentcdn.cookiebot.com *.trustpilot.com *.empathy.* https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.connectif.cloud storage.googleapis.com forms-eu1.hsforms.com track-eu1.hubspot.com www.google.be www.google.es www.google.com.ar www.facebook.com maps.gstatic.com connect.facebook.net scontent-cdt1-1.cdninstagram.com scontent-cdt2-1.cdninstagram.com scontent-cdg2-1.cdninstagram.com imgsct.cookiebot.com perf-eu1.hsforms.com *.hubspotusercontent-eu1.net *.trustpilot.com *.empathy.* http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.connectif.cloud cdn.jsdelivr.net connect.facebook.net js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hscollectedforms.net js-eu1.hs-banner.com js-eu1.hsleadflows.net searchserverapi.com pixel.convertize.io consent.cookiebot.com consentcdn.cookiebot.com js-eu1.usemessages.com js-eu1.hubspot.com static.hotjar.com script.hotjar.com *.trustpilot.com *.empathy.* http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.jsdelivr.net *.trustpilot.com *.empathy.* *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.connectif.cloud api-eu1.hubapi.com forms-eu1.hubspot.com graph.instagram.com maps.googleapis.com forms-eu1.hscollectedforms.net consentcdn.cookiebot.com pagead2.googlesyndication.com cta-eu1.hubspot.com api-eu1.hubspot.com *.google-analytics.com *.trustpilot.com *.empathy.* http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://csp.core.anybotics.com/csp-report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' *.pepperjam.com https://www.googletagmanager.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.facebook.com 'self' *.pepperjam.com https://www.googletagmanager.com/ webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bing.com *.google.com.ph *.google.com.sg *.google.com.au *.google.com.ca https://static-na.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg https://www.googletagmanager.com/ *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' *.pepperjam.com *.upscope.io *.freshchat.com *.xsellco.com *.bing.com *.hotjar.com *.cloudfront.net *.shop.pe https://shop.pe *.clarity.ms *.s3.amazonaws.com *.dnky.co *.dotdigital.com https://api.comapi.com *.zoovu.com 'self' 'unsafe-inline' *.googleapis.com https://polyfill.io webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.freshchat.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.facebook.com *.facebook.net *.doubleclick.net wss://*.hotjar.com *.hotjar.io *.clarity.ms *.shop.pe wss://*.upscope.io *.xsellco.com *.comapi.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qJTWXvNl1gslgtuzXuqP7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'report-sample' 'nonce-3ijt22xSj7h9' 'strict-dynamic' https: http: 'unsafe-eval'; base-uri 'self'; report-to endpoint-report; report-uri https://membre.carenity.com/csp/report/public; font-src https://www.carenity.com/ data: https://appleid.cdn-apple.com/ https://fonts.gstatic.com ; frame-src https://td.doubleclick.net https://m.youtube.com https://myaccount.google.com https://accounts.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.carenity.com/ https://drive.google.com/ https://www.google.com/recaptcha/; object-src https://www.youtube.com/ https://membre.carenity.com/static/docs/; style-src 'unsafe-inline' https://www.carenity.com/ https://www.amcharts.com/ https://ajax.googleapis.com/ https://accounts.google.com/gsi/style https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; form-action https://www.carenity.com/ https://membre.carenity.com/; 1
script-src cdn.cookielaw.org 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-ZJSrF4bb7SUZRy7Fyt630o9IjllscPecxvaVi5VND2Q=' 'unsafe-eval' 'unsafe-inline';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.gstatic.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to *.sharethis.com *.addthis.com *.moatads.com *.mastercard.com *.paypal.com *.livechatinc.com *.vimeo.com *.pinterest.com/ *.doubleclick.net *.adsrvr.org *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.disqus.com https://img.youtube.com *.nosto.com *.nos.to *.zipmoney.com.au *.gstatic.com *.googleapis.com beaumont-tiles.com.au *.beaumont-tiles.com.au *.google.com *.adnxs.com *.pinterest.com *.ggpht.com *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.disqus.com *.nosto.com *.nos.to *.sharethis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.newrelic.com *.nr-data.net *.mastercard.com *.zipmoney.com.au *.livechatinc.com *.roomvo.com *.pinimg.com *.serving-sys.com *.adsrvr.org *.adnxs.com *.zip.co *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.googleapis.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.nosto.com *.nos.to *.demdex.net *.sharethis.com *.addthis.com *.nr-data.net *.zipmoney.com.au *.zip.co *.paypal.com *.livechatinc.com *.google-analytics.com *.serving-sys.com *.pinterest.com maps.googleapis.com *.doubleclick.net *.roomvo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ *.googletagmanager.com *.doubleclick.net *.redintelligence.net *.trustpilot.com *.googlesyndication.com *.dwin1.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.magezon.com flagpedia.net blob: *.google.com *.google.co.uk *.googlesyndication.com *.bing.com *.bing.net *.cloudflare.com *.cloudfront.net *.roeye.com *.freshchat.com *.clarity.ms *.wisepops.com wisepops.net *.soreto.com *.linkedin.com *.tiktok.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com *.avada.io *.shopify.com *.google.com/ *.gstatic.com maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.tiktok.com *.taboola.com *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.withcubed.com *.roeyecdn.com *.klaviyo.com *.trustpilot.com *.visualwebsiteoptimizer.com *.payments-amazon.com fw-cdn.com cdn-sitegainer.com *.ip-api.com *.cloudflare.com *.cloudfront.net *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleapis.com *.vimeo.com *.freshchat.com *.licdn.com *.pinimg.com *.linkedin.com *.pinterest.com *.cloudflareinsights.com https://snippets.freshchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com https://static.klaviyo.com assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com data: *.googleapis.com *.googlesyndication.com *.typekit.net *.seersco.com *.klaviyo.com *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.taboola.com *.tiktok.com *.tiktokw.us *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.awinblackfriday.com *.freshchat.com *.amazonaws.com *.googletagmanager.com *.dwin1.com *.licdn.com *.pinimg.com *.pinterest.com *.linkedin.com *.trustpilot.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; worker-src *; base-uri *; form-action *; frame-ancestors * 1
default-src 'self' https://*.snowsoftware.io https://*.flexeraeu.flexera.com https://*.eu.pendo.io; frame-src 'self' https://app.pendo.io https://*.eu.pendo.io https://www.youtube.com https://player.vimeo.com  https://*.snowsoftware.io;connect-src 'self' https://*.snowatlas.snowsoftware.io https://*.snowatlaseu.snowsoftware.io https://*.snowsoftware.io https://*.eu.pendo.io https://*.execute-api.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://qbusiness.us-east-1.api.aws wss://qbusiness-websocket.us-east-1.api.aws wss://*.snowsoftware.io https://*.launchdarkly.com https://westeurope-2.in.applicationinsights.azure.com https://js.monitor.azure.com/ https://*.blob.core.windows.net https://*.sumologic.com;script-src 'self' 'unsafe-eval' 'report-sample' https://app.eu.pendo.io https://*.snowatlas.snowsoftware.io https://*.snowatlaseu.snowsoftware.io https://*.snowsoftware.io  https://snowsoftware.io https://*.flexera.com https://*.flexeraone.flexera.com https://cdn.pendo.io https://*.sumologic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://*.eu.pendo.io https://*.snowatlaseu.snowsoftware.io https://*.snowsoftware.io; font-src 'self' data: https://*.eu.pendo.io https://*.cdn.eu.pendo.io https://*.snowsoftware.io;img-src 'self' https://*.snowatlas.snowsoftware.io https://*.snowatlaseu.snowsoftware.io https://*.eu.pendo.io https://*.dev-snowsoftware.io https://*.flexera.com data:; 1
default-src 'none'; script-src 'self' 'unsafe-eval' wasm-eval acsbapp.com cosmo.kmbsus.com jam4.sapjam.com kit.fontawesome.com script.crazyegg.com www.google-analytics.com https://www.googletagmanager.com/gtm.js self view.ceros.com www.google.com www.gstatic.com www.mykonicaminolta.com; script-src-elem 'self' 'unsafe-inline' acsbapp.com cdn.tiny.cloud cloud.tinymce.com cosmo.kmbsus.com jam4.sapjam.com kit.fontawesome.com platform.twitter.com script.crazyegg.com view.ceros.com www.google-analytics.com www.google.com www.googletagmanager.com cdnjs.cloudflare.com code.jquery.com app-sjo.marketo.com connect.facebook.net ww.pagespeed-mod.com get663.com blob: mainf.global-cache.online maxcdn.bootstrapcdn.com assets0-jam4.sapjam.com snap.licdn.com; script-src-attr 'unsafe-inline' www.mykonicaminolta.com; style-src 'self' 'unsafe-inline' cdn.honey.io self; style-src-elem 'self' 'unsafe-inline' cdn.tiny.cloud stackpath.bootstrapcdn.com cdn.honey.io fonts.googleapis.com hello.myfonts.net www.gstatic.com maxcdn.bootstrapcdn.com assets0-jam4.sapjam.com; style-src-attr 'unsafe-inline' www.mykonicaminolta.com; img-src 'self' data: analytics.google.com jam4.sapjam.com portalstage.konicabt.com sp.tinymce.com stats.g.doubleclick.net syndication.twitter.com wapps.mykonicaminolta.com www.google-analytics.com www.google.ca www.google.co.in www.google.com www.google.com.sv www.googletagmanager.com www.google.com.mx www.google.com.pr kmbs.konicaminolta.us kmbscontent.konicaminolta.us www.google.co.jp www.google.co.uk www.google.co.vi www.google.de www.google.tt blob: cdn.honey.io www.google.com.co www.google.be www.google.com.ar www.google.com.au www.google.com.br www.google.com.gt www.google.com.sg www.google.it www.google.co.kr fonts.gstatic.com www.google.cl mikkiload.com www.google.co.id www.google.co.ma www.google.co.mz www.google.co.za www.google.com.bo www.google.com.my www.google.com.np www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.vn www.google.cz www.google.es www.google.fr www.google.gr www.google.pl i.ytimg.com ok7static.oktacdn.com region1.analytics.google.com www.google.ae www.google.at www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.nz www.google.co.th www.google.co.ug www.google.com.ec www.google.com.jm www.google.com.py www.google.com.qa www.google.com.uy www.google.dk www.google.hu www.google.no www.google.rs www.google.se www.google.sr www.google.com.lb www.google.com.ly www.google.mg www.google.sk www.google.ba www.google.ch www.google.co.tz www.google.com.bh www.google.com.do www.google.com.kw www.google.com.mm www.google.com.mt www.google.gg www.google.gy www.google.ie www.google.is www.google.jo www.google.ro www.google.ru www.google.si; font-src 'self' data: cdn.tiny.cloud ka-p.fontawesome.com fonts.gstatic.com static.zip.co themes.googleusercontent.com www.slant.co; connect-src 'self' *.cloudfront.net acsbapp.com analytics.google.com cdn.acsbapp.com cdn.tiny.cloud ka-p.fontawesome.com kit.fontawesome.com script.crazyegg.com stats.g.doubleclick.net tracking.crazyegg.com www.google-analytics.com www.google.ca accesswidget-log-receiver.acsbapp.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com backend.acsbapp.com www.googletagmanager.com feed.jquery-plugins.net region1.analytics.google.com www.google.co.in www.google.co.vi wapps.mykonicaminolta.com www.google.com.mx www.google.com.pr www.google.de www.google.cl www.google.com.sv api.awesomeblocker.com api.highdataanalytics.com data: www.google.com.br www.google.com.gt www.google.cz api.ginger-analytics.com cdnml.global-cache.online overbridgenet.com service.gstatic-cache.com www.google.at www.google.co.cr www.google.co.id www.google.co.jp www.google.co.uk www.google.com.ar www.google.com.my www.google.com.pe www.google.com.ph www.google.com.vn www.google.es www.google.it www.google.sr www.google.tt www.google.com.ly api.amcreativemedia.com api.fbanalytics.org api.global-data-lab.com api.mkmediaworks.com www.google.co.ao www.google.co.za www.google.com.co www.google.com.do www.google.com.ec www.google.com.jm www.google.com.mt www.google.pl; media-src 'self' data:; object-src 'self'; child-src blob:; frame-src 'self' *.opendns.com crmweb.mykonicaminolta.com jam4.sapjam.com onlineglobal.konicaminolta.net platform.twitter.com players.brightcove.net td.doubleclick.net view.ceros.com www.youtube.com block.opendns.com gateway.zscaler.net dmh-root-sso-banner-prod.goworks.com.au performancemanager4.successfactors.com syndication.twitter.com wapps.mykonicaminolta.com www.kmdealerconnect.com aip6ygczm.accounts.ondemand.com home.allcovered.com accounts.google.com m.youtube.com www.bizhubvcare.com www.googletagmanager.com gateway.zscalerthree.net kmbs.konicaminolta.us; worker-src blob:; frame-ancestors 'self'; form-action 'self' lms.konicaminolta.com sms.mykonicaminolta.com wapps.mykonicaminolta.com www.buyerslab.com onyxweb.mykonicaminolta.com crmweb.mykonicaminolta.com ndf.mykonicaminolta.com kmbscorpit.service-now.com; report-uri https://0b3b4954796ea786489a35680dfb724f.report-uri.com/r/t/csp/wizard 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=NQ2XBTWGR4N7q5mFFc7DDTT6eLgoJLwMHKhDm9TylJQ-1773708598-1.0.1.1-uYUA8tcUE6ytZMa46TSl3PsrGnSA_L.hsuCSXyNBJf6_5riNH6GzDfmQ09b_Mr_MwAdkG1LhhTblIy_StWYtyxSGgMvpKBnZWYekQjPqj5g0MszvojeKj2ObFSMXVIBEHmYtQ2rHj_E2DuPCTUaRuB7jODBTWT5ad.P8KXYyxW5VRtHiAilUBQGngtLscXd3iuPCPRoW681Qze1zrec.Ag; report-to cf-csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-up5aUAwKjCd2ASc3ITiVvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BVK8hB_Z1xWEev1LC_q2Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.gstatic.com 'self' data: fonts.gstatic.com *.cloudflare.com fonts.googleapis.com *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * widget.trustpilot.com lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.afterpay.com *.clearpay.co.uk *.trackedlink.net https://images.unsplash.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.google.com *.google.co.uk *.cookiebot.com *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com *.facebook.com *.bing.com *.roeye.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://maps.googleapis.com *.disqus.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://z.moatads.com https://cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.trustpilot.com *.lpsnmedia.net *.cookiebot.com *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com wisepops.net *.bing.com *.roeye.com *.crazyegg.com *.facebook.net *.hotjar.com *.roeyecdn.com *.dwin1.com demon11123.pcapredict.com services.postcodeanywhere.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com fonts.googleapis.com *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://maps.googleapis.com https://player.vimeo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net *.cookiebot.com *.crazyegg.com *.bing.com *.facebook.net *.hotjar.com *.roeyecdn.com *.dwin1.com *.mdoq.io *.mdoq.dev *.tweekscycles.com *.demon-tweeks.com services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-5YBJlwLE0vs7Jjhu8NuY/Hq18M4=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
object-src 'none'; base-uri 'self'; report-uri https://www.yespark.fr/csp-violation-report-endpoint 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nZiFGfvysDUe8e19JaAhRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.blc.edu https://*.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.youtube.com;   style-src 'self' 'unsafe-inline' https://*.blc.edu https://fonts.googleapis.com https://use.typekit.net https://*.adobe.com;   img-src 'self' data: blob: https://*.blc.edu https://*.cloudflare.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.facebook.com https://i.ytimg.com;   font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://*.adobe.com https://*.blc.edu;   frame-src 'self' https://www.youtube.com https://www.google.com https://*.blc.edu;   connect-src 'self' https://*.blc.edu https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com *.yotpo.com *.acsbapp.com https://script.hotjar.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com https://plumrocket.com *.hsforms.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com https://plumrocket.com *.weltpixel.com *.google.com/ *.hsforms.net *.nice-incontact.com *.doubleclick.net *.hsforms.com *.bing.com *.fullstory.com  *.facebook.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://images.unsplash.com *.cenpos.net *.cenpos.com https://www.magezon.com *.hsforms.com *.travers.com *.bing.com *.hubspot.com *.clarity.ms *.facebook.com *.yotpo.com *.cloudfront.net *.google.com *.google.co.in *.hubspotusercontent00.net *.fullstory.com  *.acsbapp.com *.googletagmanager.com *.applicant-tracking.com *.linkedin.com *.hubspotusercontent-na1.net https://script.hotjar.com *.google-analytics.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com polyfill.io https://maps.googleapis.com *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com *.googletagmanager.com *.avada.io *.google.com/ *.pingdom.net *.hsforms.net *.hsforms.com *.yotpo.com *.luckyorange.com *.bing.com *.clarity.ms *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsleadflows.net https://acsbapp.com/apps/app/dist/js/app.js *.nice-incontact.com *.facebook.net *.cloudfront.net *.doubleclick.net *.fullstory.com  *.topgradinghire.com *.jquery.com *.applicant-tracking.com *.licdn.com *.lfeeder.com *.hscollectedforms.net *.hubspot.com https://static.hotjar.com https://script.hotjar.com *.google-analytics.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.yotpo.com *.cloudfront.net *.bing.com *.google.com *.fullstory.com  *.topgradinghire.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.algolia.net *.algolianet.com *.insights.algolia.io https://maps.googleapis.com https://player.vimeo.com insights.algolia.io https://get.geojs.io *.avada.io *.pingdom.net *.clarity.ms *.doubleclick.net *.luckyorange.net *.luckyorange.com wss://realtime.luckyorange.com *.acsbapp.com *.hubspot.com *.hubapi.com *.googleapis.com *.visitors.live  wss://in.visitors.live/ *.yotpo.com *.facebook.com *.hsforms.com *.amazonaws.com *.bing.com *.google.com *.fullstory.com  *.visitors.live/ajax  *.visitors.live/server-time  https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.google-analytics.com *.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' *.cloudfront.net *.civiccomputing.com *.contentsquare.net *.doubleclick.net *.evergage.com *.feefo.com *.flippingbook.com *.googleapis.com *.nr-data.net cdn.evgnet.com cdn.mouseflow.com js-agent.newrelic.com snap.licdn.com widget.trustpilot.com www.googletagmanager.com; script-src-attr 'self' 'unsafe-inline' *.cloudfront.net *.civiccomputing.com *.contentsquare.net *.doubleclick.net *.evergage.com *.feefo.com *.flippingbook.com *.googleapis.com *.nr-data.net cdn.evgnet.com cdn.mouseflow.com js-agent.newrelic.com snap.licdn.com widget.trustpilot.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' *.cloudfront.net *.civiccomputing.com *.contentsquare.net *.doubleclick.net *.evergage.com *.feefo.com *.flippingbook.com *.googleapis.com *.nr-data.net cdn.evgnet.com cdn.mouseflow.com js-agent.newrelic.com snap.licdn.com widget.trustpilot.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.googleapis.com *.typekit.net; style-src-elem 'self' 'unsafe-inline' *.cloudfront.net *.googleapis.com *.typekit.net; img-src 'self' data: *.cloudfront.net *.contentsquare.net *.facebook.com *.flippingbook.com *.googleapis.com *.googleusercontent.com *.linkedin.com *.tuskercars.com *.tuskerdirect.com *.youtube.com docs.inrix.com reba.global secure.gravatar.com www.googletagmanager.com *.google.com *.google.co.uk *.google.im *.google.ie *.google.gb; font-src 'self' data: *.cloudfront.net *.typekit.net fonts.gstatic.com; connect-src 'self' *.cloudfront.net *.civiccomputing.com *.contentsquare.net *.doubleclick.net *.evergage.com *.feefo.com *.flippingbook.com *.googleapis.com *.nr-data.net cdn.evgnet.com cdn.mouseflow.com js-agent.newrelic.com snap.licdn.com widget.trustpilot.com www.googletagmanager.com *.contentsquare.net *.facebook.com *.flippingbook.com *.googleapis.com *.googleusercontent.com *.linkedin.com *.tuskercars.com *.tuskerdirect.com *.youtube.com docs.inrix.com reba.global secure.gravatar.com www.googletagmanager.com *.google.com *.google.co.uk *.google.im *.google.ie *.google.gb; worker-src 'self' blob:; media-src 'self'; child-src 'self'; frame-src 'self' *.tuskercars.com cloud.email.tusker-cars.com map.zap-map.com player.vimeo.com  tools.zap-map.com widget.trustpilot.com www.googletagmanager.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors https:; object-src 'none'; report-uri https://62a6f7cc9bc141b6c536feda.endpoint.csper.io?v=4 1
font-src *.gstatic.com www.facebook.com web.facebook.com www.google-analytics.com stats.g.doubleclick.net fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com *.google.com.ua *.google.co.uk www.facebook.com web.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net www.facebook.com web.facebook.com www.google.com.vn www.google.com stats.g.doubleclick.net minio.infra.omicrm.com via.placeholder.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com static.staff-start.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.google.com www.facebook.com web.facebook.com www.google-analytics.com stats.g.doubleclick.net minio.infra.omicrm.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.mollie.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.mollie.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-z3x7S7t7nW2r1+kB6liwcA==' 'self' cdn.orsted.com *.googletagmanager.com *.app.cookieinformation.com cdn.appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net;       style-src 'nonce-z3x7S7t7nW2r1+kB6liwcA==' 'self' cdn.orsted.com fonts.googleapis.com;       style-src-attr 'unsafe-inline' cdn.orsted.com;       img-src 'self' data: cdn.orsted.com *.azureedge.net *.youtube.com *.23video.com delivery.twentythree.com www.googletagmanager.com *.lfeeder.com *.linkedin.com *.doubleclick.net *.pardot.com;       media-src 'self' blob: cdn.orsted.com *.youtube.com *.23video.com delivery.twentythree.com;       font-src 'self' data: fonts.gstatic.com cdn.orsted.com;       frame-src *.app.cookieinformation.com *.youtube.com *.23video.com delivery.twentythree.com *.google.com *.google.nl *.googletagmanager.com *.doubleclick.net *.pardot.com;       connect-src *.app.cookieinformation.com *.euroland.com *.eum-appdynamics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.crazyegg.com *.linkedin.com orsted.piwik.pro *.pardot.com;       worker-src 'self'; 1
base-uri 'self'; form-action 'self'; default-src 'self'; connect-src 'self' data: https://stats.nederhost.nl/ https://zammad.nederhost.nl/ wss://zammad.nederhost.nl/; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; report-to csp-endpoint; report-uri /_/report_csp_violation; script-src 'self' 'nonce-k7FFgAoAYQxRjT8K' 'unsafe-eval' https://stats.nederhost.nl/ https://cdn.matomo.cloud/stats.nederhost.nl/ https://zammad.nederhost.nl/; style-src 'self' data: 'nonce-k7FFgAoAYQxRjT8K' https://zammad.nederhost.nl/; style-src-attr 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.paypalobjects.com www.sheds.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no  https://www.facebook.com www.sheds.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com www.sheds.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de  https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://www.facebook.com www.sheds.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network https://www.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com  https://www.facebook.com https://www.google.co.uk https://bat.bing.net www.sheds.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io *.cloudflareinsights.com  https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com www.sheds.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.sheds.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sheds.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net https://bat.bing.net www.sheds.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.sheds.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ www.sheds.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com fonts.cdnfonts.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com google-analytics.com googleapis.com supporta.cc; font-src 'self' fonts.gstatic.com googleapis.com v2.zopim.com; form-action 'self'; frame-src supporta.cc; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com googleapis.com csi.gstatic.com cdn.supporta.cc; media-src static.zdassets.com; script-src 'self' googletagmanager.com googleoptimize.com google-analytics.com analytics.connectholland.nl v2.zopim.com googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com connect.facebook.net cdn.supporta.cc; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 1
form-action 'self'; report-to csp-report; 1
font-src www.paypalobjects.com *.zopim.com *.tawk.to *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors cw.spex4less.com *.stripe.com stripe.com *.link.com *.amazon.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ google.com widget.trustpilot.com *.online-metrix.net cw.spex4less.com *.tawk.to https://www.googletagmanager.com https://www.googletagmanager.com/ account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.facebook.com platform.twitter.com *.revolut.com *.google.com *.cdn-apple.com pay.google.com *.gstatic.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com https://images.unsplash.com https://*.spex4less.com https://*.jpopticians.com/ https://*.googlesyndication.com *.google.com *.google.pl *.online-metrix.net *.bing.com *.bing.net *.tawk.to https://cdn.jsdelivr.net/emojione/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net *.revolut.com *.cdn-apple.com google.com pay.google.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com *.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com apis.google.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com widget.trustpilot.com *.bing.com *.bing.net *.wisepops.com cdn.rollbar.com *.spex4less.com *.cloudflareinsights.com *.cloudflare.com *.s4l.link sibautomation.com *.klaviyo.com cw.spex4less.com *.tawk.to https://cdn.jsdelivr.net/emojione/ cc-cdn.com s7.addthis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com connect.facebook.net twitter.com platform.twitter.com *.gstatic.com maps.googleapis.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.tawk.to *.spex4less.com cc-cdn.com *.stripe.network *.stripecdn.com *.amazon.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://*.googlesyndication.com *.google.pl https://*.google.com *.doubleclick.net *.wisepops.com *.spex4less.com *.bing.com *.bing.net cw.spex4less.com *.tawk.to wss://*.tawk.to https://print.test api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com ekr.zdassets.com/ n8n.s4l.link *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.gstatic.com maps.googleapis.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: www.paypalobjects.com 'self' data: 'unsafe-inline' data: *.bootstrapcdn.com *.trustedshops.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.fonts.googleapis.com *.cloudflare.com *.klaviyo.com unpkg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com api.boldcommerce.com api.staging.boldcommerce.com *.paypal.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.stripe.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.google.com *.jsctool.com *.online-metrix.net *.weltpixel.com js.mollie.com *.addthis.com *.pinterest.com www.xtento.com *.bing.com *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes';, img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.ytimg.com *.gstatic.com *.googleapis.com static.boldcommerce.com *.paypal.com www.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: 'unsafe-inline' data: *.bing.com *.imgur.com *.trustedshops.com *.cloudfront.net *.online-metrix.net *.google.de https://widgets.trustedshops.com https://integrations.etrusted.com flagpedia.net https://www.mollie.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.reddit.com www.xtento.com cdn.xtento.com *.amasty.netnews *.bing.net *.boldcommerce.com *.bremertresor.at *.bremertresor.de *.clarity.ms d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.etrusted.com *.facebook.net *.googleadservices.com *.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gl www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.kg www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.tn google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.hansa-tresor.com *.paypalobjects.com placehold.co *.usercentrics.eu *.youtube.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes';, script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.paypal.com *.paypalobjects.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com *.stripe.com cdn.safecharge.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bing.com *.hotjar.com *.facebook.net *.cloudflare.com *.s24.com *.google.com *.googlecommerce.com *.doubleclick.net *.trustedshops.com *.payments-amazon.com *.ratepay.com *.pay1.de *.online-metrix.net *.shopgate.com https://widgets.trustedshops.com https://integrations.etrusted.com *.avada.io maps.googleapis.com js.mollie.com https://cdnjs.cloudflare.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com www.xtento.com cdn.xtento.com *.boldcommerce.com *.bremertresor.de *.clarity.ms *.clickcease.com *.cloudflareinsights.com *.etrusted.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.jquery.com *.klaviyo.com *.tailwindcss.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com https://static.klaviyo.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.trustedshops.com *.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com *.boldcommerce.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src api.boldcommerce.com api.staging.boldcommerce.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline';, connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.googleapis.com api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.sandbox.braintree-api.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.paypalobjects.com eps.secure.boldcommerce.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com ppp-test.safecharge.com secure.safecharge.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.payments-amazon.com *.amazon.com *.amazon.de *.trustedshops.com *.ratepay.com *.online-metrix.net *.bing.com *.doubleclick.net *.etrusted.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.bing.net *.bremertresor.de *.clarity.ms *.clickcease.com *.datadome.co digital-cloak.net *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.cm www.google.co.il www.google.co.in www.google.co.jp www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.mt www.google.com.mx www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk *.google.com google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.hyr.so *.solutenetwork.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src api.boldcommerce.com api.staging.boldcommerce.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bing.com *.bing.net *.boldcommerce.com *.bootstrapcdn.com *.bremertresor.de *.cdn-apple.com *.clarity.ms *.clickcease.com *.cloudflareinsights.com d3k81ch9hvuctc.cloudfront.net *.datadome.co *.doubleclick.net *.etrusted.com *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.ae www.google.al www.google.at www.google.bg www.google.ch www.google.co.cr www.google.co.in www.google.com.au www.google.com.br www.google.com.pe www.google.co.uk www.google.de www.google.es www.google.fr www.google.lu www.google.md www.google.nl www.google.ro www.google.ru google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hansa-tresor.com *.hotjar.com *.hotjar.io *.hyr.so *.klaviyo.com *.paypal.com *.paypalobjects.com *.solutenetwork.com *.tailwindcss.com *.trustedshops.com *.usercentrics.eu *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri *.bing.com *.clarity.ms *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://a698956b-b25b-4008-9b89-43c63366e98e.sansec.watch/; report-to report-endpoint; 1
object-src 'none' ;  base-uri 'self' ;  font-src 'self' https://fonts.gstatic.com https://www.booxi.eu;  manifest-src 'self' ;  media-src 'self' ;  frame-ancestors 'self' ;  worker-src 'none' ;  connect-src 'self' https://cognito-idp.eu-west-3.amazonaws.com https://maps.googleapis.com https://api.opngo.com https://static.indigoneo.eu https://auth.opngo.com; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sleeknote.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com landofcoder.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * checkoutshopper-test.adyen.com www.youtube.com consentcdn.cookiebot.com vars.hotjar.com s.acquire.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com js.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com www.w3.org s.acquire.io admin.expivi.net d33o7r96pw821t.cloudfront.net *.clarity.ms analytics.sleeknote.com *.commerce-connector.com staging-lecot.vaimo.net *.cookiebot.com *.facebook.com *.bing.com *.google.com.ua *.lecot.be data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com checkoutshopper-live.adyen.com/ pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com js.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com ajax.googleapis.com r1-t.trackedlink.net js-agent.newrelic.com admin.expivi.net consent.cookiebot.com security-hub.vaimo.network static.hotjar.com rum-static.pingdom.net script.hotjar.com consentcdn.cookiebot.com bam-cell.nr-data.net s.acquire.io sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com connect.facebook.net *.lecot.be *.clarity.ms https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com script.hotjar.com https://js.klevu.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com data: sleeknote.com sleeknotestaticcontent.sleeknote.com lecot.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com payments-eu.amazon.com *.klevu.com *.ksearchnet.com landofcoder.com maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com bam-cell.nr-data.net eucs23.ksearchnet.com stats.klevu.com app.acquire.io www.expivi.net security-hub.vaimo.network static.hotjar.com rum-static.pingdom.net script.hotjar.com rum-collector-2.pingdom.net in.hotjar.com stats.g.doubleclick.net consentcdn.cookiebot.com *.facebook.com s.acquire.io sleeknote.com sleeknotestaticcontent.sleeknote.com googleads.g.doubleclick.net *.cloudfront.net *.expivi.net wss://s.acquire.io *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.bigland.ru *.marquiz.ru *.video.cloud.yandex.net *.google.com *.gstatic.com vk.com top-fwz1.mail.ru *.roistat.com; connect-src 'self' wss://moigektar.ru *.google.com wss://mc.yandex.ru mc.yandex.ru privacy-cs.mail.ru *.roistat.com sentry.bug.land; img-src 'self' data: blob: *.yandex.ru *.bigland.ru vk.com top-fwz1.mail.ru *.roistat.com storage.yandexcloud.net *.google.com yandex.ru; frame-src 'self' *.google.com *.marquiz.ru runtime.video.cloud.yandex.net *.yandex.ru *.roistat.com; font-src 'self'; media-src 'self' storage.yandexcloud.net; style-src 'self' 'unsafe-inline'; report-uri /api/security/log-csp-violation; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com https://adservice.google.com https://fundingchoicesmessages.google.com https://www.googletagmanager.com https://www.google-analytics.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.adtrafficquality.google https://js.stripe.com https://*.firebaseio.com https://*.googleapis.com https://apis.google.com https://static.cloudflareinsights.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://lh3.googleusercontent.com https://*.stripe.com https://media.spinxo.com https://*.adtrafficquality.google; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.google.com https://*.googleapis.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.adtrafficquality.google https://api.stripe.com https://*.firebaseio.com https://*.firebase.googleapis.com wss://*.firebaseio.com; frame-src 'self' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://js.stripe.com https://hooks.stripe.com https://*.firebaseapp.com https://*.adtrafficquality.google; form-action 'self'; base-uri 'self' 1
worker-src blob:; form-action *.cardinalcommerce.com *.paypal.com www.sandbox.paypal.com *.amazon.com *.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.googletagmanager.com *.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.paypal.com www.sandbox.paypal.com player.vimeo.com *.google.com *.braintreegateway.com google.com js.stripe.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.net www.commercepartnerhub.com assets.braintreegateway.com plumrocket.com *.authorize.net *.artifi.net www.googleadservices.com assets.pinterest.com ct.pinterest.com www.paypalobjects.com i.liadm.com *.securly.com gateway.zscalerthree.net ep2.adtrafficquality.google 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.newrelic.com *.nr-data.net *.authorize.net *.commerce-payment-services.com *.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klaviyo.com fast.a.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.shopify.com *.sandbox.braintreegateway.com *.popt.in *.cloudflare.com celebrosnlp.com *.celebros-analytics.com *.artifi.net maps.googleapis.com www.googletagservices.com cdn.gladly.qa cdn.gladly.com *.monetate.net *.visualwebsiteoptimizer.com *.cloudfront.net s.pinimg.com bat.bing.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.pinterest.com cdn.noibu.com *.hotjar.com b-code.liadm.com secure.merchantadvantage.com *.celebros.com ep2.adtrafficquality.google static.colorfulimages.com colorimage-ac.celebros.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.colorfulimages.com/pr-csp/report/add/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-zLV5BlqBv--yyknVHf0K9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com *.gstatic.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' http://*.hs-scripts.com https://*.googletagmanager.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hubspot.com https://*.springernature.com https://*.user.com; script-src-attr 'unsafe-hashes' 'sha256-bwK6T5wZVTANitXbrTsel7kl/PyCjCd/Dq5Qoz3imjM='; style-src 'self' 'unsafe-inline' https://*.typekit.net; img-src 'self' data: https:; connect-src 'self' https://*.hubspot.com https://*.user.com https://*.googletagmanager.com https://*.google-analytics.com wss://macmillan-english.user.com; font-src 'self' data: https://*.typekit.net; frame-src https://*.buzzsprout.com https://*.youtube-nocookie.com; frame-ancestors 'none'; report-to csp-report; report-uri /csp-report 1
default-src 'self' rundel.de www.rundel.de *.wirth-horn.de api.db-ip.com unpkg.com www.gstatic.com www.google.com *.paypal.com www.paypalobjects.com connect.facebook.net https://www.google-analytics.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src data: *; frame-src *; child-src blob: *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com static.klaviyo.com acsbapp.com cloud.productimize.com v2.zopim.com data: *.yotpo.com unpkg.com netdna.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com globalshopex.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://api.boldcommerce.com landofcoder.com *.authorize.net *.meetanshi.com https://accounts.google.com https://amc.demdex.net/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.hotjar.com h.online-metrix.net imgs.signifyd.com disqus.com platform.twitter.com www.google.com globalshopex.com email.blauer.com acsbapp.com w3.cdn.anvato.net imgs.cdn-btsg.com td.doubleclick.net/ *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com https://static.boldcommerce.com https://static.xx.fbcdn.net *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.meetanshi.com https://meetanshi.com/media/logo.png 'self' data: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.google.com *.googleadservices.com *.googletagmanager.com *.rfksrv.com p.yotpo.com i.imgur.com region1.analytics.google.com *.online-metrix.net v2.zopim.com * *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com f.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com www.gstatic.com https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js *.disqus.com landofcoder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.meetanshi.com *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.googleadservices.com *.tiktok.com *.klaviyo.com *.hotjar.com script.crazyegg.com seal.digicert.com imgs.signifyd.com region1.analytics.google.com fresnel.vimeocdn.com triggeredmail.appspot.com *.rfksrv.com cdn.scarabresearch.com *.cloudfront.net *.crazyegg.com *.bing.com static.zdassets.com v2.zopim.com seal.websecurity.norton.com *.yotpo.com bam.nr-data.net bam-cell.nr-data.net *.disquscdn.com platform.twitter.com acsbapp.com z.moatads.com v1.addthisedge.com widget-mediator.zopim.com *.clarity.ms www.bluecore.com wickedreports.com widget.wickedreports.com globalshopex.com *.getattribution.net measure.getattribution.net *.wickedreports.com track.wickedreports.com snap.licdn.com *.zendesk.com *.smooch.io *.cdn-btsg.com/ imgs.cdn-btsg.com px.ads.linkedin.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com https://accounts.google.com/gsi/style https://fonts.googleapis.com/css maxcdn.bootstrapcdn.com *.klaviyo.com netdna.bootstrapcdn.com f.vimeocdn.com c.disquscdn.com/ *.cloudfront.net *.yotpo.com unpkg.com rfk-staticfiles-prod.s3.amazonaws.com *.googletagmanager.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com landofcoder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.meetanshi.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://oauth2.googleapis.com/tokeninfo *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.clarity.ms *.tiktok.com *.klaviyo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com syndication.twitter.com google.com www.google.com 21vod-adaptive.akamaized.net player-telemetry.vimeo.com fiddler.brontops.com recommender.scarabresearch.com ekr.zdassets.com wss://widget-mediator.zopim.com imgs.signifyd.com bam.nr-data.net *.crazyegg.com *.yotpo.com *.disqus.com *.bing.com region1.analytics.google.com *.doubleclick.net *.paypal.com cdn.acsbapp.com bt.signifyd.com bt.signifyd.com:11103 bam-cell.nr-data.net wickedreports.com widget.wickedreports.com *.getattribution.net measure.getattribution.net *.wickedreports.com track.wickedreports.com *.zendesk.com wss://*.zendesk.com *.smooch.io cdn.linkedin.oribi.io imgs.cdn-btsg.com px.ads.linkedin.com t.elasticsuite.io https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.blauer.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-80__J3mdsGspUxuUfD81pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; connect-src 'self' stats.peer.biz; img-src 'self' data: images2.trentino.com css.trentino.com  www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.livechatinc.com fonts.mailerlite.com fonts.googleapis.com *.icomoon.io *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 1merchantacsstag.cardinalcommerce.com payments.securetrading.net *.securetrading.net *.trustpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.weltpixel.com *.livechatinc.com *.securetrading.net *.trustpayments.com brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com *.secure.checkout.visa.com thm.visa.com *.mastercard.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk magefan.com cm.magefan.com *.iceheadshop.co.uk *.livechat-files.com *.mlcdn.com *.mailerlite.com *.google.hr *.google.co.uk *.google.co.th *.google.com *.convertcart.com *.facebook.com *.disqus.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.reviews.io *.reviews.co.uk *.livechatinc.com *.convertcart.com *.facebook.net *.taboola.com *.disqus.com https://getaddress.io webservices.securetrading.net cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com *.hsforms.net *.hsforms.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk assets.mlcdn.com *.icomoon.io *.mailerlite.com data: *.fontawesome.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.iceheadshop.co.uk *.convertcart.com *.livechatinc.com *.fixer.io *.doubleclick.net *.taboola.com *.ideal-postcodes.co.uk https://api.getaddress.io o402164.ingest.sentry.io google.com/pay t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://*.stripe.com https://*.braintreegateway.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.youtube.com https://s.ytimg.com https://*.weeecdn.com https://*.weeecdn.net https://*.tiktok.com https://*.clarity.ms https://*.cloudfront.net https://*.awswaf.com https://*.unpkg.com https://*.paypal.com; frame-src https://*.stripe.com https://hooks.stripe.com https://assets.braintreegateway.com https://*.youtube.com https://*.google.com https://*.facebook.com https://*.tiktok.com https://*.cookielaw.org https://*.mathtag.com https://*.paypal.com https://*.braintreegateway.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.masgusto.com https://*.masgusto.net; img-src 'self' data: https: https://*.masgusto.com https://*.googletagmanager.com https://*.masgusto.com https://*.masgusto.net https://*.weeecdn.com https://*.weeecdn.net; report-uri https://api.masgusto.net/ec/bff/report/csp-violation; report-to csp-endpoint 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.ecoflow.no *.ihytta.no *.sparelys.no *.trioweb.net *.trioweb.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://checkout.dintero.com https://api.vipps.no https://apitest.vipps.no blob: https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.ecoflow.no *.ihytta.no *.sparelys.no *.snapchat.com checkout.dintero.com api.vipps.no apitest.vipps.no *.trustpilot.com apis.google.com *.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io magefan.com cm.magefan.com https://checkout.dintero.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.disqus.com flagpedia.net *.hsforms.net *.hsforms.com 'self' data: *.ecoflow.no *.ihytta.no *.sparelys.no *.trioweb.net *.trioweb.dev *.google.no *.google.se *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com *.europa.eu *.victronenergy.com *.kamafritid.no *.google.com checkout.dintero.com *.apple.com apis.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://checkout.dintero.com https://unpkg.com https://api.vipps.no https://apitest.vipps.no unpkg.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.gstatic.com maps.googleapis.com *.hsforms.net *.hsforms.com *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.ecoflow.no *.ihytta.no *.sparelys.no *.trioweb.net *.trioweb.dev *.g.doubleclick.net *.bing.com *.clarity.ms sc-static.net checkout.dintero.com api.vipps.no apitest.vipps.no apis.google.com invitejs.trustpilot.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com www.googletagmanager.com *.ecoflow.no *.ihytta.no *.sparelys.no *.trioweb.net *.trioweb.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://checkout.dintero.com https://api.vipps.no https://apitest.vipps.no www.pdf995.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.ecoflow.no *.ihytta.no *.sparelys.no *.trioweb.net *.trioweb.dev www.google-analytics.com *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com checkout.dintero.com api.vipps.no apitest.vipps.no apis.google.com *.google.com report.trioweb.dev 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dev.sparelys.no/api/1/security/?glitchtip_key=64a87582f77a45308667362dbc2d4347; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * consentcdn.cookiebot.com consent.cookiebot.com www.facebook.com geowidget-app.inpost.pl mapa.ecommerce.poczta-polska.pl pudofinder.dpd.com.pl *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com *.hsforms.net *.hsforms.com 'self' data: ts.tradetracker.net www.magmodules.eu consentcdn.cookiebot.com imgsct.cookiebot.com trustmate.io www.facebook.com maps.gstatic.com google.com www.google.pl *.googletagmanager.com *.google-analytics.com ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com cdn.jsdelivr.net maps.googleapis.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl ruch-osm.sysadvisors.pl mapa.ecommerce.poczta-polska.pl *.hsforms.net *.hsforms.com *.gstatic.com tm.tradetracker.net consentcdn.cookiebot.com consent.cookiebot.com *.googleapis.com www.google.com www.google.pl cdn.ampproject.org connect.facebook.net googletagmanager.com trustmate.io geowidget.inpost.pl api.inpost.pl *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com ruch-osm.sysadvisors.pl trustmate.io google.com geowidget.inpost.pl tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com consentcdn.cookiebot.com consent.cookiebot.com *.googleapis.com stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'sha256-UzUNtIZ5hG8ovGepAOrHqczYk0kwcAKKMAD5HEvAZUw=' https://static.cloudflareinsights.com https://*.clarity.ms https://kit.fontawesome.com https://cdn.headwayapp.co https://connect.facebook.net https://js.intercomcdn.com https://api-iam.intercom.io https://widget.intercom.io https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://js-eu1.hscta.net https://static.hsappstatic.net https://*.hubspot.com https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://www.googletagmanager.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn.headwayapp.co https://pro.fontawesome.com https://ka-p.fontawesome.com https://cdn2.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net; img-src 'self' data: blob: https://pro.fontawesome.com https://ka-p.fontawesome.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://*.hsforms.com https://www.facebook.com https://www.google.com https://www.google.com.br; font-src 'self' data: https://pro.fontawesome.com https://ka-p.fontawesome.com; connect-src 'self' https://*.3c.plus https://*.clarity.ms https://connect.facebook.net https://widget.intercom.io https://ka-p.fontawesome.com https://pro.fontawesome.com wss://*.intercom.io wss://*.3c.plus wss://*.3c.plus:4443 wss://vox-socket.3c.fluxoti.com:4443 https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net; media-src 'self' https://*.3c.plus; frame-src 'self' https://headway-widget.net https://www.youtube.com https://www.youtube-nocookie.com https://*.3c.plus https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://www.googletagmanager.com https://*.doubleclick.net; frame-ancestors https:; object-src 'none'; worker-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce--XEB5yjuloBKos0gs9RH6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.bglobale.com *.global-e.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: static.paddockspares.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.bglobale.com *.global-e.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ services.postcodeanywhere.co.uk magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk media.paddockspares.com static.paddockspares.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.lpsnmedia.net *.livechatinc.com bam.nr-data.net static.paddockspares.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com api.addressy.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com fonts.google.com *.cloudflare.com *.bootstrapcdn.com static.paddockspares.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net bam.nr-data.net *.livechatinc.com static.paddockspares.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self';        style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://*.typekit.net;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.googleapis.com https://*.twitter.com https://use.typekit.net;        img-src * data: blob:;        frame-src *;        font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net;        connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://performance.typekit.net https://translate.googleapis.com; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://api-maps.yandex.ru https://cdn.ampproject.org https://cdnjs.cloudflare.com https://smartcaptcha.yandexcloud.net mdbootstrap.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors * 1
default-src 'self';  report-to csp-reporting-prod;  report-uri https://wprodx.report-uri.com/r/d/csp/reportOnly;  script-src 'self' 'report-sample' https://browser.sentry-cdn.com https://calendar.chilipiper.com https://wpromote.chilipiper.com https://www.googletagmanager.com/gtm.js *.6sc.co *.6sense.com *.amazonaws.com *.amplitude.com *.bing.com *.clarity.ms *.clearbit.com *.clearbitjs.com *.cloudflare.com *.cloudfront.net *.cognitoforms.com *.company-target.com *.containers.piwik-pro *.containers.piwik.pro *.convertcalculator.com *.cookiebot.com *.demandbase.com *.doubleclick.net *.facebook.net *.gstatic.com *.hockeystack.com *.hockeystack.com static.hotjar.com script.hotjar.com *.iconnode.com *.instagram.com *.jsdelivr.net *.licdn.com *.mida.so *.omniconvert.com *.pardot.com *.pi.pardot.com *.piwik.pro *.piwik.pro *.resonate.com *.rlcdn.com *.salesloft.com *.tiktok.com *.tiktokcdn-us.com *.trackingplan.com *.twitter.com *.unpkg.com *.wistia.com *.wistia.net *.wpromote.com *.zi-scripts.com company.target.com api.company-target.com s.company-target.com qvdt3feo.com *.qvdt3feo.com tags.srv.stackadapt.com unpkg.com https://unpkg.com/web-vitals https://unpkg.com/web-vitals@3.3.2/dist/web-vitals.iife.js https://cdn.jsdelivr.net/npm/ie11-custom-properties@2.6.0/ie11CustomProperties.min.js *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com;  style-src 'self' 'report-sample' https://unpkg.com *.6sc.co *.6sense.com *.cognitoforms.com *.cloudfront.net *.company-target.com *.fonts.googleapis.com *.fonts.gstatic.com *.googleadservices.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.p.typekit.net *.tiktokcdn-us.com *.typekit.net *.use.typekit.net *.wpromote.com tags.srv.stackadapt.com static.hotjar.com script.hotjar.com;  img-src 'self' data: https://omswpromoteprd.wpenginepowered.com https://unpkg.com *.6sc.co *.6sense.com *.adweek.com *.bing.com *.clarity.ms *.cloudfront.net *.company-target.com *.cookiebot.com *.demandbase.com *.doubleclick.net *.facebook.com *.facebook.net *.giphy.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleusercontent.com *.googlesyndication.com *.googletagmanager.com *.gravatar.com *.gstatic.com gstatic.com *.jsdelivr.net *.linkedin.com *.rlcdn.com *.wistia.com *.ytimg.com searchengineland.com segments.company-target.com stats.g.doubleclick.net tags.srv.stackadapt.com *.wpromote.com static.hotjar.com script.hotjar.com survey-images.hotjar.com;  connect-src 'self' https://browser.sentry-cdn.com https://reveal.clearbit.com https://tools.forchili.com https://*.chilipiper.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io wss://in.visitors.live wss://visitors.live *.6sc.co *.6sense.com *.amazonaws.com *.amplitude.com *.app.clearbit.com *.bat.bing.com *.bing.com *.clarity.ms *.clearbitjs.com *.cognitoforms.com *.company-target.com *.containers.piwik.pro *.cookiebot.com *.demandbase.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hockeystack.com *.hockeystack.com *.iconnode.com *.jsdelivr.net *.litix.io *.luckyorange.com *.luckyorange.net *.mida.so *.mixpanel.com *.omniconvert.com *.piwik.pro *.process.iconnode.com *.reson8.com *.rlcdn.com *.salesloft.com *.sentry.io *.trackingplan.com *.visitors.live visitors.live *.wistia.com *.wistia.net *.wpromote.com *.zoominfo.com *.zi-scripts.com api.company-target.com company.target.com s.company-target.com googlesyndication.com googletagmanager.com tags.srv.stackadapt.com px.ads.linkedin.com;  object-src 'self' *.cognitoforms.com *.company-target.com *.youtube.com;  media-src 'self' blob: https://embed-ssl.wistia.com *.cloudfront.net *.cognitoforms.com *.wistia.com *.wpromote.com;  frame-src 'self' https://*.chilipiper.com *.cloudfront.net *.cognitoforms.com *.company-target.com *.convertcalculator.com *.cookiebot.com *.doubleclick.net *.facebook.com *.giphy.com giphy.com *.googletagmanager.com *.google.com *.instagram.com *.tiktok.com *.twitter.com *.vimeo.com *.wistia.net *.youtube.com *.youtube-nocookie.com api.company-target.com company.target.com s.company-target.com wpromote.jebbit.com;  font-src 'self' data: https://omswpromoteprd.wpenginepowered.com https://unpkg.com *.cognitoforms.com *.fonts.googleapis.com *.fonts.gstatic.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.typekit.net script.hotjar.com;  worker-src 'self';  frame-ancestors 'self';  form-action 'self';  base-uri 'self';  manifest-src 'self';  upgrade-insecure-requests; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: https://maxcdn.bootstrapcdn.com https://use.typekit.net *.stockinstore.net *.freshworks.com *.cloudflare.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com *.stockinstore.net *.freshworks.com *.cloudflare.com https://www.googletagmanager.com https://api.payway.com.au *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://*.cloudfront.net https://www.whitworths.com.au https://*.paypal.com https://*.zipmoney.com.au www.facebook.com *.data-dynamic.net *.stockinstore.net *.freshworks.com *.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au *.googleapis.com *.trackedlink.net https://firebasestorage.googleapis.com mageside.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.ecomm-nav.com https://*.zipmoney.com.au www.facebook.com *.zdassets.com *.barilliance.com *.barilliance.net chimpstatic.com snapui.searchspring.io *.stockinstore.net *.freshworks.com *.cloudflare.com *.whitworths.com.au https://*.googletagmanager.com https://data.stats.tools *.payway.com.au https://cdn.searchspring.net/intellisuggest/is.min.js *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.stockinstore.net *.freshworks.com *.cloudflare.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com dewb2o4n4daau.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://*.cloudfront.net https://*.zip.co https://maps.googleapis.com stockinstore.net *.stockinstore.net *.freshworks.com *.cloudflare.com *.searchspring.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au *.freshdesk.com https://beacon.searchspring.io/beacon *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://use.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.google.com/ https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com https://firebasestorage.googleapis.com https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com studiolabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com *.avada.io *.shopify.com *.google.com/ https://player.vimeo.com https://www.youtube.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://use.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-IqrDw2fq0ncDj0ydB8J1Bw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=pM1Ju_oOROuj5R9e8fBEmX3jzsIWSp5-6wJwPmGQDX6jZzd83T6EXgh8vYGycrIQGC64ieqky0rU&policy_id=2&user_id=&request_id=10a54c24-13de-40d5-af08-9e1c30c1911d; report-to csp-endpoint-pmjuooroujrefbemxjzsiwspwjwpmgqdxjzzdtexghvygycriqgcieqkyru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.punchout2go.com *.tradecentric.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.tradecentric.com *.punchout2go.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.punchout2go.com *.tradecentric.com *.avada.io *.shopify.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.cloudflare.com guarantee-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.punchout2go.com *.tradecentric.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.intelligencebank.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.addthis.com *.package.ai *.afterpay.com *.pinterest.com *.facebook.com *.paypalobjects.com *.attn.tv *.attentivemobile.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.nr-data.net *.ometria.com loungelovers.cloud.bluecomvn.com *.magecomp.com *.zopim.io *.cloudfront.net *.ytimg.com *.squarespace-cdn.com *.loungelovers.com.au *.reddit.com *.bing.com *.facebook.com *.quantserve.com *.teads.tv *.pinterest.com *.stackadapt.com *.google.com.vn *.productreview.com.au pixel.zprk.io/v5/pixel/8YSTvXfQsz.gif bat.bing.net log.api.useinsider.com *.kaltura.com prreqcroab.icu *.connectad.io *.clarity.ms *.tpmn.io *.tpmn.co.kr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.googleapis.com *.gstatic.com *.attn.tv events.attentivemobile.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ometria.com *.zdassets.com *.searchspring.io *.nr-data.net *.newrelic.com *.addthis.com *.addthisedge.com *.moatads.com *.cfjump.com cfjump.loungelovers.com.au *.googleoptimize.com *.facebook.net *.pinimg.com *.quantserve.com *.teads.tv *.taboola.com *.redditstatic.com *.bing.com *.clickcease.com *.stackadapt.com *.tiktok.com *.quantcount.com *.attentivemobile.com *.fullstory.com *.pinterest.com *.veritonic.com tags.creativecdn.com loungelovers.api.useinsider.com leads.media-tools.realestate.com.au cdn.insightech.com *.kaltura.com qvdt3feo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.cloudflare.com tags.srv.stackadapt.com/sa.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.attn.tv events.attentivemobile.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.ometria.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.nr-data.net *.newrelic.com *.searchspring.io *.addthis.com *.amplitude.com *.bing.com *.teads.tv *.attentivemobile.com *.tiktok.com *.taboola.com *.pinterest.com *.google.com.vn *.doubleclick.net *.afterpay.com *.fullstory.com *.googlesyndication.com *.pangle-ads.com *.redditstatic.com *.veritonicmetrics.com *.reddit.com pixel.quantserve.com analytics.loungelovers.com.au tags.srv.stackadapt.com asia.creativecdn.com hit.api.useinsider.com bat.bing.net inference.api.useinsider.com *.insightech.com *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' securitasapp.securitasdev.trendhosting.ch; script-src-elem 'self' 'unsafe-inline' securitasapp.securitasdev.trendhosting.ch www.googletagmanager.com pastahr.dev maps.googleapis.com googleadservices.com cdnjs.cloudflare.com www.google-analytics.com www.google.com www.gstatic.com googleads.g.doubleclick.net connect.facebook.net snap.licdn.com consent.cookiebot.eu consent.cookiebot.eu/%2A consentcdn.cookiebot.eu consentcdn.cookiebot.eu/%2A player.vimeo.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' securitasapp.securitasdev.trendhosting.ch fonts.googleapis.com 'report-sample'; img-src 'self' data: i.ytimg.com px.ads.linkedin.com px4.ads.linkedin.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com ad.doubleclick.net i.vimeocdn.com www.facebook.com google.com google.ch img.sct.eu1.usercentrics.eu img.sct.eu1.usercentrics.eu/%2A; font-src 'self' data: fonts.gstatic.com; connect-src www.google.com securitasapp.securitasdev.trendhosting.ch px.ads.linkedin.com pagead2.googlesyndication.com www.securitas.ch region1.google-analytics.com maps.googleapis.com consentcdn.cookiebot.eu; frame-src securitasapp.securitasdev.trendhosting.ch www.youtube-nocookie.com pastahr.dev 6494580.fls.doubleclick.net td.doubleclick.net player.vimeo.com www.securitas.ch www.google.com www.googletagmanager.com www.youtube.com 13442904.fls.doubleclick.net snap.licdn.com consentcdn.cookiebot.eu; report-uri https://www.securitas.ch/@http-reporting?csp=report&requestTime=1773718012297282&requestHash=059986a49f45854f6dfa9eb24c058b642fc4b88b 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sagepay.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.salesfire.co.uk *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.salesfire.co.uk *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.sagepay.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.gstatic.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.salesfire.co.uk *.typekit.net fonts.googleapis.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.sagepay.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.salesfire.co.uk *.smartmetrics.co.uk places.googleapis.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.clockwisemd.com *.amazonaws.com *.livehelpnow.net wss://app.livehelpnow.net *.polyfill.io *.googleapis.com *.jsdelivr.net code.jquery.com *.gstatic.com *.google.com *.bootstrapcdn.com healthsparq.com *.healthsparq.com *.googletagmanager.com *.typekit.net *.bing.com *.clarity.ms *.doubleclick.net *.googleoptimize.com *.google-analytics.com *.callrail.com unpkg.com *.facebook.net *.googlesyndication.com *.spinutech.com *.sitescout.com addsearch.com *.addsearch.com *.cloudfront.net *.searchcdn.com *.browserstack.com wss://*.browserstack.com *.linkedin.oribi.io; img-src * 'self' data:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.spinutech.com accounts.google.com *.facebook.com; base-uri 'self'; report-uri https://services.spinudev.com/csp/cspreport; 1
font-src www.paypalobjects.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com.vn *.google-analytics.com *.paypal.com *.googletagmanager.com *.bootstrapcdn.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.azurewebsites.net https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.com.vn *.google-analytics.com *.paypal.com *.googletagmanager.com *.gstatic.com *.bootstrapcdn.com *.googleadservices.com *.googleapis.com *.azurewebsites.net *.avada.io *.shopify.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com.vn *.google-analytics.com *.paypal.com *.googletagmanager.com *.bootstrapcdn.com *.googleadservices.com *.googleapis.com https://fonts.bunny.net cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.azurewebsites.net https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.bootstrapcdn.com celebrosnlp.com *.livechatinc.com https://static.zipmoney.com.au *.zipmoney.com.au *.zip.co *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors sandbox.zip.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com https://magento2.avada.io/ my.reviewr.com.au https://reviewr.app/ https://www.reviewr.app/ https://vars.hotjar.com/ https://secure.livechatinc.com/ *.google.com https://bid.g.doubleclick.net/ *.mouseflow.com https://cdn.mouseflow.com https://secure.ewaypayments.com *.ewaypayments.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.google-analytics.com static.reviewmgr.com *.google.com *.google.co.in https://static.zipmoney.com.au *.livechatinc.com https://img.icons8.com/ https://bpi.zip.co magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.cloudflare.com *.twitter.com *.fontawesome.com *.googletagmanager.com *.google-analytics.com *.smartlook.com https://static.zipmoney.com.au *.reviewmgr.com *.cdn.livechatinc.com *.static.hotjar.com *.g.doubleclick.net *.my.reviewr.com.au *.livechatinc.com https://script.hotjar.com/ https://static.hotjar.com/ *.api.livechatinc.com *.mouseflow.com https://cdn.mouseflow.com https://secure.ewaypayments.com *.ewaypayments.com https://data.stats.tools *.clickcease.com https://www.clickcease.com https://js-agent.newrelic.com *.newrelic.com https://secure.studio19.com.au *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com https://bpi.zip.co maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com https://stats.g.doubleclick.net/ *.hotjar.com https://manager.eu.smartlook.cloud https://api.zipmoney.com.au/ *.zip.co *.livechatinc.com https://bam.nr-data.net/ https://www.grade.us api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-NKEv9EgdjSvQ46j7-2andA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
connect-src https://www.gcsp.ch https://www.google.ch https://analytics.google.com https://www.google.com https://region1.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://www.googletagmanager.com https://metrics.hotjar.io https://vc.hotjar.io https://region1.analytics.google.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.co.zm; default-src self; font-src data https://www.gcsp.ch https://fonts.gstatic.com; frame-src https://www.google.com https://www.youtube.com; img-src data https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.gcsp.ch https://www.googletagmanager.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net; media-src https://gcsp.ch; script-src inline eval self unsafe-eval; script-src-elem inline self unsafe-inline unsafe-eval https://www.gcsp.ch https://s7.addthis.com https://static.cloudflareinsights.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net; style-src-attr inline; style-src-elem inline https://www.gcsp.ch https://fonts.googleapis.com https://cdn.jsdelivr.net; report-uri /CspReportLogger.php 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com https://www.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net blob: https://*.ximasoftware.com/ https://*.hubspot.com/ https://*.linkedin.com/ magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.sharethis.com *.googleapis.com https://www.gstatic.com *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://*.hs-scripts.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.ximasoftware.com/ https://*.gstatic.com/ https://*.google.com/ https://*.fontawesome.com/ https://*.clarity.ms/ https://*.stackadapt.com/ https://*.licdn.com/ https://*.jsdelivr.net/ https://*.pinimg.com/ https://*.amazonaws.com/ https://*.newrelic.com/ https://*.pinterest.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.hsforms.net *.hsforms.com https://www.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.certcapture.com display.ugc.bazaarvoice.com https://*.ximasoftware.com/ https://*.stackadapt.com/ assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://*.ximasoftware.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.hs-scripts.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.hubapi.com/ https://*.linkedin.com/ https://*.ximasoftware.com/ https://*.gstatic.com/ https://*.google.com/ https://*.fontawesome.com/ https://*.clarity.ms/ https://*.stackadapt.com/ https://*.licdn.com/ https://*.jsdelivr.net/ https://*.pinimg.com/ https://*.newrelic.com/ https://*.pinterest.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com t.elasticsuite.io *.hsforms.net *.hsforms.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'sha256-YX4iJw93x5SU0ple+RI+95HNdNBZSA60gR8a5v7HfOA=' 'sha256-WR8o4UdzkfQd/B9prWMMzvA2VlbX7/I/y8EFPevJOXw=' 'sha256-Kkwk4ZUUW3qZNbj58dkRearCDt4CWSotgAtEuHdNd6g=' 'sha256-R0cVcQ1UfQTWnLUINrj4MfHMoBD0RKwK7ZYK/rfQBHM=' 'sha256-Ro5i8olCkIPmIG76rAWygcfc9HVzWjxOXXARUTL8YsQ=' 'sha256-yof2HSumBjSLwi3m+5rTlVgGCBpEo3Eugd2GT5lEe7w=' 'sha256-IaWkPkOxjlXUPoVDL/dzn/TfKwbSUzl2qgnrqCPX9Gw=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-DF6hZvQLSUjLzU0QI/g098kUMN7kq9eR7gHybjLOVHI=' 'sha256-LeJHLwdOrId4BI1YUY0xRe8UH62rM3qPmeggRd2E30c=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' app.termly.io cdn.firstpromoter.com www.googletagmanager.com ajax.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; font-src 'self' fonts.gstatic.com; connect-src 'self' app.termly.io us.consent.api.termly.io; object-src 'self'; prefetch-src 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; disown-opener; base-uri 'self' 1
script-src-elem *.lursoft.lv cookiehub.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.cloudflareinsights.com *.doubleclick.net *.facebook.net *.mxapis.com *.klaviyo.com *.unpkg.com/* *.googlesyndication.com *.creativecdn.com *.videoly.co *.youtube.com *.maksekeskus.ee 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.cookiehub.net *.cookiehub.eu cookiehub.net *.googleapis.com assets.mxapis.com *.klaviyo.com 'self' 'unsafe-inline'; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.twitter.com *.twimg.com *.googleapis.com data: *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.youtube.com youtu.be *.vimeo.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee *.twitter.com *.youtube-nocookie.com *.hotjar.com forms.office.com *.creativecdn.com *.googlesyndication.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.paypal.com *.ytimg.com *.usercentrics.eu *.maksekeskus.ee *.test.maksekeskus.ee https://maps.omnivasiunta.lt *.googleadservices.com *.google.lv *.googleapis.com *.twitter.com *.twimg.com *.lightemporium.com *.every-pay.com *.prof.lv *.omnivasiunta.lt *.klix.app *.googletagmanager.com api.mapbox.com *.cartocdn.com *.magecomp.com *.kevin.eu *.gstatic.com *.cloudfront.net *.videoly.co https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.google-analytics.com www.google.com www.gstatic.com *.trustedshops.com *.usercentrics.eu *.avada.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: https://unpkg.com *.twitter.com *.googleapis.com *.twimg.com *.gstatic.com *.fontawesome.com *.cloudflareinsights.com gatete.luminorgroup.com *.newrelic.com *.nr-data.net *.lursoft.lv cookiehub.net *.yandex.ru *.hotjar.com *.klaviyo.com *.unpkg.com/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com https://static.klaviyo.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.twitter.com *.twimg.com *.gstatic.com *.bootstrapcdn.com cookiehub.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.paypal.com *.googleapis.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee https://geocode.arcgis.com *.twitter.com *.twimg.com *.fontawesome.com *.nr-data.net *.arcgis.com stats.g.doubleclick.net *.lursoft.lv *.yandex.ru *.hotjar.com *.hotjar.io *.google.com *.klaviyo.com *.creativecdn.com 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.sagepay.com *.yotpo.com *.googleapis.com *.gstatic.com www.partstown.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.facebook.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; frame-ancestors www.partstown.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.weltpixel.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com validate.fishpig.co.uk *.gstatic.com *.facebook.com *.yotpo.com www.partstown.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com www.partstown.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.sagepay.com tagmanager.google.com *.yotpo.com *.googleapis.com www.partstown.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.partstown.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.paypal.com *.sagepay.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; child-src www.partstown.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.partstown.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; script-src 'report-sample' https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://staticfiles.new.smart.pr/ https://fonts.googleapis.com; upgrade-insecure-requests; font-src 'self' https://staticfiles.new.smart.pr/ https://fonts.gstatic.com; object-src 'none'; img-src 'self' https://staticfiles.new.smart.pr/; base-uri 'none'; report-uri https://o4509259652202496.ingest.de.sentry.io/api/4509259661246544/security/?sentry_key=909be8f68697b70e64601a6917e60993&sentry_environment=production 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://www.mycvcreator.com; upgrade-insecure-requests; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com https://www.googletagmanager.com https://telegram.org; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com https://recaptcha.google.com https://accounts.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://embed.tawk.to https://px.ads.linkedin.com https://www.facebook.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.youtube.com; img-src 'self' data: blob: https://assets.delveinsight.com https://www.google-analytics.com https://www.googletagmanager.com https://embed.tawk.to https://www.youtube.com; connect-src 'self' https://*.delveinsight.com wss://*.delveinsight.com https://www.googletagmanager.com https://www.google-analytics.com https://embed.tawk.to https://px.ads.linkedin.com https://www.facebook.com http://localhost:3001 https://www.youtube.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.youtube.com; object-src 'none'; base-uri 'self'; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://embed.tawk.to https://www.google-analytics.com https://tagassistant.google.com https://www.youtube.com; frame-ancestors 'self' https://tagassistant.google.com https://www.googletagmanager.com https://www.google.com https://embed.tawk.to https://www.google-analytics.com https://www.youtube.com 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com *.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://dpm.demdex.net *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.metalcloak.com *.armoredworks.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com *.disqus.com *.avada.io *.shopify.com *.authorize.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com *.breadgateway.net widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.authorize.net *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.a8b.co code.a8b.co code.a8b.co 'sha256-EETe+3mSl3pqiL8qQElRqASXFPPpH8jwEwaWlRgzRAI=' 'sha256-j+1VAJWWn3PTEfoNsE8//SGwsTpI3Rs+fwIEPWisM8E=' www.googletagmanager.com 'sha256-xSVeuJvAtf3qAhoz4mKTaqaWuBnuxmdF/ZIchfLaB4M=' strict-dynamic; style-src 'self' 'unsafe-inline'; style-src-elem 'self' *.a8b.co code.a8b.co code.a8b.co 'sha256-EETe+3mSl3pqiL8qQElRqASXFPPpH8jwEwaWlRgzRAI=' 'sha256-j+1VAJWWn3PTEfoNsE8//SGwsTpI3Rs+fwIEPWisM8E=' www.googletagmanager.com 'sha256-xSVeuJvAtf3qAhoz4mKTaqaWuBnuxmdF/ZIchfLaB4M='; img-src 'self' data: code.a8b.co code.a8b.co 'sha256-EETe+3mSl3pqiL8qQElRqASXFPPpH8jwEwaWlRgzRAI=' 'sha256-j+1VAJWWn3PTEfoNsE8//SGwsTpI3Rs+fwIEPWisM8E=' www.googletagmanager.com 'sha256-xSVeuJvAtf3qAhoz4mKTaqaWuBnuxmdF/ZIchfLaB4M=' 1
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.typekit.net *.trustedshops.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com syf.demdex.net *.syfpos.com *.syf.com *.trustpilot.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.cloudflare.com https://cdn.klarna.com *.syfpayments.com *.paypal.com https://s.ytimg.com *.usercentrics.eu yt3.ggpht.com cdn.files-text.com raw.githubusercontent.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.googleapis.com magefan.com cm.magefan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.hsforms.net *.hsforms.com 'self' data: *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.mysynchrony.com *.facebook.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.affirm.com *.affirm.ca *.cloudflare.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.pitbullaudio.com *.livechatinc.com *.recapture.io *.syfpayments.com *.elfsight.com stats.g.doubleclick.net *.braintree-api.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.recapture.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.syf.com *.tiqcdn.com *.trustpilot.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com stats.g.doubleclick.net *.typekit.net *.trustedshops.com *.usercentrics.eu *.syfpayments.com *.klarnacdn.net https://static.klaviyo.com *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.syfpos.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.affirm.com *.affirm.ca *.cloudflare.com stats.g.doubleclick.net *.paypal.com *.elfsight.com *.livechatinc.com *.syfpayments.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://app.recapture.io *.googleapis.com *.addthis.com https://graph.instagram.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net landofcoder.com *.facebook.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://shopline.itau.com.br 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; frame-ancestors *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://*.business.facebook.com https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com https://*.business.facebook.com *.clearsale.com.br https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://stats.g.doubleclick.net https://staticfiles.yviews.com.br https://service.yourviews.com.br https://yv-misc.s3.amazonaws.com https://api.pagar.me https://cdn.mundipagg.com https://img.youtube.com https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net https://www.ebitempresa.com.br/ https://*.posclick.dinamize.com https://*.clarity.ms https://*.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.clearsale.com.br https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://www.googleoptimize.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://cdn.awsli.com.br https://*.optimonk.com https://h.online-metrix.net https://commerce.adobedtm.com https://js-agent.newrelic.com/ https://consent.cookiefirst.com/ *.hotjar.com *.hotjar.io *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.amazonaws.com https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net https://*.clarity.ms 'self' https://*.siteblindado.com https://*.posclick.dinamize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; object-src *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; media-src *.adobe.com *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net https://*.posclick.dinamize.com 'self' 'unsafe-inline'; manifest-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com http://api.itaushopline.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.hotjar.com *.hotjar.io ws://ws.hotjar.com *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net https://*.optimonk.com https://*.clarity.ms https://*.siteblindado.com https://*.posclick.dinamize.com https://receiver.posclick.dinamize.com 'self' 'unsafe-inline'; child-src *.clearsale.com.br https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net http: https: blob: 'self' 'unsafe-inline'; default-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://td.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net https://*.dinamize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com *.uploadcare.com *.ucarecdn.com https://uploadcare.com/ https://ucarecdn.com/ *.getblue.io https://*.i-goal.com.br https://*.reclameaqui.com.br https://*.ebit.com.br https://newimgebit-a.akamaihd.net 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: assets.quadpay.com static.klaviyo.com *.cloudflare.com *.intelligencebank.com *.slant.co *.fonts.net *.zip.co *.alicdn.com *.tql.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com ws.sharethis.com t.sharethis.com livetour.istaging.com *.facebook.com calculator.redarc.com.au cdn.intelligencebank.com e.issuu.com issuu.com *.doubleclick.net *.moz.com *.paypalobjects.com localhost *.googletagmanager.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com flagpedia.net 'self' data: site-assets.afterpay.com mcprod.redarcelectronics.com maps.google.com maps.gstatic.com maps.googleapis.com l.sharethis.com p.adsymptotic.com assets.quadpay.com calculator.redarc.com.au linkedin.com *.linkedin.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net logs-01.loggly.com *.bing.net https://*.bing.com *.clarity.ms *.facebook.com *.intelligencebank.com *.kaltura.com www.google.com.au www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bt www.google.bj www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.so www.google.sr www.google.tg www.google.tl www.google.tn www.google.tt www.google.vu www.google.cv www.google.hn www.google.md www.google.ml *.googletagmanager.com *.typekit.net www.google.ad www.google.bs www.google.ci www.google.co.ls www.google.com.ag www.google.com.bo www.google.com.sl www.google.com.sv www.google.com.tj www.google.dj www.google.dm www.google.ki www.google.la www.google.mv www.google.nr www.google.sc www.google.sn www.google.tm *.tql.com www.google.gm www.google.ne www.google.ws www.google.gl www.google.kg *.doubleclick.net meetanshi.com retail.mcprod.redarcelectronics.com trade.mcprod.redarcelectronics.com trade.redarcelectronics.com retail.mcstaging.redarcelectronics.com trade.mcstaging.redarcelectronics.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com https://rum.hlx.page *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com js.afterpay.com ws.sharethis.com t.sharethis.com staticw2.yotpo.com snap.licdn.com d10lpsik1i8c69.cloudfront.net *.facebook.net https://*.bing.com clarity.microsoft.com *.clarity.ms calculator.redarc.com.au *.zip.co api.emailjs.com dashboard.emailjs.com *.issuu.com *.quantcount.com *.quantserve.com *.klaviyo.com cdn.jsdelivr.net *.impactcdn.com *.adobedtm.com *.doubleclick.net *.hotjar.com *.intelligencebank.com *.kaltura.com *.googletagmanager.com *.yottaa.com *.paypalobjects.com bam.nr-data.net rapid-cdn.yottaa.com *.rapid-cdn.yottaa.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.typekit.net *.intelligencebank.com ws.sharethis.com static-tracking.klaviyo.com static-forms.klaviyo.com calculator.redarc.com.au cdn.jsdelivr.net static.klaviyo.com *.fonts.net *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com res.cloudinary.com cdn.intelligencebank.com *.kaltura.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com maps.googleapis.com t.elasticsuite.io *.google-analytics.com l.sharethis.com firebase.googleapis.com firestore.googleapis.com firebaseinstallations.googleapis.com *.afterpay.com *.doubleclick.net settings.luckyorange.net cdn.linkedin.oribi.io google.com frstre.com *.facebook.com *.facebook.net bat.bing.com *.us.zip.co *.googletagmanager.com timezone.abstractapi.com cdn.intelligencebank.com api.emailjs.com dashboard.emailjs.com *.issuu.com static-forms.klaviyo.com cdn.optimizely.com api.quadpay.com data.stbuttons.click api-js.datadome.co redarcelectronics.pxf.io redarcelectronicscreator.pxf.io *.bing.net *.clarity.ms *.crwdcntrl.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.linkedin.com localhost www.google.ae www.google.at www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.cg www.google.ch www.google.cl www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gg www.google.gr www.google.gy www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.lk www.google.lt www.google.lu www.google.mw www.google.mk www.google.mu www.google.mn www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sr www.google.tl www.google.tg www.google.tt www.google.ge www.google.ht www.google.lv www.google.ml *.typekit.net *.yottaa.net www.google.ad www.google.al www.google.am www.google.cd www.google.ci www.google.cm www.google.co.uz www.google.com.ag www.google.com.bo www.google.com.bz www.google.com.et www.google.com.gi www.google.com.kh www.google.com.ly www.google.com.mt www.google.com.sb www.google.com.sl www.google.com.sv www.google.com.tj www.google.dm www.google.hn www.google.im www.google.ki www.google.kz www.google.la www.google.me www.google.mg www.google.nr www.google.sn www.google.so www.google.tn www.google.vu www.google.az www.google.bj www.google.bs www.google.gm www.google.li www.google.md www.google.ws bam.nr-data.net *.yottaa.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ae1dd06c-57cf-4693-8c31-6e29ccc59bf2.sansec.watch/; report-to report-endpoint; 1
base-uri 'none'; object-src 'none'; script-src 'report-sample' https: 'nonce-NTE3MTA4ODAxLDkzOTEwNTUxOA==' 'unsafe-eval' 'strict-dynamic'; report-uri https://csp.canva.com/_cspreport?ro=true&requestId=9dd84f60bcbb7306&app=devdocs; 1
object-src  'none'; connect-src 'self' *.roccosiffredi.com *.famedigital.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.roccosiffredi.com *.famedigital.com join.gammasecure.com; script-src 'self' *.roccosiffredi.com *.famedigital.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.roccosiffredi.com *.famedigital.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.alicdn.com *.cdnfonts.com *.flaticon.com *.hsappstatic.net *.jsdelivr.net *.slant.co *.zohocdn.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com amazingoriental.com *.bing.com *.cookiebot.com google.com *.googletagmanager.com *.instagram.com *.opendns.com recaptcha.net *.sharethis.com *.youshouldask.ai 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com *.alicdn.com amazingoriental.com *.amazingoriental.com *.bing.com *.bing.net bucket-ip-website.s3.eu-central-1.amazonaws.com *.clarity.ms *.cookiebot.com *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tn www.google.to www.google.tt www.google.vu www.google.ws google.com *.google.com instagram.com *.instagram.com s3.amazonaws.com *.sharethis.com *.youshouldask.ai data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.multisafepay.com https://pay.google.com *.bing.com *.clarity.ms *.cookiebot.com *.g4ui.com googletagmanager.com *.instagram.com *.sharethis.com *.yandex.net *.youshouldask.ai 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.multisafepay.com *.myfonts.net *.youshouldask.ai 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.multisafepay.com t.elasticsuite.io *.alicdn.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.crwdcntrl.net *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bt www.google.ca www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gm www.google.gr www.google.gy www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.jo www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.ml www.google.mn www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tn www.google.tt google.com *.google.com *.instagram.com localhost *.sharethis.com *.yandex.net *.youshouldask.ai 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://1839b17e-08af-4229-a4fd-23c2b476d361.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://a.quora.com https://connect.facebook.net https://mc.yandex.ru https://bat.bing.com https://static.ads-twitter.com https://www.redditstatic.com https://top-fwz1.mail.ru https://www.clarity.ms https://analytics.tiktok.com https://telegram.org https://googleads.g.doubleclick.net https://vk.com https://www.clarity.ms https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://widget.intercom.io; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https: https://a.quora.com https://c.admetr.ru https://mc.yandex.ru https://vk.com https://q.quora.com https://www.google.ru; connect-src 'self' https: wss: https://api-iam.intercom.io https://analytics.google.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://sc-static.net https://widget.intercom.io https://dolphin-anty.com dolphin-anty.net https://telegram.org https://www.google.com https://stats.g.doubleclick.net; font-src 'self' data: https:; object-src 'none'; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://widget.intercom.io; frame-ancestors 'none'; base-uri 'self'; worker-src 'self' blob:; form-action 'self'; upgrade-insecure-requests; report-uri https://dolphin-anty.com/csp_report.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-rh9_rhwNfwrLrXABLjoO2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kYxrBHkrAccFQva5W3cAtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-3a04ecb3c489d506cca2a9b9e1c8bdd3' https://www.horlogeforum.nl/logs/ https://www.horlogeforum.nl/sidekiq/ https://www.horlogeforum.nl/mini-profiler-resources/ https://eu5.dh-cdn.net/assets/ https://eu5.dh-cdn.net/brotli_asset/ https://www.horlogeforum.nl/extra-locales/ https://www.horlogeforum.nl/highlight-js/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/ https://www.horlogeforum.nl/theme-javascripts/ https://www.horlogeforum.nl/svg-sprite/ https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://cdn-cookieyes.com/client_data/225aa61129eb70cff30a9eda1b8b3085/script.js https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://www.googletagmanager.com; worker-src 'self' https://eu5.dh-cdn.net/assets/ https://eu5.dh-cdn.net/brotli_asset/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' *.clarity.ms *.bing.com; connect-src 'self' *.katalogmarzen.pl *.bing.com *.clarity.ms *.cookiebot.com *.doubleclick.net *.getresponse.com *.google-analytics.com *.google.com *.google.pl *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.stape.tech *.tiktok.com *.tiktokw.us *.hotjar.com wss://ws.hotjar.com *.facebook.com https://katalogmarzen.user.com wss://katalogmarzen.user.com; frame-src 'self' *.cookiebot.com *.doubleclick.net *.googletagmanager.com *.google.com *.inpost.pl *.youtube.com *.facebook.com; img-src 'self' *.katalogmarzen.pl data: *.bing.com *.clarity.ms *.cookiebot.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.pl *.googletagmanager.com *.googleadservices.com *.youtube.com *.openstreetmap.org *.doubleclick.net https://eu.user.com https://media.user.com https://media.tenor.com https://static.user.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.cookiebot.com *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gr-cdn-e.eu *.gr-cdn.com *.gr-wcon.com *.gstatic.com *.getresponse.com *.hotjar.com *.inpost.pl *.katalogmarzen.pl *.tiktok.com wss://katalogmarzen.user.com https://media.user.com https://katalogmarzen.user.com https://widget.user.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.inpost.pl; font-src 'self' data: *.gstatic.com; media-src https://eu.user.com; 1
child-src 'self' https://*.qualified.com; default-src 'self'; frame-src 'self' https://9628652.fls.doubleclick.net https://td.doubleclick.net https://js.driftt.com https://*.qualified.com https://a8447815042.cdn-pci.optimizely.com https://ct.pinterest.com https://tealium-f.squarecdn.com; worker-src 'self' blob:; connect-src 'self' https://assets.ctfassets.net https://api.broadway.squareup.com https://campaign-hub-production-f.squarecdn.com https://api.squareup.com/v1/cdp/batch https://api.squarestagingexternal.com/v1/cdp/batch https://api.squarestagingexternal.com https://api.squareup.com https://api.squareupstaging.com *.contentsquare.net https://capi.squareup.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://stats.g.doubleclick.net https://facebook.com https://www.facebook.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://google.com https://www.google.com https://us-central1-sq-sgtm-prod.cloudfunctions.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net http://424-iab-218.mktoresp.com https://424-iab-218.mktoresp.com https://xms2-marketo.beta.stage.sqprod.co https://424-iab-218.mktoutil.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://logx.optimizely.com https://ct.pinterest.com https://conversions-config.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com *.ingest.us.sentry.io *.6sc.co https://api.sprig.com https://squareupstaging.com https://visitor-scoring-new.marketlinc.com https://api.chilipiper.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com wss://*.qualified.com https://*.qualified.com https://pw-renderer-production-c.squarecdn.com localhost:*; font-src 'self' https://cash-f.squarecdn.com https://square-fonts-production-f.squarecdn.com; img-src 'self' data: blob: https://ib.adnxs.com https://assets.ctfassets.net https://cdn.blisspointmedia.com https://campaign-hub-production-f.squarecdn.com *.contentsquare.net https://ad.doubleclick.net https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://adservice.google.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com http://images.ctfassets.net https://images.ctfassets.net https://px.ads.linkedin.com https://cdn.cookielaw.org https://pixel.pointmediatracker.com https://alb.reddit.com *.6sc.co https://api.squareup.com https://api.squareupstaging.com https://insight.adsrvr.org https://match.adsrvr.org https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; manifest-src 'self' https://pw-renderer-production-c.squarecdn.com; media-src 'self' mediastream: https://assets.ctfassets.net https://js.driftt.com http://videos.ctfassets.net https://videos.ctfassets.net https://*.qualified.com; script-src 'self' *.contentsquare.net https://www.datadoghq-browser-agent.com https://js.driftt.com https://*.qualified.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://campaign-hub-production-f.squarecdn.com https://lift-ai-js.marketlinc.com https://martech-development-c.squarecdn.com https://martech-production-c.squarecdn.com https://martech-staging-c.squarecdn.com http://munchkin.marketo.net https://munchkin.marketo.net https://cdn.cookielaw.org https://a8447815042.cdn-pci.optimizely.com https://s.pinimg.com https://ct.pinterest.com https://pw-renderer-production-c.squarecdn.com https://pw-renderer-staging-c.squarecdn.com https://pwt-production-c.squarecdn.com https://pwt-staging-c.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com https://squareinc-sandbox.chilipiper.com https://squareinc.chilipiper.com https://www.workwithsquare.com https://www.redditstatic.com *.6sc.co https://cdn.sprig.com https://xms-production-f.squarecdn.com https://www.youtube.com https://pw-renderer-production-c.squarecdn.com 'nonce-g5eKT72SnLDZ/cpbXqCN0g=='; style-src 'self' https://square-fonts-production-f.squarecdn.com https://sales-bridge-production-c.squarecdn.com https://sales-bridge-staging-c.squarecdn.com 'unsafe-inline' https://*.qualified.com https://pw-renderer-production-c.squarecdn.com; frame-ancestors 'self' https://app.contentful.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd9af00759e65a48ba7ee3ff1dfa4260b&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to browser-intake-datadoghq 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.latinpressinc.com *.issuu.com *.youtube.com *.youtube-nocookie.com *.linkedin.com *.licdn.com *.tawk.to wss://*.tawk.to *.cloudflare.com *.cloudflareinsights.com *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.doubleclick.net *.bing.com *.clarity.ms *.google-analytics.com *.ytimg.com *.adtrafficquality.google https://cdn.jsdelivr.net *.facebook.com https://*.facebook.net https://cdn.rawgit.com https://getquix.net https://quix.b-cdn.net https://opps-widget.getwarmly.com data:; frame-ancestors 'self' *.latinpressinc.com *.google.com *.acrlatinoamerica.com *.avilatinoamerica.com *.aftermarketinternational.com *.gerenciadeedificios.com *.tvyvideo.com *.ventasdeseguridad.com *.zonadepinturas.com *.autoamericas.show *.livetec.show *.cleantec.show *.tecnoedificios.com *.refriamericas.com *.integratec.show *.knxlatinamerica.org *.consorciotec.com *.induguia.com *.buildingautomation.show *.cinemotionlabs.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.livechatinc.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/fonts/ *.fontawesome.com *.stripecdn.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.facebook.com www.googletagmanager.com www.google-analytics.com *.icims.eu www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com vars.hotjar.com www.facebook.com www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com td.doubleclick.net pagead2.googlesyndication.com analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com www.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.amplience.net fpdbs.paypal.com fpdbs.sandbox.paypal.com *.yotpo.com p.adsymptotic.com bat.bing.com www.facebook.com cdn-ukwest.onetrust.com *.livechatinc.com cookiesuksouth.blob.core.windows.net www.google.co.in www.google-analytics.com px.ads.linkedin.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.wiltshirefarmfoods.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.postcodeanywhere.co.uk acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://cdn.acsbapp.com/apps/app/dist/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.youtube.com *.vimeo.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.cardinalcommerce.com geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onetrust.com *.livechatinc.com static.hotjar.com www.gstatic.com *.trackedlink.net *.stripe.com *.trustpilot.com maps.googleapis.com *.pcapredict.com snap.licdn.com connect.facebook.net bat.bing.com secure.leadforensics.com js-agent.newrelic.com script.hotjar.com ict.infinity-tracking.net cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.net *.bam.nr-data.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com *.dwin1.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com *.conoret.com https://services.postcodeanywhere.co.uk https://cdn.mouseflow.com https://cdn.cookielaw.org *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.postcodeanywhere.co.uk *.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.ideal-postcodes.co.uk *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com maps.googleapis.com *.onetrust.com *.livechatinc.com bam.nr-data.net in.hotjar.com ict.infinity-tracking.net stats.g.doubleclick.net bat.bing.com www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com *.wikipedia.org/w/api.php https://process.acsbapp.com/apps/app/ https://cdn.acsbapp.com/resources/ https://cdn.acsbapp.com/cache/app/ https://cdn.acsbapp.com/config/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com analytics.google.com https://services.postcodeanywhere.co.uk https://o2.mouseflow.com https://www.google.com https://cdn.cookielaw.org klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.googletagmanager.com/; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com *.cloudflare.com https://test-media.dsc-cricket.com maxcdn.bootstrapcdn.com *.twitter.com *.twimg.com *.trustedshops.com *.tawk.to 'self' data: *.dsc-cricket.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.payu.in *.snapmint.com *.snapmint.com/v1/public *.twitter.com *.dsc-cricket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' data: *.payu.in *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payu.in api.razorpay.com *.snapmint.com *.snapmint.com/v1/public *.twitter.com *.addthis.com *.doubleclick.net *.embedly.com *.rvvup.com *.dsc-cricket.com https://accounts.google.com/gsi/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://meetanshi.com/media/logo.png *.meetanshi.com https://amcglobal.sc.omtrdc.net/ *.cloudflare.com http://localhost/1bdbd64a-7c1f-4fb6-aa86-17b870cb05ac https://test-media.dsc-cricket.com/media www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.snapmint.com *.snapmint.com/v1/public *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net *.ccavenue.com www.logicrays.com www.magecomp.com *.amazonaws.com *.securitymetrics.com *.postcodeanywhere.co.uk *.dsc-cricket.com *.cdnmedia.dsc-cricket.com https://cdnmedia.dsc-cricket.com *.facebook.net *.facebook.com blob: https://cdnmedia.dsc-cricket.com/media/catalog/product *.test-media.dsc-cricket.com https://test-media.dsc-cricket.com/media/catalog data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.fontawesome.com *.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payu.in checkout.razorpay.com *.snapmint.com *.snapmint.com/v1/public *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu embed.tawk.to https://googleads.g.doubleclick.net/pagead/id cdn.jsdelivr.net *.razorpay.com indep11146.pcapredict.com *.postcodeanywhere.co.uk *.feefo.com *.dsc-cricket.com *.facebook.net *.lightwidget.com *.googleadservices.com *.adobedtm.com *.checkout.razorpay.com https://accounts.google.com/gsi/client *.cdnmedia.dsc-cricket.com https://cdnmedia.dsc-cricket.com *.test-media.dsc-cricket.com https://test-media.dsc-cricket.com/media/catalog *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.cloudflare.com https://test-media.dsc-cricket.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.snapmint.com *.snapmint.com/v1/public *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.google.com *.postcodeanywhere.co.uk *.dsc-cricket.com *.unpkg.com https://unpkg.com/swiper@11.1.14/swiper-bundle.min.css https://unpkg.com/swiper/swiper-bundle.min.css https://accounts.google.com/gsi/style *.cdnmedia.dsc-cricket.com https://cdnmedia.dsc-cricket.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.granberg.se *.cdnmedia.dsc-cricket.com https://cdnmedia.dsc-cricket.com https://test-media.dsc-cricket.com https://test-media.dsc-cricket.com/media 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://amcglobal.sc.omtrdc.net/ www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.meetanshi.com https://dpm.demdex.net/id api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.payu.in lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.snapmint.com *.snapmint.com/v1/public *.cloudflare.com *.twitter.com *.twimg.com *.tawk.to *.amazonaws.com *.securitymetrics.com *.embedly.com *.rvvup.com *.postcodeanywhere.co.uk *.googleapis.com *.dsc-cricket.com *.cdnmedia.dsc-cricket.com *.facebook.net *.facebook.com https://accounts.google.com/gsi/ https://cdnmedia.dsc-cricket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.dsc-cricket.com *.facebook.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com maps.gstatic.com *.google.com *.biaw.com magefan.com cm.magefan.com *.mageside.com mageside.com *.disqus.com *.trackedlink.net https://img.youtube.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com s7.addthis.com freegeoip.app api.ipbase.com *.disqus.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com maps.googleapis.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: https://fonts.googleapis.com https://fonts.gstatic.com *.walmartimages.com *.amazonaws.com *.fontawesome.com *.typekit.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.avril.ca *.flippenterprise.net *.wishabi.net *.wishabi.com *.google.ca *.google.com *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com blob: *.webpushr.com *.flippenterprise.net https://www.google-analytics.com *.stripe.com *.jsdelivr.net *.privacy-center.org *.zdassets.com *.zendesk.com https://*.privacy-center.org *.newrelic.com *.cloudflareinsights.com *.bing.com *.clarity.ms www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.flippenterprise.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.typekit.net *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://developer.adobe.com *.flippenterprise.net *.launchdarkly.com *.flippback.com *.flipp.com *.doubleclick.net *.webpushr.com *.googlesyndication.com *.privacy-center.org *.zdassets.com *.zendesk.com *.nr-data.net *.clarity.ms https://*.privacy-center.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ws: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://*.privacy-center.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; form-action 'self' https://piegade.balticdata.lv; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' https:; script-src-attr 'none'; connect-src 'self' https: ws: wss:; frame-src 'self' https:; media-src 'self' https: data: blob:; manifest-src 'self'; worker-src 'self' blob:; report-sample 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.nl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.nl *.spreadshirt.nl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.nl ; font-src 'self' https: data: *.spreadshirt.nl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.nl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.nl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.globalpay.com https://fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com www.skopes.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.skopes.co.uk 'self' 'unsafe-inline'; frame-ancestors www.skopes.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.klarna.com *.trustpilot.com www.youtube.com www.xtento.com www.skopes.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.globalpay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.adobedtm.com www.xtento.com cdn.xtento.com www.skopes.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.trustpilot.com www.youtube.com player.vimeo.com www.xtento.com cdn.xtento.com www.skopes.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.trustpilot.com www.skopes.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com www.skopes.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com cdn.plyr.io noembed.com www.skopes.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.skopes.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.skopes.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com *.bootstrapcdn.com www.kettner.com test.kettner.com *.typekit.net *.datareporter.eu cdn.eye-able.com 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net www.google.com www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.google-analytics.com cdn.usersnap.com api.usersnap.com *.facebook.net www.kettner.com test.kettner.com *.typekit.net *.saferpay.com *.datareporter.eu *.piwik.pro chimpstatic.com cdn.eye-able.com 'unsafe-inline'; font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: online.swagger.io *.typekit.net *.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com https://www.youtube.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com online.swagger.io img.youtube.com cdn.usersnap.com cdn.jsdelivr.net www.facebook.com www.google.com www.google.at *.googletagmanager.com www.kettner.com test.kettner.com *.googlesyndication.com googleads.g.doubleclick.net cdn.eye-able.com https://redchamps.com *.doubleclick.net *.ggpht.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.tg www.google.tn google.com *.google.com *.gstatic.com yastatic.net *.youtube.com *.ytimg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io https://custom.clerk.io jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.fontawesome.com polyfill.io *.usersnap.com *.gstatic.com *.payments-amazon.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval' *.clerk.io *.datareporter.eu *.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.jquery.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline' *.bootstrapcdn.com *.datareporter.eu *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline';, connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.usersnap.com *.algolianet.com *.algolia.net *.amazon.com *.google-analytics.com *.loadbee.com *.datareporter.eu *.googlesyndication.com www.googleadservices.com cdn.eye-able.com *.bootstrapcdn.com *.doubleclick.net *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.cg www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.cy www.google.com.eg www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.tg www.google.tn *.googletagmanager.com *.gstatic.com *.jquery.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src cdn.eye-able.com *.bootstrapcdn.com chimpstatic.com *.clerk.io *.datareporter.eu *.doubleclick.net *.googleadservices.com *.googleapis.com www.google.at www.google.ch www.google.cz www.google.de www.google.fr www.google.hu www.google.rs www.google.ru www.google.sk *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri www.kettner.com test.kettner.com 'self' 'unsafe-inline'; report-uri https://76318ee7-75b4-4009-9e9d-005a2eb38171.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.klarna.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; report-uri https://zenpark.com/csp-violation-report-endpoint 1
default-src 'self' *.googleapis.com *.google.com.au *.googletagmanager.com *.google-analytics.com *.afterpay.com *.tryzens-analytics.com *.bazaarvoice.com *.paypal.com *.facebook.com *.zip.co zip.co;  script-src 'self' 'strict-dynamic' 'nonce-f3d31f4a' *.scarabresearch.com *.googletagmanager.com *.google-analytics.com *.googleapis.com  *.googleadservices.co *.youtube.com *.bazaarvoice.com *.useinsider.com *.paypal.com *.paypalobjects.com *.afterpay.com *.braintreegateway.com *.tryzens-analytics.com *.facebook.net *.vimeo.com *.recaptcha.net *.gstatic.com *.autopro.com.au *.facebook.com *.zip.co zip.co;  img-src 'self' data: *.useinsider.com *.ctfassets.net *.autopro.com.au *.bazaarvoice.com *.gstatic.com *.paypal.com *.afterpay.com *.google.com.au *.googletagmanager.com *.facebook.com *.zip.co zip.co *.paypalobjects.com;  object-src 'none';  frame-ancestors 'self' *.contentful.com;  frame-src 'self' *.youtube.com *.vimeo.com *.contentful.com bapcor.formcrafts.com *.useinsider.com *.googletagmanager.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com *.recaptcha.net zip.co *.zip.co;  style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.braintreegateway.com *.googleapis.com *.useinsider.com *.zip.co;  font-src 'self' data: *.bazaarvoice.com *.googleapis.com *.zip.co *.paypalobjects.com fonts.gstatic.com *.fonts.gstatic.com;  connect-src 'self' *.algolia.io *.googleapis.com *.googletagmanager.com *.google-analytics.com *.afterpay.com *.useinsider.com *.bazaarvoice.com *.paypal.com *.scarabresearch.com *.tryzens-analytics.com *.braintree-api.com *.braintreegateway.com *.paypalobjects.com *.recaptcha.net *.eservice.emarsys.net *.facebook.com *.zip.co zip.co zipmoney.com.au *.zipmoney.com.au;  worker-src 'self' blob:;  report-uri https://bapcor-csp.tryzens-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.connectif.cloud https://cdn.slaask.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com; img-src 'self' data: blob: https://www.google-analytics.com https://cdn.connectif.cloud https://stats.g.doubleclick.net https://cf-assets.www.cloudflare.com https://cdn.simpleicons.org; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.connectif.cloud https://stats.g.doubleclick.net https://default67716c2b936d44caa86ff66f3dfe8c.9c.environment.api.powerplatform.com https://slaask.com https://app.polaria.ai; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://tracker.connectif.cloud; worker-src 'self' https://portal.everywan.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://everywan.com 1
script-src-elem js.braintreegateway.com *.paypal.com www.paypalobjects.com protection-widget.route.com protect-quote-q.route.com unpkg.com protect-lightning-bolt-widget.route.com bat.bing.com emotivecdn.io static.hotjar.com loader.wisepops.com www.googletagmanager.com chimpstatic.com wisepops.net *.yotpo.com *.criteo.com *.reviews.co.uk script.hotjar.com goal.us14.list-manage.com googleads.g.doubleclick.net www.clarity.ms connect.facebook.net *.affirm.com maps.googleapis.com www.google.com www.gstatic.com payments-sdk.live.commerce-payment-services.com www.googleadservices.com *.termly.io services-connector-ui.magento-ds.com https://data-management-external.magento-ds.com static.cloudflareinsights.com https://search-admin-ui.magento-ds.com *.adobe.io *.adobedtm.com https://static.cloudflareinsights.com *.aptrinsic.com *.magento-ds.com https://commerce.adobedtm.com https://rum.hlx.page https://hkcmd.hspdiesel.com/load dynamic.criteo.com sslwidget.criteo.com widget.reviews.io www.youtube.com sc-static.net ff.kis.v2.scr.kaspersky-labs.com form-assets.mailchimp.com app.certcapture.com cdn.id5-sync.com scripts.clarity.ms cdn.jsdelivr.net js-agent.newrelic.com commerce.adobedtm.com www.ssa.gov ajax.googleapis.com app.pageproofer.com rum.hlx.page static.klaviyo.com static-tracking.klaviyo.com hkcmd.hspdiesel.com widget.privy.com scripts.api.disqometer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.yotpo.com www.googletagmanager.com https://data-management-external.magento-ds.com www.gstatic.com cdn.honey.io ff.kis.v2.scr.kaspersky-labs.com cdn.jsdelivr.net www.ssa.gov 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com https://fonts.gstatic.com https://*.gstatic.com www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.affirm.com *.affirm.ca *.certcapture.com https://plumrocket.com https://www.google.com *.weltpixel.com *.yotpo.com *.googletagmanager.com *.doubleclick.net www.googletagmanager.com *.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.affirm.com *.affirm.ca *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.bing.com *.facebook.com *.reddit.com *.yotpo.com ads.stickyadstv.com x.bidswitch.net gum.criteo.com cm.adgrx.com *.criteo.com www.google.co.in c.clarity.ms public-prod-dspcookiematching.dmxleo.com um.simpli.fi *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://images.unsplash.com form-assets.mailchimp.com https://*.google.co.in https://*.clarity.ms blob:https://hspdiesel.com *.hspdiesel.com *.everesttech.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com www.google.co.ve www.google.ca www.google.de bat.bing.net www.google.com.mx www.google.com.au csm.da.us.criteo.net csm.us5.us.criteo.net www.google.com.br www.google.co.uk www.google.dk www.google.com.sg s3-us-west-2.amazonaws.com yt3.ggpht.com www.google.com.do www.google.com.bz cdn.honey.io www.google.md www.google.com.kw lh3.google.com ppepower.com lh3.googleusercontent.com www.google.it www.google.se www.google.sk www.google.com.ec jadserve.postrelease.com partner.mediawallahscript.com criteo-partners.tremorhub.com ad.tpmn.co.kr trends.revcontent.com tapestry.tapad.com exchange.mediavine.com ad.tpmn.io staging.hspdiesel.com www.google.com.co www.google.es www.google.nl www.google.co.th www.google.la www.google.com.ar www.google.com.bh www.google.com.bo www.google.pl i.liadm.com thrtle.com ups.analytics.yahoo.com cms.analytics.yahoo.com sync.crwdcntrl.net obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com www.google.ad id5-sync.com ad.yieldlab.net d.turn.com www.google.at cdn.ivaws.com www.google.al client-side-metrics.us5.us.criteo.net www.google.com.hk www.google.no client-side-metrics.da.us.criteo.net us-u.openx.net www.google.fi www.google.com.pk i.ebayimg.com mcprod.hspdiesel.com prodhvya.hspdiesel.com www.google.com.pr local.hspcloud-staging.com www.google.com.gh www.google.com.tr connect.facebook.net www.google.ge www.google.gr www.google.com.cy www.google.co.za www.google.bg www.google.co.id www.google.com.eg www.ssa.gov www.google.com.ng www.google.ae www.google.hn www.google.ru www.google.ch www.google.hu www.google.sc www.google.com.jm p.yotpoapi.com www.google.fr www.google.bs www.google.hr www.google.ie www.google.co.cr www.google.com.ua data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.yotpo.com https://apis.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.googletagmanager.com *.googleadservices.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.doubleclick.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.adobe.io *.magento-datasolutions.com https://maps.googleapis.com form-assets.mailchimp.com https://*.bing.com http://*.bing.com https://emotivecdn.io https://*.hotjar.com http://*.wisepops.com https://*.clarity.ms https://wisepops.net https://data-management-external.magento-ds.com https://recommendations-admin-ui.adobe.io *.braintreegateway.com *.braintree-api.com https://payments-sdk.live.commerce-payment-services.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com https://js-agent.newrelic.com https://rum.hlx.page https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ commerce-payments-sdk.adobe.io static.hotjar.com emotivecdn.io loader.wisepops.com dynamic.criteo.com bat.bing.com wisepops.net script.hotjar.com sslwidget.criteo.com www.clarity.ms app.termly.io widget.us.criteo.com cdn.id5-sync.com cdn.jsdelivr.net widget.privy.com https://hkcmd.hspdiesel.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.certcapture.com downloads.mailchimp.com *.googleapis.com *.yotpo.com *.tagmanager.google.com *.googletagmanager.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com https://*.googleapis.com https://data-management-external.magento-ds.com *.braintreegateway.com *.braintree-api.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://static.klaviyo.com cdn.jsdelivr.net cdn.honey.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.affirm.com *.affirm.ca *.certcapture.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.yotpo.com flag.lab.amplitude.com api.lab.amplitude.com www.emotiveapp.co x.clarity.ms api2.amplitude.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.snplow.net commerce.adobedc.net api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://*.emotiveapp.co https://*.clarity.ms https://*.hotjar.io *.braintreegateway.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ bat.bing.com k.clarity.ms e.clarity.ms b.clarity.ms z.clarity.ms r.clarity.ms p.clarity.ms a.clarity.ms s.clarity.ms q.clarity.ms u.clarity.ms j.clarity.ms t.clarity.ms l.clarity.ms w.clarity.ms d.clarity.ms n.clarity.ms h.clarity.ms v.clarity.ms m.clarity.ms f.clarity.ms bat.bing.net o.clarity.ms www.google.com.au i.clarity.ms www.google.ca www.google.com.kw popup.wisepops.com activity.wisepops.com eventcollector.mcf-prod.a.intuit.com 9kvu81ddh3.execute-api.us-east-2.amazonaws.com y.clarity.ms www.google.com c.ba.contentsquare.net www.google.se stats.g.doubleclick.net www.google.co.in www.facebook.com subwayblaze.com rum.hlx.page api.geoedge.com www.google.hu www.google.com.jm www.google.bs metrics.hotjar.io api.privy.com scripts.api.disqometer.com https://hkcmd.hspdiesel.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://hspdiesel.com/rest/all/V1/cspmanager/frontend_report; report-to report-endpoint; 1
font-src https://shoesme.b-cdn.net https://d1givitoj7uukl.cloudfront.net https://static.dhlparcel.nl https://digitvjot7uukl.cloudfront.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com www.shoesme.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.shoesme.nl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.shoesme.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.shoesme.nl 'self' 'unsafe-inline'; img-src https://shoesme.b-cdn.net https://api.taggrs.io https://bat.bing.com https://www.google.nl https://*.addsauce.com https://*.usercentrics.eu assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://maps.googleapis.com https://maps.gstatic.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.shoesme.nl data: 'self' 'unsafe-inline'; script-src https://shoesme.b-cdn.net https://sst.shoesme.nl https://*.omappapi.com https://static.zdassets.com https://www.clarity.ms https://*.cookiebot.eu https://*.addsauce.com https://*.hotjar.com https://*.zopim.com https://*.copernica.com https://snapppt.com https://*.segmentify.com https://bat.bing.com https://*.pinimg.com https://*.googleapis.com https://*.sgmntfy.com https://*.clarity.ms https://*.pinterest.com https://static.dhlparcel.nl assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.dhlecommerce.nl https://maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://shoesme.b-cdn.net https://*.omappapi.com https://*.segmentify.com https://d1givitoj7uukl.cloudfront.net https://static.dhlparcel.nl https://digitvjot7uukl.cloudfront.net *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.shoesme.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com https://addsauce-static-alt.b-cdn.net *.adobe.com www.shoesme.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://shoesme.b-cdn.net https://*.clarity.ms https://sst.shoesme.nl https://shoesmeinternationalbv.zendesk.com https://*.pinterest.com https://bat.bing.com https://*.omappapi.com wss://*.copernica.com https://ekr.zdassets.com wss://*.zopim.com https://consentcdn.cookiebot.eu https://*.copernica.com https://dev.visualwebsiteoptimizer.com https://*.segmentify.com https://*.addsauce.com https://static.dhlparcel.nl dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com autocomplete2.postdirekt.de *.trustedshops.com *.etrusted.com https://integrations.etrusted.site www.shoesme.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.shoesme.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.VLeBooks.com *.vlereader.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.vlebooks.com *.vlereader.com apis.google.com cdn.segment.com/next-integrations/actions www.google-analytics.com www.googletagmanager.com;  script-src-elem 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline'  *.vlebooks.com *.vlereader.com apis.google.com cdn.segment.com/next-integrations/actions www.google-analytics.com www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.VLeBooks.com *.vlereader.com ajax.aspnetcdn.com fonts.googleapis.com; style-src-attr 'report-sample' 'self' 'unsafe-inline' ;  style-src-elem 'report-sample' 'self' 'unsafe-inline' assets.braintreegateway.com fonts.googleapis.com/css;  child-src 'self' blob:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.VLeBooks.com *.vlereader.com https://region1.google-analytics.com https://www.google-analytics.com *.idm.oclc.org/ *.qmul.ac.uk/ *.open.ac.uk/ *.bath.ac.uk/ *.uwtsd.ac.uk/ *.bolton.ac.uk/; font-src 'self' 'unsafe-inline' data: *.VLeBooks.com *.vlereader.com ajax.aspnetcdn.com cdn.jsdelivr.net cdn.scite.ai fonts.gstatic.com static.preply.com; frame-ancestors 'self' *.vlereader.com *.vlebooks.com www.vlebooks.com; frame-src 'report-sample' 'self' *.vlebooks.com *.vlereader.com; img-src 'self' blob: data: https: *.VLeBooks.com *.vlereader.com *.dmmserver.com *.gardners.com http://jackets.gardners.com ; object-src 'none'; base-uri 'self'; manifest-src 'self' *.idm.oclc.org/pwa_manifest.json *.qmul.ac.uk *.open.ac.uk *.bath.ac.uk *.uwtsd.ac.uk *.bolton.ac.uk; media-src 'self'; worker-src blob:; report-uri https://679259fe8ff833a6e12adf10.endpoint.csper.io?v=9; 1
default-src https:;                                                 script-src https: 'unsafe-inline' 'unsafe-eval';                                                 style-src https: 'unsafe-inline';                                                 font-src https: data:;                                                 img-src https: data: about: ;                                                 connect-src https: wss: 'self';                                                 worker-src https: blob: 'self'; 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://alleima.maps.arcgis.com/ https://*.alleima.com/ https://vimeo.com/ https://*.googlesyndication.com/ https://mb.cision.com/ https://*.doubleclick.net/ https://dl.episerver.net https://player.vimeo.com https://*.cookielaw.org/ https://alleima.matomo.cloud/ https://dc.services.visualstudio.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://*.hotjar.com/ https://connect.facebook.net/ https://*.outbrain.com/ https://tr.outbrain.com/ https://*.onetrust.com/ https://cdn.linkedin.oribi.io/ wss://ws.hotjar.com https://*.hotjar.io/ https://*.datablocks.se https://*.zdassets.com/ https://*.zendesk.com/ https://*.zopim.com/ wss://*.zopim.com/ https://pui.episerver.net/ https://*.highcharts.com https://www.facebook.com/;  img-src 'self' https://*.baidu.com/ https://*.zopim.io/ https://static.zdassets.com/ https://cdn.cookielaw.org/ https://mb.cision.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.se/ https://t.co/ https://analytics.twitter.com/ https://*.outbrain.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://px4.ads.linkedin.com/ https://*.vimeocdn.com/ https://*.hotjar.com/ https://cdn.matomo.cloud/ https://maps.googleapis.com/ data:;  script-src 'self'  'unsafe-inline'   'unsafe-eval';  frame-ancestors 'self' https://www.googletagmanager.com/ https://cdn.cookielaw.org/;  script-src-elem  'self'  'unsafe-inline'  https://assets.alleima.com/ https://webassets.azurewebsites.net/ https://*.baidu.com/ https://*.monitor.azure.com/ https://*.vimeo.com/ https://code.highcharts.com/ https://dl.episerver.net/ https://*.cookielaw.org/ https://cdn.matomo.cloud/ https://alleima.matomo.cloud/ https://az416426.vo.msecnd.net/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://*.hotjar.com/ https://connect.facebook.net/ https://*.outbrain.com/ https://*.onetrust.com/ https://cdn.linkedin.oribi.io/ wss://ws.hotjar.com https://*.hotjar.io/ https://*.datablocks.se https://*.zdassets.com/ https://*.zendesk.com/ wss://*.zopim.com https://*.zopim.com https://code.jquery.com/jquery-3.7.1.min.js;  style-src 'self'  'unsafe-inline' https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://alleima.matomo.cloud/ https://*.datablocks.se/;  media-src  'self' https://static.zdassets.com/ https://mb.cision.com/ https://player.vimeo.com https://download-video.akamaized.net/ report-to csp-endpoint 1
font-src *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.sameday.ro *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.selfawb.ro *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.disqus.com *.avada.io *.shopify.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.sameday.ro *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://pa.7w.ro http://pa.7w.ro 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://*.sameday.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ecommerce.fancourier.ro https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://www.google-analytics.com https://pa.7w.ro http://pa.7w.ro 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src https://www.stokesstores.com/ https://load.measure.stokesstores.com/ https://apis.google.com/ https://static.klaviyo.com/ https://api.heyday.ai/ https://static-tracking.klaviyo.com/ https://cdn.attn.tv/ https://bat.bing.com/ https://www.clarity.ms/ https://pixel.byspotify.com/ https://woobox.com/ https://input.noibu.com/ https://cdn.noibu.com/ https://js-agent.newrelic.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.stokesstores.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com static.klaviyo.com; frame-src assets.braintreegateway.com www.google.com www.youtube.com www.youtu.be www.vimeo.com https://creatives.attn.tv https://webchat.heyday.ai 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com *.magentosite.cloud *.starfurniture.com *.videohub.tv *.bing.com *.google.ro *.bootstrapcdn.com *.onetrust.com blog.starfurniture.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; frame-ancestors blog.starfurniture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.affirm.com *.affirm.ca www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net *.google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com *.adobetm.com *.magentosite.cloud *.starfurniture.com *.videohub.tv *.bing.com *.google.ro turn.com r.turn.com *.facebook.com *.facebook.net facebook.com facebook.net *.turn.com *.cookielaw.org *.wixmp.com *.onetrust.com *.unbxdapi.com *.clarity.ms blog.starfurniture.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.vimeo.com safevisit.online aa.agkn.com *.rkdms.com *.liadm.com *.zmags.com o.clarity.ms *.clarity.ms clarity.ms *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com *.adobetm.com adobetm.com assets.adobetm.com *.magentosite.cloud *.starfurniture.com *.videohub.tv *.bing.com facebook.com *.facebook.com *.visiblevisitor.net cdn.visiblevisitor.net overflowworks.com *.overflowworks.com turn.com r.turn.com *.turn.com visiblevisitor.net connect.facebook.com *.facebook.net connect.facebook.net salesforce.com *.salesforce.com my.salesforce.com starfurniture.my.salesforce.com salesforce-sites.com *.salesforce-sites.com my.salesforce-sites.com starfurniture.my.salesforce-sites.com *.google.ro *.cookielaw.org *.unbxdapi.com *.onetrust.com *.safevisit.online *.unbxd.io blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com assets.braintreegateway.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com *.googleapis.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com *.magentosite.cloud *.starfurniture.com *.videohub.tv *.bing.com *.google.ro typekit.net *.typekit.net p.typekit.net salesforce.com *.salesforce.com my.salesforce.com starfurniture.my.salesforce.com salesforce-sites.com *.salesforce-sites.com my.salesforce-sites.com starfurniture.my.salesforce-sites.com use.typekit.net *.cookielaw.org *.bootstrapcdn.com *.onetrust.com *.safevisit.online *.unbxdapi.com blog.starfurniture.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blog.starfurniture.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.zmags.com *.zma.gs *.force.com *.userway.org *.fatwin.com *.salesforceliveagent.com *.klaviyo.com *.powerreviews.com *.scene7.com *.cloudflare.com script.crazyegg.com images.getfastr.com js.adsrvr.org stats.g.doubleclick.net googleads.g.doubleclick.net google.co.in *.cloudfront.net *.jquery.com *.cloudinary.com o.clarity.ms *.clarity.ms clarity.ms *.demdex.net *.omtrdc.net *.magentosite.cloud *.starfurniture.com *.videohub.tv *.bing.com *.google.ro *.visiblevisitor.net cdn.visiblevisitor.net google-analytics.com *.google-analytics.com salesforce.com *.salesforce.com my.salesforce.com starfurniture.my.salesforce.com salesforce-sites.com *.salesforce-sites.com my.salesforce-sites.com starfurniture.my.salesforce-sites.com region1.google-analytics.com *.cookielaw.org *.onetrust.com *.unbxdapi.com *.safevisit.online *.unbxd.io *.liadm.com blog.starfurniture.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.starfurniture.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self'; style-src 'self'; report-uri https://teratorium.uriports.com/reports/report; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ariba.com app.instapunchout.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.ariba.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr flagpedia.net https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn2.hubspot.net resources.paytrail.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com applepay.cdn-apple.com http://www.cchobby.dk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com applepay.cdn-apple.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.paytrail.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com portal.bulkgate.com *.boxnow.gr *.everypay.gr *.fontawesome.com https://fonts.bunny.net v2.zopim.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com portal.bulkgate.com *.boxnow.gr *.everypay.gr www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com portal.bulkgate.com *.boxnow.gr *.everypay.gr www.google.com analytics.skroutz.gr skroutza.skroutz.gr www.facebook.com go.linkwi.se www.pinterest.com gr.pinterest.com tpc.googlesyndication.com *.facebook.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io portal.bulkgate.com *.boxnow.gr *.everypay.gr ping.contactpigeon.com https://firebasestorage.googleapis.com www.facebook.com www.google.gr v2.zopim.com connect.facebook.net linkedin.com google-analytics.com analytics.skroutz.gr skroutza.skroutz.gr ct.pinterest.com *.glamipixel.com glamipixel.com *.glami.gr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com portal.bulkgate.com *.gstatic.com *.boxnow.gr *.everypay.gr ping.contactpigeon.com *.avada.io *.shopify.com go.linkwi.se analytics.skroutz.gr *.skroutz.gr connect.facebook.net v2.zopim.com www.gstatic.com static.zdassets.com www.google.com https://js.everypay.gr 'self' data: *.zopim.com s.pinimg.com analytics.tiktok.com tpc.googlesyndication.com www.contactpigeon.com *.glamipixel.com glamipixel.com *.glami.gr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.boxnow.gr ping.contactpigeon.com *.fontawesome.com https://fonts.bunny.net www.googletagmanager.com www.contactpigeon.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com portal.bulkgate.com *.gstatic.com *.boxnow.gr *.everypay.gr ping.contactpigeon.com https://get.geojs.io *.avada.io 'unsafe-inline' data: 'unsafe-inline' wss: stats.g.doubleclick.net 'unsafe-inline' ekr.zdassets.com 'unsafe-inline' maps.googleapis.com gtmss.izyshoes.gr www.facebook.com ct.pinterest.com analytics.tiktok.com 'unsafe-inline' ekr.zendesk.com region1.analytics.google.com socialplugin.facebook.net *.facebook.com web.facebook.com *.contactpigeon.com *.googlesyndication.com www.google.com googleads.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.contactpigeon.com 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://www.correios.com.br 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com www.facebook.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.mercadopago.com *.pagseguro.com.br maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com https://ws.correios.com.br cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.dotdigital-pages.com *.dotdigital.com https://www.trustedsite.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com lpcdn.lpsnmedia.net https://*.liveperson.net https://*.lpsnmedia.net https://va-s.c.liveperson.net https://lpcdn.lpsnmedia.net https://static.addtoany.com/menu/sm.23.html https://amc.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.trackedlink.net https://cdn.ywxi.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com lpcdn.lpsnmedia.net *.worthingtondirect.com *.adentifi.com *.linkedin.com *.bing.com *.google.pl *.google.com *.facebook.com *.doubleclick.net https://*.liveperson.net https://*.lpsnmedia.net https://worthingtondirect.com https://www.worthingtondirect.com https://lpcdn.lpsnmedia.net https://d1zloi9myumgkb.cloudfront.net https://static-1.worthingtondirect.com https://s3.amazonaws.com https://amcglobal.sc.omtrdc.net https://amc.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://cdnjs.cloudflare.com/ajax/libs/galleriffic/2.0.1/css/loader.gif data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdn.ywxi.net https://www.trustedsite.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.liveperson.net *.lpsnmedia.net cdn.ywxi.net https://cdn.jsdelivr.net/npm/swiper@11/ *.licdn.com *.bing.com *.invocacdn.com *.facebook.net https://*.liveperson.net https://*.lpsnmedia.net https://va-s.c.liveperson.net https://lptag.liveperson.net https://va.v.liveperson.net https://static.addtoany.com/menu/page.js https://lpcdn.lpsnmedia.net https://js-agent.newrelic.com/nr-1208.min.js https://accdn.lpsnmedia.net https://bam.nr-data.net https://js-agent.newrelic.com/nr-1209.min.js https://js-agent.newrelic.com/nr-1210.min.js https://assets.shipperhq.com/shq-checkout_0.1.85.js https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__uk.js https://js-agent.newrelic.com https://web-sdk.aptrinsic.com/api/aptrinsic.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com assets.shipperhq.com *.trustpilot.com tagmanager.google.com https://cdn.jsdelivr.net/npm/swiper@11/ https://maxcdn.bootstrapcdn.com https://assets.shipperhq.com https://web-sdk.aptrinsic.com/style.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.liveperson.net https://*.lpsnmedia.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com rms.shipperhq.com wss://rms.shipperhq.com/ ovs.shipperhq.com https://www.google-analytics.com *.amazonaws.com *.linkedin.com lpcdn.lpsnmedia.net *.adentifi.com *.google-analytics.com *.doubleclick.net *.bing.com *.google.pl https://*.liveperson.net https://*.lpsnmedia.net https://bam.nr-data.net https://amcglobal.sc.omtrdc.net wss://rms.shipperhq.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.es mws.amazonservices.fr api.comapi.com webchat.dotdigital.com *.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com  w2.yotpo.com https://dpm.demdex.net https://esp-m.aptrinsic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://vimeo.com/ https://player.vimeo.com/ https://www.google.com/ https://analytics.google.com https://googleads.g.doubleclick.net https://connect.facebook.net http://www.brildor.com https://*.cookiebot.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://www.brildor.com/ https://cdn.trust.reviews https://*.cookiebot.com https://*.google.com https://*.google.es https://lh3.googleusercontent.com http://stats.g.doubleclick.net/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com https://www.google-analytics.com/ googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://unpkg.com https://www.gstatic.com/ https://js-agent.newrelic.com https://bam-cell.nr-data.net http://www.sandbox.paypal.com http://www.paypal.com https://analytics.google.com https://ssl.google-analytics.com http://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net https://cdn.connectif.cloud https://connect.facebook.net http://www.brildor.com https://app.trust.reviews https://*.cookiebot.com https://*.reskyt.com js.mollie.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.trust.reviews *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://www.google-analytics.com/ www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://*.google.com/ https://www.gstatic.com/ https://analytics.google.com https://*.googlesyndication.com https://*.googleapis.com https://js-agent.newrelic.com https://bam-cell.nr-data.net http://www.sandbox.paypal.com http://www.paypal.com https://googleads.g.doubleclick.net https://eu3-api.connectif.cloud https://connect.facebook.net http://*.brildor.com https://*.brildor.com https://sentry.brildor.es api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com sentry.brildor.es 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.brildor.es/api/5/security&sentry_key=1e4059825f3826e1bf3adc421484e51b&sentry_release=20260311065350&sentry_environment=production; report-to report-endpoint; 1
frame-src 'self'; report-uri https://secure.acsevents.org/site/XFrameViolation 1
font-src https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://code.responsivevoice.org *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.vilmos.co.uk/CspReport?header=Content-Security-Policy-Report-Only 'self'; default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.linkedin.com https://*.googletagmanager.com *.truste.com *.trustarc.com *.trustpilot.com *.bing.com *.adalyser.com https://utt.impactcdn.com *.doubleclick.net *.tiktok.com *.google-analytics.com *.twitter.com *.linkstant.com *.ensighten.com 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png data: blob: https://*.googletagmanager.com *.adnxs.com *.t.co *.adalyser.com *.googlesyndication.com *.bing.net *.trustarc.com *.adsrvr.org *.google.com *.bing.com *.mathtag.com *.google.co.uk *.twitter.com https://t.co *.doubleclick.net *.insight.adsrvr.org https://uk.protectyourbubble.com *.googleadservices.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.trustarc.com *.truste.com; frame-src 'self' *.trustarc.com *.googletagmanager.com *.trustpilot.com *.doubleclick.net forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.bing.net *.trustarc.com *.googlesyndication.com *.doubleclick.net *.bing.com *.google-analytics.com *.google.com *.tiktokw.us *.tiktok.com *.trustpilot.com *.googleapis.com *.googleadservices.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
font-src fonts.gstatic.com *.thron.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ *.iubenda.com *.thron.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.thron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.thron.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://configure-staging.arper.com maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://configure-staging.arper.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ewsA0i-iXfUvLvx62Tgq3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.sagepay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.sagepay.com www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: script.hotjar.com *.trustedshops.com maxcdn.bootstrapcdn.com 'self' data: *.tawk.to https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com kantkonfigurator.feld-eitorf.de *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com consentcdn.cookiebot.com consent.cookiefirst.com google.com/recaptcha/api2 www.gstatic.com/recaptcha/ *.doubleclick.net *.clarity.ms *.visualwebsiteoptimizer.com app.vwo.com *.klarna.com *.facebook.com www.googletagmanager.com *.pinterest.com kantkonfigurator.feld-eitorf.de *.weltpixel.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com https://images.unsplash.com www.google.de *.g.doubleclick.net *.facebook.net *.facebook.com *.clarity.ms chart.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com *.trustedshops.com bat.bing.com *.bing.net *.cookiefirst.com *.doubleclick.net *.storyblok.com www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.ao www.google.co.in www.google.co.ke www.google.co.th www.google.co.uk www.google.com.co www.google.com.do www.google.com.eg www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.dk www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.li www.google.lk www.google.lu www.google.mk www.google.nl www.google.no www.google.pl www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk bat.bing.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com js-agent.newrelic.com bam.nr-data.net google-analytics.com googletagmanager.com consentcdn.cookiebot.com consent.cookiebot.com h.online-metrix.net gstatic.com www.gstatic.com www.google.com *.bing.com *.hotjar.com *.g.doubleclick.net *.clarity.ms commerce-chat.com *.visualwebsiteoptimizer.com app.vwo.com *.trustedshops.com *.cookiefirst.com 'unsafe-inline' data: 'self' data: connect.facebook.net *.analytics.google.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.pinimg.com *.pinterest.com *.scriptcdn.net *.storyblok.com https://www.googletagmanager.com tagmanager.google.com unpkg.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hsforms.net *.hsforms.com *.google.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 127.0.0.1:35729 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com *.cookiefirst.com *.trustedshops.com *.storyblok.com tagmanager.google.com maxcdn.bootstrapcdn.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com https://maps.googleapis.com https://player.vimeo.com bat.bing.com *.hotjar.com *.aiaibot.com *.g.doubleclick.net bam.nr-data.net bam.nr-data.net/events/ consent.cookiebot.com www.facebook.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.klarnaevt.com *.klarnacdn.com *.klarnacdn.net *.klarna.com *.cookiefirst.com *.google.com *.analytics.google.com *.clarity.ms *.hotjar.io wss://ws.hotjar.com api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com *.google.de *.bing.net *.doubleclick.net *.facebook.com *.pinterest.com *.trustedshops.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.co.in www.google.co.uk www.google.com.co www.google.com.do www.google.com.tr www.google.com.ua www.google.cz www.google.dk www.google.es www.google.fr www.google.ge www.google.hr www.google.hu www.google.it www.google.lk www.google.lu www.google.nl www.google.no www.google.pl www.google.ro www.google.ru www.google.si bat.bing.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.tawk.to wss://*.tawk.to *.etrusted.com https://integrations.etrusted.site 127.0.0.1:35729 ws://127.0.0.1:35729 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://906d42bb-492d-4824-b48a-f928e7d30432.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; child-src 'self'; connect-src 'self' *.cookielaw.org *.dhl.com *.onetrust.com *.obi4wan.com *.obi4wan.ai matomo.dhlexpress.nl dhl-routing.prosodie.com *.clarity.ms collector.leadinfo.net api.leadinfo.com collector4.leadinfo.net region1.analytics.google.com www.google-analytics.com google-analytics.com www.google.com www.googletagmanager.com stats.g.doubleclick.net region1.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com https://matomo.dhlexpress.nl/; font-src 'self' fonts.gstatic.com; frame-src 'self' *.googletagmanager.com *.dhl.com feedback.usabilla.com *.cookielaw.org *.onetrust.com about: data: *.youtube-nocookie.com *.youtube.com https://www.google.com; img-src 'self' data: *.cookielaw.org matomo.dhlexpress.nl *.googletagmanager.com googleads.g.doubleclick.net www.google.nl fonts.gstatic.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io vawidget-eu.dhl.com express-resource.dhl.com cdn.leadinfo.net cdn.delivr.net www.googleadservices.com www.google.com; media-src 'self' *.youtube.com; object-src 'none'; script-src 'self' 'report-sample' *.googletagmanager.com https://vawidget-eu.dhl.com *.cookielaw.org *.onetrust.com *.mopinion.com deploy.mopinion.com matomo.dhlexpress.nl https://unpkg.com *.clarity.ms www.googletagmanager.com unpkg.com matomo.js vawidget-eu.dhl.com cdn.leadinfo.net cdn.delivr.net cdn.cookielaw.org express-resource.dhl.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io googleads.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io 'unsafe-inline' https://matomo.dhlexpress.nl/; script-src-elem 'self' 'unsafe-inline' *.clarity.ms https://www.googletagmanager.com https://unpkg.com https://matomo.dhlexpress.nl/matomo.js https://vawidget-eu.dhl.com www.googletagmanager.com unpkg.com matomo.dhlexpress.nl matomo.js vawidget-eu.dhl.com cdn.leadinfo.net cdn.delivr.net cdn.cookielaw.org express-resource.dhl.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io *.cookielaw.org *.onetrust.com *.mopinion.com deploy.mopinion.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io; style-src 'self' 'report-sample' 'unsafe-inline' *.clarity.ms www.googletagmanager.com unpkg.com matomo.dhlexpress.nl matomo.js vawidget-eu.dhl.com cdn.leadinfo.net cdn.delivr.net cdn.cookielaw.org express-resource.dhl.com cdn.jsdelivr.net cdnjs.cloudflare.com polyfill-fastly.io *.cookielaw.org *.onetrust.com *.mopinion.com deploy.mopinion.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' chrome-extension: https://mc.yandex.ru 'unsafe-eval' https://yastatic.net https://enterprise.api-maps.yandex.ru https://mc.yandex.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://mc.yandex.md https://mc.yandex.com; object-src 'self'; report-uri /cspreportonly; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.acmecorp.com *.ooddademo.com *.cloudflare.com *.twitter.com *.google.com *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.acmecorp.com *.ooddademo.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.acmecorp.com *.ooddademo.com *.affirm.com *.twitter.com https://www.google.com https://www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com https://www.magezon.com *.acmecorp.com *.ooddademo.com *.google.com https://www.facebook.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com https://stats.g.doubleclick.net *.clarity.ms *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.alothemes.com *.magepow.com *.acmecorp.com *.ooddademo.com *.twitter.com *.google.com *.facebook.com *.googleadservices.com *.google-analytics.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.gtrsuite.io *.clarity.ms unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.acmecorp.com *.ooddademo.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.youtube.com unsafe-inline assets.braintreegateway.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.acmecorp.com *.ooddademo.com *.affirm.com *.signifyd.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.gtrsuite.io *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.acmecorp.com; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com paymentpage.axepta.bnpparibas *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cl.avis-verifies.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.googleapis.com magefan.com cm.magefan.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org t.mydialoginsight.com axeptio.imgix.net *.disqus.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.gstatic.com static.axept.io https://cdn.jsdelivr.net *.axept.io *.cabesto.com https://cdnjs.cloudflare.com *.disqus.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://cdn.jsdelivr.net *.cabesto.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.wonderpush.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';  script-src * data: blob: 'sha256-KWDEEoZgBqBbDbgZCGB7PwwF1esGq0IMYVkC8xtGpuo=';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.jsdelivr.net connect.facebook.net googleads.g.doubleclick.net js.stripe.com m.stripe.network player.vimeo.com pop.calcworkshop.com scripts.clarity.ms ssl.p.jwpcdn.com tpc.googlesyndication.com www.clarity.ms www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.shopperapproved.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com ssl.p.jwpcdn.com www.shopperapproved.com; connect-src 'self' data: *.akamaized.net *.calcworkshop.com *.clarity.ms *.vimeocdn.com www.google.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.ca www.google.cg www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.id www.google.co.il www.google.co.cr www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.py www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.md www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.tl www.google.tt ad.doubleclick.net adservice.google.com analytics.google.com api.stripe.com cdn.jsdelivr.net entitlements.jwplayer.com fps.ezdrm.com googleads.g.doubleclick.net m.stripe.com o4510312440987648.ingest.us.sentry.io player.vimeo.com playready.ezdrm.com prd.jwpltx.com region1.analytics.google.com ssl.p.jwpcdn.com stats.g.doubleclick.net widevine-dash.ezdrm.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com; media-src 'self' data: blob: *.akamaized.net *.calcworkshop.com *.vimeocdn.com player.vimeo.com; frame-src 'self' bid.g.doubleclick.net connect.facebook.net g.jwpsrv.com js.stripe.com m.stripe.network player.vimeo.com tpc.googlesyndication.com vimeo.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; worker-src 'self' blob:; form-action 'self' connect.facebook.net www.facebook.com; base-uri 'self'; object-src 'none'; report-uri https://calcworkshop.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QcdM_j38ZC2Yim9YHybxjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdn.jsdelivr.net fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.trustpilot.com https://app.trustt.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr maps.googleapis.com maps.gstatic.com *.yotpo.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://app.trustt.io dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io maps.googleapis.com www.gstatic.com www.google.com https://cdnjs.cloudflare.com *.yotpo.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.trustpilot.com https://app.trustt.io dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.typekit.net *.trustpilot.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://app.trustt.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io maps.googleapis.com *.yotpo.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com ws: * dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://*.haco.nu https://*.pinterest.com js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://www.haco.nu https://*.taggrs.io https://*.haco.nu https://www.mollie.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net https://*.cookiefirst.com https://*.pinimg.com https://*.clarity.ms https://*.pinterest.com js.mollie.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.cookiefirst.com https://*.pinimg.com https://*.clarity.ms *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://*.googlesyndication.com https://*.haco.nu https://*.amazonaws.com https://*.pinterest.com https://*.cookiefirst.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' boitempoeditorial.com.br *.boitempoeditorial.com.br wake-components.fbitsstatic.net boitempoeditorial.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.boitempoeditorial.com.br boitempoeditorial.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.portlandmaps.com *.rose.portland.local:* *.portlandoregon.gov *.portland.gov *.inforcloudsuite.com *.bootstrapcdn.com *.jquery.com *.typekit.net *.arcgisonline.com *.arcgisonline.com *.arcgis.com arcg.is *.geocortex.com *.odot.state.or.us *.multco.us gis.oregonmetro.gov navigator.state.or.us *.mapbox.com *.openstreetmap.org *.opentopomap.org *.tableau.com *.ssl.fastly.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.googleapis.com *.gstatic.com *.googleusercontent.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.tiles.wmflabs.org *.loop11.com *.rawgit.com *.imgur.com *.amazonaws.com connect.facebook.net cdn.rawgit.com dojotoolkit.org; frame-ancestors 'self' *.portlandmaps.com *.portlandoregon.gov *.portland.gov; object-src 'none'; report-uri https://portlandmaps.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests;  script-src 'self' googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com; frame-src googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com;   object-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://c408453ef55b803114646d679c50ef77.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com 'self' data: *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.google.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.braintree-api.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ *.google-analytics.com *.affirm.com *.newrelic.com *.nr-data.net *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.com.ua *.braintree-api.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.certcapture.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.magentocommerce.com data: *.google.com *.doubleclick.net *.googleapis.com *.newrelic.com *.nr-data.net *.fontawesome.com *.googleadservices.com *.google-analytics.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.google.com *.google.nl *.kickfire.com *.121getsitdone.com *.firespring.com magefan.com cm.magefan.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com/ *.google.com.ua *.google-analytics.com *.affirm.com *.gstatic.com *.googleapis.com *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com *.paypalobjects.com *.braintree-api.com *.amazonaws.com *.livechatinc.com *.multiview.com *.kickfire.com *.simpli.fi *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.certcapture.com assets.braintreegateway.com *.bootstrapcdn.com *.google.com.ua *.newrelic.com *.nr-data.net *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.googletagmanager.com *.datatables.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.affirm.com *.fontawesome.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.com.ua *.googleapis.com *.authorize.net 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem https://*.usercentrics.eu/ https://bestware.com *.bestware.tech local.bestware https://*.googletagmanager.com https://*.google.com https://*.gstatic.com www.google-analytics.com https://*.easycredit.de https://*.klaviyo.com https://widgets.trustedshops.com/ https://*.bing.com/ https://*.facebook.com/ https://*.facebook.net/ https://*.twitter.com/ https://static.ads-twitter.com/ https://*.payments-amazon.com/ https://*.cptrack.de https://survey.survicate.com/ https://analytics.tiktok.com/ https://static.zdassets.com/ 'self' 'unsafe-inline' https://www.paypal.com/ https://*.jquery.com/ https://*.zendesk.com/ https://*.etracker.com https://*.etracker.de; font-src https://*.klaviyo.com https://*.danova.de *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https: https://seo.mageplaza.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https: https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https: https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://bestware.com *.bestware.tech local.bestware https://app.usercentrics.eu/ https://*.google.de https://google.co.* https://*.bing.com/ https://bat.bing.net/ https://*.twitter.com/ https://*.facebook.com/ https://*.trustedshops.com/ https://*.cloudfront.net/ https://t.co/ https://www.gstatic.com/ https://analytics.tiktok.com/ https://assets.adobedtm.com/ https://*.etracker.com https://*.etracker.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ratenkauf.easycredit.de *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.usercentrics.eu/ https://widgets.trustedshops.com/ https://*.bing.com/ https://*.facebook.net/ https://static.ads-twitter.com/ https://*.jquery.com/ https://*.etracker.com https://*.etracker.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ratenkauf.easycredit.de *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.klaviyo.com https://*.danova.de https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.bestware.com https://bestware.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.analytics.google.com *.google.com google.com *.googlesyndication.com/ https://api.usercentrics.eu/ https://*.doubleclick.net/ https://*.facebook.com/ https://bat.bing.net/ https://analytics.tiktok.com/ https://ekr.zdassets.com/ https://*.zendesk.com/ wss://*.zendesk.com/ https://*.danova.de https://*.etracker.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ratenkauf.easycredit.de t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com https://widgets.trustedshops.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cookiebot.com https://widget.trustpilot.com *.addthis.com *.facebook.com *.twitter.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.placeholder.com *.linkedin.com *.cookiebot.com https://images.unsplash.com https://belco-prod.s3-eu-central-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.disqus.com *.addthisedge.com *.twitter.com https://www.mollie.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com bam-cell.nr-data.net bam.nr-data.net *.cookiebot.com https://maps.googleapis.com https://player.vimeo.com https://widget.trustpilot.com https://cdn.belco.io *.belco.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com js.mollie.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cookiebot.com https://*.googleapis.com https://static.klaviyo.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://cdn.jsdelivr.net *.fontawesome.com *.multisafepay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com bam-cell.nr-data.net *.cookiebot.com https://maps.googleapis.com https://player.vimeo.com wss://chat.belco.io https://cdn.belco.io *.belco.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /csp-report.php; 1
object-src 'none';font-src 'self' data: https://fonts.gstatic.com/s/;img-src 'self' http://imgsct.cookiebot.eu https://img.sct.eu1.usercentrics.eu data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://pagead2.googlesyndication.com;connect-src 'self' https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://defensie.matomo.cloud https://pagead2.googlesyndication.com https://px.ads.linkedin.com;script-src 'self' 'strict-dynamic' https://consentcdn.cookiebot.eu/consentconfig/ https://defensie.matomo.cloud 'nonce-Oa1ZZQoo6NLZHKI4afj3Fmjl';style-src 'self' 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-CdIozmcGfHPIhERE47oWyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/transparency_google 1
default-src 'self'; script-src 'self' 'nonce-q9H5YYbkhOHmwQU8UEevZM0T1Pm2cMoAFbdcf9ksDppNuw_Lg9LZMQ' https://cdn.trackboxx.info 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://nordlb.de https://*.nordlb.de https://nordlb.com https://*.nordlb.com https://hit.trackboxx.info; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://mailing.nordlb.de; media-src 'self' blob:; script-src-elem 'self' 'nonce-q9H5YYbkhOHmwQU8UEevZM0T1Pm2cMoAFbdcf9ksDppNuw_Lg9LZMQ' https://cdn.trackboxx.info 'sha256-Ml5Nkwfy8xmyalWIgp9Vfjfh9EFc1pjxIXVNc5/1jQc=' 'sha256-6u/HC5w+unW3nJuE+d9WlbUor3ayO+8YsjtFnxTPwaA=' 'sha256-8ZuOkTvJhr9SQhAirWN4+9TCVRFC9vYDrBAGqVsRyOo=' 'sha256-X3XjG8kdxszkIHrgG3yPcJ7w6k+FnZ+KYhp/uDUrpho=' 'report-sample'; style-src 'self' 'sha256-Ml5Nkwfy8xmyalWIgp9Vfjfh9EFc1pjxIXVNc5/1jQc=' 'sha256-GqiEX9BuR1rv5zPU5Vs2qS/NSHl1BJyBcjQYJ6ycwD4=' 'report-sample'; worker-src blob:; connect-src 'self' https://hit.trackboxx.info; object-src 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://www.nordlb.de/@http-reporting?csp=report&requestTime=1773711550758062&requestHash=f6231b5f52effbb1a191f246152aca4f5c3ffd46 1
object-src 'none';base-uri 'self';script-src 'nonce-WiHkaNSwOuQfG3CWH_CRCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src none:; font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com *.tawk.to *.sirv.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com none: 'self' 'unsafe-inline'; frame-ancestors none: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com none: 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com magefan.com cm.magefan.com *.disqus.com *.sirv.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com *.disqus.com *.avada.io cdn.maptiler.com *.tawk.to none: report-sample: *.sirv.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com www.gstatic.com *.fontawesome.com cdn.maptiler.com *.tawk.to unsafe-inline: *.sirv.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sirv.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://translate.googleapis.com *.googleapis.com *.googleadservices.com *.googletagmanager.com  *.sandbox.paypal.com *.paypalobjects.com https://get.geojs.io *.avada.io *.tawk.to wss://*.tawk.to none: *.sirv.com *.youtube.com blob: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com * unsafe-inline: unsafe-eval: block-all-mixed-content: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.threatview.app/report;; report-to report-endpoint; 1
default-src 'self' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com;style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com https://dalelane.eu.auth0.com https://secure.gravatar.com https://www.youtube.com https://www.youtube-nocookie.com https://browser.sentry-cdn.com https://scripts.withcabin.com https://esm.run https://cdn.jsdelivr.net https://machinelearningforkids.co.uk;script-src-elem 'self' blob: 'unsafe-eval' 'unsafe-inline' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com https://dalelane.eu.auth0.com https://secure.gravatar.com https://www.youtube.com https://www.youtube-nocookie.com https://browser.sentry-cdn.com https://scripts.withcabin.com https://esm.run https://cdn.jsdelivr.net https://machinelearningforkids.co.uk;script-src-attr 'unsafe-inline';frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://login.machinelearningforkids.co.uk;img-src 'self' https://auth0.com http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com data: blob: *;worker-src 'self' blob:;font-src 'self' data:;connect-src 'self' https://proxy.machinelearningforkids.co.uk https://sentry.io https://ping.withcabin.com https://huggingface.co https://cas-bridge.xethub.hf.co https://raw.githubusercontent.com https://machinelearningforkids.co.uk https://mlforkids-newnumbers.j8ahcaxwtd1.au-syd.codeengine.appdomain.cloud https://mlforkids-newnumbers.j8clybxvjr0.us-south.codeengine.appdomain.cloud https://mlforkids-newnumbers.j8ayd8ayn23.eu-de.codeengine.appdomain.cloud https://mlforkids-newnumbers.1re3wh44gzos.eu-de.codeengine.appdomain.cloud https://login.machinelearningforkids.co.uk;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
report-uri https://fresh-tracks-canada.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-NFbFoGOi26NcDMLizUz-Zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ERT3W2vLbteALXsYN5OEMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src id.quicklaunch.io 'self'; connect-src 'self' lcas-dev.lakelandcc.edu lcas.lakelandcc.edu www.lakelandcc.edu myportal-new-dev.lakelandcc.edu myportal.lakelandcc.edu: report-uri https://lakeland.report-uri.com/r/t/csp/wizard 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com challenges.cloudflare.com lh-dottie.dcatalog.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com *.google.com/ webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net maps.gstatic.com https://www.magezon.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com challenges.cloudflare.com html5.dcatalog.com cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal maps.googleapis.com *.google.com/ webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com webchat.dotdigital.com webchat.staging.dotdigital.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com bam.nr-data.net maps.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
manifest-src 'self'; worker-src blob: jsctool.com; script-src 'self' 'strict-dynamic' 'nonce-343d89caf1707c81dbed1c0a23c44d3d' 'unsafe-eval' *.cloudflare.com cdn.trustindex.io; frame-src 'self' *.moon-fachhandel.de *.motion-tm.de *.handytick.de *.talkline.de *.doubleclick.net www.googletagmanager.com *.google.com *.cloudflare.com *.paypal.com *.braintreegateway.com www.facebook.com; media-src data: *.moon-fachhandel.de *.motion-tm.de *.handytick.de *.talkline.de; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub5786f9d787e82c3541d0856246b9230e&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=production&host=www.handytick.de 1
default-src 'self'; script-src 'self' 'unsafe-hashes' 'sha256-u7q4c5i0dFA4WdZcdX0lItFS7Plw7BvMpWADeKlLVUs=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' https://www.googletagmanager.com https://www.google-analytics.com https://accounts.google.com https://cdn-4.convertexperiments.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://tags.creativecdn.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://cdn.onesignal.com https://chimpstatic.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.cl https://www.googleadservices.com https://accounts.google.com https://static-cdn-prod.cocha.cloud https://gcp-production-cdn.cocha.cloud https://bat.bing.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://accounts.google.com https://static-cdn-prod.cocha.cloud https://gcp-production-cdn.cocha.cloud https://apis-prod.cocha.cloud https://region1.google-analytics.com https://bat.bing.com https://analytics.tiktok.com https://onesignal.com https://cdn.onesignal.com https://api.hotjar.com https://content.hotjar.io wss://ws.hotjar.com https://cdn-4.convertexperiments.com https://us.creativecdn.com https://metrics.hotjar.io https://maps.googleapis.com https://maps.gstatic.com; media-src 'self' https://static-cdn-prod.cocha.cloud; frame-src 'self' https://www.googletagmanager.com https://accounts.google.com https://bid.g.doubleclick.net; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
worker-src *.gemaire.com; font-src *.fontawesome.com use.typekit.net fonts.gstatic.com www.cvent-assets.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.weltpixel.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gemaire.com www.google.pl cdn.cookielaw.org *.scene7.com/ maps.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.gemaire.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.cookielaw.org cdn.rudderlabs.com js-agent.newrelic.com survey.survicate.com service.force.com gemaire.my.salesforce.com *.salesforceliveagent.com www.cvent.com www.cvent-assets.com maps.googleapis.com *.google-analytics.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.gemaire.com use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com www.cvent-assets.com service.force.com gemaire.secure.force.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.certcapture.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.gemaire.com browser-intake-datadoghq.com cdn.cookielaw.org *.google-analytics.com *.algolia.net *.algolianet.com stats.g.doubleclick.net api.rudderstack.com bam.nr-data.net js-agent.newrelic.com *.dataplane.rudderstack.com maps.googleapis.com www.cvent.com *.scene7.com *.onetrust.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://widgets.trustedshops.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com https://plumrocket.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://plumrocket.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://vimeo.com https://player.vimeo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://accounts.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://accounts.google.com https://www.gstatic.com *.yotpo.com *.klarnacdn.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.klarnaservices.com *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ js.mollie.com vars.hotjar.com app.usercentrics.eu web.cmp.usercentrics.eu cdn.lightwidget.com www.googletagmanager.com ct.pinterest.com dt.reellworld.com www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://www.mollie.com www.google.de *.cdninstagram.com app.usercentrics.eu bat.bing.com lt45.net ct.pinterest.com www.xtento.com cdn.xtento.com www.google.com.ua maps.gstatic.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com *.google.com/ js.mollie.com static.hotjar.com script.hotjar.com bat.bing.com app.usercentrics.eu cdn.lightwidget.com *.clarity.ms cq.reellworld.com ct.pinterest.com web.cmp.usercentrics.eu www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com graph.instagram.com in.hotjar.com bat.bing.com graphql.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu *.clarity.ms cq.reellworld.com *.analytics.google.com www.google.de dt.reellworld.com ct.pinterest.com web.cmp.usercentrics.eu *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.force.com https://*.docusign.net 'self' https://stats.g.doubleclick.net https://api.mixpanel.com https://clients.smartsecure.tsys.co.uk:443 https://*.springcm.com https://acs.apata.io https://www.securesuite.co.uk https://*.clm.docusign.mil https://channel-cards-html.lloydsbankinggroup.com https://danskebank-3ds-vdm.wlp-acs.com https://santander.freightos.com https://mycardsecure.com https://fonts.gstatic.com/ https://sccb--c.um5.visual.force.com https://geolocation.onetrust.com https://sccb.my.salesforce.com https://live.sagepay.com https://www.rsa3dsauth.co.uk https://*.mpts.modirum.com https://www.santandernavigator.co.uk blob: https://sccb--llc-bi.um5.visual.force.com https://santander.freightos.cn https://cdn-ukwest.onetrust.com https://sccb--c.documentforce.com https://*.clmfed.docusign.com https://vimeo.com https://verify.monzo.com https://www.googletagmanager.com https://*.arcot.com https://www.google-analytics.com *.salesforce.com https://acs.airplus.com https://*.rsa3dsauth.co.uk https://authentication.cardinalcommerce.com https://acs.revolut.com https://authentication-acs.marqeta.com data:; report-to sfdc-csp-ep; report-uri https://sccb.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D0Y000000YCdJ&networkId=0DM4J0000008nyc&type=communities 1
script-src 'self' 'unsafe-inline' chrome-extension: https://mc.yandex.ru 'unsafe-eval' https://smartcaptcha.yandexcloud.net https://mc.yandex.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://mc.yandex.md https://mc.yandex.com https://smartcaptcha.yandexcloud.net; object-src 'self'; report-uri /cspreportonly; 1
img-src https://higherlogicdownload.s3.amazonaws.com/NASN/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NASN/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogiclongterm.s3.amazonaws.com/NASN/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://higherlogicstream.s3.amazonaws.com/NASN/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://*.facebook.com https://*.facebook.com/ https://cdn.openwidget.com/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self' https://*.facebook.com; object-src 'none'; manifest-src 'self'; 1
default-src 'none'; script-src 'self' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com tr.capterra.com snap.licdn.com static.ads-twitter.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com scripts.clarity.ms https://assets-us11.flostack.io/js/flo.min.js app.factors.ai *.hubspot.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hs-scripts.com *.hsforms.com *.hsforms.net; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in *.hubspot.com *.hsforms.com *.hsforms.net; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com px.ads.linkedin.com analytics.google.com *.clarity.ms *.contentsquare.net tr.capterra.com api.factors.ai api.mapbox.com *.tiles.mapbox.com *.bablic.com *.hubspot.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hubapi.com *.flostack.io; media-src 'self'; frame-src salesiq.zohopublic.com www.youtube.com www.googletagmanager.com *.hubspot.com *.hsforms.com *.hsforms.net; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.klaviyo.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.googletagmanager.com *.doubleclick.net *.redintelligence.net *.trustpilot.com *.googlesyndication.com *.dwin1.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.magezon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.google.com *.google.co.uk *.gstatic.com *.googlesyndication.com *.bing.com *.bing.net *.cloudflare.com *.cloudfront.net *.roeye.com *.freshchat.com *.clarity.ms *.wisepops.com wisepops.net *.soreto.com *.tiktok.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io *.shopify.com *.google.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.tiktok.com *.taboola.com *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.withcubed.com *.roeyecdn.com *.klaviyo.com *.trustpilot.com *.visualwebsiteoptimizer.com *.payments-amazon.com fw-cdn.com cdn-sitegainer.com *.ip-api.com *.cloudflare.com *.cloudfront.net *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.googleapis.com *.vimeo.com *.freshchat.com *.hotjar.com *.hsforms.net *.hsforms.com https://snippets.freshchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com data: *.googleapis.com *.googlesyndication.com *.typekit.net *.seersco.com *.klaviyo.com *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googlesyndication.com *.doubleclick.net *.bing.com *.bing.net *.taboola.com *.tiktok.com *.tiktokw.us *.seersco.com *.soreto.com *.clarity.ms *.wisepops.com wisepops.net *.awinblackfriday.com *.freshchat.com *.amazonaws.com *.googletagmanager.com *.dwin1.com *.trustpilot.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; connect-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com *.oktacdn.com *.mixpanel.com *.mapbox.com bwia.kerberos.okta.com bwia.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com; frame-src 'self' bwia.okta.com bwia-admin.okta.com bwlogin.iaproducers.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' bwia.okta.com bwlogin.iaproducers.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' bwia.okta.com bwlogin.iaproducers.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://www.bwproducers.com 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com cdn.checkout.com *.global-e.com *.bglobale.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.bglobale.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.global-e.com *.newrelic.com *.bglobale.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.paypal.com *.bglobale.com *.global-e.com https://unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.bglobale.com *.global-e.com https://static.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.paypalobjects.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.pinterest.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * *.trustedshops.com cdn.cookielaw.org res.cloudinary.com www.b2c-nfinity.com t.squeezely.tech cdn-icons-png.flaticon.com docker.creative-serving.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.etrusted.com *.pinterest.com bat.bing.com *.adyen.com *.facebook.com img.youtube.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.co.uk *.google.ca b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net *.amazonaws.com blob: www.google.ge magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://rum.hlx.page *.trustedshops.com squeezely.tech bat.bing.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be unpkg.com cdn.jsdelivr.net commerce.adobe.net *.googletagmanager.com cdn.doofinder.com analytics.tiktok.com *.google.co.uk *.google.ca s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net *.trustpilot.com *.sendcloud.sc *.jsdelivr.net https://connect.facebook.net *.google.fr *.disqus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.etrusted.com *.pinterest.com *.sendcloud.sc *.jsdelivr.net *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com youtu.be www.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.google.lk analytics.topdrinks.nl ws.hotjar.com wss://ws.hotjar.com content.hotjar.io analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.adyen.com maps.googleapis.com nominatim.openstreetmap.org *.onyourmap.com *.mapbox.com *.doofinder.com wss://*.doofinder.com analytics.tiktok.com ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.sendcloud.sc *.cdn.jsdelivr.net https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca bat.bing.net bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-a3LnnW5G0wlpsB79qYb_1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'    https://www.googletagmanager.com    https://www.google-analytics.com    https://googleads.g.doubleclick.net    https://www.googleadservices.com    https://www.clarity.ms    https://d1wi3p9y2i20go.cloudfront.net    https://assets.orangehealth.in    https://n.clarity.ms    https://connect.facebook.net    https://api-js.mixpanel.com    https://assets.loginwithamazon.com;  img-src 'self' 'unsafe-inline'    https://d1wi3p9y2i20go.cloudfront.net    https://oh-prod-assets.s3.ap-south-1.amazonaws.com    https://assets.orangehealth.in    https://www.facebook.com    https://googleads.g.doubleclick.net    https://www.google.com    https://www.google.co.in    https://www.googleadservices.com    https://www.googletagmanager.com    https://c.clarity.ms    https://c.bing.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval'    https://assets.orangehealth.in    https://d1wi3p9y2i20go.cloudfront.net    https://oh-prod-assets.s3.ap-south-1.amazonaws.com; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; frame-src https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' https: data:; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; manifest-src 'self' https:; media-src 'self' https:; connect-src 'self' https: 1
object-src 'none';base-uri 'self';script-src 'nonce-VnBh6Yu-jmgdh-BCdxdbqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.postfinance.ch *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.postfinance.ch *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.postfinance.ch cdn.ampproject.org www.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com cdn.ampproject.org www.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mPGBMLhiJCy_YM8AhqgYnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://www.digita.fi/app/themes/digita/dist/scripts/polyfills-7cba9be83f88d2e3c65e.js https://assets.juicer.io/embed-no-jquery.js https://bot.leadoo.com/bot/dynamic.js https://connect.facebook.net/en_US/fbevents.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/57cc69b8-8520-4aa6-ac3a-0ee5e2311b97/state.js https://eu2.snoobi.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/980469902/ https://mktdplp102cdn.azureedge.net/public/latest/js/ws-tracking.js https://sc.lfeeder.com/lftracker_v1_bElvO73X0YV4ZMqj.js https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-1971876.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://consent.cookiebot.com/57cc69b8-8520-4aa6-ac3a-0ee5e2311b97/cc.js https://www.googletagmanager.com/gtm.js https://bot.leadoo.com/i/al/lanlt.js https://www.google-analytics.com/plugins/ua/linkid.js https://bot.leadoo.com/bot/chat.js https://v1.bot.leadoo.com/bot/chat.js https://consent.cookiebot.com/logconsent.ashx https://www.googletagmanager.com/gtag/destination https://connect.facebook.net/signals/config/234079757978399 https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__en.js;connect-src 'self' https://consent.app.cookieinformation.com/api/consent www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com policy.app.cookieinformation.com https://policy.app.cookieinformation.com https://yoast.com https://anl.leadoo.com https://bot.leadoo.com https://consentcdn.cookiebot.com https://px.ads.linkedin.com https://region1.analytics.google.com https://res.leadoo.com https://v1.bot.leadoo.com https://www.google-analytics.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net/pagead/landing https://stats.g.doubleclick.net/g/collect;style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://assets.juicer.io https://fonts.googleapis.com https://res.leadoo.com;object-src 'none';base-uri 'self';font-src 'self' data: https://fonts.gstatic.com https://res.leadoo.com https://static.juicer.io;frame-src 'self' https://policy.app.cookieinformation.com https://www.google.com https://consentcdn.cookiebot.com https://mapservice.digita.fi https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com;img-src 'self' data: https://2bbf3fdcc12f467e83bc10c46bd1dc7a.svc.dynamics.com https://eu2.snoobi.com https://ia.leadoo.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://res.leadoo.com https://tr.lfeeder.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.google.fi/ads/ga-audiences https://www.google.fi/pagead/1p-user-list/980469902/;manifest-src 'self';media-src 'self';worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com cdn.userway.org 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors api.hubapi.com *.linkedin.com *.twitter.com t.co *.reddit.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com api.hubapi.com *.linkedin.com *.company-target.com *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com api.hubapi.com *.linkedin.com dev.visualwebsiteoptimizer.com *.hubspot.com virtuosity.com.br *.virtuosity.com.br seequent.com *.seequent.com *.cookielaw.org integration-5ojmyuq-5xh6rknhsg5g2.us-5.magentosite.cloud virtuosity.integration-5ojmyuq-5xh6rknhsg5g2.us-5.magentosite.cloud seequent.integration-5ojmyuq-5xh6rknhsg5g2.us-5.magentosite.cloud *.bentley.com t.co *.twitter.com *.reddit.com id.rlcdn.com *.bing.com *.google.co.in *.company-target.com *.facebook.com *.nr-data.net perf-na1.hsforms.com *.hsforms.com cdn.userway.org *.virtuosity.com tags.srv.stackadapt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://rum.hlx.page api.hubapi.com *.linkedin.com *.hubspot.com virtuosity.com.br *.virtuosity.com.br seequent.com *.seequent.com *.ads-twitter.com *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com *.marketo.com *.twitter.com *.bing.com cdn.syndication.twimg.com cdn.mouseflow.com/projects/*.js cdn.mouseflow.com *.onetrust.com cdn.cookielaw.org *.demandbase.com google-analytics.com googletagmanager.com munchkin.marketo.net *.licdn.com t.co unpkg.com *.redditstatic.com *.google-analytics.com *.googletagmanager.com *.facebook.net js-agent.newrelic.com *.bentley.com js.hs-scripts.com js.hsforms.net js.usemessages.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com dev.visualwebsiteoptimizer.com cdn.userway.org *.mplat-ppcprotect.com *.cloudfront.net pixel.byspotify.com *.stackadapt.com *.amazonaws.com qvdt3feo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com api.hubapi.com *.linkedin.com virtuosity.com.br *.virtuosity.com.br seequent.com *.seequent.com *.marketo.com *.marketo.net *.google.com *.licdn.com *.bing.com *.twitter.com *.onetrust.com ton.twimg.com unpkg.com *.googletagmanager.com cdn.userway.org tags.srv.stackadapt.com *.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src api.hubapi.com *.linkedin.com *.googlesyndication.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.adobedc.net *.demdex.net *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com api.addressy.com api.hubapi.com *.linkedin.com virtuosity.com.br *.virtuosity.com.br seequent.com *.seequent.com *.mktoresp.com *.onetrust.com *.cookielaw.org *.linkedin.oribi.io *.company-target.com *.doubleclick.net *.google-analytics.com *.demandbase.com *.facebook.com *.visualwebsiteoptimizer.com *.hubspot.com js.hs-banner.com *.mouseflow.com *.redditstatic.com *.mplat-ppcprotect.com *.cloudfront.net pixels.spotify.com tags.srv.stackadapt.com *.userway.org *.hsforms.com *.amazonaws.com *.reddit.com api.smartling.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.paypal.com *.paypalobjects.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sandbox.paypal.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.sandbox.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.avada.io *.shopify.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io *.sandbox.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-nA8BVP3P1TPmkWr4QnhuSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.magentosale.com ct.pinterest.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.magentosale.com www.pinterest.com s.pinimg.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.magentosale.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.magentosale.com ct.pinterest.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' airtools-loomis.prod-mid-euw3.investis.com captcha.loomis.com cdn.cookielaw.org cdnjs.cloudflare.com code.jquery.com irs.tools.investis.com www.googletagmanager.com;               script-src 'strict-dynamic' 'self' 'nonce-Jl/oZjYzMfsL+YA5Ye+C+lDUzbU='  'sha384-11cX+Naw18bPoIYxEkQI+DltxbxL5/5L0krcoW8ObmMGsC3OiLBkmZjXSWPrrjYh' captcha.loomis.com *.googleapis.com cdn.cookielaw.org cdnjs.cloudflare.com code.jquery.com loomis.jobbase.io loomis.onlyfy.jobs www.googletagmanager.com www.google.com www.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com connect.facebook.net snippet.capybara.lmc.cz www.googleadservices.com loomis-dk.containers.piwik.pro *.dailymotion.com *.dmcdn.net *.wistia.com *.wistia.net *.wistia.net fast.wistia.com;               style-src 'self' 'unsafe-inline' captcha.loomis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com snippet.capybara.lmc.cz *.wistia.com;               img-src 'self' data: captcha.loomis.com cdn.cookielaw.org cdn-endpoint-sitecorecdn-es-01.azureedge.net px.ads.linkedin.com www.facebook.com www.googleadservices.com www.googletagmanager.com img.icons8.com media.licdn.com 1.bp.blogspot.com cdn.theorg.com googleads.g.doubleclick.net maps.gstatic.com *.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.wistia.com;               connect-src 'self' 'unsafe-inline' data: airtools-loomis.prod-mid-euw3.investis.com *.google.com google.com px.ads.linkedin.com *.google-analytics.com captcha.loomis.com cdn.cookielaw.org privacyportal-de.onetrust.com geolocation.onetrust.com api.capybara.lmc.cz www.googleadservices.com www.google.se www.facebook.com *.googleapis.com *.wistia.com *.wistia.net;               font-src 'self' 'unsafe-inline' fonts.gstatic.com snippet.capybara.lmc.cz *.wistia.com;               frame-src 'self' airtools-loomis.prod-mid-euw3.investis.com irs.tools.investis.com loomis.onlyfy.jobs td.doubleclick.net www.youtube.com www.youtube-nocookie.com otp.investis.com otp.tools.investis.com view.genially.com *.google.com *.googletagmanager.com google.com googletagmanager.com publish.ne.cision.com *.dailymotion.com geo.dailymotion.com *.dmcdn.net *.wistia.com *.wistia.net fast.wistia.com iframe.mediadelivery.net;               worker-src 'self' blob:;               object-src 'none';               base-uri 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-WRH-lfPiDEcW8Rllk8ja0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.sitejabber.com *.smartcustomer.com *.gstatic.com *.nexcesscdn.net https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com td.doubleclick.net *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.amazonaws.com *.postcodeanywhere.co.uk *.cloudfront.net *.godaddy.com *.sitejabber.com *.smartcustomer.com *.edesk.com *.securitymetrics.com *.sixityauto.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.facebook.com *.bing.com *.bing.net *.analytics.yahoo.com *.wistia.com *.nexcesscdn.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.trackedlink.net https://helloextend-static-assets.s3.amazonaws.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com data.stats.tools *.googleadservices.com *.googlesyndication.com *.g.doubleclick.net *.googleapis.com *.google.com *.sitejabber.com *.smartcustomer.com *.xsellco.com *.newrelic.com *.nr-data.net *.searchspring.net *.capredict.com *.pcapredict.com *.godaddy.com *.addressy.com *.bing.com *.bing.net *.facebook.net *.yimg.com *.pepperjam.com *.wistia.com *.sentry-cdn.com *.clarity.ms *.nexcesscdn.net *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://*.helloextend.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressy.com *.sitejabber.com *.smartcustomer.com *.xsellco.com *.searchspring.net *.googleapis.com *.nexcesscdn.net webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.com *.sixityauto.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.addressy.com *.searchspring.io *.sitejabber.com *.smartcustomer.com *.xsellco.com *.newrelic.com *.nr-data.net *.bing.net *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.g.doubleclick.net google.com *.google.com *.analytics.google.com *.yimg.com *.attentivemobile.com *.wistia.com *.litix.io *.amazonaws.com *.clarity.ms *.bing.com *.nexcesscdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.helloextend.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src https://bbb.test bbbcycling.com; font-src cash-f.squarecdn.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com consentcdn.cookiebot.com td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * https://images.unsplash.com *.gstatic.com *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.pon.bike images.pondigital.solutions *.google.nl *.google.com *.mailplus.nl imgsct.cookiebot.com widget.thuiswinkel-cdn.org *.hotjar.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com *.googleapis.com tagmanager.google.com https://www.googletagmanager.com *.storyblok.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com www.facebook.com chimpstatic.com rum-static.pingdom.net rum-collector-2.pingdom.net consentcdn.cookiebot.com consent.cookiebot.com googleads.g.doubleclick.net widget.thuiswinkel.org widget.thuiswinkel-cdn.org *.clarity.ms restapi.mailplus.nl squeezely.tech static.hotjar.com script.hotjar.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.storyblok.com *.typekit.net widget.thuiswinkel-cdn.org https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com devdocs.magento.com rum-collector-2.pingdom.net widgetcontent.thuiswinkel-cdn.org www.google.com *.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com *.hotjar.com *.hotjar.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.gstatic.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com *.klaviyo.com *.zip.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paymentexpress.com *.windcave.com *.klaviyo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app winathuntingandfishing.co.nz *.laybuy.com *.addthis.com *.facebook.com huntingandfishing.freshdesk.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.paymentexpress.com *.windcave.com www.xtento.com *.doubleclick.net *.issuu.com app.redpepperdigital.net *.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com *.cloudflare.com *.cloudfront.net https://cdn.klarna.com *.gstatic.com *.paypal.com *.afterpay.com https://s.ytimg.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.clarity.ms *.bing.com t.zip.co static.zipmoney.com.au *.paymentexpress.com *.windcave.com www.xtento.com cdn.xtento.com *.google.co.nz *.zip.co partpayassets.blob.core.windows.net tags.srv.stackadapt.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.cloudflare.com *.cloudfront.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.intercomcdn.com *.intercom.io *.addthis.com *.addthisedge.com *.moatads.com *.facebook.net *.clarity.ms *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ static.zipmoney.com.au zip.co *.paymentexpress.com *.windcave.com www.xtento.com cdn.xtento.com *.hotjar.com *.zip.co zipmoney.com.au app.redpepperdigital.net tags.srv.stackadapt.com *.google.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.typekit.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ *.zip.co tags.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdninstagram.com *.instagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.cloudfront.net foursixty.com *.paypal.com *.googleapis.com *.addthis.com *.addthisedge.com *.moatads.com *.intercom.io *.cdninstagram.com *.instagram.com *.clarity.ms *.doubleclick.net *.freshworks.com google.com *.hotjar.io *.zip.co tags.srv.stackadapt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com gum.criteo.com *.gum.criteo.com servedby.flashtalking.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bird.eu www.google.it *.google.it secure.adnxs.com *.secure.adnxs.com *.adnxs.com x.bidswitch.net *.x.bidswitch.net *.bidswitch.net ib.adnxs.com *.ib.adnxs.com ad.360yield.com *.ad.360yield.com *.360yield.com contextual.media.net *.contextual.media.net sync.outbrain.com *.sync.outbrain.com *.outbrain.com pixel.rubiconproject.com *.pixel.rubiconproject.com *.rubiconproject.com match.sharethrough.com *.match.sharethrough.com *.sharethrough.com rtb-csync.smartadserver.com *.rtb-csync.smartadserver.com *.smartadserver.com sync-t1.taboola.com *.sync-t1.taboola.com *.taboola.com criteo-sync.teads.tv *.criteo-sync.teads.tv *.teads.tv eb2.3lift.com *.eb2.3lift.com *.3lift.com ups.analytics.yahoo.com *.ups.analytics.yahoo.com *.analytics.yahoo.com e1.emxdgt.com *.e1.emxdgt.com *.emxdgt.com cm.adform.net *.cm.adform.net *.adform.net visitor.omnitagjs.com *.visitor.omnitagjs.com *.omnitagjs.com r.casalemedia.com *.r.casalemedia.com *.casalemedia.com gum.criteo.com *.gum.criteo.com *.criteo.com matching.ivitrack.com *.matching.ivitrack.com *.ivitrack.com exchange.mediavine.com *.exchange.mediavine.com *.mediavine.com simage2.pubmatic.com *.simage2.pubmatic.com *.pubmatic.com criteo-partners.tremorhub.com *.criteo-partners.tremorhub.com *.tremorhub.com ad.yieldlab.net *.ad.yieldlab.net *.yieldlab.net sync-criteo.ads.yieldmo.com *.sync-criteo.ads.yieldmo.com *.ads.yieldmo.com beacon.krxd.net *.beacon.krxd.net *.krxd.net s.thebrighttag.com *.s.thebrighttag.com *.thebrighttag.com *.igodigital.com id5-sync.com *.id5-sync.com trk.datnova.com *.trk.datnova.com *.datnova.com *.enervit.com *.kleecks-cdn.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.awin1.com www.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com consent.cookiebot.com *.consent.cookiebot.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com *.cookiebot.com *.dwin1.com static.criteo.net *.static.criteo.net enervit.mailmnsa.com *.enervit.mailmnsa.com sslwidget.criteo.com *.sslwidget.criteo.com *.criteo.com js.cookieless-data.com *.js.cookieless-data.com *.cookieless-data.com smct.co *.smct.co js.sddan.com *.js.sddan.com trk.datnova.com *.trk.datnova.com *.datnova.com js-agent.newrelic.com *.js-agent.newrelic.com *.newrelic.com *.nr-data.net *.bam.nr-data.net 510004521.collect.igodigital.com *.collect.igodigital.com *.teads.tv *.iubenda.com maps.googleapis.com *.amazon-adsystem.com js-tag.zemanta.com acdn.adnxs.com *.equalweb.com *.kleecks-cdn.com *.kleecks-stats.com cdn.jsdelivr.net *.avada.io *.shopify.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.kleecks-cdn.com https://fonts.bunny.net *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.enervit.com *.kleecks-cdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net google.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.google.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net stats.g.doubleclick.net *.stats.g.doubleclick.net region1.analytics.google.com *.region1.analytics.google.com enervit.mailmnsa.com *.enervit.mailmnsa.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com *.nr-data.net *.bam.nr-data.net *.iubenda.com maps.googleapis.com *.equalweb.com *.kleecks-stats.com *.algolia.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com places.googleapis.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-p9TRpYd5oJshos8EA1AAEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.authorize.net secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://www.magezon.com customvideosecurity.com paradoxlabs.com www.ltsecurityinc.com tools.luckyorange.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.avada.io *.google.com/ *.authorize.net *.livechatinc.com cdn.livechatinc.com www.gstatic.com www.google.com tools.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tools.luckyorange.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://get.geojs.io *.avada.io *.authorize.net api.livechatinc.com settings.luckyorange.com tools.luckyorange.com realtime.luckyorange.com api-preview.luckyorange.com wss://in.visitors.live wss://realtime.luckyorange.com ipapi.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self' https;connect-src 'self';media-src 'self';object-src 'none';frame-src 'self';frame-ancestors 'self';form-action 'self';base-uri 'self';manifest-src 'self';worker-src 'self';child-src 'self';navigate-to 'self';prefetch-src 'self';upgrade-insecure-requests;report-uri https://8myolwo6cb.execute-api.us-west-1.amazonaws.com/v1/csp-report; 1
default-src 'self' https://region1.analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://ticketco.events https://virtualtourcompany.co.uk https://www.myridinglife.com https://marketplace.umbraco.com/ https://td.doubleclick.net https://www.google.com https://tr.snapchat.com https://app.geckoform.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://sc-static.net https://connect.facebook.net https://cdn.akro.io https://static.hotjar.com https://analytics.tiktok.com https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://app.geckoform.com https://script.hotjar.com https://tr.snapchat.com https://www.clarity.ms https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://sessions.bugsnag.com https://notify.bugsnag.com https://tr.snapchat.com https://analytics.tiktok.com https://e.clarity.ms https://w.clarity.ms https://x.clarity.ms https://discoveruni.gov.uk *.du-widget.com https://tr6.snapchat.com https://analytics.pangle-ads.com https://www.google.com https://content.hotjar.io https://googleads.g.doubleclick.net https://apikeys.civiccomputing.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://clapi.civiccomputing.com wss://ws.hotjar.com; font-src 'self' fonts.gstatic.com data:; img-src https: data:; media-src https: data:; 1
font-src *.gstatic.com *.googleapis.com https://client.crisp.chat https://fonts.gstatic.com https://ws.colissimo.fr https://applepay.cdn-apple.com applepay.cdn-apple.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.monetico-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://www.youtube.com https://form.typeform.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.monetico-services.com api-qa.payplug.com secure-qa.payplug.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.gstatic.com *.doubleclick.net *.imgix.net *.twic.pics *.googleapis.com https://images.unsplash.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.connectif.cloud https://image.crisp.chat https://assets.fintecture.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr https://secure-magenta.dalenys.com https://firebasestorage.googleapis.com https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.imgix.net *.axept.io *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.connectif.cloud https://client.crisp.chat https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ applepay.cdn-apple.com https://cdn.payplug.com https://cdn-qa.payplug.com *.avada.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com fonts.googleapis.com https://client.crisp.chat https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.axept.io *.google-analytics.com *.google.com *.doubleclick.net *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://ws.colissimo.fr *.onyourmap.com https://*.mapbox.com *.connectif.cloud https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat https://nominatim.openstreetmap.org https://*.onyourmap.com *.monetico-services.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://get.geojs.io *.avada.io maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com.au/api/csp-report; report-to csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.salesfire.co.uk *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.salesfire.co.uk *.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.trackedlink.net *.ddlnk.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.googleapis.com *.trustpilot.com https://www.avsfencing.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.salesfire.co.uk *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://bam.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.salesfire.co.uk *.smartmetrics.co.uk *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-zTtNRa1WZ32y_cTvTdBRtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://*.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com *.multisafepay.com https://pay.google.com *.cookiebot.com *.bing.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://belco-prod.s3-eu-central-1.amazonaws.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.mollie.com *.multisafepay.com *.cookiebot.com *.bing.com *.google.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://cdn.belco.io *.belco.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.mollie.com *.multisafepay.com https://pay.google.com *.cookiebot.com *.bing.com *.ahrefs.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://*.googleapis.com downloads.mailchimp.com https://fonts.googleapis.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com wss://chat.belco.io https://cdn.belco.io *.belco.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.multisafepay.com *.cookiebot.com *.bing.com google.com *.ahrefs.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.klarnacdn.net fonts.googleapis.com *.wistia.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.wistia.net *.criteo.com *.pinterest.com fast.wistia.com fast.wistia.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.wistia.com *.wistia.net *.google.com *.criteo.com cdn.cookielaw.org *.braintreegateway.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klaviyo.com *.wistia.com *.wistia.net *.zdassets.com *.criteo.com *.criteo.net cdn.id5-sync.com *.pinimg.com *.pinterest.com *.braintree-api.com *.levelaccess.net *.cookielaw.org *.clarity.ms *.amazonaws.com *.liadm.com *.pinterest.co *.sentry-cdn.com *.impactcdn.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app assets.braintreegateway.com *.klarnacdn.net https://static.klaviyo.com fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kmail-lists.com *.klarnauserservices.com *.zendesk.com *.zdassets.com *.zopim.com wss://*.zendesk.com wss://*.zopim.com *.litix.io *.criteo.com *.id5-sync.com *.eu-1-id5-sync.com google-analytics.com *.google-analytics.com *.pinterest.com *.signifyd.com pagead2.googlesyndication.com privacyportal.onetrust.com geolocation.onetrust.com *.wistia.com *.wistia.net *.levelaccess.net *.cookielaw.org *.clarity.ms *.amazonaws.com *.liadm.com *.pinterest.co *.usbrowserspeed.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.myhealth1st.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://tr.outbrain.com/cachedClickId https://amplify.outbrain.com/cp/obtp.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://wave.outbrain.com/mtWavesBundler/handler/00d37644637179e79c1002bdb62e1e289e https://js.sentry-cdn.com https://browser.sentry-cdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com; connect-src 'self' https://api.mapbox.com https://amplify.outbrain.com/topics https://tr.outbrain.com/unifiedPixel https://www.google.com/ccm/collect https://px.ads.linkedin.com https://events.mapbox.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.myhealth1st.com.au; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net/h3fal7pd5dgs/4dKiJe3tZrGjwKtTh5UajX/* https://assets.myhealth1st.com.au/* https://www.google.com.au/ads/ga-audiences https://www.googletagmanager.com/td https://px.ads.linkedin.com/collect https://www.facebook.com https://*.myhealth1st.com.au https://www.google-analytics.com https://www.google.com.au/ads/* data:; worker-src 'self' blob:; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net; report-uri /contentSecurityPolicy/report 1
default-src 'self' *.westwoodone.com 'report-sample'; base-uri 'self'; script-src 'self' *.westwoodone.com *.googletagmanager.com *.google-analytics.com stats.wp.com cdn.cookielaw.org *.onetrust.com connect.facebook.net form.jotform.com cdn.jotfor.ms 'sha256-GxV10O3xrTuweqSjE3k8/UGb7irvsFYdUK711POFvzc=' 'sha256-c+CYEhgKdflkS7NkNF38sTDK0VLLrFYlfv+1CMgSpI4=' 'nonce-x6MSC+bUeQwv3hR1TWZoIvJA' 'report-sample'; style-src 'self' 'unsafe-inline' *.westwoodone.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.westwoodone.com *.wp.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com https://www.linkedin.com/favicon.ico https://twitter.com/favicon.ico https://facebook.com/favicon.ico https://syndication.twitter.com/i/jot/embeds i.vimeocdn.com; font-src 'self' data: *.westwoodone.com fonts.gstatic.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net player.cumulusmedia.com cdn.cookielaw.org *.onetrust.com submit.jotform.com; media-src 'self' *.westwoodone.com dl.dropbox.com dl.dropboxusercontent.com; object-src 'none'; frame-src 'self' *.westwoodone.com *.jotform.com *.vimeo.com *.youtube.com *.megaphone.fm *.soundcloud.com platform.twitter.com; report-uri https://www.westwoodone.com/wp-admin/admin-ajax.php?action=wpshr 1
object-src 'none';base-uri 'self';script-src 'nonce-yGle-k4M4ibeuLeqbIDkDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-D9KsUZfrR9oRAIytZ6wCZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ueAzbxR4QNGL1JAxe-N9rA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.hivissupply.com *.google.com *.fontawesome.com *.yotpo.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.facebook.net *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.crazyegg.com *.facebook.com *.listrakbi.com *.wufoo.com *.delighted.com *.sharethis.com *.livechatinc.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.wufoo.com *.delighted.com *.sharethis.com *.livechatinc.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.certcapture.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.hivissupply.com *.livechatinc.com *.yotpo.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.crazyegg.com *.facebook.com *.listrakbi.com *.wufoo.com *.delighted.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.hivissupply.com *.yotpo.com *.livechatinc.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.google.com *.crazyegg.com *.facebook.com *.listrakbi.com *.cloudfront.net *.wufoo.com *.delighted.com *.sharethis.mgr.consensu.org www.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com a.ads.rmbl.ws www.redditstatic.com pixel-config.reddit.com alb.reddit.com guarantee-cdn.com *.reddit.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.sharethis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.hivissupply.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.cloudfront.net *.livechatinc.com *.listrakbi.com *.gstatic.com *.yotpo.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.crazyegg.com *.facebook.com *.wufoo.com *.delighted.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com a.ads.rmbl.ws www.redditstatic.com pixel-config.reddit.com alb.reddit.com guarantee-cdn.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.certcapture.com https://static.klaviyo.com assets.braintreegateway.com *.hivissupply.com *.fontawesome.com *.googleapis.com *.google.com *.cloudflare.com *.cloudfront.net *.livechatinc.com *.listrakbi.com *.paypal.com *.yotpo.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.facebook.net *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.crazyegg.com *.facebook.com *.wufoo.com *.delighted.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com *.tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.hivissupply.com *.yotpo.com *.livechatinc.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.facebook.net *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.google.com *.crazyegg.com *.facebook.com *.listrakbi.com *.wufoo.com *.delighted.com *.sharethis.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.hivissupply.com *.yotpo.com *.arqspin.com *.klaviyo.com *.googletagmanager.com *.bing.com *.crazyegg.net *.doubleclick.net *.googleadservices.com *.google-analytics.com *.crazyegg.com *.facebook.com *.listrakbi.com *.wufoo.com *.delighted.com *.livechatinc.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com a.ads.rmbl.ws www.redditstatic.com pixel-config.reddit.com alb.reddit.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.delighted.com *.sharethis.com *.livechatinc.com *.redploy.com *.sharethis.mgr.consensu.org *.xtento.com *.kaltura.com *.clarity.ms *.licdn.com *.linkedin.com *.adsymptotic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://static.srcspot.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://*.theconversioncloud.com https://static.zdassets.com https://cdn.smooch.io https://www.iloveleasing.com https://www.livechat.com https://*.livechatinc.com https://connect.facebook.net https://analytics.tiktok.com https://tr.snapchat.com https://*.hotjar.com https://sc-static.net https://f.vimeocdn.com https://storage.net-fs.com https://cdn.botframework.com https://*.campuslivingvillages.com https://*.akamaihd.net https://*.matterport.com https://*.typekit.net https://cdn.jsdelivr.net https://*.zopim.com https://*.dotdigital-pages.com https://*.clv.com.au https://campuslivingvillages.uk; script-src-elem 'self' 'unsafe-inline' https://challenges.cloudflare.com https://static.srcspot.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://*.theconversioncloud.com https://static.zdassets.com https://cdn.smooch.io https://www.iloveleasing.com https://www.livechat.com https://*.livechatinc.com https://connect.facebook.net https://analytics.tiktok.com https://tr.snapchat.com https://*.hotjar.com https://sc-static.net https://f.vimeocdn.com https://storage.net-fs.com https://cdn.botframework.com https://*.campuslivingvillages.com https://*.akamaihd.net https://*.matterport.com https://*.typekit.net https://cdn.jsdelivr.net https://*.zopim.com https://*.dotdigital-pages.com https://*.clv.com.au https://campuslivingvillages.uk; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://*.typekit.net https://cdn.jsdelivr.net https://*.vimeocdn.com https://*.matterport.com https://www.gstatic.com; img-src 'self' data: https: blob:; font-src 'self' data: https://fonts.gstatic.com https://geocvvirtualtours.s3.amazonaws.com https://*.typekit.net https://*.cdn.digitaloceanspaces.com; connect-src 'self' https://vimeo.com https://*.google-analytics.com https://*.googleadservices.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.cloudflare.com https://api.stripe.com https://*.hotjar.com https://*.hotjar.io https://*.snapchat.com https://analytics.tiktok.com https://*.tiktokw.us https://www.facebook.com https://*.zdassets.com https://*.zopim.com https://*.zendesk.com https://*.directline.botframework.com https://directline.botframework.com https://*.docusign.net https://*.docusign.com https://*.theconversioncloud.com https://cdn.livechatinc.com wss://api.livechatinc.com wss://directline.botframework.com wss://*.directline.botframework.com wss://widget-mediator.zopim.com wss://ws.hotjar.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://vimeo.com https://player.vimeo.com https://*.vimeocdn.com https://*.campuslivingvillages.com https://*.docusign.com https://*.docusign.net https://*.akamaihd.net https://*.matterport.com https://cdn.botframework.com https://js.stripe.com https://www.googletagmanager.com https://*.cloudflare.com https://www.facebook.com https://geocvvirtualtours.s3.amazonaws.com https://*.snapchat.com https://cdn.smooch.io https://storage.net-fs.com https://secure.livechatinc.com https://*.dotdigital-pages.com https://*.clv.com.au https://my.matterportvr.cn https://www.360imagery.co.uk https://docs.google.com https://campuslivingvillages.uk https://show.tours; frame-ancestors 'self' https://app.campuslivingvillages.com; media-src 'self' data: https://cdn.livechatinc.com https://*.zdassets.com; object-src 'none'; base-uri 'self'; form-action 'self' https://*.infused.dev https://www.facebook.com https://login.microsoftonline.com; manifest-src 'self'; worker-src 'self'; report-uri https://o55236.ingest.us.sentry.io/api/5546136/security/?sentry_key=353e8db2574d40e2aaac1a6edc502269&sentry_environment=live; report-to csp-endpoint 1
object-src 'none'; script-src 'nonce-P3ujsyRBuP6EkdA_KoVwCn_K' 'strict-dynamic' http: https:; base-uri 'none'; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' https://statistics.region-stuttgart.de/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistics.region-stuttgart.de/; frame-src 'self' https://www.youtube-nocookie.com/; report-uri https://csp-log.d-mind.de/report.php; 1
object-src  'none'; connect-src 'self' *.agentredgirl.com *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.agentredgirl.com *.adulttime.com join.gammasecure.com; script-src 'self' *.agentredgirl.com *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.agentredgirl.com *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io storage.googleapis.com magefan.com cm.magefan.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.garciadepou.com cdn-cookieyes.com/ www.google.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com adobedtm.com *.doofinder.com *.oct8ne.com *.cookieyes.com cdn-cookieyes.com *.facebook.net s.kk-resources.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com storage.googleapis.com assets.braintreegateway.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.oct8ne.com *.doofinder.com *.cookieyes.com cdn-cookieyes.com *.facebook.net s.kk-resources.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-57508331f469462bbfec048d412e773a' https://mychart.et0316.epichosted.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mychart.et0316.epichosted.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.fontawesome.com assets.brevo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.vivapayments.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * app.gasexpress.gr *.amocrm.com *.aftersalespro.gr aftersalespro.gr *.northapi.com northapi.com *.google.com *.findbar.io *.socital.com *.bbq.gr *.hotjar.com *.skroutz.gr *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com *.googleapis.com *.google.com *.acscourier.net *.aftersalespro.gr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com blob: *.google.gr bbq.gr aftersalespro.gr *.northapi.com northapi.com *.amocrm.com *.findbar.io *.socital.com *.bbq.gr *.hotjar.com *.usercentrics.eu *.skroutz.gr *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.vivapayments.com cdn.simpler.so sdk.local.simpler.so *.fontawesome.com *.roistat.com *.jsdelivr.net *.everypay.gr *.amocrm.com gso.kommo.com *.aftersalespro.gr aftersalespro.gr *.northapi.com northapi.com *.google.com *.findbar.io *.socital.com *.skroutz.gr *.bbq.gr *.hotjar.com web.cmp.usercentrics.eu sibforms.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.jsdelivr.net *.roistat.com *.amocrm.com *.aftersalespro.gr aftersalespro.gr *.northapi.com northapi.com *.google.com *.findbar.io *.socital.com *.bbq.gr *.hotjar.com sibforms.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com button.simpler.so analytics.simpler.so button.local.simpler.so *.fontawesome.com *.jsdelivr.net *.roistat.com *.google-analytics.com *.doubleclick.net *.amocrm.com gso.kommo.com *.aftersalespro.gr aftersalespro.gr *.northapi.com northapi.com *.simpler.so *.mts.ru *.findbar.io *.socital.com *.bbq.gr *.hotjar.com *.usercentrics.eu *.googlesyndication.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-ox5jtMaBeRfBaYLJHmzkkLs5G5hn2AUIhGY2uzFnBcM=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
object-src 'self'; script-src 'self' 'strict-dynamic' cdn.rawgit.com https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com/uc.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/0c7d1786-9e20-4305-9309-7678dc1c935c/cc.js https://eurazeo.actusnews.com/site/cotation_json.php https://consent.cookiebot.com/logconsent.ashx https://go.eurazeo.com/l/436982/2022-04-12/8jjb23 https://consent.cookiebot.com/316c68ee-7904-432f-af9e-89cde666d7ae/cc.js https://consent.cookiebot.com/88ce59b3-59dd-4b97-b3d2-ed7beda8f537/cc.js https://www.googletagmanager.com/gtm.js https://go.eurazeo.com/l/436982/2023-02-06/8kbwn2 https://go.eurazeo.com/l/436982/2023-02-06/8kbwnc cdn.rawgit.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://go.eurazeo.com/l/436982/2022-04-12/8jjb23 https://go.eurazeo.com/l/436982/2023-02-06/8kbwn2 https://go.eurazeo.com/l/436982/2023-02-06/8kbwnc; frame-ancestors 'self'; block-all-mixed-content 1
font-src www.paypalobjects.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.typekit.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.google.com www.google.com pay.google.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.awin1.com *.zenaps.com *.wepowerconnections.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com sebo.co.uk *.mailchimp.com mcusercontent.com *.feefo.com *.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.awin1.com *.dwin1.com/22851.js *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.facebook.com *.facebook.net graph.facebook.com business.facebook.com cc-cdn.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.avada.io *.shopify.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.feefo.com *.elfsight.com *.facebook.com https://apps.elfsight.com https://www.googletagmanager.com https://chimpstatic.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes'; style-src fonts.googleapis.com downloads.mailchimp.com cc-cdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com *.typekit.net *.googleapis.com *.feefo.com *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src sebo.co.uk *.feefo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com/ *.feefo.com *.elfsight.com *.facebook.com *.lrkt-in.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-VZKE4ZhZrvDnadKwo92JN_PEIW5kVXyAMFtG30ZwzBpyVfY-vQ3GRQ' https://matomo.landkreis-ludwigsburg.de 'sha256-5Y5GVIqDpgdk8+ghDgsVTHc1x4w2tOetGgfk3X0u6FY=' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://chat-lu.komm.one https://www.google.com; style-src 'self' https://vrweb15.linguatec.org 'sha256-1gGkeRi9lXAuhTuwy8haIrmBIYZz107E8A/W3CxjeP0=' 'report-sample'; connect-src 'self' https://matomo.landkreis-ludwigsburg.de; report-uri https://www.landkreis-ludwigsburg.de/@http-reporting?csp=report&requestTime=1773716727758585&requestHash=b698b9e328debd79c344e8519ab2fce9bcd728b2 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: kit.fontawesome.com https://use.typekit.net/mqc0mfr.css *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com dirckiii.nl *.dirckiii.nl *.googleadservices.com *.google.nl *.google.com dashboard.webwinkelkeur.nl *.cookiebot.com *.unsplash.com api.taggrs.io connect.facebook.net www.facebook.com *.facebook.com region1.google-analytics.com *.google-analytics.com *.googlesyndication.com bat.bing.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://maps.googleapis.com magefan.com cm.magefan.com *.taggrs.io www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleadservices.com *.google.nl connect.facebook.net cdn.jsdelivr.net https://use.typekit.net/mqc0mfr.css *.fontawesome.com dashboard.webwinkelkeur.nl *.cookiebot.com sst.dirckiii.dev-ativse.nl sst.dirckiii.nl *.leadinfo.net *.leadinfo.com *.dpdconnect.nl *.vimeo.com bat.bing.com www.clarity.ms scripts.clarity.ms https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://maps.googleapis.com *.taggrs.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net use.typekit.net https://use.typekit.net/mqc0mfr.css *.typekit.net *.fontawesome.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.googlesyndication.com *.cookiebot.com dashboard.webwinkelkeur.nl *.leadinfo.net *.leadinfo.com sst.dirckiii.dev-atvise.nl sst.dirckiii.nl cdn.jsdelivr.net bat.bing.com *.clarity.ms wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.fontawesome.com *.klaviyo.com *.hotjar.com *.paypalobjects.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com js.mollie.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.bing.com *.brandlock.io c.clarity.ms a.omappapi.com *.hotjar.com *.comboink.com *.compandsave.com *.tomatoink.com *.amazonaws.com *.cloudfront.net *.cloudflare.com https://shareasale.com https://shareasales.com et.resellerratings.com cdn-assets.affirm.com lantern.roeyecdn.com lantern.roeye.com *.google.com stats.g.doubleclick.net https://firebasestorage.googleapis.com https://images.unsplash.com magefan.com cm.magefan.com https://www.mollie.com www.google.com.ua https://load.yqxg4.compandsave.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.noibu.com *.zdassets.com *.gstatic.com *.clarity.ms *.bing.com *.hotjar.com *.compandsave.com *.pinimg.com *.omappapi.com *.klaviyo.com *.rudderlabs.com *.zendesk.com *.googleapis.com *.pinterest.com https://portal.afterpay.com *.rudderstack.com *.resellerratings.com *.brevo.com https://sibautomation.com https://www.dwin1.com lantern.roeyecdn.com *.avada.io *.shopify.com https://maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com js.mollie.com https://load.yqxg4.compandsave.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com *.fontawesome.com *.omappapi.com *.typekit.net *.klaviyo.com cdn.jsdelivr.net https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.noibu.com wss://input.noibu.com *.pinterest.com *.clarity.ms *.zdassets.com *.rudderstack.com *.zendesk.com *.omappapi.com *.doubleclick.net *.zopim.com wss://widget-mediator.zopim.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com wss://pod-13.zendesk.com https://portal.afterpay.com *.brandlock.io *.algolia.io *.gstatic.com *.resellerratings.com dp70uvwpivouv.cloudfront.net https://in-automate.brevo.com https://fast.a.klaviyo.com https://static-forms.klaviyo.com yqxg4.compandsave.com https://get.geojs.io *.avada.io https://maps.googleapis.com https://player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://load.yqxg4.compandsave.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ magento-cloudflare.jetrails.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://images.unsplash.com magefan.com cm.magefan.com *.ytimg.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://track.hubspot.com https://forms.hsforms.com https://s.ytimg.com *.google.com *.google.co.in *.doubleclick.net https://www.facebook.com https://bat.bing.com https://api.shutterstock.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ https://maps.googleapis.com https://player.vimeo.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.newrelic.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.usemessages.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://pf-cdn.printfriendly.com https://cdn.printfriendly.com http://cdn.printfriendly.com https://www.printfriendly.com https://connect.facebook.net https://bat.bing.com https://383433.tctm.co https://static.cloudflareinsights.com *.reviews.io *.reviews.co.uk https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net *.cloudflare.com https://forms.hscollectedforms.net/ *.google-analytics.com *.nr-data.net https://api.hubspot.com https://api.hubapi.com https://api.shutterstock.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.shopperapproved.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.trustedshops.com *.bootstrapcdn.com wss://vts.zohopublic.in *.zohocdn.com *.google-analytics.com https://k8wflbhm6p-2.algolianet.com *.certcapture.com *.livehelpnow.net app.livehelpnow.net https://applepay.cdn-apple.com *.linkedin.com *.pay.google.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.rigidhitch.com *.blueoxtowbars.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.shopperapproved.com *.twitter.com *.facebook.com *.google-analytics.com wss://vts.zohopublic.in https://k8wflbhm6p-2.algolianet.com *.certcapture.com app.livehelpnow.net *.linkedin.com *.pay.google.com *.adobe.com https://www.shopperapproved.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.shopperapproved.com 'self' https://js.stripe.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.google-analytics.com wss://vts.zohopublic.in https://k8wflbhm6p-2.algolianet.com https://maps.google.com/ https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ *.livehelpnow.net app.livehelpnow.net https://form.jotform.com/ https://submit.jotform.com/ *.linkedin.com *.pay.google.com https://www.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.facebook.com *.rigidhitch.com *.blueoxtowbars.com *.paypalobjects.com *.hostedpayments.com *.purechatcdn.com *.googletagmanager.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com *.shopperapproved.com/ *.adobedtm.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zohopublic.in *.zoho.in *.zohocdn.com wss://vts.zohopublic.in https://k8wflbhm6p-2.algolianet.com *.amazonaws.com *.livehelpnow.net app.livehelpnow.net https://vct-vendor.github.io https://s3.envato.com https://alothemes.com/ cdn-cookieyes.com *.linkedin.com *.pay.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.answerbase.com rigidhitch.dckap.co *.rigidhitch.com *.blueoxtowbars.com *.godaddy.com *.bing.com *.facebook.net *.facebook.com *.clarity.ms *.purechat.com *.purechatcdn.com *.googletagmanager.com *.wp.com *.gravatar.com https://www.googletagmanager.com *.hsforms.net *.hsforms.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com www.shopperapproved.com *.cloudflare.com *.twitter.com https://www.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com chimpstatic.com https://bat.bing-int.com https://leadtracker.smartsites.com *.omniconvert.com *.cookieyes.com cdn-cookieyes.com snap.licdn.com *.linkedin.com *.bing.net https://mpc2-prod-1-is5qnl632q-uc.a.run.app 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.pay.google.com *.googletagmanager.com apis.google.com *.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.paypal.com https://www.paypalobjects.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.livehelpnow.net app.livehelpnow.net *.polyfill.io *.crazyegg.com https://www.googletagmanager.com https://googleads.g.doubleclick.net downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://www.shopperapproved.com https://direct.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com pay.google.com *.purechat.com *.purechatcdn.com *.google-analytics.com *.answerbase.com *.hostedpayments.com *.bing.com *.clarity.ms *.googleadservices.com/ *.blueoxtowbars.com *.hsforms.net *.hsforms.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.shopperapproved.com 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.linkedin.com *.pay.google.com downloads.mailchimp.com https://static.klaviyo.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.answerbase.com *.rigidhitch.com *.blueoxtowbars.com *.gravatar.com *.wp.com *.google-analytics.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' *.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.certcapture.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.shopperapproved.com 'self' *.cloudflare.com 'self' https://maps.googleapis.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.zohopublic.in *.zoho.in *.google-analytics.com wss://vts.zohopublic.in https://k8wflbhm6p-2.algolianet.com https://google.com/pay *.livehelpnow.net wss://app.livehelpnow.net https://alothemes.com *.crazyegg.com *.cookieyes.com cdn-cookieyes.com *.omniconvert.com https://bat.bing-int.com snap.licdn.com *.linkedin.com *.bing.net https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://mpc-prod-18-s6uit34pua-uc.a.run.app *.pay.google.com https://demo-1.conversionsapigateway.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.answerbase.com *.smarty.com *.rigidhitch.com *.blueoxtowbars.com *.clarity.ms *.purechat.com *.purechatcdn.com *.bing.com *.doubleclick.net *.smartsites.com *.facebook.net *.online-metrix.net https://www.google-analytics.com https://www.googletagmanager.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.redditstatic.com *.reddit.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.googleapis.com ap.thepayapays.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; report-uri https://rigidhitch.com/; report-to report-endpoint; 1
base-uri 'self';form-action 'self' https://www.facebook.com;object-src 'none';child-src blob:;connect-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com guidefitterconfidential.s3.amazonaws.com s3.amazonaws.com/upload.guidefitter.com/ game.guidefitter.com osc-collector.xyz.guidefitter.com https://*.facebook.com https://*.zendesk.com https://*.zdassets.com wss://*.zopim.com https://*.zopim.com https://*.authorize.net https://*.bing.com https://*.bing.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://*.doubleclick.net https://us-street.api.smartystreets.com https://*.klaviyo.com https://*.clarity.ms https://analytics.tiktok.com https://*.dca0.com https://*.mapbox.com https://lending-api.credova.com https://api.ipify.org https://*.token.awswaf.com https://*.captcha.awswaf.com https://*.masterffl.com https://maps.googleapis.com https://*.googleadservices.com guidefitterconfidential.s3.us-east-1.amazonaws.com s3.us-east-1.amazonaws.com/upload.guidefitter.com/;default-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com cdnmedia.guidefitter.com;font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:;frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.youtube.com https://widget-prime.rafflecopter.com;img-src 'self' https: data: blob:;media-src 'self' https:;script-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com game.guidefitter.com https://*.zdassets.com https://*.zopim.com https://*.authorize.net https://*.bing.com https://*.bing.net https://*.cdn-apple.com https://*.facebook.net https://*.vimeo.com https://www.google.com https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.googleadservices.com https://maps.googleapis.com https://*.klaviyo.com https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob: https://*.mapbox.com https://*.adroll.com https://*.consensu.org https://*.dca0.com https://*.rafflecopter.com https://*.licdn.com https://*.captcha.awswaf.com https://*.token.awswaf.com https://*.masterffl.com;style-src 'self' https://*.typekit.net d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com 'unsafe-inline';report-to default;report-uri https://guidefitter.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' data:; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ *.weltpixel.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com facebook.com *.cookiebot.com creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: https://maps.gstatic.com https://maps.googleapis.com *.facebook.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.bing.com garett.com.pl google.pl facebook.com trustmate.io www.google.pl *.clarity.ms blob: *.credit-agricole.pl lantern.roeye.com *.googlesyndication.com awin1.com google.com s3-eu-west-1.amazonaws.com salesmanago.s3-eu-west-1.amazonaws.com conversionlabs.net.pl *.cookiebot.com *.trustmate.io img.sct.eu1.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.google.com https://maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.cookiebot.com rum.uptime.com *.buybox.click *.cloudflare.com *.hotjar.com bat.bing.com *.callpage.io trustmate.io analytics.tiktok.com *.clickonometrics.pl *.clarity.ms *.dwin1.com callpage.io *.roeyecdn.com *.googlesyndication.com awin1.com *.cookiebot.eu https://scripts.luigisbox.com https://cdn.luigisbox.com *.luigisbox.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech *.luigisbox.tech *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech https://fonts.googleapis.com *.gstatic.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl tagmanager.google.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.callpage.io *.cloudfront.net trustmate.io sandbox-easy-geowidget-sdk.easypack24.net https://cdn.luigisbox.com *.luigisbox.com *.luigisbox.tech 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.callpage.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://the.sciencebehindecommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://maps.googleapis.com *.facebook.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com stats.g.doubleclick.net *.cookiebot.com *.googlesyndication.com stream.cloud.witbee.com *.cloudflare.com rum.uptime.com *.callpage.io vc-service.saleago.com googleads.g.doubleclick.net analytics.tiktok.com *.clarity.ms wss://*.salesmanago.com wss://*.hotjar.com *.hotjar.io delivery.clickonometrics.pl trustmate.io facebook.com *.cookiebot.eu https://api.luigisbox.com https://live.luigisbox.com https://app.luigisbox.com *.luigisbox.com analytics-ipv6.tiktokw.us https://api.luigisbox.tech https://live.luigisbox.tech https://app.luigisbox.tech *.luigisbox.tech 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com *.google.com *.facebook.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://maps.gstatic.com store.paradoxlabs.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com tagmanager.google.com https://www.googletagmanager.com *.certcapture.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://maps.googleapis.com https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.certcapture.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com *.certcapture.com https://basicbiblestudies.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src * 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-sjCeXRzQ37Ph9dn1xwaVcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.cloudflare.com *.googleapis.com https://www.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com cdn.honey.io *.timpson.com a.omappapi.com z.omappapi.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.sandbox.paypal.com *.paypalobjects.com *.timpson-group.co.uk paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.awin1.com *.zenaps.com *.doubleclick.net *.bing.com *.twitter.com https://*.google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com *.timpson-group.co.uk paypal.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com birdeye.com *.birdeye.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com *.googlesyndication.com account.fetchify.com g3d-app.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.maxphoto.co.uk *.tescophoto.com *.snappysnaps.co.uk photo.asda.com ap.affinity-dev.co.uk *.cloudfront.net blob: *.googleadservices.com *.klarna.com *.lightemporium.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com https://*.google.com google.com *.googleapis.com *.static.com *.googletagmanager.com *.googleusercontent.com *.cloudflare.com https://*.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com www.xtento.com *.timpson-group.co.uk *.timpson.com paypal.com *.bing.com *.bing.net *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt  *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat analytics.tiktok.com images.timpson.co.uk *.timpsonlocksmiths.co.uk *.timpsonsecurity.co.uk lantern.roeye.com a.omappapi.com z.omappapi.com *.magentocommerce.com birdeye.com *.birdeye.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.facebook.com *.facebook.net *.googlesyndication.com *.soreto.com g3d-app.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.fontawesome.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu https://*.google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com https://*.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com *.timpson-group.co.uk *.timpson.com *.paypal.com paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.popupsmart.com *.doubleclick.net cdn.mouseflow.com analytics.tiktok.com a.omappapi.com cdn.studentbeans.com connect.facebook.net birdeye.com *.birdeye.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.google.bg *.facebook.com *.facebook.net *.gstatic.com *.googlesyndication.com *.soreto.com cc-cdn.com g3d-app.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com https://cdnjs.cloudflare.com www.xtento.com cdn.xtento.com https://www.snappysnaps.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu https://fonts.googleapis.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com *.timpson-group.co.uk *.paypal.com paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net a.omappapi.com *.timpson.com birdeye.com *.birdeye.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.facebook.com *.googlesyndication.com cc-cdn.com g3d-app.com https://hcaptcha.com https://*.hcaptcha.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.twitter.com *.twimg.com https://*.google.com *.google.co.uk *.google.ie *.google.fr *.google.de *.google.se *.google.nl *.google.dk *.google.it *.google.ca *.google.es google.co.uk *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.cloudflare.com https://*.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com *.timpson-group.co.uk *.timpson.com paypal.com *.bing.com *.bing.net *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net api.omappapi.com analytics.tiktok.com analytics-ipv6.tiktokw.us eu01.rec.mouseflow.com *.omappapi.com a.omappapi.com z.omappapi.com kg668dbov0.execute-api.us-east-1.amazonaws.com birdeye.com *.birdeye.com rum.hlx.page *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.facebook.com *.facebook.net *.googlesyndication.com *.soreto.com *.awinblackfriday.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com g3d-app.com https://ipinfo.io https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report.centralcsp.com/6814d628f6bc10d374666be2; report-to report-endpoint; 1
font-src https://jsappcdn.hikeorders.com jsappcdn.hikeorders.com https://css.zohocdn.com css.zohocdn.com https://searchserverapi.com searchserverapi.com searchserverapi1.com https://unpkg.com unpkg.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com static.zohocdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://searchserverapi.com searchserverapi.com searchserverapi1.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://tag.marketingcartel.com tag.marketingcartel.com https://searchserverapi.com searchserverapi.com searchserverapi1.com https://td.doubleclick.net td.doubleclick.net https://checkout.sandbox.dev.clover.com checkout.sandbox.dev.clover.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://jsappcdn.hikeorders.com jsappcdn.hikeorders.com https://salesiq.zohopublic.com salesiq.zohopublic.com https://checkout.clover.com checkout.clover.com youtu.be *.vimeo.com *.addthis.com https://www.googletagmanager.com/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.shopperapproved.com www.shopperapproved.com https://bat.bing.com bat.bing.com https://cdn.ywxi.net cdn.ywxi.net https://searchserverapi.com searchserverapi.com searchserverapi1.com https://checkout.sandbox.dev.clover.com checkout.sandbox.dev.clover.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://css.zohocdn.com css.zohocdn.com https://checkout.clover.com checkout.clover.com https://mail.google.com mail.google.com https://www.clarity.ms *.clarity.ms https://pixel.visitiq.io pixel.visitiq.io https://a.usbrowserspeed.com *.usbrowserspeed.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com static.zohocdn.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://pixel.visitiq.io pixel.visitiq.io https://chimpstatic.com chimpstatic.com https://www.shopperapproved.com www.shopperapproved.com https://www.clickcease.com www.clickcease.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://searchserverapi.com searchserverapi.com searchserverapi1.com https://bat.bing.com bat.bing.com https://jsappcdn.hikeorders.com jsappcdn.hikeorders.com https://salesiq.zohopublic.com salesiq.zohopublic.com https://h64.online-metrix.net h64.online-metrix.net https://js.zohocdn.com js.zohocdn.com https://js.zohostatic.com js.zohostatic.com https://static.zohocdn.com static.zohocdn.com https://cdn.amplitude.com cdn.amplitude.com https://checkout.sandbox.dev.clover.com checkout.sandbox.dev.clover.com https://static.cloudflareinsights.com static.cloudflareinsights.com https://checkout.clover.com checkout.clover.com https://js-agent.newrelic.com js-agent.newrelic.com https://www.clarity.ms *.clarity.ms downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://www.google.com/ https://www.google.com/ www.googletagmanager.com *.avada.io *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.shopperapproved.com www.shopperapproved.com https://cdn.ywxi.net cdn.ywxi.net https://css.zohocdn.com css.zohocdn.com https://css.zohostatic.com css.zohostatic.com https://searchserverapi.com searchserverapi.com searchserverapi1.com https://www.gstatic.com www.gstatic.com https://unpkg.com unpkg.com downloads.mailchimp.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com static.zohocdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.merchant-center-analytics.goog www.merchant-center-analytics.goog api2.amplitude.com https://bat.bing.com bat.bing.com https://analytics.google.com analytics.google.com https://a11yenablerapi.hikeorders.com a11yenablerapi.hikeorders.com https://salesiq.zohopublic.com salesiq.zohopublic.com wss://vts.zohopublic.com vts.zohopublic.com https://searchserverapi.com searchserverapi.com searchserverapi1.com https://google.com *.google.com https://www.googleadservices.com *.googleadservices.com https://bam.nr-data.net bam.nr-data.net https://www.clarity.ms *.clarity.ms https://checkout.clover.com checkout.clover.com https://checkout.sandbox.dev.clover.com checkout.sandbox.dev.clover.com https://*.clover.com https://*.cloverpayments.com https://ipinfo.io *.cloudflare.com *.paypal.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com api.amplitude.com stats.g.doubleclick.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com localhost:35729 yui.yahooapis.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
report-uri https://www.florius.nl/api/v1.0/CSPReporting/Report?category=report-only; 1
object-src  'none'; connect-src 'self' *.nurumassage.com *.fantasymassage.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.nurumassage.com *.fantasymassage.com join.gammasecure.com; script-src 'self' *.nurumassage.com *.fantasymassage.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.nurumassage.com *.fantasymassage.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com https://www.magezon.com flagpedia.net https://www.mollie.com https://api.mapbox.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com *.gstatic.com maps.googleapis.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu www.gstatic.com maps.googleapis.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-AadE6JOrRPW8cXkd22CdlQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.googleapis.com *.mauboussin.fr data: * *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.google.com *.mauboussin.fr * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ api-qa.payplug.com secure-qa.payplug.com *.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.adyen.com *.googleapis.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://secure-magenta.dalenys.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com/ *.mauboussin.fr * *.fontawesome.com maxcdn.bootstrapcdn.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com *.googleapis.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.mauboussin.fr *.criteo.net *.pinterest.com *.googletagmanager.com *.snapppt.com *.360yield.com * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8v-q5098xi8oIGbDDKHHIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VKIh2PJrPN_gPL033zyKFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'self' app.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu uct.service.usercentrics.eu www.youtube-nocookie.com www.youtube.com region1.analytics.google.com stats.g.doubleclick.net; font-src 'self' maps.gstatic.com fonts.gstatic.com data:; img-src 'self' *.sdk.de app.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu uct.service.usercentrics.eu privacy-proxy-server.usercentrics.eu i.ytimg.com yt3.ggpht.com www.youtube-nocookie.com maps.googleapis.com www.google.com www.google.de www.googletagmanager.com www.googleadservices.com maps.gstatic.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net lh3.googleusercontent.com fonts.gstatic.com cdn.eye-able.com stats.g.doubleclick.net googleads.g.doubleclick.net data: blob:; script-src 'self' *.sdk.de app.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu uct.service.usercentrics.eu www.youtube-nocookie.com maps.googleapis.com www.google.com www.googletagmanager.com www.googleadservices.com cdn.eye-able.com snap.licdn.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 'report-sample'; worker-src * blob: 'report-sample'; script-src-elem 'self' *.sdk.de app.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu plugins.flockler.com www.googletagmanager.com www.youtube-nocookie.com www.google-analytics.com kundenportal.sdk-neva.de www.youtube.com cdn.eye-able.com snap.licdn.com connect.facebook.net 'unsafe-inline' blob: 'report-sample'; connect-src 'self' *.sdk.de app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu uct.service.usercentrics.eu aggregator.service.usercentrics.eu www.googlesyndication.com www.googletagmanager.com stats.g.doubleclick.net www.google.de www.facebook.com maps.googleapis.com www.google.com www.googleadservices.com px.ads.linkedin.com cdn.eye-able.com api.flockler.app stats-api.flockler.app region1.analytics.google.com region1.google-analytics.com pagead2.googlesyndication.com analytics.google.com; object-src 'none'; style-src 'self' *.sdk.de www.youtube-nocookie.com www.googletagmanager.com maps.googleapis.com www.google.com www.google.de cdn.eye-able.com 'unsafe-inline' 'report-sample'; frame-src 'self' *.sdk.de app.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu uct.service.usercentrics.eu www.youtube-nocookie.com www.youtube.com www.google.com kundenportal.sdk-neva.de www.googletagmanager.com form.virtualq.tech blob: data:; frame-ancestors 'self' *.sdk.de; media-src 'self' data:; form-action 'self' adfs.sdk.de; manifest-src 'self'; report-uri https://www.sdk.de/@http-reporting?csp=report&requestTime=1773710346587879&requestHash=c8593b73f9dd195e238cf95f18031ccd13135d00 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-50RBrVbTSUESPI9Fa2vBHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.paypalobjects.com poolandspawarehouse.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.google.hr *.google.com.au server-side.poolandspawarehouse.com.au cdn.jst.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com poolandspawarehouse.com.au www.facebook.com bat.bing.net *.feefo.com *.digicert.com *.google.com *.google.hr *.google.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.ampproject.org raw.githubusercontent.com widget.freshworks.com m2epro.freshdesk.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.maxmind.com poolandspawarehouse.com.au *.klaviyo.com *.google.hr *.google.com.au www.gstatic.com seal.digicert.com server-side.poolandspawarehouse.com.au connect.facebook.net bat.bing.com cdn.jst.ai my.jst.ai aly.jst.ai 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com poolandspawarehouse.com.au cdn.jst.ai 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com cdn.ampproject.org widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.mmapiws.com poolandspawarehouse.com.au *.klaviyo.com server-side.poolandspawarehouse.com.au *.google.hr *.google.com.au *.google-analytics.com stats.g.doubleclick.net my.jst.ai bat.bing.net aly.jst.ai 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src aly.jst.ai bat.bing.net poolandspawarehouse.com.au 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com *.onetrust.com *.lively.li *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/tr/ *.webengage.com *.webengage.co 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com *.freshchat.com https://www.facebook.com *.trustpilot.com https://caratlane.demdex.net *.criteo.com/ *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.lively.li wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.caratlane.us *.caratlane.com *.webengage.com *.webengage.co *.google.co.in *.google.com *.bing.com *.adsrvr.org *.pinterest.com wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.cloudfront.net *.aralego.net *.bidswitch.net *.criteo.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.adgrx.com *.adnxs.com *.yieldmo.com *.clmbtech.com *.smaato.net *.pubmatic.com *.outbrain.com *.rlcdn.com *.360yield.com *.doubleclick.net *.stickyadstv.com *.aralego.com *.lively.li *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.s3.ap-south-1.amazonaws.com *.adform.net *.zego.im *.coolzcloud.com *.klarnacdn.net *.klarna.com *.steelhousemedia.com *.1rx.io *.clarity.ms *.mediawallahscript.com *.omnitagjs.com *.dmxleo.com *.liadm.com *.mediavine.com *.postrelease.com *.revcontent.com *.sharethrough.com *.tapad.com *.tremorhub.com *.bluekai.com *.agkn.com *.tpmn.co.kr *.emxdgt.com *.unrulymedia.com *.krxd.net *.stackadapt.com *.cookielaw.org *.facebook.com speedsize.com *.speedsize.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.certcapture.com *.freshchat.com *.gstatic.com *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net https://bam.nr-data.net https://maps.googleapis.com https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/util.js https://www.google.com/recaptcha/api2/webworker.js *.newrelic.com *.caratlane.com *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.mountain.com *.bing.com *.clarity.ms *.lively.li *.pinimg.com *.stackadapt.com https://qvdt3feo.com *.klarnaservices.com *.klarna.com wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.attn.tv *.hotjar.com https://static.hotjar.com http://ipinfo.io *.googleapis.com *.pinterest.com *.onetrust.com *.cookielaw.org *.googletagmanager.com *.facebook.net *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.fontawesome.com *.freshchat.com *.webengage.com *.webengage.co *.stackadapt.com *.lively.li *.klarnacdn.net wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.amazonaws.com *.onetrust.com *.google.com speedsize.com *.speedsize.com *.trustpilot.com 'self' 'unsafe-inline'; object-src *.caratlane.us 'self' 'unsafe-inline'; media-src *.adobe.com *.caratlane.us *.lively.li wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.freshchat.com *.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://sslwidget.criteo.com/event https://widget.us.criteo.com/event *.caratlane.com *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.caratlane.us *.stackadapt.com *.clarity.ms *.googleapis.com *.criteo.com *.mountain.com *.pinterest.com *.facebook.net wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.klarnaevt.com *.klarna.com *.lively.li *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.coolzcloud.com wss://accesshub-wss.coolzcloud.com *.zego.im wss://accesshub-wss.zego.im *.zegocloud.com wss://accesshub-wss.zegocloud.com wss://weblogger1793642705-api.coolzcloud.com *.amazonaws.com *.us-global-uscl.s3.us-east-2.amazonaws.com *.us-global-uscl.s3.amazonaws.com *.attn.tv *.attentivemobile.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.klarnaservices.com *.trustpilot.com *.onetrust.com cdn.cookielaw.org *.stripe.com klarna.com *.klarnacdn.net *.device.stripe-terminal-local-reader.net:4443/protojsonservice/JackRabbitService speedsize.com *.speedsize.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src pro.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.doubleclick.net *.iubenda.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com empressmills-uat.preview3.co.uk *.empressmills.co.uk www.google.co.uk *.google-analytics.com *.googletagmanager.com *.iubenda.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.gstatic.com *.googletagmanager.com *.hotjar.com *.iubenda.com empressmills-uat.preview3.co.uk *.empressmills.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com empressmills-uat.preview3.co.uk *.empressmills.co.uk pro.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ form-assets.mailchimp.com *.intuit.com *.amazonaws.com googleads.g.doubleclick.net www.google.co.uk *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.iubenda.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem 'self' 'unsafe-inline' https://consent.cookiefirst.com https://script.hotjar.com https://static.hotjar.com https://s.pinimg.com https://www.googletagmanager.com https://robincontentdesktop.blob.core.windows.net https://*.msecnd.net https://bat.bing.com https://surfly.com https://selfservice.robinhq.com https://robin-widget.com https://connect.facebook.net https://googleads.g.doubleclick.net; style-src-elem 'self' 'unsafe-inline' *.fontawesome.com https://consent.cookiefirst.com https://robin-widget.com; font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline' data: *.fontawesome.com *.webwinkelkeur.nl data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com 'self' 'unsafe-inline' https://www.google.com https://www.youtube-nocookie.com https://us4.campaign-archive.com/ https://js.driftt.com *.webwinkelkeur.nl https://td.doubleclick.net https://ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://*.google.nl https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net https://*.adservice.google.com https://www.mollie.com 'self' 'unsafe-inline' *.magentocommerce.com https://www.google.nl/ https://www.google.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://robincontentdesktop.blob.core.windows.net https://bat.bing.net https://bat.bing.com https://www.facebook.com https://connect.facebook.net/ https://s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com js.mollie.com 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.vimeocdn.com https://*.youtube.com https://*.doubleclick.net *.cloudflare.com https://*.disqus.com https://www.facebook.com https://connect.facebook.net https://*.fontawesome.com/ https://js.driftt.com https://*.webwinkelkeur.nl *.bootstrapcdn.com https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io https://robincontentdesktop.blob.core.windows.net https://selfservice.robinhq.com https://bat.bing.com https://*.msecnd.net https://script.hotjar.com https://static.hotjar.com https://cdn.leadinfo.net https://s.pinimg.com https://consent.cookiefirst.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline' https://robin-widget.com *.fontawesome.com https://consent.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://stream.getmetrion.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.nl https://*.googlevideo.com https://*.googleusercontent.com https://*.googledomains.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://*.adservice.google.com 'self' 'unsafe-inline' https://stats.g.doubleclick.net googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com s.ytimg.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.ggpht.com https://*.cloudflare.com *.disqus.com https://www.facebook.com https://connect.facebook.net https://*.fontawesome.com/ https://js.driftt.com https://*.webwinkelkeur.nl *.bootstrapcdn.com *.adobe.com assets.adobedtm.com https://dpm.demdex.net https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://bat.bing.net https://bat.bing.com https://vc.hotjar.io https://ct.pinterest.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://dc.services.visualstudio.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.se/api/csp-report; report-to csp-endpoint 1
default-src 'self' cdn.kvinono.cz cdn.kvinono.sk localhost 'nonce-irxfuni1gshyljkrbakm' sentry.punktero.dev; script-src 'self' cdn.kvinono.cz cdn.kvinono.sk 'unsafe-eval' blob: localhost 'nonce-irxfuni1gshyljkrbakm' pl.profitak.com cdn.jsdelivr.net kit.fontawesome.com cdnjs.cloudflare.com ajax.googleapis.com sentry.punktero.dev; style-src 'self' cdn.kvinono.cz cdn.kvinono.sk 'unsafe-inline' localhost 'nonce-irxfuni1gshyljkrbakm' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr cdn.kvinono.cz cdn.kvinono.sk 'self' 'unsafe-inline'; img-src 'self' cdn.kvinono.cz cdn.kvinono.sk data:; font-src 'self' cdn.kvinono.cz cdn.kvinono.sk data: localhost 'nonce-irxfuni1gshyljkrbakm' fonts.gstatic.com; connect-src 'self' cdn.kvinono.cz cdn.kvinono.sk *.fontawesome.com cdnjs.cloudflare.com pl.profitak.com sentry.punktero.dev; manifest-src 'self' cdn.kvinono.cz cdn.kvinono.sk ; object-src 'none'; report-uri https://punktero.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.egoi.page egoi.page *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com egoimmerce.e-goi.com *.egoimmerce.e-goi.com egoiapp2.com *.egoiapp2.com https://www.mercadolibre.com https://www.mercadolivre.com magefan.com cm.magefan.com *.disqus.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ e-goi.com *.e-goi.com egoiapp2.com *.egoiapp2.com egoi.site *.egoi.site https://secure.mlstatic.com https://cdn.socket.io *.disqus.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.egoiapp2.com egoiapp2.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com egoiapp2.com egoi.page https://api.mercadopago.com https://www.mercadolibre.com https://www.ipag.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.klarnacdn.net *.builder.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src *.cookieinformation.com *.hubspot.com *.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.sprii.shop sgtm.sparevinduer.no fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.kustom.co www.xtento.com 'self' 'unsafe-inline'; img-src *.sparvinduer.dk *.stape.net *.google.com *.bing.com *.hubspot.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.google.com bid.g.doubleclick.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com imgsct.cookiebot.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.builder.io www.google.com.ua https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.kustom.co www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.cookieinformation.com *.emaerket.dk *.sleeknote.com *.sparxpres.dk *.commoninja.com *.hs-scripts.com *.usemessages.com *.hs-analytics.net *.hs-banner.com *.clarity.ms *.sprii.shop *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com https://*.dibspayment.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.builder.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com *.kustom.co www.xtento.com cdn.xtento.com load.sgtm.sparfenster.de https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sparvinduer.dk *.sleeknote.com *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.klarnacdn.net *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src ssgtm.sparvinduer.dk *.cookieinformation.com *.sleeknote.com *.mobal.io *.commoninja.com *.hubspot.com *.clarity.ms www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com load.sgtm.sparvinduer.dk dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.builder.io *.stripe.com klarna.com *.link.com *.amazon.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.kustom.co load.sgtm.sparfenster.de https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'unsafe-inline' 'unsafe-eval' adsrvr.org *.adsrvr.org attentivemobile.com *.attentivemobile.com attn.tv *.attn.tv adnxs.com *.adnxs.com cdn-api-weglot.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com contentsquare.net *.contentsquare.net doubleclick.net *.doubleclick.net f1lasvegasgp.com *.f1lasvegasgp.com facebook.com *.facebook.com facebook.net *.facebook.net fonts.googleapis.com google-analytics.com *.google-analytics.com google.ae *.google.ae google.at *.google.at google.be *.google.be google.ca *.google.ca google.cl *.google.cl google.co.id *.google.co.id google.co.il *.google.co.il google.co.in *.google.co.in google.co.jp *.google.co.jp google.co.kr *.google.co.kr google.co.ma *.google.co.ma google.co.nz *.google.co.nz google.co.uk *.google.co.uk google.co.ve *.google.co.ve google.co.za *.google.co.za google.com *.google.com google.de *.google.de google.dk *.google.dk google.es *.google.es google.fi *.google.fi google.fr *.google.fr google.gr *.google.gr google.it *.google.it google.nl *.google.nl google.pl *.google.pl google.ro *.google.ro google.rs *.google.rs google.se *.google.se google.si *.google.si googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com jsdelivr.net *.jsdelivr.net hotjar.com *.hotjar.com licdn.com *.licdn.com linkedin.com *.linkedin.com perplexity.ai *.perplexity.ai privacy-mgmt.com *.privacy-mgmt.com salesforce-scrt.com *.salesforce-scrt.com site.com *.site.com sojern.com *.sojern.com tiktok.com *.tiktok.com tiktokw.us *.tiktokw.us vimeo.com *.vimeo.com weglot.com *.weglot.com zi-scripts.com *.zi-scripts.com zoominfo.com *.zoominfo.com google.pt *.google.pt; frame-src 'unsafe-inline' 'unsafe-eval' site.com *.site.com privacy-mgmt.com *.privacy-mgmt.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com; img-src 'unsafe-inline' 'unsafe-eval' adnxs.com *.adnxs.com adsrvr.org *.adsrvr.org attentivemobile.com *.attentivemobile.com attn.tv *.attn.tv cdn-api-weglot.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com contentsquare.net *.contentsquare.net doubleclick.net *.doubleclick.net f1lasvegasgp.com *.f1lasvegasgp.com facebook.com *.facebook.com facebook.net *.facebook.net fonts.googleapis.com google-analytics.com *.google-analytics.com google.ae *.google.ae google.at *.google.at google.be *.google.be google.ca *.google.ca google.cl *.google.cl google.co.id *.google.co.id google.co.il *.google.co.il google.co.in *.google.co.in google.co.jp *.google.co.jp google.co.kr *.google.co.kr google.co.ma *.google.co.ma google.co.nz *.google.co.nz google.co.uk *.google.co.uk google.co.ve *.google.co.ve google.co.za *.google.co.za google.com *.google.com google.de *.google.de google.dk *.google.dk google.es *.google.es google.fi *.google.fi google.fr *.google.fr google.gr *.google.gr google.it *.google.it google.nl *.google.nl google.pl *.google.pl google.pt *.google.pt google.rs *.google.rs google.ro *.google.ro google.se *.google.se google.si *.google.si googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com hotjar.com *.hotjar.com jsdelivr.net *.jsdelivr.net licdn.com *.licdn.com linkedin.com *.linkedin.com perplexity.ai *.perplexity.ai privacy-mgmt.com *.privacy-mgmt.com salesforce-scrt.com *.salesforce-scrt.com site.com *.site.com sojern.com *.sojern.com tiktok.com *.tiktok.com tiktokw.us *.tiktokw.us vimeo.com *.vimeo.com weglot.com *.weglot.com zi-scripts.com *.zi-scripts.com zoominfo.com *.zoominfo.com www.google.com.au www.google.com www.google.com.mx googleads.g.doubleclick.net www.google.com.co www.google.com.ar www.google.com.qa www.google.com.tw www.google.com.py www.google.com.br www.google.com.my www.google.com.sv google.co.bw *.google.co.bw google.co.ke *.google.co.ke google.cz *.google.cz; style-src site.com *.site.com 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com f1lasvegasgp.com *.f1lasvegasgp.com weglot.com *.weglot.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=3o7a1bvOEhAM5z6GLyoVEbhyRlm.Z.xa9opPMpRY1UI-1773715844.5033746-1.0.1.1-PEinfrb7rdrha6z2mj0yR6FcHh1lI_nrlXzTbKwA4PfjVKcenqxrmo627zrzgavursEdm_La7b9Pjy1HZSZZVkS1TgnJIdZzhPKc9e0x.5ckJk3sDoLOEG1DFRnqjjFz50axHgEjndPdIT9.6LVmwEtJmKEp9NVvE4RKF_1DqsfUQwpG0JOGsPouTr1w9iQNmHI0lqNJVqZO9KpKgD6BCA; report-to cf-nqxyupyiaeqgfdcb 1
font-src *.fontawesome.com *.gstatic.com https://fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.online-metrix.net www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.addtoany.com vimeo.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.cookielaw.org *.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ testflex.cybersource.com flex.cybersource.com *.online-metrix.net www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com js-agent.newrelic.com static.zdassets.com api.eu-1.smooch.io cdn.cookielaw.org static.addtoany.com *.googleapis.com *.typography.com *.onetrust.com *.segmentify.com *.sgmntfy.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com cloud.typography.com *.segmentify.com *.sgmntfy.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ http://dpm.demdex.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com avocahelp.zendesk.com cdn.cookielaw.org api.eu-1.smooch.io bam.nr-data.net geolocation.onetrust.com widget-mediator.zopim.com privacyportaluat.onetrust.com *.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.segmentify.com *.sgmntfy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.klarnacdn.net *.builder.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src *.cookieinformation.com *.hubspot.com *.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.sprii.shop sgtm.sparevinduer.no fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.kustom.co www.xtento.com 'self' 'unsafe-inline'; img-src *.sparvinduer.dk *.stape.net *.google.com *.bing.com *.hubspot.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.google.com bid.g.doubleclick.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com imgsct.cookiebot.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.builder.io www.google.com.ua https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.kustom.co www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.cookieinformation.com *.emaerket.dk *.sleeknote.com *.sparxpres.dk *.commoninja.com *.hs-scripts.com *.usemessages.com *.hs-analytics.net *.hs-banner.com *.clarity.ms *.sprii.shop *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com https://*.dibspayment.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.builder.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com *.kustom.co www.xtento.com cdn.xtento.com load.sgtm.sparvinduer.dk https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sparvinduer.dk *.sleeknote.com *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.klarnacdn.net *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src ssgtm.sparvinduer.dk *.cookieinformation.com *.sleeknote.com *.mobal.io *.commoninja.com *.hubspot.com *.clarity.ms www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com load.sgtm.sparvinduer.dk dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.builder.io *.stripe.com klarna.com *.link.com *.amazon.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.kustom.co https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua maps.gstatic.com 1rx.io *.1rx.io 360yield.com *.360yield.com 3lift.com *.3lift.com adnxs.com *.adnxs.com billiger.de *.billiger.de bing.com *.bing.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.de *.google.de idealo.com *.idealo.com media.net *.media.net omnitagjs.com *.omnitagjs.com roeye.com *.roeye.com roeyecdn.com *.roeyecdn.com sharethrough.com *.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com teads.tv *.teads.tv tremorhub.com *.tremorhub.com twiago.com *.twiago.com uimserv.net *.uimserv.net usd.de *.usd.de usercentrics.eu *.usercentrics.eu yieldlab.net *.yieldlab.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com https://a.timeshop24.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com bing.com *.bing.com criteo.com *.criteo.com cdnsrv.de *.cdnsrv.de clickcease.com *.clickcease.com df-srv.de *.df-srv.de fatmedia.io *.fatmedia.io facebook.net *.facebook.net id5-sync.com *.id5-sync.com kuponacdn.de *.kuponacdn.de livechatinc.com *.livechatinc.com pinimg.com *.pinimg.com roeyecdn.com *.roeyecdn.com shopgate.com *.shopgate.com uicdn.com *.uicdn.com usercentrics.eu *.usercentrics.eu googletagmanager.com *.googletagmanager.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com https://www.dwin1.com https://a.timeshop24.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com googletagmanager.com *.googletagmanager.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com livechatinc.com *.livechatinc.com pinterest.com *.pinterest.com usercentrics.eu *.usercentrics.eu *.wepowerconnections.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://a.timeshop24.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https://higherlogiccloudfront.s3.amazonaws.com https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://cdn.jsdelivr.net/jquery.slick/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.aspnetcdn.com/ajax/ https://use.fortawesome.com/ https://cdn.informz.net https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com 'self' https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'unsafe-eval' https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js; font-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d2x5ku95bkycr3.cloudfront.net https://fonts.googleapis.com/ https://higherlogiccloudfront.s3.amazonaws.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self' https://fonts.gstatic.com/ https://d1u9edeg3iwvk4.cloudfront.net data: https://cdn.jsdelivr.net/jquery.slick/; script-src-elem https://static.filestackapi.com/filestack-js/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://ajax.aspnetcdn.com/ajax/ https://static.filestackapi.com/picker/ 'unsafe-eval' 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'self' https://securepubads.g.doubleclick.net/; media-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-stream.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self'; style-src https://cdnjs.cloudflare.com/ajax/libs/prism/ https://use.fortawesome.com/ 'unsafe-inline' https://cdn.jsdelivr.net/jquery.slick/ https://d3uf7shreuzboy.cloudfront.net/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ 'self' https://ajax.googleapis.com/ajax/libs/jqueryui/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://fonts.googleapis.com/ https://d1u9edeg3iwvk4.cloudfront.net; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.youtube.com/embed/ https://api.connectedcommunity.org/ 'self' https://securepubads.g.doubleclick.net/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob: https://securepubads.g.doubleclick.net/ https://pagead2.googlesyndication.com/; manifest-src 'self'; img-src https://cdn.jsdelivr.net/jquery.slick/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://static.filestackapi.com/picker/ https://img.youtube.com/vi/ blob: 'self' https://d2x5ku95bkycr3.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/; object-src 'none'; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://*.connectedcommunity.org/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' abcdaconstrucao.com.br *.abcdaconstrucao.com.br wake-components.fbitsstatic.net abcdaconstrucao.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.ebit.com.br *.moz.com *.googleadservices.com *.btg360.com.br *.clearsale.com.br *.targeting.voxus.com.br cdn.targeting.voxus.com.br api.ipify.org api.voxus.tv *.loggly.com *.voxus.com.br targeting.voxus.tv *.google.com.br google-analytics.com *.google-analytics.com *.googleapis.com storage.googleapis.com *.googletagmanager.com *.g.doubleclick.net *.criteo.net *.criteo.com *.plataformasocial.com.br *.lomadee.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.*hotjar.com *.hotjar wss://ws4.hotjar.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com connect.facebook.net static.fbits.net *.segment.com *.securiti.ai *.pingdom.net *.clarity.ms *.1rocket.io *.dito.com.br *.segment.io *.abcdaconstrucao.com.br produtos.abcdaconstrucao.com.br produtos.devabc.com.br *.marketingautomation.services *.getblue.io dzpxyxks1bfmb.cloudfront.net *.digitalabc.com.br *.gstatic.com gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net maps.googleapis.com samuraiexpertsstorage.blob.core.windows.net ameprod.azurewebsites.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com checkout.abcdaconstrucao.com.br *.tiktok.com *checkout.abcdaconstrucao.com.br *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.abcevoce.com.br *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io leadwake.br-s1.cloudhub.io cdn.jsdelivr.net *.3dsecure.io viacep.com.br *.visa.com *.hkdk.events *.wake.tech hkdk.events *.goadopt.io axeptio-api.goadopt.io *.unpkg.com *.amazonaws.com *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.abcdaconstrucao.com.br abcdaconstrucao.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-n8qXk2onsKEaO5JzNoT_EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.ch/api/csp-report; report-to csp-endpoint 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.worldpay.com *.nosto.com *.nos.to https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ lpcdn.lpsnmedia.net www.facebook.com cdn.knightlab.com *.worldpay.com *.nosto.com *.nos.to https://pay.google.com https://secure-test.worldpay.com *.dotdigital-pages.com *.dotdigital.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.afd.co.uk *.bing.com www.facebook.com www.google.co.in www.google.com *.clarity.ms cdn-ukwest.onetrust.com www.googletagmanager.com *.nosto.com *.nos.to *.cloudflare.com *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cm www.google.co.bw www.google.co.id www.google.co.il www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.so www.google.tn www.google.tt www.google.vu *.google.com *.hotjar.com *.onetrust.com s3.amazonaws.com *.trackedweb.net *.trustpilot.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://www.google.com *.afd.co.uk *.lpsnmedia.net bat.bing.com cdn-ukwest.onetrust.com *.googleapis.com *.liveperson.net survey.g.doubleclick.net *.google.co.in *.google.com *.clarity.ms analytics.webgains.io connect.facebook.net *.newrelic.com *.nr-data.net *.worldpay.com *.varify.io tagmanager.google.com *.nosto.com *.nos.to https://www.google.com/recaptcha/api.js https://www.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.bing.com *.doubleclick.net *.facebook.com *.facebook.net *.hotjar.com *.klevu.com *.onetrust.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.nosto.com *.nos.to *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com d21m4dsqdd3b9h.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.onetrust.com stats.g.doubleclick.net *.clarity.ms widget.trustpilot.com *.nr-data.net *.afd.co.uk analytics.google.com region1.google-analytics.com *.nosto.com *.nos.to https://www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.bing.com *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.bw www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gg www.google.gl www.google.gr www.google.gy www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.lk www.google.lt www.google.lv www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.sh www.google.si www.google.sk www.google.tn www.google.tt *.hotjar.com *.hotjar.io *.trustpilot.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://708f9030-f3a8-4d71-9a62-c459d3d729dd.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.googletagmanager.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.blacksonblondes.com *.dfxtra.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.blacksonblondes.com *.dfxtra.com join.gammasecure.com; script-src 'self' *.blacksonblondes.com *.dfxtra.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.blacksonblondes.com *.dfxtra.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com self data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.versapay.com *.paynup.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.paynup.com *.versapay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com bulknaturaloils.com services.postcodeanywhere.co.uk adobe.com www.google.co.in d10lpsik1i8c69.cloudfront.net www.google.nl blob: bat.bing.com bat.bing.net *.bulknaturaloils.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com self unsafe-inline unsafe-eval *.bulknaturaloils.com connect.facebook.net www.connect.facebook.net jedwa11111.pcapredict.com www.jedwa11111.pcapredict.com stats.g.doubleclick.net services.postcodeanywhere.co.uk ecommerce-api-uat.versapay.com ecommerce-api.versapay.com static.addtoany.com static.addtoany.com/menu/modules/core.BRQnzO8v.js static.addtoany.com/menu/svg/icons/facebook.js static.addtoany.com/menu/svg/icons/twitter.js d10lpsik1i8c69.cloudfront.net analytics.tiktok.com *.tiktok.com bat.bing.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.versapay.com *.paynup.com self unsafe-inline bulknaturaloils.com services.postcodeanywhere.co.uk adobe.com *.bulknaturaloils.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com self unsafe-inline d10lpsik1i8c69.cloudfront.net *.bulknaturaloils.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com services.postcodeanywhere.co.uk stats.g.doubleclick.net adobe.com settings.luckyorange.net wss://visitors.live wss://in.visitors.live example.com pagead2.googlesyndication.com analytics.tiktok.com self unsafe-inline bat.bing.net bat.bing.com *.bulknaturaloils.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com pay.google.com play.google.com *.autopay.eu cdn.dnky.co webchat.dotdigital.com secure.payu.com merch-prod.snd.payu.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu static.payu.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io secure.payu.com secure.snd.payu.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.autopay.eu *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com www.apptrian.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://pista.rs https://www.pistafashion.rs https://pistafashion.b-cdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com http://s7.addthis.com s.adroll.com d.adroll.com mc.yandex.ru js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net mc.yandex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xx-UBcgjQhZ4N47QRUxoNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.doubleclick.net *.googletagmanager.com js.mollie.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.mk *.google.nl *.facebook.com https://www.mollie.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com/recaptcha/api.js *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.feedbackcompany.com *.cookiecode.nl *.facebook.net *.addthis.com *.googletagmanager.com *.hotjar.com *.tekno.nl js.mollie.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.nr-data.net *.demdex.net *.feedbackcompany.com *.facebook.com *.cookiecode.nl *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.google-analytics.com *.tekno.nl api.addressy.com landofcoder.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ecomwise.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com js.mollie.com *.multisafepay.com https://pay.google.com www.xtento.com *.pakketdienstqls.nl *.nauticgear.nl *.12volttv.nl www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com imgsct.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com *.multisafepay.com www.google.com.ua www.xtento.com cdn.xtento.com *.klaviyo.com bat.bing.net bat.bing.com *.nauticgear.nl https://sstdata.nauticgear.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com consent.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.mollie.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com *.nauticgear.nl *.12volttv.nl *.cookiefirst.com *.klaviyo.com bat.bing.net bat.bing.com *.profitmetrics.io *.clarity.ms *.googlesyndication.com https://sstdata.nauticgear.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.multisafepay.com *.klaviyo.com *.nauticgear.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.multisafepay.com *.nauticgear.nl bat.bing.net bat.bing.com *.profitmetrics.io *.clarity.ms https://sstdata.nauticgear.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com www.googleadservices.com www.googletagmanager.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Z6WHOMPVmZIrrrjfIGm2wQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://cdn-app.sberdevices.ru; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' abt.s3.yandex.net mapgl.2gis.com https://ad.adriver.ru https://cdn-app.sberdevices.ru/ https://code.jivo.ru/widget/CVgSX9az2t https://code.jivo.ru/widget/3PUKdqHYcF https://code.jivo.ru/js/bundle_ru_RU.js https://mc.yandex.ru https://top-fwz1.mail.ru/js/code.js https://vk.com/js/api/openapi.js https://www.gstatic.com https://ai.github.io/audio-recorder-polyfill/polyfill.js https://sberdevices.smcrm.sber.ru https://static.smcrm.sber.ru/formPage.min.js https://static.crm.sbc.space/formPage.min.js https://b2b-bundle.crm.sbc.space https://app.sbercrm.com https://smartcaptcha.yandexcloud.net https://captcha-api.yandex.ru; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn-app.sberdevices.ru https://code.jivo.ru https://static.smcrm.sber.ru/formPage.min.css https://static.crm.sbc.space/formPage.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' blob: uaas.yandex.ru *.2gis.com https://clickbeat.sberdevices.ru https://api.eye.sbdv.ru https://cbdv.dev.sberdevices.ru http://127.0.0.1:29009 http://127.0.0.1:30102 ymetrica1.com yandexmetrica.com:30103 yandexmetrica.com:29010 https://mc.yandex.md https://mc.yandex.by https://mc.yandex.kz https://sm-smart-proxy-ift.apps.sgmd.sberdevices.ru https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com https://sentry-api.sberdevices.ru https://cdn-app.sberdevices.ru https://mc.yandex.ru https://metrics.prom.third-party-app.sberdevices.ru https://top-fwz1.mail.ru https://vk.com https://node-sber1-az1-1.jivosite.com https://telemetry.jivosite.com/w https://app.kizen.com https://yandexmetrica.com https://crm.sbc.space https://smcrm.sber.ru https://mc.yandex.com wss://*.jivosite.com wss://*.jivo.ru https://*.jivo.ru https://app.sbercrm.com https://smartcaptcha.yandexcloud.net https://captcha-api.yandex.ru; font-src 'self' data: https://cdn-app.sberdevices.ru https://static.smcrm.sber.ru https://static.crm.sbc.space https://fonts.gstatic.com https://app.sbercrm.com; frame-src 'self' https://giga.chat https://content.adriver.ru https://www.youtube.com https://vk.com https://player.vimeo.com https://www.google.com https://mc.yandex.ru https://mc.yandex.md https://www.youtube-nocookie.com https://*.sberdevices.ru https://smartcaptcha.yandexcloud.net https://captcha-api.yandex.ru; img-src 'self' data: https://top-fwz1.mail.ru https://favicon.yandex.net https://code.jivo.ru https://i.vimeocdn.com https://vk.com https://vk.com/rtrg https://www.googletagmanager.com https://i.ytimg.com https://www.google.md/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://cdn-app.sberdevices.ru https://vk.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://mc.yandex.ru https://files.jivo.ru https://mc.yandex.md https://mc.yandex.com; manifest-src 'self'; media-src data: 'self' https://code.jivo.ru https://cdn-app.sberdevices.ru; frame-ancestors https://giga.chat; report-uri https://sentry-api.sberdevices.ru/api/53/security/?sentry_key=1d9e9a95a396490881ec047a092a0639; worker-src 'none' 1
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data: *.typekit.net; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data: *.typekit.net; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self';   script-src 'self'     https://www.google-analytics.com     https://www.googletagmanager.com     https://static.zdassets.com     https://tag.goadopt.io     https://cdn.cookielaw.org     https://static.addtoany.com     https://vlibras.gov.br     'unsafe-inline' 'unsafe-eval';   style-src  'self' 'unsafe-inline';   font-src   'self' data:;   img-src    'self' https: data:;   connect-src 'self' https:;   frame-src  https:;   base-uri   'self';   object-src 'none'; 1
font-src *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es maps.gstatic.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com cdn.ampproject.org www.googleapis.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-AbSNqrnOyraBY4gQKDqTHX6JgdV57t5JOt4dS9AaGJKFNle5QSu1Jw' piwik.f7.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data:; base-uri 'self'; font-src 'self' data:; style-src-elem 'self' 'nonce-AbSNqrnOyraBY4gQKDqTHX6JgdV57t5JOt4dS9AaGJKFNle5QSu1Jw' report-sample 'report-sample'; worker-src blob: 'report-sample'; style-src 'self' 'nonce-AbSNqrnOyraBY4gQKDqTHX6JgdV57t5JOt4dS9AaGJKFNle5QSu1Jw' 'report-sample'; connect-src 'self' piwik.f7.de; report-uri https://f7.de/@http-reporting?csp=report&requestTime=1773718698801320&requestHash=adefe7cdde6b123f0b3f79d543c36eebe1ba581f 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.ad-srv.net hal9000.redintelligence.net test.saferpay.com www.saferpay.com saferpay.com *.google.com *.google.de *.podigee.com *.doubleclick.net platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.etracker.com https://*.etracker.de *.awin1.com *.zenaps.com *.wepowerconnections.com *.roeye.com *.sciencebehindecommerce.com test.saferpay.com www.saferpay.com saferpay.com *.strunz.com *.spoc.one *.splendid-prelive.de *.google.de *.google.com secure.adnxs.com *.google-analytics.com *.etracker.com *.etracker.de *.gstatic.com flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.etracker.com https://*.etracker.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.ad-srv.net *.bounce-commerce.de *.kuponacdn.de *.fatmedia.io test.saferpay.com www.saferpay.com saferpay.com *.google.com *.gstatic.com *.podigee.com *.etracker.com *.etracker.de maps.googleapis.com twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.etracker.de *.wepowerconnections.com https://the.sciencebehindecommerce.com *.bounce-commerce.de test.saferpay.com www.saferpay.com saferpay.com *.demdex.net *.google-analytics.com *.google.com stats.g.doubleclick.net *.etracker.com *.etracker.de *.sciencebehindecommerce.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.dwin1.com test.saferpay.com www.saferpay.com saferpay.com strunz.com *.strunz.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.strunz.com/cspreports/report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-i6NkCT1CoDoVzM7ooOMORg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com www.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.trackedlink.net *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com www.xtento.com cdn.xtento.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.attn.tv events.attentivemobile.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com www.xtento.com cdn.xtento.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.attn.tv events.attentivemobile.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://interfaces.zapier.com https://*.zapier.app https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.trackedlink.net *.ddlnk.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://interfaces.zapier.com https://dapi.videoly.co https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.eckeroline.fi 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https:; report-uri https://f4c37aabed4c3b2ba170384e4d35db74.report-uri.com/r/d/csp/reportOnly 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.lampesdirect.fr data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.lampesdirect.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.lampesdirect.fr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://*.test.voxteneo.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://portal.payconiq.com https://static.buckaroo.nl https://maps.googleapis.com https://maps.gstatic.com imgsct.cookiebot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com consent.cookiebot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'report-sample'; report-uri https://typo3.community/@http-reporting?csp=report&requestTime=1773712422911984&requestHash=be0b4d8836dba8b6c34d2977618c16a59d77cb7a 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ https://www.youtube.com js.mollie.com https://www.googletagmanager.com https://www.paypal.com https://vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com https://www.gstatic.com https://*.trustedshops.com https://zigarre-de.alterspruefung365.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.google.com/ js.mollie.com https://static-eu.payments-amazon.com https://*.braintreegateway.com https://integrations.etrusted.com https://www.google-analytics.com https://pay.google.com https://www.google.com/recaptcha https://www.googletagmanager.com https://cdn.klarna.com https://*.paypal.com https://widgets.trustedshops.com https://zigarre-de.alterspruefung365.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.sendcloud.sc *.jsdelivr.net https://widgets-qa.trustedshops.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://*.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://*.klaviyo.com https://*.trustedshops.com https://zigarre-de.alterspruefung365.de unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://payments-eu.amazon.com https://payments.amazon.de https://*.braintreegateway.com https://integrations.etrusted.com https://cdn.klarna.com https://*.klaviyo.com https://d.ratepay.com https://secure.pay1.de https://zigarre-de.alterspruefung365.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://b9u7tqjq.uriports.com/reports/report; report-to default 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://*.cloudflareinsights.com     https://*.pingdom.net     https://pingdom.net     https://*.googletagmanager.com     https://*.google.com     https://google.com     https://*.gstatic.com     https://gstatic.com     https://*.googleapis.com     https://googleapis.com     https://*.facebook.net     https://facebook.net;  script-src-elem 'self' 'unsafe-inline'     https://*.cloudflareinsights.com     https://*.pingdom.net     https://pingdom.net     https://*.googletagmanager.com     https://*.google.com     https://google.com     https://*.gstatic.com     https://gstatic.com     https://*.googleapis.com     https://googleapis.com     https://*.dinkytown.net     https://dinkytown.net     https://*.vimeo.com     https://vimeo.com     https://*.cloudflare.com     https://cloudflare.com     https://*.jsdelivr.net     https://jsdelivr.net     https://*.linkedin.com     https://linkedin.com     https://*.google-analytics.com     https://google-analytics.com     https://*.wufoo.com     https://wufoo.com     https://*.facebook.net     https://facebook.net;  style-src 'self' 'unsafe-inline'     https://*.googleapis.com     https://googleapis.com;  style-src-elem 'self' 'unsafe-inline'     https://*.googleapis.com     https://googleapis.com     https://*.dinkytown.net     https://dinkytown.net     https://*.jsdelivr.net     https://jsdelivr.net     https://*.honey.io     https://honey.io     https://*.gstatic.com     https://gstatic.com     https://*.cloudflare.com     https://cloudflare.com;  style-src-attr 'self' 'unsafe-inline';  font-src 'self' data:     https://*.gstatic.com     https://gstatic.com     https://*.wp.com     https://wp.com     https://*.slant.co     https://slant.co     https://*.cloudflare.com     https://cloudflare.com;  connect-src 'self'     https://*.google-analytics.com     https://google-analytics.com     https://*.pingdom.net     https://pingdom.net     https://*.google.com     https://google.com     https://*.gstatic.com     https://gstatic.com     https://*.googleapis.com     https://googleapis.com     https://*.bpas.com     https://bpas.com     https://*.googletagmanager.com     https://*.yoast.com     https://yoast.com;  img-src 'self' data: blob:     https://*.googletagmanager.com     https://*.googleapis.com     https://googleapis.com     https://*.gstatic.com     https://gstatic.com     https://*.google.com     https://google.com     https://*.shortpixel.ai     https://shortpixel.ai     https://*.bpas.com     https://bpas.com     https://*.google-analytics.com     https://google-analytics.com     https://*.vimeocdn.com     https://vimeocdn.com     https://*.honey.io     https://honey.io     https://*.gravatar.com     https://gravatar.com     https://*.fooplugins.com     https://fooplugins.com     https://*.wpengine.com     https://wpengine.com;  frame-src 'self'     https://*.google.com     https://google.com     https://*.vimeo.com     https://vimeo.com     https://*.wufoo.com     https://wufoo.com     https://*.dinkytown.net     https://dinkytown.net     https://*.monday.com     https://monday.com     https://*.docusign.net     https://docusign.net     https://tpa.fsastore.com;  media-src 'self' data:;  worker-src 'self' blob:;  report-uri https://csp-reporter.carbon-094.workers.dev/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https: 'report-sample'; script-src-elem 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self' https://www.officebusters.com https://www.officebusters.co.jp; block-all-mixed-content; report-uri https://csp-report-receiver.azurewebsites.net/api/report?v=0.51; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://geowidget.easypack24.net *.fontawesome.com 'self' data: fonts.googleapis.com cdnjs.cloudflare.com *.cepd.tech *.fera.pl static.fera.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com apm.przelewy24.pl https://parcelshop.dhl.pl/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl gstatic.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.google.com *.google.pl *.cepd.tech media.fera.pl static.fera.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com https://geowidget.easypack24.net *.easypack24.net https://geowidget.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.disqus.com https://cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://sandbox-easy-geowidget-sdk.easypack24.net *.hsforms.net *.hsforms.com *.gstatic.com *.snrbox.com connect.facebook.net static.fera.pl *.cepd.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.google.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://cdn.jsdelivr.net *.fontawesome.com assets.braintreegateway.com https://sandbox-easy-geowidget-sdk.easypack24.net *.gstatic.com *.snrcdn.net cdnjs.cloudflare.com *.google.com *.cepd.tech static.fera.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.cepd.tech *.fera.pl media.fera.pl static.fera.pl 'self' 'unsafe-inline'; manifest-src *.cepd.tech *.fera.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googletagmanager.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.snrbox.com *.doubleclick.net *.googlesyndication.com *.cepd.tech *.fera.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sDb5o4EcPJ4XN2-E4N5OLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src 'self'; report-uri https://www.the3day.org/site/XFrameViolation 1
font-src https://*.coveo.com *.force.com https://fonts.gstatic.com/ https://*.e-spirit.cloud https://*.google.at 'self' https://*.e-spirit.hosting blob: https://*.hotjar.io https://fonts.gstatic.com https://*.sto-net.com https://*.google.be https://*.google.ch https://*.sto.de *.salesforce.com https://maps.a.forceusercontent.com https://*.google.it https://www.u-wertrechner.de data:; report-to sfdc-csp-ep; report-uri https://ebsone.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D2p0000012lht&networkId=0DM2p000000c3Ak&type=communities 1
default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 1
object-src 'none';base-uri 'self';script-src 'nonce-LfUsytbhvSys6Zkb8_KAEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.lampdirect.be/nl data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.lampdirect.be/nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.lampdirect.be/nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-x9HezFS0DQEjZmaCbaJVxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'sha256-FgsRaC2wBMgmedvk2SXcGKsyBm50noDD3zf6UJRVP7k=' 'sha256-sIipYTcDXago7BpGL7wl7yB1iyTRXgSUHMp2v3kNC4I=' 'sha256-2Qvq1ZFy2JexWoTCsWb3nXre5pYhIM6l1B98+1EqIlc=' 'sha256-Rsmtt0AsshyP5tiWY1DxT2qh/HpD6r5kvaGCeicOiWQ=' 'sha256-1xuiy3MqFFVkOxnVMJ3DhLzEgZsJVXKwvM1aQ3m67FU=' 'sha256-D9AOuhvW2pdpSpw5pcjiiGRL2wIJlo803FQriOAeJQA=' 'sha256-9fUduH8H6H2qqoIUT9CZTWSWc3qy8gAzpn6PpB2vlsc=' 'sha256-5qYFuvhns+xjRODaV9/ehkmO/8NzZaAcNWTuzup3yUA=' 'sha256-vdLoM684v2tlPllVwTa6zCbIIaJV17lcDPV+vQE1jkE=' 'sha256-OfPAsCm/8I9s314sbXuIAbU5vl5iefFBgEMKVFAeRLw=' 'sha256-Ch5ldUlPTacuox1ug3oUOGNJcvIb7m1xEzlsxVYSzLY=' 'sha256-VFMgclD6e3bBOHH9570M8KQ7e0WGZJKxshOciJ7vxYA=' 'sha256-4pddxvOWXRP/eY8qInSuIyad1dVUQDMV35GYRMdWl0M=' 'sha256-GYNiwrOA+cdO5DjYkz3C1hF4qOJkPNui5I+oAGXswQM=' 'sha256-Xl3KAp9nsVVEV64As4eztFIxtx/n4fbkEgxCgs8fniE=' 'sha256-aEf2gs+Z0gX8jabqlKcEdFYyn7NrW2yzMWj3YZY8hXI=' https://widget.iflat.io https://apimacro.interstroi.com.ru https://code.jivo.ru https://*.roistat.com https://cdn.botfaqtor.ru https://st.top100.ru https://counter.rambler.ru https://mc.yandex.ru https://smartcaptcha.yandexcloud.net https://api-maps.yandex.ru https://yastatic.net; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https://counter.rambler.ru https://mc.yandex.ru https://yastatic.net https://files.jivosite.com https://code.jivo.ru; font-src 'self' data: https:; connect-src 'self' https://mc.yandex.md  https://iflat.io https://cnt.rambler.ru https://kraken.rambler.ru https://5-182-5-41.botfaqtor.ru https://node-sber1-az1-24.jivosite.com https://telemetry.jivosite.com https://gw.botfaqtor.ru https://code.jivo.ru https://mc.yandex.ru wss://mc.yandex.ru wss://vi-sber1-23.jivosite.com; report-uri /csp-reports; 1
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu https://apis.google.com static.zdassets.com buerostuhl24.app.baqend.com www.dwin1.com unpkg.com widget.trustpilot.com bat.bing.com invitejs.trustpilot.com lantern.roeyecdn.com www.googletagmanager.com s.pinimg.com s.kk-resources.com ct.beslist.nl dynamic.criteo.com data.bureaustoel24.nl www.google.com connect.facebook.net widgets.trustedshops.com googleads.g.doubleclick.net www.gstatic.com static.trbo.com api-v4.trbo.com sslwidget.criteo.com integrations.etrusted.com static.hotjar.com data.buerostuhl24.com secure.pay1.de script.hotjar.com tm708.ad-srv.net tm706.ad-srv.net tm.ad-srv.net ct.pinterest.com tm716.ad-srv.net data.sillasdeoficina24.es static-eu.payments-amazon.com cdn.jsdelivr.net snap.licdn.com tm710.ad-srv.net data.buerostuhl24.at tm701.ad-srv.net data.hjh-office.fr tm720.ad-srv.net data.hjh-office.se data.buerostuhl24.ch tm722.ad-srv.net tm712.ad-srv.net sibforms.com widget-mediator.zopim.com data.hjh-office.fi tm702.ad-srv.net tm724.ad-srv.net tm723.ad-srv.net tm709.ad-srv.net tm718.ad-srv.net tm707.ad-srv.net tm715.ad-srv.net tm711.ad-srv.net data.hjh-office.it tm719.ad-srv.net tm704.ad-srv.net tm703.ad-srv.net tm721.ad-srv.net www.moebel.de www.awin1.com data.hjh-office.dk 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu webcache-eu.datareporter.eu integrations.etrusted.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com webcachex-eu.datareporter.eu https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://plumrocket.com *.yotpo.com www.sillasdeoficina24.es www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com www.xtento.com https://plumrocket.com *.trustpilot.com *.yotpo.com gum.criteo.com ct.pinterest.com collect.trbo.com fledge.eu.criteo.com tm708.ad-srv.net td.doubleclick.net tm706.ad-srv.net tm722.ad-srv.net ad.ad-srv.net my.meetergo.com tm710.ad-srv.net tm720.ad-srv.net gumi.criteo.com static.criteo.net tm718.ad-srv.net tm701.ad-srv.net tm716.ad-srv.net tm702.ad-srv.net tm712.ad-srv.net tm723.ad-srv.net www.facebook.com tm707.ad-srv.net tm715.ad-srv.net tm711.ad-srv.net tm704.ad-srv.net tm703.ad-srv.net tm721.ad-srv.net tm719.ad-srv.net tm709.ad-srv.net www.instagram.com www.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.awin1.com *.zenaps.com *.wepowerconnections.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: *.yotpo.com buerostuhl24.app.baqend.com www.buerostuhl24.at www.facebook.com bat.bing.net www.google.nl lantern.roeye.com bat.bing.com www.buerostuhl24.com visitor.omnitagjs.com rtb-csync.smartadserver.com r.casalemedia.com id5-sync.com x.bidswitch.net ib.adnxs.com ad.360yield.com gum.criteo.com sync-t1.taboola.com cm.g.doubleclick.net px.ads.linkedin.com img.idealo.com www.google.de a.twiago.com matching.ivitrack.com www.hjh-office.se www.buerostuhl24.ch collect.trbo.com www.bureaustoel24.nl www.google.co.in static.trbo.com contextual.media.net sync.outbrain.com match.sharethrough.com jadserve.postrelease.com sync.1rx.io exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com eb2.3lift.com sync-criteo.ads.yieldmo.com criteo-partners.tremorhub.com e1.emxdgt.com dis.criteo.com ad.yieldlab.net criteo-sync.teads.tv www.hjh-office.fi www.google.ch px4.ads.linkedin.com www.hjh-office.it www.google.es www.google.at s.kelkoogroup.net www.google.it pagead2.googlesyndication.com v2assets.zopim.io www.google.be data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.adyen.com tagmanager.google.com https://www.googletagmanager.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.datareporter.eu *.plugins.emarsys.net *.scarabresearch.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com data.hjh-office.fr www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.gstatic.com *.trustpilot.com *.yotpo.com https://apis.google.com buerostuhl24.app.baqend.com static.zdassets.com data.buerostuhl24.com static.hotjar.com tm706.ad-srv.net tm.ad-srv.net script.hotjar.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://webcache.datareporter.eu d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.gstatic.com *.trustpilot.com *.yotpo.com webcache-eu.datareporter.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com https://www.google-analytics.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.datareporter.eu *.scarabresearch.com *.eservice.emarsys.net payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.yotpo.com ekr.zdassets.com ct.pinterest.com hjhoffice.zendesk.com buerostuhl24.app.baqend.com data.bureaustoel24.nl wss://widget-mediator.zopim.com bat.bing.net data.hjh-office.dk px.ads.linkedin.com data.buerostuhl24.com vc.hotjar.io pagead2.googlesyndication.com data.buerostuhl24.at measurement-api.criteo.com payments-de.amazon.com data.sillasdeoficina24.es bat.bing.com data.hjh-office.fr data.hjh-office.se data.buerostuhl24.ch ct.beslist.nl ws://localhost:12387 sslwidget.criteo.com data.hjh-office.fi www.facebook.com data.hjh-office.it d158d42c.sibforms.com s.kelkoogroup.net invitejs.trustpilot.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.buerostuhl24.com/rest/all/V1/cspmanager/frontend_report; 1
font-src *.googleapis.com maxcdn.bootstrapcdn.com *.yoursurprise.com *.gstatic.com www.budgetplan.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.cookiebot.com *.gstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com dev.visualwebsiteoptimizer.com *.yoursurprise.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ts.tradetracker.net www.magmodules.eu www.budgetplan.nl www.facebook.com bat.bing.com www.google.nl sgtm.budgetplan.nl ib.adnxs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.google-analytics.com bam.nr-data.net dev.visualwebsiteoptimizer.com *.cookiebot.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.googleapis.com yspimages-yoursurprisecom.netdna-ssl.com yspimages.net *.yoursurprise.nl *.yoursurprise.com *.trackedlink.net *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net www.budgetplan.nl www.feedbackcompany.com s.pinimg.com bat.bing.com static2.creative-serving.com connect.facebook.net www.clickcease.com static2.creative-serving.org ct.pinterest.com ads.creative-serving.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.googleapis.com maxcdn.bootstrapcdn.com yspimages-yoursurprisecom.netdna-ssl.com *.yoursurprise.nl *.yoursurprise.com unsafe-inline assets.braintreegateway.com www.budgetplan.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com bam.nr-data.net *.yoursurprise.nl *.yoursurprise.com *.gstatic.com *.newrelic.com *.googlesyndication.com *.google.com *.google.ie api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com www.budgetplan.nl www.feedbackcompany.com consentcdn.cookiebot.com sgtm.budgetplan.nl ct.pinterest.com bat.bing.com z.clarity.ms id5-sync.com ad.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.buckaroo.nl *.googlesyndication.com *.google.com *.google.ie *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src *; frame-src *; img-src * data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
default-src 'none'; script-src 'self'; script-src-elem 'self' https://assets.adobedtm.com https://cdn.segment.com https://cdn.pendo.io https://*.qualtrics.com; script-src-attr 'none'; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://data.pendo.io data:; frame-src 'self' data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://faro-collector-prod-eu-west-0.grafana.net https://dpm.demdex.net https://cdn.pendo.io https://data.pendo.io https://*.qualtrics.com https://*.microblink.com/api/ https://lon-prod-sar-export.s3.eu-west-2.amazonaws.com https://lon-prod-asset-store.s3.eu-west-2.amazonaws.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri /api/csp-reports; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.knitpro.eu *.lightwidget.com cdn.lightwidget.com *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.knitpro.eu *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypalobjects.com cdn.lightwidget.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.knitpro.eu *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypalobjects.com cdn.lightwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.knitpro.eu *.lightwidget.com cdn.lightwidget.com *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.doubleclick.net *.localhost:12387 *.googletagmanager.com *.paypalobjects.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypalobjects.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.knitpro.eu cdn-static.knitpro.eu cdn-media.knitpro.eu *.lightwidget.com cdn.lightwidget.com *.facebook.net *.google.co.in *.facebook.com *.doubleclick.net *.localhost:12387 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.knitpro.eu cdn-static.knitpro.eu cdn-media.knitpro.eu *.lightwidget.com cdn.lightwidget.com *.facebook.net *.google.co.in *.facebook.com *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.knitpro.eu *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com cdn.lightwidget.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.knitpro.eu *.lightwidget.com cdn.lightwidget.com *.facebook.net *.google.co.in *.facebook.com cdn-static.knitpro.eu cdn-media.knitpro.eu *.doubleclick.net *.localhost:12387 *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=18688&v=v1.0&payload=NQYe0s18mY9nS25t8urQrtqv-BkKl5DcpXqYDopMhWzvzwiUS_k4SH6d4zQ0YUPYCblXBVfsjszuO03W5cogxUiAmgwKqIYtB5_M4Y4VsB9b_-tJ8vYUf0VR7P9BzP0HDowp1WCnMr8wV5D7CAvhFfxXCXLN7dvYzzp87h7OA5S1Cm9JsgiZvnZX_AeXhcHakiTQ0cNsbmPKir2oFyrU1A==; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net;                                             connect-src 'self' http://eleshop.jp https://analytics.google.com https://d1e0o6v14ruu14.cloudfront.net https://eleshop.jp https://googleads.g.doubleclick.net https://overbridgenet.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.co.jp https://www.google.co.th https://www.google.com https://www.google.com.tw https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com;                                             font-src 'self' data: https://r2cdn.perplexity.ai;                                             frame-src 'self' http://eleshop.jp https://api.kuronekoyamato.co.jp https://eleshop.jp https://gateway.zscloud.net https://m5stack-doc.oss-cn-shenzhen.aliyuncs.com https://platform.twitter.com https://ptwebcollect.jp https://pwm-image.trendmicro.jp https://safe.menlosecurity.com https://syndication.twitter.com https://vine.co https://web.facebook.com https://www.facebook.com https://www.youtube.com;                                             img-src 'self' data: http://eleshop.jp http://kyohritsu.com http://www.kyohritsu.com http://bit-trade-one.co.jp http://livedoor.blogimg.jp https://a.pololu-files.com https://cdn.shopify.com https://d2air1d4eqhwg2.cloudfront.net https://developer.d-robotics.cc https://doc.switch-science.com https://eleshop.jp https://googleads.g.doubleclick.net https://i.ytimg.com https://m5stack-doc.oss-cn-shenzhen.aliyuncs.com https://m5stack.oss-cn-shenzhen.aliyuncs.com https://media-cdn.seeedstudio.com https://obniz.io https://prod.kyohritsu.com https://seal.globalsign.com https://silicon.kyohritsu.com https://ssif1.globalsign.com https://ssl.google-analytics.com https://static-cdn.m5stack.com https://stats.g.doubleclick.net https://storage.obniz.io https://syndication.twitter.com https://www.elekit.co.jp https://www.google.co.jp https://www.google.co.kr https://www.google.co.th https://www.google.com https://www.google.com.hk https://www.google.com.sg https://www.google.com.vn https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.kyohritsu.com https://www.waveshare.com;                                             media-src 'self' https://cdn.shopify.com https://files.waveshare.com https://m5stack.oss-cn-shenzhen.aliyuncs.com https://m5stack-doc.oss-cn-shenzhen.aliyuncs.com;                                             script-src 'self' 'unsafe-inline' 'unsafe-eval' http://eleshop.jp http://platform.twitter.com http://www.google.com https://ajax.googleapis.com https://api.kuronekoyamato.co.jp https://code.jquery.com https://eleshop.jp https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://infird.com https://platform.twitter.com https://platform.vine.co https://ptwebcollect.jp https://seal.globalsign.com https://seal.verisign.com https://ssif1.globalsign.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com;                                             style-src 'self' 'unsafe-inline' 'unsafe-hashes' http://eleshop.jp https://eleshop.jp https://adblockers.opera-mini.net https://gc.kis.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com;                                             report-to csp-endpoint; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.googleapis.com *.gstatic.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tracking.trovaprezzi.it www.trovaprezzi.it https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com *.nosto.com *.nos.to maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: 1
script-src 'self' https: 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: *.3dcloud.io *.fontawesome.com *.taggbox.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cloudinary.com *.facebook.com *.cybersource.com *.bazaarvoice.com *.salsify.com *.3dcloud.io *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com cloudinary.com res.cloudinary.com *.pinterest.com *.facebook.com *.doubleclick.net *.cybersource.com *.trkn.us *.paypal.com *.bazaarvoice.com *.google.com *.salsify.com *.hotjar.com *.hon.com *.3dcloud.io *.kmail-lists.com/ *.braintreegateway.com *.kaptcha.com *.addtoany.com *.paystand.com *.paystand.co *.google.com/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hon.com *.allsteeloffice.com *.honbasyx.com honbasyx.com cloudinary.com res.cloudinary.com *.addtoany.com *.bing.com *.facebook.com *.pinterest.com *.google.com *.google.co.in *.cybersource.com *.bazaarvoice.com *.salsify.com meetanshi.com *.3dcloud.io *.paypal.com *.flippingbook.com *.taggbox.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com cloudinary.com *.addtoany.com *.bootstrapcdn.com *.googletagmanager.com *.doubleclick.net *.trkn.us *.pinimg.com *.facebook.net *.bing.com *.pinterest.com *.cybersource.com *.online-metrix.net *.hotjar.com *.hotjar.io *.google.com *.google.co.in *.google.in *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.vimeo.com *.cdn-scripts.com *.braintreegateway.com *.signifyd.com *.bazaarvoice.com *.salsify.com bam.nr-data.net *.crazyegg.com mczbf.com *.mczbf.com *.3dcloud.io *.chimpstatic.com *.paypal.com *.paystand.com *.paystand.co *.flippingbook.com *.cloudfront.net *.taggbox.com *.tagbox.com widget.freshworks.com m2epro.freshdesk.com *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com downloads.mailchimp.com cloudinary.com *.addtoany.com *.googleapis.com *.bootstrapcdn.com *.cybersource.com *.bazaarvoice.com *.salsify.com *.3dcloud.io *.fontawesome.com *.datatables.net *.typekit.net *.paystand.com *.paystand.co *.taggbox.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.hon.com *.allsteeloffice.com *.honbasyx.com honbasyx.com cloudinary.com res.cloudinary.com *.cybersource.com *.bazaarvoice.com *.salsify.com data: *.3dcloud.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.affirm.com *.affirm.ca *.certcapture.com *.addtoany.com *.facebook.com *.cybersource.com *.pinterest.com *.salsify.com *.google-analytics.com bam.nr-data.net *.hotjar.com *.hotjar.io *.crazyegg.com *.doubleclick.net mczbf.com *.mczbf.com sjwoe.com *.sjwoe.com *.3dcloud.io *.braintree-api.com *.flippingbook.com *.taggbox.com widget.freshworks.com m2epro.freshdesk.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'none'; connect-src 'self'; frame-ancestors 'none'; img-src https://cernercentral.com/resources/core/v2.29/ https://cernercentral.com/resources/core/v2.30/; script-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.30/; style-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.30/ https://cernercentral.com/resources/home/v2.21/ 1
object-src 'none';base-uri 'self';script-src 'nonce-k7WgUGePUN9qaXuCxB_w6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.eleczo.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://cdn.eleczo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: data: *.zopim.com *.jotform.com *.jotfor.ms data: 'self' 'unsafe-inline'; form-action *.jotformeu.com *.jotform.com 'self' 'unsafe-inline'; frame-ancestors punchoutcommerce.com *.punchoutcommerce.com ariba.com *.ariba.com jaggaer.com *.jaggaer.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.packeta.com *.facebook.com *.jung.de *.cookiebot.com *.google.com *.jotformeu.com *.jotform.com form.jotform.com *.vimeocdn.com *.ytimg.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: blob: *.zopim.com *.seznam.cz *.facebook.com *.google.com fega.pl *.elektrobalt.lt *.elfetex.cz *.jotform.com *.jotfor.ms *.cookiebot.com px.ads.linkedin.com *.google.lt *.google.lv *.google.ee *.google.it *.google.cz *.google.pl *.google.com.ua *.google.sk *.google.si *.google.se *.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io *.packeta.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.zopim.com *.amazonaws.com *.googleapis.com *.googleadservices.com *.facebook.net *.imedia.cz *.seznam.cz *.doubleclick.net *.pingdom.net *.cookiebot.com *.elfsight.com *.zdassets.com *.jotform.com *.jotfor.ms cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js web-sdk.smartlook.com *.clarity.ms snap.licdn.com *.leady.com *.clickcease.com cdn.luigisbox.com *.go-mpulse.net *.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com *.przelewy24.pl *.jotform.com *.jotfor.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io *.packeta.com t.elasticsuite.io *.hsforms.net *.hsforms.com stats.g.doubleclick.net wss://widget-mediator.zopim.com *.zendesk.com *.pingdom.net *.zdassets.com *.cookiebot.com *.jotformeu.com *.jotform.com *.smartlook.cloud *.akstat.io *.go-mpulse.net *.vimeocdn.com *.youtube.com *.ytimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-j7nqR9xmkazv0n4BS_BWqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://use.typekit.net https://static.formstack.com https://css.zohocdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.google.com https://www.youtube.com https://www.bullseyelocations.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://www.truck-lite.com https://www.rigidindustries.com https://www.clariencetechnologies.com https://www.lumiteclighting.com https://www.truck-lite.eu.com https://mcstaging.truck-lite.com https://trucklite.localhost https://mcstaging.clariencetechnologies.com https://pm.geniusmonkey.com https://css.zohocdn.com https://static.ctctcdn.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com https://connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://browser-update.org https://wwwtrucklitecom.formstack.com https://static.formstack.com https://www.google.com/recaptcha/api.js https://code.jquery.com https://cdnjs.cloudflare.com https://static.ctctcdn.com https://salesiq.zoho.com https://js.zohocdn.com https://static.zohocdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.truck-lite.com https://mcstaging.truck-lite.com https://cdn.jsdelivr.net landofcoder.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js.stripe.com https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://use.typekit.net https://p.typekit.net https://static.ctctcdn.com https://css.zohocdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.truck-lite.com https://mcstaging.truck-lite.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://wwwtrucklitecom.formstack.com https://listgrowth.ctctcdn.com https://bam.nr-data.net https://salesiq.zohopublic.com https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://maps.googleapis.com https://www.truck-lite.com https://mcstaging.truck-lite.com landofcoder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com *.doubleclick.net *.facebook.com www.google-analytics.com vc.hotjar.io *.facebook.net *.hotjar.com *.hotjar.io tag.perfectaudience.com pixel-geo.prfct.co ekr.zdassets.com *.zendesk.com www.google.com wss://widget-mediator.zopim.com shielded.co.nz ampcid.google.co.nz fonts.gstatic.com v2assets.zopim.io www.googletagmanager.com koi-3qn7bghifk.marketingautomation.services static.zdassets.com secure.adnxs.com adservice.google.com analytics.google.com www.google.co.nz cdnjs.cloudflare.com ampcid.google.com www.google.com.au www.googletagservices.com; form-action  *.facebook.com; frame-ancestors 'self' ; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com www.youtube.com js.stripe.com *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com bat.bing.com *.google.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk paypal.com *.feefo.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.google.com *.feefo.com *.googlecommerce.com *.bing.com *.pingdom.net *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.punchout2go.com services.postcodeanywhere.co.uk fonts.googleapis.com *.typekit.net 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com api.addressy.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.pingdom.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://odin.study https://*.odin.study; connect-src https://odin.study https://*.odin.study wss://odin.study https://storage.yandexcloud.net *.s3.yandexcloud.net https://mc.yandex.ru/watch/ https://analytics.google.com/ *.analytics.google.com https://mc.yandex.ru/ https://mc.yandex.md/ https://mc.yandex.com/ https://mc.yandex.by/ https://mc.yandex.kz/ https://www.google.ru/ads/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://cdn.plyr.io/ https://sentry.smile-tech.study wss://janus3333.odin.study https://fcmregistrations.googleapis.com/ https://firebaseinstallations.googleapis.com/; script-src https://odin.study https://*.odin.study 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru/metrika/ https://mc.yandex.com/watch/ https://mc.yandex.ru/clmap/ https://yastatic.net/s3/ https://api-maps.yandex.ru/ https://www.googletagmanager.com/ https://www.google-analytics.com/analytics.js https://smartcaptcha.cloud.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/; img-src https://odin.study https://*.odin.study https://storage.yandexcloud.net *.s3.yandexcloud.net data: https://mc.yandex.ru/metrika/ https://mc.yandex.ru/clamp/ https://pic.rutube.ru/ https://www.google.ru/ads/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://unpkg.com/emoji-datasource-google@15.0.1/ https://unpkg.com/emoji-datasource-google@14.0.0/ https://yandex.ru/clck/ https://mc.yandex.ru/ https://mc.yandex.md/ https://mc.yandex.com/ https://mc.yandex.by/ https://api-maps.yandex.ru https://vkvideo.ru/ https://files.gitbook.com/ https://informa.gitbook.io/; style-src https://odin.study https://*.odin.study 'unsafe-inline' https://fonts.googleapis.com/; frame-src https://odin.study https://*.odin.study https://mc.yandex.ru https://view.officeapps.live.com https://r.office.microsoft.com https://storage.yandexcloud.net *.s3.yandexcloud.net https://smartcaptcha.cloud.yandex.ru https://vk.ru https://vkvideo.ru https://www.youtube.com https://td.doubleclick.net; media-src https://odin.study https://*.odin.study https://storage.yandexcloud.net *.s3.yandexcloud.net blob: https://cdn.plyr.io/static/ https://drive.google.com; font-src https://odin.study https://*.odin.study data:; report-uri https://odin.study/api/reports/csp; report-to odin-csp-endpoint 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ wniosek.eraty.pl wniosek.santanderconsumer.pl secure.payu.com merch-prod.snd.payu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com static.payu.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ secure.payu.com secure.snd.payu.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.payu.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com secure.payu.com merch-prod.snd.payu.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' addtocalendar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com platform.twitter.com; style-src 'self' 'report-sample' addtocalendar.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net https://*.dpdconnect.nl *.addthis.com *.multisafepay.com https://pay.google.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.faslet.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.multisafepay.com https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://*.dpdconnect.nl *.faslet.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.faslet.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; report-to https://mercedesforum.report-uri.com/r/d/csp/enforce 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.typekit.net maxcdn.bootstrapcdn.com data: https://cdn.honey.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.verify.monzo.com https://*.arcot.com *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.demdex.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.weltpixel.com https://*.doubleclick.net *.google.com/ https://*.hotjar.com *.addthis.com https://*.paypal.com https://*.braintreegateway.com *.kaptcha.com *.cardinalcommerce.com *.doubleclick.net *.verify.monzo.com https://secure.livechatinc.com https://tpc.googlesyndication.com *.hsforms.net https://*.channelcentral.net https://*.arcot.com *.hsforms.com *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com https://*.omtrdc.net dpm.demdex.net https://cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.doubleclick.net *.google.com https://*.google.co.uk https://*.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com https://img.youtube.com https://www.magezon.com *.google.co.in *.googletagmanager.com *.techbuyer.com *.techbuydev1.dev.iwebcloud.co.uk https://api.feefo.com *.vzaar.com https://techbuyer.gumlet.io https://bat.bing.com https://t.co https://*.hsforms.com https://track.hubspot.com https://consent.linksynergy.com https://consent.nxtck.com https://consent.mediaforge.com https://consent.jrs5.com https://consent.dc-storm.com https://www.googletagmanager.com https://www.google.fr https://www.google.com.eg https://www.google.de https://www.google.com.my https://www.google.co.id https://www.google.com.au https://www.google.co.nz https://www.google.ie https://www.google.ch https://www.google.at https://www.google.nl https://www.google.es https://www.google.com.ua https://www.google.com.tr https://www.google.com.tw https://www.google.tn https://www.google.co.in https://www.google.com.pk https://www.google.com.ng https://www.google.co.jp https://www.google.be https://www.google.co.mz https://www.google.ca https://www.google.com.vn https://www.google.com.hk https://www.google.ro https://www.google.it https://www.google.hr https://www.google.pl https://www.google.co.kr https://www.google.com.ph https://www.google.co.ke https://i.ytimg.com https://cdn.honey.io https://*.livechatinc.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com *.google.com/ https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.livechatinc.com *.livechat-static.com s7.addthis.com *.moatads.com *.addthis.com *.facebook.net *.google-analytics.com *.addthisedge.com *.cardinalcommerce.com *.doubleclick.net *.zdassets.com *.hoolah.co *.nmgassets.com https://*.feefo.com *.cookiefirst.com *.verify.monzo.com https://*.wisepops.com *.hsforms.com https://*.ads-twitter.com https://bat.bing.com https://secure.feed5mown.com https://o2.mouseflow.com https://cdn.mouseflow.com https://*.livechatinc.com https://cdn.oribi.io https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://assets.revlifter.io https://analytics.twitter.com https://*.nofraud.com https://d-ipv6.mmapiws.com *.hsforms.net https://js.hs-scripts.com https://cdn.noibu.com https://cdn.raygun.io https://*.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://*.googleapis.com https://*.typekit.net https://static.klaviyo.com *.livechatinc.com maxcdn.bootstrapcdn.com *.cookiefirst.com *.verify.monzo.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.livechatinc.com *.livechat-static.com *.feefo.com *.vzaar.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net https://*.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.livechatinc.com *.text.com ekr.zdassets.com/ https://stats.g.doubleclick.net *.addthis.com *.amazonaws.com https://*.braintreegateway.com *.cardinalcommerce.com *.nmgplatform.com https://*.feefo.com *.cookiefirst.com *.verify.monzo.com https://o2.mouseflow.com https://www.google-analytics.com *.hsforms.com https://*.livechatinc.com https://bat.bing.com https://adservice.google.com https://www.google.com https://*.demdex.net https://*.mmapiws.com https://forms.hubspot.com https://input.noibu.com wss://input.noibu.com https://analytics.google.com https://api.raygun.io https://api.ipinfo.io 'self' 'unsafe-inline'; child-src *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors *.texasfile.com app.pendo.io; frame-src *.texasfile.com https://www.google.com https://www.youtube.com https://recaptcha.net; font-src 'self' *.texasfile.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' *.texasfile.com cdn.ravenjs.com *.google-analytics.com https://recaptcha.net www.google.com/recaptcha/api.js www.gstatic.com https://www.googletagmanager.com https://code.jquery.com/jquery-3.6.0.min.js https://cdn.jsdelivr.net/npm/foundation-sites@6.7.5/dist/js/foundation.min.js https://cdn.pydata.org/bokeh/release/bokeh-3.8.0.min.js https://cdn.pydata.org/bokeh/release/bokeh-widgets-3.8.0.min.js https://cdn.pydata.org/bokeh/release/bokeh-tables-3.8.0.min.js app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; img-src 'self' media.texasfile.com www.texasfile.com https://ssl.google-analytics.com staging.texasfile.com qa.texasfile.com lb2.texasfile.com assets.texasfile.com staging-assets.texasfile.com https://stats.g.doubleclick.net https://www.google.com/ads https://i.ytimg.com cdn.pendo.io app.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: blob:; default-src 'self' *.texasfile.com 'nonce-LfixIHdzaMohcrabEBHQtg=='; style-src 'self' *.texasfile.com fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com 'unsafe-inline'; connect-src localhost:* *.texasfile.com app.pendo.io data.pendo.io pendo-static-5685311968116736.storage.googleapis.com *.google-analytics.com https://raw.githubusercontent.com/plotly/datasets/master/geojson-counties-fips.json 1
connect-src 'self' content.hotjar.io dev.visualwebsiteoptimizer.com maps.googleapis.com metrics.hotjar.io px.ads.linkedin.com region1.google-analytics.com secure.adnxs.com www.blackbook.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com; default-src self; font-src data:; media-src data:; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' api.ipstack.com connect.facebook.net data: dev.visualwebsiteoptimizer.com embed.typeform.com j.6sc.co maps.googleapis.com s0.wp.com script.hotjar.com snap.licdn.com static.hotjar.com stats.wp.com www.blackbook.com www.google.com www.googletagmanager.com www.gstatic.com; script-src 'self' 'unsafe-eval' data: j.6sc.co wasm-eval www.blackbook.com; report-uri  https://aac16fe1191bd3ff07924fea5ce58461.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-N6o9kVMFUl6Rxb5bIGJeEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' https://www.google.com https://dnnapi.com https://stats-api.flockler.app https://api.flockler.app https://plugins.flockler.com https://maps.googleapis.com https://www.google-analytics.com https://vimeo.com https://issuu.com https://code.jquery.com https://sentry.issuu.com https://api.flockler.com https://translate.googleapis.com; font-src 'self' data: https://dnnapi.com https://use.fontawesome.com https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.youtube-nocookie.com https://e.issuu.com https://maps.google.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube.com https://livestream.com https://vimeo.com https://media-api.flockler.com https://*.cloudflarestream.com; img-src 'self' data: blob: https://flockler.com https://fl-1.cdn.flockler.com https://media-api.flockler.com https://s3.amazonaws.com/ https://supporting-cast.blubrry.net https://scontent-sjc3-1.cdninstagram.com https://scontent.cdninstagram.com https://d31hzlhk6di2h5.cloudfront.net https://dnnapi.com https://images.e2ma.net https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com https://maps.gstatic.com https://www.hw.com https://code.jquery.com https://psb.twimg.com https://abs-0.twimg.com https://platform.twitter.com https://syndication.twitter.com https://i.vimeocdn.com https://ajax.googleapis.com https://*.cdninstagram.com https://www.googletagmanager.com https://*.xx.fbcdn.net https://www.gstatic.com; report-to cspEndpoint; report-uri https://www.hw.com/about/Content-Security-Policy; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fl-1.cdn.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://e.issuu.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://e.issuu.com https://www.google.com/ https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.datatables.net https://translate.google.com https://translate-pa.googleapis.com https://translate.googleapis.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://use.fontawesome.com https://fonts.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://use.typekit.net https://p.typekit.net; media-src 'self' https://media-api.flockler.com https://content.blubrry.com https://media.blubrry.com https://player.vimeo.com https://download-video.akamaized.net; style-elem 'self' https://use.typekit.net; 1
style-src-elem preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://static.klaviyo.com https://cdn.jsdelivr.net https://*.adobe.com https://fonts.googleapis.com https://*.doubleclick.net https://*.facebook.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.bunny.net https://fonts.static.com https://*.nosto.com https://*.nos.to https://assets.braintreegateaway.com https://*.cloudfront.net https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com https://fonts.bunny.net fonts.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.innoship.ro *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://www.googletagmanager.com https://consentcdn.cookiebot.eu https://event.2performant.com https://ams.creativecdn.com https://www.gstatic.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org * https://www.magezon.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com quickchart.io img.youtube.com *.nosto.com *.nos.to www.google.com.ua preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://www.gryxx.ro/ss data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com cdn.jsdelivr.net *.tiktok.com * *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com https://www.gstatic.com/ *.avada.io *.shopify.com *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com https://cdn.otter.ro https://www.gryxx.ro/ss 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.adobe.com fonts.googleapis.com *.googleapis.com https://*.doubleclick.net https://*.facebook.com *.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com *.tiktok.com https://*.fontawesome.com maxcdn.bootstrapcdn.com https://*.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://fonts.bunny.net fonts.gstatic.com https://*.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.static.com https://*.nos.to https://assets.braintreegateaway.com https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.facebook.com *.facebook.net https://www.google.com/ *.doubleclick.net *.googlesyndication.com *.tiktok.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro static.klaviyo.com cdn.jsdelivr.net https://tezyo.zendesk.com https://ekr.zdassets.com https://*.zendesk.com https://*.zdassets.com https://event.2performant.com https://tidytracking.com https://www.gryxx.ro/ss 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-6CnOaklPIS9bV4tkIJ1tlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src cdn.cookielaw.org 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-7c3zlcEGSiwG/amXfvxYWyUmuE1gaTyvXoBAAxo2sWU=' 'unsafe-eval' 'unsafe-inline';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net nuk.de applepay.cdn-apple.com cdnjs.cloudflare.com/ 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com oppwa.com *.oppwa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ configurator.nuk.de configurator.abnahme.nuk.de pay.google.com applepay.cdn-apple.com cmp.osano.com match.adsrvr.org hal9000.redintelligence.net insight.adsrvr.org ad.ad-srv.net d.c.cdnsrv.de surveymonkey.com www.surveymonkey.com secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de oppwa.com *.oppwa.com data:text 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.gstatic.com *.awin1.com *.zenaps.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net display-stg.ugc.bazaarvoice.com network-eu-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com nuk.de cdn.pixabay.com maps.googleapis.com ad.doubleclick.net t.uimserv.net maps.gstatic.com lantern.roeye.com pagead2.googlesyndication.com https://api.mapbox.com oppwa.com *.oppwa.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i 9.cloudfront.net d3o0jgwii26u89.cloudfront.net mapagmbh.germany-2.evergage.com cdn.evgnet.com/ network-eu-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com facebook.net facebook.com etracker.com etracker.de nuk.de maps.googleapis.com cmp.osano.com newell.piwik.pro tm.ad-srv.net s.uicdn.com connect.facebook.net cdn.mookie1.com acdn.adnxs.com js.adsrvr.org r.df-srv.de d.c.cdnsrv.de widget.surveymonkey.com ajax.googleapis.com lantern.roeye.com cdn.novalnet.de cdn.barzahlen.de applepay.cdn-apple.com *.oppwa.com oppwa.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net nuk.de cdnjs.cloudflare.com/ oppwa.com *.oppwa.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://the.sciencebehindecommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ d1w350bl4wlonm.cloudfront.net d8mmzo4dbge7k.cloudfront.net drevs12goudzk.cloudfront.net d2zjb5saaoidg0.cloudfront.net d1bj2pk3s4epo2.cloudfront.net d12kmzq5k6k6i9.cloudfront.net d3o0jgwii26u89.cloudfront.net nuk.de secure.novalnet.de maps.googleapis.com newell.piwik.pro www.google.com googleads.g.doubleclick.net mapagmbh.germany-2.evergage.com www.wepowerconnections.com cmp.osano.com bat.bing.com/ lantern.roeye.com pagead2.googlesyndication.com payport.novalnet.de oppwa.com *.oppwa.com autocomplete2.postdirekt.de *.google-analytics.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.klarnacdn.net fast.fonts.net *.fontawesome.com *.google.com *.gstatic.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.co.in/ https://bat.bing.com/ https://alb.reddit.com/ https://www.facebook.com/ https://cdn.routeapp.io/ https://c.clarity.ms/ *.clarity.ms/ https://c.bing.com/ https://admin.titanrig.com:10790/ https://admin.titanrig.com/ *.cloudflareinsights.com https://www.ekwb.com *.ekwb.com www.google.ca data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.hotjar.com www.redditstatic.com www.googleoptimize.com https://bat.bing.com/ https://www.clarity.ms/ https://scripts.clarity.ms/ https://connect.facebook.net/ *.newrelic.com https://www.google.co.in/  https://www.google.com/ https://c.bing.com/ *.cloudflareinsights.com https://paypal.adtag.where.com/ *.nofraud.com sibautomation.com *.adobedtm.com www.google.ca 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.clarity.ms/ *.hotjar.io *.algolia.io https://bam.nr-data.net/ *.googlesyndication.com https://pagead2.googlesyndication.com/ *.facebook.com *.mmapiws.com *.doubleclick.net *.reddit.com *.brevo.com https://www.redditstatic.com/ wss://ws.hotjar.com/ *.nofraud.com https://bat.bing.com *.bing.com https://www.google.co.in *.google.co.in bat.bing.com www.google.ca 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com account.fetchify.com www.xtento.com *.google.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.magezon.com www.xtento.com cdn.xtento.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.xtento.com cdn.xtento.com s7.addthis.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com static.klaviyo.com cdn1.stamped.io stamped.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com www.googletagmanager.com https://placement-api.afterpay.com https://portal.afterpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.googleadservices.com *.googletagmanager.com flagpedia.net *.google.com.vn a.klaviyo.com cdn1.stamped.io stamped.io www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.addressfinder.io https://placement-api.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com static.klaviyo.com fast.a.klaviyo.com cdn1.stamped.io stamped.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://api.addressfinder.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com static.klaviyo.com cdn1.stamped.io stamped.io *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://api.addressfinder.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com fast.a.klaviyo.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.threatview.app/report; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.de https://*.etracker.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ cdn.privacy-mgmt.com consent.bauer-plus.de www.computop-paygate.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.bauer-plus.de www.google-analytics.com stats.g.doubleclick.net https://*.etracker.de https://*.google.de *.captcha.eu *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com useruploads.vwo.io chart.googleapis.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io analytics.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com int.bauer-plus.de *.facebook.com m.media-amazon.com static-eu.payments-amazon.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.etracker.de https://*.etracker.com www.dwin1.com cdn.privacy-mgmt.com consent.bauer-plus.de i.ytimg.com *.gstatic.com/recaptcha *.captcha.eu jquery.sellxed.com *.avada.io static.zdassets.com static.zdassets.com/ekr/snippet.js static.zdassets.com/web_widget/classic/latest/web-widget-main-4a143a0.js static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/de-de-json-4a143a0.js static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-4a143a0.js *.visualwebsiteoptimizer.com app.vwo.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io www.google.com bid.g.doubleclick.net cdn.pushcrew.com useruploads.vwo.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com chimpstatic.com *.list-manage.com app.letsconnect.at/embed.js connect.facebook.net https://www.captcha.eu static-eu.payments-amazon.com *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com wss://widget-mediator.zopim.com cdn.privacy-mgmt.com stats.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.vimeo.com ekr.zdassets.com con-dermedienvertrieb.zendesk.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.google-analytics.com analytics.google.com cdn.pushcrew.com useruploads.vwo.io chart.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.captcha.eu www.sandbox.paypal.com pilot-payflowlink.paypal.com https://w19.captcha.at https://at.captcha.at https://get.geojs.i https://*.etracker.de https://*.etracker.com https://*.google-analytics.com consent.bauer-plus.de europe-west1-pathadvice-app.cloudfunctions.net pagead2.googlesyndication.com *.facebook.com https://www.captcha.eu www.computop-paygate.com payments-eu.amazon.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bauer-plus.de/general/csp/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-oQVoyQ1KPPjn3LjpVL9Brw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com https://cdnjs.cloudflare.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com horace.com cdn.kustomerapp.com static.klaviyo.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.klarna.com js.stripe.com js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://www.google.com td.doubleclick.net www.facebook.com tr.snapchat.com tr6.snapchat.com www.googletagmanager.com *.paidonresults.net *.paidonresults.com portgk.com porjs.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com https://maps.googleapis.com https://maps.gstatic.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com maps.googleapis.com maps.gstatic.com horace.com www.facebook.com bat.bing.net c.contentsquare.net cdn.cookielaw.org bat.bing.com www.google.fr cdn.prod2.kustomerhostedcontent.com www.google.es www.google.us www.google.co.uk www.google.de www.google.ir tr.snapchat.com tr6.snapchat.com pagead2.googlesyndication.com https://firebasestorage.googleapis.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com cdn.jsdelivr.net https://maps.googleapis.com https://player.vimeo.com *.klarna.com *.klarnacdn.net x.klarnacdn.net js.stripe.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com https://cdnjs.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net maps.googleapis.com https://www.google.com https://www.gstatic.com cdn.cookielaw.org horace.com browser.sentry-cdn.com polyfill-fastly.io static.klaviyo.com connect.facebook.net try.abtasty.com *.convertexperiments.com logs.convertexperiments.com static-tracking.klaviyo.com www.artfut.com bat.bing.com www.tag4arm.com t.contentsquare.net static.affilae.com sc-static.net analytics.tiktok.com www.clarity.ms scripts.clarity.ms cdn.amplitude.com cdn.kustomerapp.com ajax.cloudflare.com tr.snapchat.com k-aeu1.contentsquare.net porjs.com *.paidonresults.net *.paidonresults.com portgk.com *.klarnaservices.com *.avada.io *.shopify.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sharethis.com cdn.jsdelivr.net widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com horace.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src download-video-ak.vimeocdn.com player.vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com https://maps.googleapis.com https://player.vimeo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app maps.googleapis.com horace.com region1.analytics.google.com cdn.cookielaw.org o4508795589427200.ingest.de.sentry.io fast.a.klaviyo.com static-forms.klaviyo.com v.clarity.ms j.clarity.ms ariane.abtasty.com try.abtasty.com *.convertexperiments.com logs.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com dcinfos-cache.abtasty.com region1.google-analytics.com horace.api.kustomerapp.com k-aeu1.contentsquare.net www.google-analytics.com tr.snapchat.com tr6.snapchat.com s.clarity.ms bat.bing.net c.contentsquare.net www.tag4arm.com matomo.horace.app api.eu.amplitude.com *.paidonresults.net *.paidonresults.com portgk.com porjs.com pagead2.googlesyndication.com browser.sentry-cdn.com www.google.fr www.google.es www.google.co.uk www.google.de www.google.us www.google.it www.google.be *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org sentry.horace.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src horace.com bat.bing.com bat.bing.net c.contentsquare.net k-aeu1.contentsquare.net v.clarity.ms j.clarity.ms googleads.g.doubleclick.net www.tag4arm.com matomo.horace.app tr6.snapchat.com analytics.tiktok.com www.google.fr www.google.com porjs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.globalpay.com *.fontawesome.com https: *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.tidiochat.com www.tradefurniturecompany.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://*.securesuite.co.uk https://securesuite.co.uk *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com www.tradefurniturecompany.co.uk 'self' 'unsafe-inline'; frame-ancestors *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk www.tradefurniturecompany.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://*.securesuite.co.uk https://securesuite.co.uk pay.google.com https://payments.google.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.twitter.com *.hotjar.com *.tidiochat.com *.googletagmanager.com www.tradefurniturecompany.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.dycdn.net *.globalpay.com https://www.gstatic.com/instantbuy/svg/dark/pay/en.svg https://www.gstatic.com/instantbuy/svg/light/pay/en.svg https://www.gstatic.com/instantbuy/svg/dark/en.svg https://www.gstatic.com/instantbuy/svg/light/en.svg *.pbffinancecalculator.info cdn.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdnjs.cloudflare.com https: *.trustedshops.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.tidiochat.com *.pinterest.com *.facebook.net *.bing.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.tradefurniturecompany.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://*.securesuite.co.uk https://securesuite.co.uk https://payments.google.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://code.tidio.co https://widget-v4.tidiochat.com *.hotjar.com *.cloudflare.com *.twitter.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tidiochat.com *.tidio.co *.pinimg.com *.pinterest.com *.facebook.net *.bing.com *.clarity.ms *.googletagmanager.com tagmanager.google.com www.tradefurniturecompany.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.dycdn.net https://fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'unsafe-inline' https: *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tidiochat.com *.pinterest.com *.facebook.net tagmanager.google.com fonts.google.com www.tradefurniturecompany.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com widget-v4.tidiochat.com *.tidiochat.com www.tradefurniturecompany.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://google.com/pay https://pay.google.com *.globalpay.com https://js.globalpay.com https://js-cert.globalpay.com https://*.securesuite.co.uk https://securesuite.co.uk https://payments.google.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info wss://*.staging-pbffinancecalculator.info wss://*.pbffinancecalculator.info *.paybyfinance.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com sentry-new.tidio.co socket.tidio.co api-v2.tidio.co *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.tradefurniturecompany.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.tradefurniturecompany.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.tradefurniturecompany.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.localcrm.co.in https://*.zoho.com https://*.zoho.in https://*.zoho.com.au https://*.zoho.com.cn https://*.zoho.eu https://*.nimbuslocaledge.com https://*.nimbuspop.com https://*.zohocdn.com https://*.stratuscdn.com  https://*.zohocdn.com.cn  https://*.zappsusercontent.com https://*.zappsusercontent.sa https://*.zappsusercontent.ca https://*.zappsusercontent.jp https://*.zappsusercontent.eu https://*.zappsusercontent.in https://*.zappsusercontent.com.au https://*.zappsusercontent.com.cn https://*.localzappscontents.com https://*.zohostatic.com.au https://*.zohostatic.in https://*.zohostatic.com.au.au https://*.zohostatic.ca  https://*.zohostatic.eu https://*.zohostatic.jp  https://js.skydeskstatic.jp https://*.zoho.com.au https://*.zohoplatform.in https://static.zohocdn.com/phonebridge/javascript/twilio.min.js https://s.ytimg.com/yts/jsbin/ https://www.youtube.com https://dyjgaef5vuq51.cloudfront.net https://d3prssb3z78snv.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://d22czkv2r5ogmg.cloudfront.net https://d12h6dzwzn4m10.cloudfront.net https://d31g2a6snus4ly.cloudfront.net https://d17nz991552y2g.cloudfront.net  chrome-extension://*  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  https://cdn.pagesense.io https://zohotagmanager.cdn.pagesense.io https://www.zohowebstatic.com/ https://scripts.zohospotlight.com https://widgets.zohosalesiq.com https://*.zohopublic.com  https://*.zohopublic.eu  https://js.stripe.com https://connect.facebook.net https://ajax.googleapis.com https://apis.mappls.com https://*.mapmyindia.com; report-uri https://logsapi.zoho.com/csplog?service=crm 1
default-src 'self'; report-uri /csp-report-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.googleapis.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.niceincontact.com *.hub-box.com *.hotjar.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com *.stripe.com *.stripe.network *.sagepay.com *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com/ region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com *.niceincontact.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://www.magezon.com magefan.com cm.magefan.com *.hotjar.io wss://*.niceincontact.com www.google.co.in *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com *.google.co.uk region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com *.googlesyndication.com *.linkedin.com *.pixriot.com *.storeimaging.com *.disqus.com *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.hotjar.io wss://*.niceincontact.com *.porjs.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.aptrinsic.com *.demdex.net porjs.com *.hotjar.com wss://*.zopim.com *.niceincontact.com *.hub-box.com *.licdn.com *.disqus.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com x.klarnacdn.net *.klarnaservices.com *.hsforms.net *.hsforms.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.niceincontact.com *.hub-box.com *.stripe.network *.stripecdn.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.hotjar.io wss://*.niceincontact.com static.zdassets.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.hotjar.io wss://*.niceincontact.com wss://*.zopim.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com *.niceincontact.com *.hub-box.com *.linkedin.com *.pixriot.com *.storeimaging.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com x.klarnacdn.net *.klarnaservices.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.hotjar.io wss://*.niceincontact.com analytics.google.com *.bing.com *.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com *.google.co.uk region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.hub-box.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.deploy.co.uk/99aaa83e-494f-4d0c-9af4-63a6d5c1b38a; report-to report-endpoint; 1
font-src fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.superpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.superpayments.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.superpayments.com bat.bing.com magefan.com cm.magefan.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.superpayments.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.superpayments.com chimpstatic.com bat.bing.com static.hotjar.com *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.superpayments.com www.xtento.com cdn.xtento.com https://cdn.superpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com hotpod.ampsw.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.superpayments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.superpayments.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com www.natlallergy.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com www.natlallergy.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.recaptcha.net https://www.google.com/ *.google.com www.natlallergy.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.affirm.com *.affirm.ca 'self' https://allergypreventionteam.wufoo.com/ https://www.youtube-nocookie.com/ *.recaptcha.net https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com *.googletagmanager.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com www.natlallergy.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca https://bat.bing.com/ https://www.google.co.in/ http://seal-atlanta.bbb.org/logo/sehzbus/national-allergy-3000836.png https://medals.bizrate.com/medals/dynamic/71068_medal.gif https://medals.bizrate.com/medals/summary/71068_medal_summary.gif https://verify.authorize.net/anetseal/images/secure90x72.gif https://d3k81ch9hvuctc.cloudfront.net/ https://secure.adnxs.com/ https://match.adsrvr.org/ https://b1img.com/ https://insight.adsrvr.org/ https://load77.exelator.com/pixel.gif https://pixel.tapad.com/ https://loadm.exelator.com/ https://dmp.truoptik.com/ https://su.addthis.com/ https://dsum-sec.casalemedia.com/ https://secure.insightexpressai.com/ https://idpix.media6degrees.com/ https://x.bidswitch.net/ https://ads.scorecardresearch.com/ https://tags.rd.linksynergy.com/ https://i.liadm.com/ https://odr.mookie1.com/ https://mid.rkdms.com/ https://usermatch.krxd.net/ https://simage2.pubmatic.com/ https://match.sync.ad.cpe.dotomi.com/ https://ml314.com/ https://eb2.3lift.com/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://uipglob.semasio.net/ https://track2.securedvisit.com/ https://www.natlallergy.com https://www.allergyguarddirect.com/ https://www.google.co.in/ads https://*.online-metrix.net https://srv.stackadapt.com/ https://cw.addthis.com/ https://aa.agkn.com/ https://i6.liadm.com/ https://io.narrative.io/ validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com guarantee-cdn.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com www.natlallergy.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca https://seal.geotrust.com/ https://widget.trustpilot.com/ https://bat.bing.com/ https://sealserver.trustkeeper.net/compliance/seal_js.php https://h64.online-metrix.net/ https://medals.bizrate.com/medals/js/71068_medal.js https://www.wufoo.com/scripts/embed/form.js https://static.wufoo.com/scripts/embed/form.js https://js.b1js.com/tagcontainer.js https://tags.b1js.com/tags/1980582b3edf42e49663fce67ee51785.js https://b1img.com/ https://static.cloudflareinsights.com/ https://static-tracking.klaviyo.com https://www.natlallergy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com guarantee-cdn.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com www.natlallergy.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://www.natlallergy.com/ https://static-tracking.klaviyo.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.tagmanager.google.com fonts.googleapis.com *.yotpo.com www.natlallergy.com 'self' 'unsafe-inline'; object-src https://www.youtube.com/ 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.natlallergy.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com *.affirm.com *.affirm.ca https://bat.bing.com/ https://stats.g.doubleclick.net https://www.natlallergy.com https://www.googleadservices.com/ http://localhost:12387/ https://analytics.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com https://imgs.signifyd.com www.natlallergy.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.natlallergy.com http: https: blob: 'self' 'unsafe-inline'; default-src www.natlallergy.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com; font-src 'self' https://font.circlekeurope.com data:; frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://www.google-analytics.com https://slim-prod.cksites-prod.alpaque.net https://maps.gstatic.com https://maps.googleapis.com https://imgsct.cookiebot.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://assets.adobedtm.com circlek.wheelsys.ms https://cdnjs.cloudflare.com https://www.buyatab.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://assets.adobedtm.com circlek.wheelsys.ms https://cdnjs.cloudflare.com https://www.buyatab.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.jsdelivr.net *.cloudflare.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.gstatic.com *.stripe.com *.cloudflare.com *.signifyd.com *.affyi.com *.fishrobotflower.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.gstatic.com *.trustedshops.com *.etrusted.com *.amazon.de *.payments-amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.trustpilot.com *.aptrinsic.com *.cloudflare.com *.signifyd.com *.affyi.com *.fishrobotflower.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.google.com *.google.lv *.googletagmanager.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com *.amazon.de d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.de *.media-amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.roeye.com *.stripe.com *.cloudflare.com *.signifyd.com *.brilliantlocco.com *.esnlocco.com *.affyi.com *.fishrobotflower.com https://meetanshi.com/media/logo.png flagpedia.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com s7.addthis.com chimpstatic.com *.googletagmanager.com *.zip.co *.sandbox.zip.co *.google.com *.trustedshops.com *.etrusted.com *.amazon.de *.payments-amazon.de *.bing.com *.doubleclick.net *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.trustpilot.com *.chimpstatic.com *.aptrinsic.com *.roeyecdn.com *.cloudflareinsights.com *.cloudflare.com *.signifyd.com *.brilliantlocco.com *.esnlocco.com *.theticketmerchant.co.nz *.affyi.com *.fishrobotflower.com *.avada.io maps.googleapis.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.fontawesome.com tagmanager.google.com cdn.jsdelivr.net *.aptrinsic.com *.stripe.com *.cloudflare.com *.signifyd.com *.affyi.com *.fishrobotflower.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ekr.zdassets.com/ dpe0djwch8671.cloudfront.net *.sandbox.zip.co *.zip.co *.gstatic.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com *.amazon.de mws.amazonservices.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.zipmoney.com.au *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es cdn.ampproject.org *.edge.zip.co *.aptrinsic.com *.cloudflare.com *.signifyd.com *.brilliantlocco.com *.esnlocco.com *.affyi.com *.fishrobotflower.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ *.dotdigital-pages.com *.dotdigital.com *.affirm.com *.affirm.ca cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.affirm.com *.affirm.ca https://firebasestorage.googleapis.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net scontent-sea1-1.cdninstagram.com scontent.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page https://static.addtoany.com/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.affirm.com *.affirm.ca cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.affirm.com *.affirm.ca webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com api.livechatinc.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://analytics.aura.build https://code.iconify.design https://cdn.tailwindcss.com https://unpkg.com https://esm.sh https://cdn.promotekit.com https://cloud.umami.is https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob: https:; connect-src 'self' https: wss:; frame-src 'self' https://www.youtube.com https://youtube.com https://player.vimeo.com https://spline.design https://*.spline.design https://www.googletagmanager.com; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; form-action 'self'; report-uri /.netlify/functions/csp-report 1
base-uri 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.qubeshub.org wss://vncproxy.qubeshub.org wss://qubeshub.org https://qubeshub.org/api/members/tools/diskusage https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://docs.google.com https://monorail-edge.shopifysvc.com/v1/ https://simiode.myshopify.com/api/2021-07/ https://region1.google-analytics.com/g/ https://sagecell.sagemath.org wss://sagecell.sagemath.org/sockjs/; default-src 'self' https://*.qubeshub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://use.fontawesome.com/releases/v4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://at.alicdn.com/t/ https://fonts.cdnfonts.com/css/dejavu-serif https://sagecell.sagemath.org/static/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://fonts.cdnfonts.com/s/109/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://www.paypal.com/donate https://www.paypal.com/cgi-bin/webscr; frame-ancestors 'self' https://qubeshub.org/; frame-src 'self' https://*.qubeshub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://syndication.twitter.com https://platform.twitter.com https://app.genial.ly/ https://app.involve.me/qubes/ https://cdnapisec.kaltura.com https://community.gep.wustl.edu https://creativecommons.org https://docs.google.com https://etherpad.opendev.org https://etherpad.openstack.org https://fortress.maptive.com https://giphy.com https://gvsu.hosted.panopto.com https://open.spotify.com https://padlet.com/ https://rpubs.com https://shorts.flipgrid.com https://w.soundcloud.com/ https://www.educreations.com https://www.geogebra.org https://www.google.com/ https://www.mentimeter.com https://www.rpubs.com https://www.youtube.com https://embed.bsky.app; img-src * data: image: file: blob:; media-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.3/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ScrollMagic.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/ https://cdn.syndication.twimg.com/timeline/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.mathjax.org/mathjax/contrib/a11y/ https://code.jquery.com https://embedr.flickr.com/assets/ https://releases.flowplayer.org/ https://sdks.shopifycdn.com/ https://secure.givelively.org https://use.fontawesome.com/88cd5351e6.js https://widgets.flickr.com/embedr/ https://www.geogebra.org https://sagecell.sagemath.org/static/embedded_sagecell.js https://cdn.jsdelivr.net/npm/mathjax@3/es5/ https://pretextbook.org/js/ https://cdnjs.cloudflare.com/ajax/libs/lunr.js/ https://ssl.google-analytics.com/ga.js https://embed.bsky.app/static/embed.js; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://use.fontawesome.com/88cd5351e6.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://releases.flowplayer.org/ https://pretextbook.org/css/ https://fonts.cdnfonts.com/css/dejavu-serif.css https://fonts.cdnfonts.com/css/dejavu-serif; worker-src blob:; report-uri https://csp.hubzero.org/csp-cms.php 1
base-uri 'self'; child-src 'self' *.websiteni.com blob:; connect-src 'self' lottie.host *.googleapis.com *.facebook.net *.pay.com api.staging.pay.com api.pay.com *.mckinneycompetitions.com *.google-analytics.com *.cloudflare.com *.jsdelivr.net *.typekit.net *.unpkg.com *.culchiecomps.com *.google.com *.tiktok.com; default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.jsdelivr.net *.cloudflare.com data: *.typekit.net *.cdn-apple.com; form-action 'self' www.facebook.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; frame-src 'self' *.trustpilot.com *.pay.com universal.staging.pay.com universal.pay.com *.cardinalcommerce.com *.youtube.com *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.facebook.com; img-src 'self' mckinneycompetitions.com imagedelivery.net maps.gstatic.com maps.googleapis.com data: *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.google.co.uk *.google-analytics.com; media-src 'self'; object-src 'self'; script-src 'self' unpkg.com widget.trustpilot.com lottie.host fonts.googleapis.com maps.googleapis.com *.jquery.com *.cloudflare.com *.jsdelivr.net 'unsafe-inline' *.datatables.net 'unsafe-eval' *.lakedistrictgiveaways.co.uk *.facebook.net *.pay.com js.staging.pay.com www.googletagmanager.com matomo.mckinneycompetitions.com *.cdn-apple.com *.checkout.com *.doubleclick.net *.tiktok.com *.klaviyo.com; style-src 'self' *.cloudflare.com *.jsdelivr.net fonts.googleapis.com widget.trustpilot.com lottie.host 'unsafe-inline' *.datatables.net maps.googleapis.com *.typekit.net; manifest-src 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://script.hotjar.com/modules.855de5fca5328fca5328f4d913a.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/jquery-3.3.1.slim.min.js https://form-cdn.pardot.com/js/piUtils.js https://go.leonardoworldwide.com/analytics https://js.driftt.com https://maps.googleapis.com/maps-api-v3/api/js/47/7a/infowindow.js https://pi.pardot.com/analytics https://script.hotjar.com/modules.b840cee57f816b17fc8e.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://static.hotjar.com/c/hotjar-1643127.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://js.driftt.com/include/1644433200000/mpc4rt8urpbb.js https://script.hotjar.com/modules.acfce7141cd3503e3221.js https://p.adsymptotic.com https://www.leonardoworldwide.com/ https://pi.pardot.com/pd.js https://js.driftt.com/include/1644433800000/mpc4rt8urpbb.js;style-src 'unsafe-inline' 'report-sample' 'self' http: https: fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://pro.fontawesome.com;object-src 'none';base-uri 'self'; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://in.hotjar.com https://maps.googleapis.com https://stats.g.doubleclick.net; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com;frame-src 'self' https://go.leonardoworldwide.com https://js.driftt.com https://vars.hotjar.com https://www.youtube.com; img-src 'self' data: http: https: *.gravatar.com http://www.leonardoworldwide.com https://i.ytimg.com https://leonardo.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.ca https://www.google.com;manifest-src https://p.adsymptotic.com https://www.leonardoworldwide.com/ 'self'; media-src 'self';report-uri https://61fc42604ac1af58c416405b.endpoint.csper.io/?v=0;worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'none'; 1
font-src www.paypalobjects.com *.cloudflare.com *.magentocommerce.com *.razorpay.com *.paypal.com *.cloudfront.net *.vimeocdn.com *.ssl-images-amazon.it *.facebook.net  *.facebook.com *.ksearchnet.com *.ccavenue.com  *.klevu.com *.twitter.com *.golfoy.com golfoy.com *.googletagmanager.com *.youtube.com *.ads-twitter.com  *.google.com *.licdn.com *.heatmap.it *.prism.app-us1 *.linkedin.com *.doubleclick.net *.google.co.in *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.snapmint.com *.snapmint.com/v1/public 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net *.vimeocdn.com https://www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.facebook.com *.twitter.com api.razorpay.com *.snapmint.com *.snapmint.com/v1/public 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com https://golfoy.com *.golfoy.com cdn.golfoy.com t.co *.magentocommerce.com *.razorpay.com *.paypal.com *.cloudfront.net *.ssl-images-amazon.it *.facebook.net  *.facebook.com *.ksearchnet.com *.ccavenue.com  *.klevu.com *.twitter.com golfoy.com *.ads-twitter.com  *.google.com *.licdn.com *.heatmap.it *.prism.app-us1 *.linkedin.com *.doubleclick.net *.google.co.in www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthisedge.com https://firebasestorage.googleapis.com https://maps.gstatic.com cdn.razorpay.com *.snapmint.com *.snapmint.com/v1/public data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ diffuser-cdn.app-us1.com prism.app-us1.com *.cloudflare.com *.magentocommerce.com *.razorpay.com *.paypal.com *.cloudfront.net *.ssl-images-amazon.it *.facebook.net  *.facebook.com *.ksearchnet.com *.ccavenue.com  *.klevu.com *.twitter.com *.golfoy.com golfoy.com *.googletagmanager.com *.ads-twitter.com  *.google.com *.licdn.com *.heatmap.it *.prism.app-us1 *.linkedin.com *.doubleclick.net *.google.co.in https://www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.avada.io *.shopify.com https://maps.googleapis.com checkout.razorpay.com *.snapmint.com *.snapmint.com/v1/public 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com https://golfoy.com *.golfoy.com cdn.golfoy.com *.googleapis.com *.bulkgate.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.snapmint.com *.snapmint.com/v1/public 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.magentocommerce.com *.razorpay.com *.paypal.com *.cloudfront.net *.vimeocdn.com *.ssl-images-amazon.it *.facebook.net  *.facebook.com *.ksearchnet.com *.ccavenue.com  *.klevu.com *.twitter.com *.golfoy.com golfoy.com *.googletagmanager.com *.youtube.com *.ads-twitter.com  *.google.com *.licdn.com *.heatmap.it *.linkedin.com *.doubleclick.net *.t.co *.prism.app-us1.com *.diffuser-cdn.app-us1.com https://api.postalpincode.in www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://maps.googleapis.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.snapmint.com *.snapmint.com/v1/public *.wizzy.ai wss://sockets.wizzy.ai *.wizsearch.in wss://sockets.wizsearch.in 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TifJms5UX7zydGlQ48wJGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src *.force.com slack-imgs-mil-dev.com 'self' https://js.monitor.azure.com https://stats.g.doubleclick.net https://www.johnsoncontrols.com https://img.youtube.com https://payments.salesforce.com/icons/ https://login.salesforce.com/icons/ https://*.tags.tiqcdn.com https://tyco.widen.net https://files.hvacnavigator.com https://www.solutionnavigator.com https://*.g.doubleclick.net https://www.gstatic.com https://jcibuildings.ca1.qualtrics.com https://collect.tealiumiq.com *.slack-edge-gov.com https://jcibe.file.force.com *.my-salesforce.com https://www.upgnetsap.com *.hvacnavigator.com *.cloudinary.com https://s3.amazonaws.com https://jcpublic.kzoplatform.com https://miller-picking.rpiconnect.net blob: https://usa740.sfdc-8tgtt5.salesforce.com/icons/ https://dc.services.visualstudio.com https://*.googletagmanager.com slack-imgs.com https://cdnjs.cloudflare.com slack-gov-dev.com *.sfdcstatic.com https://*.tealiumiq.com https://*.google-analytics.com *.twimg.com tags.tiqcdn.com https://docs.johnsoncontrols.com https://*.analytics.google.com *.slack.com https://www.paypal.com https://my.tealiumiq.com *.slack-imgs.com slack-imgs-gov.com https://*.www.google-analytics.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://siteintercept.qualtrics.com *.salesforce-experience.com https://*.google.com https://*.selectionnavigator.com https://www.upgnet.com https://*.walkme.com https://www.ductedsystemsacademy.com slack-imgs-gov-dev.com https://znefnyywi9pon9a8u-jcibuildings.siteintercept.qualtrics.com *.slack-edge.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://jcibe.my.salesforce.com slack-mil-dev.com https://*.trustarc.com https://www.gstatic.com/recaptcha/ https://res.cloudinary.com https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://www.kwikstrut.com https://qtoolkit.rpiconnect.net https://*.msecnd.net https://i.vimeocdn.com https://*.qualtrics.com https://hvacnavigator.brandmuscle.net https://www.google-analytics.com *.salesforce.com https://xiecomm.worldpay.com https://*.adyen.com slack-imgs.mil https://*.truste.com data:; report-to sfdc-csp-ep; report-uri https://jcibe.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DG0000000hBll&networkId=0DM4w000000GsE3&type=communities 1
default-src  'self'  'unsafe-inline'  'unsafe-eval'  https://www.google-analytics.com  https://www.googletagmanager.com  https://connect.facebook.net;                                             img-src  'self'  https://dv3tko0boseyz.cloudfront.net  https://video.visumo.jp  https://www.visumo.jp  https://assets.sprocket.bz  https://image.visumo.io  https://wwwetvoscom.ecbeing.biz  https://cdn.jsdelivr.net  https://www.google.co.jp  https://www.google.com  https://analytics.tiktok.com  https://analytics.twitter.com  https://nova.collect.igodigital.com  https://pixel-service.awoo.org  https://px.ladsp.jp  https://t.co  https://ws.mediatalk.io  https://www.facebook.com  https://www.googletagmanager.com  https://b99.yahoo.co.jp  https://m.media-amazon.com  https://meas.hera.d2c.ne.jp  https://ad.as.amanad.adtdp.com  https://ade.clmbtech.com  https://a-mpd.com  https://atb.im-apps.net  https://atm.im-apps.net  https://b6.im-apps.net  https://c.bing.com  https://cm.g.doubleclick.net  https://criteo-sync.teads.tv  https://cs.media.net  https://eb2.3lift.com  https://gum.criteo.com  https://i.smartnews-ads.com  https://i6.smartnews-ads.com  https://ib.adnxs.com  https://idsync.rlcdn.com  https://pixel.rubiconproject.com  https://r.casalemedia.com  https://rtb-csync.smartadserver.com  https://*.pubmatic.com  https://sync.1rx.io  https://sync.outbrain.com  https://sync-t1.taboola.com  https://tg.socdm.com  https://tr.line.me  https://x.bidswitch.net  https://ad.doubleclick.net  https://*.googleapis.com  https://b.im-apps.net  https://cdnjs.cloudflare.com  https://client-side-metrics.jp2.as.criteo.net  https://connect.facebook.net  https://etvos.com  https://etvos.jp  https://fonts.gstatic.com  https://googleads.g.doubleclick.net  https://i.ytimg.com  https://inviewv6.ladsp.com  https://maps.gstatic.com  https://npstaticprod.ptengine.jp  https://promolayer-images.b-cdn.net  https://s3-ap-northeast-1.amazonaws.com  https://stats.g.doubleclick.net  https://stg.etvos.com  https://syndication.twitter.com  https://tr.outbrain.com  https://visumojp-www.s3-ap-northeast-1.amazonaws.com  https://www.google.ca  https://www.google.co.kr  https://www.google.com.sg  https://www.google.com.tw  https://www.google.mg  https://www.googleadservices.com  https://cm-12956.csolution.jp  https://notify.bugsnag.com  https://px.a8.net  https://www.google.co.in  https://www.google.co.th  https://www.google.co.uk  https://www.google.es  https://www.google.gr  https://www.google.ie  https://www.google.it  https://www.google.nl  https://www.google.com.co  https://www.google.co.za  https://www.rakuten.ne.jp  https://b98.yahoo.co.jp  https://click.s11.exacttarget.com  https://log-papago.naver.com  https://suhadaomoi.net  https://www.google.co.id  https://www.google.com.hk  https://www.google.com.my  https://www.google.se  https://dis.criteo.com  https://aa.agkn.com  https://sync.targeting.unrulymedia.com  https://s.yimg.jp  https://analytics-ipv6.tiktokw.us  https://tkx.csolution.jp  https://www.google.com.au  https://www.google.com.ph  https://www.google.com.tr  https://www.google.fr  https://www.google.com.mt  https://www.google.de  https://www.google.ch  https://www.google.com.sa   https://www.google.lv  https://www.google.ru  https://www.google.co.ug  https://www.google.com.vn  https://cs.adingo.jp  https://*.ggpht.com  *.googleusercontent.com  s-cs.send.microad.jp  https://public-prod-dspcookiematching.dmxleo.com  data:;                                             font-src  'self'  https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com  https://use.typekit.net  https://assets.v2.sprocket.bz  https://cdn.jsdelivr.net  https://ws.mediatalk.io  https://cdnjs.cloudflare.com  https://dv3tko0boseyz.cloudfront.net  https://at.alicdn.com  https://cdn.scite.ai  data:;                                             media-src   'self'  https://ws.mediatalk.io  https://video.visumo.jp  https://etvos.com  https://fonts.ninja  blob:;                                             connect-src  'self'  https://etvos.com  https://api.v2.sprocket.bz  https://stats.ptengine.jp  https://assets.sprocket.bz  https://b.shutto-translation.com  https://contents.visumo.io  https://sprocket-ping.s3.amazonaws.com  https://autoline.link  https://dc.services.visualstudio.com  https://track.api.visumo.io  https://tracking.staff-start.com  https://video.visumo.io  https://www.visumo.jp  https://d341j04libduye.cloudfront.net  https://act.hera.d2c.ne.jp  https://pixel-service.awoo.org  https://*.google.com  https://a.promolayer.io  https://ad.doubleclick.net  https://analytics.google.com  https://analytics.tiktok.com  https://analytics-ipv6.tiktokw.us  https://audiencedata.im-apps.net  https://cloud.shop-etvos.com  https://js.api.nidan.d2c.ne.jp  https://secure1.adcent.jp  https://stats.g.doubleclick.net  https://tr.outbrain.com  https://ws.mediatalk.io  https://www.facebook.com  https://www.google.co.jp  https://www.google-analytics.com  https://www.googletagmanager.com  https://cdn.hera.d2c.ne.jp  https://payments.amazon.co.jp  https://payments-fe.amazon.com  https://amplify.outbrain.com  https://apm.yahoo.co.jp  https://b.im-apps.net  https://b6.im-apps.net  https://sync6.im-apps.net  https://ups.im-apps.net  https://api.awoo.org  https://cssc-cdn.contx.net  https://demo-1.conversionsapigateway.com   https://displayscdn.promolayer.io  https://dm.slim02.jp  https://geoip.peakdigital.cloud  https://googleads.g.doubleclick.net  https://log.sprocket.bz  https://*.googleapis.com  https://mpc-prod-15-s6uit34pua-uw.a.run.app  https://*.analytics.google.com   https://score.im-apps.net  https://tag.conel-revival.jp  https://www.contx.net  https://www.google.co.kr  https://www.google.com.tw  https://www.googleadservices.com  https://analytics.twitter.com  https://crrc.impact-ad.jp  https://exceptcollect.ptengine.com  https://m.media-amazon.com  https://region1.analytics.google.com  https://sslwidget.criteo.com  https://t.co  https://www.facebook.com  https://www.google.ca  https://ac.fanp.me  https://connect.facebook.net  https://promolayer-images.b-cdn.net  https://www.google.co.id  https://www.google.co.in  https://www.google.co.th  https://www.google.co.uk  https://www.google.com.hk  https://www.google.com.my  https://www.google.com.ph  https://www.google.com.qa  https://www.google.com.vn  https://www.google.com.mx  https://www.google.com.co  https://www.google.co.ug  https://www.google.nl  https://www.google.co.za  https://www.google.fr  https://www.google.es  https://www.google.it  https://www.google.mn  https://www.google.co.nz  https://graph.facebook.com  https://log.letro.jp  https://overbridgenet.com  https://www.google.com.mt  https://tag.ladsp.jp  https://www.google.com.au  https://www.google.com.sg  wss://*.mediatalk.io  wss://*.iesnare.com  wss://ws.sprocket.bz  https://cloud.shop-etevos.live  https://cloud.shop-ra-ulrikeklein.info  https://region1.google-analytics.com  http://*.ap-northeast-1.amazonaws.com;                                            frame-src  'self'  https://assets.v2.sprocket.bz  https://www.youtube.com  https://maps.google.com  https://www.facebook.com  https://www.google.com  https://*.fls.doubleclick.net  https://aax-fe.amazon-adsystem.com  https://gum.criteo.com  https://8941176.fls.doubleclick.net  https://9206877.fls.doubleclick.net  https://app.botchan.chat  https://bid.g.doubleclick.net  https://checkout-v2.paidy.com  https://platform.twitter.com  https://static.criteo.net  https://um.ladsp.com  https://web.facebook.com  https://gumi.criteo.com  https://suhadaomoi.net  https://www.googletagmanager.com  http://*.id.opendns.com  https://block.opendns.com;                                            script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://*.googleapis.com  https://assets.ext.sprocket.bz  https://assets.sprocket.bz  https://assets.v2.sprocket.bz  https://cdnjs.cloudflare.com  https://d.shutto-translation.com  https://event.lib.visumo.io  https://tagdelivery.visumo.io  https://*.ebis.ne.jp  https://*.googletagmanager.com  https://www.visumo.jp  https://www.youtube.com  https://autoline.link  https://connect.facebook.net  https://etvos-test.silveregg.net  https://js.ptengine.jp  https://static.staff-start.com  https://cdn.jsdelivr.net  https://code.jquery.com  https://ebis-ns.etvos.com  https://api.etm-service.com  https://googleads.g.doubleclick.net  https://analytics.tiktok.com  https://api.awoo.org  https://dmp.im-apps.net  https://etvos.silveregg.net  https://gntm.geeen.co.jp  https://letro.jp  https://px.ladsp.com  https://secure1.adcent.jp  https://static-fe.payments-amazon.com  https://statics.a8.net  https://tag.ez-cx.com  https://ws.mediatalk.io  https://www.google-analytics.com  https://api.letro.jp  https://p01.owned.letro.jp  https://s.yimg.jp  https://s.yjtag.jp  https://www.google.com  https://www.googleadservices.com  https://110005603.collect.igodigital.com  https://ac.fanp.me  https://amplify.outbrain.com  https://b99.yahoo.co.jp  https://cd.valis-cpx.jp  https://cdn.adnwif.smt.docomo.ne.jp  https://cdn.hera.d2c.ne.jp  https://cdn.smartnews-ads.com  https://d.adlpo.com  https://d.line-scdn.net  https://js.api.nidan.d2c.ne.jp  https://nidan.addlv.smt.docomo.ne.jp  https://*.criteo.com  https://static.ads-twitter.com  https://static.jp.zeals.ai  https://tk.csolution.jp  https://wave.outbrain.com  https://app2.blob.core.windows.net  https://apps.paidy.com  https://b92.yahoo.co.jp  https://botchan-scripts.botchan-apps.com  https://cdn.contx.net  https://cdn.credit.gmo-ab.com  https://modules.promolayer.io  https://mpsnare.iesnare.com  https://platform.twitter.com  https://pv.amanad.adtdp.com  https://static.mul-pay.jp  https://tag.conel-revival.jp  https://tags.tiqcdn.com  https://tgdfm.adtdp.com  https://tr.outbrain.com  https://www.contx.net  https://www.gstatic.com  https://www.lpomax.net  https://dv3tko0boseyz.cloudfront.net  https://b90.yahoo.co.jp  https://cd.ladsp.com  https://cm-12956.csolution.jp  https://meas.hera.d2c.ne.jp  https://measurement-tag.ailp.cyberagent.ai  https://p01.mul-pay.jp  https://tag.ladsp.com  https://api.botchan.chat  https://b98.yahoo.co.jp  https://infird.com  https://tag.ez-cx.com  https://apis.google.com  https://static.cloudflareinsights.com  https://*.ggpht.com  *.googleusercontent.com  https://*.amazonaws.com;                                             style-src  'self'  'unsafe-inline'  https://assets.sprocket.bz  https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com  https://p.typekit.net  https://use.typekit.net  https://www.visumo.jp  https://ajax.googleapis.com  https://cdn.jsdelivr.net  https://cdnjs.cloudflare.com  https://adblockers.opera-mini.net  https://app2.blob.core.windows.net  https://etvos.jp  https://dv3tko0boseyz.cloudfront.net  https://etvos.com;                                             worker-src  'self'  blob:;                                             report-to                                                 csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ 'self' td.doubleclick.net www.facebook.com 'self' fast.amc.demdex.net www.google.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src 'self' assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'unsafe-inline' *.adobedtm.com data: www.googleadservices.com https://www.selfawb.ro www.google.ro https://www.google.com *.googleadservices.com www.google-analytics.com analytics.google.com *.googletagmanager.com *.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com connect.facebook.net cdn.ampproject.org pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleapis.com *.googleadservices.com *.gstatic.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha https://www.google.com/recaptcha google.com *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js maps.googleapis.com *.openstreetmap.org *.magento-ds.com use.typekit.net map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.typekit.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.googletagmanager.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io 'self' 'unsafe-inline' https://google.com/ccm/form-data/844658545 https://google.com/pagead/form-data/844658545 cdn.ampproject.org https://ecommerce.fancourier.ro https://api.fancourier.ro https://www.google.com analytics.google.com www.googleapis.com region1.analytics.google.com www.google-analytics.com https://nominatim.openstreetmap.org map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.googletagmanager.com stats.g.doubleclick.net places.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' www.google.ro www.google.com google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com https://www.googletagmanager.com/ *.facebook.com *.paypalobjects.com storage.googleapis.com *.livechatinc.com *.kaptcha.com *.doubleclick.net *.instagram.com sibautomation.com *.brevo.com *.sibforms.com cutlistevo.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.com *.google.com *.google.co.uk paypal-eu-arh.cloudiq.com *.bing.com *.googletagmanager.com *.cloudfront.net *.yotpo.com *.clarity.ms *.luckyorange.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.livechatinc.com *.facebook.net *.bing.com paypal-eu-cdn.cloudiq.com *.paypal.com *.cloudfront.net *.craftyclicks.co.uk *.luckyorange.com *.clarity.ms *.qeryz.net *.instagram.com *.debugbear.com *.sendinblue.com sibautomation.com *.brevo.com https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.js *.trustpilot.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com maxcdn.bootstrapcdn.com *.googleapis.com *.cloudfront.net *.luckyorange.com *.myfonts.net *.stackpathcdn.com *.trustpilot.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.google-analytics.com stats.g.doubleclick.net *.luckyorange.com settings.luckyorange.net wss://realtime.luckyorange.com wss://visitors.live wss://in.visitors.live *.facebook.com *.clarity.ms qeryz.com *.googleapis.com *.googlesyndication.com *.brevo.com *.debugbear.com *.growthbook.io *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com;script-src 'nonce-e41d4468d5304461889a50f08e6033cd' https://mychart.et1197.epichosted.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mychart.et1197.epichosted.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-5UiQJcaW_5yyfQK5szen2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self' 'strict-dynamic' https://www.trade-schools.net https://api.trustedform.com https://visitor2.constantcontact.com/ https://*.googletagmanager.com https://tagmanager.google.com https://s.pinimg.com/ https://ct.pinterest.com/ 'nonce-cI6Q8Pc/KjJkGs50xqy1XV67FvU113pqMgHt3wyn6vQ='; style-src 'self' 'unsafe-inline' https://static.ctctcdn.com/ https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' https://beeline-tsnetapi-prod.azurewebsites.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://ssl.gstatic.com https://www.gstatic.com https://usage.trackjs.com https://*.trustedform.com/ https://cdn.matomo.cloud https://log.pinterest.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://beeline-tsnetapi-prod.azurewebsites.net https://api.zip-codes.com https://apilayer.net https://static.ctctcdn.com https://visitor2.constantcontact.com https://tradeschools.matomo.cloud https://create.leadid.com https://api.trustedform.com/; frame-src 'self' https://www.youtube.com/ https://embed.ted.com/ https://player.vimeo.com https://platform.twitter.com/ https://td.doubleclick.net/;object-src 'none';base-uri 'self' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://*.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://belco-prod.s3-eu-central-1.amazonaws.com connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net cdn.flbx.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.belco.io connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.getflowbox.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com embed.pakketdienstqls.nl *.sendcloud.sc *.jsdelivr.net tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io connect.facebook.net graph.facebook.com business.facebook.com *.faslet.net https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.getflowbox.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com https://use.typekit.net https://fonts.gstatic.com/ https://p.typekit.net/ https://fonts.googleapis.com/ *.cdnfonts.com *.fontawesome.com *.klaviyo.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com https://www.rsa3dsauth.co.uk/ *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://widget.trustpilot.com/ https://consentcdn.cookiebot.com/ https://www.rsa3dsauth.co.uk/ www.xtento.com *.doubleclick.net *.facebook.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afd.co.uk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://media.jtatkinson.co.uk/ https://imgsct.cookiebot.com/ www.xtento.com cdn.xtento.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.nr www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tg www.google.tl www.google.tn www.google.tt www.google.ws *.googletagmanager.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com polyfill.io *.afd.co.uk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widget.trustpilot.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com www.xtento.com cdn.xtento.com *.cookiebot.com *.doubleclick.net *.facebook.net *.googleapis.com *.googletagmanager.com *.klaviyo.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.trustpilot.com https://use.typekit.net https://fonts.gstatic.com/ https://p.typekit.net/ https://fonts.googleapis.com/ *.fontawesome.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://apps.afd.co.uk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://consentcdn.cookiebot.com https://consent.cookiebot.com *.algolia.io *.algolia.net *.algolianet.com *.datadome.co *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sn www.google.sr www.google.tn www.google.tt *.klaviyo.com *.samsung.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b3c2c731-63d3-4340-a29a-f72f0bda06ca.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.unpkg.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.authorize.net checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com challenges.cloudflare.com *.instagram.com *.cdninstagram.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ media.sezzle.com maps.gstatic.com https://widget.freshworks.com https://www.strikeindustries.com *.instagram.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net sandbox-assets.secure.checkout.visa.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com maps.googleapis.com challenges.cloudflare.com https://classic.avantlink.com https://www.googletagmanager.com https://maps.googleapis.com https://widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.unpkg.com https://static.klaviyo.com fonts.cdnfonts.com *.gstatic.com https://widget.freshworks.com *.instagram.com *.cdninstagram.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com maps.googleapis.com *.gstatic.com https://widget.freshworks.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.ceros.com media.ceros.com view.ceros.com play.vidyard.com assets.vidyard.com www.googletagmanager.com snap.licdn.com up.pixel.ad www.google-analytics.com *.hs-sites.com *.hubspotusercontent-na1.net js.hs-banner.com js.hs-analytics.net js.hubspot.com *.hsappstatic.net js.hscollectedforms.net ajax.googleapis.com googleads.g.doubleclick.net static.doubleclick.net www.google.com vidassets.terminus.services cookie-script.com *.cookie-script.com cdn.rollbar.com kit.fontawesome.com www.gstatic.com www.youtube.com platform.linkedin.com connect.facebook.net platform.twitter.com; object-src 'none'; 1
frame-src 'self' https://embed.tawk.to/ https://plugins.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js https://embed.tawk.to/ https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/ cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js https://embed.tawk.to/ https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net mdbootstrap.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js https://embed.tawk.to/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' static.addtoany.com https://embed.tawk.to/ 1
default-src 'self'; script-src 'self' 'nonce-mv8IrH8o9hdZl//TSEwI0Q==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src https://www.amyntagroup.com 'self' https://*.amyntagroup.com https://amyntagroup.com  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://www.amyntagroup.com ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net js.mollie.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://www.mollie.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.disqus.com *.avada.io js.mollie.com https://player.vimeo.com https://www.youtube.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: https://userlike-cdn-umm.b-cdn.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ secure.novalnet.de seamless.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://userlike-cdn-operators.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://app.usercentrics.eu https://www.google.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://rum.hlx.page tagmanager.google.com https://www.googletagmanager.com cdn.novalnet.de cdn.barzahlen.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://ajax.googleapis.com https://userlike-cdn-umm.b-cdn.net https://app.usercentrics.eu https://connect.facebook.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://sgtm.agrar-direct.de *.usercentrics.eu *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.gstatic.com https://integrations.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com https://edge.adobedc.net https://api.usercentrics.eu https://sgtm.agrar-direct.de *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.usercentrics.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.oney.io *.staging.oney.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.hipay-tpp.com *.hipay.com *.googleapis.com *.iubenda.com *.salesmanago.pl *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io *.sharethis.com *.iubenda.com *.ads.linkedin.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.oney.io *.staging.oney.io *.sharethis.com *.iubenda.com *.clarity.ms analytics.tiktok.com snap.licdn.com rum.hlx.page *.googletagmanager.com *.googleadservices.com *.google-analytics.com cdn.scalapay.com b2c-cdn.scalapay.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.hipay.com *.googleapis.com use.typekit.net p.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io maps.googleapis.com *.sharethis.com *.iubenda.com *.clarity.ms analytics.tiktok.com *.ads.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BiUERm0KugF0Qj1-iLLR1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src googleapis.com *.zdassets.com 'self' 'unsafe-inline'; font-src googleapis.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src googleapis.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; connect-src static-forms.klaviyo.com googleapis.com facebook.com facebook.net klaviyo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; form-action googleapis.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src googleapis.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za map.pargo.co.za 'self' 'unsafe-inline'; img-src googleapis.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src googleapis.com klaviyo.com facebook.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com www.gstatic.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
style-src-elem https://accounts.google.com https://showside.maker.co 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net https://fonts.gstatic.com 'self' 'unsafe-inline' https://fonts.cdnfonts.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com api.razorpay.com https://td.doubleclick.net https://app.maker.co https://cdn.razorpay.com https://helpdesk.meetanshi.com https://3.ue1.vbus.apps.ladesk.com 'self' app.maker.co www.googletagmanager.com td.doubleclick.net video.gumlet.io https://sandbox.pdp.gokwik.co https://pdp.gokwik.co https://*.gokwik.co https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://zefnh.whisperinghomes.com https://firebasestorage.googleapis.com cdn.razorpay.com https://www.whisperinghomes.com https://res.cloudinary.com https://whisperinghomes.com/pub/media https://c.clarity.ms https://www.facebook.com *.google.com *.googleapis.com *.google-analytics.com whisperinghomes.com https://*.vimeocdn.com https://*.gokwik.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://zefnh.whisperinghomes.com https://cdn.outoftheblue.ai https://static.cloudflareinsights.com s7.addthis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io checkout.razorpay.com https://showside.maker.co https://app.maker.co https://crm.zoho.in https://scripts.clarity.ms https://js.zohocdn.com https://dazh-zc1.maillist-manage.in https://connect.facebook.net https://o.clarity.ms https://cdn.razorpay.com https://cdn.us.heap-api.com https://code.jquery.com https://cdn-in.pagesense.io unpkg.com lottiefiles.com showside.maker.co zoho.in clarity.ms connect.facebook.net js.mollie.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com *.paypal.com *.cdninstagram.com https://embed.maker.co self https://sandbox.pdp.gokwik.co https://pdp.gokwik.co https://*.gokwik.co https://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://showside.maker.co 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.bunny.net showside.maker.co *.google.com https://css.zohocdn.com https://cdnjs.cloudflare.com https://*.gokwik.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline' 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://zefnh.whisperinghomes.com https://cdn.outoftheblue.ai http://localhost:3000 https://l.clarity.ms https://z.clarity.ms https://us-east1-otb-dev-platform.cloudfunctions.net ekr.zdassets.com/ https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://api.maker.co https://www.clarity.ms https://o.clarity.ms https://salesiq.zohopublic.in https://api.razorpay.com https://c.us.heap-api.com https://pagesense-collect.zoho.in www.google.co.in api.maker.co o.clarity.ms ekr.zdassets.com *.google-analytics.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://video.gumlet.io https://api-gw-v4.dev.gokwik.io https://api-gw-v4.gokwik.io https://gkx.gokwik.co https://*.gokwik.co https://*.gokwik.io https://*.zohocdn.com https://*.edgetag.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com mcstaging.macfarlanepackaging.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ js.stripe.com b.stripecdn.com pay.google.com newassets.hcaptcha.com m.stripe.network js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://files.zakeke.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klevu.com *.ksearchnet.com 'self' js.klevu.com www.gstatic.com cdn.cookielaw.org public-gbr.mkt.dynamics.com *.azureedge.net macfarlanepackaging.bynder.com *.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.klevu.com *.ksearchnet.com 'self' unpkg.com www.google.com www.gstatic.com js.stripe.com b.stripecdn.com pay.google.com hcaptcha.com m.stripe.network cdn.cookielaw.org *.livechatinc.com *.azureedge.net *.dynamics.com *.scurritrackplus.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klevu.com *.ksearchnet.com 'self' js.klevu.com www.gstatic.com js.stripe.com b.stripecdn.com *.gstatic.com *.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com 'self' *.stripe.com *.hcaptcha.com *.cardinalcommerce.com *.cookielaw.org *.dynamics.com *.azureedge.net *.googlesyndication.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' commerce.adobedc.net r.stripe.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://2679108e-012b-4aa9-9696-ac7c5fc442e1.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-50f10PKtoMvTBfVdAr82tA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.googleapis.com fonts.gstatic.com celebrosnlp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.xtento.com ws.sharethis.com c.sharethis.mgr.consensu.org www.facebook.com t.sharethis.com *.weltpixel.com *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com gateway.apaylater.com gateway.atome.sg www.xtento.com cdn.xtento.com https://a.klaviyo.com *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ gateway.apaylater.com gateway.atome.sg www.xtento.com cdn.xtento.com connect.facebook.net googletagmanager.com ws.sharethis.com maps.googleapis.com foursixty.com jscdn.appier.net click.accesstra.de goofleads.g.doubleclick.net t.sharethis.com https://static.klaviyo.com https://fast.a.klaviyo.com s7.addthis.com *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com *.instagram.com celebrosnlp.com ai.celebros-analytics.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com gateway.apaylater.com gateway.atome.sg fonts.googleapis.com cdn.curator.io ws.sharethis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com celebrosnlp.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com anylist.c.appier.net l.sharethis.com https://static.klaviyo.com https://fast.a.klaviyo.com ekr.zdassets.com/ *.facebook.com *.facebook.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com chatwoot.goodwine.ua 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com chatwoot.goodwine.ua multisearch.io *.sentry-cdn.com scripts.claspo.io https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net chatwoot.goodwine.ua *.sentry.io https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com a.plerdy.com multisearch.io chatwoot.goodwine.ua 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.google.com/ https://www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.googletagmanager.com *.facebook.net *.google.com/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.gstatic.com data: *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com scontent.* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ display.ugc.bazaarvoice.com *.fontawesome.com assets.braintreegateway.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://852e3dc5-adca-44c7-a08d-70d745bf3d90.sansec.watch/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; connect-src 'self' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; base-uri 'self'; form-action 'self'; img-src 'self' data: upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; script-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-tFQy-gJYOBW3Nta65Vlgdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://fonts.gstatic.com https://www.tuinmeubelshop.nl https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://*.dpdconnect.nl https://gum.criteo.com https://secure.livechatinc.com https://widgetcontent.thuiswinkel-cdn.org https://www.googletagmanager.com/ www.xtento.com 'self' 'unsafe-inline'; img-src cdn.tuinmeubelshop.nl data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://maps.gstatic.com http://maps.gstatic.com https://maps.googleapis.com http://maps.googleapis.com https://cdn.tuinmeubelshop.nl https://cdn-staging.tuinmeubelshop.nl https://squeezely.tech https://t.squeezely.tech https://www.google.com https://ct.pinterest.com https://www.facebook.com https://www.google.nl https://bat.bing.com https://www.tuinmeubelshop.nl cdn.flbx.io *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.magmodules.eu *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://www.gstatic.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://*.dpdconnect.nl https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://ecookie.nl https://www.ecookie.nl https://connect.getflowbox.com https://chimpstatic.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.googleadservices.com http://www.googleadservices.com https://bat.bing.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.com https://connect.facebook.net https://squeezely.tech https://t.squeezely.tech https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://script.hotjar.com https://www.googleoptimize.com https://ss.tuinmeubelshop.nl https://unpkg.com https://widget.thuiswinkel-cdn.org https://widget.thuiswinkel.org https://cdn.video-dns.com https://app.aiden.cx https://cdn.livechatinc.com https://api.livechatinc.com https://ar-view-zieny.com https://app.varify.io https://ingest.promptwatch.com *.getflowbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com https://cdn.jsdelivr.net squeezely.tech www.squeezely.tech *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com http://fonts.googleapis.com https://www.tuinmeubelshop.nl https://cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: * *.video-dns.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://www.google.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://squeezely.tech https://t.squeezely.tech https://ct.pinterest.com https://widgetcontent.thuiswinkel-cdn.org https://mave.io *.video-dns.com wss://metrics.video-dns.com https://ar-view-zieny.com https://api.ar-view-zieny.com https://app.varify.io *.getflowbox.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ squeezely.tech *.squeezely.tech *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/; report-to report-endpoint; 1
frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tally.so/; font-src 'self'; object-src 'none'; script-src 'strict-dynamic' https://internet-up.ably-realtime.com/ 'nonce-9hJhX55xHt9ygvJv3k4iqw=='; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://www.bilateralstimulation.io/api/csp-violation; report-to csp-endpoint 1
default-src 'self'; script-src 'self'; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' https://consent.cookiebot.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; connect-src 'self' https://5imast4qgh.execute-api.eu-central-1.amazonaws.com https://ymg13hd0le.execute-api.eu-central-1.amazonaws.com https://consentcdn.cookiebot.com; frame-src https://www.google.com https://consentcdn.cookiebot.com; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://csp.carhire-solutions.com/csp-reports 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://use.typekit.net data: *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.klarnacdn.net *.fontawesome.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca *.certcapture.com https://dpm.demdex.net data: *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://gateway.woodmizer.com https://bid.g.doubleclick.net *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.payu.com merch-prod.snd.payu.com *.googleapis.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io https://amcglobal.sc.omtrdc.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.affirm.com *.affirm.ca *.certcapture.com https://res.cloudinary.com https://black.bird.eu http://dpm.demdex.net http://amc.demdex.net https://www.googletagmanager.com https://www.google.com.br https://*.google.com *.cloudflare.com https://*.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://wcs.naver.com *.trackedlink.net https://woodmizer.ca px.ads.linkedin.com *.woodmizer.com *.fontawesome.com *.trackedweb.net *.yotpo.com beta.woodmizer.com https://uploads.commoninja.com https://insight.adsrvr.org https://bat.bing.com https://www.google.com.pk *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com maps.gstatic.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.affirm.com *.affirm.ca *.certcapture.com https://js-agent.newrelic.com https://bam.nr-data.net https://assets.adobedtm.com https://www.googletagmanager.com *.google-tag-manager.com *.google-analystics-universal.com https://googleads.g.doubleclick.net data: https://*.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com https://www.google-analytics.com https://*.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net https://www.paypalobjects.com https://www.paypal.com https://chimpstatic.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://wcs.naver.com https://wcs.naver.net https://r2-t.trackedlink.net https://r2.trackedweb.net http://static.trackedweb.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://px.ads.linkedin.com snap.licdn.com px.ads.linkedin.com *.woodmizer.com graph.facebook.com *.cardinalcommerce.com *.authorize.net js.braintreegateway.com *.paypal.com *.googletagmanager.com https://*.google.com *.cloudflare.com *.yotpo.com *.cloudfront.net *.commoninja.com *.bing.com *.hotjar.com https://apps.usw2.pure.cloud https://analytics.google.com https://www.sandbox.paypal.com https://t.paypal.com https://s.ytimg.com https://*.vimeocdn.com https://*.twitter.com https://*.facebook.com https://*.hotjar.com https://js.braintreegateway.com https://assets.braintreegateway.com *.klarna.com https://*.klarnacdn.net https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.dotdigital-pages.com https://webchat.dotdigital.com https://*.commoninja.com https://*.bootstrapcdn.com https://*.authorize.net https://*.bing.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://challenges.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com *.googleapis.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.cloudinary.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://static.klaviyo.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com px.ads.linkedin.com *.woodmizer.com https://res.cloudinary.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.affirm.com *.affirm.ca *.certcapture.com https://bam.nr-data.net https://dpm.demdex.net https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com http://static.trackedweb.net https://r2.trackedweb.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com px.ads.linkedin.com *.woodmizer.com *.adobedtm.com https://*.google.com *.yotpo.com https://cdn.commoninja.com https://api-cdn.usw2.pure.cloud https://www.commoninja.com https://*.hotjar.io *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src media.evapo.co.uk static.evapo.co.uk; font-src unity.agechecked.com *.fontawesome.com *.hotjar.com *.hotjar.io lantern.roeyecdn.com lantern.roeye.com *.feefo.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com static.dwcdn.net maxcdn.bootstrapcdn.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.feefo.com maps.gstatic.com maps.googleapis.com storage.googleapis.com s3.eu-west-2.amazonaws.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com widget-mediator.zopim.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net lantern.roeyecdn.com lantern.roeye.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com prtpe.com test.prtpe.com evapo.us10.list-manage.com *.psp-solutions.com *.yotpo.com evapo.co.uk 'self' 'unsafe-inline'; frame-ancestors evapo.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net https://*.wepowerconnections.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.feefo.com maps.gstatic.com maps.googleapis.com storage.googleapis.com s3.eu-west-2.amazonaws.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com widget-mediator.zopim.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net lantern.roeyecdn.com lantern.roeye.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com prtpe.com test.prtpe.com oppwa.com test.oppwa.com unity.agechecked.com *.salesfire.co.uk *.google.com/ https://www.youtube.com www.facebook.com platform.twitter.com *.weltpixel.com *.yotpo.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io unity.agechecked.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.awin1.com *.zenaps.com https://*.wepowerconnections.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.feefo.com maps.gstatic.com maps.googleapis.com storage.googleapis.com s3.eu-west-2.amazonaws.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com widget-mediator.zopim.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net lantern.roeyecdn.com lantern.roeye.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com prtpe.com test.prtpe.com www.googletagmanager.com datawrapper.dwcdn.net *.salesfire.co.uk https://www.magezon.com magefan.com cm.magefan.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com *.yotpo.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unity.agechecked.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.feefo.com maps.gstatic.com maps.googleapis.com storage.googleapis.com s3.eu-west-2.amazonaws.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com widget-mediator.zopim.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com lantern.roeyecdn.com lantern.roeye.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com paypal-eu-cdn.cloudiq.com eu-test.oppwa.com eu-prod.oppwa.com prtpe.com test.prtpe.com script.crazyegg.com datawrapper.dwcdn.net *.salesfire.co.uk *.smartmetrics.co.uk *.google.com/ connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com evapo.co.uk https://chimpstatic.com media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unity.agechecked.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com unsafe-inline *.hotjar.com *.hotjar.io lantern.roeyecdn.com lantern.roeye.com *.feefo.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com prtpe.com test.prtpe.com pt.dwcdn.net static.dwcdn.net *.salesfire.co.uk maxcdn.bootstrapcdn.com *.typekit.net fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com widget-mediator.zopim.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net lantern.roeyecdn.com lantern.roeye.com *.feefo.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline'; manifest-src media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com unity.agechecked.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com https://*.wepowerconnections.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.feefo.com maps.gstatic.com maps.googleapis.com storage.googleapis.com s3.eu-west-2.amazonaws.com *.zdassets.com *.sharethis.com cdn.subscribers.com evapo.zendesk.com wss://widget-mediator.zopim.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com lantern.roeyecdn.com lantern.roeye.com player.vimeo.com bcp.crwdcntrl.net *.google.com *.google.lv *.google.com.uk cdn.cleanhub.io www.cleanhub.com script.crazyegg.com datawrapper.dwcdn.net *.salesfire.co.uk *.smartmetrics.co.uk https://www.google-analytics.com *.yotpo.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com https://*.wepowerconnections.com assets.braintreegateway.com c.paypal.com evapo.co.uk media.evapo.co.uk static.evapo.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src evapo.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.userway.org https://fonts.googleapis.com/ https://wsv3cdn.audioeye.com/ *.zohocdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/ *.twitter.com *.versapay.com *.paynup.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.xtento.com https://www.facebook.com/ https://c.sproutvideo.com/ http://videos.sproutvideo.com/ https://checkout.creditkey.com/ https://td.doubleclick.net/ https://gum.criteo.com/ https://cdn.justuno.com/ https://fledge.us.criteo.com/ https://nytrng.com/ https://wsv3cdn.audioeye.com/ https://static.criteo.net/ https://www.monthlywarranty.com/ https://salesiq.zohopublic.com/ *.twitter.com *.paynup.com *.versapay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.userway.org www.xtento.com cdn.xtento.com https://img.youtube.com https://www.facebook.com/ https://maps.gstatic.com/ https://c.sproutvideo.com/ https://cdn-thumbnails.sproutvideo.com/ https://creditkey-assets.s3-us-west-2.amazonaws.com/ https://www.creditkey.com/ https://maps.googleapis.com/ https://www.google.co.in/ https://www.adelixir.com/ https://bat.bing.com/ https://cdn.ywxi.net/ https://www.monthlywarranty.com/ https://shopper.shop.pe/ https://public-prod-dspcookiematching.dmxleo.com/ https://tg.socdm.com/ https://cm.g.doubleclick.net/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://contextual.media.net/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://s.ad.smaato.net/ https://criteo-sync.teads.tv/ https://ade.clmbtech.com/ https://eb2.3lift.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://dis.criteo.com/ https://sync.aralego.com/ https://cdn.aralego.net/ https://d3cgm8py10hi0z.cloudfront.net/ *.criteo.net/ *.criteo.com/ *.zohopublic.com/ *.zohocdn.com *.zoho.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.userway.org www.xtento.com cdn.xtento.com s7.addthis.com https://cdn.pagesense.io/ https://connect.facebook.net/ https://cdn.searchspring.net/ http://cdn.searchspring.net/ https://static.srcspot.com/ https://maps.googleapis.com/ https://unpkg.com/ https://cdn.noibu.com/ https://bat.bing.com/ https://static.criteo.net/ https://cdn.justuno.com/ https://www.adelixir.com/ https://www.clickcease.com/ https://ca-eu.cookie-script.com/ https://shop.pe/ https://my.justuno.com/ https://d2mjzob2nc713b.cloudfront.net/ https://aly.justuno.com/ https://sslwidget.criteo.com/  https://widget.us.criteo.com/ https://wsmcdn.audioeye.com/ https://cdn.ywxi.net/ https://wsv3cdn.audioeye.com/ https://addshoppers.s3.amazonaws.com/ https://shopper.shop.pe/ https://www.trustedsite.com/ https://www.monthlywarranty.com/ *.zohopublic.com *.zohocdn.com *.zohostatic.com *.zoho.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com https://www.googletagmanager.com tagmanager.google.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.userway.org https://fonts.googleapis.com/ http://cdn.searchspring.net/ https://c.sproutvideo.com/ https://www.monthlywarranty.com/ https://css.zohostatic.com/ *.zohopublic.com/ *.zohocdn.com/ *.zoho.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.versapay.com *.paynup.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zohocdn.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.userway.org ekr.zdassets.com/ https://cdn.pagesense.io/ https://connect.facebook.net/ https://cdn.searchspring.net/ http://cdn.searchspring.net/ http://a.klaviyo.com/ *.searchspring.io/ https://maps.googleapis.com/ https://www.facebook.com/ wss://input.noibu.com/ https://cdn.noibu.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://s3-us-west-2.amazonaws.com/ https://app.shop.pe/ https://manage.safeopt.com/ https://analytics.audioeye.com/ https://input.noibu.com/ https://measurement-api.criteo.com/ https://google.com/ https://aly.justuno.com/ https://shopper.shop.pe/ https://bat.bing.com/ *.zohopublic.com wss://vts.zohopublic.com/ https://static.zohocdn.com/ *.zoho.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com https://www.google-analytics.com *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://static.zohocdn.com 'self' 'unsafe-inline'; report-uri https://375b72b1-83bd-4481-a822-078405d99853.sansec.watch/; report-to report-endpoint; 1
default-src 'self' thomas-and-company.com *.thomas-and-company.com;  script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  img-src 'self' privacy-policy.truste.com www.google-analytics.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  connect-src 'self' www.google-analytics.com 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com data: *.fontawesome.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.youtube.com *.trustpilot.com *.yotpo.com *.addthis.com https://connect.facebook.net 'self'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.cloudflare.com https://static.pay.nl *.gstatic.com *.google.com *.google.nl *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.pay.nl *.yotpo.com solwininfotech.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.trustpilot.com googleads.g.doubleclick.net s7.addthis.com *.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com https://z.moatads.com https://v1.addthisedge.com *.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com https://stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com stats.g.doubleclick.net translations.piggy.eu maps.googleapis.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.e-tailors.nl/; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com landofcoder.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com s7.addthis.com *.googleapis.com *.google.com *.gstatic.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.razorpay.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com landofcoder.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; block-all-mixed-content; child-src vars.hotjar.com; connect-src 'self' api.foyer.lu www.foyer.lu analytics.foyer.lu saf-api.foyer.lu datadog-proxy.foyer.lu stats.g.doubleclick.net googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com *.analytics.google.com analytics.google.com ssl.google-analytics.com adservice.google.com www.google.com maps.googleapis.com pagead2.googlesyndication.com api.iadvize.com halc.iadvize.com static.iadvize.com www.facebook.com consentcdn.cookiebot.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com; font-src 'self' data: static.foyer.lu fonts.gstatic.com use.fontawesome.com; frame-src 'self' halc.iadvize.com www.google.com www.googletagmanager.com www.facebook.com www.youtube.com vars.hotjar.com consentcdn.cookiebot.com; img-src 'self' data: *; manifest-src 'self'; media-src 'self' data:; object-src www.foyer.lu www.cmpli.lu; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics.foyer.lu www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com maps.googleapis.com developers.google.com translate.googleapis.com www.googleoptimize.com stats.g.doubleclick.net translate.googleapis.com opt-out.ferank.eu code.jquery.com tarteaucitron.io halc.iadvize.com static.iadvize.com npmcdn.com cdn.jsdelivr.net static.cdn.prismic.io tarteaucitron.io track.adform.net connect.facebook.net snap.licdn.com s2.adform.net actorssl-5637.kxcdn.com halc.iadvize.com consent.cookiebot.com consentcdn.cookiebot.com script.hotjar.com static.hotjar.com platform.twitter.com cdnjs.cloudflare.com ajax.googleapis.com cdn.svgator.com; style-src 'unsafe-inline' 'self' static.foyer.lu fonts.googleapis.com translate.googleapis.com cdn.jsdelivr.net opt-out.ferank.eu tarteaucitron.io cdn.jsdelivr.net platform.twitter.com; worker-src 'self'; report-uri https://api.foyer.lu/sentry/api/237/security/?sentry_key=29cea24f640d436fa4430bc6d0195cb9&sentry_environment=ir-CSP-php-p&sentry_release=1.0.20; 1
upgrade-insecure-requests; report-to https://f761a3114dffe4f5bac4f0780391ab.0d.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/f07330bb13c841fa9a524497a65cba07/triggers/manual/paths/invoke?api-version=1&sp=triggersmanualrun&sv=1.0&sig=Rq_odGxsqXourHOCLMou32o_ksfuBzfv6mDKXdtCd-w;; report-uri https://f761a3114dffe4f5bac4f0780391ab.0d.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/f07330bb13c841fa9a524497a65cba07/triggers/manual/paths/invoke?api-version=1&sp=triggersmanualrun&sv=1.0&sig=Rq_odGxsqXourHOCLMou32o_ksfuBzfv6mDKXdtCd-w;; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com https://*.googleapis.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.facebook.com https://ct.pinterest.com https://*.cookiebot.com *.sendcloud.sc *.jsdelivr.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com https://images.unsplash.com https://dailystyle.nl https://*.bing.com https://facebook.com https://www.facebook.com https://ct.pinterest.com https://*.googletagmanager.com https://*.clarity.ms https://at19.net https:/at19.net https://www.google.nl https://www.google.com https://*.googleapis.com https://*.gstatic.com https://*.cookiebot.com https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net https://redchamps.com *.amazonaws.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com https://jdt8.net https://tdep.dailystyle.nl https://chimpstatic.com https://diffuser-cdn.app-us1.com https://js-agent.newrelic.com https://bat.bing.com https://s.pinimg.com https://connect.facebook.net https://prism.app-us1.com https://www.clarity.ms https://*.google.com https://*.googleapis.com *.gstatic.com https://*.nr-data.net https://trackcmp.net https://*.cookiebot.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.gstatic.com https://*.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com https://tdep.dailystyle.nl https://ct.pinterest.com https://*.clarity.ms https://*.google-analytics.com https://*.nr-data.net https://*.googleapis.com https://*.cookiebot.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.gstatic.com maps.googleapis.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.gstatic.com data: *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.certcapture.com https://maps.google.com/ ipinfo.io *.stripe.com https://js.stripe.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.certcapture.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com ipinfo.io *.stripe.com https://js.stripe.com/v2/ https://js.stripe.com/v3/ *.google.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src ipinfo.io landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.ipinfo.io *.certcapture.com ipinfo.io *.stripe.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.googletagmanager.com https://js.hs-scripts.com https://js-na2.hs-scripts.com https://js-na2.hsadspixel.net https://js-na2.hs-analytics.net https://js-na2.hs-banner.com https://js-na2.hubspot.com https://js-na2.usemessages.com https://code.jquery.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://app.purechat.com https://prod.purechatcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com https://netdna.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://netdna.bootstrapcdn.com; img-src 'self' data: https://web.oceansidechamber.com https://seal-central-northern-western-arizona.bbb.org https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://track-na2.hubspot.com https://perf-na2.hsforms.com https://forms-na2.hsforms.com; connect-src 'self' https://cdn.jsdelivr.net https://static.hsappstatic.net https://www.googletagmanager.com https://api-na2.hubapi.com https://api-na2.hubspot.com https://cta-na2.hubspot.com https://track-na2.hubspot.com https://forms-na2.hsforms.com https://perf-na2.hsforms.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://app.purechat.com https://prod.purechatcdn.com https://widgetapi.purechat.com https://api-cdn.purechat.com https://api.purechat.com; frame-src 'self' https://www.googletagmanager.com https://www.paycomonline.net https://ats.rippling.com/montereyfinancial/jobs https://player.vimeo.com https://app-na2.hubspot.com; frame-ancestors 'self'; 1
font-src https://fonts.gstatic.com *.gstatic.com *.tawk.to *.fontawesome.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.gstatic.com apis.google.com youtu.be *.vimeo.com *.addthis.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.hubspot.com *.hsforms.com https://tawk.link https://images.unsplash.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: magefan.com cm.magefan.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net https://www.mollie.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.tawk.to *.google.com https://maps.googleapis.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.googletagmanager.com *.doubleclick.net js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.maxmind.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.tawk.to *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.googletagmanager.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://api.hubapi.com *.hs-scripts.com https://forms.hubspot.com *.hscollectedforms.net wss://*.tawk.to *.tawk.to http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://player.vimeo.com *.cloudflare.com *.facebook.com *.facebook.net *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://*.hubspot.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscta.net https://*.usemessages.com https://*.sharethis.com https://*.wistia.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://*.sharethis.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.hubspot.com https://*.hs-banner.com https://*.sharethis.com https://*.crwdcntrl.net https://*.ltmsphrcl.net https://*.wistia.com https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com; frame-src 'self' https://*.wistia.com https://*.sharethis.com https://www.google.com; img-src 'self' data: https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.gravatar.com https://*.sharethis.com https://*.hubspot.com https://wpengine.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; report-uri https://6915f6be6969e21dc176bf00.endpoint.csper.io?v=3; 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.any-lamp.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.any-lamp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.any-lamp.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnacdn.net *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.clerk.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ *.stripe.com *.google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-57WoSMFGPa7sXmARZS1pZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src 'unsafe-inline' 'self' *.facebook.com *.google.com *.gstatic.com *.bbb.org *.authorize.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.doubleclick.net *.hcaptcha.com *.cloudflare.com *.klaviyo.com *.trustpilot.com *.googletagmanager.com *.bing.com *.cloudflareinsights.com *.facebook.net; frame-ancestors 'self'; img-src 'self' data: *.rightwayparking.com *.google.com *.bing.com *.facebook.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.doubleclick.net *.gstatic.com *.authorize.net *.bbb.org; default-src https: 'unsafe-inline' 'self' *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.hcaptcha.com *.cloudflare.com *.klaviyo.com *.trustpilot.com *.googletagmanager.com *.bing.com *.cloudflareinsights.com *.facebook.net *.strip.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.playboytv.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.playboytv.com join.gammasecure.com; script-src 'self' *.playboytv.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.playboytv.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
frame-ancestors 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubc84894f8561e82477e13b6c01d853bc2&dd-evp-origin=content-security-policy&ddsource=csp-report 1
default-src blob: data: 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.adtrafficquality.google https://*.analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://secure.gravatar.com https://securepubads.g.doubleclick.net https://www.ess-news.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagservices.com https://www.youtube.com; script-src blob: data: 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.adtrafficquality.google https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.wp.com https://pagead2.googlesyndication.com https://secure.gravatar.com https://securepubads.g.doubleclick.net https://www.ess-news.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.youtube.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.doubleclick.net *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net cdn.cookielaw.org *.linkedin.com *.google.co.in *.facebook.com *.postcodeanywhere.co.uk *.googlesyndication.com bat.bing.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.gstatic.com cdn.cookielaw.org connect.facebook.net googleapis.com *.pcapredict.com *.postcodeanywhere.co.uk *.cloudfront.net bat.bing.com *.cloudflareinsights.com *.licdn.com *.mouseflow.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.postcodeanywhere.co.uk maxcdn.bootstrapcdn.com *.nosto.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.analytics.google.com *.google.co.in api.addressy.com cdn.cookielaw.org *.pcapredict.com *.postcodeanywhere.co.uk *.googlesyndication.com *.onetrust.com *.licdn.com *.linkedin.com *.nosto.com *.nos.to *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://analytics.tiktok.com https://api.hubspot.com https://app.clearbit.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://content.hotjar.io https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://px.ads.linkedin.com https://script.crazyegg.com https://www.google-analytics.com https://www.google.com https://edge.api.brightcove.com https://bat.bing.com/ https://manifest.prod.boltdns.net https://sdl.brightcovecdn.com https://logx.optimizely.com https://*.optimizely.com; default-src 'self'; font-src 'self' data: https://use.typekit.net https://*.optimizely.com; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://www.facebook.com https://calendly.com https://forms.hsforms.com https://a5098497884553216.cdn.optimizely.com https://a5098497884553216.cdn-pci.optimizely.com; img-src 'self' data: https://bat.bing.com https://forms-na1.hsforms.com https://ib.adnxs.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://secure.adnxs.com https://track.accountinsight.cloud https://track.hubspot.com https://www.facebook.com https://www.google.com https://www.google.com.ua https://metrics.brightcove.com https://www.googletagmanager.com https://cf-images.us-east-1.prod.boltdns.net https://cdn.optimizely.com https://app.optimizely.com; media-src 'self' blob:; script-src 'self' 'nonce-X+qVeEFzjAPEQuQW12VLrg==' https://a.dpmsrv.com https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://cm.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net https://ib.adnxs.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hubspot.com https://js.usemessages.com https://s.dpmsrv.com https://script.crazyegg.com https://script.hotjar.com https://serve.nrich.ai https://snap.licdn.com https://st.getsitecontrol.com https://static.hotjar.com https://tag.clearbitscripts.com https://widgets.getsitecontrol.com https://www.googletagmanager.com https://x.clearbitjs.com https://assets.calendly.com https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://players.brightcove.net wss://ws.hotjar.com/ https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://assets.calendly.com https://*.optimizely.com https://app.optimizely.com; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.cardinalcommerce.com *.tawk.to *.cloudfront.net *.reviews.co.uk *.fdchosting.co.uk *.zopim.com maxcdn.bootstrapcdn.com *.superpayments.com *.stripe.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com *.twitter.com *.reviews.co.uk *.list-manage.com *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors https://widget.reviews.co.uk https://widget.reviews.io *.superpayments.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.instagram.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.reviews.co.uk *.addthis.com *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://images.unsplash.com *.googleapis.com *.cdninstagram.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com imgsct.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.jsdelivr.net *.reviews.co.uk *.fdchosting.co.uk *.google.co.uk *.zopim.com *.superpayments.com *.stripe.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.instagram.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com consent.cookiebot.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.reviews.co.uk *.tawk.to *.chimpstatic.net *.chimpstatic.com *.zopim.com *.zdassets.com *.onefeed.co.uk *.addthis.com *.addthisedge.com *.moatads.com *.pinterest.com *.superpayments.com *.stripe.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.trustpilot.com cdn.jsdelivr.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.reviews.co.uk *.mailchimp.com *.cloudfront.net maxcdn.bootstrapcdn.com *.superpayments.com *.stripe.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to *.cloudflare.com *.twitter.com *.twimg.com *.reviews.co.uk ekr.zdassets.com *.zopim.com wss://*.zopim.com *.addthis.com *.superpayments.com *.stripe.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.reviews.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.franknutt.co.uk/; report-to report-endpoint; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com bo.maisonic.com self https: 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com axeptio.imgix.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://www.magezon.com *.doofinder.com pim.avidsen.com network-eu-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com maisonic.com *.maisonic.com www.mageworx.com www.magezon.com apps.bazaarvoice.com action.metaffiliation.com *.ad4m.at track.adform.net adservice.google.com ad.doubleclick.net img.metaffiliation.com r.adserver01.de flagpedia.net https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.axept.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com/ *.doofinder.com static.axept.io sibautomation.com cdn.brevo.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.doofinder.com eu1-config.doofinder.com secure.payplug.com cdn.payplug.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ awsapis3.netreviews.eu auth.skeepers.io api.skeepers.io cl-pbr.cxr.skeepers.io znl.maisonic.com tag.beyable.com ad4m.at pixel.bsmartdata.com front.activation.beyable.com www.clarity.ms scripts.clarity.ms halc.iadvize.com *.gstatic.com maps.googleapis.com https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com display.ugc.bazaarvoice.com *.doofinder.com *.fontawesome.com cdnjs.cloudflare.com cdn.doofinder.com fonts.axept.io fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com api.axept.io client.axept.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.doofinder.com wss://*.doofinder.com static.axept.io apps-stg.bazaarvoice.com in-automate.brevo.com cloudflareinsights.com cdnjs.cloudflare.com eu1-api.doofinder.com stats.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ awsapis3.netreviews.eu auth.skeepers.io api.skeepers.io cl-pbr.cxr.skeepers.io znl.maisonic.com tag.beyable.com ad4m.at pixel.bsmartdata.com *.clarity.ms halc.iadvize.com api.iadvize.com www.gstatic.com maps.googleapis.com https://cl-pbr.cxr.skeepers.io/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src api.axept.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 1
default-src 'self' https://*.duosecurity.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://recollect.a.ssl.fastly.net data:; script-src 'self' 'unsafe-inline' https://events.cityofwinterpark.org https://player.vimeo.com https://f.vimeocdn.com https://kit.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://app-script.monsido.com https://recollect.net https://api.recollect.net https://recollect-images.global.ssl.fastly.net https://apps.remembermyjourney.com https://static.elfsight.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://recollect.a.ssl.fastly.net; img-src 'self' https://i.ytimg.com https://i.vimeocdn.com https://www.googletagmanager.com https://maps.gstatic.com https://tracking.monsido.com https://api.recollect.net https://recollect-images.global.ssl.fastly.net https://recollect.a.ssl.fastly.net data:; connect-src 'self' https://player.vimeo.com https://vimeo.com https://f.vimeocdn.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://www.google-analytics.com https://analytics.google.com https://maps.googleapis.com https://core.service.elfsight.com; worker-src 'self' blob:; frame-src 'self' https://events.cityofwinterpark.org https://www.youtube.com https://player.vimeo.com https://api.recollect.net https://g1.ipcamlive.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.googleapis.com *.datatables.net 'self' data: blob: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.gstatic.com *.facebook.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com maxcdn.bootstrapcdn.com *.datatables.net *.googleapis.com *.facebook.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://ipinfo.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BlUWa8V5wi9fBrVf2GehCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Cpo1NtMWn9ER__MpijkB-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; object-src 'none'; report-to csp; report-uri https://www.taskeasy.com/utility/content-security-policy/report; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' api.addressfinder.io *.google-analytics.com *.googletagmanager.com *.ytimg.com *.youtube.com; script-src-elem 'self' 'unsafe-inline' api.addressfinder.io *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com; style-src 'report-sample' 'self' 'unsafe-inline' api.addressfinder.io *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.google.com.au *.google.co.nz *.doubleclick.net *.googletagmanager.com *.google-analytics.com translate.googleapis.com; font-src 'self' fonts.gstatic.com; child-src 'self' *.lawsociety.org.nz *.googletagmanager.com youtube.com *.youtube.com player.vimeo.com staticcdn.co.nz; frame-ancestors 'self'; frame-src 'self' *.youtube.com w.soundcloud.com www.google.com maps.google.co.nz; img-src 'self' *.google.com *.google.co.nz *.google.com.au *.ggpht.com data: *.google-analytics.com *.google.com *.google.com.au *.googletagmanager.com *.gstatic.com *.ytimg.com *.vimeocdn.com staticcdn.co.nz; manifest-src 'self'; media-src 'self'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=GMMydwcssVrny9itMp4jA; worker-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.yotpo.com *.googleapis.com https://www.gstatic.com 'self' data: https://*.magento.local/ https://*.virtualjoias.com/ https://*.yotpo.com/ https://*.clearsale.com.br/ https://www.google.com https://recaptchaenterprise.googleapis.com https://recaptcha.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.yotpo.com https://accounts.google.com https://www.facebook.com https://login.live.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.yotpo.com https://www.google.com https://recaptcha.google.com https://*.magento.local/ https://*.virtualjoias.com/ https://*.google.com/ https://*.googletagmanager.com/ https://*.criteo.com/ https://*.criteo.net/ https://*.facebook.com/ https://*.pinterest.com/ https://*.creativecdn.com/ https://*.clearsale.com.br/ https://www.gstatic.com https://recaptchaenterprise.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.yotpo.com https://www.google.com https://www.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua https://*.magento.local/ https://virtualjoias.com/ https://*.virtualjoias.com/ https://*.bing.com/ https://*.doubleclick.net/ https://*.g.doubleclick.net/ https://*.google.com/ https://*.google.com.br/ https://*.google-analytics.com/ https://*.facebook.com/ https://*.twitter.com/ https://t.co/ https://*.360yield.com/ https://*.3lift.com/ https://*.adnxs.com/ https://*.agkn.com/ https://*.bidswitch.net/ https://*.casalemedia.com/ https://*.clmbtech.com/ https://*.criteo.com/ https://*.criteo.net/ https://*.us.criteo.net/ https://*.us5.us.criteo.net/ https://*.liadm.com/ https://*.media.net/ https://*.outbrain.com/ https://*.postrelease.com/ https://*.pubmatic.com/ https://*.revcontent.com/ https://*.rubiconproject.com/ https://*.1rx.io/ https://*.smartadserver.com/ https://*.taboola.com/ https://*.teads.tv/ https://*.tremorhub.com/ https://*.unrulymedia.com/ https://*.kaltura.com/ https://*.yotpo.com/ https://*.yotpoapi.com/ https://*.clearsale.com.br/ https://recaptchaenterprise.googleapis.com https://recaptcha.google.com https://*.paypalobjects.com/ https://load.tatu.virtualjoias.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://static.addtoany.com/ *.disqus.com *.yotpo.com *.pagseguro.com.br *.pagseguro.com https://www.google.com https://www.gstatic.com https://recaptchaenterprise.googleapis.com *.hsforms.net *.hsforms.com *.gstatic.com https://*.magento.local/ https://virtualjoias.com/ https://*.virtualjoias.com/ https://*.adobedtm.com/ https://*.adobe.io/ https://rum.hlx.page/ https://*.google.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.hotjar.com/ https://cdn.jsdelivr.net/ https://*.newrelic.com/ https://*.tiktok.com/ https://unpkg.com/ https://*.bing.com/ https://*.criteo.com/ https://*.doubleclick.net/ https://*.g.doubleclick.net/ https://*.facebook.net/ https://*.pinterest.com/ https://*.pinimg.com/ https://*.ads-twitter.com/ https://aprtn.com/ https://*.kaltura.com/ https://*.yotpo.com/ https://*.clearsale.com.br/ https://recaptcha.google.com https://*.pagseguro.com.br/ https://load.tatu.virtualjoias.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com https://www.gstatic.com *.gstatic.com https://*.magento.local/ https://virtualjoias.com/ https://*.virtualjoias.com/ https://*.yotpo.com/ https://*.clearsale.com.br/ https://www.google.com https://recaptchaenterprise.googleapis.com https://recaptcha.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu *.yotpo.com *.pagseguro.com.br *.pagseguro.com https://www.google.com https://recaptchaenterprise.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://*.magento.local/ https://virtualjoias.com/ https://*.virtualjoias.com/ https://louren.co.in/ https://*.adobedc.net/ https://*.adobedtm.com/ https://*.adobe.io/ https://*.hlx.page/ https://*.bing.com/ https://*.google.com/ https://*.nr-data.net/ https://*.tiktok.com/ https://*.tiktokw.us/ https://unpkg.com/ https://*.criteo.com/ https://*.doubleclick.net/ https://*.g.doubleclick.net/ https://*.facebook.com/ https://*.pinterest.com/ https://*.pinimg.com/ https://*.ads-twitter.com/ https://*.kaltura.com/ https://*.yotpo.com/ https://*.yotpoapi.com/ https://*.clearsale.com.br/ https://www.gstatic.com https://recaptcha.google.com https://load.tatu.virtualjoias.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://pvapins.com 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://code.jivosite.com https://www.google.com https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://*.googleapis.com https://www.clarity.ms https://scripts.clarity.ms https://pagead2.googlesyndication.com https://ajax.googleapis.com https://js.nicedit.com https://client.crisp.chat https://*.crisp.chat https://cdn.gtranslate.net https://*.gtranslate.net https://cdn.ampproject.org; worker-src 'self' blob: data:; style-src 'self' https://pvapins.com 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://code.jivosite.com https://client.crisp.chat https://*.crisp.chat https://cdn.gtranslate.net https://*.gtranslate.net https://www.gstatic.com; font-src 'self' data: https://pvapins.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://client.clarity.ms https://client.crisp.chat https://*.crisp.chat; img-src 'self' data: https: http://js.nicedit.com https://pvapins.us-lax-1.linodeobjects.com; connect-src 'self' https://pvapins.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://www.google-analytics.com https://mc.yandex.ru https://www.google.com https://code.jivosite.com https://cdn.jsdelivr.net https://www.clarity.ms https://scripts.clarity.ms https://j.clarity.ms https://h.clarity.ms https://l.clarity.ms https://*.clarity.ms https://pagead2.googlesyndication.com https://node-ya-7.jivosite.com https://vi-ya-3.jivosite.com https://telemetry.jivosite.com https://api.jivosite.com https://media-ya.jivosite.com https://q.clarity.ms https://i.clarity.ms wss://node-ya-7.jivosite.com wss://vi-ya-3.jivosite.com https://client.crisp.chat https://*.crisp.chat wss://*.crisp.chat https://cdn.gtranslate.net https://*.gtranslate.net https://translate.google.com https://translate.googleusercontent.com https://translate.googleapis.com https://translate-pa.googleapis.com https://*.googleapis.com https://cdn.ampproject.org https://www.googletagmanager.com; frame-src 'self' https://challenges.cloudflare.com https://*.cloudflare.com blob: https://www.googletagmanager.com https://mc.yandex.ru https://www.google.com https://client.crisp.chat https://*.crisp.chat https://translate.google.com https://*.gtranslate.net https://pay.0xprocessing.com; frame-ancestors 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-C4twl7f-Rlucy0pydU-gOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-LlxzUvdFZlnzipsoqO4YxA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=W7FxQmki9iek8wWNM6_mit7kSSolUXXCGEy4XyP8TgsA4qpGkRQJHMonBD3a5YiiJuHuL1F1OA==&policy_id=30057&user_id=&request_id=1cec53d9-bfff-4406-808e-39a7367896f9; report-to csp-endpoint-wfxqmkiiekwwnmmitkssoluxxcgeyxyptgsaqpgkrqjhmonbdayiijuhulfoa; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://client.crisp.chat *.klarnacdn.net static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com js.stripe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk account.fetchify.com *.klarna.com pay.google.com b.stripecdn.com m.stripe.network td.doubleclick.net www.googletagmanager.com bluegdx.godoxstore.co.uk/ bluelen.lencarta.com osm.klarnaservices.com *.sagepay.com business.facebook.com *.revolut.com *.cdn-apple.com *.gstatic.com *.trustpilot.com landofcoder.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk https://image.crisp.chat cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ x.klarnacdn.net www.gstatic.com www.google.co.uk https://firebasestorage.googleapis.com https://meetanshi.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com www.google.com.ua blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://client.crisp.chat cdn.doofinder.com cc-cdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.klaviyo.com *.googletagmanager.com js.klarna.com static-tracking.klaviyo.com www.google.com www.gstatic.com pay.google.com hcaptcha.com b.stripecdn.com newassets.hcaptcha.com m.stripe.network static.hotjar.com script.hotjar.com analytics.lencarta.com *.googleadservices.com *.google-analytics.com bluegdx.godoxstore.co.uk tagmanager.google.com static.cloudflareinsights.com bluelen.lencarta.com eu1-config.doofinder.com cdn.browsee.io cdn.jsdelivr.net *.sagepay.com *.avada.io *.shopify.com https://www.googletagmanager.com business.facebook.com *.revolut.com cdn.ampproject.org *.trustpilot.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.squarecdn.com https://client.crisp.chat *.doofinder.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com js.stripe.com cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.gstatic.com use.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.doofinder.com wss://*.doofinder.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static-forms.klaviyo.com fast.a.klaviyo.com js.klarna.com js.stripe.com pay.google.com merchant-ui-api.stripe.com play.google.com r.stripe.com api.hcaptcha.com m.stripe.com bluegdx.godoxstore.co.uk/g/collect bluelen.lencarta.com/g/collect *.sagepay.com https://get.geojs.io *.avada.io https://www.google-analytics.com business.facebook.com *.revolut.com *.cdn-apple.com *.gstatic.com cdn.ampproject.org www.googleapis.com landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src r.stripe.com eu.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.hach.de *.oppermann.de *.kombinat-berlin.de *.fonts.net *.ekomi.com *.ekomi.de *.ekomiapps.de *.fontawesome.com *.googleapis.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.hach.de *.oppermann.de *.kombinat-berlin.de *.facebook.com *.facebook.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.hach.de *.oppermann.de *.kombinat-berlin.de *.facebook.com *.facebook.net *.uptain.de *.nosto.com *.nos.to https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.wonderchat.io 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net magefan.com cm.magefan.com *.hach.de *.oppermann.de *.kombinat-berlin.de 'self' data: *.cookielaw.org *.taboola.com *.bing.com *.adform.net *.facebook.com *.facebook.net *.licdn.com *.creative-serving.com *.uptain.de *.doubleclick.net *.doubleclick.com *.linkedin.com *.google.com *.google.de cx.atdmt.com *.ekomi.com *.ekomi.de *.ekomiapps.de *.nosto.com *.nos.to https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com *.disqus.com https://connect.nosto.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.gstatic.com jsd-widget.atlassian.com widget.freshworks.com m2epro.freshdesk.com *.hach.de *.oppermann.de *.kombinat-berlin.de *.cookielaw.org *.taboola.com *.bing.com *.adform.net *.facebook.com *.facebook.net *.licdn.com *.creative-serving.com *.uptain.de *.doubleclick.net *.doubleclick.com *.polyfill.io *.sentry-cdn.com *.google-analytics.com *.googleadservices.com *.ekomi.com *.ekomi.de *.ekomiapps.de stage.exdatis.com *.nosto.com *.nos.to *.fontawesome.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net *.wonderchat.io *.disqus.com *.googletagmanager.com www.termsfeed.com https://www.googletagmanager.com https://connect.nosto.com *.hsforms.net *.hsforms.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.hach.de *.oppermann.de *.kombinat-berlin.de *.fonts.net *.ekomi.com *.ekomi.de *.ekomiapps.de stage.exdatis.com *.fontawesome.com *.nosto.com *.nos.to https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.wonderchat.io *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src stage.exdatis.com *.wonderchat.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com widget.freshworks.com m2epro.freshdesk.com *.hach.de *.oppermann.de *.kombinat-berlin.de *.cookielaw.org *.taboola.com *.bing.com *.adform.net *.facebook.com *.facebook.net *.licdn.com *.creative-serving.com *.uptain.de *.doubleclick.net *.doubleclick.com id5-sync.com *.onetrust.com *.ekomi.com *.ekomi.de *.ekomiapps.de stage.exdatis.com wss://stage.exdatis.com *.nosto.com *.nos.to *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.wonderchat.io wss://*.wonderchat.io t.elasticsuite.io *.hsforms.net *.hsforms.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://hach-report.uriports.com/reports; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Tr1a6bg8hmMGZHoz-uiLdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-src 'self' *.schellman.com *.hubspot.com *.hs-sites.com *.hubspot.net *.hsforms.com *.hsforms.net *.wistia.net insight.adsrvr.org play.hubspotvideo.com 216294.hs-sites.com match.adsrvr.org googletagmanager.com platform.twitter.com *.myworkdayjobs.com; frame-ancestors 'self'; script-src 'self' 'unsafe-hashes' schellman.com *.schellman.com *.clickagy.com *.cookielaw.org *.hsforms.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.usemessages.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hubspotfeedback.com *.googleapis.com *.wistia.com *.wistia.net *.zoominfo.com *.fs1.hubspotusercontent-na1.net *.cloudfront.net *.sentry-cdn.com cookie-cdn.cookiepro.com cdnjs.cloudflare.com js.adsrvr.org js.usemessages.com js.zi-scripts.com js.hscta.net snap.licdn.com www.clarity.ms www.googletagmanager.com px.ads.linkedin.com static.hsappstatic.net feedback.hubapi.com myworkday.com myworkdaycdn.com google.com gstatic.com 'strict-dynamic' 'nonce-6q8tUJ84pbHBhMbCdE1tHQ=='; style-src 'self' *.schellman.com *.hsforms.net *.fs1.hubspotusercontent-na1.net cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com cdn2.hubspot.net static.hsappstatic.net blob: 'unsafe-inline'; img-src 'self' *.schellman.com *.hsforms.net *.clickagy.com *.wistia.com *.wistia.net *.hubspot.net *.hubspot.com *.hsforms.com *.onetrust.com *.clarity.ms *.linkedin.com linkedin.com px.ads.linkedin.com googletagmanager.com cdn.cookielaw.org cookie-cdn.cookiepro.com s3.amazonaws.com/fortyten-orlando js.hscta.net static.hsappstatic.net 216294.fs1.hubspotusercontent-na1.net idsync.rlcdn.com us-u.openx.net data:; connect-src 'self' *.schellman.com *.hsforms.com *.hsforms.net *.hubspot.com *.hubspot.net *.litix.io *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.onetrust.com *.clarity.ms *.wistia.com *.wistia.net *.clickagy.com *.zoominfo.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.google-analytics.com js.zi-scripts.com px.ads.linkedin.com js.hscta.net insight.adsrvr.org *.sentry-cdn.com static.hsappstatic.net cdnjs.cloudflare.com myworkday.com myworkdaycdn.com *.myworkdayjobs.com *.myworkdaycdn.com *.workday.com; worker-src blob:; font-src 'self' *.schellman.com fonts.googleapis.com fonts.gstatic.com *.wistia.com *.wistia.net use.fontawesome.com cdnjs.cloudflare.com data:; object-src 'none'; media-src 'self' blob:; form-action 'self' *.hsforms.com; base-uri schellman.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.egoi.page egoi.page www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com consentcdn.cookiebot.com td.doubleclick.net *.openstreetmap.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net egoimmerce.e-goi.com *.egoimmerce.e-goi.com egoiapp2.com *.egoiapp2.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magefan.com cm.magefan.com bat.bing.com www.google.pt imgsct.cookiebot.com *.openstreetmap.org *.disqus.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com e-goi.com *.e-goi.com egoiapp2.com *.egoiapp2.com egoi.site *.egoi.site www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com consent.cookiebot.com bat.bing.com analytics.tiktok.com www.clarity.ms consentcdn.cookiebot.com unpkg.com js-agent.newrelic.com *.openstreetmap.org player.vimeo.com *.disqus.com *.avada.io *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.egoiapp2.com egoiapp2.com *.openstreetmap.org *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com egoiapp2.com egoi.page www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com capig.farmaciasportuguesas.pt region1.analytics.google.com region1.google-analytics.com consentcdn.cookiebot.com q.clarity.ms bam.nr-data.net pagead2.googlesyndication.com analytics.tiktok.com *.openstreetmap.org https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com www.google.com commerce.adobedc.net analytics.tiktok.com q.clarity.ms *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.veone.io *.googleapis.com *.gstatic.com; img-src 'self' data: blob: *.veone.io; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.veone.io; connect-src 'self' blob: *.veone.io; 1
frame-ancestors 'none';object-src 'none';base-uri 'none';frame-src 'self' https://ct.pinterest.com https://cr.dm.ilmarinen.fi https://www.googletagmanager.com https://www.facebook.com https://www.google.com https://*.googlesyndication.com https://player.vimeo.com https://*.doubleclick.net https://*.surveypal.com https://www.youtube.com;default-src 'unsafe-eval' 'unsafe-inline' 'self' data: https: blob: 1
style-src 'unsafe-inline' 'self' fonts.googleapis.com cdn.firebase.com cdnjs.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com d1bhf2byybf5br.cloudfront.net d2e18nuhnog8lh.cloudfront.net intrepid-prod.azureedge.net intrepid-prod-secure.azureedge.net cdn.intrepidagile.com;connect-src 'self' blob: https://*.azureedge.net bam.nr-data.net wss://*.vitalbook.com https://intrepidagile-dev.s3.us-west-2.amazonaws.com https://intrepidagile-dev-secure.s3.us-west-2.amazonaws.com https://intrepidagile-prod-secure.s3.us-west-2.amazonaws.com https://intrepidagile-prod.s3.us-west-2.amazonaws.com https://api.honeybadger.io https://*.vitalbook.com wss://*.firebaseio.com https://*.google-analytics.com https://securetoken.googleapis.com https://*.liveswitch.io wss://*.liveswitch.io https://api.openai.com https://www.youtube.com d1bhf2byybf5br.cloudfront.net d2e18nuhnog8lh.cloudfront.net intrepid-prod.azureedge.net intrepid-prod-secure.azureedge.net cdn.intrepidagile.com;script-src 'self' 'nonce-1212cc4e-656b-486c-a2b2-d01597e27091' 'unsafe-eval' https://challenges.cloudflare.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.recaptcha.net https://hcaptcha.com https://*.hcaptcha.com https://ssl.p.jwpcdn.com https://bam.nr-data.net https://js-agent.newrelic.com cdnjs.cloudflare.com cdn.firebase.com https://*.firebaseio.com https://*.vitalbook.com https://*.liveswitch.io wss://*.liveswitch.io https://www.youtube.com;worker-src 'self' blob:;media-src * blob:;frame-src * https://hcaptcha.com https://*.hcaptcha.com;img-src * data:;default-src 'self';font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.p.jwpcdn.com 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com data: *.claspo.io *.googletagmanager.com *.razorpay.com *.cardinalcommerce.com *.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com blob: 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.addthis.com *.doubleclick.net *.flexiquiz.com/ *.hotjar.com *.claspo.io *.googletagmanager.com *.razorpay.com *.cardinalcommerce.com *.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com blob: 'self' https://www.google.com/ https://api.razorpay.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.google.com *.ccavenue.com *.doubleclick.net *.hotjar.com *.magentocommerce.com *.magecomp.com *.claspo.io *.googletagmanager.com *.razorpay.com *.cardinalcommerce.com *.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com blob: 'self' *.clarity.ms https://stats.g.doubleclick.net/ https://cdn.razorpay.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.cloudflare.com *.twitter.com *.google-analytics.com *.sandbox.paypal.com *.twimg.com *.gstatic.com *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.razorpay.com *.cloudflareinsights.com *.cloudfront.net *.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com cdn.tailwindcss.com blob: 'self' *.clarity.ms *.paypalobjects.com https://plausible.io https://a.opmnstr.com https://rum-static.pingdom.net https://checkout.razorpay.com *.mgt.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.google.com *.claspo.io *.googletagmanager.com *.razorpay.com *.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com cdn.tailwindcss.com cdnjs.cloudflare.com blob: 'self' assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.indiacakes.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net *.hotjar.com *.claspo.io *.googletagmanager.com *.razorpay.com *.cardinalcommerce.com wss://vts.zohopublic.com *.gallabox.com *.zoho.com *.embedsocial.com *.zohocdn.com *.zohostatic.com wss://nexus-websocket-a.intercom.io blob: 'self' https://salesiq.zohopublic.com https://plausible.io *.clarity.ms https://api.razorpay.com https://lumberjack.razorpay.com https://lumberjack-metrics.razorpay.com https://get.geojs.io *.mgt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Q2kEY_DbLmLTrjE1X_13Xg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.moneris.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.moneris.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://*.moneris.com/ maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-CiF83axC7PXuFjhiD1aOKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-ArQi9HQe4axOCiom3XCIhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src self 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.clarity.ms  *.popt.in *.infolijn-online.nl *.licdn.com cdnjs.cloudflare.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.infolijn-online.nl fonts.googleapis.com cdnjs.cloudflare.com; img-src * data:; media-src 'self'; frame-src 'self' player.vimeo.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.linkedin.com *.clarity.ms *.licdn.com *.popt.in sensechat.infolijn-online.nl; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-3to_nhRaPfevgRObBjDblA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net *.typekit.net *.fonts.smct.io *.akamaihd.net *.gstatic.com *.google.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.liveperson.net *.pinterest.com *.vimeo.com *.lpsnmedia.net *.formstack.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com ct.pinterest.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com *.silentnightbrands-gb.attn.tv *.bazaarvoice.com *.collector-20390.tvsquared.com *.bat.bing.com *.onetrust.com *.google.com *.cdn.smct.io *.cdn.smct.co *.ctfassets.net *.placeholder.com *.photorank.me *.quantserve.com *.ometria.com *.data-8.co.uk *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.pinterest.com s.pinimg.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com *.smct.co *.js.smct.io *.bat.bing.com *.rules.quantcount.com *.script.hotjar.com *.lantern.roeyecdn.com *.cdn.attn.tv *.cdn.sub2tech.com *.collector-20390.tvsquared.com *.static.hotjar.com *.dwin1.com *.google.com *.sharethis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.bazaarvoice.com *.onetrust.com *.trustpilot.com *.ometria.com *.liveperson.net *.quantserve.com *.doubleclick.net *.lpsnmedia.net *.akamaihd.net *.data-8.co.uk *.pinterest.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.klarnacdn.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.fonts.smct.io *.akamaihd.net *.data-8.co.uk *.gstatic.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com ct.pinterest.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com connect.facebook.net graph.facebook.com *.ws.hotjar.com *.data-8.co.uk *.content.hotjar.io *.ipl.smct.io *.firehose.eu-west-1.amazonaws.com *.silentnightbrands-gb.attn.tv *.googleads.g.doubleclick.net *.events.attentivemobile.com *.onetrust.com *.akamaihd.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-e951dfca714ca1e4a49a6318862be00df7c7787270d889f654ec8f2e2af0d483' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: https://*.paypal.com https://*.paypalobjects.com 'nonce-5MvLWFN_sQrHDzFFGWLNK2g1N1tEoPcJ'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com https://*.google.com *.sagepay.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://www.googletagmanager.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://*.google.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://bat.bing.com https://c.bing.com https://www.facebook.com https://connect.facebook.net https://*.fbcdn.net https://m2s.electricpoint.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com https://*.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com https://www.googletagmanager.com https://www.google-analytics.com https://*.clarity.ms https://bat.bing.com https://c.bing.com https://www.facebook.com https://connect.facebook.net https://cdn.cookie-script.com https://m2s.electricpoint.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com https://fonts.googleapis.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://m2s.electricpoint.com maxcdn.bootstrapcdn.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com https://*.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.net https://bat.bing.com https://c.bing.com https://connect.facebook.net https://*.facebook.com https://graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com https://*.google.com https://*.cdn-apple.com https://*.reviews.io https://*.reviews.co.uk https://grwapi.net https://*.cloudflare.com https://*.jquery.com https://*.jsdelivr.net https://*.termly.io https://*.gstatic.com https://*.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.gumlet.com https://*.cardinalcommerce.com https://*.doubleclick.net https://*.googleadservices.com https://*.paypal.com https://*.paypalobjects.com https://*.pcapredict.com https://*.postcodeanywhere.co.uk https://where-to-buy.co https://*.where-to-buy.co https://*.pricespider.com; style-src 'self' 'unsafe-inline' data: https://grwapi.net https://*.reviews.io https://*.braintreegateway.com https://*.cloudflare.com https://*.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.mytoolshed.co.uk https://*.postcodeanywhere.co.uk; img-src 'self' data: blob: https://grwapi.net https://*.mytoolshed.co.uk https://*.gumlet.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://*.googlesyndication.com https://*.doubleclick.net https://*.googleadservices.com https://*.reviews.io https://*.gstatic.com https://*.postcodeanywhere.co.uk https://*.ytimg.com https://*.where-to-buy.co https://where-to-buy.co; frame-src 'self' https://*.reviews.io https://*.youtube.com https://*.braintreegateway.com https://*.googletagmanager.com https://*.google.co.uk https://*.google.com https://*.termly.io https://*.doubleclick.net https://*.facebook.com https://*.cardinalcommerce.com https://*.paypal.com https://*.reviews.co.uk https://*.youtube-nocookie.com https://*.americanexpress.com https://*.rsa3dsauth.co.uk https://*.pricespider.com https://*.channelsight.com https://challenges.cloudflare.com; connect-src 'self' https: wss:; font-src 'self' data: https://*.reviews.io https://*.cloudflare.com https://*.jsdelivr.net https://*.gstatic.com; report-uri https://www.mytoolshed.co.uk/api/csp-report; report-to csp-endpoint; 1
form-action 'self'; report-to csp-report; report-uri https://csp-report-receiver.atoka.io/report/atoka-production/ 1
font-src maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.fontawesome.com www.google.com www.gstatic.com www.w3.org maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://td.doubleclick.net https://www.googletagmanager.com https://analytics.google.com https://app.midtrans.com https://app.sandbox.midtrans.com https://business.facebook.com https://connect.facebook.net https://facebook.com https://www.commercepartnerhub.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.pinterest.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google-analytics.com https://app.midtrans.com https://app.sandbox.midtrans.com https://*.fbcdn.net https://facebook.com maps.googleapis.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: *.gstatic.com *.pinterest.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com www.google.com aps.googleapis.com https://app.midtrans.com https://app.sandbox.midtrans.com https://connect.facebook.net https://staticxx.facebook.com https://facebook.com https://www.commercepartnerhub.com maps.googleapis.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com static.cloudflareinsights.com tagmanager.google.com *.addtoany.com www.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://app.sandbox.midtrans.com/snap/snap.js https://app.midtrans.com/snap/snap.js twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdnjs.cloudflare.com https://app.midtrans.com https://app.sandbox.midtrans.com https://connect.facebook.net https://staticxx.facebook.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org tagmanager.google.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com/ccm/collect https://app.midtrans.com https://app.sandbox.midtrans.com https://connect.facebook.net https://staticxx.facebook.com https://business.facebook.com https://www.commercepartnerhub.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com https://www.google-analytics.com *.addtoany.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api-js.mixpanel.com/ https://snap-web-raccoon-integration.gojekapi.com/api/v1/events https://snap-web-raccoon.gojekapi.com/api/v1/events 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://s3.ap-southeast-2.amazonaws.com https://maps.gstatic.com data:; script-src 'self' https://*.googleapis.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; frame-src 'self' blob: data:; connect-src 'self' https://*.googleapis.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://ipgtest.monri.com/ https://ipg.monri.com/ https://formtest.wspay.biz/ https://form.wspay.biz/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com https://ipgtest.monri.com/ https://ipg.monri.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com https://ipgtest.monri.com/ https://ipg.monri.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://ipgtest.monri.com/ https://ipg.monri.com/ assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; report-uri https://www.mangelot-hosting.nl/cspro-report.php; frame-src 'self' https://*.google.com; connect-src 'self' https://*.mangelot-hosting.nl https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.ipify.org https://stats.g.doubleclick.net https://www.google.com https://*.speedtest.clouvider.net; font-src 'self' https://*.mangelot-hosting.nl https://*.gstatic.com https://cdn.linearicons.com https://cdn.mangelot-hosting.nl data:; script-src 'self' https://*.mangelot-hosting.nl https://www.googletagmanager.com https://www.gstatic.com https://*.google.com https://yoast.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.mangelot-hosting.nl https://cdn.linearicons.com https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline'; img-src 'self' blob: https://*.mangelot-hosting.nl data: https://*.google.nl https://*.google.com https://www.abuseipdb.com https://ps.w.org https://*.gravatar.com; media-src 'self' https://*.mangelot-hosting.nl; object-src 'none'; form-action 'self' https://mangelot-hosting.nl https://www.mangelot-hosting.nl https://*.mangelot-hosting.nl; frame-ancestors 'self'; worker-src 'self' blob:; default-src 'self' https://*.mangelot-hosting.nl 1
upgrade-insecure-requests; report-to https://3fb93f8892cda2990f85db743ae6f587.report-uri.com/r/d/csp/wizard; report-uri https://3fb93f8892cda2990f85db743ae6f587.report-uri.com/r/d/csp/wizard; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com *.googleapis.com https://www.gstatic.com applepay.cdn-apple.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com api-qa.payplug.com secure-qa.payplug.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com https://images.unsplash.com https://*.afflelou.com https://p.sharinpix.com *.googlesyndication.com https://editor-assets.abtasty.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://flagcdn.com https://mafranchise.afflelou.com https://cms-mafranchise.afflelou.com https://mcstaging.afflelou.com https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.disqus.com https://maps.googleapis.com https://eu1-config.doofinder.com https://*.googlesyndication.com https://halc.iadvize.com https://static.iadvize.com https://iadvize.com https://static.livechat.iadvize.com https://api.iadvize.com https://try.abtasty.com https://msr.afflelou.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com afflelou.containers.piwik.pro https://vto-advanced-integration-api.fittingbox.com/ https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://cdn.payplug.com https://cdn-qa.payplug.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://try.abtasty.com https://cdn.fonts.net *.doofinder.com assets.braintreegateway.com https://secure-magenta.dalenys.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://cdn.plyr.io https://*.googlesyndication.com https://halc.iadvize.com https://api.iadvize.com https://collector.iadvize.com wss://*.iadvize.com https://*.abtasty.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.fonts.net *.doofinder.com wss://*.doofinder.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com afflelou.piwik.pro afflelou.containers.piwik.pro https://dev.visualwebsiteoptimizer.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://bohds.afflelou.es https://bohds.afflelou.com https://bohds.afflelou.be https://bohds.afflelou.ch https://bohds.afflelou.pt https://bohds.afflelou.ma 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-M6E8y6gQiimfyN5h-tJ27Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.sirv.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sirv.com *.hsforms.net *.hsforms.com 'self' data: https://letsencrypt.org https://verify.authorize.net *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com ajax.googleapis.com https://e.viridianweapontech.com https://cdn.avmws.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.sirv.com *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.sirv.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sirv.com *.youtube.com blob: t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.bootstrapcdn.com js.klevu.com *.zopim.com xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com www.soholighting.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.googlesyndication.com *.tiktok.com www.facebook.com *.americanexpress.com *.arcot.com *.monzo.com *.securesuite.co.uk authentication-acs.marqeta.com www.soholighting.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.soholighting.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com www.google.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.awin1.com *.zenaps.com assets.braintreegateway.com tst.kaptcha.com c.paypal.com *.zopim.com speedsize.com *.speedsize.com ct.pinterest.com *.freshchat.net *.freshchat.com *.useinsider.com *.arcot.com *.monzo.com *.securesuite.co.uk authentication-acs.marqeta.com account.fetchify.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com *.weltpixel.com www.soholighting.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bing.com *.clarity.ms js.klevu.com cdn-cookieyes.com speedsize.com *.speedsize.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ct.pinterest.com www.google.co.uk *.googleapis.com *.ggpht *.sagepay.co.uk xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com *.easyfundraising.org.uk *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.soholighting.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com 'self' bat.bing.com js.klevu.com *.clarity.ms c.paypal.com chimpstatic.com cdn-cookieyes.com *.hotjar.com sentry.bigeyedeers.dev browser.sentry-cdn.com speedsize.com *.speedsize.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ tags.creativecdn.com player.vimeo.com *.youtube.com *.googleapis.com t.elesi.com t.soholighting.com porjs.com widget.trustpilot.com s.pinimg.com ct.pinterest.com *.freshchat.net *.freshchat.com fw-cdn.com xmpp-contact.unlimitedhorizon.co.uk www.paidonresults.net widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com www.soholighting.com https://js.klevu.com https://so.soholighting.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.bootstrapcdn.com *.typekit.net js.klevu.com speedsize.com *.speedsize.com https://static.klaviyo.com *.freshchat.net *.freshchat.com xmpp-contact.unlimitedhorizon.co.uk *.useinsider.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com tagmanager.google.com www.soholighting.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com speedsize.com *.speedsize.com www.soholighting.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.sandbox.braintree-api.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.trustpilot.com *.hotjar.com sentry.bigeyedeers.dev speedsize.com *.speedsize.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.google.co.uk ct.pinterest.com *.useinsider.com capig.stape.gl widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com www.soholighting.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com www.soholighting.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com elesi.com www.elesi.com cdn.elesi.com static.elesi.com soholighting.com www.soholighting.com cdn.soholighting.com static.soholighting.com lighteningbox.com www.lighteningbox.com cdn.lighteningbox.com static.lighteningbox.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.bigeyedeers.dev/api/6/security/?sentry_key=476f7497936cfb1dfb62eeeaa2a7f1cb; report-to report-endpoint; 1
font-src self cdn.icomoon.io *.gstatic.com *.typekit.net *.tawk.to *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.tjomahony.ie www.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ self *.cookiebot.com www.facebook.com *.bugherd.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com self tjomahony.ie *.tjomahony.ie maps.googleapis.com google.com imgsct.cookiebot.com www.facebook.com *.paypal.com *.documentforce.com *.cloudfront.net *.bugherd.com *.s3.amazonaws.com embed.tawk.to hummuk.file.force.com *.chimpstatic.com mageside.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.mageside.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com self *.tjomahony.ie tjomahony.test *.cookiebot.com *.bugherd.com *.pusher.com *.tawk.to *.googleapis.com *.cloudfront.net cdn.jsdelivr.net *.chimpstatic.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com self *.tjomahony.ie tjomahony.test cdn.icomoon.io fonts.googleapis.com *.typekit.net *.tawk.to *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com self *.tjomahony.ie maps.googleapis.com www.google.co.uk *.paypal.com google.com *.tawk.to wss://*.tawk.to *.cookiebot.com wss://ws-mt1.pusher.com *.bugsnag.com *.bugherd.com widget.trustpilot.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self cdn.icomoon.io *.tjomahony.ie tjomahony.test *.tawk.to 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klaviyo.com fonts.feefo.com *.isitetv.com media.flixcar.com media.flixfacts.com unpkg.com *.salesfire.co.uk *.smartmetrics.co.uk storage.googleapis.com static.cloudflareinsights.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.snapfinance.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.superpayments.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.superpayments.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.facebook.com account.fetchify.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.superpayments.com *.js.stripe.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com imgsct.cookiebot.com donaghybros.co.uk *.donaghybros.co.uk google.co.in bat.bing.com media.flixcar.com rt.flix360.com *.klaviyo.com pay.google.com images.prismic.io *.isitetv.com media.flixfacts.com unpkg.com *.salesfire.co.uk *.smartmetrics.co.uk storage.googleapis.com static.cloudflareinsights.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.snapfinance.co.uk *.superpayments.com *.stripe.com a.storyblok.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com https://player.vimeo.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com consent.cookiebot.com bat.bing.com s.pinimg.com/ct/ *.livechatinc.com *.hotjar.com/ ct.pinterest.com/static/ct/token_create.js widgets.reevoo.com static.youreko.com/js/partners/gb/donaghy-bros/youreko.energy-review.donaghy-bros.all.min.js media.flixfacts.com prod.flixgvid.flix360.io/ media.flixcar.com api.reviews.co.uk api.feefo.com instore.pricespy.co.uk/in.js cdn.loadbee.com/js/loadbee_integration.js static.cloudflareinsights.com cdn-cookieyes.com/client_data/f903097f3ec531c15a2be696/script.js cdn-cookieyes.com/client_data/f903097f3ec531c15a2be696/banner.js *.salesfire.co.uk s.kk-resources.com/leadtag.js *.klaviyo.com *.trustpilot.com *.isitetv.com unpkg.com *.smartmetrics.co.uk storage.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.snapfinance.co.uk https://connect.consents-dev.online https://connect.consents.online *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.superpayments.com b.stripecdn.com m.stripe.network segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.typekit.net *.salesfire.co.uk *.klaviyo.com *.isitetv.com media.flixcar.com media.flixfacts.com unpkg.com *.smartmetrics.co.uk storage.googleapis.com static.cloudflareinsights.com https://static.klaviyo.com cc-cdn.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.snapfinance.co.uk *.stripe.network *.stripecdn.com *.amazon.com *.superpayments.com *.stripe.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net ct.pinterest.com bat.bing.com *.hotjar.com/c/ stats.g.doubleclick.net widgets.reevoo.com availability.loadbee.com media.flixcar.com *.klaviyo.com pay.google.com api.reviews.co.uk api-js.datadome.co nominatim.openstreetmap.org *.trustpilot.com *.isitetv.com media.flixfacts.com unpkg.com *.salesfire.co.uk *.smartmetrics.co.uk storage.googleapis.com static.cloudflareinsights.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.snapfinance.co.uk https://signup.consents-dev.online https://signup.consents.online https://connect.consents-dev.online https://connect.consents.online https://api.mistho.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.superpayments.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com api.storyblok.com maps.googleapis.com web-sdk.smartlook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://dap.digitalgov.gov https://static.cloudflareinsights.com https://script.crazyegg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https:; frame-src 'self' https://www.google.com; connect-src 'self' https://www.google.com; object-src 'none'; base-uri 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cdn.shoptireco.com cdn.shoptireco.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://firebasestorage.googleapis.com *.cdn.shoptireco.com cdn.shoptireco.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com s7.addthis.com *.avada.io *.cdn.shoptireco.com cdn.shoptireco.com client.rum.us-east-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cdn.shoptireco.com cdn.shoptireco.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.cdn.shoptireco.com cdn.shoptireco.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com thm.visa.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cdn.shoptireco.com cdn.shoptireco.com dataplane.rum.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.cdn.shoptireco.com cdn.shoptireco.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem 'self' 'unsafe-inline' *.gstatic.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.googletagmanager.com *.cookiebot.com *.cookiebot.eu *.google.com *.youtube.com *.hotjar.com *.bing.com *.newrelic.com *.multisafepay.com *.trustedshops.com *.etrusted.com chatwidget-prod.web.app; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.doubleclick.net *.facebook.com *.fontawesome.com https://widgets.trustedshops.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cardinalcommerce.com *.cookiebot.com *.cookiebot.eu *.doubleclick.net *.googletagmanager.com *.vimeo.com *.facebook.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com https://images.unsplash.com *.magentocommerce.com *.google.com *.googleapis.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.paypalobjects.com *.ytimg.com *.facebook.com *.facebook.net *.iusercentrics.eu *.bing.net *.etrusted.com *.cookiebot.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com magefan.com cm.magefan.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com cdn-4.convertexperiments.com *.cardinalcommerce.com *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ytimg.com *.facebook.com *.facebook.net *.avada.io *.hotjar.com *.cookiebot.com *.cookiebot.eu *.multisafepay.com *.trustedshops.com *.etrusted.com *.bing.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.gstatic.com *.googleapis.com *.google.com *.magento-ds.com *.magento-datasolutions.com *.fontawesome.com chatwidget-css.web.app *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com *.multisafepay.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com cdn-4.convertexperiments.com *.cookiebot.com *.cookiebot.eu *.cardinalcommerce.com *.googlesyndication.com *.facebook.com *.facebook.net *.avada.io *.bing.net api.ipify.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'unsafe-eval' 'unsafe-inline' 'self' player.vimeo.com youtube-nocookie.com youtube.com google-analytics.com googletagmanager.com connect.facebook.net https:;; object-src 'none'; style-src 'unsafe-inline' 'self' googletagmanager.com https:;; img-src 'self' data: https:;; media-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-ancestors 'self'; child-src 'self' player.vimeo.com youtube-nocookie.com https:;; font-src 'self' data: https:;; connect-src 'self' player.vimeo.com youtube-nocookie.com https:;; report-uri /report-csp-violation 1
font-src *.cloudflare.com *.candid-io.site44.com *.gstatic.com *.typekit.net data: *.googleapis.com fonts.googleapis.com *.hotjar.com *.bootstrapcdn.com *.fontawesome.com  * www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com  * www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors  * 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ *.google.com 'self' www.searchanise.com *.searchserverapi.com *.twitter.com https://sandbox.sequracdn.com https://live.sequracdn.com www.blackrecon.com https://live.sequrapi.com *.searchserverapi1.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.blackrecon.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.searchanise.com  * *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.google.com *.cloudflare.com *.google-analytics.com *.gstatic.com *.typekit.net *.fontawesome.com *.hsforms.net *.hsforms.com *.netdna-ssl.com *.jquery.com *.googleapis.com *.hotjar.com https://searchserverapi.com *.searchanise.com *.blackrecon.com *.googletagmanager.com *.googleadservices.com https://searchserverapi.com/widgets/v1.0/init.js 'self' 'unsafe-inline' 'unsafe-eval' * searchserverapi.com *.sequracdn.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com searchserverapi1.com api.amplitude.com *.twitter.com *.twimg.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hotjar.com *.cloudflare.com *.googleapis.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com  * www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.candid-io.site44.com *.paypal.com *.hsforms.net *.hsforms.com *.googleapis.com *.hotjar.com  * api.amplitude.com stats.g.doubleclick.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src  * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com http://tag.brandcdn.com/privacy tag.brandcdn.com/autoscript/cityofbakersfieldsolidwastedivisio_vgtstk1fovvvvfu9/city_of_bakersfield_solid_waste_divisio.js * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src * 'self' blob:; font-src * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.zapier.com *.zapier.app *.fontawesome.com *.tidio.co *.tagshop.io *.tagshop.ai *.productreview.com.au *.taggshop.io *.taggshop.ai *.cdnfonts.com *.evergage.com *.tagbox.com *.eurekafurniture.com.au *.fonts.net *.jotfor.ms *.migaku.com *.onlinewebfonts.com *.alicdn.com *.taggbox.com unpkg.com images.latitudepayapps.com imageapi.magebinary.co.nz maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ashleyhome.com.au *.facebook.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.mycardsecure.com *.rsa3dsauth.co.uk *.securesuite.co.uk mycardsecure.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors data: *.form.jotform.com *.jotform.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com *.zapier.com *.zapier.app *.taggbox.com *.authorize.net *.pinterest.com *.form.jotform.com *.jotform.com *.doubleclick.net *.jotform.io *.twitter.com *.afterpay.com *.commbank.com.au *.fliphtml5.com *.opendns.com noop.style *.commercepartnerhub.com *.facebook.com *.googletagmanager.com *.americanexpress.com *.arcot.com *.avada.io *.cardinalcommerce.com *.mycardsecure.com *.rsa3dsauth.co.uk *.securesuite.co.uk *.zscalerthree.net mycardsecure.com *.cloudflare.com *.zscaler.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://plumrocket.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net *.zapier.com *.zapier.app *.magentocommerce.com *.latitudefinancial.com *.adnxs.com *.pinterest.com *.mediaiqdigital.com *.eurekafurniture.com.au *.google.com.vn *.google.com.au *.taggbox.com *.doubleclick.net *.latitudepayapps.com *.googleapis.com *.tagshop.io *.tagshop.ai *.ashleyhome.com.au *.facebook.com *.google.com *.jivox.com *.tagbox.com google.com ui-avatars.com www.google.ae www.google.al www.google.am www.google.at www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.de www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.la www.google.lk www.google.mv www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk www.google.vu *.eurekastreetfurniture.com.au *.local.com *.yahoo.com eurekastreetfurniture.com.au www.google.cl www.google.co.ck www.google.co.zm www.google.com.af www.google.com.bh www.google.com.ec www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.na www.google.com.pe www.google.com.py www.google.com.sb www.google.com.uy www.google.dk www.google.ge www.google.gg www.google.hn www.google.hr www.google.lt www.google.mk www.google.mn www.google.mu www.google.ws www.google.co.vi www.google.com.pr www.google.lv www.google.no www.google.tt *.jotfor.ms www.google.ba www.google.bt www.google.co.bw www.google.co.cr www.google.co.ls www.google.co.tz www.google.co.ve www.google.com.do www.google.com.ly www.google.dz www.google.gy www.google.kz www.google.me www.google.ru www.google.sc www.google.tl www.google.bs www.google.com.ag www.google.is www.google.sn www.google.to www.google.az www.google.com.et www.google.com.om www.google.gm www.google.ml www.google.sr *.adsrvr.org www.google.co.ao www.google.co.mz www.google.co.ug www.google.com.mm www.google.ga www.google.im www.google.je www.google.lu www.google.ps www.google.rw *.afterpay.com *.trackedweb.net www.google.co.uz www.google.com.bo www.google.com.gi www.google.li www.google.md www.google.mg www.google.nr www.google.tn zip.co *.googleusercontent.com www.google.cv www.google.ht *.googleadservices.com www.google.cm *.ggpht.com www.google.ad *.facebook.net *.fliphtml5.com *.igodigital.com *.cloudflare.com *.tidiochat.com www.google.dm *.evergage.com *.google-analytics.com *.googletagmanager.com tidio-images-messenger.s3.amazonaws.com unpkg.com www.google.com.tj www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.addressfinder.io https://rum.hlx.page https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.zapier.com *.zapier.app *.taggbox.com *.tidiochat.com *.tidio.co *.authorize.net *.jsdelivr.net *.lfscnp.com *.evgnet.com *.googleapis.com *.facebook.net *.pinimg.com *.adnxs.com *.crazyegg.com *.pinterest.com *.form.jotform.com *.jotform.com *.jotfor.ms *.productreview.com.au *.tagshop.io *.tagshop.ai *.twitter.com *.taggshop.io *.taggshop.ai *.latitudepayapps.com *.jivox.com *.zip.co *.commbank.com.au *.doubleclick.net *.evergage.com *.latitudefinancial.com *.tagbox.com *.zipmoney.com.au *.eurekafurniture.com.au *.yimg.com *.googletagmanager.com googletagmanager.com *.addressfinder.io *.afterpay.com *.avada.io *.bing.com *.googleadservices.com *.igodigital.com rum.hlx.page *.cloudflare.com *.google-analytics.com unpkg.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co https://accounts.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.zapier.com *.zapier.app *.googleapis.com *.jotfor.ms *.tagshop.io *.tagshop.ai *.taggshop.io *.taggshop.ai *.tagbox.com *.evergage.com *.typekit.net *.eurekafurniture.com.au *.fonts.net *.googletagmanager.com *.addressfinder.io *.taggbox.com *.cloudflare.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src noop.style 'self' 'unsafe-inline'; media-src *.adobe.com *.zapier.com *.zapier.app *.tidiochat.com *.tidio.co *.tagshop.ai *.taggbox.com *.gstatic.com *.cdninstagram.com *.tagbox.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.zapier.com *.zapier.app *.tidio.co wss://socket.tidio.co *.zip.co *.algolia.io *.google-analytics.com *.livechatinc.com *.form.jotform.com *.crazyegg.com *.tagshop.io *.tagshop.ai *.productreview.com.au *.taggbox.com *.adnxs.com *.pinterest.com *.evergage.com *.google.com.vn *.google.com.au *.datadoghq.com *.googleapis.com *.cloudfront.net *.afterpay.com *.jivox.com *.doubleclick.net *.facebook.com *.taggshop.io *.zipmoney.com.au localhost www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bn www.google.com.br www.google.com.co www.google.com.fj www.google.com.hk www.google.com.my www.google.com.np www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sg www.google.com.tr www.google.com.tw www.google.cz www.google.de www.google.es www.google.fr www.google.gr www.google.ie www.google.iq www.google.it www.google.jo www.google.lk www.google.mv www.google.nl www.google.pl www.google.pt www.google.sk *.ashleyhome.com.au *.eurekafurniture.com.au *.eurekastreetfurniture.com.au *.yimg.com www.google.al www.google.cl www.google.co.ck www.google.com.af www.google.com.au www.google.com.cy www.google.com.eg www.google.com.gh www.google.com.kh www.google.com.mx www.google.com.na www.google.com.ua www.google.dk www.google.ee www.google.ge www.google.gg www.google.lt www.google.mk www.google.mu www.google.ro www.google.se www.google.vu www.google.co.ke www.google.com.bh www.google.com.kw www.google.com.sa www.google.fi www.google.mn www.google.no www.google.tt www.google.ws www.google.bg www.google.co.bw www.google.co.cr www.google.co.tz www.google.com.ly www.google.com.mt www.google.com.pr www.google.com.sb www.google.kz www.google.rs www.google.ru www.google.sc www.google.tl www.google.bs www.google.co.zm www.google.com.ag www.google.com.bz www.google.com.do www.google.dz www.google.ba www.google.com.ec www.google.sn www.google.sr www.google.to www.google.by www.google.cd www.google.co.ao www.google.co.ma www.google.co.zw www.google.com.jm www.google.com.lb www.google.com.mm www.google.com.ng www.google.com.pe www.google.com.uy www.google.hr www.google.hu www.google.je www.google.la www.google.lv www.google.rw www.google.hn www.google.im www.google.md www.google.nr *.googleadservices.com www.google.co.mz www.google.com.om *.bugsnag.com www.google.me *.alicdn.com www.google.tn www.google.com.et www.google.co.ug www.google.co.uz www.google.com.py www.google.mg rum.hlx.page www.google.dm www.google.am www.google.si ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.eurekastreetfurniture.com.au 'self' 'unsafe-inline'; report-uri https://09b78a4d-2b3c-489e-9e11-19662dc91066.sansec.watch/; report-to report-endpoint; 1
font-src *.typekit.net fonts.soundestlink.com fonts.gstatic.com *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com https://maps.omnivasiunta.lt www.facebook.com static.hotjar.com script.hotjar.com dynamic.criteo.com sslwidget.criteo.com wt.omnisendlink.com forms.soundestlink.com stats.g.doubleclick.net ad.doubleclick.net *.google.lv measurement-api.criteo.com ib.adnxs.com sync-t1.taboola.com visitor.omnitagjs.com matching.ivitrack.com exchange.mediavine.com sync.outbrain.com sync.1rx.io gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dis.criteo.com cm.g.doubleclick.net formsv2.soundestlink.com *.google.com *.facebook.com *.twitter.com https://x.bidswitch.net https://rtb-csync.smartadserver.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://contextual.media.net https://jadserve.postrelease.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://eb2.3lift.com https://ad.yieldlab.net https://e1.emxdgt.com https://sync.targeting.unrulymedia.com https://uipglob.semasio.net https://www.google.lt https://www.google.com https://vc.hotjar.io https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org public.montonio.com https://omnisnippet1.com https://wt.soundestlink.com https://www.terminalmappingjs.com https://osm.venipak.com http://mano.venipak.lt https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com *.instagram.com widget.freshworks.com m2epro.freshdesk.com https://unpkg.com *.googletagmanager.com connect.facebook.net static.hotjar.com script.hotjar.com dynamic.criteo.com sslwidget.criteo.com wt.omnisendlink.com forms.soundestlink.com stats.g.doubleclick.net *.google.lv measurement-api.criteo.com ib.adnxs.com sync-t1.taboola.com visitor.omnitagjs.com matching.ivitrack.com exchange.mediavine.com sync.outbrain.com sync.1rx.io gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dis.criteo.com cm.g.doubleclick.net analytics.tiktok.com https://x.bidswitch.net https://rtb-csync.smartadserver.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://contextual.media.net https://jadserve.postrelease.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://eb2.3lift.com https://ad.yieldlab.net https://e1.emxdgt.com https://sync.targeting.unrulymedia.com https://uipglob.semasio.net https://www.google.lt https://vc.hotjar.io s7.addthis.com public.montonio.com https://omnisnippet1.com https://forms.soundestlink.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.typekit.net fonts.soundestlink.com *.fontawesome.com *.googleapis.com https://unpkg.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://geocode.arcgis.com ws: *.analytics.google.com static.hotjar.com script.hotjar.com dynamic.criteo.com sslwidget.criteo.com wt.omnisendlink.com forms.soundestlink.com stats.g.doubleclick.net *.google.lv measurement-api.criteo.com ib.adnxs.com sync-t1.taboola.com visitor.omnitagjs.com matching.ivitrack.com exchange.mediavine.com sync.outbrain.com sync.1rx.io gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dis.criteo.com cm.g.doubleclick.net *.facebook.com google.com *.twitter.com analytics.tiktok.com https://x.bidswitch.net https://rtb-csync.smartadserver.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://contextual.media.net https://jadserve.postrelease.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://eb2.3lift.com https://ad.yieldlab.net https://e1.emxdgt.com https://sync.targeting.unrulymedia.com https://uipglob.semasio.net https://www.google.lt https://www.google.com https://vc.hotjar.io ekr.zdassets.com/ https://www.terminalmappingjs.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv30.%7F%60v4u-19cf9f25735-0x2802#pd 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.admedia.com *.adsrvr.org advanced.neuro-id.com *.analytics-sm.com analytics-sm.com analytics.tiktok.com api-js.mixpanel.com api.amplitude.com api.glia.com api.measureone.com api.salemove.com api.yotpo.com arttrk.com *.arttrk.com auth.split.io bat.bing.com bcdn.integration.projectcorvette.us bcwup.integration.projectcorvette.us browser-intake-datadoghq.com cdn.amplitude.com cdn.lr-ingest.com cdn.plaid.com cdn.tiny.cloud client-logger.salemove.com dn.neuroid.cloud ekr.zdassets.com gabihelp.zendesk.com gabihelp1605922745.zendesk.com glia-applets.com globalsiteanalytics.com google.com googleadservices.com js.stripe.com js.verygoodvault.com js3.verygoodvault.com kluster.salemove.com *.kochava.com libs.glia.com libs.salemove.com logs.neuro-id.com nexus.ensighten.com pt.ispot.tv pubsub.salemove.com rc.dn.neuroid.cloud receiver.neuroid.cloud region1.analytics.google.com region1.google-analytics.com *.rokt.com rum.browser-intake-datadoghq.com sc-static.net scripts.neuro-id.com sdk.split.io session-replay.browser-intake-datadoghq.com siteintercept.qualtrics.com smarty.insurance.experian.com smarty.staging.gabi.com smetrics1.experian.com static.zdassets.com staticw2.yotpo.com stats.g.doubleclick.net storage.googleapis.com streaming.split.io *.tapad.com tms.experian.com tr.snapchat.com us-autocomplete-pro.api.smarty.com us-autocomplete-pro.api.smartystreets.com vgs-collect-keeper.apps.verygood.systems wss://kluster.salemove.com wss://pubsub.salemove.com www.google-analytics.com www.google.ca www.google.co.in www.google.co.uk www.google.com www.google.com.mx www.google.com.ph www.google.com.pr www.googleadservices.com www.googletagmanager.com www.routingnumbers.info zn3ibrpkldazquxaq-consumerinfo.siteintercept.qualtrics.com blob:; img-src * data: blob:; style-src 'self' 'unsafe-inline' *.admedia.com *.adsrvr.org analytics-sm.com *.analytics-sm.com analytics.tiktok.com arttrk.com *.arttrk.com auth.split.io cdn.honey.io cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com fonts.googleapis.com glia-applets.com google.com googleadservices.com hello.myfonts.net *.kochava.com libs.glia.com libs.salemove.com pt.ispot.tv *.rokt.com sc-static.net sdk.split.io smetrics1.experian.com staticw2.yotpo.com storage.googleapis.com streaming.split.io *.tapad.com tr.snapchat.com www.google.co.uk www.gstatic.com www.tiny.cloud; font-src 'self' cdn.gabi.com fonts.gstatic.com hello.myfonts.net static.zip.co staticw2.yotpo.com www.tiny.cloud data:; frame-src 'self' 10178839.fls.doubleclick.net 6375438.fls.doubleclick.net api.measureone.com cdn.plaid.com js.stripe.com js.verygoodvault.com js3.verygoodvault.com *.rokt.com www.facebook.com; media-src 'self' glia-applets.com libs.glia.com libs.salemove.com; report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6266f5d846cb5713666132c0f0ffe817&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6266f5d846cb5713666132c0f0ffe817&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com ssl.google-analytics.com www.googletagmanager.com maps.google.com wasm-eval connect.facebook.net verify.uk.littlepay.com; frame-ancestors 'self' http://www.rslcontent.co.uk; report-uri https://tbkb01.report-uri.com/r/t/csp/reportOnly; report-to default 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com cash-f.squarecdn.com cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr *.cloudflare.com sdkm.gwbq.fr static.sensefuel.live *.fontawesome.com *.bootstrapcdn.com d3gbdgnfs9ulge.cloudfront.net https://www.google.com https://www.gstatic.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * d3gbdgnfs9ulge.cloudfront.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com * *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ https://form.typeform.com *.pinterest.com *.addthis.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.snapwidget.com static.addtoany.com www.google.com www.gstatic.com apis.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://maps.googleapis.com * a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr *.cloudflare.com sdkm.gwbq.fr *.googleadservices.com *.googleapis.com *.google.com *.google.fr *.instagram.com *.facebook.com *.facebook.net d3gbdgnfs9ulge.cloudfront.net axeptio.imgix.net https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com cdn.jsdelivr.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.cloudflare.com sdkm.gwbq.fr *.google-analytics.com *.googletagmanager.com *.google.fr *.gstatic.com *.trustedshops.com *.fontawesome.com static.addtoany.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.googleapis.com *.facebook.com *.facebook.net graph.instagram.com widgets.pinterest.com d3gbdgnfs9ulge.cloudfront.net *.axept.io * *.moatads.com *.pinterest.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app cdn.jsdelivr.net downloads.mailchimp.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.cloudflare.com sdkm.gwbq.fr *.googleapis.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com tag.search.sensefuel.live d3gbdgnfs9ulge.cloudfront.net *.addtoany.com *.google.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com *.openstreetmap.org https://maps.googleapis.com * *.getalma.eu *.almapay.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://ws.colissimo.fr https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.pinterest.com *.googleadservices.com *.googleapis.com *.google.fr *.instagram.com *.doubleclick.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net c.search.sensefuel.live *.axept.io static.addtoany.com *.facebook.com l.search.sensefuel.live *.facebook.net http://dpm.demdex.net *.addthis.com https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wLSr_P8fI2ibrMuabhQXsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-C2nGecb0wNbHHF51mtSpXg==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=hKHOeIiGYUxNhoHNKhLS8KljRIv-YHyAocNLtub0odUzEgOn7hrwieFys3cjfAIn9DgDnDHrLFc=&policy_id=30057&user_id=&request_id=7d723bd6-b206-4981-a959-051875d11c39; report-to csp-endpoint-hkhoeiigyuxnhohnkhlskljrivyhyaocnltuboduzegonhrwiefyscjfaindgdndhrlfc; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src fonts.gstatic.com use.typekit.net data: blob: *.americanframe.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.filestackapi.com https://acsbapp.com *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com data: blob: *.americanframe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.braintree-api.com *.braintreegateway.com *.hubspot.com *.hsforms.net *.hsforms.com *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ data: blob: *.americanframe.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.cybersource.com *.braintree-api.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.google.com *.googlesyndication.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.hubspot.com *.kaptcha.com *.accessibe.com *.hsforms.com *.hsforms.net outlook.office365.com *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com *.certcapture.com https://acsbapp.com *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net blob: *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.s3.amazonaws.com s3.amazonaws.com *.paypal.com *.paypalobjects.com *.braintree-api.com *.braintreegateway.com *.magentocommerce.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.ie *.google.it *.google.jo *.google.ik *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.sk *.google.com.ar *.google.com.au *.google.com.br *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.my *.google.com.ng *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.sg *.google.com.tw *.google.com.ua *.google.com.vn *.google.ae *.google.ca *.google.cn *.google.co.in *.google.co.il *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.co.za *.google.co.ma *.googleusercontent.com *.doubleclick.net *.hsforms.com *.hsforms.net *.hubspot.com *.adelixir.com *.bing.com *.acsbapp.com www.facebook.com *.certcapture.com *.nr-data.net *.clarity.ms meetanshi.com *.hubspotusercontent-na1.net *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com https://fonts.googleapis.com https://*.filestackapi.com https://cdn.filestackcontent.com *.acsbap.com acsbap.com acsbapp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page data: blob: *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.paypal.com *.paypalobjects.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.hotjar.io *.hotjar.com *.doubleclick.net *.cybersource.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.bing.com *.adelixir.com *.braintree-api.com *.braintreegateway.com *.usemessages.com *.facebook.net *.certcapture.com *.hsleadflows.net *.polyfill.io *.clarity.ms *.hubspot.com *.aptrinsic.com *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com https://*.filestackapi.com https://acsbapp.com *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com https://www.googletagmanager.com tagmanager.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com data: blob: *.getfirebug.com *.myfonts.net *.googleapis.com *.certcapture.com *.hubspot.com *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com https://*.filestackapi.com https://fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: blob: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io data: blob: *.magento.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.s3.amazonaws.com *.google-analytics.com *.googleadservices.com *.google.com *.doubleclick.net *.hubspot.com *.acsbapp.com *.braintree-api.com *.braintreegateway.com *.bing.com *.paypal.com *.certcapture.com *.facebook.net *.hsforms.com *.hubapi.com *.clarity.ms *.demdex.net *.hscollectedforms.net *.hotjar.io *.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.gorgias.chat *.gorgias.help *.gorgias.io *.klaviyo.com https://fonts.googleapis.com https://filestack-uploads-persist-production.s3.amazonaws.com https://cdn.filestackcontent.com https://*.filestackapi.com https://cdn.acsbapp.com *.acsbap.com acsbap.com acsbapp.com https://www.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src data: blob: *.americanframe.com *.cybersource.com *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com *.americanframe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-kcOso-ptraX25u0tVotEMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--qrjit-teZYlaU2MOeitFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com *.zdassets.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.com.vn *.google.com.au *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.plugins.emarsys.net *.scarabresearch.com *.mimecast.com *.hotjar.com *.zdassets.com *.amazonaws.com *.mastersoftgroup.com *.go-mpulse.net *.newrelic.com *.zendesk.com *.tiktok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.scarabresearch.com *.eservice.emarsys.net *.go-mpulse.net *.zdassets.com *.doubleclick.net *.zendesk.com *.google.com.vn *.google.com.au *.mastersoftgroup.com *.akstat.io *.akamaihd.net *.nr-data.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://aaa0e0b5-d300-4a2c-a829-8d6611856a15.sansec.watch/; report-to report-endpoint; 1
font-src *.gstatic.com *.stape.io *.fontawesome.com *.googleapis.com * data: *.oct8ne.com instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * www.paycomet.com api.paycomet.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.stape.io * *.oct8ne.com www.paycomet.com api.paycomet.com https://plumrocket.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.stape.io * https://www.magezon.com *.oct8ne.com instantcredit.net test.instantcredit.net *.amazonaws.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.fontawesome.com *.googleapis.com *.avada.io * *.oct8ne.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com * instantcredit.net test.instantcredit.net *.sendcloud.sc *.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.google.com *.stape.io https://get.geojs.io *.avada.io * *.oct8ne.com instantcredit.net test.instantcredit.net *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com use.typekit.net staticw2.yotpo.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com https://seo.mageplaza.com gtech.semafoneservices.com gtech.semafonetest.com *.yotpo.com 'self' connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors widget.trustpilot.com front.optimonk.com cdn.cookielaw.org *.stripe.com stripe.com; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.stripe.com https://www.google.com *.sagepay.com *.opayo.eu.elavon.com account.fetchify.com widget.trustpilot.com config1.veinteractive.com www.facebook.com www.youtube.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com gtech.semafoneservices.com gtech.semafonetest.com https://www.googletagmanager.com/ *.yotpo.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com reporting.gtech.co.uk secure.adnxs.com bat.bing.com pixel.mediaiqdigital.com www.facebook.com www.google.co.uk ct.pinterest.com adservice.google.com x.bidswitch.net widget.trustpilot.com fonts.googleapis.com staticw2.yotpo.com ad.doubleclick.net cookiee1.veinteractive.com www.gtech.co.uk 9032256.fls.doubleclick.net www.pinterest.com img.youtube.com connect.facebook.net www.googletagmanager.com veads.veinteractive.com *.teads.tv *.smartadserver.com *.casalemedia.com *.seedtag.com *.emxdgt.com *.pubmine.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.yotpo.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://pixel.nudgify.com *.stripe.com https://www.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com widget.trustpilot.com eu-west.app.koopid.ai config1.veinteractive.com bat.bing.com cdn.mouseflow.com front.optimonk.com connect.facebook.net c5.adalyser.com cdn.cookielaw.org resources.xg4ken.com pxl.jivox.com p.teads.tv s.pinimg.com www.googletagservices.com pagead2.googlesyndication.com gs-cdn.optimonk.com px.veinteractive.com a.volvelle.tech ad.doubleclick.net 8282528.fls.doubleclick.net *.mention-me.com js-agent.newrelic.com bam-cell.nr-data.net consent.cookiefirst.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.yotpo.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com www.facebook.com graph.facebook.com business.facebook.com *.trustpilot.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.fontawesome.com p.typekit.net use.typekit.net eu-west.app.koopid.ai widget.trustpilot.com fonts.googleapis.com consent.cookiefirst.com https://static.klaviyo.com *.yotpo.com *.googleapis.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.nudgify.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com https://data.nudgify.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cdn.cookielaw.org o2.mouseflow.com googleads4.g.doubleclick.net front.optimonk.com jfapiprod.optimonk.com ct.pinterest.com cookiee1.veinteractive.com sessionapi.veinteractive.com dtrc.veinteractive.com bam-cell.nr-data.net *.teads.tv consent.cookiefirst.com edge.cookiefirst.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com bablas.co.uk www.bablas.co.uk fonts.cdnfonts.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com https://live.opayo.eu.elavon.com https://acs.gc.at https://acs.gc.be https://acs.gc.bg https://acs.gc.hr https://acs.gc.cy https://acs.gc.cz https://acs.gc.dk https://acs.gc.ee https://acs.gc.fi https://acs.gc.fr https://acs.gc.de https://acs.gc.gr https://acs.gc.hu https://acs.gc.ie https://acs.gc.it https://acs.gc.lv https://acs.gc.lt https://acs.gc.lu https://acs.gc.mt https://acs.gc.nl https://acs.gc.pl https://acs.gc.pt https://acs.gc.ro https://acs.gc.sk https://acs.gc.si https://acs.gc.es https://acs.gc.se https://acs.gc.co.uk https://acs.gc.ge https://acs2.ufc.at https://acs2.ufc.be https://acs2.ufc.bg https://acs2.ufc.hr https://acs2.ufc.cy https://acs2.ufc.cz https://acs2.ufc.dk https://acs2.ufc.ee https://acs2.ufc.fi https://acs2.ufc.fr https://acs2.ufc.de https://acs2.ufc.gr https://acs2.ufc.hu https://acs2.ufc.ie https://acs2.ufc.it https://acs2.ufc.lv https://acs2.ufc.lt https://acs2.ufc.lu https://acs2.ufc.mt https://acs2.ufc.nl https://acs2.ufc.pl https://acs2.ufc.pt https://acs2.ufc.ro https://acs2.ufc.sk https://acs2.ufc.si https://acs2.ufc.es https://acs2.ufc.se https://acs2.ufc.co.uk https://acs2.ufc.ge https://safekey-3.americanexpress.com https://acs2.libertybank.ge *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://calendly.com https://assets.calendly.com https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net https://platform.twitter.com https://www.facebook.com https://www.paypal.com https://acs2.ufc.ge https://acs2.ufc.co.uk https://acs2.ufc.com https://acs.gc.ge https://acs.gc.co.uk https://acs.gc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.weltpixel.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io api.feefo.com www.google.co.uk bat.bing.com syndication.twitter.com register.feefo.com www.bablas.co.uk pagead2.googlesyndication.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.syndication.tiekinetix.net *.calendly.com syndication.tiekinetix.net api.feefo.com static.hotjar.com ajax.googleapis.com register.feefo.com *.cloudflare.com script.hotjar.com consent.cookiefirst.com edge.cookiefirst.com connect.facebook.net www.gstatic.com *.g.doubleclick.net bat.bing.com platform.twitter.com www.reviewcentre.com pcls1.craftyclicks.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.disqus.com *.googleapis.com *.gstatic.com twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com consent.cookiefirst.com register.feefo.com cdnjs.cloudflare.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.gstatic.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com stats.g.doubleclick.net consent.cookiefirst.com www.google-analytics.com edge.cookiefirst.com pagead2.googlesyndication.com api.cookiefirst.com analytics.google.com api.feefo.com collect.feefo.com syndication.twitter.com www.facebook.com vc.hotjar.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src pagead2.googlesyndication.com stats.g.doubleclick.net bat.bing.com *.google.com www.paypal.com analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gls.com *.szybkapaczka.pl *.gls-poland.com/ https://*.easypack24.net https://fonts.bunny.net fonts.googleapis.com https://*.typekit.net https://font.static.useinsider.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com https://parcelshop.dhl.pl https://pudofinder.dpd.com.pl https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.gls-poland.com/ https://*.dpd.com.pl/ https://*.dpd.cz/ www.facebook.com platform.twitter.com https://consentcdn.cookiebot.com https://*.livechatinc.com https://secure-fra.livechatinc.com https://creativecdn.com https://fitanu.api.useinsider.com https://ams.creativecdn.com https://*.doubleclick.net https://api.dpd.cz/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ *.gls-poland.com.pl/ https://*.easypack24.net https://*.inpost.pl https://trustmate.io https://firebasestorage.googleapis.com quickchart.io img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://fitanu.com https://*.paynow.pl https://*.cookiebot.com https://*.glami.pl https://*.bing.com https://google.pl https://image.useinsider.com https://*.google.pl https://log.api.useinsider.com https://*.adnxs.com https://cm.g.doubleclick.net https://*.creativecdn.com https://*.udmserve.net https://*.rubiconproject.com https://*.wp.pl https://*.teads.tv https://*.taboola.com https://*.adscale.de https://*.3lift.com https://*.outbrain.com https://*.smartadserver.com https://*.yieldmo.com https://*.openx.net https://*.360yield.com https://*.33across.com https://*.seedtag.com https://sync.go.sonobi.com https://*.nexx360.io https://*.clarity.ms https://*.casalemedia.com https://*.lijit.com https://*.omnitagjs.com https://*.media.net https://*.loopme.me https://onetag-sys.com https://*.mgid.com https://*.ad.smaato.net https://*.rmp.rakuten.com https://*.visx.net http://*.credit-agricole.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure.payu.com secure.snd.payu.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ https://unpkg.com https://cdn.jsdelivr.net https://api.mapbox.com https://*.easypack24.net https://trustmate.io *.snrbox.com https://c.seznam.cz https://cz.im9.cz https://sk.im9.cz *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com https://*.paynow.pl https://*.intum.com https://*.demoup.com https://cdn.intum.com https://*.cookiebot.com https://*.clarity.ms https://*.azureedge.net https://*.livechatinc.com https://*.wp.pl https://*.dmdi.pl https://*.savecart.pl https://*.goadservices.com https://*.bing.com https://*.dwin1.com https://glamipixel.com https://trafficscanner.pl https://*.cloudflareinsights.com https://fitanu.api.useinsider.com/ https://tags.creativecdn.com https://script.ar-mtch1.com https://eitri.api.useinsider.com https://*.allekurier.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.szybkapaczka.pl *.gls-poland.com/ https://cdn.jsdelivr.net https://*.easypack24.net https://api.mapbox.com https://trustmate.io *.snrcdn.net https://fonts.bunny.net fonts.gstatic.com https://assets.api.useinsider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.szybkapaczka.pl *.gls-poland.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ secure.payu.com merch-prod.snd.payu.com https://widget.packeta.com https://backup.widget.packeta.com *.szybkapaczka.pl *.openstreetmap.org *.gls-poland.com/ https://*.easypack24.net https://api.mapbox.com https://events.mapbox.com https://trustmate.io *.snrbox.com https://get.geojs.io *.avada.io https://*.demoup.com https://mycliplister.com https://*.google-analytics.com https://*.livechatinc.com https://googleads.g.doubleclick.net https://ams.creativecdn.com https://lt.ar-mtch1.com https://*.cookiebot.com https://*.useinsider.com https://*.clarity.ms https://*.bing.com https://*.inpost.pl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.transfixed.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.transfixed.com join.gammasecure.com; script-src 'self' *.transfixed.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.transfixed.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src *.fontawesome.com *.bhs.com *.gstatic.com *.bootstrapcdn.com *.facebook.com https://fonts.gstatic.com fonts.feefo.com data: maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://www.google.com https://www.gstatic.com *.salesfire.co.uk *.typekit.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com *.sagepay.com *.stripe.com *.stripe.network *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 8050302.fls.doubleclick.net direct.lc.chat *.paypal.com *.ad-srv.net *.facebook.com *.doubleclick.net *.klarnaservices.com *.addthis.com *.sagepay.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.salesfire.co.uk *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com adservice.google.com *.googleadservices.com *.paypal.com *.facebook.com *.doubleclick.net *.google.com.ua *.google.co.uk *.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnaservices.com *.sagepay.co.uk *.sooqr.com *.bhs.com *.feefo.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com analytics.webgains.io api.feefo.com assets.gocertify.me cdn.salesfire.co.uk js.klarna.com js.stripe.com m.stripe.network maps.googleapis.com pay.google.com register.feefo.com x.klarnacdn.net *.gstatic.com *.webgains.io *.webgains.com *.googletagmanager.com *.googleapis.com *.sooqr.com *.facebook.net *.facebook.com *.doubleclick.net *.moatads.com *.addthis.com *.addthisedge.com *.klarnaservices.com *.sagepay.com w-it.m-t.io chimpstatic.com *.feefo.com widgets.feefo.com *.envolvetech.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.spotlersearch.com spotlersearchanalytics.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.salesfire.co.uk *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.salesfire.co.uk maxcdn.bootstrapcdn.com *.googleapis.com *.sooqr.com *.bootstrapcdn.com *.feefo.com *.envolvetech.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.spotlersearch.com *.klarnacdn.net *.gstatic.com unsafe-inline assets.braintreegateway.com *.salesfire.co.uk *.typekit.net fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com ad.doubleclick.net collect.feefo.com hit.salesfire.co.uk live.smartmetrics.co.uk merchant-ui-api.stripe.com play.google.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com *.appspot.com *.klarnauserservices.com *.addthis.com *.webgains.io *.webgains.com *.feefo.com *.doubleclick.net *.facebook.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarnaservices.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.salesfire.co.uk *.smartmetrics.co.uk *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src eu.klarnaevt.com r.stripe.com www.bhs.com www.google.com www.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bhs.com/pr-csp/report/add/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://appleid.cdn-apple.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://appleid.apple.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://pms.dwatson.pk https://cdn.jsdelivr.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com cdn.jsdelivr.net https://accounts.google.com https://play.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://appleid.cdn-apple.com https://appleid.apple.com https://cdn.jsdelivr.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net https://accounts.google.com https://appleid.cdn-apple.com https://cdn.jsdelivr.net https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://appleid.apple.com https://appleid.cdn-apple.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://www.google-analytics.com https://pagead2.googlesyndication.com/ https://cdn-ukwest.onetrust.com/; font-src 'self' https://use.typekit.net/; frame-src 'self' https://www.googletagmanager.com/; img-src 'self' https://cdn-ukwest.onetrust.com/; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://www.googletagmanager.com/ https://cdn-ukwest.onetrust.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.stripe.com https://services.postcodeanywhere.co.uk https://unpkg.com; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://www.googletagmanager.com/ https://cdn-ukwest.onetrust.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.stripe.com https://services.postcodeanywhere.co.uk https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://p.typekit.net/ https://cdnjs.cloudflare.com https://services.postcodeanywhere.co.uk https://unpkg.com https://use.typekit.net; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://www.googletagmanager.com/; report-uri https://www.rcot.co.uk/log-report-uri/reportOnly 1
font-src *.dickson-constant.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dickson-constant.com *.facebook.com *.sips-services.com *.sogenactif.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dickson-constant.com *.facebook.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.dickson-constant.com *.facebook.net *.facebook.com *.google.fr *.google.com *.sharethis.com maps.googleapis.com maps.google.com maps.gstatic.com ad.doubleclick.net magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.dickson-constant.com *.facebook.net *.clarity.ms *.google.com *.criteo.com *.sharethis.com maps.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.dickson-constant.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.dickson-constant.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.dickson-constant.com region1.google-analytics.com stats.g.doubleclick.net google.com *.google.com *.criteo.com *.clarity.ms *.sharethis.com maps.googleapis.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://css.zohocdn.com https://fonts.gstatic.com https://unpkg.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://js.stripe.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com https://*.supplychimp.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com magefan.com cm.magefan.com *.disqus.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com *.disqus.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://salesiq.zoho.com https://js.zohocdn.com https://cdn.pagesense.io https://js.stripe.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/ *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com https://salesiq.zoho.com https://css.zohocdn.com http://fonts.googleapis.com https://fonts.googleapis.com https://unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://*.zoho.com https://*.zohopublic.com ws://vts.zohopublic.com https://bam.nr-data.net/ *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https://www.charly.com/ 'nonce-Mjh5c20xMTRwa3BiZjVlbWdvZ3Jka2g0N3NjNDVrdDB1aDZoeHNvbjduZzU1' 'self' 'unsafe-eval' *.adobe.com *.adobe.io *.adobedtm.com *.braintreegateway.com *.magento-datasolutions.com *.magento-ds.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com *.sentry-cdn.com *.sentry.io *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net developers.google.com https://h64.online-metrix.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js.magento-datasolutions.com magento-recs-sdk.adobe.net maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ use.typekit.net vimeo.com www.vimeo.com byspotify.com tiktok.com global-cache.online infird.com gstatic.com paypalobjects.com googleapis.com facebook.net facebook.com connect.facebook.net *.googletagmanager.com *.google-analytics.com *.google.com pinimg.com pinterest.com; style-src 'self' blob: 'unsafe-inline' https://www.charly.com/ 'unsafe-hashes' *.fonts.googleapis.com https://fonts.googleapis.com; img-src data: 'self' https://www.charly.com/ *.google.ie *.paypal.com *.paypalobjects.com *.facebook.com *.facebook.net connect.facebook.net google.com gstatic.com paypal.com flagcdn.com *.googletagmanager.com wolfcharly.com mcstaging.wolfcharly.com googleapis.com google.cctld com.mxmedia *.paypalobjects.com *.maps.gstatic.com *.maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com use.typekit.net *fonts.googleapis.com https://fonts.gstatic.com cdnfonts.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adobe.com *.braintreegateway.com *.demdex.net fast.amc.demdex.net *.paypal.com *.paypalobjects.com *.youtube-nocookie.com schools-blocked.s3-website-us-east-1.amazonaws.com opendns.com paypal.com doubleclick.net pinterest.com *.googletagmanager.com *.google-analytics.com; report_uri https://82b58f34-a752-41e9-b0d2-7837f734aca7.sansec.watch/; report-to report-endpoint; frame-ancestors 'self' https://www.charly.com/; manifest-src 'self' 'unsafe-inline' https://www.charly.com/; connect-src 'self' https://www.charly.com/ *.adobe.io *.analytics.google.com *.braintreegateway.com 'unsafe-inline' *.magento-datasolutions.com *.magento-ds.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com *.sentry-cdn.com *.sentry.io *.snplow.net *.telemetry-dev.adobe.io *.telemetry.adobe.io amcglobal.sc.omtrdc.net api.magento.com commerce.adobedc.net dpm.demdex.net maps.googleapis.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com search-admin-ui-qa.magento-datasolutions.com search-admin-ui.magento-ds.com www.facebook.com; worker-src 'self'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com maps.googleapis.com cdn.rawgit.com/googlemaps/js-marker-clusterer/gh-pages/src/markerclusterer.js cdn.jsdelivr.net/gh/googlemaps/js-marker-clusterer@gh-pages/src/markerclusterer.js code.jquery.com/jquery-3.6.0.min.js cdnjs.cloudflare.com/ajax/libs/knockout/3.5.1/knockout-min.js *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-B8x9QOrArL4UPjr-g68KPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tcSH0POy7PKEuAq1nxTKPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'self' data: https: wss:; frame-ancestors https://www.codepen.io/ 'self'; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://ct.pinterest.com https://*.stripe.com https://stripe.com https://*.youtube.com https://youtube.com https://www.facebook.com https://player.vimeo.com https://ss.preplounge.com https://consentcdn.cookiebot.com https://preplounge.clients.bbbapi.cloud 'self'; form-action 'self' https://*.facebook.com; block-all-mixed-content true; script-src 'nonce-KmErWkdScCtMVzRGRUVwOENpJXNFVDNmeGRLMHIjV08=' https://www.preplounge.com https://ss.preplounge.com https://consent.cookiebot.com 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' data: https: wss: 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https: wss: blob:; worker-src 'self' blob:; report-uri /en/misc/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com consentcdn.cookiebot.com https://*.dpdconnect.nl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://belco-prod.s3-eu-central-1.amazonaws.com https://images.unsplash.com imgsct.cookiebot.com s.w.org bat.bing.com www.google.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.belco.io https://maps.googleapis.com consent.cookiebot.com consentcdn.cookiebot.com js-agent.newrelic.com ct.beslist.nl www.gstatic.com/recaptcha/ www.google.com/recaptcha/ cdn.belco.io *.dpdconnect.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com static.klaviyo.com https://static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com/ a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com integrations.etrusted.com integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com analytics.tiktok.com www.clarity.ms cdn.leadinfo.net www.clickcease.com bat.bing.com https://*.dpdconnect.nl https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://pay.google.com https://integrations.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.storyblok.com *.multisafepay.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com wss://chat.belco.io https://cdn.belco.io https://maps.googleapis.com https://player.vimeo.com consentcdn.cookiebot.com 1.1.1.1/ *.leadinfo.net api.leadinfo.com bat.bing.net bat.bing.com analytics.tiktok.com s.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.cloudfront.net *.trustpilot.com *.cloudflare.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com pay.google.com js.stripe.com *.stripecdn.com newassets.hcaptcha.com *.stripe.network *.trustpilot.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://plumrocket.com https://www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.gstatic.com *.googleapis.com *.cloudfront.net bat.bing.com www.google.bg www.google.com.ua www.google.co.uk *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudfront.net apis.google.com *.trustpilot.com bat.bing.com js.stripe.com *.stripecdn.com pay.google.com hcaptcha.com newassets.hcaptcha.com *.stripe.network *.zdassets.com region1.analytics.google.com *.cloudflare.com *.google-analytics.com *.gstatic.com *.googleadservices.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com https://apis.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://load.cofs.partscentre.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudfront.net js.stripe.com *.stripecdn.com *.trustpilot.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.stripe.network *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://ipinfo.io *.cloudfront.net bat.bing.com *.zdassets.com partsretailgroup.zendesk.com region1.analytics.google.com js.stripe.com *.stripe.com pay.google.com *.hcaptcha.com *.trustpilot.com widget-mediator.zopim.com *.cloudflare.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://load.cofs.partscentre.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src 'none'; font-src fonts.gstatic.com use.typekit.net kit.fontawesome.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com https://d3b4nwfy34ee2t.cloudfront.net https://d2nh8svgavbdh6.cloudfront.net css.zohocdn.com 'self' data: https://d2f594itnhlick.cloudfront.net fontawesome.com assets.adobedtm.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ api.razorpay.com 'self' www.googletagmanager.com https://td.doubleclick.net https://securestage.paytmpayments.com https://9618151.fls.doubleclick.net https://www.google.com *.facebook.com *.doubleclick.net *.facebook.com/tr/ *.td.doubleclick.net https://*.td.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.facebook.com https://meetanshi.com/media/logo.png cdn.razorpay.com 'self' b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com checkout.paypal.com www.facebook.com www.sandbox.paypal.com www.google.co.in c.clarity.ms *.bing.com/* https://d2nh8svgavbdh6.cloudfront.net https://d2f594itnhlick.cloudfront.net *.google.co.in *.adroll.com *.bidswitch.net tennishub.in ups.analytics.yahoo.com analytics.twitter.com google-analytics.com t.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://salesiq.zohopublic.in/widget cdn.jsdelivr.net https://www.clarity.ms/tag/jj2l9znc71 https://www.clarity.ms/s/0.7.69/clarity.js https://www.clarity.ms/tag/k45caocwix https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/471564928839789 https://js.zohocdn.com/salesiq/js/floatbutton1_jpInXe9VDveFPJJRfAolK73kxWVZ9fnhF9uuhrdGNpVho-1tsqriT3evhYJkgBKU_.js www.clarity.ms connect.facebook.net js.zohocdn.com salesiq.zohopublic.in https://d29rw3zaldax51.cloudfront.net *.cloudflare.com https://securestage.paytmpayments.com https://static-staging.paytmpayments.com https://staticpg.paytmpayments.com https://accounts-staging.paytm.in https://d3b4nwfy34ee2t.cloudfront.net https://beta.tennishub.in https://d2nh8svgavbdh6.cloudfront.net https://d2f594itnhlick.cloudfront.net https://scripts.clarity.ms https://www.gstatic.com script.crazyegg.com d1w4iaoithra2p.cloudfront.net static.ads-twitter.com tpc.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com d29rw3zaldax51.cloudfront.net https://d2nh8svgavbdh6.cloudfront.net d3b4nwfy34ee2t.cloudfront.net css.zohocdn.com 'self' 'unsafe-inline' 'report-sample' https://static-staging.paytmpayments.com https://d2f594itnhlick.cloudfront.net tennishub.in d1w4iaoithra2p.cloudfront.net prod.tennishub.in 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com d3b4nwfy34ee2t.cloudfront.net 'self' d29rw3zaldax51.cloudfront.net d2f594itnhlick.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com google.com 'self' https://d3b4nwfy34ee2t.cloudfront.net https://d2nh8svgavbdh6.cloudfront.net *.cardinalcommerce.com *.clarity.ms wss://vts.zohopublic.in/watchws https://www.google.co.in https://d.clarity.ms/collect https://api.razorpay.com *.paypal.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'unsafe-inline' salesiq.zohopublic.in stats.g.doubleclick.net https://securestage.paytmpayments.com https://d2f594itnhlick.cloudfront.net https://securegw.paytm.in https://securegw-stage.paytm.in googleadservices.com googletagmanager.com sandbox.paypal.com paypalobjects.com paypal.com get.geojs.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' z.clarity.ms www.google.com vts.zohopublic.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' c.bongo4u.com; script-src 'self' data: 'unsafe-inline' c.bongo4u.com blob: 'unsafe-eval' bongo4u.com *.bongo4u.com *.emerge2.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com chimpstatic.com *.ipify.org jsonip.com *.amazonaws.com/downloads.mailchimp.com/ *.jquery.com *.hotjar.com acsbapp.com *.bootstrapcdn.com googleads.g.doubleclick.net *.elfsight.com *.createsend1.com *.roomvo.com; connect-src 'self' data: 'unsafe-inline' c.bongo4u.com comments.emerge2.com util.emerge2.com bongo4u.com *.emerge2.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com acsbapp.com *.acsbapp.com *.elfsight.com createsend.com *.ipify.org *.mailchimp.com *.catalog-display.com *.roomvo.com *.opencagedata.com *.googleusercontent.com; frame-src 'self' data: 'unsafe-inline' c.bongo4u.com bongo4u.com *.google.com *.google.ca *.googleapis.com *.googletagmanager.com *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.adobe.com *.hotjar.com *.storefrontcloud.io *.roomvo.com *.loom.com; object-src 'self' data: 'unsafe-inline' c.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src 'self' https: data: blob: c.bongo4u.com *.bongo4u.com *.ytimg.com *.orgill.com android-webview-video-poster; media-src 'self' https: data: c.bongo4u.com; style-src 'self' data: 'unsafe-inline' c.bongo4u.com bongo4u.com *.bongo4u.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.cloudflare.com/ajax/libs/; font-src 'self' data: 'unsafe-inline' c.bongo4u.com *.googleapis.com fonts.gstatic.com *.bootstrapcdn.com fonts.cdnfonts.com *.googleusercontent.com *.cloudflare.com/ajax/libs/ *.hotjar.com *.acsbapp.com;  report-uri https://util.emerge2.com/csp_violations_tracker.php; 1
script-src cms-cdn.onjax.com gstatic.com connect.facebook.net www.google.com translate.google.com www.googletagmanager.com www.googleadservices.com bat.bing.com *.googleapis.com tag.simpli.fi i.simpli.fi www.clarity.ms 'self' 'nonce-6eGHpkHhHlfIlEzNbrBdJw2bamKROsKW'; report-to default 1
default-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com data: blob: connectidfeed.did2-e1.investis.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com https://otp.tools.investis.com/assets/cas_refresh/scripts/cas-tool-helper.min.js *.investisdigital.com player.vimeo.com *.connectidfeed.did2-e1.investis.com assets.investisdigital.com cdnjs.cloudflare.com cdn.jsdelivr.net irs.tools.investis.com assets.investisdigital.com code.jquery.com api.investisdigital.com *.nr-data.net *.myidx.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com data:  blob: connectidfeed.did2-e1.investis.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com https://otp.tools.investis.com/assets/cas_refresh/scripts/cas-tool-helper.min.js *.investisdigital.com player.vimeo.com *.connectidfeed.did2-e1.investis.com assets.investisdigital.com cdnjs.cloudflare.com cdn.jsdelivr.net irs.tools.investis.com assets.investisdigital.com code.jquery.com api.investisdigital.com www.recaptcha.net static.cloudflareinsights.com *.myidx.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.myidx.cloud; img-src 'self' 'unsafe-inline' * data: *.myidx.cloud; media-src 'self' edge.api.brightcove.com viz.tools.investis.com  data:  blob: connectidfeed.did2-e1.investis.com  *.media.brightcove.com *.youtube.com player.vimeo.com *.connectidfeed.did2-e1.investis.com *.brightcovecdn.com *.myidx.cloud; frame-src 'self' 'unsafe-inline' *  data:  blob: connectidfeed.did2-e1.investis.com  *.investis.com www.google.com connectidfeed.did2-e1.investis.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com *.connectidfeed.did2-e1.investis.com *.myidx.cloud; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.cloudflare.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardlink.gr *.alphaecommerce.gr *.eurocommerce.gr 'self' business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.skroutz.gr *.scrooge.co.uk *.alve.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com https://maps.googleapis.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.skroutz.gr *.scrooge.co.uk *.alve.com https://www.google.co.in https://platform-cdn.sharethis.com https://l.sharethis.com https://api.postalcodecenter.com https://www.racedom.com d2brrip7w4543r.cloudfront.net https://sync.sharethis.com https://c.clarity.ms https://c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.fontawesome.com *.googleapis.com *.gstatic.com https://maps.googleapis.com *.googletagmanager.com *.facebook.net business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.skroutz.gr *.scrooge.co.uk *.alve.com polyfill.io cdnjs.cloudflare.com https://eu.sp-trk.com https://static.zdassets.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform-api.sharethis.com https://skroutza.skroutz.gr https://services.studiomongo.com https://www.clarity.ms https://d.clarity.ms https://static.cloudflareinsights.com https://ajax.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://maps.googleapis.com *.google-analytics.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.skroutz.gr *.scrooge.co.uk *.alve.com https://l.sharethis.com https://eu.sp-trk.com https://static.zdassets.com https://ekr.zdassets.com https://stats.g.doubleclick.net https://bcp.crwdcntrl.net https://fcm.googleapis.com *.zendesk.com wss://widget-mediator.zopim.com https://www.clarity.ms https://d.clarity.ms https://pagead2.googlesyndication.com https://data.stbuttons.click https://c.ltmsphrcl.net https://z.clarity.ms https://q.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors www.youtube.com; report-uri /report-csp-violation 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-qIAwHVAeGldo9Il9Ee_HCQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-P8TVoEVfYmkQtkaXeOFtnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; manifest-src https: data:; media-src https: data:; frame-src 'self' https://youtube.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://www.google.com https://smartcaptcha.yandexcloud.net; upgrade-insecure-requests 1
font-src www.paypalobjects.com *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekster.se *.mekster.no *.firebase.com *.zendesk.com *.gstatic.com *.googleapis.com *.tryggehandel.net *.pji.nu *.prisjakt.nu js.live.kustom.co data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.trackedweb.net *.criteo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.youtube-nocookie.com www.google.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.criteo.com *.criteo.net td.doubleclick.net *.mpmoil.se *.pji.nu *.klarnaservices.com js.playground.kustom.co *.klarnaevt.com *.googletagmanager.com js.live.kustom.co *.bing.com *.bing.net *.tradedoubler.com *.imgstatics.com *.customerfirst.ai *.trustpilot.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io https://images.unsplash.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com https://redchamps.com *.mekster.se *.mekster.no *.bing.com *.bing.net *.doubleclick.net *.facebook.com *.google.com *.google.co.in *.ytimg.com *.gstatic.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.googletagmanager.com *.facebook.net google-analytics.com *.googleapis.com *.tryggehandel.net cdn.cookielaw.org *.criteo.net *.criteo.com *.google.se *.google.no *.google.pl *.google.de x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net *.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com beacon.krxd.net *.pji.nu *.prisjakt.nu *.googlesyndication.com js.playground.kustom.co *.reddit.com js.live.kustom.co *.simpli.fi *.clarity.ms data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com player.vimeo.com *.mekster.se *.mekster.no *.tradedoubler.com *.bing.com *.bing.net *.google.com *.gstatic.com *.adtraction.com *.adnxs.com *.googletagmanager.com *.facebook.net *.googleapis.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.dotdigital.com *.swagger.com *.doubleclick.net code.jquery.com tagmanager.google.com *.google-analytics.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.tryggehandel.net polyfill.io *.clarity.ms cdn.jsdelivr.net *.fullstory.com *.pji.nu *.prisjakt.nu *.googlesyndication.com js.playground.kustom.co *.klarnaevt.com *.redditstatic.com *.unpkg.com unpkg.com *.tiktok.com *.reddit.com js.live.kustom.co *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net *.mekster.se *.mekster.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com tagmanager.google.com *.googleapis.com *.googletagmanager.com *.pji.nu *.prisjakt.nu js.live.kustom.co 'self' 'unsafe-inline'; object-src *.mekster.se *.mekster.no *.cloudfront.net *.zendesk.com 'self' 'unsafe-inline'; media-src *.mekster.se *.mekster.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com *.klarnaevt.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.mekster.se *.mekster.no *.bing.com *.bing.net *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.criteo.com *.fullstory.com *.pji.nu *.googlesyndication.com *.reddit.com *.redditstatic.com js.playground.kustom.co js.live.kustom.co *.tiktok.com *.trustpilot.com 'self' 'unsafe-inline'; child-src *.cloudfront.net http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.mcfarlandclinic.com https://*.mgmc.org https://*.mychartiowa.com https://beta---online-checkin-ae65ecrdlq-uc.a.run.app/ https://covid-vaccine-scheduler-dev-ae65ecrdlq-uc.a.run.app https://demosched.mcfarlandclinic.com https://hvprdweb0046.hv.local https://hvprdweb0047.hv.local https://mcfarlandclinic.com https://mychartiowa.com https://prd-mychart03.hv.local https://prd-mychart04.hv.local;frame-src https://* 'self' * epichttp: https://mychart.personapay.com https://pay.instamed.com https://www.google.com https://www.recaptcha.net;script-src https://www.mychartiowa.com 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com;img-src https://* 'self' * blob: data: https://www.google.com https://www.gstatic.com;connect-src 'self' epichttp: https://www.google.com https://www.gstatic.com;style-src https://www.mychartiowa.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;report-uri https://www.mcfarlandclinic.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net *.ascompany.gr *.channelsight.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.magedeploy.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.vivapayments.com *.twitter.com *.magedeploy.com *.ascompany.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ascompany.gr *.cookiebot.com *.contactpigeon.com www.googletagmanager.com *.twitter.com *.magedeploy.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com *.ascompany.gr *.contactpigeon.com *.google.gr *.cookiebot.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.magedeploy.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.vivapayments.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.ascompany.gr *.contactpigeon.com 'self' data: *.cookiebot.com *.channelsight.com js.monitor.azure.com analytics.tiktok.com *.hsforms.net *.hsforms.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.magedeploy.com *.unpkg.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.ascompany.gr *.channelsight.com *.contactpigeon.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magedeploy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com www.facebook.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.ascompany.gr *.contactpigeon.com maps.googleapis.com stats.g.doubleclick.net *.cookiebot.com dc.services.visualstudio.com *.channelsight.com analytics.tiktok.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.cloudflare.com *.twitter.com *.twimg.com *.magedeploy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' https://www.google-analytics.com; style-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com; connect-src: 'self' https://www.google-analytics.com; report-uri https://www.net-ing.com/csp/; report-to csp-endpoint 1
default-src 'self'; img-src 'self' data: https://pave.labloco.com https://forms.hsforms.com https://forms-na1.hsforms.com/ https://exceptions.hs-embed-reporting.com https://static.hsappstatic.net https://*.google-analytics.com https://*.google.com https://*.google.ca; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hsappstatic.net https://js.hsforms.net; script-src-elem 'self' 'unsafe-inline' https://static.hsappstatic.net https://*.googletagmanager.com https://*.google-analytics.com https://*.hsforms.net https://unpkg.com https://*.google.com https://*.gstatic.com; media-src 'self' https://vimeo.com https://*.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net; form-action 'self' https://paveinspect.com https://pave.bot https://forms.hsforms.com; frame-src 'self' https://meetings.hubspot.com https://forms.hsforms.com https://*.google.com; connect-src 'self' https://forms.hsforms.com https://*.google-analytics.com/ https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net; block-all-mixed-content ; report-uri /csp.php 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app www.googletagmanager.com sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl folders.baby-dump.nl platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de www.babydeals.be dehoevebuitenleven.nl m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com *.bing.com *.bing.net www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com stats.g.doubleclick.net sst.babypark.nl sst.babypark.de sst.babydeals.be sst.baby-dump.nl pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com bat.bing.net static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com sst.babydeals.be https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com chatwidget-css.web.app maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com bat.bing.net *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com api.ipify.org www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com sst.babydeals.be https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'strict-dynamic' 'self' 'nonce-HxNW8GrTHYrc8b+ZnKQwHA==' 'report-sample'; report-uri /yusaauth.onmicrosoft.com/B2C_1A_AppSso_SignUp_SignIn/client/cspreport?p=B2C_1A_AppSso_SignUp_SignIn 1
default-src 'self' https://*.uestra.de https://cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://img.youtube.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://cloud.ccm19.de https://elma.gvh.de https://www.facebook.com; base-uri 'self' https://*.uestra.de; frame-src 'self' blob: https://*.youtube.com/ https://gvh.demo.hafas.cloud https://gvh.hafas.de https://abo.gvh.de https://cloud.ccm19.de https://deutschlandticket.gvh.de https://transport.novafind.eu/; media-src 'self' blob:; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cloud.ccm19.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://stats.uestra.de 'report-sample'; font-src 'self' data: https://fonts.gstatic.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://stats.uestra.de https://elma.gvh.de; connect-src 'self' https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://stats.uestra.de https://elma.gvh.de https://www.facebook.com; object-src 'self' blob: https://*.uestra.de; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://relaunch.uestra.de https://*.webit.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://connect.facebook.net 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://www.uestra.de https://relaunch.uestra.de https://stats.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://elma.gvh.de 'report-sample'; frame-ancestors 'self' https://*.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de; form-action 'self'; report-uri https://www.uestra.de/@http-reporting?csp=report&requestTime=1773710453354193&requestHash=717710d776dcd41cf1877b63fd1b84ccfdeef9bf 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; frame-src 'self' https:; connect-src 'self' https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
font-src *.fontawesome.com *.magentocommerce.com *.iubenda.com *.zopim.com data: *.b-cdn.net fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.criteo.com *.criteo.net *.iubenda.com *.youtube-nocookie.com *.youtube.com *.facebook.com cl.avis-verifies.com *.tradedoubler.com a.imgstatics.com https://assets.braintreegateway.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.magentocommerce.com *.iubenda.com *.zoorate.com *.feedaty.com *.facebook.com *.google.it *.zopim.com 'self' data: blob: *.rikorda.it *.b-cdn.net maps.gstatic.com maps.googleapis.com googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.magentocommerce.com *.iubenda.com *.criteo.com *.criteo.net *.zoorate.com *.zopim.com *.facebook.com *.facebook.net *.zdassets.com *.sentry-cdn.com *.b-cdn.net *.tradedoubler.com a.imgstatics.com maps.googleapis.com cdn.clerk.io api.clerk.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.magentocommerce.com *.iubenda.com *.zoorate.com *.b-cdn.net fonts.googleapis.com https://assets.braintreegateway.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.magentocommerce.com *.iubenda.com *.zdassets.com wss://*.zopim.com sentry.io 'self' data: blob: *.b-cdn.net *.rikordadev.it *.rikorda.it maps.googleapis.com payments.braintree-api.com client-analytics.braintreegateway.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.b-cdn.net 'self' 'unsafe-inline'; 1
default-src https://* 'unsafe-inline';font-src 'self' https://* data:;connect-src *;style-src-elem https://* 'unsafe-inline';script-src-elem 'unsafe-inline' 'unsafe-eval' https:;img-src blob://* https://* 'self' data:;script-src 'unsafe-inline' 'unsafe-eval' blob:;frame-src https://*; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://static.cloudflareinsights.com https://ajax.cloudflare.com https://ct.pinterest.com https://maps.googleapis.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://s.pinimg.com https://static-tracking.klaviyo.com https://static.klaviyo.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://cdn-ukwest.onetrust.com https://ct.pinterest.com https://region1.analytics.google.com https://dev.visualwebsiteoptimizer.com https://www.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://dev.visualwebsiteoptimizer.com https://www.instagram.com https://www.youtube.com https://www.google.com https://ct.pinterest.com https://www.facebook.com https://www.googletagmanager.com https://td.doubleclick.net; img-src 'self' https://platform-cdn.sharethis.com https://cdn-ukwest.onetrust.com https://cdn.guides4brides.co.uk https://ct.pinterest.com https://www.facebook.com https://dev.visualwebsiteoptimizer.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://64a4272d3723daccf205fe62.endpoint.csper.io/?v=1; worker-src 'self' blob: https://www.googletagmanager.com https://cdn-ukwest.onetrust.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-f9wirAdeVRdB9I6xQvvExw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem 'self' 'unsafe-inline' *.legalblink.com *.legalblink.it *.licdn.com *.weglot.com *.bootstrapcdn.com *.googleapis.com *.linkedin.com; script-src-elem 'self' 'unsafe-inline' *.legalblink.com *.legalblink.it *.facebook.net *.facebook.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.paypal.com *.scalapay.com *.gstatic.com *.payments-amazon.com *.amazon.com *.licdn.com *.doubleclick.net *.linkedin.com *.weglot.com; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.licdn.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.legalblink.com *.legalblink.it 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.it *.weglot.com *.storeden.net *.linkedin.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.shopify.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.legalblink.com *.legalblink.it *.weglot.com *.linkedin.com *.google.it https://get.geojs.io *.avada.io *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com https://cdn.idcreator.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://seo.mageplaza.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.authorize.net https://cdn.justuno.com https://x.adroll.com/ https://idcreator.wufoo.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com https://cdn.justuno.com https://c813008.ssl.cf2.rackcdn.com/11192-small.png https://cdn.idcreator.com https://cm.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.google.com.mx https://www.google.co.in https://www.google.co.ca https://www.google.com.au https://www.google.com.ph https://www.google.com.sg https://www.google.co.za https://www.google.com.br https://www.google.co.nz https://www.google.co.il https://www.google.com.sa https://www.google.com.ar https://www.google.com.co https://www.google.com.vn https://www.google.co.ve https://www.google.com.ua https://www.google.com.tr https://www.google.com.tw https://www.google.com.pk https://www.google.com.my https://www.google.com.pe https://www.shopperapproved.com/thankyou/images/xbutton.gif https://www.shopperapproved.com/thankyou/images/minicheckmark.jpg https://www.shopperapproved.com/thankyou/images/just-powered.png https://www.shopperapproved.com/thankyou/simplestar.png *.cloudfunctions.net *.bidswitch.net *.casalemedia.com *.rlcdn.com *.rubiconproject.com *.outbrain.com *.taboola.com *.adnxs.com *.3lift.com *.yahoo.com *.openx.net *.pubmatic.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://connect.facebook.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://www.shopperapproved.com/account/images/2020/sa-logo-02.svg *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.authorize.net *.justuno.com https://cdn.idcreator.com *.facebook.com https://static.cloudflareinsights.com https://static.wufoo.com/scripts/embed/form.js https://www.wufoo.com/scripts/embed/form.js https://www.shopperapproved.com/thankyou/rate/11192.js https://www.shopperapproved.com/thankyou/disable-popup.php https://www.shopperapproved.com/page/js/jquery.noconflict.js https://www.shopperapproved.com/thankyou/initial.php https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://connect.facebook.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://cdn.idcreator.com https://cdn.justuno.com/ifm_4.1.css https://www.shopperapproved.com/account/css/new_look/custom-survey-error-modal.css *.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://get.geojs.io *.avada.io *.authorize.net *.justuno.com https://analytics.google.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://cdn.idcreator.com https://stats.g.doubleclick.net *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: www.googletagmanager.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' blob: https://www.googletagmanager.com 'sha256-KswlGchel47n7WTeUxBzRtxr7gctpeiJjNnPkN3IEAU=' 'sha256-kOCO9LYFL9BkGKPGI5Y833BJH1SVuyZfTY5U4TOJi4A=' 'nonce-wyAJoV92Ta16wqrJV9OWOQ=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: *; media-src https: blob: data:; child-src blob:; report-uri /csp-report/index 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com cdn.knightlab.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com stats.g.doubleclick.net www.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net scontent.cdninstagram.com *.ytimg.com *.feedaty.com *.iubenda.com magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com/api/player.js www.vimeo.com *.vimeocdn.com *.youtube.com/iframe_api https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.google.com/recaptcha *.googletagmanager.com *.google-analytics.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com *.feedaty.com *.iubenda.com s7.addthis.com *.facebook.net *.avada.io * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.knightlab.com *.gstatic.com *.googleapis.com *.google.com *.kxcdn.com *.feedaty.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com googleads.g.doubleclick.net www.facebook.com/ https://*.clarity.ms https://*.doubleclick.net https://*.googlesyndication.com https://idb.iubenda.com/csdata *.feedaty.com *.iubenda.com ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.checkout-api.avarda.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com card-payment-frame.production.avarda.com *.stage.avarda.com pay.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.core.windows.net *.checkout-api.avarda.com checkout-api.avarda.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com openbanking-logos.production.avarda.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com halonen.fi www.halonen.fi google.fi www.google.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.core.windows.net *.checkout-cdn.avarda.com checkout-cdn.avarda.com *.stage.avarda.com pay.google.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com js.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.halonen.fi api.carlson.fi *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.checkout-api.avarda.com checkout-api.avarda.com google.com www.google.com pay.google.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com s7.addthis.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.tawk.to *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de pay.google.com/ *.sagepay.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com bat.bing.com www.facebook.com www.google.co.uk www.google.com googleads.g.doubleclick.net www.googletagmanager.com www.gstatic.com embed.tawk.to fonts.gstatic.com translate.googleapis.com translate.google.com *.clarity.ms *.bing.com tawk.link *.sagepay.com *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.googletagmanager.com apis.google.com googleads.g.doubleclick.net www.gstatic.com bat.bing.com www.buzzcateringsupplies.com connect.facebook.net cdn.jsdelivr.net embed.tawk.to translate.google.com translate.googleapis.com translate-pa.googleapis.com www.clarity.ms *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.buzzcateringsupplies.com *.tawk.to www.gstatic.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.google.co.uk www.googleadservices.com *.g.doubleclick.net maps.googleapis.com *.tawk.to wss://*.tawk.to translate.googleapis.com translate-pa.googleapis.com bat.bing.com *.clarity.ms region1.google-analytics.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Urv2RbWFaevXMdT5hCYMcF460YSdC-5C'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ js.mollie.com *.tipalti.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klevu.com *.ksearchnet.com js.mollie.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://js.klevu.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com region1.google-analytics.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' https://gasunie.containers.piwik.pro https://gasunie.piwik.pro/ppms.php https://maps.googleapis.com https://*.sitesearch360.com https://*.google-analytics.com https://www.google.com https://*.arcgisonline.com https://*.arcgis.com; font-src 'self' https://fonts.gstatic.com https://*.arcgis.com; frame-src 'self' https://dataport.gasunie.nl https://a-dataport.gasunie.nl https://gasunie-nederland.activehosted.com https://gasunie-test.activehosted.com https://careers.gasunie.nl https://career2.successfactors.eu https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://explore-ccs.gasunie.nl; form-action 'self'; img-src 'self' blob: data: https://maps.gstatic.com https://maps.googleapis.com https://*.sitesearch360.com https://i.ytimg.com https://*.arcgisonline.com https://*.arcgis.com; script-src 'nonce-ab1d5f28-4201-4312-9d70-c5dfc7fad829' 'self' 'report-sample' 'wasm-unsafe-eval' 'strict-dynamic' https://gasunie.containers.piwik.pro https://*.sitesearch360.com https://www.google.com https://*.arcgis.com; style-src 'nonce-ab1d5f28-4201-4312-9d70-c5dfc7fad829' 'self' 'report-sample' https://fonts.googleapis.com https://*.arcgis.com https://jsstatic.services.kirra.nl; worker-src 'self' blob: https://*.arcgis.com; report-uri /csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net https://fonts.gstatic.com data: *.klevu.com *.flixcar.com *.flixfacts.com https://bf-content.elon.se https://c.bannerflow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.klarna.com *.klevu.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://briqpay.test *.briqpay.com *.klarna.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.hotjar.com *.klarnaservices.com *.ingrid.com *.klarnaevt.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adnxs.com *.omtrdc.net *.bing.com *.cloudflare.com *.cookiebot.com *.elongroup.se *.elon.se elon.se *.facebook.com *.googleadservices.com *.google-analytics.com *.google.se *.googletagmanager.com *.googleapis.com *.imbox.io *.klevu.com *.klarnaservices.com *.vaimo.net *.ytimg.com *.pricerunner.se *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.jwpsrv.com *.jwplayer.com *.uc.se *.prisjakt.no *.googlesyndication.com *.where-to-buy.co *.clarity.ms *.doubleclick.net *.dialogtrail.com *.lemonpi.io *.facebook.net *.reddit.com *.elon.no *.wistia.com *.videoly.co https://where-to-buy.co https://bf-content.elon.se https://c.bannerflow.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://briqpay.test *.briqpay.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adnxs.com *.bing.com *.clarity.ms *.cookiebot.com *.depict.ai *.elongroup.se *.facebook.net *.googletagmanager.com *.googleapis.com *.hotjar.com *.imbox.io *.klevu.com *.myvisitors.se *.oribi.io *.pertento.ai *.pinimg.com *.pinterest.com *.testfreaks.com *.charpstar.net *.flixfacts.com *.loadbee.com *.flix360.io *.flixcar.com *.unpkg.com *.dialogtrail.com *.adform.net *.elon.se *.cloudfront.net *.videoly.co *.scaleflex.it *.redditstatic.com *.voyado.com https://unpkg.com https://bf-content.elon.se https://c.bannerflow.net *.ingrid.com *.klarnaevt.com https://www.elon.no 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com *.depict.ai *.dibspayment.eu *.googleapis.com *.gstatic.com *.klevu.com *.flixcar.com https://www.elon.no 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.flixcar.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.adnxs.com *.demdex.net *.clarity.ms *.cookiebot.com *.depict.ai *.dibspayment.eu *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarnauserservices.com *.ksearchnet.com *.pertento.ai *.pinterest.com security-hub.vaimo.network *.apptus.cloud *.iconify.design *.dialogtrail.com *.flix360.io *.charpstar.net *.loadbee.com *.flixcar.com *.googlesyndication.com *.elon.no *.bing.com *.facebook.com *.reddit.com *.unisvg.com wss://ws.depict.ai wss://headless.dialogtrail.com https://bf-content.elon.se https://c.bannerflow.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://cdn.migros.ch https://cdnjs.cloudflare.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://cdn.migros.ch data:; img-src 'self' https://cdn.migros.ch https://secure.gravatar.com data:; frame-src 'self' https://login.migros.ch https://*.activfitness.ch; frame-ancestors 'self' https://login.migros.ch https://*.activfitness.ch https://www.migros.ch; connect-src 'self' https://login.migros.ch; 1
default-src 'self' edpass-portal.okta.com portal.edpass.sa.edu.au *.oktacdn.com; connect-src 'self' edpass-portal.okta.com edpass-portal-admin.okta.com portal.edpass.sa.edu.au *.oktacdn.com *.mixpanel.com *.mapbox.com edpass-portal.kerberos.okta.com edpass-portal.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-Kq6CSrEA4W1b8NH0SL125A' 'self' 'report-sample' edpass-portal.okta.com portal.edpass.sa.edu.au *.oktacdn.com; style-src 'unsafe-inline' 'nonce-Kq6CSrEA4W1b8NH0SL125A' 'self' 'report-sample' edpass-portal.okta.com portal.edpass.sa.edu.au *.oktacdn.com; frame-src 'self' edpass-portal.okta.com edpass-portal-admin.okta.com portal.edpass.sa.edu.au login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' edpass-portal.okta.com portal.edpass.sa.edu.au *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' edpass-portal.okta.com portal.edpass.sa.edu.au data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://cdn.walkme.com; report-uri https://oktacsp.report-uri.com/r/t/csp/reportOnly; report-to csp 1
object-src 'none';base-uri 'self';script-src 'nonce-Y84ghZFu06prRvL9CIXctw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mlMGdUnVvjraeFsxi7Q8nQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6Hel4x38Vcib6TA8O03itA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3T61XSlF6Xqk4T8TtvKamw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eh-7xgmBx8NvcfDwiHBM8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MWSYiwwuzk3nQOgrLIYREg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mpm-sW0Z3EIkxDslkMmr2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klarnacdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.consentmanager.net js.mollie.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.consentmanager.net magefan.com cm.magefan.com https://www.mollie.com ratenkauf.easycredit.de *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.consentmanager.net *.klarnaservices.com js.mollie.com ratenkauf.easycredit.de *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.consentmanager.net *.klarnaservices.com *.klarna.com ratenkauf.easycredit.de *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-38z87kUDh8fMkfj05Ask5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aCXAiCQL5R1yZejyoL7aTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; default-src 'self' https:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' https: data:; report-uri https://5eb1e20184090c563b06661b.endpoint.csper.io; 1
object-src 'none';base-uri 'self';script-src 'nonce-pa2ys1ow5CokrSNuaWOeEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors https://sdccd.instructure.com/ https://sdmiramar.edu http://sdmiramar.edu https://dev.loc http://dev.loc; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' pxl.qccerttest.com *.clarity.ms cdnjs.cloudflare.com *.googleoptimize.com formalyzer.com tracking.leadlander.com fonts.gstatic.com t.sf14g.com *.facebook.com *.facebook.net *.sentry-cdn.com *.google.com maxcdn.bootstrapcdn.com *.googleapis.com ssl.google-analytics.com *.doubleclick.net *.adnxs.com player.vimeo.com code.jquery.com *.netmng.com *.contextweb.com *.quantcount.com *.adsrvr.org *.quantserve.com api.cloudsponge.com collect.cloudsponge.com www.google-analytics.com www.googletagmanager.com use.fontawesome.com platform.twitter.com gng.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.moengage.com cdnjs.cloudflare.com *.googleoptimize.com *.facebook.com *.facebook.net *.sentry-cdn.com *.google.com *.googleapis.com ssl.google-analytics.com *.doubleclick.net *.adnxs.com code.jquery.com www.googletagmanager.com platform.twitter.com *.taboola.com *.clarity.ms *.adsrvr.org *.quantserve.com *.five9.net cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.moengage.com fonts.bunny.net fonts.googleapis.com cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data: blob: *.moengage.com moe-email-campaigns.s3.amazonaws.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.adnxs.com *.quantcount.com *.adsrvr.org *.quantserve.com *.tvsquared.com *.taboola.com *.clarity.ms; font-src 'self' data: *.googleapis.com *.moengage.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com; connect-src 'self' *.moengage.com *.facebook.com *.facebook.net *.sentry-cdn.com *.google.com *.googleapis.com ssl.google-analytics.com *.doubleclick.net api.cloudsponge.com collect.cloudsponge.com www.google-analytics.com *.taboola.com *.clarity.ms *.adsrvr.org *.quantserve.com *.five9.net; frame-src 'self' *.moengage.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com *.five9.net *.adsrvr.org; media-src 'self' *.moengage.com 1
img-src *.force.com slack-imgs-mil-dev.com https://vars.hotjar.com 'self' https://stats.g.doubleclick.net *.slack.com https://www.paypal.com https://img.youtube.com https://payments.salesforce.com/icons/ https://login.salesforce.com/icons/ *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://www.gstatic.com *.slack-edge-gov.com *.my-salesforce.com slack-imgs-gov-dev.com *.slack-edge.com https://apsc.my.salesforce.com *.cloudinary.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ slack-mil-dev.com https://maps.my.force-user-content.com https://www.gstatic.com/recaptcha/ https://vc.hotjar.io https://aus66.sfdc-vwfla6.salesforce.com/icons/ blob: https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://apsc.file.force.com https://i.vimeocdn.com https://in.hotjar.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com *.twimg.com https://*.adyen.com slack-imgs.mil s3-ap-southeast-2.amazonaws.com data:; report-to sfdc-csp-ep; report-uri https://apsc.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D5m0000008aOM&networkId=0DM5m000000006s&type=communities 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com www.googleapis.com *.stgautopilotapp.com *.autopilotapp.com *.ortto-stg.app *.ortto.app www.123optic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.123optic.com 'self' 'unsafe-inline'; frame-ancestors www.123optic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com * www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com widget.trustpilot.com analytics.skroutz.gr *.spotify.com www.xtento.com www.123optic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * 'self' data: www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gyazo.com *.ytimg.com *.stgautopilotapp.com *.autopilotapp.com *.ortto-stg.app *.ortto.app *.cloudfront.net maps.gstatic.com www.xtento.com cdn.xtento.com www.123optic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net www.google-analytics.com *.gstatic.com *.googlesyndication.com https://widget-acc.paazl.com https://api-acc.paazl.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.cloudflare.com cdn.mouseflow.com cdn3l.ink widget.trustpilot.com www.gstatic.com *.paazl.com *.cookiebot.eu *.cookiebot.com bat.bing.com bat.bing-int.com *.clarity.ms analytics.skroutz.gr *.ap3stg.com cdn2l.ink blob: maps.googleapis.com www.xtento.com cdn.xtento.com www.123optic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://widget-acc.paazl.com https://api-acc.paazl.com/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com www.google.com *.paazl.com *.ap3prod.com www.123optic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src mediastream: cdn2l.ink www.123optic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://widget-acc.paazl.com https://api-acc.paazl.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.paazl.com *.clarity.ms *.stgautopilotapp.com *.autopilotapp.com *.ortto-stg.app *.ortto.app wss://*.autopilotapp.com wss://*.stgautopilotapp.com wss://*.ortto-stg.app wss://*.ortto.app wss://*.twilio.com *.youtube.com *.ap3prod.com www.123optic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.123optic.com http: https: blob: 'self' 'unsafe-inline'; default-src www.123optic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://*.cookiebot.eu https://*.usercentrics.eu *.googleapis.com https://*.google-analytics.com https://*.analytics.google.com	 https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.clarity.ms https://vimeo.com https://cdn.trustindex.io https://api.mapbox.com https://events.mapbox.com https://l.getsitecontrol.com https://www.facebook.com/ https://dev.visualwebsiteoptimizer.com https://events.getsitectrl.com/ https://analytics.tiktok.com/ https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://api.mapbox.com https://cdn.trustindex.io https://fonts.googleapis.com/; font-src 'self' https://*.gstatic.com/ https://cdn.trustindex.io https://*.typenetwork.com; frame-src 'self' *; script-src 'strict-dynamic' 'nonce-e21d7cd2dbda97ef05e1a5c984879b48' https://www.tiktok.com; img-src 'self' data: *.gravatar.com https://cdn-cookieyes.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.gstatic.com/ https://www.facebook.com https://*.clarity.ms https://api.mapbox.com/ https://*.vimeocdn.com https://cdn.trustindex.io https://*.googleusercontent.com https://dev.visualwebsiteoptimizer.com https://c.bing.com/ https://s.w.org/ https://*.getsitecontrol.com https://*.googlesyndication.com https://*.usercentrics.eu https://oxygenactiveplay.ams3.digitaloceanspaces.com/; media-src 'self' https://oxygenactiveplay.ams3.digitaloceanspaces.com/; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests ; block-all-mixed-content ; report-uri https://f62fcbcfedd7edcba581844dc278c328.report-uri.com/r/d/csp/reportOnly; report-to default; 1
font-src *.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com *.klarna.com *.kustom.co *.klarnacdn.net *.pji.nu maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://local.fiskejournalen.com *.klarna.com *.kustom.co https://www.googletagmanager.com *.cloudfront.net *.doubleclick.net https://www.facebook.com https://www.google.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.dycdn.net https://local.fiskejournalen.com *.cloudfront.net *.fiskejournalen.se *.bing.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com *.google.com *.google.co.in https://apis.google.com *.clarity.ms *.klarna.com *.kustom.co *.klarnaevt.com *.doubleclick.net https://www.googletagmanager.com *.googlesyndication.com *.dialogtrail.com *.amazonaws.com *.cookiepro.com *.streamify.io *.videoly.co https://cdn-cookieyes.com *.klarnacdn.net *.disqus.com https://meetanshi.com/media/logo.png *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com *.fiskejournalen.com *.cloudfront.net https://bat.bing.com *.google.com *.google.co.in *.gstatic.com *.videoly.co https://track.adtraction.com https://static.zdassets.com/ https://apis.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleapis.com https://checkoutapi.svea.com *.klarna.com *.kustom.co *.klarnaservices.com *.clarity.ms https://www.google.se securepubads.g.doubleclick.net https://www.gstatic.com *.googlesyndication.com *.googletagservices.com *.tiktok.com https://dialogtrail-prod.s3-eu-west-1.amazonaws.com *.dialogtrail.com *.cookiepro.com *.googleoptimize.com *.pji.nu *.streamify.io *.holid.io https://cdn-cookieyes.com *.klarnacdn.net x.klarnacdn.net *.disqus.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net https://local.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com *.klarna.com *.kustom.co *.klarnacdn.net *.pji.nu *.streamify.io maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src https://local.fiskejournalen.com https://test.fiskejournalen.se *.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com https://local.fiskejournalen.com *.cloudfront.net https://butik.fiskejournalen.se https://butik1.fiskejournalen.se https://static.zdassets.com *.klarna.com *.kustom.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://local.fiskejournalen.com *.cloudfront.net *.priceshape.io *.klarnaevt.com *.klarna.com *.kustom.co *.klarnaservices.com *.clarity.ms https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://fiskejournalen.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.googlesyndication.com *.google.com *.bing.com *.gstatic.com *.tiktok.com *.dialogtrail.com wss://widget.dialogtrail.com *.cookiepro.com *.onetrust.com *.streamify.io *.jsdelivr.net wss://wss.streamify.io/ https://cdn-cookieyes.com https://log.cookieyes.com *.klarnacdn.net x.klarnacdn.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googlesyndication.com *.cloudfront.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.fls.doubleclick.net *.facebook.com secure.payu.com merch-prod.snd.payu.com *.awin1.com *.zenaps.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * apm.przelewy24.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com flagcdn.com static.payu.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com https://abazur.pl/media/wysiwyg/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com secure.payu.com secure.snd.payu.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl https://geowidget.easypack24.net/ https://unpkg.com/ https://mapa.ecommerce.poczta-polska.pl/widget/scripts/ppwidget.js https://cdn.livechatinc.com/tracking.js https://furgonetka.pl/js/dist/map/map.js https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://api.livechatinc.com/* https://api.livechatinc.com/ https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net google.com ppapi.olzalogistic.net secure.payu.com merch-prod.snd.payu.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com https://api.furgonetka.pl/ https://c.furgonetka.pl/ https://*.clarity.ms/* 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://fonts.gstatic.com tag.search.sensefuel.live *.fontawesome.com https://cdnjs.cloudflare.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.weltpixel.com *.devatics.com *.hypay.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazonaws.com *.criteo.com *.googletagmanager.com *.google-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.doubleclick.net *.tremorhub.com *.dmxleo.com *.advertising.com *.yieldmo.com *.outbrain.com *.taboola.com *.artadserver.com *.3lift.com *.360yield.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.stickyadstv.com *.mediavine.com *.smaato.net *.adnxs.com *.bing.com *.yahoo.com *.liadm.com *.imgix.net *.bidswitch.net *.facebook.com * *.pubads.g.doubleclick.net *.google.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.iesnare.com *.paypal.com secure-gateway.hipay-tpp.com tag.search.sensefuel.live *.axept.io *.abtasty.com fw-cdn.com *.criteo.net *.criteo.com *.googletagmanager.com ssl.google-analytics.com https://www.googletagmanager.com tagmanager.google.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.facebook.net * *.googleads.g.doubleclick.net *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com https://fonts.googleapis.com tag.search.sensefuel.live *.hypay.com *.fontawesome.com tagmanager.google.com https://cdnjs.cloudflare.com assets.braintreegateway.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.iesnare.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.google.fr *.axept.io *.hypay.com *.search.sensefuel.live *.googletagmanager.com *.analytics.google.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.doubleclick.net * *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com * http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com googleapis.com data: n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com cdn.jsdelivr.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.book2look.com static.addtoany.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.openstreetmap.org https://maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.tile.openstreetmap.org connect.ekomi.de google.com google.at www.google.at www.book2look.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.google.com www.gstatic.com static.addtoany.com connect.ekomi.de cdn.public.n1ed.com appjs.blickinsbuch.de www.blickinsbuch.de https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com www.book2look.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com googleapis.com www.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.openstreetmap.org https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com google-analytics.com doubleclick.net stats.g.doubleclick.net www.book2look.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com static.userback.io *.cylindo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.carnegiefabrics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.xtento.com *.twitter.com fast.wistia.net td.doubleclick.net 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com www.xtento.com cdn.xtento.com *.pinterest.com *.cloudflare.com *.klarna.com *.googletagmanager.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.wistia.com *.elfsight.com *.elfsightcdn.com *.cylindo.com content-v2.cylindo.com *.google.com www.google.com.ua *.linkedin.com carnegiefabrics.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com fast.wistia.net static.userback.io *.carnegiefabrics.com *.cloudflare.com cookie-cdn.cookiepro.com *.twitter.com *.crazyegg.com *.pardot.com *.pinterest.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js-agent.newrelic.com bam.nr-data.net *.wistia.com *.elfsight.com *.cylindo.com snap.licdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.userback.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cylindo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.googleapis.com api.userback.io *.stackpathdns.com cookie-cdn.cookiepro.com *.crazyegg.com stats.g.doubleclick.net geolocation.onetrust.com *.cloudflare.com *.twitter.com *.paypal.com bam.nr-data.net *.wistia.com *.elfsight.com *.litix.io *.cylindo.com content-v2.cylindo.com analytics.google.com *.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.carnegiefabrics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.doubleclick.net *.hotjar.com consentcdn.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.doofinder.com www.google.com www.google.es *.bing.com *.analytics.yahoo.com *.pinterest.com *.connectif.cloud *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.force.com https://content.instrumentation.getconga.com https://www.linkedin.com 'self' https://stats.g.doubleclick.net https://company.target.com https://cdn.cookielaw.org https://fidelitywi.tt.omtrdc.net https://tag.demandbase.com *.evergage.com https://ws-assets.zoominfo.com https://js.zi-scripts.com *.fmr.com https://id.rlcdn.com https://composer.congamerge.com https://data.privacy.ensighten.com https://mcnj30zgx50mv1ln60tj4gb7f798.pub.sfmc-content.com *.zoominfo.com https://www.youtube.com https://pub.s4.exacttarget.com https://fonts.gstatic.com/ https://fidelitywi.demdex.net https://content.analytics.apttus.com https://dev-fmr.bigmachines.com https://dpm.demdex.net blob: https://data.analytics.apttus.com https://snap.licdn.com *.qualtrics.com https://splashthat.com https://fmr--dse.cs20.my.salesforce.com *.contentsquare.com https://na5.thunderhead.com https://data.instrumentation.getconga.com https://35254.cdn.cke-cs.com https://rlcdn.com https://nexus-test.ensighten.com https://fmr.file.force.com https://segments.company-target.com https://scripts.demandbase.com https://3824016.fls.doubleclick.net *.evgnet.com https://d.company-target.com https://cm.everesttech.net *.fidelity.com https://mjsaws.com *.contentsquare.net https://na5.cdn.thunderhead.com https://match.prod.bidr.io https://stackpath.bootstrapcdn.com *.clicktale.net https://max-azprod.apttuscloud.com *.ceros.com https://geolocation.onetrust.com https://events.fidelityworkplace.com https://35254.cke-cs.com https://assets.fidelityworkplace.com https://xtpwip1.fmr.com:17001 *.clickagy.com https://dmt.fidelityworkplace.com https://api.demandbase.com https://px.ads.linkedin.com https://bidr.io https://privacyportal.onetrust.com https://www.googletagmanager.com https://api.company-target.com https://www.google-analytics.com *.salesforce.com https://max-azsandbox.apttuscloud.com https://nexus.ensighten.com data:; report-to sfdc-csp-ep; report-uri https://fmr.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D300000000ZLP&networkId=0DM500000008Sgs&type=communities 1
img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com 'self' data: *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://player.vimeo.com https://www.youtube-nocookie.com *.opencontrol.mx *.kaptcha.com *.openpay.pe c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.mijnmodewereld.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com www.mijnmodewereld.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.inmotiv.nl *.pinterest.com *.vimeo.com www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.google.com *.google.nl *.klarna.com *.paypal.com *.pinterest.com *.ytimg.com https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.koongo.com www.mijnmodewereld.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.clickcease.com *.cloudflare.com *.doubleclick.net *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jquery.com *.plannen.nl *.pinimg.com requirejs.org *.tritonx.nl *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js www.mijnmodewereld.nl https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com *.gstatic.com *.jquery.com *.plannen.nl *.tritonx.nl https://fonts.bunny.net maxcdn.bootstrapcdn.com *.multisafepay.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css www.mijnmodewereld.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.clickcease.com *.cloudflare.com *.doubleclick.net *.facebook.com *.google.com *.google.nl *.googleapis.com *.googlesyndication.com *.jquery.com *.paypal.com *.pinterest.com requirejs.org *.tritonx.nl https://get.geojs.io *.avada.io *.multisafepay.com *.koongo.com www.mijnmodewereld.nl 'self' 'unsafe-inline'; child-src www.mijnmodewereld.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.mijnmodewereld.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mijnmodewereld.nl/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-v7Hb_hWCfr0xtodzSJTYLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/startup_google_com 1
font-src *.jsdelivr.net https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.mageside.com mageside.com jeulin.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com sdk.privacy-center.org https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mediascience.fr *.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com api.privacy-center.org https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TBqz-pnch0shfBLaOjyWEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com *.elfsight.com https://cdn.aplazame.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com www.google.com *.addthis.com *.pinterest.com *.elfsight.com js.monei.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com cdn.doofinder.com magefan.com cm.magefan.com https://www.magezon.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.elfsight.com https://files.elfsightcdn.com https://lh3.googleusercontent.com https://cdn.aplazame.com https://www.paypalobjects.com https://www.redsys.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com *.google.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://www.termsfeed.com *.elfsight.com https://kit.fontawesome.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com https://cdn.aplazame.com https://pay.google.com js.monei.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.doofinder.com maxcdn.bootstrapcdn.com *.elfsight.com https://cdn.aplazame.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com *.doofinder.com wss://*.doofinder.com *.cloudflare.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.elfsight.com https://core.service.elfsight.com https://api.aplazame.com https://sec.inercia.com api.monei.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com www.googletagmanager.com *.veritas.at *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://*.consentmanager.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://rum.hlx.page s7.addthis.com https://*.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu ekr.zdassets.com/ https://identity.veritas.at/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://www.loewen.de https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.youtube.com https://medien.loewen.de https://medien.loewen-kundenportal.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://vimeo.com; connect-src 'self' data: https://*.openstreetmap.org https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'sha256-kmB83Qlmak1+ekHFk+S5GfHhbvJrD6n2YITJgFDEWWQ=' https://maps.google.com https://maps.googleapis.com 'report-sample'; media-src 'self' https://medien.loewen.de https://medien.loewen-kundenportal.de; report-uri https://www.loewen.de/gruppe/@http-reporting?csp=report&requestTime=1773711748955511&requestHash=58ecfdfd44f954480818f0f035a5488eb3e913ee 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com www.facebook.com *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro *.connectif.cloud 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com api.devatics.io *.doubleclick.net gjigle.com *.saferpay.com www.facebook.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro insight.adsrvr.org hub.cgn.ch *.connectif.cloud https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io test.saferpay.com www.saferpay.com saferpay.com gjigle.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.linkedin.com www.facebook.com *.adnxs.com *.google.com www.google.com.ua cdn.devatics.io *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.piwik.pro connect.facebook.net cdn.cookielaw.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com test.saferpay.com www.saferpay.com saferpay.com cdn.cookielaw.org *.googletagmanager.com connect.facebook.net secure.adnxs.com targetemsecure.blob.core.windows.net cgn.slgnt.eu notifpush.com userlike-cdn-widgets.s3-eu-west-1 dmc.devatics.io try.abtasty.com acdn.adnxs.com snap.licdn.com widget.destygo.com *.cloudfront.net *.amazonaws.com *.saferpay.com http://trk.adbutter.net *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro js.adsrvr.org *.connectif.cloud http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com cdn.cookielaw.org analytics.google.com www.google.com.ua *.amazonaws.com api.userlike.com notifpush.com *.googleapis.com *.doubleclick.net *.saferpay.com www.facebook.com *.abtasty.com *.laiye.com *.destygo.com *.mindsay.com *.gstatic.com *.piwik.pro pagead2.googlesyndication.com gjigle.com cdn.linkedin.oribi.io secure-apis.notifadz.com px.ads.linkedin.com *.adnxs.com hub.cgn.ch *.connectif.cloud http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com px.ads.linkedin.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com *.google-analytics.com *.google.com *.gstatic.com *.hotjar.com www.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' https://*.gstatic.com fonts.googleapis.com blob:; style-src 'self' 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com networkmap.metroinfo.co.nz ecanwebbies.wufoo.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net analytics.google.com; img-src 'self' data: *.googletagmanager.com *.gstatic.com *.google.co.nz *.google.com *.google.com.au *.monsido.com; default-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com cash-f.squarecdn.com https://cdn.riverty.design/ use.fontawesome.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com static.dhlparcel.nl fonts.googleapis.com kit-pro.fontawesome.com fonts.bunny.net cdn.jsdelivr.net zinzi.nl www.zinzi.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * uc8.tv www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * uc8.tv https://documents.riverty.com/ *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com marcvanwilligen.nl www.marcvanwilligen.nl *.trustpilot.com *.fls.doubleclick.net view.publitas.com zinzi.prepaidpoint.nl checkoutshopper-test.adyen.com www.facebook.com ct.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.sharethis.com www.facebook.com *.fls.doubleclick.net www.zinzi.nl *.datatrics.com *.pinterest.com static.sooqr.com maps.googleapis.com maps.gstatic.com checkoutshopper-test.adyen.com ssl.google-analytics.com *.ggpht.com trengo.s3.eu-central-1.amazonaws.com *.sooqr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.magmodules.eu *.squeezely.tech ade.googlesyndication.com uat-secure.pointspay.com secure.pointspay.com *.pointspay.com imgsct.cookiebot.com zinzi.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com checkoutshopper-test.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.trustpilot.com marcvanwilligen.nl www.marcvanwilligen.nl *.googletagmanager.com *.widget.trengo.eu connect.facebook.net *.pinterest.com *.datatrics.com static.sooqr.com view.publitas.com maps.googleapis.com ssl.google-analytics.com www.zinzi.nl s.pinimg.com static.dhlparcel.nl widget-acc.paazl.com *.sooqr.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com squeezely.tech www.squeezely.tech *.squeezely.tech *.marcvanwilligen.nl loylfy.test consent.cookiebot.com app.varify.io varify.io widget.paazl.com api.paazl.com api-acc.paazl.com consentcdn.cookiebot.com js-agent.newrelic.com zinzi.nl analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com marcvanwilligen.nl www.marcvanwilligen.nl *.fontawesome.com static.sooqr.com static.dhlparcel.nl https://widget-acc.paazl.com *.sooqr.com assets.braintreegateway.com *.marcvanwilligen.nl fonts.bunny.net *.widget.trengo.eu ct.pinterest.com widget-acc.paazl.com api-acc.paazl.com widget.paazl.com api.paazl.com zinzi.nl www.zinzi.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.widget.trengo.eu *.trengohelp.com stats.g.doubleclick.net *.datatrics.com api-acc.paazl.com *.amazonaws.com maps.googleapis.com ct.pinterest.com https://widget-acc.paazl.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com squeezely.tech *.squeezely.tech pagead2.googlesyndication.com region1.google-analytics.com app.varify.io varify.io widget.paazl.com widget-acc.paazl.com consentcdn.cookiebot.com googleads.g.doubleclick.net/ sst.zinzi.nl api.paazl.com zinzi.nl www.zinzi.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-585L6ni6EHy_JPXlWzhX1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com www.paypal.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline' 'nonce-kxL7R7xDHcN+CBpPE3GoxtzIxMYOzvkfcaSLzt0zSE4='; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com; report-uri https://despora.report-uri.io/r/default/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-6yrmOwFd8IL5ofYKnsyWqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.cloudfront.net https://*.etracker.com https://*.etracker.de https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.amazonaws.com s3.eu-central-1.amazonaws.com *.s3.eu-central-1.amazonaws.com modehaus-ai-generated.s3.eu-central-1.amazonaws.com *.google.co.in www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.com https://*.etracker.de *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.modehaus.de *.idsievers.de *.pay1.de rest01.modehaus.de *.ratepay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com widget.freshworks.com m2epro.freshdesk.com https://*.etracker.de *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com brandpages.modehaus.de *.modehaus.de *.idsievers.de *.ratepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.werksraeder24.de 'self' 'unsafe-inline'; form-action www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com connect.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.werksraeder24.de *.werksraeder24.com *.originelevelgen24.nl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com connect.facebook.net https://www.googletagmanager.com/ secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de *.weltpixel.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com optimize.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com connect.facebook.net https://images.unsplash.com http://www.googleadservices.com/ https://www.googleadservices.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.trustedshops.com *.cloudflare.com *.cloudfront.net *.facebook.com *.google.de *.werksraeder24.de *.bing.com *.clarity.ms *.doubleclick.net *.billiger.de *.ytimage.com *.googleoptimize.com *.google-analytics.com *.googletagmanager.com optimize.google.com *.paypalobjects.com 'self' 'unsafe-inline'; script-src www.googleadservices.com googleads.g.doubleclick.net analytics.google.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com widget.freshworks.com m2epro.freshdesk.com https://player.vimeo.com cdn.novalnet.de cdn.barzahlen.de js.braintreegateway.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com unpkg.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.userlike.com *.amazonaws.com *.trustedshops.com *.facebook.net *.facebook.com *.werksraeder24.de *.bing.com *.clarity.ms *.googleoptimize.com optimize.google.com *.googleanalytics.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline assets.braintreegateway.com unpkg.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.trustedshops.com *.werksraeder24.de *.googleoptimize.com optimize.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com maps.gstatic.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com connect.facebook.net widget.freshworks.com m2epro.freshdesk.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com nominatim.openstreetmap.org *.cloudflare.com *.cloudfront.net *.facebook.com *.amazonaws.com *.werksraeder24.de *.googlesyndication.com *.doubleclick.net *.bing.com *.clarity.ms *.trustedshops.com *.etrusted.com *.trustbadge.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-d4xRr+Z01eSIoMPybw2dSw==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com accounts.google.com www.bugherd.com sessions.bugsnag.com wss://ws.pusherapp.com *.pusher.com www.google.co.uk stats.g.doubleclick.net *.hotjar.com *.hotjar.io graph.instagram.com services.postcodeanywhere.co.uk *.zdassets.com wss://widget-mediator.zopim.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/forms/prod;frame-ancestors 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-xd0pNQm_wY4rvUPkThoMDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com/ data: *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital.com *.klarna.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: *.mailchimp.com tracking.qa.paypal.com seal-seflorida.bbb.org x.klarnacdn.net *.playground.klarnaevt.com bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net *.cookielaw.org *.crazyegg.com www.xtento.com cdn.xtento.com widgets.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com *.cookielaw.org *.onetrust.com *.mailchimp.com *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org tagmanager.google.com gstatic.com x.klarnacdn.net js.playground.klarna.com js.klarna.com bat.bing.com *.trackedlink.net script.crazyegg.com www.xtento.com cdn.xtento.com widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com *.mailchimp.com seal-seflorida.bbb.org *.google.com *.google.de fast.fonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.klarnaevt.com bat.bing.com *.doubleclick.net *.analytics.google.com *.googlesyndication.com *.crazyegg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com accounts.google.com www.facebook.com api.twitter.com www.linkedin.com api.instagram.com *.amazon.com *.twitch.tv login.microsoftonline.com https://pinterest.com https://www.pinterest.com appleid.apple.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.addthis.com *.facebook.com *.twitter.com www.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.facebook.com *.addthisedge.com *.twitter.com https://firebasestorage.googleapis.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.avada.io *.shopify.com maps.googleapis.com cdn.ampproject.org connect.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com int-ecommerce.nexi.it ecommerce.nexi.it https://get.geojs.io *.avada.io places.googleapis.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: 'unsafe-inline';report-uri https://agrian.com/global/csp_report/ 1
default-src 'none'; frame-src 'self'; img-src 'self' https://storage.googleapis.com/ https://assets.cantook.net/ https://assets.entrepotnumerique.com/ https://assets.edenlivres.fr/ https://assets-libr.cantook.net/ https://assets-edgt.cantook.net/; script-src 'self' https://cdn.jsdelivr.net/npm/intl-tel-input@25.14.1/build/js/utils.js; style-src 'self' 'unsafe-inline'; connect-src 'self' https://storage.googleapis.com/ https://o37564.ingest.sentry.io; report-uri https://o37564.ingest.sentry.io/api/84541/security/?sentry_key=0b6a319c2af64d94839478210ee88f6c&sentry_environment=prod-northamerica 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://my.sendinblue.com https://www.facebook.com https://platform.twitter.com js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.facebook.com https://app.usercentrics.eu *.usercentrics.eu https://www.google.de https://syndication.twitter.com quickchart.io img.youtube.com https://www.mollie.com https://api.mapbox.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googletagmanager.com *.facebook.net www.termsfeed.com https://app.usercentrics.eu *.usercentrics.eu https://platform.twitter.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://api.usercentrics.eu https://aggregator.service.usercentrics.eu *.usercentrics.eu https://region1.analytics.google.com https://stats.g.doubleclick.net autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.affirm.com *.affirm.ca https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca *.bird.eu maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com *.adobedtm.com *.adobe.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com * *.cloudflare.com www.youtube.com player.vimeo.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com * cdn.plyr.io noembed.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.googleusercontent.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.wistia.com yotpo-stool.s3.amazonaws.com *.zohocdn.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.b0e8.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.mageside.com mageside.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.attentivemobile.com *.attn.tv *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.net *.ggpht.com *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.tg www.google.tl www.google.tn www.google.to www.google.vu www.google.ws google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.kaltura.com *.linksynergy.com *.listrakbi.com *.ometria.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.spode.co.uk *.wistia.com yastatic.net *.yotpoapi.com yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.attn.tv events.attentivemobile.com *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.b0e8.com *.bc0a.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ometria.com https://cdn-ukwest.onetrust.com https://www.spode.co.uk *.bing.com *.clarity.ms d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaltura.com *.klevu.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.rakuten.com *.sentry-cdn.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com d21m4dsqdd3b9h.cloudfront.net *.googletagmanager.com *.gstatic.com *.listrakbi.com *.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.kaltura.com video-s3-bucket.s3.eu-west-2.amazonaws.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.attn.tv events.attentivemobile.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.hub-box.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.ometria.com *.attentivemobile.com *.bc0a.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.tg www.google.tl www.google.tn www.google.vu www.google.ws *.googlesyndication.com *.hotjar.com *.hotjar.io *.kaltura.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.samsung.com *.spode.com *.spode.co.uk *.wistia.com *.yotpoapi.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://32ede476-ded8-4814-88cb-f8ecfa864227.sansec.watch/; report-to report-endpoint; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.buckaroo.nl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.googleapis.com *.google.com *.gstatic.com maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com scontent.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com unsafe-inline https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.addthis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://postcode-checkout.nl https://www.postcode-checkout.nl https://postcode-checkout.nl/api/v2/ https://www.postcode-checkout.nl/api/v2/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.mapbox.com *.pinterest.com; font-src 'self'; frame-src *.authorize.net *.doubleclick.net *.facebook.com *.google.com *.hcaptcha.com *.instagram.com *.issuu.com *.pinterest.com *.youtube.com; img-src 'self' *.doubleclick.net *.facebook.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com nugget-markets-01.s3.us-west-1.amazonaws.com *.nuggetmarkets.net *.simpli.fi; script-src-elem 'self' *.authorize.net *.facebook.net *.google-analytics.com *.googletagmanager.com *.hcaptcha.com *.instagram.com *.mapbox.com *.pinimg.com *.pinterest.com *.simpli.fi; style-src-elem 'self' *.mapbox.com; form-action 'self' *.facebook.com; report-uri https://nugget.report-uri.com/r/t/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: *.aptrinsic.com amcglobal.sc.omtrdc.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.doubleclick.net *.aptrinsic.com amcglobal.sc.omtrdc.net *.sdiapi.com *.sdiapi.net zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com magefan.com cm.magefan.com *.alothemes.com *.magepow.com *.cloudflare.com *.selby.com.au *.facebook.com *.hifishow.com *.stereonet.show *.aptrinsic.com t.zip.co static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.fontawesome.com *.zipmoney.com.au *.googletagmanager.com *.facebook.net *.trackedweb.net *.trackedlink.net *.aptrinsic.com *.zip.co *.sdiapi.com *.sdiapi.net static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.bootstrapcdn.com *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ *.alothemes.com *.magepow.com *.cloudflare.com *.doubleclick.net *.zipmoney.com.au *.trackedweb.net *.zip.co *.aptrinsic.com *.sdiapi.com *.sdiapi.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; report-uri https://issues.calpendo.com/anon/csp; report-to csp-endpoint 1
script-src 'self' blob: https://prod-bk-web.za.rbi.tools/en/static/js/vendor.4ffe2d6e.js https://prod-bk-web.za.rbi.tools/en/static/js/main.97271bd1.js https://prod-bk-web.za.rbi.tools/en/static/js/runtime.7b910336.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.za.rbi.tools/en/static/js/vendor.804b3bb8.js https://prod-bk-web.za.rbi.tools/en/static/js/main.4214af0e.js https://prod-bk-web.za.rbi.tools/en/static/js/runtime.99277129.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com  'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.facebook.com platform.twitter.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://event.2performant.com https://www.youtube-nocookie.com  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://images.unsplash.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://pagead2.googlesyndication.com/ https://www.google.ro https://*.postisgate.com *.tile.openstreetmap.org *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com connect.facebook.net twitter.com platform.twitter.com www.facebook.com graph.facebook.com business.facebook.com js.mollie.com https://app.enzuzo.com https://analytics.tiktok.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://attr-2p.com https://*.postisgate.com https://api.mapbox.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://cdn-images.mailchimp.com https://*.postisgate.com https://api.mapbox.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com  https://app.enzuzo.com/ https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://pagead2.googlesyndication.com/ region1.google-analytics.com region1.analytics.google.com https://www.google.ro https://event.2performant.com https://*.postisgate.com https://*.postis.io https://*.mapbox.com  *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com vjs.zencdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com aly.jst.ai cdn.jst.ai my.jst.ai analytics.tiktok.com rum.hlx.page cdn.oribi.io cdn.izooto.com www.googleapis.com a.quora.com www.redditstatic.com s.pinimg.com container.pepperjam.com dynamic.criteo.com acsbapp.com www.upsellit.com www.shopperapproved.com guarantee-cdn.com cdn.id5-sync.com sslwidget.criteo.com widget.us.criteo.com ct.pinterest.com px.ads.linkedin.com alb.reddit.com nsg.symantec.com vjs.zencdn.net pixel-config.reddit.com cdn.acsbapp.com measurement-api.criteo.com browser-intake-datadoghq.com static-na.payments-amazon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com connect.bolt.com connect-sandbox.bolt.com s3-us-west-1.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ aly.jst.ai cdn.jst.ai my.jst.ai analytics.tiktok.com rum.hlx.page cdn.oribi.io cdn.izooto.com www.googleapis.com a.quora.com www.redditstatic.com s.pinimg.com container.pepperjam.com dynamic.criteo.com acsbapp.com www.upsellit.com www.shopperapproved.com guarantee-cdn.com cdn.id5-sync.com sslwidget.criteo.com widget.us.criteo.com ct.pinterest.com px.ads.linkedin.com alb.reddit.com nsg.symantec.com vjs.zencdn.net pixel-config.reddit.com cdn.acsbapp.com measurement-api.criteo.com browser-intake-datadoghq.com static-na.payments-amazon.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ aly.jst.ai cdn.jst.ai my.jst.ai analytics.tiktok.com rum.hlx.page cdn.oribi.io cdn.izooto.com a.quora.com www.redditstatic.com s.pinimg.com container.pepperjam.com dynamic.criteo.com acsbapp.com www.upsellit.com www.shopperapproved.com guarantee-cdn.com cdn.id5-sync.com sslwidget.criteo.com widget.us.criteo.com ct.pinterest.com px.ads.linkedin.com alb.reddit.com nsg.symantec.com vjs.zencdn.net pixel-config.reddit.com cdn.acsbapp.com measurement-api.criteo.com browser-intake-datadoghq.com www.gstatic.com static-na.payments-amazon.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com vjs.zencdn.net *.klevu.com *.ksearchnet.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ aly.jst.ai cdn.jst.ai my.jst.ai analytics.tiktok.com rum.hlx.page cdn.oribi.io cdn.izooto.com www.googleapis.com a.quora.com www.redditstatic.com s.pinimg.com container.pepperjam.com dynamic.criteo.com acsbapp.com www.upsellit.com www.shopperapproved.com guarantee-cdn.com cdn.id5-sync.com sslwidget.criteo.com widget.us.criteo.com ct.pinterest.com px.ads.linkedin.com alb.reddit.com nsg.symantec.com vjs.zencdn.net pixel-config.reddit.com cdn.acsbapp.com measurement-api.criteo.com browser-intake-datadoghq.com conversions-config.reddit.com static-na.payments-amazon.com www.google.com.hk *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src aly.jst.ai cdn.jst.ai my.jst.ai analytics.tiktok.com rum.hlx.page cdn.oribi.io cdn.izooto.com www.googleapis.com a.quora.com www.redditstatic.com s.pinimg.com container.pepperjam.com dynamic.criteo.com acsbapp.com www.upsellit.com www.shopperapproved.com guarantee-cdn.com cdn.id5-sync.com sslwidget.criteo.com widget.us.criteo.com ct.pinterest.com px.ads.linkedin.com alb.reddit.com nsg.symantec.com vjs.zencdn.net pixel-config.reddit.com cdn.acsbapp.com measurement-api.criteo.com browser-intake-datadoghq.com static-na.payments-amazon.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://connect.facebook.net https://cdn.lightwidget.com https://oss.maxcdn.com https://cdn.rawgit.com https://scripts.clarity.ms https://www.clarity.ms https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://vimeo.com https://twitter.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.googleadservices.com https://secure.gravatar.com https://www.facebook.com https://connect.facebook.net https://c.clarity.ms https://c.bing.com https://drinkwise.org.au https://drinkwise.org.au; frame-src 'self' https://www.googletagmanager.com https://cdn.lightwidget.com https://www.facebook.com https://www.youtube.com https://player.vimeo.com; connect-src 'self' *.clarity.ms https://www.googletagmanager.com https://api.drinkwise.org.au https://middleware.drinkwise.org.au https://analytics.google.com https://google-analytics.com https://www.google-analytics.com https://www.google.com https://www.youtube.com https://www.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; report-uri https://drinkwise.org.au/wp-json/drinkwise/v1/csp-report/ 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.benefit-plus.eu benefitv3.sprinx.cz *.gate.pay.muza.cz benefit-partner-gateway-adapter-proxy-tdzdeetbna-ey.a.run.app *.sodexo-ucet.cz one-pgw.sdxuat.cz *.pluxee.cz 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.cpost.cz gate.gopay.cz gate.gopay.com gw.sandbox.gopay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.ppl.cz c.seznam.cz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.facebook.net gate.gopay.cz gate.gopay.com gw.sandbox.gopay.com *.ppl.cz c.seznam.cz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.ppl.cz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.ppl.cz api.dhl.com c.seznam.cz 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com 'self' data: 'unsafe-inline' data: *.yotpo.com *.googleapis.com *.gstatic.com *.sharethis.com *.pardot.com *.mouseflow.com *.firstbook.org dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' data: www.xtento.com *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com *.authorize.net *.google.com/ *.sharethis.com *.pardot.com *.mouseflow.com *.firstbook.org google.com gstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.christopherqueenconsulting.com *.chrisqueen.com *.cloudflare.com *.fontawesome.com www.xtento.com cdn.xtento.com *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com https://www.magezon.com store.paradoxlabs.com *.sharethis.com *.pardot.com *.mouseflow.com *.firstbook.org *.gstatic.com *.facebook.com *.reddit.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.twitter.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.unpkg.com www.xtento.com cdn.xtento.com *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com *.authorize.net *.google.com/ *.firstbook.org *.pardot.com *.sharethis.com *.mouseflow.com google.com gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com *.googleapis.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.unpkg.com/survey-core@2.0.5/ *.googleapis.com/ *.yotpo.com *.authorize.net *.sharethis.com *.pardot.com *.mouseflow.com *.firstbook.org google.com gstatic.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.sharethis.com *.pardot.com *.mouseflow.com *.firstbook.org http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com consentcdn.cookiebot.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com *.disqus.com verbum.hr *.google.hr imgsct.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://sibautomation.com in-automate.brevo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.disqus.com consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://sibautomation.com in-automate.brevo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com consentcdn.cookiebot.com consent.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://sibautomation.com in-automate.brevo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.affirm.com *.affirm.ca *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io *.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com stats.addtoany.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com stagescycling.com *.stagescycling.com *.bing.com *.clarity.ms *.cloudflare.com data: *.freshworks.com *.google.co.uk google.com *.googleapis.com *.googleusercontent.com googletagmanager.com tagmanager.google.com about: *.klaviyo.com *.sleeknote.com *.googleadservices.com *.pinterest.com *.pinimg.com *.termly.io www.google.it 'self' 'unsafe-inline'; report-uri https://stagescycling.com/en_us/csp_report_watch; child-src *.certcapture.com stagescycling.com *.stagescycling.com *.cloudflare.com *.youtube.com *.google.co.uk *.google.com google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com googletagmanager.com tagmanager.google.com data: blob: *.arcot.com *.pinterest.com *.pinimg.com http: https: blob: 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 1
font-src https://geowidget.easypack24.net fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://*.sovendus.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://geowidget-app.inpost.pl/ *.weltpixel.com pay.google.com apm.przelewy24.pl https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com visit.vobis.pl *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com https://firebasestorage.googleapis.com https://*.sovendus.com https://ssl.ceneo.pl *.googletagmanager.com *.google-analytics.com ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com s7.addthis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.mageads.com/ccxid.js sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.avada.io *.shopify.com https://*.sovendus.com https://www.sovopt.com https://static.sovopt.com https://www.getback.ch https://ssl.ceneo.pl *.tradedoubler.com a.imgstatics.com visit.vobis.pl a.imgstatic.eu/trsdk a.imgstatic.eu/tr_sdk.js *.cloudflare.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://geowidget.easypack24.net https://geowidget.inpost.pl fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://static.getback.ch https://*.sovendus.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ekr.zdassets.com/ *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl google.com www.google.com pay.google.com https://get.geojs.io *.avada.io https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com madefor.github.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com https://hpp.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://secure-test.worldpay.com/shopper/3ds/ddc.html https://secure.worldpay.com/shopper/3ds/ddc.html https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://pay.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://payments-test.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments.worldpay.com/app/hpp-iframe/integration/wpg/corporate https://payments-live.hpp.apps.eu-west-1-7z55k.dev.msp.worldpay.io/app/hpp-iframe/integration/wpg/corporate https://pay.google.com https://secure-test.worldpay.com https://hpp.worldpay.com/ https://www.paypal.com/sdk/js *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.openstreetmap.org https://maps.googleapis.com *.cloudflare.com magefan.com cm.magefan.com *.trackedlink.net *.disqus.com *.klevu.com *.ksearchnet.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com *.googlesyndication.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js https://www.paypal.com/sdk/js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.disqus.com webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.jsdelivr.net js.klevu.com *.ksearchnet.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com https://fonts.googleapis.com/css webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.jsdelivr.net *.klevu.com *.ksearchnet.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.openstreetmap.org https://www.google.com/pay https://pay.google.com/gp/p/web_manifest.json https://pay.google.com/gp/p/payment_method_manifest.json https://pay.google.com/ https://google.com/pay *.worldpay.com https://hpp.worldpay.com/app/hpp/135-0/telemetry https://hpp.worldpay.com/app/hpp/135-0/payment/paypalsmartbutton/continue https://www.paypal.com/sdk/js https://payments.worldpay.com/app/hpp/135-0/telemetry/iframe *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.feedoptimise.com cdn.feedoptimise.com *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com data: 'self' 'unsafe-inline'; script-src unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com jquery.sellxed.com www.feedoptimise.com cdn.feedoptimise.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.trustpilot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: *.fontawesome.com *.cloudflare.com *.google.com static.flooringliquidators.net media.flooringliquidators.net cdnstage.flooringliquidators.net cdnstagemedia.flooringliquidators.net *.zopim.com *.chargeitpro.com *.audioeye.com *.mailchimp.com https://fonts.bunny.net https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.authorize.net test.authorize.net https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.authorize.net test.authorize.net www.gstatic.com apis.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.magentocommerce.com *.google.com *.braintreegateway.com *.cloudinary.com *.googletagmanager.com *.msisurfaces.com *.meetanshi.com meetanshi.com static.flooringliquidators.net media.flooringliquidators.net cdnstage.flooringliquidators.net cdnstagemedia.flooringliquidators.net *.zopim.com t.co *.twitter.com *.google.co.in *.simpli.fi *.doubleclick.net *.tapad.com *.roomvo.com *.chargeitpro.com *.audioeye.com *.amazonaws.com *.mailchimp.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net *.mm-api.agency *.roomvo.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.adobedtm.com *.googletagmanager.com *.paypalobjects.com *.addressy.com *.authorize.net *.measuresquare.com static.flooringliquidators.net media.flooringliquidators.net cdnstage.flooringliquidators.net cdnstagemedia.flooringliquidators.net *.zopim.com *.ads-twitter.com s.pinimg.com *.zdassets.com *.attn.tv tag.simpli.fi *.funnelll.com *.simpli.fi *.chargeitpro.com *.audioeye.com *.mailchimp.com chimpstatic.com *.amazonaws.com player.vimeo.com *.avada.io *.shopify.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com assets.braintreegateway.com *.fontawesome.com *.mm-api.agency *.roomvo.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.google.com assets.adobedtm.com *.adobedtm.com *.googletagmanager.com *.paypal.com *.gstatic.com *.googleapis.com *.paypalobjects.com *.vimeo.com *.facebook.com *.addressy.com static.flooringliquidators.net media.flooringliquidators.net cdnstage.flooringliquidators.net cdnstagemedia.flooringliquidators.net *.zopim.com *.chargeitpro.com *.audioeye.com *.mailchimp.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.chargeitpro.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apitest.authorize.net jstest.authorize.net *.mm-api.agency *.roomvo.com *.googleadservices.com *.cloudflare.com *.adobe.com assets.adobedtm.com *.adobedtm.com *.googletagmanager.com *.gstatic.com *.paypalobjects.com *.addressy.com static.flooringliquidators.net media.flooringliquidators.net cdnstage.flooringliquidators.net cdnstagemedia.flooringliquidators.net *.zopim.com *.pinterest.com *.google.co.in *.zendesk.com *.attentivemobile.com *.zdassets.com *.attn.tv wss://widget-mediator.zopim.com *.authorize.net *.chargeitpro.com *.audioeye.com *.mailchimp.com eventcollector.mcf-prod.a.intuit.com https://get.geojs.io *.avada.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp magefan.com cm.magefan.com https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.amazonaws.com *.zendesk.com;style-src 'self' 'unsafe-inline' localhost;font-src 'self' localhost blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.friendlycaptcha.com *.usercentrics.eu localhost;object-src 'self'; img-src 'self' *.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.novalnet.de *.friendlycaptcha.com *.usercentrics.eu static.phoenixcontact.com localhost data: blob:;media-src 'self';connect-src localhost *.zdassets.com *.zendesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com t.plcnextstore.com *.friendlycaptcha.com *.usercentrics.eu 'self';worker-src 'self' *.friendlycaptcha.com blob:;frame-src localhost 'self' proficloud-dev.github.io/plcnextstore-mvp/3pc.html *.friendlycaptcha.com blob:; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com checkout-static-next.razorpay.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com td.doubleclick.net www.paypalobjects.com api.razorpay.com *.payglocal.com *.payglocal.in *.pinterest.com *.addthis.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://images.unsplash.com www.facebook.com www.google.co.in cdn.razorpay.com *.adobedtm.com magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://maps.googleapis.com static.cloudflareinsights.com ajax.cloudflare.com connect.facebook.net *.doubleclick.net *.google.co.in checkout-static-next.razorpay.com codedrop.uat.payglocal.in checkout.razorpay.com www.xtento.com *.pinterest.com *.pinimg.com *.addthis.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.avada.io *.shopify.com *.uat.payglocal.in/simple.js cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com www.google.com *.google-analytics.com *.doubleclick.net *.razorpay.com *.payglocal.com *.payglocal.in *.pinterest.com *.facebook.com *.googleadservices.com *.googletagmanager.com *.addthis.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com www.paypal.com *.payglocal.com *.payglocal.in checkout-static-next.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src 'self' blob:; font-src https: data: 'self' https://*.yieldify-production.com fonts.gstatic.com *.gstatic.com fonts.gstatic.com *.finance-calculator.co.uk *.klarnacdn.net maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.braintree-api.com songbird.cardinalcommerce.com *.rsa3dsauth.com *.klarna.com *.facebook.com *.twitter.com *.googleapis.com *.bazaarvoice.com *.hotjar.com *.highstreettv.com *.gfsdeliver.com *.mitel.io *.ccdc02.com *.kaptcha.com *.freshrelevance.com https://d1y9qtn9cuc3xw.cloudfront.net https://d81mfvml8p5ml.cloudfront.net https://dkpklk99llpj0.cloudfront.net https://ds9p2a60lh6fp.cloudfront.net https://dn1i8v75r669j.cloudfront.net *.cloudflare.com/ajax/libs/ouibounce/0.0.12/ouibounce.min.js https://c1.dycdn.net/k8vnay8w/ https://c1.dycdn.net/k8vnay8w *.gocertify.me *.rsa3dsauth.co.uk *.americanexpress.com *.aexp-static.com *.apata.io yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.splitit.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.clearpay.co.uk https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.braintree-api.com https: 'self' https://*.yieldify.com 'about:blank' *.americanexpress.com *.aexp-static.com *.apata.io account.fetchify.com *.cookiebot.com *.klarna.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.splitit.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.afterpay.com *.clearpay.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.kaptcha.com§ https: data: 'self' https://*.yieldify.com https://*.yieldify-production.com *.americanexpress.com *.aexp-static.com *.apata.io *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.dycdn.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.finance-calculator.co.uk *.dekopay.com 'self' data: yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.splitit.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.convertexperiments.com *.adalyser.com *.klarnacdn.net https://*.yieldify.com 'unsafe-inline' *.facebook.net *.facebook.com *.twitter.com *.ads-twitter.com *.bing.com *.convertexperiment.com *.highstreettv.com *.reevoo.com *.google.com google.com/pay *.doubleclick.net *.googletagmanager.com *.trustpilot.com *.dwin1.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.fontawesome.com *.gstatic.com *.criteo.com *.criteo.net *.bazaarvoice.com *.tiktok.com *.amazon.co.uk *.googleapis.com *.ipstatp.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.webtrends-optimize.com *.ibytedtos.com *.gfsdeliver.com *.mitel.io *.cardinalcommerce.com *.paypalobjects.com *.ccdc02.com *.braintreegateway.com *.kaptcha.com *.freshrelevance.com https://d1y9qtn9cuc3xw.cloudfront.net https://d81mfvml8p5ml.cloudfront.net https://d81mfvml8p5ml.cloudfront.net/k8vnay8w.js https://dkpklk99llpj0.cloudfront.net https://ds9p2a60lh6fp.cloudfront.net https://dn1i8v75r669j.cloudfront.net *.cloudflare.com/ajax/libs/ouibounce/0.0.12/ouibounce.min.js https://c1.dycdn.net/k8vnay8w/ https://c1.dycdn.net/k8vnay8w https://c.flx1.com *.zenaps.com *.googlesyndication.com *.gocertify.me 'self' 'report-sample' *.mateti.net *.journeyfurther.com *.americanexpress.com *.aexp-static.com *.apata.io tagmanager.google.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net am.freshrelevance.com *.cookiebot.com *.klarna.com *.finance-calculator.co.uk *.dekopay.com *.klarnaservices.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.splitit.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src display.ugc.bazaarvoice.com *.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com https: data: 'self' 'report-sample' 'unsafe-inline' *.americanexpress.com *.aexp-static.com *.apata.io tagmanager.google.com fonts.google.com cc-cdn.com *.klarnacdn.net maxcdn.bootstrapcdn.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com *.splitit.com 'self' 'unsafe-inline'; object-src *.mitel.io 'self' 'unsafe-inline'; media-src 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.braintreegateway.com *.getbraintree.com *.payments-amazon.com *.payments-uk.amazon.com *.craftyclicks.co.uk *.convertexperiments.com *.criteo.com https://*.yieldify.com *.yieldify-production.com https://yieldify.connectorengine.com *.facebook.net *.facebook.com *.twitter.com *.ads-twitter.com *.bing.com *.convertexperiment.com *.reevoo.com google.com/pay *.googletagmanager.com *.trustpilot.com *.dwin1.com *.bazaarvoice.com *.bootstrapcdn.com *.criteo.net *.cloudflare.com *.google-analytics.com *.fontawesome.com *.gstatic.com *.doubleclick.net *.tiktok.com *.googleapis.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.webtrends-optimize.com *.gfsdeliver.com *.mitel.io *.ccdc02.com *.freshrelevance.com wss://am.freshrelevance.com/ https://d1y9qtn9cuc3xw.cloudfront.net https://d81mfvml8p5ml.cloudfront.net https://dkpklk99llpj0.cloudfront.net https://ds9p2a60lh6fp.cloudfront.net https://dn1i8v75r669j.cloudfront.net *.cloudflare.com/ajax/libs/ouibounce/0.0.12/ouibounce.min.js https://c1.dycdn.net/k8vnay8w/ https://c1.dycdn.net/k8vnay8w *.highstreettv.com *.gocertify.me 'self' *.amplitude.com *.mateti.net *.journeyfurther.com *.americanexpress.com *.aexp-static.com *.apata.io *.deko-uat.com *.analytics.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.dycdn.net am.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net *.finance-calculator.co.uk *.dekopay.com *.klarnaservices.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.splitit.com *.sentry.io *.amazonaws.com logs.browser-intake-datadoghq.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.kaptcha.com https://*.yieldify.com 'about:blank' http: https: blob: 'self' 'unsafe-inline'; default-src *.klarnaevt.com *.klarna.com *.klarnacdn.net *.braintreegateway.com *.braintree-api.com *.getbraintree.com *.amazon.com *.payments-amazon.com *.payments-uk.amazon.com *.facebook.com *.cloudflare.com *.paypal.com *.bazaarvoice.com *.gfsdeliver.com *.mitel.io *.cardinalcommerce.com *.ccdc02.com *.freshrelevance.com https://d1y9qtn9cuc3xw.cloudfront.net https://d81mfvml8p5ml.cloudfront.net https://dkpklk99llpj0.cloudfront.net https://ds9p2a60lh6fp.cloudfront.net https://dn1i8v75r669j.cloudfront.net *.cloudflare.com/ajax/libs/ouibounce/0.0.12/ouibounce.min.js https://c1.dycdn.net/k8vnay8w/ https://c1.dycdn.net/k8vnay8w *.highstreettv.com https://*.yieldify.com https://*.yieldify-production.com 'self' *.americanexpress.com *.aexp-static.com *.apata.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; report-uri https://62c41891d268e140f15015db.endpoint.csper.io?v=0;; report-to report-endpoint; 1
font-src *.fontawesome.com *.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com *.frogbikes.com frogbikes.com static.klaviyo.com fonts.gstatic.com *.gstatic.com self data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com *.extforms.netsuite.com self 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com widget.trustpilot.com *.userway.org www.google.com *.gstatic.com app.usercentrics.eu *.doubleclick.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com *.extforms.netsuite.com self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.frogbikes.com *.usercentrics.eu www.xtento.com cdn.xtento.com *.userway.org *.cloudfront.net cookiechimp.com www.cookiechimp.com *.cookiechimp.com www.facebook.com www.googletagmanager.com *.gstatic.com frogbikes.com alb.reddit.com bat.bing.com c.clarity.ms c.bing.com *.jsdelivr.net self data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.usercentrics.eu *.jquery.com *.frogbikes.com *.newrelic.com *.lr-in-prod.com www.xtento.com cdn.xtento.com widget.trustpilot.com *.userway.org *.jsdelivr.net app.termly.io js.klarna.com js-agent.newrelic.com code.jquery.com *.klaviyo.com connect.facebook.net bat.bing.com www.clarity.ms cdn.storerocket.io cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com www.redditstatic.com maps.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.cloudflare.com *.extforms.netsuite.com self 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.frogbikes.com *.cloudflare.com fonts.googleapis.com *.gstatic.com *.userway.org *.jsdelivr.net static.klaviyo.com cookiechimp.com www.cookiechimp.com *.cookiechimp.com frogbikes.com cdnjs.cloudflare.com self 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com bam.nr-data.net *.usercentrics.eu *.google-analytics.com *.lr-in-prod.com *.analytics.google.com maps.googleapis.com *.gstatic.com *.userway.org app.termly.io widget.trustpilot.com storerocket.io *.klaviyo.com a.clarity.ms cookiechimp.com www.cookiechimp.com *.cookiechimp.com *.reddit.com www.redditstatic.com *.frogbikes.com frogbikes.com bat.bing.com bat.bing.net www.google.com *.extforms.netsuite.com self 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://premier.trustcommerce.com https://stagepremier.trustcommerce.com;script-src 'nonce-4f5e2eb20a744d6d93e5b5fdad1903eb' https://www.myhillchart.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.myhillchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-jNRw_8DJTcYhjmbVC1XCOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.googleapis.com *.stamped.io *.gstatic.com *.shopassistant-ai.com preeziestaticcontent.blob.core.windows.net blob.core.windows.net core.windows.net windows.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.localhost.com *.paymentexpress.com *.windcave.com cdn1.stamped.io 'self' 'unsafe-inline'; frame-ancestors cdn1.stamped.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.localhost.com *.paymentexpress.com *.windcave.com *.doubleclick.net *.ladesk.com *.laybuy.com *.authorize.net *.cardinalcommerce.com *.weltpixel.com www.google.com/recaptcha *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.nos.to * *.afterpay.com *.shopassistant-ai.com cdn1.stamped.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io *.ladesk.com *.googleapis.com *.laybuy.com *.trackjs.com *.paypal.com *.mailchimp.com *.klaviyo.com *.nos.to *.gstatic.com * *.shopassistant-ai.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com chimpstatic.com downloads.mailchimp.com *.list-manage.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io cdn1.stamped.io stamped.io *.afterpay.com *.klaviyo.com *.ladesk.com *.googleapis.com *.trackjs.com cdn.trackjs.com *.nr-data.net script.hotjar.com static.hotjar.com www.google.com maps.googleapis.com assests.adobetm.com polyfill.io cdn-stamped-io.azureedge.net www.gstatic.com *.vimeo.com f.vimeocdn.com *.ytimg.com *.youtube.com www.youtube.com *.facebook.com *.facebook.net *.clarity.ms www.clarity.ms * *.shopassistant-ai.com https://www.googletagmanager.com tagmanager.google.com preeziecdn.azureedge.net *.azureedge.net portal.afterpay.com https://c.bing.com https://www.clarity.ms https://*.clarity.ms clarity.microsoft.com *.microsoft.com www.clarity.ms/tag data: https://www.clarity.ms/tag/ https://www.clarity.ms/tag/* www.clarity.ms/tag/* *.clarity.ms/tag/* clarity.ms/tag/* vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.googleapis.com *.stamped.io *.shopassistant-ai.com tagmanager.google.com static.klaviyo.com 'self' 'unsafe-inline'; object-src cdn1.stamped.io 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src cdn1.stamped.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ get.geojs.io *.avada.io cdn1.stamped.io stamped.io *.klaviyo.com *.googleapis.com *.stamped.io *.trackjs.com *.azurewebsites.net *.shopassistant-ai.com https://www.google-analytics.com *.clarity.ms www.clarity.ms stats.g.doubleclick.net bam.nr-data.net in.hotjar.com *.hotjar.com prod-api-v1-core.azurewebsites.net azurewebsites.net 'self' 'unsafe-inline'; child-src cdn1.stamped.io http: https: blob: 'self' 'unsafe-inline'; default-src https://c.bing.com https://www.clarity.ms https://*.clarity.ms clarity.microsoft.com *.microsoft.com www.clarity.ms www.clarity.ms/tag *.clarity.ms data: https://www.clarity.ms/tag/ https://www.clarity.ms/tag/* www.clarity.ms/tag/* *.clarity.ms/tag/* clarity.ms/tag/* cdn1.stamped.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri cdn1.stamped.io 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.bird.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src http://maxcdn.bootstrapcdn.com/font-awesome/ https://widgets.trustedshops.com/ https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com/recaptcha/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://gum.criteo.com/ https://static.criteo.net/ https://config1.veinteractive.com/ *.google.com/ https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://widgets.trustedshops.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.com/ads/ https://www.google.de/ads/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.gstatic.com/ https://ssl.gstatic.com/ https://www.google-analytics.com/ https://www.google.com/ https://bat.bing.com/ https://files.newsletter2go.com/ https://ad.mail.ru/ https://ads.yieldmo.com/ https://sync-criteo.ads.yieldmo.com/ https://ad.sxp.smartclip.net/ https://pixel.rubiconproject.com/ https://gum.criteo.com/ https://sp.analytics.yahoo.com/ https://s.ad.smaato.net/ https://i.liadm.com/ https://i6.liadm.com/ https://sync.outbrain.com/ https://sync.e-planning.net/ https://sync-t1.taboola.com/ https://ib.adnxs.com/ https://simage2.pubmatic.com/ https://visitor.omnitagjs.com/ https://cm.adform.net/ https://beacon.krxd.net/ https://dis.criteo.com/ https://cm.g.doubleclick.net/ https://criteo-sync.teads.tv/ https://secure.adnxs.com/ https://ad.360yield.com/ https://match.sharethrough.com/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://ads.yahoo.com/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://us-u.openx.net/ https://eb2.3lift.com/ https://contextual.media.net/ https://cotads.adscale.de/ https://ih.adscale.de/ https://tg.socdm.com/ https://x.bidswitch.net/ https://ad.yieldlab.net https://ads.stickyadstv.com/ https://cdn.stickyadstv.com/ https://idsync.rlcdn.com/ https://jadserve.postrelease.com/ https://criteo-partners.tremorhub.com/ https://pixel.tapad.com/ https://s.thebrighttag.com/ https://www.magezon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://www.googletagmanager.com/ https://tagmanager.google.com/ http://widgets.trustedshops.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://secure.pay1.de/ https://static.newsletter2go.com/ https://sslwidget.criteo.com/ https://top-fwz1.mail.ru/ https://static.criteo.net/ https://config1.veinteractive.com/ https://autocomplete2.postdirekt.de/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://tagmanager.google.com/ https://fonts.googleapis.com/ *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.newsletter2go.com/ https://top-fwz1.mail.ru/ https://www.paypal.com/ https://www.facebook.com/ https://autocomplete2.postdirekt.de/ autocomplete2.postdirekt.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.videsk.io videsk.io videsk.us https://youtube.com; frame-ancestors 'self' *.videsk.io videsk.io videsk.us;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' *.videsk.io videsk.io videsk.us https://content.linkedin.com https://challenges.cloudflare.com https://forms.hsforms.com https://google-analytics.com https://googletagmanager.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://m.youtube.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://tag.clearbitscripts.com https://tagmanager.google.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://x.clearbitjs.com;style-src 'self' 'report-sample' 'unsafe-inline' *;object-src 'none' *.videsk.io videsk.io videsk.us;child-src 'self' *.videsk.io videsk.io videsk.us app.hubspot.com forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.googletagmanager.com;base-uri 'self' *.videsk.io videsk.io videsk.us;form-action 'self' *.videsk.io videsk.io videsk.us forms.hubspot.com forms.hsforms.com;worker-src 'self' *.videsk.io videsk.io videsk.us; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.marker.io/latest/shim.js https://www.googletagmanager.com/gtm.js https://w19.captcha.at/sdk.js https://edge.marker.io/latest/2.v2.15.0.f2fdbd0e05d6efcac7d3.js https://edge.marker.io/latest/3.v2.15.0.d94e68f6b8a22e3b32c2.js https://edge.marker.io https://www.baufi-lead.de https://www.youtube.com/iframe_api https://www.googletagmanager.com https://unpkg.com/micromodal@0.4.10/dist/micromodal.min.js https://cdn.jsdelivr.net/npm/air-datepicker@3.3.5/air-datepicker.min.js https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hs-banner.com/v2/25186610/banner.js https://js-eu1.hsleadflows.net/leadflows.js https://js-eu1.hubspot.com/web-interactives-embed.js https://js-eu1.hs-scripts.com/25186610.js https://www.youtube.com/s/player/c9dd45ed/www-widgetapi.vflset/www-widgetapi.js https://www.baufi-lead.de/baufilead/partner/9JkejpCHJ5aDn4bP2WYVb65WPDAXXj/imports.js https://www.youtube.com/s/player/ https://developer.ogulo.com/js/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/2756326424442993 https://googleads.g.doubleclick.net/ https://www.ksk-immobilien.de/wp-content/plugins/wp-sentry-integration/public/wp-sentry-init.js https://energieausweis.de/scripts/dist/reseller.min.js https://www.googleadservices.com https://www.google.com https://cdn.consentmanager.net https://c.delivery.consentmanager.net www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn.consentmanager.net https://c.delivery.consentmanager.net www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://images.ksk-immobilien.de/www.ksk-immobilien.de/uploads/immobilie-kaufen-startseite.jpg https://images.ksk-immobilien.de https://www.captcha.eu/logo-small40.png https://www.captcha.eu https://cdn.consentmanager.net/delivery/recall/recall_shield.svg https://cdn.consentmanager.net https://c.delivery.consentmanager.net https://amazonaws.com https://track-eu1.hubspot.com https://www.facebook.com https://www.google.com/pagead/1p-user-list/755947047/ https://perf-eu1.hsforms.com/embed/v3/counters.gif https://www.google.de/pagead/1p-user-list/755947047/ https://googleleads.g.doubleclick.net https://www.google.com https://google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: www.googletagmanager.com; connect-src 'self' https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://o149539.ingest.sentry.io/api/5793876/envelope/ https://www.google.com/ https://analytics.ksk-immobilien.de/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://js-eu1.hs-banner.com/ https://cta-eu1.hubspot.com/ https://forms-eu1.hubspot.com/ https://googleads.g.doubleclick.net/ https://api.marker.io/widget/ping https://www.baufi-lead.de www.googletagmanager.com; font-src 'self' data: https://cdn.consentmanager.net https://c.delivery.consentmanager.net data:; object-src * ; media-src 'self' https://cdn.consentmanager.net https://c.delivery.consentmanager.net; frame-src 'self' https://td.doubleclick.net/ https://tour.ogulo.com/ https://app.kyl.immo https://energieausweis.de/energieausweis2/bedarfsausweis-wohngebaeude/ https://www.ksk-immobilien.de/energieausweis2/bedarfsausweis-wohngebaeude/ www.googletagmanager.com; manifest-src 'none' ; child-src 'self' www.googletagmanager.com; worker-src 'self' https://www.ksk-immobilien.de; base-uri 'none' ; form-action 'self' ; frame-ancestors 'none' ; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://plumrocket.com *.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src https://hummingbirdbakery.com *.adobe.com 'self' 'unsafe-inline'; font-src *.klaviyo.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.hummingbirdbakery.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; style-src *.typekit.net *.klaviyo.com *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.gstatic.com *.googleapis.com *.fontawesome.com https://cdn.jsdelivr.net https://fonts.bunny.net assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; connect-src *.zendesk.com wss://widget-mediator.zopim.com *.instagram.com https://mgibtoec.eul.stape.io *.cookiebot.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://api.smooch.io wss://api.smooch.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com ekr.zdassets.com/ *.ideal-postcodes.co.uk https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src *.cdninstagram.com *.hummingbirdbakery.com https://hummingbirdbakery.com *.cookiebot.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com maps.gstatic.com https://www.facebook.com https://hummingbirdbakery.zendesk.com https://www.googleadservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.zdassets.com https://mgibtoec.eul.stape.io *.cookiebot.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://static.hotjar.com https://script.hotjar.com connect.facebook.net https://api.smooch.io https://www.googleadservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io www.facebook.com graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.websenso.com;     script-src  'self' 'unsafe-inline' https://*.websenso.com https://*.marches-publics.info https://*.comarquage.fr https://www.notre-commune.fr https://*.typekit.net data:;     style-src   'self' 'unsafe-inline' https://*.websenso.com https://www.notre-commune.fr https://*.typekit.net;     img-src     'self' data: https://*.websenso.com https://images.weserv.nl https://wsrv.nl https://*.tile.openstreetmap.org https://tile.openstreetmap.org https://www.notre-commune.fr https://*.cantal.fr;     font-src    'self' https://*.typekit.net data:;     frame-src   blob: https://www.openstreetmap.org https://www.youtube.com/ https://www.youtube-nocookie.com https://*.marches-publics.info https://*.comarquage.fr https://*.notre-commune.fr;     media-src   'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://youtu.be;     connect-src 'self' https://*.websenso.com https://*.comarquage.fr https://www.notre-commune.fr;     report-uri  https://csp-report.appsenso.eu/report.php; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-2AZMzVrtPqqdIe4clF7Vrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.mollie.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com https://maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com checkout.iwdagency.com td.doubleclick.net *.paypalobjects.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.gstatic.com unpkg.com *.braintreegateway.com *.cdn-apple.com *.paypal.com *.paypalobjects.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com https://checkout.iwdagency.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-eSr3pCcW9qLIfkXMGWwQ-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com https://www.google.com www.youtube.com youtube.com wchat.freshchat.com ukpos.webpush.freshchat.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com bat.bing.com www.facebook.com www.xtento.com cdn.xtento.com *.google.com *.google.fr *.google.ie *.google.co.uk *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com https://www.gstatic.com ict.infinity-tracking.net script.crazyegg.com bat.bing.com wchat.freshchat.com api.feefo.com register.feefo.com connect.facebook.net client.prod.mplat-ppcprotect.com https://s3.amazonaws.com/downloads.mailchimp.com/ www.xtento.com cdn.xtento.com *.google.fr *.google.ie *.google.co.uk *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.ukpos.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com unsafe-inline wchat.freshchat.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ict.infinity-tracking.net script.crazyegg.com tracking.crazyegg.com bat.bing.com client.prod.mplat-ppcprotect.com click.prod.mplat-ppcprotect.com region1.analytics.google.com https://www.google.co.uk/ads/ data: *.google-analytics.com stats.g.doubleclick.net *.ukpos.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com widget.thuiswinkel-cdn.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com consent.cookiebot.com *.freshchat.com consentcdn.cookiebot.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com imgsct.cookiebot.com *.google.com.ua *.google.com.nl api.taggrs.io widget.thuiswinkel-cdn.org px.ads.linkedin.com bat.bing.com sst.officecentre.nl https://www.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com consent.cookiebot.com static.zdassets.com wss://widget-mediator.zopim.com consentcdn.cookiebot.com widget.thuiswinkel.org widget.thuiswinkel-cdn.org eu.fw-cdn.com *.freshchat.com bat.bing.com sst.officecentre.nl js.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.typekit.net *.freshchat.com static-tracking.klaviyo.com widget.thuiswinkel-cdn.org https://static.klaviyo.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com ekr.zdassets.com wss://widget-mediator.zopim.com consentcdn.cookiebot.com widget.trustpilot.com widget.thuiswinkel.org widget.thuiswinkel-cdn.org app-euc.freshmarketer.com widgetcontent.thuiswinkel-cdn.org sst.officecentre.nl px.ads.linkedin.com bat.bing.com ws://127.0.0.1:35729/livereload https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.rikstv.no wss://*.rikstv.no *.strim.no https://*.launchdarkly.com fonts.gstatic.com https://*.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://geo.cardinalcommerce.com https://*.litix.io https://*.theoplayer.com https://*.sanity.io https://*.nep.ms https://*.telenorcdn.net https://d35a3yqleg4mle.cloudfront.net https://*.sentry.io https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.google.no https://*.googlesyndication.com https://www.googletagmanager.com https://*.clarity.ms https://*.bing.com https://eu.i.posthog.com blob: data: https://*.niceincontact.com https://af-de-web-modules.s3.eu-central-1.amazonaws.com https://*.viaplay.no; script-src 'self' 'unsafe-eval' 'nonce-KLenZpxWkSWACpNzkLTIZg==' 'strict-dynamic' 'wasm-unsafe-eval' https://www.clarity.ms https://www.gstatic.com 'report-sample' https://www.paypalobjects.com https://www.paypal.com https://songbird.cardinalcommerce.com; style-src 'self' 'unsafe-inline' https://assets.braintreegateway.com https://web-modules-de-eu1.niceincontact.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcc16aeced64de99ebc739f17aa7b488f&ddsource=csp-report; report-to csp-endpoint; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://widgets.xsellco.com/ https://x.klarnacdn.net/ *.bathroomtakeaway.com/ 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors https://widgets.xsellco.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://widgets.xsellco.com/ *.facebook.com/ *.ubembed.com *.doubleclick.net *.cookiebot.com *.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.bathroomtakeaway.com/ https://c.clarity.ms/ https://c.bing.com/ https://www.facebook.com/ *.google.com/ https://google.com/ https://www.google.com.hk/ *.google.co.uk/ https://www.bathroomtakeaway.co.uk/ *.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com tagmanager.google.com https://www.googletagmanager.com *.facebook.net/ *.facebook.com/ *.bathroomtakeaway.com/ *.bing.com/ https://widgets.xsellco.com/ https://www.clarity.ms/ https://www.googletagmanager.com/ https://eu-library.klarnaservices.com/ *.klarna.com/ *.tiktok.com/ *.doubleclick.net *.ubembed.com *.cookiebot.com *.hotjar.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.bathroomtakeaway.com/ https://widgets.xsellco.com/ https://x.klarnacdn.net/ *.doubleclick.net *.ubembed.com downloads.mailchimp.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://www.google-analytics.com *.bathroomtakeaway.com/ https://widgets.xsellco.com/ *.doubleclick.net/ https://api.craftyclicks.co.uk/ https://invitejs.trustpilot.com/ *.clarity.ms/ https://evt-eu.klarnaservices.com/ *.klarna.com/ *.klarnaevt.com *.google.com/ *.googlesyndication.com/ https://google.com/ *.facebook.com/ *.cookiebot.com *.tiktok.com/ *.ubembed.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com 'self' data: *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.zdassets.com *.userway.org 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.paytrace.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.demo.convergepay.com api.convergepay.com gstatic.com *.googletagmanager.com *.twitter.com *.facebook.com https://www.traceparts.com https://player.vimeo.com/ https://vars.hotjar.com/ *.userway.org *.doubleclick.net https://calculator.exair.com/cabinetcooler/calculator/index.php 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.alothemes.com *.magepow.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://bat.bing.com http://t.co/ https://px.ads.linkedin.com http://www.trustlogo.com/ https://ssl.comodo.com https://camo.githubusercontent.com/ https://p.adsymptotic.com/ https://secure.trust-provider.com/ https://c.clarity.ms/c.gif cdn.userway.org *.facebook.net *.facebook.com *.google.com *.google.co.in *.bing.com *.linkedin.com *.google.ca *.twitter.com *.simpli.fi *.doubleclick.net *.tremorhub.com *.3lift.com *.tapad.com *.agkn.com *.intentiq.com *.pubmatic.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pro-market.net *.comodoca.com *.pippio.com *.sectigo.com https://d3k81ch9hvuctc.cloudfront.net/company/XxTZBJ/images/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.alothemes.com *.magepow.com *.paytrace.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.demo.convergepay.com api.convergepay.com gstatic.com 'self' data: *.googletagmanager.com tagmanager.google.com https://chimpstatic.com http://bat.bing.com/bat.js https://bat.bing.com/p/action/16008447.js static.ads-twitter.com *.twimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.trustlogo.com *.google-analytics.com *.zdassets.com *.ekr.zdassets.com https://analytics.twitter.com exairhelp.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://secure.trust-provider.com https://libs.fraud.elavongateway.com/sdk-web-js/0.13.8/3ds2-web-sdk.min.js https://www.convergepay.com/hosted-payments/Checkout.js https://demo.convergepay.com/hosted-payments/Checkout.js *.clarity.ms https://static.hotjar.com/c/hotjar-2555992.js https://script.hotjar.com *.hotjar.com https://edge.fullstory.com/s/fs.js *.fullstory.com *.userway.org *.facebook.net *.doubleclick.net *.bing.com *.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.zdassets.com/web_widget* https://static.zdassets.com/ekr/snippet.js/* *.simpli.fi *.cloudflare.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js *.truevaultcdn.com *.dcatalog.com *.jquery.com *.termsfeedtag.com https://recruitingbypaycor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com fonts.google.com *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.googletagmanager.com *.userway.org *.klaviyo.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com *.zdassets.com *.ekr.zdassets.com https://static.zdassets.com/web_widget/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 *.static.zdassets.com https://static.zdassets.com/web_widget* 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com api.demo.convergepay.com api.convergepay.com gstatic.com 'unsafe-inline' data: 'unsafe-inline' blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.facebook.net *.zdassets.com *.ekr.zdassets.com https://analytics.twitter.com exairhelp.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://www.convergepay.com/hosted-payments/service/payment/hpe/process https://demo.convergepay.com/hosted-payments/service/payment/hpe/process https://clarity.microsoft.com/ *.clarity.ms *.hotjar.com *.bing.com *.fullstory.com *.userway.org *.doubleclick.net *.linkedin.com https://static.zdassets.com/web_widget* *.oribi.io *.googlesyndication.com *.truevaultcdn.com *.termsfeedtag.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.intimatemerger.com https://*.im-apps.net; 1
font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.coinpayments.net/index.php *.canadapost.ca https://sso.epost.ca *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com www.facebook.com platform.twitter.com *.authorize.net *.addthis.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.coinpayments.net magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com https://www.magezon.com flagpedia.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.googleapis.com maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com *.authorize.net https://tnsb.postaffiliatepro.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io *.googleapis.com www.gstatic.com maps.googleapis.com *.authorize.net *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src 'report-sample' 'self' 'nonce-20f99afb13ca9766efc7f62319eac852' 'sha256-Uar6/o6bHxLbvYdSPaAi9aPBl0o2QLBH4YZtTV7Yh9U=' *.forcloudcdn.com *.forter.com analytics.tiktok.com analytics.twitter.com app.link cdn.branch.io connect.facebook.net dkupaw9ae63a8.cloudfront.net googleads.g.doubleclick.net maps.googleapis.com sc-static.net static.ads-twitter.com tools.luckyorange.com tr.snapchat.com websdk.appsflyer.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.forcloudcdn.com fonts.googleapis.com; connect-src https: wss:; img-src data: https:; font-src data: https:; frame-src 'self' bid.g.doubleclick.net bytedance: fordeal: sslocal: tr.snapchat.com tr6.snapchat.com www.facebook.com www.youtube.com; object-src 'none'; child-src 'self' blob:; base-uri 'none'; report-uri https://dot.fordeal.ae/api/csp-reports?who=client_customer&app=fordeal 1
object-src 'none';base-uri 'self';script-src 'nonce-IpfTF51ySYLDM0b7qfYNUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-97Eo6It95YMMVf_FXH0tTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'nonce-1450a254db4aeb0869c0338b61355486' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.klaviyo.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.olark.com *.paypal.com https://cdn.accessibly.app https://maps.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.addthis.com *.doubleclick.net *.meetanshi.com https://meetanshi.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.googleadservices.com *.cloudfront.net *.twitter.com *.olark.com *.vimeo.com *.bing.com *.google.co.in *.doubleclick.net *.googletagmanager.com *.cardinalcommerce.com https://cdn.accessibly.app https://maps.gstatic.com https://firebasestorage.googleapis.com *.meetanshi.com https://meetanshi.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ apis.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.google-analytics.com *.googleadservices.com *.klaviyo.com https://dash.accessibly.app https://cdn.accessibly.app https://maps.googleapis.com *.googletagmanager.com *.cardinalcommerce.com maxcdn.bootstrapcdn.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com widgets.pinterest.com *.olark.com *.callrail.com *.pinimg.com *.hotjar.com *.ipify.org *.noibu.com *.bing.com *.schema.org *.pinterest.com *.yotpo.com *.facebook.net *.meetanshi.com *.paypalobjects.com s7.addthis.com *.avada.io *.shopify.com https://meetanshi.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com assets.braintreegateway.com *.paypal.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.olark.com *.vimeo.com *.cardinalcommerce.com *.googletagmanager.com https://maps.gstatic.com *.google-analytics.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.olark.com *.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.klaviyo.com *.twitter.com *.olark.com *.callrail.com *.pinterest.com *.facebook.com *.doubleclick.net *.bing.com https://alt-tags.accessiblyapp.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com https://meetanshi.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com/ https://i.vimeocdn.com https://player-telemetry.vimeo.com https://viewer.mapme.com https://m.ankiro.dk/ https://www.googletagmanager.com https://tracking.m.dk https://*.googleapis.com https://*.analytics.google.com https://tagmanager.google.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://fonst.gstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/ https://hittegods.metroservice.dk https://hittegodseng.metroservice.dk https://hittegodsvedikke.metroservice.dk/ https://hittegodsvedikkeeng.metroservice.dk/ https://henvendelseeng.metroservice.dk/ https://henvendelse.metroservice.dk/ https://payment.metroservice.dk/ https://connect.facebook.net/en_US/fbevents.js https://*.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.matomo.cloud/metroselskabet.matomo.cloud/matomo.js https://connect.facebook.net/signals/config/ https://s2.adform.net/Serving/TrackPoint/ https://metroselskabet.matomo.cloud/matomo.php https://ad.doubleclick.net/activity https://9562205.fls.doubleclick.net/ https://td.doubleclick.net/ https://api-eu1.agillic.net/recipients https://api-eu1.agillic.net/recipients/v2/:upsertAndAchieve https://app-ne-metro-p-website-cd.azurewebsites.net https://app-ne-metro-p-corp-cd.azurewebsites.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' https://metroselskabet.euwest01.umbraco.io/ https://js.monitor.azure.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com/ https://i.vimeocdn.com https://player-telemetry.vimeo.com https://viewer.mapme.com https://m.ankiro.dk/ https://www.googletagmanager.com https://tracking.m.dk https://*.googleapis.com https://*.analytics.google.com https://tagmanager.google.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://fonst.gstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/ https://hittegods.metroservice.dk https://hittegodseng.metroservice.dk https://hittegodsvedikke.metroservice.dk/ https://hittegodsvedikkeeng.metroservice.dk/ https://henvendelseeng.metroservice.dk/ https://henvendelse.metroservice.dk/ https://payment.metroservice.dk/ https://connect.facebook.net/en_US/fbevents.js https://*.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.matomo.cloud/metroselskabet.matomo.cloud/matomo.js https://connect.facebook.net/signals/config/ https://s2.adform.net/Serving/TrackPoint/ https://metroselskabet.matomo.cloud/matomo.php https://ad.doubleclick.net/activity https://9562205.fls.doubleclick.net/ https://td.doubleclick.net/ https://api-eu1.agillic.net/recipients https://api-eu1.agillic.net/recipients/v2/:upsertAndAchieve https://app-ne-metro-p-website-cd.azurewebsites.net https://app-ne-metro-p-corp-cd.azurewebsites.net https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com blob: data:; media-src 'self' https://metroselskabet.euwest01.umbraco.io/ blob: data:; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; form-action 'self' https://metroselskabet.euwest01.umbraco.io/; frame-ancestors 'none'; upgrade-insecure-requests; connect-src 'self' https://metroselskabet.euwest01.umbraco.io/ https://js.monitor.azure.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com/ https://i.vimeocdn.com https://player-telemetry.vimeo.com https://viewer.mapme.com https://m.ankiro.dk/ https://www.googletagmanager.com https://tracking.m.dk https://*.googleapis.com https://*.analytics.google.com https://tagmanager.google.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://fonst.gstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/ https://hittegods.metroservice.dk https://hittegodseng.metroservice.dk https://hittegodsvedikke.metroservice.dk/ https://hittegodsvedikkeeng.metroservice.dk/ https://henvendelseeng.metroservice.dk/ https://henvendelse.metroservice.dk/ https://payment.metroservice.dk/ https://connect.facebook.net/en_US/fbevents.js https://*.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.matomo.cloud/metroselskabet.matomo.cloud/matomo.js https://connect.facebook.net/signals/config/ https://s2.adform.net/Serving/TrackPoint/ https://metroselskabet.matomo.cloud/matomo.php https://ad.doubleclick.net/activity https://9562205.fls.doubleclick.net/ https://td.doubleclick.net/ https://api-eu1.agillic.net/recipients https://api-eu1.agillic.net/recipients/v2/:upsertAndAchieve https://app-ne-metro-p-website-cd.azurewebsites.net https://app-ne-metro-p-corp-cd.azurewebsites.net; frame-src 'self' https://js.monitor.azure.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com/ https://i.vimeocdn.com https://player-telemetry.vimeo.com https://viewer.mapme.com https://m.ankiro.dk/ https://www.googletagmanager.com https://tracking.m.dk https://*.googleapis.com https://*.analytics.google.com https://tagmanager.google.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://fonst.gstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/ https://hittegods.metroservice.dk https://hittegodseng.metroservice.dk https://hittegodsvedikke.metroservice.dk/ https://hittegodsvedikkeeng.metroservice.dk/ https://henvendelseeng.metroservice.dk/ https://henvendelse.metroservice.dk/ https://payment.metroservice.dk/ https://connect.facebook.net/en_US/fbevents.js https://*.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.matomo.cloud/metroselskabet.matomo.cloud/matomo.js https://connect.facebook.net/signals/config/ https://s2.adform.net/Serving/TrackPoint/ https://metroselskabet.matomo.cloud/matomo.php https://ad.doubleclick.net/activity https://9562205.fls.doubleclick.net/ https://td.doubleclick.net/ https://api-eu1.agillic.net/recipients https://api-eu1.agillic.net/recipients/v2/:upsertAndAchieve https://app-ne-metro-p-website-cd.azurewebsites.net https://app-ne-metro-p-corp-cd.azurewebsites.net; 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-2VG4rQytzhw7h_oImiqnYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SuSKGzeVg5PR94M7evoZbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.cloudflare.com *.twitter.com *.x.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com data: *.tawk.to maxcdn.bootstrapcdn.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net fonts.googleapis.com 'self' data: https://cdnjs.cloudflare.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com *.bing.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.x.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.twitter.com *.x.com www.google.com www.google.co.in www.facebook.com *.trustpilot.com td.doubleclick.net *.g.doubleclick.net www.kiyoh.com consentcdn.cookiebot.com tagmanager.google.com *.googletagmanager.com *.multisafepay.com https://pay.google.com www.gstatic.com apis.google.com js.mollie.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.bing.com 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com static.pay.nl *.gstatic.com *.google.com *.google.nl *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.x.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net *.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com *.pay.nl *.tawk.to tawk.link *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.bing.net *.etrusted.com *.multisafepay.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com quickchart.io img.youtube.com https://www.mollie.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com *.bing.com *.clarity.ms *.kaltura.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.twitter.com *.x.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com *.trustpilot.com *.g.doubleclick.net *.tawk.to consentcdn.cookiebot.com tagmanager.google.com script.hotjar.com static.hotjar.com *.cloudfront.net cloudfront.net cdn.cookiecode.nl *.multisafepay.com https://pay.google.com *.googleapis.com *.avada.io *.shopify.com player.vimeo.com js.mollie.com https://player.vimeo.com https://www.youtube.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.yotpo.com *.clarity.ms integrations.etrusted.com bat.bing.com *.kaltura.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.x.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.tawk.to tagmanager.google.com *.googletagmanager.com *.etrusted.com maxcdn.bootstrapcdn.com *.multisafepay.com https://fonts.bunny.net fonts.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.g.doubleclick.net *.cloudflare.com *.twitter.com *.x.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com translations.piggy.eu maps.googleapis.com *.tawk.to wss://*.tawk.to consentcdn.cookiebot.com *.analytics.google.com script.hotjar.com static.hotjar.com core.helloretail.com cdn.cookiecode.nl api.cookiecode.nl *.bing.net *.multisafepay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com *.clarity.ms  'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src i.cdn-typekit.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.fitness-seller.nl/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bing.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms imgsct.cookiebot.com *.doofinder.com *.facebook.com *.google.sm *.smct.co pillolastore.com *.pillolastore.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.adfyier.com *.admediasales.com *.bannercrowd.net *.bing-int.com *.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com *.doofinder.com smct.co *.smct.co *.optimalpeople.fr *.prezzifarmaco.it *.tradedoubler.com tracking.trovaprezzi.it tps.trovaprezzi.it www.trovaprezzi.it *.trustpilot.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.doofinder.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.bing.com *.clarity.ms *.cookiebot.com *.doofinder.com wss://eu1-layer.doofinder.com/ wss://eu1-recommendations.doofinder.com/ *.googlesyndication.com/ *.optimalpeople.fr 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' loccioni.com *.loccioni.com;   img-src * data:;   frame-src *.youtube.com     *.loccioni.com     *.loccioni.com:9300     serviceloccioni.b2clogin.com;   style-src 'self' 'unsafe-inline'     fonts.googleapis.com;   font-src 'self'     fonts.gstatic.com;   script-src 'self' loccioni.com *.loccioni.com 'unsafe-eval' 'nonce-ZvVn_4uTdJNbTTGSIgW7yAAAAJs' 'nonce-abjOBW2q4UzAB9BZqy98XwAAAE8';   script-src-elem 'self' loccioni.com *.loccioni.com     cdn-cookieyes.com *.googletagmanager.com     *.google-analytics.com *.googleapis.com     'unsafe-inline' 'nonce-ZvVn_4uTdJNbTTGSIgW7yAAAAJs' 'nonce-abjOBW2q4UzAB9BZqy98XwAAAE8';   connect-src 'self'     wss: loccioni.com *.loccioni.com cdn-cookieyes.com *.cookieyes.com     *.google-analytics.com analytics.google.com *.analytics.google.com     stats.g.doubleclick.net    *.google.it *.googleapis.com     serviceloccioni.b2clogin.com;   report-uri https://sentry.loccioni.com//api/33/security/?sentry_key=c407f8937e802b8c2db6b48b4b6346c4;   report-to csp-endpoint;  1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com; font-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' https: data:; frame-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com https:; img-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com https:; script-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' 'unsafe-inline' https: 1
font-src www.paypalobjects.com fonts.gstatic.com https://widgets.trustedshops.com typesense.c-479.maxcluster.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com typesense.c-479.maxcluster.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net js.mollie.com consentcdn.cookiebot.com *.etrusted.com *.trustedshops.com sst.scs-holzshop.de *.googletagmanager.com typesense.c-479.maxcluster.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com validator.swagger.io https://images.unsplash.com https://www.mollie.com imgsct.cookiebot.com *.etrusted.com *.trustedshops.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com c.clarity.ms c.bing.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com typesense.c-479.maxcluster.net data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com consent.cookiebot.com consentcdn.cookiebot.com *.gstatic.com *.google.com *.googletagmanager.com t.adcell.com tagmanager.google.com https://www.clarity.ms https://scripts.clarity.ms https://l.clarity.ms https://d5yoctgpv4cpx.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com typesense.c-479.maxcluster.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src tagmanager.google.com fonts.google.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com typesense.c-479.maxcluster.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com consentcdn.cookiebot.com *.etrusted.com *.trustedshops.com stats.g.doubleclick.net *.google.com *.googletagmanager.com https://www.clarity.ms https://o.clarity.ms https://scripts.clarity.ms https://l.clarity.ms https://d5yoctgpv4cpx.cloudfront.net https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com https://integrations.etrusted.site typesense.c-479.maxcluster.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b907e4fb-b0f5-4d13-82f2-4cbf3fb9e900.sansec.watch/; report-to report-endpoint; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-811ddb3cd03a0549763978dc7f5c61be00ea9760' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-AZSfgD7gdvqVmA0aclQ1JQ=='; report-uri https://send.hsbrowserreports.com/csp/report 1
default-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://05b05d212ae69f14bc0693ae06b9402c.report-uri.com/r/t/csp/wizard 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-eval' https://js.hs-scripts.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://js.usemessages.com https://js.hubspotfeedback.com https://static.hsappstatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://scripts.clarity.ms https://connect.facebook.net https://*.hubspot.com https://*.hubspotusercontent.net https://*.hubspotusercontent-na1.net https://*.hsforms.net https://*.hsforms.com https://*.vidyard.com https://*.metrodemedellin.gov.co;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.hsappstatic.net https://*.hubspot.com https://*.hubspotusercontent.net;  img-src 'self' data: blob: https://static.hsappstatic.net https://static.hubspot.com https://*.hubspot.com https://*.hubspotusercontent.net https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.metrodemedellin.gov.co https://*.vidyard.com https://*.google-analytics.com https://www.facebook.com;  font-src 'self' https://fonts.gstatic.com https://static.hsappstatic.net https://*.hubspot.com;  connect-src 'self' https://*.hubspot.com https://*.hubspotusercontent.net https://*.google-analytics.com https://metrodemedellin.creatio.com https://integrador.metrodemedellin.gov.co https://api.hubapi.com https://forms.hscollectedforms.net https://js.hs-banner.com https://static.hsappstatic.net https://www.clarity.ms https://a.clarity.ms;  frame-src 'self' https://*.hubspot.com https://*.hs-sites.com https://*.vidyard.com;  object-src 'none';  base-uri 'self';  frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' *.asahiglassplaza.net cdn.jsdelivr.net fonts.gstatic.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.youtube.com webto.salesforce.com *.googleapis.com agc-gp.sitesearch.jp chromestatus.com; report-uri /csp_reports/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.zip.co *.bing.com *.alicdn.com *.baomitu.com *.bazaarvoice.com *.cdnfonts.com *.googleapis.com *.hotjar.com *.hsappstatic.net *.office.net *.slant.co *.zopim.com d1uznvntk80v7s.cloudfront.net unpkg.com *.burnsco.co.nz https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.localhost.com *.paymentexpress.com *.windcave.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.localhost.com *.paymentexpress.com *.windcave.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.sharethis.com https://images.unsplash.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.openstreetmap.org https://maps.googleapis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cdninstagram.com *.fbcdn.net *.unbxdapi.com *.bing.com *.google.com.vn *.google.com.au google.com *.adroll.com *.bidswitch.net *.rubiconproject.com *.openx.net *.pubmatic.com *.rlcdn.com *.yahoo.com *.adnxs.com *.casalemedia.com *.company-target.com *.ib-ibi.com *.dotomi.com *.prfct.co *.taboola.com *.addthis.com *.fg8dgt.com *.fzlnk.com *.jivox.com *.acuityplatform.com *.quantserve.com *.apolloprogram.io *.smartadserver.com *.storygize.net *.rezync.com *.rfihub.com *.mediarithmics.com mmtro.com *.1rx.io *.unrulymedia.com *.ctnsnet.com *.33across.com *.3lift.com *.lijit.com *.weborama.fr *.innovid.com *.skimresources.com pippio.com *.securedvisit.com *.insightexpressai.com *.ispot.tv *.swoop.com *.swpsv.com *.crsspxl.com *.acxiomapac.com *.globalwebindex.net *.mrtnsvr.com *.dxkulture.com *.rakuten.com *.semasio.net *.commander1.com *.adstir.com *.twitter.com *.socd.com *.im-apps.net *.rtbiq.com *.mgid.com *.meritb2b.com zdbb.ne *.reson8.com *.adsrvr.org *.clarity.ms *.amazon-adsystem.com *.stackadapt.com *.bluekai.com *.contextweb.com *.kargo.com *.criteo.com *.bidr.io *.exelator.com *.scorecardresearch.com *.turn.com *.w55c.net *.crwdcntrl.net *.walmart.com *.mathtag.com *.sitescout.com *.simpli.fi *.mxptint.net *.media.net *.adentifi.com *.linksynergy.com *.adgrx.com *.ipredictive.com *.tidaltv.com *.tapad.com *.cardlytics.com *.agkn.com *.owneriq.net bttrack.com *.spotify.com *.undertone.com *.tribalfusion.com *.admission.net *.eyeota.net *.ml314.com *.mookie1.com *.afterpay.com www.google.co.in www.google.co.nz www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.nl www.google.co.jp www.google.co.th www.google.co.uk www.google.com.co www.google.com.pk www.google.com.sa www.google.hu www.google.ie www.google.it www.google.ae www.google.at www.google.az www.google.be www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.ke www.google.co.kr www.google.co.tz www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bn www.google.com.br www.google.com.fj www.google.com.kh www.google.com.ly www.google.com.mt www.google.com.ng www.google.com.pg www.google.com.qa www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cv www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.iq www.google.lk www.google.lt www.google.lv www.google.mn www.google.mu www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.so www.google.tl www.google.to *.techrentals.co.nz *.techrentals.com.au www.google.by www.google.cm www.google.co.ma www.google.co.ug www.google.co.uz www.google.co.ve www.google.com.bo www.google.com.kw www.google.com.lb www.google.com.om www.google.com.pe www.google.cz www.google.jo www.google.la www.google.sr www.google.vu *.google-analytics.com *.google.com *.googleadservices.com *.techrentals.com.my *.techrentals.com.sg www.google.ba www.google.bj www.google.bt www.google.ci www.google.co.ao www.google.co.bw www.google.co.mz www.google.co.zm www.google.co.zw www.google.com.au www.google.com.bh www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.mm www.google.com.np www.google.com.pa www.google.com.pr www.google.com.sb www.google.com.sv www.google.com.uy www.google.ge www.google.hr www.google.is www.google.kz www.google.ml www.google.mw www.google.ne www.google.rw www.google.sc www.google.sk www.google.sn www.google.tn www.google.tt *.alicdn.com *.bazaarvoice.com *.bing.net *.googleapis.com *.imgix.net *.scarabresearch.com *.zopim.com www.google.ad www.google.al www.google.am www.google.as www.google.bf www.google.bs www.google.cd www.google.cg www.google.co.ck www.google.co.cr www.google.co.vi www.google.com.ag www.google.com.bz www.google.com.cu www.google.com.gi www.google.com.jm www.google.com.na www.google.com.ni www.google.com.py www.google.com.sl www.google.com.vc www.google.dm www.google.fm www.google.ga www.google.gg www.google.gl www.google.gm www.google.gy www.google.hn www.google.ht www.google.im www.google.je www.google.kg www.google.ki www.google.lu www.google.md www.google.me www.google.mg www.google.mk www.google.mv www.google.nr www.google.nu www.google.pn www.google.ps www.google.sh www.google.sm www.google.st www.google.tg www.google.tm www.google.ws yastatic.net *.baidu.com *.burnsco.co.nz *.vimeo.com www.google.com.af www.google.td www.google.co.ls https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.sharethis.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.instagram.com *.newrelic.com *.nr-data.net *.convertexperiments.com *.clarity.ms *.abtasty.com *.pricespider.com *.emarsys.net *.bing.com *.adsrvr.org *.cloudfront.net *.quantserve.com *.adroll.com *.quantcount.com *.online-metrix.net *.zdassets.com *.signifyd.com unpkg.com bpi.zip.co *.jsdelivr.net *.ipify.org *.afterpay.com *.bazaarvoice.com *.googleapis.com *.hotjar.com *.omtrdc.net *.scarabresearch.com *.vimeo.com *.zopim.com *.burnsco.co.nz rum.hlx.page *.plugins.emarsys.net https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com display.ugc.bazaarvoice.com *.zip.co unpkg.com *.bing.com *.typekit.net *.jsdelivr.net *.baomitu.com *.omtrdc.net *.addysolutions.com *.burnsco.co.nz https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdninstagram.com vimeo.com *.zdassets.com *.vimeocdn.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.sharethis.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.openstreetmap.org api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.instagram.com *.googleusercontent.com cdn.jsdelivr.net *.abtasty.com *.nr-data.net *.clarity.ms *.adroll.com *.online-metrix.net *.zipmoney.com.au *.cloudfront.net *.zip.co *.zendesk.com *.mastersoftgroup.com *.zopim.com *.bing.com wss://widget-mediator.zopim.com *.zdassets.com *.addysolutions.com www.google.co.in www.google.co.nz www.google.com.au www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.co.jp www.google.co.uk www.google.com.co www.google.com.hk www.google.com.pk www.google.com.sa www.google.hu www.google.it www.google.ae www.google.be www.google.co.id www.google.co.kr www.google.co.th www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bn www.google.com.kh www.google.com.pg www.google.com.tw www.google.com.vn www.google.cv www.google.de www.google.dz www.google.es www.google.iq www.google.lk www.google.mn www.google.pl www.google.ro www.google.ru www.google.so www.google.tl *.crwdcntrl.net www.google.at www.google.az www.google.ca www.google.ch www.google.co.il www.google.co.ug www.google.com.br www.google.com.fj www.google.com.ng www.google.com.pe www.google.com.qa www.google.com.tr www.google.dk www.google.fr www.google.nl www.google.no www.google.vu *.googleadservices.com *.techrentals.com.my *.techrentals.com.sg www.google.bt www.google.by www.google.cl www.google.co.bw www.google.co.ke www.google.co.ma www.google.co.tz www.google.co.zw www.google.com.bo www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.np www.google.com.sb www.google.com.sv www.google.com.ua www.google.cz www.google.ee www.google.ge www.google.gr www.google.ie www.google.jo www.google.kz www.google.la www.google.lt www.google.lv www.google.mu www.google.rs www.google.se www.google.sk www.google.sn www.google.to *.alicdn.com *.amplitude.com *.bazaarvoice.com *.bing.net *.contentsquare.net *.googletagmanager.com *.hotjar.com *.scarabresearch.com *.stbuttons.click localhost servail.com www.google.al www.google.am www.google.as www.google.ba www.google.bg www.google.bs www.google.cg www.google.ci www.google.cm www.google.co.ao www.google.co.ck www.google.co.cr www.google.co.mz www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.zm www.google.com.ag www.google.com.bh www.google.com.bz www.google.com.cu www.google.com.cy www.google.com.et www.google.com.gi www.google.com.gt www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.na www.google.com.ni www.google.com.om www.google.com.pa www.google.com.pr www.google.com.py www.google.com.sl www.google.com.uy www.google.dm www.google.fi www.google.fm www.google.ga www.google.gg www.google.gl www.google.gm www.google.gy www.google.hr www.google.ht www.google.is www.google.ki www.google.lu www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mv www.google.mw www.google.nr www.google.nu www.google.pn www.google.pt www.google.sc www.google.si www.google.sr www.google.st www.google.tn www.google.tt www.google.ws *.addy.co.nz *.burnsco.co.nz *.hotjar.io rum.hlx.page www.google.com.af www.google.hn unpkg.com www.google.bf www.google.cd www.google.kg www.google.tg *.eservice.emarsys.net https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d94c0886-5f3c-4cfa-bd0f-6b0e89adce4f.sansec.watch/; report-to report-endpoint; 1
img-src 'self' data: https://vervoe.com  https://www.facebook.com  https://secure.gravatar.com  https://perf-na1.hsforms.com  https://7663936.fs1.hubspotusercontent-na1.net  https://www.googletagmanager.com  https://bat.bing.com  https://www.google.co.id  https://i.ytimg.com  https://b.sf-syn.com  https://no-cache.hubspot.com  https://forms-na1.hsforms.com  https://www.google.co.in  https://www.google.ca  https://lh3.googleusercontent.com  https://i.vimeocdn.com  https://www.google.com.ph  blob:  https://lh4.googleusercontent.com  https://lh7-rt.googleusercontent.com  https://websitedemos.net  https://account.crocoblock.com  https://img.youtube.com  https://lh5.googleusercontent.com  https://www.google.com.pk  https://www.linkedin.com  https://www.google.com.ng  https://www.google.co.nz  https://www.google.co.za  https://lh7-us.googleusercontent.com  https://www2.deloitte.com  https://www.google.co.ls  https://www.google.jo  https://www.google.com.hk  https://www.google.co.uk  https://www.google.com.eg  https://www.google.co.zw  https://www.google.com.my  https://perf.hsforms.com  https://ad.doubleclick.net  https://www.google.mw  https://www.google.tt  https://www.google.com.et  https://fonts.gstatic.com  https://translate.google.com  https://www.google.lk  https://pos.baidu.com  https://www.google.com.pr  https://www.google.com.tr  https://www.google.com.vn  https://www.google.com.ar  https://www.google.kz  https://www.google.com.na  https://res.cloudinary.com  https://www.google.co.ke  https://www.google.com.qa  https://cdn.honey.io  https://www.google.com.co  https://www.google.com.ec  https://www.google.co.ug  https://www.google.com.pg  https://www.google.com.ua  https://www.google.co.tz  https://www.google.co.ma  https://www.google.ae  https://yastatic.net  https://www.google.com.sg  https://googleads.g.doubleclick.net  https://www.google.tn  https://exceptions.hs-embed-reporting.com  https://www.google.ru  https://www.google.co.th  https://www.google.com.bd  https://www.google.mn  https://f.hubspotusercontent30.net  https://www.google.com.lb  https://www.google.com.kh  https://www.google.co.mz  https://www.google.com.br  https://www.google.cm  https://www.google.cl  https://www.google.com.mm  https://www.google.so  https://www.google.com.np  https://www.google.ci  https://www.google.com.sa  https://www.google.com.mx  https://www.google.com.gh  https://www.google.co.uz  https://www.google.com.gt  https://zapier-images.imgix.net  https://www.google.am  https://www.gstatic.com  https://www.google.iq  https://www.google.com.bh  https://www.google.mv  https://www.google.com.bn  https://lh3.google.com  https://www.google.com.fj  https://storage.googleapis.com  https://www.google.rs  https://www.google.com.af  https://bat.bing.net  https://www.google.bt  https://www.google.la  https://message-cdn.getvero.com  https://www.google.com.om  https://www.google.com.jm  https://www.google.co.il  https://www.google.com.sv  https://www.google.co.jp  https://www.google.rw  https://www.google.dz  https://www.google.com.tw  https://www.google.com.uy  https://ps.w.org  https://px4.ads.linkedin.com  https://www.google.cd  https://www.google.mu  https://www.google.com.sl  https://www.google.com.ly  https://www.google.az  https://www.google.com.ni  https://www.google.co.kr  https://heapanalytics.com  https://www.google.com.pe  https://s.w.org  https://www.google.ch  https://www.google.co.cr  https://files.atlas.so  https://www.google.no  https://www.google.com.bz  https://www.google.fr  https://www.google.pl  https://www.google.be  https://www.google.it  https://www.google.nl  https://www.google.ie  https://www.google.ro  https://www.google.ws  https://www.google.sk  https://www.google.de  https://www.google.ee  https://www.google.es  https://www.google.se  https://www.google.com.kw  https://www.google.mk  https://www.google.hr  https://cdn.jsdelivr.net  https://www.google.com.cy  https://www.google.at  https://stats.g.doubleclick.net  https://www.google.co.bw  https://www.google.cz  https://really-simple-ssl.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' https://vervoe.com  https://cdn.segment.com  https://www.googleoptimize.com  https://tag.clearbitscripts.com  https://js.hubspot.com  https://x.clearbitjs.com  https://cdn.firstpromoter.com  https://b.sf-syn.com  https://reveal.clearbit.com  https://bat.bing.com  https://js-na1.hs-scripts.com  https://js.hsforms.net  https://snap.licdn.com  blob:  https://js.hscollectedforms.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.googletagmanager.com  https://hubspot.clearbit.com  https://infirc.com  https://js.hs-banner.com  https://js.hsleadflows.net  https://cdnjs.cloudflare.com  https://js.hs-analytics.net  https://d10lpsik1i8c69.cloudfront.net  https://www.youtube.com  https://zapier.com  https://ajax.googleapis.com  https://tracking.g2crowd.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google-analytics.com  https://js.convertflow.co  https://ssl.luckyorange.com  https://app.convertflow.co  https://cdn.zapier.com  https://cdn.amplitude.com  https://connect.facebook.net  https://player.vimeo.com  https://www.google.com  https://js.hs-scripts.com  https://googleads.g.doubleclick.net  https://3001.scriptcdn.net  https://cta-service-cms2.hubspot.com  https://translate.googleapis.com  https://translate.google.com  https://translate-pa.googleapis.com  https://mstat.acestream.net  https://www.printfriendly.com  https://infird.com  https://ritrag.com  https://localhost  https://cdn.toolszen.com  https://get663.com  https://fast.wistia.com  https://maps.googleapis.com  https://secured-pixel.com  https://mainf.global-cache.online  https://me.kes.v2.scr.kaspersky-labs.com  https://sslwidget.criteo.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://vervoe.com  https://cdn.segment.com  https://www.googleoptimize.com  https://tag.clearbitscripts.com  https://js.hubspot.com  https://x.clearbitjs.com  https://cdn.firstpromoter.com  https://b.sf-syn.com  https://reveal.clearbit.com  https://bat.bing.com  https://js-na1.hs-scripts.com  https://js.hsforms.net  blob:  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://hubspot.clearbit.com  https://infirc.com  https://cdnjs.cloudflare.com  https://www.youtube.com  https://zapier.com  https://ajax.googleapis.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://js.convertflow.co  https://app.convertflow.co  https://cdn.zapier.com  https://player.vimeo.com  https://www.google.com  https://3001.scriptcdn.net  https://cta-service-cms2.hubspot.com  https://translate.googleapis.com  https://translate.google.com  https://translate-pa.googleapis.com  https://mstat.acestream.net  https://www.printfriendly.com  https://infird.com  https://ritrag.com  https://localhost  https://cdn.toolszen.com  https://get663.com  https://fast.wistia.com  https://maps.googleapis.com  https://secured-pixel.com  https://mainf.global-cache.online  https://me.kes.v2.scr.kaspersky-labs.com  https://sslwidget.criteo.com ; style-src 'self' 'unsafe-inline' https://vervoe.com  https://fonts.googleapis.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://pwm-image.trendmicro.com  https://cdn.zapier.com  https://dw0d7wrju75izszv1lk.mentionusercontent.net  https://builder-assets.unbounce.com  https://use.fontawesome.com ; style-src-elem 'self' 'unsafe-inline' https://vervoe.com  https://fonts.googleapis.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://pwm-image.trendmicro.com  https://cdn.zapier.com  https://dw0d7wrju75izszv1lk.mentionusercontent.net  https://builder-assets.unbounce.com  https://use.fontawesome.com ; connect-src 'self' https://api.segment.io  https://cdn.segment.com  https://bat.bing.com  https://www.google-analytics.com  https://www.facebook.com  https://geoip.cookieyes.com  https://px.ads.linkedin.com  https://cta-service-cms2.hubspot.com  wss://in.visitors.live  https://region1.google-analytics.com  wss://visitors.live  https://forms.hscollectedforms.net  https://tracking.g2crowd.com  https://adservice.google.com  https://api-preview.luckyorange.com  https://bs.nakanohito.jp  https://z.clarity.ms  https://forms.hsforms.com  https://pubsub.googleapis.com  https://vervoe.com  https://r.clarity.ms  https://gtm.miinto.de  https://perf-na1.hsforms.com  https://q.clarity.ms  https://t.clarity.ms  https://x.clarity.ms  https://lexicon.33across.com  https://lm.serving-sys.com  https://overbridgenet.com  https://api.solarflareenergy.net  https://translate.googleapis.com  https://clientstream.launchdarkly.com  http://ad.doubleclick.net  https://api.software-downloading.com  https://forms-na1.hubspot.com  https://api.datacloudstat.com  https://api.vid-adblocker.com  https://lh7-rt.googleusercontent.com  https://apis.google.com  https://analytics.google.com  https://polyfilljs.org  https://hubspot-forms-static-embed.s3.amazonaws.com  https://translate-pa.googleapis.com  https://zapier.com  https://api.solarspireconsulting.com  data:  https://infragrid.v.network  https://api.amcreativemedia.com  https://yandex.ru  https://n.emojikeyboardforchrome.com  https://n.wistiaextension.com  https://api.zapier.com  https://api.highdataanalytics.com  http://localhost  https://api.fbanalytics.org  https://www.googleadservices.com  https://sdmextension.com  https://api.solaranalyticscorp.com  https://n.noadsadblocker.com  https://retcode-us-west-1.arms.aliyuncs.com  https://pk.api4load.net  https://api.mkmediaworks.com  https://api.killadsapi.com  properties  https://api.global-data-lab.com  https://cdnml.global-cache.online  https://bat.bing.net  https://api.aituria.com  ws://localhost  https://metrics-dre.dt.dbankcloud.cn  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.googletagmanager.com  wss://ff.kis.v2.scr.kaspersky-labs.com  https://metrics-dra.dt.dbankcloud.cn  https://gc.kis.v2.scr.kaspersky-labs.com  https://api.socialsolutionapp.com  https://api.ginger-analytics.com  https://www.gstatic.com  https://api.video-adblock.com  https://tracking-api.production.g2.com  https://app.atlas.so  wss://app.atlas.so  https://cdn.fs.atlas.so  https://i.ytimg.com  https://gjtrack.ucweb.com  https://me.kes.v2.scr.kaspersky-labs.com  wss://127.0.0.1  https://me.kis.v2.scr.kaspersky-labs.com  https://tracking-api.g2.com  https://service5.gstatic-cache.com  https://visitors.live  https://in.visitors.live  https://rum.browser-intake-us5-datadoghq.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://ipgeolocation.abstractapi.com  wss://gc.kis.v2.scr.kaspersky-labs.com  https://code.jquery.com  https://www.google.com.au  https://region1.analytics.google.com  https://www.google.com.mx  https://www.google.com.pk  https://www.google.ae  https://www.google.com.ua  https://www.google.co.za  https://www.google.ca  https://www.google.de  https://www.google.no  https://www.google.co.uk  https://www.google.it  https://www.google.com.ng  https://www.google.co.in  https://www.google.ci  https://www.google.com.hk  https://www.google.com.ar  https://www.google.com.ph  https://www.google.com.vn  https://www.google.fr  https://www.google.com.mm  https://www.google.co.jp  https://www.google.nl  https://www.google.pl  https://www.google.com.et  https://www.google.com.br  https://www.google.co.th  https://www.google.pt  https://www.google.com.pr  https://www.google.lv  https://www.google.com.gt  https://www.google.co.id  https://www.google.ch  https://www.google.co.nz  https://www.google.com.sg  https://www.google.co.ke  https://www.google.co.uz  https://www.google.be  https://www.google.ru  https://www.google.rs  https://www.google.es  https://www.google.dz  https://www.google.co.zw  https://www.google.hr  https://www.google.com.my  https://www.google.se  https://www.google.hu  https://www.google.com.bd  https://www.google.com.kh  https://www.google.co.ug  https://www.google.co.il  https://www.google.lk  https://www.google.com.co  https://www.google.bs  https://www.google.com.af  https://www.google.cz  https://www.google.mw  https://www.google.com.pe  https://www.google.co.tz  https://www.google.ie  https://www.google.com.tr  https://www.google.so;  frame-src 'self' https://app.hubspot.com  https://player.vimeo.com  https://www.youtube.com  https://td.doubleclick.net  https://mozbar.moz.com  https://forms.hsforms.com  https://www.figma.com  https://w.soundcloud.com  https://gateway.zscloud.net  https://cdn.segment.com  https://div.show  https://res.dugouthub.com  https://gateway.zscalertwo.net  https://block.opendns.com  https://support.google.com  https://zapier.com  https://www.googletagmanager.com  https://trust.holisticai.com  http://player.vimeo.com.x.4d7e1d6303ff00467108281053e323e3d100.43d7524b.id.opendns.com  http://td.doubleclick.net.x.2db9d6b90e4a504d080b2ef0b5c07014005b.92708534.id.opendns.com  null  http://td.doubleclick.net.x.b191ff890e5ca04c370b22303993b550882e.43d7532d.id.opendns.com  https://ext.rdplinks.com  http://td.doubleclick.net.x.3c95fef70c68304875082ad0c26fbddc0cb3.d045247e.id.opendns.com  https://wp-rocket.me  https://www.linkedin.com  https://www.holisticai.com  http://td.doubleclick.net.x.31e78aaa0948b04b5b08ff6066e5b1aaa1a0.43d75326.id.opendns.com  https://bat.bing.com  blob:  http://127.0.0.1;  font-src 'self' https://vervoe.com  https://fonts.gstatic.com  https://use.typekit.net  moz-extension  https://cdn.scite.ai  https://ray.st  ms-browser-extension  https://cdn.userlove.io  chrome-extension://jcmcbmdmfmelmlelagelpfhmohipjjia/Inter-Regular.woff  chrome-extension://jcmcbmdmfmelmlelagelpfhmohipjjia/Inter-Medium.woff2  https://static.hsappstatic.net  http://themes.googleusercontent.com  https://frontdoorcdn.mindverse.ai  chrome-extension://05C29A66-3002-46DE-B4FC-6BFF211D2428/fonts/Inter-Variable.ttf  chrome-extension://05C29A66-3002-46DE-B4FC-6BFF211D2428/fonts/Recoleta-Variable.otf  chrome-extension://jcmcbmdmfmelmlelagelpfhmohipjjia/Inter-Bold.woff  https://at.alicdn.com  https://migaku-public-data.migaku.com  chrome-extension://extension_id__/fonts/Inter-Variable.ttf  chrome-extension://extension_id__/fonts/Recoleta-Variable.otf  chrome-extension://extension_id__/fonts/SFProText-Variable.otf  https://vervoe.temp513.kinsta.cloud;  object-src 'self' https://trust.holisticai.com  https://rules.cityofnewyork.us;  manifest-src 'self' https://vervoe.com;  worker-src 'self' blob:  data:;  media-src 'self' data:  https://ssl.gstatic.com;  child-src 'self' blob:;  report-uri https://vervoe.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1646020246; 1
object-src  'none'; connect-src 'self' *.throated.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.throated.com join.gammasecure.com; script-src 'self' *.throated.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.throated.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.facebook.com *.clarity.ms *.hotjar.com *.kleeneproducties.nl kleeneproducties.nl issuu.com *.issuu.com adobe.com *.pinterest.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.doubleclick.net *.facebook.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.nl *.guapatest.nl *.homecenter.nl *.kapenga.nl *.stoelenconcurrent.nl *.pinterest.com *.clarity.ms *.bing.com *.linkedin.com *.travyk.nl *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://ipinfo.io js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.clickcease.com *.facebook.net *.googletagmanager.com *.googleoptimize.com *.googleanalytics.com *.google-analytics.com *.gstatic.com *.hotjar.com *.clarity.ms chimpstatic.com mylivechat.com *.mylivechat.com issuu.com *.issuu.com adobe.com ipinfo.io *.ipinfo.io *.pinimg.com *.licdn.com *.homecenter.nl *.kapenga.nl *.cloudfront.net *.pinterest.com *.travyk.nl *.googlesyndication.com *.cloudflare.com data.homecenter.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net *.multisafepay.com assets.braintreegateway.com *.trustpilot.com *.google.com *.googleapis.com *.homecenter.nl *.mailchimp.com *.mylivechat.com kleeneproducties.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.doubleclick.net *.google-analytics.com *.homecenter.nl *.hypernode.io *.clarity.ms *.hotjar.com *.hotjar.io wss://*.hotjar.com/ *.hotjar.com/ *.pinterest.com *.googlesyndication.com *.demdex.net *.linkedin.com *.kapenga.nl *.travyk.nl *.amazonaws.com *.kleeneproducties.nl kleeneproducties.nl https://www.kapenga.info 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';frame-src 'self' https://*.youtube.com https://*.hubspotvideo.com https://*.hubspot.com https://*.google.com https://*.googletagmanager.com https://*.hsforms.com https://*.twitter.com https://*.doubleclick.net http://digitalsignageagents.ai http://smartsignage.ai http://smartsignageagents.ai;img-src 'self' https://*.hubspotusercontent-na1.net https://*.hubspotvideo.com https://*.google.com https://*.hs-embed-reporting.com https://*.googletagmanager.com https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://*.hsappstatic.net https://*.google.co.in https://*.ytimg.com https://*.facebook.com https://*.clarity.ms https://*.bing.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.hubspotusercontent-na1.net https://*.hubspotvideo.com https://*.hubspot.net https://*.hsappstatic.net;connect-src 'self' https://*.hubspotvideo.com https://*.hubspot.com https://*.zi-scripts.com https://*.zoominfo.com https://*.googlesyndication.com https://*.hs-banner.com https://*.hubapi.com https://*.hscollectedforms.net https://*.clarity.ms https://*.hsforms.com https://*.google.com https://*.linkedin.com https://*.google-analytics.com https://*.google.co.in https://*.doubleclick.net;font-src 'self' https://*.gstatic.com https://*.hubspotvideo.com https://*.hubspot.com https://*.hubspotusercontent-na1.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hubspot.com https://*.googletagmanager.com https://*.clarity.ms https://*.factors.ai https://*.hubspotusercontent-na1.net https://*.hsappstatic.net https://*.hsadspixel.net https://*.hsleadflows.net https://*.usemessages.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-sites.com https://*.zi-scripts.com;object-src 'none';frame-ancestors 'self' http://digitalsignageagents.ai http://smartsignage.ai http://smartsignageagents.ai 1
default-src static.hsappstatic.net;  media-src greenpeace.org.au *.greenpeace.org.au; script-src * 'unsafe-inline' 'unsafe-eval';  style-src *  'unsafe-inline';  img-src * data:;  base-uri   'self'; form-action 'self' https://www.facebook.com https://forms.hsforms.com *.hubspot.com; font-src greenpeace.org.au *.greenpeace.org.au www.greenpeace.org fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com https://*.hubspotusercontent30.net https://8586633.fs1.hubspotusercontent-na1.net https://script.hotjar.com https://vc.hotjar.io https://cdn-custom.optimonk.com data:;  frame-src *;  connect-src 'self' https://analytics.greenpeace.org.au *.hubspot.com *.doubleclick.net js.hs-banner.com https://adservice.google.com analytics.google.com https://*.analytics.google.com *.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.hotjar.com https://metrics.hotjar.io https://stripe-payments-dot-gpap-engineering.appspot.com https://bat.bing.com https://www.facebook.com https://www.greenpeace.org.au https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://forms.hsforms.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://cp.hubspot.com https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com https://www.google.com https://www.google.com.au/ads/ga-audiences https://pagead2.googlesyndication.com https://api.omappapi.com https://sentry.io https://pixels.spotify.com https://api.stripe.com https://analytics.tiktok.com https://cds.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://psb.taboola.com https://pips.taboola.com https://*.convertexperiments.com https://px.ads.linkedin.com https://*.optimonk.com; report-uri https://o196544.ingest.sentry.io/api/6683985/security/?sentry_key=223a0fdbcdce4e2aadda1caa22c16eab 1
font-src *.fontawesome.com *.accesstrade.in *.accesstrade.in.th https://static.klaviyo.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.accesstrade.in *.accesstrade.in.th https://*.2c2p.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.accesstrade.in *.accesstrade.in.th *.weltpixel.com https://vars.hotjar.com https://bid.g.doubleclick.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://i.ibb.co https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.th https://www.facebook.com https://www.google.com.vn *.cloudfront.net *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net *.hotjar.com https://www.google.com https://www.google.com.vn https://www.google.co.th https://googleads.g.doubleclick.net *.clarity.ms *.cardinalcommerce.com *.adobetm.com https://www.googleadservices.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.accesstrade.in *.accesstrade.in.th https://www.googletagmanager.com/ fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.accesstrade.in *.accesstrade.in.th *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://stats.g.doubleclick.net https://bam.nr-data.net https://in.hotjar.com https://www.facebook.com *.clarity.ms *.ap.stape.info ap.stape.info analytics.pangle-ads.com analytics-ipv6.tiktokw.us *.hotjar.io *.google.com *.google.co.th *.google.com.vn *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.hotjar.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.salesfire.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.hotjar.com *.klarna.com js.mollie.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.salesfire.co.uk *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.hotjar.com www.dpd.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com *.hotjar.com *.cloudflareinsights.com www.dpd.co.uk api.dpdgroup.co.uk *.klarna.com *.klarnacdn.net x.klarnacdn.net *.pcapredict.com services.postcodeanywhere.co.uk js.mollie.com *.trustpilot.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com www.dpd.co.uk services.postcodeanywhere.co.uk *.trustpilot.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.salesfire.co.uk *.typekit.net *.yotpo.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com widget.freshworks.com m2epro.freshdesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws *.cloudflareinsights.com www.dpd.co.uk api.dpdgroup.co.uk *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.pcapredict.com services.postcodeanywhere.co.uk *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.salesfire.co.uk *.smartmetrics.co.uk *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-s7pgbPPjzS-DPcStb-O4tA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.google.com *.braintreegateway.com *.paypal.com google.com * *.adyen.com *.klarna.com *.google.de *.doubleclick.net *.googlesyndication.com *.googletagservices.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com * https://images.unsplash.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.google-analytics.com analytics.google.com *.adyen.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.google.de *.googletagmanager.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com www.artplants.de bat.bing.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com widget.freshworks.com m2epro.freshdesk.com https://maps.googleapis.com *.avada.io *.shopify.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://www.google-analytics.com https://stats.artplants.de https://cdn.artplants.de https://cdn.cookie-script.com https://bat.bing.com www.google.de *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net *.klarnacdn.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * widget.freshworks.com m2epro.freshdesk.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io analytics.google.com *.adyen.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com stats.artplants.de bat.bing.com https://cdn.artplants.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bluewhaleresearch.com/ https://static.cloudflareinsights.com/ https://www.google.com/ https://www.gstatic.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://visitor.reactful.com/ https://scout-cdn.salesloft.com/ https://ml314.com/ https://js.zi-scripts.com/ https://cdn.metadata.io/ https://static.hotjar.com/ https://js.driftt.com/ https://script.hotjar.com https://bluewhaleresearch.com/46b119dd-5482-4cb3-bee3-fa3465598d50 https://kit.fontawesome.com/ https://bluewhaleresearch.com/wp-content/plugins/formidable-signature/js/frm.signature.min.js https://www.googleadservices.com/ https://tags.srv.stackadapt.com/ https://bluewhaleresearch.com/8726e6ea-dedb-4a95-8fac-e459e1ac38d5 *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://tags.srv.stackadapt.com/ *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://px.ads.linkedin.com/ https://www.google.co.in/ https://dpm.demdex.net/ https://match.adsrvr.org/ https://sync.crwdcntrl.net/ https://ps.eyeota.net/ https://ml314.com/ https://i.vimeocdn.com/ https://trc.taboola.com/ https://tags.bluekai.com/ https://ib.adnxs.com/ https://loadus.exelator.com/ https://googleads.g.doubleclick.net/ https://sync-tm.everesttech.net/ https://cms.analytics.yahoo.com/ https://ups.analytics.yahoo.com/ https://sync.srv.stackadapt.com/ https://idsync.rlcdn.com/ https://p.rfihub.com/ https://i.liadm.com/ https://pixel.tapad.com/ https://aax-eu.amazon-adsystem.com/ https://token.rubiconproject.com/ https://cm.mgid.com/ https://crb.kargo.com/ https://i.w55c.net/ https://api.retargetly.com/ https://qvdt3feo.com/ https://px4.ads.linkedin.com/ https://tags.srv.stackadapt.com/ secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://scout.salesloft.com/ https://api-gw.metadata.io/ https://visitor.reactful.com/ https://js.zi-scripts.com/ https://a.usbrowserspeed.com/ https://vc.hotjar.io/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://ws.zoominfo.com/ https://tracking.reactful.com/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/ https://ka-f.fontawesome.com/ https://bluewhaleresearch.com/ https://www.google.com/ https://tags.srv.stackadapt.com/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://yoast.com/ *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: https://bluewhaleresearch.com/ https://ka-f.fontawesome.com/ https://s0.wp.com/ data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://bluewhaleresearch.com/; media-src 'self' https://bluewhaleresearch.com/; frame-src 'self' https://www.google.com/ https://www.gstatic.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://i.liadm.com/ *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; report-uri https://bluewhaleresearch.com?gdsih-csp-report; 1
font-src *.tawk.to fonts.gstatic.com *.gstatic.com *.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://plumrocket.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ *.easypack24.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com *.tawk.to cdn.jsdelivr.net *.easypack24.net static.cloudflareinsights.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.easypack24.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.tawk.to wss://*.tawk.to *.googleapis.com *.easypack24.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.razorpay.com https://api.razorpay.com https://www.google.com https://www.gstatic.com https://apis.google.com https://accounts.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https: blob:; connect-src 'self' https://api.razorpay.com https://lumberjack.razorpay.com https://www.google-analytics.com https://accounts.google.com; frame-src 'self' https://api.razorpay.com https://checkout.razorpay.com https://accounts.google.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https://api.razorpay.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cytoplan.co.uk *.cloudfront.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors builder.io cdn.builder.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://static.addtoany.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.mollie.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.mollie.com store.paradoxlabs.com cdn.builder.io *.bing.com *.feefo.com *.cytoplan.co.uk *.livechat-files.com *.visualwebsiteoptimizer.com *.sharethis.com *.cloudfront.net *.trackedlink.net *.dycdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://static.addtoany.com/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.mollie.com cdn.builder.io *.livechatinc.com unpkg.com *.clarity.ms *.cytoplan.co.uk ipinfo.io *.google-analytics.com *.trackedweb.net *.feefo.com *.bing.com *.cookiefirst.com *.adroll.com *.visualwebsiteoptimizer.com *.cardinalcommerce.com *.adobe.net *.googletagmanager.com https://www.gstatic.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com cdn.jsdelivr.net/npm/@adobe *.paypal.com *.paypalobjects.com pay.google.com *.braintreegateway.com *.facebook.com *.facebook.net *.trackedlink.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com static.trackedweb.net *.webgains.io *.googlesyndication.com *.sharethis.com *.cloudfront.net *.tangoo.it *.ddlnk.net debug-tracking.dotdigital.internal *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net am.freshrelevance.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com register.feefo.com *.cytoplan.co.uk *.visualwebsiteoptimizer.com *.cloudfront.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://stats.addtoany.com/menu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.builder.io *.feefo.com *.cookiefirst.com *.demdex.net *.clarity.ms *.livechatinc.com *.visualwebsiteoptimizer.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sharethis.com *.googlesyndication.com *.cloudfront.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.dycdn.net am.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com r1.trackedweb.net collect.feefo.com *.cytoplan.co.uk x.clarity.ms secure.livechatinc.com commerce.adobe.io commerce.adobedc.net *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Rkyh_kma5mfewnEmewpbBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://*.svea.com https://*.vipps.no https://*.trustly.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.trustpilot.com tr.snapchat.com *.playground.klarna.com cdn.klarna.com www.google.com js.klarna.com youtube.com www.youtube.com *.cookiebot.com *.klarna.com *.kustom.co *.criteo.com *.hotjar.com *.doubleclick.net https://*.svea.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.clerk.io widget-mediator.zopim.com dev.visualwebsiteoptimizer.com static.lipscore.com widget.trustpilot.com invitejs.trustpilot.com eu-library.klarnaservices.com sleeknotecustomerscripts.sleeknote.com static.zdassets.com tr.snapchat.com sc-static.net *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.googletagmanager.com ssl.google-analytics.com www.google.com www.gstatic.com *.cookiebot.com *.googlesyndication.com s.sparmax.no googletagmanager.com *.lipscore.com frankanddick.dev s.kk-resources.com *.criteo.com *.criteo.net *.hotjar.com *.bing.com *.de17a.com *.facebook.net google-analytics.com *.adform.net *.sleeknote.com *.zdassets.com google.com gstatic.com *.trustpilot.com *.klarnaservices.com *.clarity.ms *.klarnacdn.net *.klarna.com *.kustom.co *.doubleclick.net *.sparmax.se *.sparmax.dk *.maxkjop.no *.skjaraard.no s.skjargaard.no partner.googleadservices.com www.tryggehandel.no *.zopim.com vjs.zencdn.net player.vimeo.com https://*.svea.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget-mediator.zopim.com wss://widget-mediator.zopim.com static.zdassets.com *.klarnauserservices.com *.klarnaservices.com wapi.lipscore.com *.zdassets.com sparmax.zendesk.com *.snapchat.com *.google.com *.google-analytics.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.hotjar.io *.playground.klarnaevt.com www.googletagmanager.com www.google-analytics.com *.cookiebot.com *.criteo.com vars.hotjar.com *.de17a.com *.trustpilot.com dnacdn.net *.getsentry.com s.sparmax.no tryggehandel.no google.com gtm.sparmax.no *.clarity.ms bat.bing.com google-analytics.com google.com/recaptcha *.klarnacdn.net *.doubleclick.net *.klarnaevt.com *.klarna.com *.kustom.co s.sparmax.se s.sparmax.dk s.maxkjop.no *.skjaraard.no s.skjargaard.no www.facebook.com/tr *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.sparmax.no/ static.lipscore.com x.klarnacdn.net fonts.gstatic.com *.fontawesome.com fonts.gstatic.com/s s.sparmax.no s.sparmax.dk s.sparmax.se s.maxkjop.no s.skjargaard.no *.zopim.com data: *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; style-src https://pim.sparmax.no/ getfirebug.com sparmax.wpcloud.trollweb.no x.klarnacdn.net static.lipscore.com tagmanager.google.com fonts.googleapis.com https://*.sparmax.no *.trollweb.no *.lipscore.com *.klarnacdn.net https://*.sparmax.se https://*.sparmax.dk https://*.maxkjop.no https://*.skjargaard.no unsafe-inline vjs.zencdn.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; img-src https://pim.sparmax.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.clerk.io x.klarnacdn.net sparmax.wpcloud.trollweb.no tr.snapchat.com *.google.com *.google.pl *.google.no cdn.klarna.com *.playground.klarnaevt.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com *.cookiebot.com s.sparmax.no www.tryggehandel.no *.trollweb.no google-analytics.com dev.visualwebsiteoptimizer.com google.com/ads www.facebook.com *.bing.com *.criteo.com *.criteo.net *.zdassets.com *.clarity.ms *.doubleclick.net raw.githubusercontent.com/vippsas *.sparmax.se *.sparmax.dk *.maxkjop.no *.skjaraard.no s.skjargaard.no googleadservices.com v2assets.zopim.io www.google.no/ads www.google.se/ads www.google.dk/ads www.google.fr/ads www.google.co.uk/ads www.google.uk/ads www.google.com/ads www.google.de/ads www.google.pl/ads www.google.lt/ads www.google.es/ads www.google.lv/ads www.google.ee/ads www.google.th/ads www.google.no/pagead www.google.se/pagead www.google.dk/pagead www.google.fr/pagead www.google.co.uk/pagead www.google.uk/pagead www.google.com/pagead www.google.de/pagead www.google.pl/pagead www.google.lt/pagead www.google.es/pagead www.google.lv/pagead www.google.ee/pagead www.google.th/pagead gtm.sparmax.no *.klarnaevt.com https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src 'self'; connect-src 'self' sicoob.com.br *.sicoob.com.br google.com *.google.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com clarity.ms *.clarity.ms; default-src 'self' sicoob.com.br *.sicoob.com.br; font-src 'self'; frame-src 'self'; media-src 'self'; script-src 'self' sicoob.com.br *.sicoob.com.br google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com google.com *.google.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=hpjfK7Ek.6L6znpaJItrYYEGKXmWf789a1hA06DBwVA-1773712285-1.0.1.1-AEp5aDfQTStC5BW88e1ozOblu8XCOAARZ0TfJ9iUKTOgFtPASRNcxvLresRRFzROU85bRn_oGTGVOWNRpmmodrswETUDNmcQgookehG2ifh1kbSkgcksR806mxL_QFNCPBZ9Dp8zm4fTg.FDcC9sePvJbmuzLVksItxyP8qlstuerhaWXkm_u.MTSjqKqiI.VJpFb9bcaC8W.KB4imgbhw; report-to cf-lvcuohaosvorosdt 1
default-src 'self'; frame-src 'self'  https://*.aprium-pharmacie.fr https://aprium-pharmacie.fr https://*.wlp-acs.com https://*.modirum.com https://*.netcetera.com https://*.cardinalcommerce.com https://*.emv3ds.com https://3ds-challenge.n26.com https://challenges.cloudflare.com https://www.googletagmanager.com https://payment.payline.com https://payment.cdn.payline.com  https://3ds-acs.staging.modirum.com https://www.google.com https://www.gstatic.com https://bpcepaymentservices-3ds-vdm.wlp-acs.com; connect-src 'self' https://eu01.rec.mouseflow.com https://fonts.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cache.consentframework.com https://pagead2.googlesyndication.com https://www.google.fr https://www.googleadservices.com https://www.google.com wss://ws-eu.pusher.com https://region1.google-analytics.com  https://cdnjs.cloudflare.com https://unpkg.com https://payment.payline.com https://sockjs-eu.pusher.com  https://widget.mondialrelay.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://event.analytics-helper.com https://maps.googleapis.com https://api.consentframework.com ; worker-src 'self' blob:;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net https://challenges.cloudflare.com https://mc.us13.list-manage.com https://downloads.mailchimp.com https://chimpstatic.com https://static.cloudflareinsights.com https://rscdn.storetail.net https://widget.mondialrelay.com https://js.pusher.com https://unpkg.com https://payment.payline.com https://payment.cdn.payline.com https://www.google.com https://stats.pusher.com https://www.gstatic.com https://cdn.mouseflow.com https://www.google-analytics.com https://www.googletagmanager.com   https://cache.consentframework.com https://tag.analytics-helper.com https://choices.consentframework.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maps.googleapis.com https://code.jquery.com https://ajax.googleapis.com;  style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.datatables.net https://code.ionicframework.com https://downloads.mailchimp.com https://*.aprium-pharmacie.fr https://aprium-pharmacie.fr https://widget.mondialrelay.com https://maxcdn.bootstrapcdn.com https://payment.payline.com https://payment.cdn.payline.com https://cdnjs.cloudflare.com  https://fonts.googleapis.com https://unpkg.com https://code.jquery.com https://cache.consentframework.com ; img-src 'self' https://cdn.datatables.net https://mcusercontent.com https://pagead2.googlesyndication.com https://cdn-images.mailchimp.com https://payment.payline.com https://googleads.g.doubleclick.net https://trusted-image-source.com data: https://*.aprium-pharmacie.fr https://aprium-pharmacie.fr https://www.mondialrelay.com https://maps.googleapis.com  https://widget.mondialrelay.com https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://b.tile.openstreetmap.org https://www.googletagmanager.com https://maps.gstatic.com  https://www.google.fr https://payment.cdn.payline.com; object-src 'none'; font-src 'self' https://cdn.jsdelivr.net https://code.ionicframework.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: https://*.aprium-pharmacie.fr https://aprium-pharmacie.fr https://payment.cdn.payline.com https://payment.payline.com; 1
style-src 'self' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com 'unsafe-inline';frame-src 'self' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;worker-src 'self' blob: admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;connect-src 'self' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;object-src 'self' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;manifest-src 'self' admin.nuwebgroup.com hub.nuwebgroup.com assets.nuwebgroup.com nextgen-prod-a.s3.eu-west-1.amazonaws.com fw-cdn.com/11211636/ snap.licdn.com/li.lms-analytics/insight.min.js scripts.simpleanalyticscdn.com/latest.js *.getkoala.com s3-us-west-2.amazonaws.com/b2bjsstore/b/ *.vector.co cdn.heapanalytics.com/js/heap-1342847507.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/container_uGM8ZZG6.js onsite.optimonk.com/script.js cdn.matomo.cloud/nuwebgroup.matomo.cloud/matomo.js nuwebgroup.matomo.cloud pro.ip-api.com/json/ *.googleapis.com *.gstatic.com *.google.com google.com *.google-analytics.com *.cloudflareinsights.com cloudflareinsights.com *.cloudflare.com *.googletagmanager.com *.mixpanel.com connect.facebook.net www.facebook.com/tr/ *.fbcdn.net pixel.byspotify.com pixels.spotify.com analytics.tiktok.com static.ads-twitter.com *.birdie.so cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdn.tailwindcss.com goselljslib.b-cdn.net *.tap.company *.oppwa.com oppwa.com *.iovation.com/snare.js *.iesnare.com *.arcot.com *.klarnacdn.net/kp/lib/v1/api.js *.affirm.com/js/v2/affirm.js *.payments-amazon.com/checkout.js *.oney.io/build/loader.min.js *.afterpay.com/afterpay.js *.mastercard.com d.ratepay.com/*/di.js d3rpjm0wf8u2co.cloudfront.net/static/rkfl.js d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js checkout-sdk.sezzle.com/checkout.min.js yookassa.ru/checkout-widget/v1/checkout-widget.js applepay.cdn-apple.com/jsapi/v1.1.0/apple-pay-sdk.js cdn10.ebuckler.com/ebuckler.widget.js stats.ebuckler.com/js/ebuckler.widget.js *.masterpass.com/lightbox/Switch/integration/MasterPass.client.js *.stripe.com *.adyen.com *.authorize.net *.razorpay.com *.netpay.mx *.online-metrix.net *.netpaydev.com *.netpay.com.mx *.cardinalcommerce.com *.ccdc02.com/cardinalcruise/ *.safecharge.com *.onvopay.com *.paypal.com *.braintreegateway.com *.paypalobjects.com *.paytabs.com *.ryftpay.com my.emerchantpay.com *.3dsecure.io *.sumup.com cdn.optimizely.com *.protectgroup.com *.vimeocdn.com *.vimeo.com vimeo.com *.youtube.com *.3ddvapis.com *.clarity.ms *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.bing.net *.zoho.eu *.zohocdn.com *.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.co.uk/ads www.google.hu/ads www.google.rs/ads www.google.ru/ads www.google.mx/ads *.optimonk.com *.crazyegg.com *.linkedin.com *.licdn.com open.spotify.com;default-src * data: blob: 'unsafe-eval' 'unsafe-inline';report-uri https://nuwebgroup.report-uri.com/r/d/csp/reportOnly; 1
default-src *.cerifi.com 'unsafe-inline' 'self' code.jquery.com *.bootstrapcdn.com;     media-src *.cerifi.com 'unsafe-inline' 'self' *.kaltura.com blob: cerifi.widen.net;     script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: js.zi-scripts.com *.bootstrapcdn.com *.googleadservices.com cloud.scorm.com *.cloud.scorm.com *.googleapis.com *.kaltura.com use.fontawesome.com *.cerifi.com js.driftt.com snap.licdn.com www.google.com r.bing.com *.clarity.ms connect.facebook.net www.facebook.com *.doubleclick.net *.jquery.com cdnjs.cloudflare.com cdn.callrail.com bat.bing.com www.googletagmanager.com www.google-analytics.com js.stripe.com pixel-config.reddit.com www.redditstatic.com cdn.tiny.cloud cdn.jsdelivr.net www.gstatic.com cdn.cookielaw.org *.vidyard.com serverapi.arcgisonline.com;     connect-src 'self' *.cerifi.io *.doubleclick.net *.kaltura.com js.zi-scripts.com js.callrail.com cloud.scorm.com *.cloud.scorm.com *.clarity.ms js.driftt.com pixel-config.reddit.com www.redditstatic.com www.google-analytics.com *.bootstrapcdn.com cdn.tiny.cloud *.cerificpedge.com checkpointlearning.com code.jquery.com cdnjs.cloudflare.com cdn.cookielaw.org bat.bing.com www.googletagmanager.com *.cerifi.com *.googleadservices.com analytics.google.com *.googleapis.com use.fontawesome.com www.google.com r.bing.com connect.facebook.net px.ads.linkedin.com www.facebook.com cdn.linkedin.oribi.io cdn.jsdelivr.net;     frame-src *.kaltura.com *.doubleclick.net cloud.scorm.com *.cloud.scorm.com *.clarity.ms www.googletagmanager.com   *.cerifi.com js.stripe.com www.google.com cdn.tiny.cloud *.vidyard.com js.driftt.com alb.reddit.com;     frame-ancestors 'self' *.cerificpedge.com *.cerifi.io;     img-src * data: blob:;     style-src 'unsafe-inline' 'self' cdn.jsdelivr.net *.bootstrapcdn.com cdnjs.cloudflare.com fonts.cdnfonts.com code.jquery.com cdn.tiny.cloud fonts.googleapis.com;     font-src 'self' fonts.gstatic.com *.kaltura.com fonts.cdnfonts.com;     report-uri https://CeriFiCPEdge.com/ContentSecurityPolicy/CSPreports 1
object-src 'none';base-uri 'self';script-src 'nonce---vj_CRocaFmwbFAjIhVzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.psigate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.trustpilot.com *.meetanshi.com meetanshi.com api.razorpay.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.meetanshi.com meetanshi.com cdn.razorpay.com https://cdnjs.cloudflare.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.trustpilot.com *.cloudflareinsights.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com player.vimeo.com *.meetanshi.com meetanshi.com checkout.razorpay.com http://cdnjs.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://cdnjs.cloudflare.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.meetanshi.com meetanshi.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com tfhub.dev storage.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lqeGuf3j7GbK8YywQTHXag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Fcon7kG71u6iQdmjmUDFyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net acsbapp.com c.zmags.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cort.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net cort.demdex.net *.appdynamics.com *.zma.gs www.youtube.com *.opendns.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net cdn.acsbapp.com smetrics.cortevents.com *.linkedin.com *.cookielaw.org *.amazonaws.com blob: *.zmags.com *.doubleclick.net cdn.cort.com cdn.cortevents.com c.zmags.com magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net acsbapp.com *.acsbapp.com *.usabilla.com *.cookielaw.org *.licdn.com *.appdynamics.com *.gbqofs.com *.zma.gs consent.trustarc.com c.zmags.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.amazonaws.com *.zma.gs *.typekit.net c.zmags.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cortevents.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io acsbapp.com *.acsbapp.com *.cookielaw.org optanon.blob.core.windows.net *.linkedin.oribi.io *.doubleclick.net *.eum-appdynamics.com smetrics.cortevents.com *.ads.linkedin.com *.onetrust.com *.gbss.io *.zma.gs c.zmags.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.cloudfront.net 'self' 'unsafe-inline'; 1
frame-ancestors *.certcapture.com *.storyblok.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://sis.redsys.es/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; media-src https://www.germainedecapuccini.es *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; connect-src https://www.google.com https://region1.analytics.google.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://capi.gdc.us/events https://cdn.equalweb.com https://access.equalweb.com https://europe-west3-iktracker-397307.cloudfunctions.net https://www.googletagmanager.com https://capi.germainedecapuccini.es https://ev.st.adsmurai.com/ www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://maps.googleapis.com https://player.vimeo.com *.doofinder.com wss://*.doofinder.com yotpo.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com swellrewards.com *.swellrewards.com www.googletagmanager.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; frame-src https://13128304.fls.doubleclick.net/ https://td.doubleclick.net https://www.googletagmanager.com/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.certcapture.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com www.googletagmanager.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; font-src https://static.klaviyo.com https://static-es.germainedecapuccini.es https://germaine-de-capuccini.co.uk *.yotpo.com *.googleapis.com *.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; script-src https://maps.googleapis.com https://cdn.equalweb.com https://analytics.tiktok.com https://access.equalweb.com https://storage.googleapis.com https://cdn-st.adsmurai.com/ https://cdn.jsdelivr.net/ www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com cdn.doofinder.com yotpo.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com swellrewards.com *.swellrewards.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://d3k81ch9hvuctc.cloudfront.net https://ad.doubleclick.net https://ade.googlesyndication.com https://germaine-de-capuccini.ui.smartie.io https://www.germainedecapuccini.es widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com https://images.unsplash.com cdn.doofinder.com yotpo.com maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com swellrewards.com *.swellrewards.com www.googletagmanager.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; style-src https://fonts.googleapis.com https://access.equalweb.com *.certcapture.com *.doofinder.com yotpo.com *.googleapis.com https://static.klaviyo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl magefan.com cm.magefan.com https://firebasestorage.googleapis.com flagpedia.net *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://c97c1b241b594942849988d44e342057.js.ubembed.com https://assets.ubembed.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.mouseflow.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.shopify.com *.gstatic.com maps.googleapis.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com https://dashboard.webwinkelkeur.nl/sidebar.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://stats.g.doubleclick.net https://*.ingest.sentry.io https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.multisafepay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.avada.io maps.googleapis.com js.mollie.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.google.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com www.facebook.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com data: https://www.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.de *.usercentrics.eu *.bing.com *.bing.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://maps.googleapis.com https://player.vimeo.com *.disqus.com *.usercentrics.eu https://*.google.com https://*.gstatic.com *.bing.com *.bing.net https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://maps.googleapis.com https://player.vimeo.com *.usercentrics.eu *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.bing.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com maxcdn.bootstrapcdn.com data: *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustedshops.com *.instagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.klaviyo.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ checkout.stripe.com assets.braintreegateway.com *.affirm.com *.affirm.ca facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com landofcoder.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.cdninstagram.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.stripe.com assets.braintreegateway.com *.affirm.com *.affirm.ca *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com landofcoder.com maps.googleapis.com chart.googleapis.com *.disqus.com *.avada.io js.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com checkout.stripe.com assets.braintreegateway.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com widget.freshworks.com m2epro.freshdesk.com landofcoder.com maps.googleapis.com chart.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://js.stripe.com https://connect.facebook.net https://cl.avis-verifies.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://cl.avis-verifies.com https://maps.googleapis.com https://maps.gstatic.com; connect-src 'self' data: https://www.google-analytics.com https://www.paypal.com https://securepayments.paypal.com https://maps.googleapis.com https://www.gstatic.com/; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/; frame-src 'self' https://www.paypal.com https://securepayments.paypal.com https://cl.avis-verifies.com https://payment-webinit.mercanet.bnpparibas.net https://payment-web.mercanet.bnpparibas.net; object-src 'none'; media-src 'self'; form-action 'self' https://www.paypal.com https://securepayments.paypal.com https://payment-webinit.mercanet.bnpparibas.net/; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com 'self' data: *.doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com trudon-prod.b-cdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.com/ *.doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.facebook.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.youtube.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com 'self' data: *.google.com *.google.fr *.facebook.com *.facebook.net *.doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.googletagmanager.com *.googlesyndication.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com maps.gstatic.com trudon-prod.b-cdn.net *.adobedtm.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.googleapis.com *.gstatic.com *.google.com/ *.google.fr *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.google-analytics.com *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com https://cdnjs.cloudflare.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com trudon-prod.b-cdn.net www.youtube.com player.vimeo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.googleapis.com .doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.stripe.network *.stripecdn.com *.amazon.com trudon-prod.b-cdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net stats.g.doubleclick.net sgtm.trudon.com *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com trudon-prod.b-cdn.net cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b0a24144-3357-4f12-b5c2-c9c89923ac50.sansec.watch/; report-to report-endpoint; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-f5205243-04a2-4dda-97ea-baea8b9d9da3' https://consentcdn.cookiebot.com https://analyticsext.trafikverket.se; style-src 'self' 'unsafe-inline' ; img-src 'self' https: data: blob: ; connect-src 'self' https://analyticsext.trafikverket.se https://api.trafikinfo.trafikverket.se https://consentcdn.cookiebot.com https://ext-api.vasttrafik.se; frame-src 'self' https://consentcdn.cookiebot.com;  report-uri https://trafiken.nu/api/reporting/;  report-to csp-endpoint;  1
font-src *.fontawesome.com *.gstatic.com 'self' data: https://static.payzen.eu/static/ fonts.googleapis.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://app.goodays.co https://metrics.flunch-traiteur.fr https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://api.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://googleads.g.doubleclick.net https://*.outbrain.com https://*.contentsquare.net https://app.contentsquare.com https://online.flippingbook.com https://k-eu1.az.contentsquare.net https://*.elfsight.com https://jeu.flunch.fr https://applepay.cdn-apple.com/ https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ *.google.com maps.google.com maps.googleapis.com critizr.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.google.com/ * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com https://bat.bing.com https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://px.ads.linkedin.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://api.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://googleads.g.doubleclick.net https://*.outbrain.com https://*.contentsquare.net https://app.contentsquare.com https://online.flippingbook.com https://k-eu1.az.contentsquare.net https://*.elfsight.com https://jeu.flunch.fr https://applepay.cdn-apple.com/ consent.valiuz.com 'self' data: https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ *.google.com *.mageside.com mageside.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.tile.openstreetmap.org b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com appsdev.agapes.fr *.agapes.fr blob: *.disqus.com https://img.youtube.com https://www.magezon.com www.sandbox.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://partner.flunch-traiteur.fr https://events.sk.ht/flunchtraiteur https://events.sk.ht/flunchtraiteur/lib.js https://bat.bing.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://www.facebook.com https://api2.abtasty.com https://api.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://googleads.g.doubleclick.net https://*.outbrain.com https://*.contentsquare.net https://app.contentsquare.com https://online.flippingbook.com https://k-eu1.az.contentsquare.net https://*.elfsight.com https://*.elfsightcdn.com https://jeu.flunch.fr https://cdn.goodays.co/sdk/ https://applepay.cdn-apple.com consent.valiuz.com *.google.com/ *.gstatic.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.google.com maps.googleapis.com maps.google.com static.axept.io static.critizr.com secure.authorize.net test.authorize.net js.braintreegateway.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud *.disqus.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://cdn.goodays.co https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://api.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://googleads.g.doubleclick.net https://*.outbrain.com https://*.contentsquare.net https://app.contentsquare.com https://online.flippingbook.com https://k-eu1.az.contentsquare.net https://*.elfsight.com https://jeu.flunch.fr https://applepay.cdn-apple.com unsafe-inline *.googleapis.com *.gstatic.com https://static.payzen.eu/static/ static.critizr.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://api.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://googleads.g.doubleclick.net https://*.outbrain.com https://*.contentsquare.net https://app.contentsquare.com https://online.flippingbook.com https://k-eu1.az.contentsquare.net https://*.elfsight.com https://jeu.flunch.fr https://applepay.cdn-apple.com consent.valiuz.com google-analytics.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ maps.googleapis.com maps.google.com client.axept.io ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdn.riverty.design/ *.tawk.to fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action uc8.tv *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ td.doubleclick.net https://*.dpdconnect.nl *.tawk.to *.weltpixel.com *.addthis.com *.multisafepay.com https://pay.google.com plausible.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ www.weidswonenenslapen.nl www.google.nl www.facebook.com region1.analytics.google.com https://images.unsplash.com *.tawk.to cdn.jsdelivr.net magefan.com cm.magefan.com *.gstatic.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ analytics.amitix.nl static.hotjar.com script.hotjar.com widget.trustpilot.com platform.getqonfi.com ct.beslist.nl connect.facebook.net https://*.dpdconnect.nl *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.multisafepay.com https://pay.google.com https://cdnjs.cloudflare.com plausible.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.tawk.to fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com https://cdn.jsdelivr.net *.fontawesome.com *.multisafepay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ analytics.amitix.nl www.google.com googleads.g.doubleclick.net region1.analytics.google.com ct.beslist.nl *.tawk.to wss://*.tawk.to https://www.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com plausible.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-u-c1NVf1Too5IR6c_gZvLA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com dhv2ziothpgrr.cloudfront.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com *.finelinens.com https://www.facebook.com *.affirm.com www.finelinens.com admin.finelinens.com *.lltrck.com https://www.google.pl https://redchamps.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ dhv2ziothpgrr.cloudfront.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com https://tags.tiqcdn.com https://s7.addthis.com https://static.zdassets.com https://connect.facebook.net https://cdnjs.cloudflare.com/ *.hotjar.com *.attn.tv *.attentivemobile.com *.hotjar.io *.cloudflareinsights.com www.finelinens.com admin.finelinens.com *.lltrck.com https://ai-search-portal.gscadmin.com *.termly.io  https://staticw2.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.certcapture.com https://www.googletagmanager.com https://static.klaviyo.com dhv2ziothpgrr.cloudfront.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com www.finelinens.com admin.finelinens.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://region1.google-analytics.com https://finelinens.zendesk.com *.attn.tv *.attentivemobile.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com https://dp70uvwpivouv.cloudfront.net www.finelinens.com admin.finelinens.com https://ai-search-portal.gscadmin.com *.termly.io *.googlesyndication.com  https://staticw2.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.tawk.to *.onglesdor.com onglesdor.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.facebook.net *.tawk.to *.onglesdor.com onglesdor.com 'self' 'unsafe-inline'; frame-ancestors https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ landofcoder.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com https://*.moneris.com/ *.addthis.com *.tawk.to *.sezzle.com *.doubleclick.net *.pinterest.com checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com camo.githubusercontent.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com *.onglesdor.com onglesdor.com cdn.jsdelivr.net *.google.ca *.google.co.th *.sezzle.com *.cloudfront.net *.githubusercontent.com media.sezzle.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net https://*.moneris.com/ *.avada.io *.shopify.com 'unsafe-inline' *.tawk.to *.agilecrm.com *.tiktok.com *.sezzle.com *.amazonaws.com cdn.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.onglesdor.com onglesdor.com *.instagram.com *.pinimg.com *.pinterest.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com https://*.moneris.com/ *.fontawesome.com https://fonts.bunny.net cdn.jsdelivr.net *.sezzle.com *.tawk.to *.onglesdor.com onglesdor.com *.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io *.tawk.to wss://*.tawk.to *.addthis.com *.tiktok.com *.sezzle.com *.onglesdor.com onglesdor.com *.pinterest.com places.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.tawk.to 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.com.br/api/csp-report; report-to csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://geowidget.easypack24.net *.inpost.pl https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com https://td.doubleclick.net secure.payu.com merch-prod.snd.payu.com pay.google.com apm.przelewy24.pl https://static.addtoany.com https://pudofinder.dpd.com.pl *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://ct.pinterest.com https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://smart-widget-assets.ekomiapps.de https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.inpost.pl c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com *.hsforms.net *.hsforms.com static.payu.com magefan.com cm.magefan.com *.disqus.com static.przelewy24.pl www.gstatic.com gstatic.com https://widget-v2.smartsuppcdn.com https://files.smartsuppcdn.com https://files.smartsupp.com https://twemoji.maxcdn.com https://www.google.com https://www.google.pl https://googleads.g.doubleclick.net https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net *.openstreetmap.org https://c.clarity.ms https://pixel.wp.pl https://lantern.roeye.com https://smart-widget-assets.ekomiapps.de https://sw-assets.ekomiapps.de https://ekomi-srr.s3.eu-central-1.amazonaws.com https://zaufane.pl https://imgsct.cookiebot.com *.easypack24.net *.inpost.pl *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.hsforms.net *.hsforms.com secure.payu.com secure.snd.payu.com *.disqus.com cdn.jsdelivr.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl https://www.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://www.rzetelnyregulamin.pl https://googleads.g.doubleclick.net https://static.addtoany.com https://www.orlenpaczka.pl https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net https://www.clarity.ms https://pixel.wp.pl https://smart-widget-assets.ekomiapps.de https://lantern.roeyecdn.com https://s.pinimg.com https://ct.pinterest.com https://consentcdn.cookiebot.com https://sw-assets.ekomiapps.de https://consent.cookiebot.com analytics.tiktok.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com cdn.jsdelivr.net https://www.rzetelnyregulamin.pl https://cdnjs.cloudflare.com https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://geowidget.inpost.pl *.inpost.pl https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.inpost.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.wepowerconnections.com https://the.sciencebehindecommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com secure.payu.com merch-prod.snd.payu.com http://dpm.demdex.net sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com https://bootstrap.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://ruch-osm.sysadvisors.pl https://api-pl-points.easypack24.net https://o.clarity.ms https://pixel.wp.pl https://vc-service.saleago.com https://ct.pinterest.com https://smart-widget-assets.ekomiapps.de https://consentcdn.cookiebot.com https://sentry.advox.pl/api sw-assets.ekomiapps.de pagead2.googlesyndication.com analytics.tiktok.com server-side-tagging-ggil7flztq-uc.a.run.app *.easypack24.net *.inpost.pl *.openstreetmap.org *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com ws: 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' keio.okta.com *.oktacdn.com; connect-src 'self' keio.okta.com keio-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com keio.kerberos.okta.com keio.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-X2ygjdZr8W6waQ-aibnqRg' 'unsafe-eval' 'self' 'report-sample' keio.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-X2ygjdZr8W6waQ-aibnqRg' 'self' 'report-sample' keio.okta.com *.oktacdn.com; frame-src 'self' keio.okta.com keio-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' keio.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' keio.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' wchat.freshchat.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com sg1.wzrkt.com connect.facebook.net snap.licdn.com www.googleadservices.com static.clevertap.com script.accesstrade.global d2r1yp2w7bby2u.cloudfront.net app.sandbox.midtrans.com app.midtrans.com js.xendit.co js.stripe.com analytics.tiktok.com www.recaptcha.net www.gstatic.com; report-uri https://o1085556.ingest.sentry.io/api/6096424/security/?sentry_key=f1c3fa347b7849b698e3f72e96c9872e 1
child-src ; connect-src 'self' analytics.google.com analytics.tiktok.com app.gleen.ai *.bellhop.com *.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bat.bing.com bellhop.extole.io *.clarity.ms *.fullstory.com cdn.segment.com ct.pinterest.com *.growthbook.io *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net *.shop.pe stats.g.doubleclick.net www.google-analytics.com *.taboola.com *.zdassets.com bellhop.zendesk.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net td.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src app.gleen.ai; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com addshoppers.s3.amazonaws.com ads.nextdoor.com analytics.tiktok.com app.gleen.ai bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com *.taboola.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.zdassets.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 1
object-src 'none';base-uri 'self';script-src 'nonce-qffbEkOKC2FzCaSj2yei6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-Rjnje+K1spXBmWI6cvKrjw=='; report-uri https://send.hsbrowserreports.com/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-rIdkLdq_wR1QSjFryd8hRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' d1qmrxg9gbf226.cloudfront.net *.klaviyo.com cdn.qantasloyalty.com api-accent.bloomreach.co api.smooch.io mpsnare.iesnare.com/snare.js mpsnare.iesnare.com/script/logo.js applepay.cdn-apple.com *.googleadservices.com assets.braintreegateway.com/web *.bazaarvoice.com *.doubleclick.net storage.googleapis.com/workbox-cdn www.google.com/recaptcha www.gstatic.com/recaptcha *.squarecdn.com cfjump.drmartens.com.au cfjump.drmartens.co.nz *.fullstory.com www.googletagmanager.com analytics.tiktok.com cdn.unidays.world *.truefitcorp.com www.paypalobjects.com/api/checkout.min.js *.klaviyo.com t.cfjump.com *.zdassets.com connect.facebook.net maps.googleapis.com dma-cdn.staging.truefitcorp.com/fitrec/dma/js/tracker.js js-agent.newrelic.com js.datadome.co ct.captcha-delivery.com *.adobedtm.com *.afterpay.com *.demdex.net *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.useinsider.com *.roymorgan.com *.adobemc.com ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js js-sandbox.squarecdn.com s.pinimg.com lantern.roeyecdn.com ct.pinterest.com js.squarecdn.com *.stg.qantasloyalty.com/appcache/wid-redemptions-button/master/ ; style-src 'self' 'unsafe-inline' *.klaviyo.com/onsite/ display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com/font-awesome *.typekit.net fonts.googleapis.com assets.braintreegateway.com assets.braintreegateway.com/web/dropin/1.16.0/css/dropin.css *.adobetm.com foursixty.com *.adobemc.com static.klaviyo.com/onsite/js static-tracking.klaviyo.com/onsite/js assets.api.useinsider.com/css ; img-src data: 'self' api-accent.bloomreach.co *.zendesk.com dpm.demdex.net www.googleadservices.com/ccm www.magentocommerce.com/products/media *.drmartens.co.nz *.drmartens.com.au cm.everesttech.net/cm/dd googleads.g.doubleclick.net ad.doubleclick.net www.google.com/ccm www.paypalobjects.com www.google.com www.google.com.au www.google.co.nz www.google.com.vn maps.gstatic.com/mapfiles scontent.cdninstagram.com *.afterpay.com *.accentgra.com www.googletagmanager.com www.facebook.com *.bazaarvoice.com t.paypal.com duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d3nocrch4qti4v.cloudfront.net *.google-analytics.com *.pinterest.com *.tiktok.com *.useinsider.com maps.googleapis.com/maps developers.google.com *.zopim.io *.zdassets.com adservice.google.com www.drmartens.com lantern.roeye.com ; object-src 'none' ; base-uri 'self' ; child-src 'self' blob: ; connect-src 'self' gateway.stg.qantasloyalty.com gateway.qantasloyalty.com api-accent.bloomreach.co analytics.google.com/g/collect iq.afterpay.com/us/v1 iq.afterpay-beta.com/us/v1 *.my.sentry.io wss://api.smooch.io *.accentgra.com www.facebook.com/tr google.com www.google.com collect-ap2.attraqt.io smetrics.drmartens.co.nz *.fullstory.com *.klaviyo.com smetrics.drmartens.com.au api-js.datadome.co *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.forter.com *.foursixty.com google.com/ccm www.google.com/ccm *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com facebook.com *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io vimeo.com wss://widget-mediator.zopim.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net wss://cdn0.forter.com *.useinsider.com api.myunidays.com opreq.observepoint.com ct.pinterest.com stats.g.doubleclick.net/g/collect *.stg.qantasloyalty.com/redemptions/ ; font-src data: 'self' maxcdn.bootstrapcdn.com/font-awesome fonts.gstatic.com *.truefitcorp.com *.useinsider.com static.klaviyo.com use.typekit.net ; frame-src 'self' checkout.qantas.com api-accent.bloomreach.co www.googletagmanager.com geo.captcha-delivery.com *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com www.google.com vimeo.com ct.pinterest.com  *.qlstg.qantas.com/ ; worker-src 'self' blob: *.accentgra.com *.drmartens.co.nz *.drmartens.com.au; 1
img-src 'self' data: https://secure.gravatar.com  https://i0.wp.com  https://pixel.wp.com  https://en.wordpress.com  https://www.gstatic.com  https://www.google.com  https://fonts.gstatic.com  https://translate.googleapis.com  https://translate.google.com  blob:  https://ps.w.org  https://kriesi.at  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://maps.googleapis.com  https://stats.wp.com  https://s0.wp.com  https://widgets.wp.com  https://connect.facebook.net  https://me.kis.v2.scr.kaspersky-labs.com  https://translate.googleapis.com  https://translate.google.com  https://translate-pa.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com  https://stats.wp.com  https://s0.wp.com  https://widgets.wp.com  https://connect.facebook.net  https://me.kis.v2.scr.kaspersky-labs.com  https://translate.googleapis.com  https://translate.google.com  https://translate-pa.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://abfc-extension.com ; style-src 'self' 'unsafe-inline' https://s0.wp.com  https://fonts.googleapis.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://s0.wp.com  https://fonts.googleapis.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com ; connect-src 'self' https://maps.googleapis.com  https://i0.wp.com  wss://me.kis.v2.scr.kaspersky-labs.com  https://translate.googleapis.com  https://translate-pa.googleapis.com  wss://view-localhost  data:  https://gc.kis.v2.scr.kaspersky-labs.com  https://infragrid.v.network  wss://ff.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://widgets.wp.com;  frame-src 'self' https://widgets.wp.com  https://wordpress.com;  font-src 'self' data:  https://s0.wp.com  https://fonts.gstatic.com  https://s1.wp.com  chrome-extension;  media-src 'self' data:  https://asset.storyscale.com;  worker-src 'self' blob:;  report-uri https://www.tronikdsign.de/index.php?rest_route=/rsssl/v1/csp&rsssl_apitoken=419492290; 1
report-uri /-/csp_report?report_only=true&source=webapp-no-object-src; script-src 'nonce-dsg978hhuvdwbp9p0oob1d8jk' 'nonce-rvhhfk2oq2dv1prnse45ygy2g' 'self' https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'unsafe-inline' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d1dg3ns82tdjz3.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://recordwidget.vimeocdn.com https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://prod-me1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-ancestors 'self' https://teams.integrations.asana.plus https://teams-beta.integrations.asana.plus https://teams-uat.integrations.asana.plus https://teams.microsoft.com https://teams.cloud.microsoft; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://*.dovetail.com https://*.tableau.com https://airtable.com https://*.mural.co https://help.asana.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://recordwidget.vimeocdn.com https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://prod-me1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form.asana-gov.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com https://*.qualtrics.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'none'; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-IkCUwL9COLfbN5mLkt7s' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src 'self';         img-src * data:;         font-src * data:;         style-src 'self' 'unsafe-inline' https:;         script-src 'self' 'unsafe-inline' https:;         frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.entertix.ro;         frame-ancestors 'self';         connect-src 'self' https:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-96abe17d749145ddb6f382274b360ebc' https://www.mybmgchart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.mybmgchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
img-src https://higherlogicdownload.s3.amazonaws.com/PROJETECH/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PROJETECH/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/PROJETECH/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PROJETECH/ https://higherlogicdownload.s3.amazonaws.com/PROJETECH/ https://higherlogiclongterm.s3.amazonaws.com/PROJETECH/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/PROJETECH/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PROJETECH/ 'self' https://higherlogiclongterm.s3.amazonaws.com/PROJETECH/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/PROJETECH/ https://higherlogicdownload.s3.amazonaws.com/PROJETECH/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PROJETECH/ https://higherlogicstream.s3.amazonaws.com/PROJETECH/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/PROJETECH/ https://higherlogicdownload.s3.amazonaws.com/PROJETECH/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PROJETECH/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PYHVsO4T7IhzZmIyPllA8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=J3izZs3P0o6yfVe5mKf1PXPm8u3oDWKKAjJLfCr1tSE-1773716947.2585018-1.0.1.1-jI3GaSoA3r.2IkdZsd_qNGzY4uImBeCES73528ijyVYkbaBjJWGFZHkYqfhvqtEi55U2kaqyyTL0xTyNgEyi75P2LuP9O4LieGGzne24dzVRMdN.VxQFKRWGvu.jzXcLhdq8NiP3vDba2CKYtiAaiykmb7lE9fE913Y6dtzhgbWUzI_y7UmMMkZBrI1_XlVRMEXGrjFTz0qcFd3t1wpAuA; report-to cf-adxfypfgrjwfgkcu 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.eu https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' forms.hsforms.com www.google.com px.ads.linkedin.com region1.analytics.google.com stats.g.doubleclick.net bat.bing.net cta-service-cms2.hubspot.com api.hubapi.com forms.hscollectedforms.net pulse.clickguard.com; form-action 'none'; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://td.doubleclick.net; img-src 'self' data: forms-na1.hsforms.com px.ads.linkedin.com www.google.es bat.bing.net www.google.com forms.hsforms.com perf-na1.hsforms.com track.hubspot.com; font-src 'self' data:; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.hsforms.net www.googletagmanager.com bat.bing.com static.hotjar.com snap.licdn.com js.hs-scripts.com www.clarity.ms tracking-api.g2.com pulse.clickguard.com script.hotjar.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hubspot.com js.hs-banner.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net static.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.powerboard.commbank.com.au *.paydock.com mtf.gateway.mastercard.com/ *.facebook.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.powerboard.commbank.com.au *.paydock.com mtf.gateway.mastercard.com/ auth.sandbox.zip.co/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.dotdigital-pages.com *.dotdigital.com www.google.com www.gstatic.com apis.google.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.paydock.com *.powerboard.commbank.com.au pay.google.com mtf.gateway.mastercard.com/ *.zip.co *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.trackedlink.net *.ddlnk.net *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zip.co *.zip.co d3k1w8lx8mqizo.cloudfront.net site-assets.afterpay.com static.sandbox.afterpay.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://api.addressfinder.io https://rum.hlx.page *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.avada.io *.shopify.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.authorize.net test.authorize.net js.braintreegateway.com maps.googleapis.com fonts.googleapis.com *.nosto.com *.nos.to assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com static.zipmoney.com.au zip.co static.zip.co widget.paydock.com *.powerboard.commbank.com.au bpi.zip.co portal.sandbox.afterpay.com applepay.cdn-apple.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com https://www.foxracing.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net static.zip.co tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paydock.com *.powerboard.commbank.com.au static.zipmoney.com.au *.cloudfront.net trx.zip.co *.zip.co *.google.com/pay analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.gstatic.com data: *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com scontent.* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ display.ugc.bazaarvoice.com *.fontawesome.com assets.braintreegateway.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3bb61dc1-a559-4e04-a5cd-44834bae6c9a.sansec.watch/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://www.psru.ac.th/newweb2023/2023?gdsih-csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-nnPPoEuMz7A1aRvYr5KMLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'report-sample' addtocalendar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' addtocalendar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.sirv.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.sirv.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.sirv.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu cdn.doofinder.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sirv.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.doofinder.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sirv.com *.axept.io *.doofinder.com *.avada.io https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.sirv.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com *.cloudflare.com *.twitter.com *.twimg.com *.sirv.com *.google-analytics.com *.googleapis.com *.axept.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-mI9cXDDShHKH1CW/yYqwLQ==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
script-src 'self' 'nonce-/rg8km1VyyOQgcsJkghnsA+BlwIZEDx5DSwcPImNW+o=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src 'self';         script-src 'self' https://www.googletagmanager.com https://www.datadoghq-browser-agent.com https://assets.juicer.io;         script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.datadoghq-browser-agent.com https://assets.juicer.io;         style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://assets.juicer.io https://cdn.jsdelivr.net;         font-src 'self' https://use.typekit.net https://p.typekit.net;         img-src * 'self' data:; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sagepay.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.sagepay.com maps.googleapis.com www.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://static.iadvize.com/ https://media.flixfacts.com *.fontawesome.com applepay.cdn-apple.com https://fonts.gstatic.com *.alothemes.com *.magepow.com googlepay.cdn-google.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://static.addtoany.com https://www.google.com/ https://service.loadbee.com/ https://vars.hotjar.com/ https://static.rolex.com/ https://retailers.rolex.com/ https://media.flixfacts.com *.webengage.co https://corners.rolex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://static.iadvize.com/ https://fstatic.iadvize.com/ https://www.facebook.com https://www.google.com https://www.google.co.in https://googleads.g.doubleclick.net https://www.googletagmanager.com https://media.flixfacts.com https://m.media-amazon.com https://www.darwishholding.com/ https://theqa.qa metrics.rolex.com maps.googleapis.com smetrics.rolex.com *.disqus.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://cobrowsing-ha.iadvize.com/ https://fstatic.iadvize.com/ https://static.iadvize.com/ https://halc.iadvize.com https://api.iadvize.com/ https://static.addtoany.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://graph.facebook.com https://widgets.pinterest.com https://cdn.loadbee.com/js/loadbee_integration.js https://static.hotjar.com https://script.hotjar.com https://static.rolex.com https://retailers.rolex.com http://media.flixfacts.com https://test-gateway.mastercard.com https://ap-gateway.mastercard.com/ https://starpay-easy.starboss.biz/ https://www.qpay.gov.qa/ https://m.media-amazon.com https://connect.facebook.net https://analytics.tiktok.com/ *.webengage.com applepay.cdn-apple.com https://corners.rolex.com maps.googleapis.com *.disqus.com *.alothemes.com *.magepow.com googlepay.cdn-google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://halc.iadvize.com/ https://static.iadvize.com/ https://media.flixfacts.com https://test-gateway.mastercard.com https://ap-gateway.mastercard.com/ https://starpay-easy.starboss.biz/ https://www.qpay.gov.qa/ *.fontawesome.com *.googleapis.com *.addtoany.com *.alothemes.com *.magepow.com assets.braintreegateway.com www.gstatic.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://m.media-amazon.com https://media.flixfacts.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://cobrowsing-ha.iadvize.com/ https://halc.iadvize.com https://api.iadvize.com/ https://static.iadvize.com/ https://stats.g.doubleclick.net https://bam.nr-data.net https://availability.loadbee.com https://analytics.google.com https://in.hotjar.com https://vc.hotjar.io https://static.rolex.com https://retailers.rolex.com https://static.addtoany.com https://media.flixfacts.com https://stats.addtoany.com https://m.media-amazon.com c.webengage.com assets.adobedtm.com maps.googleapis.com http://dpm.demdex.net *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-ZPWnVhSrDKzf65BTw62T9Q' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src https://widgets.trustedshops.com *.fontawesome.com *.googleapis.com *.gstatic.com instantcredit.net test.instantcredit.net *.fonts.googleapis.com data: *.cloudflare.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors * 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de * www.paycomet.com api.paycomet.com *.google.com *.addthis.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com * instantcredit.net test.instantcredit.net *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com https://www.facebook.com https://www.culinarium.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com cdn.doofinder.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io * www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.googletagmanager.com tagmanager.google.com https://connect.facebook.net https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.fontawesome.com instantcredit.net test.instantcredit.net *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.doofinder.com * instantcredit.net *.instantcredit.net *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com https://www.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.kidsnews.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-gYWIUjdoaZvF43V-VsJtrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-3RDiqghskR1BIsgAo5UD1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com *.fontawesome.com https://fonts.bunny.net www.euroshop.be https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com https://www.google.com www.googletagmanager.com www.google.com ct.pinterest.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com maps.gstatic.com maps.googleapis.com *.disqus.com https://firebasestorage.googleapis.com www.euroshop.be raw.githubusercontent.com www.facebook.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com https://www.gstatic.com maps.googleapis.com https://www.google.com *.disqus.com *.avada.io www.euroshop.be cdnjs.cloudflare.com www.google.com www.gstatic.com connect.facebook.net s.pinimg.com apis.google.com ct.pinterest.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net www.euroshop.be cdn.jsdelivr.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://get.geojs.io *.avada.io www.euroshop.be ct.pinterest.com 7rc2kiath6-dsn.algolia.net payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.euroshop.be pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data:; connect-src 'self' https://plausible.io *.webanalytics.italia.it *.sentry.io *.sentry-cdn.com *.opencontent.io *.opencontent.it *.opencityitalia.it *.stanzadelcittadino.it wss://stregatto.opencityitalia.it https://nominatim.openstreetmap.org https://servizidigitali.provincia.tn.it; font-src 'self' data: *.opencontent.io *.opencontent.it *.opencityitalia.it; frame-src 'self' *.youtube.com *.vimeo.com; img-src 'self' data: blob: https://flyimg.opencityitalia.it https://flyimg-qa.opencityitalia.it *.openstreetmap.org *.ytimg.com https://s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://www.googletagmanager.com *.sentry-cdn.com *.webanalytics.italia.it *.opencontent.io *.opencontent.it *.opencityitalia.it https://servizidigitali.provincia.tn.it; style-src 'self' 'unsafe-inline' https:; report-uri https://csp-collector.opencontent.it/csp?env=production&app=cms; worker-src 'self' blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-rEOAEse4qaFliJu9spteSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.bunny.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.paypal.com e.jachensen.nl td.doubleclick.net www.kiyoh.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com www.jachensen.nl trengo.s3.eu-central-1.amazonaws.com www.google.nl blob: secure.adnxs.com bat.bing.com c.bing.com www.awin1.com www.facebook.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com col1.wiqhit.com cdn.widget.trengo.eu code.jquery.com cdnjs.cloudflare.com static.widget.trengo.eu www.mandad.nl s.codepen.io widget.prod.faslet.net www.clarity.ms connect.facebook.net bat.bing.com ct.beslist.nl www.dwin1.com analytics.tiktok.com js-agent.newrelic.com lantern.roeyecdn.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl jac-hensen.github.io fonts.googleapis.com use.fontawesome.com www.mandad.nl fonts.bunny.net www.jachensen.nl js-agent.newrelic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com region1.google-analytics.com api.widget.trengo.eu region1.analytics.google.com api.faslet.net www.google.com google.com ct.beslist.nl f.clarity.ms o.clarity.ms bat.bing.com analytics.tiktok.com bam.nr-data.net lantern.roeye.com hal9000.redintelligence.net col1.wiqhit.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://*.google.com; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self' https:; font-src 'self'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.smeders.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.mouseflow.com https://cdn.jsdelivr.net https://chimpstatic.com https://challenges.cloudflare.com https://*.facebook.net https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://*.smeders.nl https://cdn.jsdelivr.net https://fonts.googleapis.com https://ka-p.fontawesome.com; img-src 'self' data: https: https://*.smeders.nl https://*.facebook.com https://facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gravatar.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com; connect-src 'self' https://*.smeders.nl https://*.google-analytics.com https://*.googletagmanager.com https://*.mouseflow.com https://*.facebook.com https://*.yoast.com https://yoast.com; media-src 'self' https://*.smeders.nl; child-src 'self' blob: https://challenges.cloudflare.com; worker-src 'self' blob:; frame-src 'self' https://*.smeders.nl https://www.youtube.com https://challenges.cloudflare.com; frame-ancestors 'self'; report-uri https://smeders.uriports.com/reports/report; report-to default 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: fonts.gstatic.com; report-uri /report-csp-violation 1
connect-src https://cdp.customer.io https://firebase.googleapis.com https://consumer.cloud.gist.build https://realtime.cloud.gist.build wss://nexus-websocket-a.intercom.io https://px.ads.linkedin.com; default-src 'self'; font-src https://fonts.gstatic.com; frame-ancestors 'none'; img-src https://www.google.co.il/ads/ga-audiences https://px.ads.linkedin.com 'self'; object-src 'none'; script-src https://cdp.customer.io/v1/analytics-js/inAppPlugin.js https://cdp.customer.io/v1/analytics-js/ajs-destination.js https://cdp.customer.io/v1/analytics-js/646.js https://cdp.customer.io/v1/analytics-js/snippet/5295770effba49705388/analytics.min.js https://cdp.customer.io/v1/analytics-js/snipp https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com/tracking.js https://googleads.g.doubleclick.net/pagead/; style-src https://fonts.googleapis.com/css; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yykVrV4NvbjxRdjlnmqWoopbyssLepfBB.4OvnWkUkI-1773716378.9757125-1.0.1.1-RV.ht75zTBjowoHUMtFJWHs3EoA9XkPf5GwtolARZGfNxQUZuMsGgAwU_Xd2EBIuGKbgFrg9fmNAGzD1qIYbe1ebF_gIyUHVguiJ07AkD7dLi4obWSc3yFid_cYztN66aiaXM6QRRnDd6Ejk3jD9Pkrl_iXSJBlzx5Qo9JYZMhF3qZfVRRLxg35CBj95jyQS; report-to cf-rbnyvjqkhcsjclld 1
font-src *.inpost.pl *.fontawesome.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com play.google.com *.autopay.eu *.inpost.pl c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu *.inpost.pl magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.inpost.pl https://browser.sentry-cdn.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.autopay.eu *.googleapis.com *.inpost.pl https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.fontawesome.com unsafe-inline assets.braintreegateway.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com *.inpost.pl https://*.ingest.sentry.io https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; frame-ancestors 'self'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api-qa.payplug.com secure-qa.payplug.com *.payplug.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org res.cloudinary.com images.join-stories.com https://www.magezon.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.payplug.com static.splio.pro dessange.my.join-stories.com https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.splio.pro *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com sdk-sdk-backend.apigw.splio.pro meas.join-stories.com https://*.ingest.sentry.io *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.stripe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.revolut.com *.google.com *.cdn-apple.com google.com *.gstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.revolut.com *.cdn-apple.com google.com pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com maps.gstatic.com *.doofinder.com *.facebook.com *.google.it *.google.sm stats.g.doubleclick.net *.kelkoogroup.net *.tradetracker.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.revolut.com *.google.com *.cdn-apple.com google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com maps.googleapis.com *.adfyier.com *.admediasales.com *.bannercrowd.net sibautomation.com *.clerk.io *.doofinder.com *.hotjar.com *.kk-resources.com *.optimalpeople.fr shop-cart.app *.tradedoubler.com *.tradetracker.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com *.bannercrowd.net *.brevo.com *.doofinder.com wss://eu1-layer.doofinder.com/ wss://eu1-recommendations.doofinder.com/ *.facebook.com wss://ws.hotjar.com/ *.hotjar.io/ *.kelkoogroup.net *.optimalpeople.fr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.ogormans.co.uk *.tawk.to *.cloudflare.com *.fontawesome.com https://fonts.bunny.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.ogormans.co.uk *.tawk.to 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.ogormans.co.uk *.tawk.to *.googlesyndication.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.ogormans.co.uk cdn.jsdelivr.net *.amazonaws.com *.facebook.com *.bing.net *.bing.com *.feefo.com *.youreko.com *.flix360.com *.googlesyndication.com *.doubleclick.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com *.ogormans.co.uk *.tawk.to *.jsdelivr.net *.cloudflare.com *.amazonaws.com *.sharethis.com *.isitetv.com *.loadbee.com *.flixfacts.com *.flixcar.com *.facebook.net *.bing.com *.feefo.com *.gstatic.com *.youreko.com *.googlesyndication.com *.doubleclick.net adservice.google.com *.googletagservices.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.ogormans.co.uk *.tawk.to *.jsdelivr.net *.cloudflare.com *.amazonaws.com *.feefo.com *.youreko.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.ogormans.co.uk *.amazonaws.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.ogormans.co.uk *.sharethis.com *.amazonaws.com *.feefo.com *.bing.net *.google.ie *.google.co.uk *.youreko.com *.flixcar.com *.isitetv.com *.googlesyndication.com *.doubleclick.net adservice.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com fonts.googleapis.com *.fontawesome.com fonts.bunny.net use.typekit.net p.typekit.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.doofinder.com cc-cdn.com static.klaviyo.com; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com p.typekit.net fonts.bunny.net static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com www.henrykrank.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com www.henrykrank.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com account.fetchify.com live.opayo.eu.elavon.com *.opayo.co.uk *.elavon.com secure7.arcot.com *.arcot.com www.googletagmanager.com www.henrykrank.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io cdn.doofinder.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com d3k81ch9hvuctc.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.doofinder.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com cdnjs.cloudflare.com cdn.jsdelivr.net eu1-config.doofinder.com trackcmp.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net p.typekit.net cdn.doofinder.com static.klaviyo.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.henrykrank.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io m2.staging.henrykrank.com.cfstack.com m2.dev.henrykrank.com.cfstack.com henrykrank.com www.henrykrank.com api-js.datadome.co cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src www.henrykrank.com http: https: blob: 'self' 'unsafe-inline'; default-src www.henrykrank.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.onetrust.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.gstatic.com *.iconscout.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net pay.ozow.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.facebook.net https://www.google.com/ secure.authorize.net test.authorize.net www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://vars.hotjar.com/ www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.facebook.com *.facebook.net https://www.magezon.com ozow-live-cdn.s3.eu-west-1.amazonaws.com *.cloudflare.com https://stats.g.doubleclick.net/ *.cloudfront.net s.ytimg.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.yotpo.com *.linkedin.com t.co *.google.com *.google.co.za *.adsymptotic.com *.adroll.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com *.facebook.com *.facebook.net *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.twitter.com secure.authorize.net test.authorize.net js.braintreegateway.com *.cardinalcommerce.com video.google.com *.payments-amazon.com *.payments-amazon.de *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com https://www.gstatic.com/ *.paypal.com www.youtube.com sibforms.com *.addtoany.com *.googleoptimize.com static.zdassets.com *.hotjar.com *.roomvo.com *.trustpilot.com connect.facebook.net snap.licdn.com static.ads-twitter.com *.adroll.com d.adroll.mgr.consensu.org player.vimeo.com https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.cloudflare.com *.iconscout.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com sibforms.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.amazonaws.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com *.facebook.com *.facebook.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.cloudflare.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com *.zdassets.com *.zendesk.com roomvo.com wss://widget-mediator.zopim.com/ *.google-analytics.com stats.g.doubleclick.net cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-LYsZqrwnZwunbatuzQ-xfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.nightingale.com nightingale.com www.googletagmanager.com acsbap.com acsbapp.com www.google-analytics.com 'unsafe-hashes'; report-uri /.webscale/csp-report 1
font-src *.googleapis.com *.gstatic.com data: *.cloudfront.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.fls.doubleclick.net www.facebook.com *.google.com consentcdn.cookiebot.eu td.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com js.mollie.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://images.unsplash.com stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.googleusercontent.com bat.bing.com c.clarity.ms c.bing.com *.trustedshops.com *.cookiebot.com integrations.etrusted.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com https://img.youtube.com https://www.mollie.com https://shareasale.com/sale.cfm *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://maps.googleapis.com connect.facebook.net *.google.com *.googletagmanager.com *.google-analytics.com www.gstatic.com bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com tagmanager.google.com consent.cookiebot.com consentcdn.cookiebot.com bat.bing.com www.clarity.ms *.trustedshops.com integrations.etrusted.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io s7.addthis.com https://cdn.jsdelivr.net js.mollie.com https://www.dwin1.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com integrations.etrusted.com d.ratepay.com d.payla.io dr.payla.io https://cdn.jsdelivr.net *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com stats.g.doubleclick.net bam.nr-data.net bam.eu01.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.maps.googleapis.com *.google.com *.google.de *.gstatic.com consentcdn.cookiebot.com googleads.g.doubleclick.net www.facebook.com bat.bing.com *.clarity.ms integrations.etrusted.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.stripe.com https://*.sentry.io wss:; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; object-src 'none'; base-uri 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-pg742F17UO9w29vGjkxM4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
“default-src 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.googleapis.com *.coastalbusiness.com *.twitter.com *.yotpo.com *.fontawesome.com *.zohocdn.com *.pagesense.io *.zohostatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.coastalbusiness.com *.yotpo.com *.facebook.com yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com www.google.com *.affirm.com *.affirm.ca *.coastalbusiness.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.ubembed.com *.leasestation.com *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com yotpo.com *.wesupply.xyz https://wesupplylabs.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net *.ddlnk.net *.affirm.com *.affirm.ca *.coastalbusiness.com *.googleadservices.com *.google-analytics.com *.zaius.com *.twitter.com *.adelixir.com t.co 'self' blob: *.bing.com *.pinterest.com *.google.com *.facebook.com *.amazonaws.com *.quickspark.com salesiq.zohopublic.com *.zoho.com *.zohocdn.com *.campaign-image.com *.maillist-manage.com *.pagesense.io *.zohostatic.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.twitter.com *.google-analytics.com *.google.com *.googletagmanager.com *.addthis.com *.zdassets.com *.mouseflow.com *.hiss3lark.com d1igp3oop3iho5.cloudfront.net z.moatads.com v1.addthisedge.com *.facebook.com *.facebook.net *.googleadservices.com *.pinimg.com *.bing.com *.ads-twitter.com *.quickspark.com *.ubembed.com *.adelixir.com *.doubleclick.net *.linkedin.com *.cloudflareinsights.com *.pinterest.com *.newrelic.com *.nr-data.net *.zoho.com *.zohocdn.com *.zohopublic.com *.maillist-manage.com *.pagesense.io *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com yotpo.com *.cloudflare.com *.yotpo.com swellrewards.com *.swellrewards.com https://www.coastalbusiness.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.coastalbusiness.com *.googleapis.com *.twitter.com *.quickspark.com *.fontawesome.com css.zohocdn.com *.pagesense.io *.zohostatic.com *.stripe.network *.stripecdn.com *.amazon.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.coastalbusiness.com *.zaius.com *.zdassets.com *.zohostatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com qa-api.magedevteam.com *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com *.affirm.com *.affirm.ca *.coastalbusiness.com *.twitter.com *.zdassets.com *.addthis.com *.amazonaws.com coastalbusiness.zendesk.com wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.ubembed.com *.yotpo.com *.nr-data.net salesiq.zohopublic.com wss://vts.zohopublic.com *.zohopublic.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pQlhMis4t9P6Dqu6-s73fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com js.mollie.com *.cookiebot.com *.freshchat.com *.trustpilot.com *.financetech365.com/' *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://app-wallee.com https://paymentshub.weareplanet.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com maps.googleapis.com maps.gstatic.com flagpedia.net https://www.mollie.com *.apple-mapkit.com *.googleapis.com *.storyblok.com *.cloudfront.net *.cookiebot.com selecttechgroup.com *.selectonline.com *.hsforms.net *.hsforms.com 'self' data: https://app-wallee.com https://paymentshub.weareplanet.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.gstatic.com js.mollie.com *.apple-mapkit.com *.googleapis.com *.storyblok.com *.cookiebot.com *.jsdelivr.net *.freshchat.com *.trustpilot.com *.cloudfront.net *.jquery.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hsforms.net *.hsforms.com https://app-wallee.com https://paymentshub.weareplanet.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.storyblok.com *.freshchat.com *.googleapis.com *.typekit.net https://app-wallee.com https://paymentshub.weareplanet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src selecttechgroup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com www.gstatic.com *.apple-mapkit.com *.googleapis.com *.cookiebot.com *.amazonaws.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://app-wallee.com https://paymentshub.weareplanet.com https://assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: https://widgets.trustedshops.com d3otxgxltntbw8.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * d3otxgxltntbw8.cloudfront.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors ; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com https://www.googletagmanager.com/ *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * d3otxgxltntbw8.cloudfront.net consentcdn.cookiebot.com td.doubleclick.net www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com maps.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com d3otxgxltntbw8.cloudfront.net www.facebook.com bat.bing.com imgsct.cookiebot.com www.google.pl www.google.de px.ads.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com landofcoder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com d3otxgxltntbw8.cloudfront.net consent.cookiebot.com bat.bing.com analytics.webgains.io diffuser-cdn.app-us1.com consentcdn.cookiebot.com prism.app-us1.com trackcmp.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com d3otxgxltntbw8.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com d3otxgxltntbw8.cloudfront.net 'self' data: 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ d3otxgxltntbw8.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com landofcoder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site d3otxgxltntbw8.cloudfront.net region1.analytics.google.com bat.bing.com www.google.com googleads.g.doubleclick.net consentcdn.cookiebot.com www.google.pl www.google.de pagead2.googlesyndication.com www.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com d3otxgxltntbw8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-iY1fuTcK_VLRUHwHF5Fa9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.oney.io *.staging.oney.io https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com *.weltpixel.com https://thinglink.com/ https://app.usercentrics.eu/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.hipay.com *.oney.io *.staging.oney.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://app.usercentrics.eu/ *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.oney.io *.staging.oney.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://cdn.thinglink.me/ https://app.usercentrics.eu/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.hipay.com *.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://integrations.etrusted.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.oney.io *.staging.oney.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://nominatim.openstreetmap.org https://integrations.etrusted.com/ https://app.usercentrics.eu/ https://api.usercentrics.eu/ *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.stape.io maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com *.weltpixel.com eadn-wc03-4957627.nxedge.io www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io dev.visualwebsiteoptimizer.com global.ketchcdn.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com eadn-wc03-4957627.nxedge.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com connect.facebook.net www.xtento.com cdn.xtento.com eadn-wc03-4957627.nxedge.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.stape.io unsafe-inline assets.braintreegateway.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com dev.visualwebsiteoptimizer.com global.ketchcdn.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://client.crisp.chat *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cdnfonts.com *.cloudflare.com *.trustpilot.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.trustpilot.com www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://images.unsplash.com https://image.crisp.chat *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.crisp.chat cwberry.s3-eu-west-1.amazonaws.com d17lvj5xn8sco6.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net www.google.co.uk *.trustpilot.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://client.crisp.chat *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.crisp.chat *.doubleclick.net *.facebook.com *.facebook.net *.jsdelivr.net *.noibu.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://client.crisp.chat *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com assets.braintreegateway.com *.trustpilot.com tagmanager.google.com fonts.google.com *.crisp.chat *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src *.doorvisualiser.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.stripe.com *.sagepay.com *.opayo.eu.elavon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.crisp.chat *.doubleclick.net *.epostcode.com *.facebook.com *.facebook.net *.noibu.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://388b1011-c31a-4e04-adf4-d061d9b5b59c.sansec.watch/; report-to report-endpoint; 1
default-src * 'unsafe-inline' 'unsafe-eval';    style-src-elem * 'unsafe-inline';    frame-ancestors *;    form-action 'self';    script-src-elem * 'unsafe-inline';    connect-src * 'self';    img-src * data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-0YBM_2mzww-ofwSfll_w3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3JSqZITwM8Xvn6J-TcfPSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors 'self' http://localhost:3333 https://sanity.renuityhome.com https://*.renuityhome.com https://*.sanity.studio; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://tracking-code-generator.onrender.com https://www.googletagmanager.com https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://s.pinimg.com https://ct.pinterest.com https://js.sentry-cdn.com https://us.i.posthog.com https://maps.googleapis.com https://maps.gstatic.com https://api.trustedform.com https://cdn.trustedform.com https://cdn.jsdelivr.net https://jobs.ashbyhq.com; style-src 'self' 'unsafe-inline'; img-src 'self' https:; connect-src 'self' https://api.sanity.io https://www.google-analytics.com https://us.i.posthog.com https://ct.pinterest.com https://maps.googleapis.com https://maps.gstatic.com https://api.trustedform.com https://cdn.trustedform.com https://pnapi.invoca.net https://cdn.feathery.io https://api.feathery.io; font-src 'self'; worker-src 'self' data:; object-src 'none'; base-uri 'self' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.vimeo.com *.lightwidget.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.youtube.com https://c.paypal.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.google.com *.googleadservices.com *.googletagmanager.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.lightwidget.com https://ipinfo.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.fontawesome.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bootstrapcdn.com https://use.typekit.net https://p.typekit.net assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://statistiques.neuillysurseine.fr http://code.highcharts.com https://cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://unpkg.com mdbootstrap.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.checkout-api.avarda.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com www.googletagmanager.com consentcdn.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: www.google.fi *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.checkout-api.avarda.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com bat.bing.com imgsct.cookiebot.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.core.windows.net *.checkout-cdn.avarda.com *.klevu.com *.ksearchnet.com *.disqus.com https://bot.leadoo.com https://*.cloudfront.net https://static.zdassets.com https://assets.voyado.com consent.cookiebot.com app.kuvio.io api.custobar.com a.omappapi.com static.redeal.se t.myvisitors.se static.hotjar.com bat.bing.com analytics.tiktok.com track.adform.net s2.adform.net consentcdn.cookiebot.com script.hotjar.com checkout-cdn.avarda.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klevu.com *.ksearchnet.com a.omappapi.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.checkout-api.avarda.com *.klevu.com *.ksearchnet.com wss://*.zopim.com https://*.zendesk.com/ https://bot.leadoo.com/ tracking.rajalacamera.fi ekr.zdassets.com api.omappapi.com api.onsite.voyado.com bat.bing.com analytics.tiktok.com consentcdn.cookiebot.com anl.leadoo.com t1.staging.voyado.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self'; default-src 'self'; font-src 'self' data:; frame-src 'self' https://js.stripe.com; img-src 'self' https://www.facebook.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://67b3538941b27f3460ec27c2.endpoint.csper.io?v=1&builder=true; script-src 'report-sample' 'self' https://connect.facebook.net/en_US/fbevents.js https://js.stripe.com/v3/; style-src 'report-sample' 'self'; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mbank.ae https://*.googleapis.com https://translate.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://connect.facebook.net https://*.facebook.net https://*.facebook.com https://*.cloudflare.com https://*.youtube.com https://*.vimeo.com https://*.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.userway.org https://*.userway.org https://cdn.yellowmessenger.com https://*.yellowmessenger.com https://r1.cloud.yellow.ai https://*.google.com https://*.google.* https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.com.sa https://*.google.ae https://*.google.com.sa https://*.googleusercontent.com https://www.gstatic.com https://use.typekit.net https://p.typekit.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://*.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.google.* https://cdn.yellowmessenger.com https://*.yellowmessenger.com https://cdn.userway.org https://*.userway.org https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://translate.googleapis.com https://*.gstatic.com https://*.cloudflare.com https://*.cookiebot.com https://use.typekit.net https://p.typekit.net https://cdn.userway.org https://cdn.yellowmessenger.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.yellowmessenger.com https://*.yellowmessenger.com https://use.typekit.net https://p.typekit.net https://*.cloudflare.com https://cdn.userway.org https://cdn.yellowmessenger.com; img-src 'self' data: blob: https://*.google.com https://*.google.* https://*.google.co.in https://*.google.ae https://*.google.com.sa https://*.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com/ads/* https://www.google.ae/ads/* https://www.google.com/pagead/* https://googleads.g.doubleclick.net/pagead/* https://*.googleusercontent.com https://*.gstatic.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.vimeo.com https://*.cookiebot.com https://cdn.userway.org https://*.userway.org https://cdn-icons-png.flaticon.com https://cdn.yellowmessenger.com https://*.yellowmessenger.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudflare.com https://use.typekit.net https://p.typekit.net https://cdn.userway.org https://*.userway.org https://cdn.yellowmessenger.com https://*.yellowmessenger.com; connect-src 'self' https://www.mbank.ae https://*.google.com https://*.google.* https://*.google.co.in https://*.google.ae https://*.google.com.sa https://analytics.google.com https://www.google-analytics.com https://www.google.com/ccm/* https://www.google.com/ads/* https://www.google.ae/ads/* https://www.google.com/pagead/* https://*.googleadservices.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://translate.googleapis.com https://*.facebook.com https://*.facebook.net https://connect.facebook.net https://*.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.userway.org https://cdn.userway.org https://*.userway.org https://cdn.yellowmessenger.com https://*.yellowmessenger.com https://r1.cloud.yellow.ai wss://r1.cloud.yellow.ai; worker-src 'self' blob: https://cdn.userway.org https://cdn.yellowmessenger.com; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://*.facebook.com https://*.cookiebot.com https://consent.cookiebot.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.google.com https://*.google.* https://*.google.co.in https://*.google.ae https://www.gstatic.com https://cdn.userway.org https://*.userway.org; form-action 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://www.mbank.ae/csp-report-endpoint.php; report-to csp-endpoint 1
object-src 'none'; script-src 'self' 'report-sample' 'inline-speculation-rules' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-X62a5jLxX7-_PZRqoEFAVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4ACQcLtCt-6HkspDKGOX4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://salucro5.salucro.com;script-src 'nonce-ce44301442524a4aa5f0a0e13f3aaa19' https://www.mybassetthealthconnection.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.mybassetthealthconnection.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src *.gstatic.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.criteo.com *.google.fr googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com *.metaffiliation.com *.rubiconproject.com sync.outbrain.com sync-t1.taboola.com rtb-csync.smartadserver.com eb2.3lift.com ad.360yield.com simage2.pubmatic.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net visitor.omnitagjs.com match.sharethrough.com matching.ivitrack.com ads.stickyadstv.com cdn.stickyadstv.com exchange.mediavine.com s.ad.smaato.net cm.g.doubleclick.net ads.yahoo.com *.analytics.yahoo.com secure.adnxs.com ib.adnxs.com c.bing.com e1.emxdgt.com public-prod-dspcookiematching.dmxleo.com i.liadm.com i6.liadm.com criteo-partners.tremorhub.com gum.criteo.com dis.criteo.com x.bidswitch.net ad.yieldlab.net beacon.krxd.net s.thebrighttag.com *.google.com *.google.fr openstreetmap.org *.avis-verifies.com *.netreviews.eu *.skeepers.io sync-criteo.ads.yieldmo.com id5-sync.com *.googletagmanager.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net maps.googleapis.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.facebook.net *.criteo.com *.criteo.net *.metaffiliation.com *.social-media-system.com *.cartsguru.io *.google.com *.gstatic.com *.avis-verifies.com *.matomo.cloud *.jquery.com *.cloudflare.com *.googletagmanager.com unpkg.com *.unpkg.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net maps.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.cloudflare.com *.googletagmanager.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.facebook.com integration.carts.guru *.google-analytics.com *.analytics.google.com *.matomo.cloud *.google.com *.doubleclick.net *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src integration.carts.guru cdn.cartsguru.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' *.bugherd.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com data:; script-src 'self' *.pusher.com *.bugherd.com digistats.de 'nonce-NF13CgpEX5Jc1xItzuDsujI3'; connect-src 'self' wss: *.pusher.com sessions.bugsnag.com *.bugherd.com digistats.de; frame-src *.bugherd.com; report-uri https://ospa-csp.uriports.com/reports/report; report-to default; media-src 'self' https://www.ospa-schwimmbadtechnik.de/files/media/NEU/de/video/ospa-vorteile.mp4 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.fontawesome.com *.abtasty.com *.peppermoneytest.es *.peppermoney.es 'self' data: widget.pepperfinance.es static-eu.oct8ne.com *.generaloptica.es *.maisoptica.pt data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com www.google.com *.cookiebot.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es fledge-eu.creativecdn.com ams.creativecdn.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.googleapis.com gstatic.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.google.es stats.g.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms tracker.metricool.com *.abtasty.com *.amazonaws.com *.peppermoneytest.es www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: imgsct.cookiebot.com widget.pepperfinance.es *.teads.tv *.generaloptica.es *.maisoptica.pt data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com *.gstatic.com *.plugins.emarsys.net *.scarabresearch.com *.disqus.com *.cookiebot.com www.google.es www.gstatic.com sl.google-analytics.com s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms tracker.metricool.com *.abtasty.com *.peppermoneytest.es *.peppermoney.es *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com widget.pepperfinance.es *.outbrain.com p.teads.tv tags.creativecdn.com *.taboola.com s.kk-resources.com wave.outbrain.com *.generaloptica.es *.maisoptica.pt https://storage.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es tags.creativecdn.com *.trustpilot.com assets.braintreegateway.com *.generaloptica.es *.maisoptica.pt https://storage.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com www.google.com payments-eu.amazon.com *.googleapis.com *.scarabresearch.com *.eservice.emarsys.net *.cookiebot.com www.google.es www.gstatic.com sl.google-analytics.com *.g.doubleclick.net s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.abtasty.com *.peppermoneytest.es *.peppermoney.es ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com bam.eu01.nr-data.net *.taboola.com *.outbrain.com *.teads.tv *.generaloptica.es *.maisoptica.pt 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.generaloptica.es *.maisoptica.pt 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-olWF7OLAGil6PTkHHXz1ug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests ; frame-ancestors *.bytedance.com self *.bytedance.net fanqienovel.com usergrowth.com.cn bytegrowth.com; frame-src bytegrowth.com usergrowth.com.cn fanqienovel.com *.bytedance.net self *.bytedance.com; object-src 'none'; base-uri 'none'; report-to slardar-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com app-sj39.marketo.com *.mktoweb.com *.avis-verifies.com *.tricorbraun.com *.facebook.com *.paypalobjects.com *.doubleclick.net https://elements.sandbox.fortis.tech https://elements.fortis.tech 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.facebook.com *.bing.com *.linkedin.com *.postcodeanywhere.co.uk *.google.com *.google.com.ua *.bidswitch.net *.rlcdn.com *.casalemedia.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.adroll.com *.rubiconproject.com *.addthis.com *.b-cdn.net *.clarity.ms *.googleapis.com *.ipredictive.com *.company-target.com https://cdn.cookielaw.org *.bizible.com *.bizibly.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.app-sj39.marketo.com *.marketo.com *.marketo.net *.nr-data.net *.newrelic.com *.mktoweb.com *.cookie-script.com *.avis-verifies.com *.licdn.com *.gstatic.com *.tricorbraun.com *.postcodeanywhere.co.uk *.pcapredict.com *.facebook.net *.facebook.com *.bing.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.callrail.com gleam.io *.gleam.io *.zopim.com *.bizible.com *.hotjar.io *.hotjar.com *.adroll.com *.zdassets.com *.curator.io *.clarity.ms *.googleapis.com *.hellobar.com *.snapengage.com *.skeepers.io *.cardinalcommerce.com https://includestest.ccdc02.com https://googleads.g.doubleclick.net *.paypal.com *.paypalobjects.com https://cdn.cookielaw.org https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.marketo.com *.mktoweb.com *.postcodeanywhere.co.uk *.tricorbraun.com *.gleam.io *.curator.io *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.b-cdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.mktoresp.com *.nr-data.net *.newrelic.com *.oribi.io *.doubleclick.net *.callrail.com *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com *.adroll.com *.bing.com *.curator.io *.clarity.ms *.ip-api.com *.google.com.ua *.googlesyndication.com *.postcodeanywhere.co.uk https://cdn.cookielaw.org https://px.ads.linkedin.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.onetrust.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.google-analytics.fr *.facebook.com *.linkedin.com https://axeptio.imgix.net *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.net *.licdn.com *.axept.io *.hotjar.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.fr *.google-analytics.com *.facebook.com *.doubleclick.net *.oribi.io *.axept.io *.linkedin.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.googletagmanager.com *.google-analytics.com cdn.polyfill.io *.brightcove.net munchkin.market.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.idio.co chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com *.fitchconnect.com *.fitch.group *.jotjar.com *.zencdn.net *.mktorest.com *.ads-twitter.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com *.amazonaws.com *.google-analytics.com *.analytics.google.com *.twitter.com *.facebook.com  *.youtube.com *.googleapis.com *.facebook.net *.evidon.com *.crwdcntrl.net *.addtoany.com cdn.jsdelivr.net *.bing.com *.licdn.com *.baidu.com *.ads-twitteer.com *.crazyegg.com *.hotjar.com *.marketo.net *.funnelenvy.com *.ctnsnet.com *.typekit.net *.woopra.com consentag.eu *.adobedtm.com demdex.net *.adobedc.net *.gstatic.com *.googlesyndication.com *.google.com.hk global.ketchcdn.com cdn.ketchjs.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: blob: *.amazonaws.com *.googleapis.com *.googletagmanager.com your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com consentag.eu assets.adobedtm.com demdex.net edge.adobedc.net; img-src 'self' 'unsafe-inline' https: blob: data: *.amazonaws.com *.doubleclick.net *.google-analytics.com *.google.com *.google.co.in *.google.de *.google.co.jp *.google.co.uk *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg *.google.co.th *.google.com.my *.google.co.za *.google.com.sg *.google.com.tw *.google.be *.google.com.ua *.google.se *.google.ch *.google.at *.google.com.co *.google.pt *.google.dk *.google.fi *.google.no *.google.gr *.google.hu *.google.cz *.google.ro consentag.eu assets.adobedtm.com demdex.net edge.adobedc.net global.ketchcdn.com cdn.ketchjs.com; media-src 'self' *.youtube.com consentag.eu assets.adobedtm.com demdex.net edge.adobedc.net; frame-src 'self' 'unsafe-inline' *.brightcove.net *.doubleclick.net vars.hotjar.com *.addtoany.com *.facebook.com bid.g.doubleclick.net *.fls.doubleclick.net *.fitchratings.com *.evidon.com *.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.googletagmanager.com *.flashtalking.com *.lpsnmedia.net consentag.eu assets.adobedtm.com demdex.net edge.adobedc.net *.gstatic.com *.google.com.hk *.googlesyndication.com *.google.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' https: data: *.fitchratings.com fonts.gstatic.com *.hotjar.com consentag.eu assets.adobedtm.com demdex.net edge.adobedc.net; connect-src 'self' https: blob: wss: *.funnelenvy.com *.hotjar.com *.mktoresp.com *.bing.com *.ipinfo.io *.google-analytics.com *.bugsnag.com a.clarity.ms *.linkedin.oribi.io *.googletagmanager.com *.fitchratings.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.google.com *.google.co.uk *.twitter.com *.googleapis.com snap.licdn.com *.ctfassets.net *.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.analytics.google.com *.mktorest.com td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.google.co.in *.google.de *.google.co.jp *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg consentag.eu *.adobedtm.com demdex.net *.adobedc.net global.ketchcdn.com cdn.ketchjs.com; report-uri /report-csp-violation 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com webcachex-eu.datareporter.eu *.fontawesome.com https://static.unzer.com https://applepay.cdn-apple.com webfonts.colop.com *.datareporter.eu webcache-eu.datareporter.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.colop.com maps.gstatic.com maps.googleapis.com api.colop-online.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com colop.matomo.cloud data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com unpkg.com *.colop.com *.datareporter.eu api.colop-online.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ colop.matomo.cloud webcache-eu.datareporter.eu cdn.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maps.googleapis.com *.datareporter.eu *.fontawesome.com assets.braintreegateway.com https://src.mastercard.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ webcache-eu.datareporter.eu webcache.datareporter.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.colop.com api.colop-online.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.matomo.cloud colop.matomo.cloud maps.googleapis.com *.colop.com *.datareporter.eu api.colop-online.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://firebasestorage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.jsdelivr.net *.fontawesome.com cdn.ywxi.net www.google.com *.googleapis.com www.googletagmanager.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazonaws.com/mfesecure-public/host/ *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kXI_m2f9N1JdDhG7mWOWpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' data: *.gstatic.com *.qianqian.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.ipg-online.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://*.google.com newassets.hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.fbcdn.net *.google.com *.facebook.com *.cdninstagram.com *.instagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.googleapis.com *.gstatic.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.instagram.com cdn-cookieyes.com *.cookieyes.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.google-analytics.com *.googleadservices.com *.xtento.com  *.adobedtm.com  *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.google.com *.gstatic.com *.qianqian.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com landofcoder.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.gstatic.com *.doubleclick.net *.qianqian.com https://pagead2.googlesyndication.com *.googlesyndicate.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.oney.io *.staging.oney.io fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.adyen.com https://seo.mageplaza.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors wordpress.pgcruises.com 'self'; frame-src bid.g.doubleclick.net https://www.google.com/recaptcha/ *.adyen.com *.hipay-tpp.com *.hipay.com *.paypal.com *.google.com libs.hipay.com media.ponant.com *.youtube.com td.doubleclick.net asset.easydmp.net www.facebook.com *.vimeo.com https://kuula.co wordpress.pgcruises.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com validator.swagger.io *.adyen.com *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io *.ponant.com 'self' data: maps.gstatic.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com *.pgcruises.com https://kuula.co wordpress.pgcruises.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.google.com *.oney.io *.staging.oney.io libs.hipay.com maps.googleapis.com *.gstatic.com connect.facebook.net lib.paymentjs.firstdata.com js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com asset.easydmp.net *.en25.com *.vimeo.com wordpress.pgcruises.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adyen.com *.fontawesome.com *.hipay.com *.googleapis.com fonts.gstatic.com fonts.googleapis.com s.adroll.com wordpress.pgcruises.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.googleapis.com *.ponant.com *.pgcruises.com wordpress.pgcruises.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adyen.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io stage-data.hipay.com bat.bing.com data.ponant.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-B3HpaeMYvId0pw10NLWobQ==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-to csp-endpoint 1
base-uri 'self';connect-src 'self' https://analytics.x-onweb.com https://sentry.x-onweb.com https://cloudflareinsights.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com;default-src 'self';form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;img-src 'self' data: images.x-onweb.com https://analytics.x-onweb.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;font-src 'unsafe-inline' 'self' fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com;media-src 'self' https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;object-src 'none';script-src 'self' 'nonce-PzIU7WaZa7LcHxoa5c9SKUX3aRNFoSiO' https://analytics.x-onweb.com https://static.cloudflareinsights.com;script-src-elem 'self' 'unsafe-inline' https://analytics.x-onweb.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com;child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;report-uri https://sentry.x-onweb.com/api/16/security/?sentry_key=fde8c4b479fa405e8ebe62bcea27a8d8 1
font-src 'unsafe-inline' data: *.klarnacdn.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.klarna.com www.xtento.com challenges.cloudflare.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.google.com *.google.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com https://maps.gstatic.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google-analytics.com *.analytics.google.com *.klarna.com *.klarnacdn.net www.xtento.com cdn.xtento.com challenges.cloudflare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarnaservices.com s7.addthis.com https://maps.googleapis.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com cc-cdn.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net *.klarnaevt.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ https://maps.googleapis.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https: 'nonce-{NONCE}'; style-src 'unsafe-inline' 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://sbauae.faulio.com https://*.kwikmotion.com; font-src 'self' data:; img-src 'self' https://sbauae.faulio.com data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.discountlight.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.discountlight.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.discountlight.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.inpost.pl *.fontawesome.com https://geowidget.easypack24.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com secure.payu.com merch-prod.snd.payu.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.inpost.pl *.addthis.com js.mollie.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com static.payu.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.trackedlink.net *.inpost.pl tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://www.mollie.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ secure.payu.com secure.snd.payu.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.inpost.pl mapa.orlenpaczka.pl s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.mollie.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com webchat.dotdigital.com webchat.staging.dotdigital.com *.inpost.pl https://cdn.jsdelivr.net *.fontawesome.com https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.inpost.pl https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com secure.payu.com merch-prod.snd.payu.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.inpost.pl nominatim.openstreetmap.org ekr.zdassets.com/ https://get.geojs.io *.avada.io *.easypack24.net *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.pelecard.biz *.queue-it.net *.facebook.com *.facebook.net *.vimeo.com vimeo.com *.google.com *.weltpixel.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.allyable.com *.glassix.com *.doubleclick.net *.youtube.com *.paypal.com *.yotpo.com *.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.magentocommerce.com *.entrust.net *.google.com *.google.com.vn *.doubleclick.net *.cloudfront.net *.googleapis.com *.gstatic.com data: *.facebook.com *.facebook.net *.mltp.co.il business.facebook.com *.xtento.com cdn.xtento.com *.allyable.com *.google.co.il *.googleadservices.com *.google-analytics.com https://www.google *.paypal.com *.paypalobjects.com *.ytimg.com *.adscale.com *.outbrain.com *.hotjar.com *.hotjar.io *.web-view.net *.google.com.sg 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.adobedtm.com *.authorize.net *.entrust.net *.trackedweb.net *.gstatic.com www.google.com *.adyen.com *.queue-it.net *.googletagmanager.com *.googleapis.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.signifyd.com *.nowdialogue.com *.xtento.com *.facebook.com *.facebook.net *.nagich.co.il *.rawgit.com https://www.googletagmanager.com tagmanager.google.com business.facebook.com *.cloudflare.com www.xtento.com cdn.xtento.com *.fontawesome.com *.allyable.com *.google-analytics.com *.newrelic.com *.meshulam.co.il *.doubleclick.net *.weezmo.com *.glassix.com https://system.user-a.co.il https://meshulam.co.il *.google.com *.analytics.com *.youtube.com *.paypal.com *.paypalobjects.com *.web-view.net *.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.nowdialogue.com tagmanager.google.com *.bootstrapcdn.com *.fontawesome.com *.adscale.com *.web-view.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.entrust.net *.trackedweb.net *.google-analytics.com *.nowdialogue.com nowdialogue.com *.nagich.co.il *.doubleclick.net *.vimeo.com vimeo.com *.google.com https://www.google-analytics.com *.facebook.com business.facebook.com *.allyable.com *.glassix.com *.analytics.com *.facebook.net *.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com *.plaid.com js.stripe.com *.youtube.com https://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com/ https://tpc.googlesyndication.com https://intercom-sheets.com/ https://calendly.com https://*.calendly.com https://capture.navattic.com https://guideline.navattic.com https://insight.adsrvr.org https://iframe.cloudflarestream.com/ https://customer-x5mykgv2c1zv0440.cloudflarestream.com/ https://match.adsrvr.org; img-src 'self' *.guideline.io https://cms-assets.guideline.com https://imagedelivery.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://alb.reddit.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://tracking-api.g2.com https://cdn.prod.uidapi.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' 'nonce-4942791abfbcbf5c2e4d374f6f564d42' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://*.enkempass.com https://*.central.inc https://*.keka.com https://*.lumberfi.com https://*.workstream.us https://pro.housecallpro.com https://*.tryplayground.com  https://*.7shifts.com https://app.getthera.com  https://dashboard.miter.com https://*.zenoti.com https://*.prod.aioapp.com https://app.gosteelhead.com https://*.encompassfi.com https://*.joinhomebase.com; report-uri https://sentry2.guideline.com/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
default-src 'self'; connect-src 'self' www.facebook.com stats.g.doubleclick.net *.oribi.io www.google-analytics.com csp.withgoogle.com cdn.jsdelivr.net data:; frame-src 'self' 52.186.34.239 www.facebook.com *.aquawater.com *.youtube.com *.google.com www.googletagmanager.com; img-src 'self' www.linkedin.com t.co analytics.twitter.com www.google-analytics.com px.ads.linkedin.com www.facebook.com i.ytimg.com *.google.com www.googleapis.com *.gstatic.com *.aquaamerica.com data:; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' snap.licdn.com connect.facebook.net *.googletagmanager.com code.jquery.com *.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; script-src-elem 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' hello.myfonts.net www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' bluesky.sirv.com *.bing.com *.codeweavers.net *.facebook.com *.google.com *.liveperson.net *.lpsnmedia.net newvehicle.com *.swipetospin.com *.twitter.com *.youtube.com *.loyaltyevent.co.uk sibautomation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.autoconverse.co.uk bluesky.sirv.com *.bing.com *.bootstrapcdn.com cast.cogcast.co.uk *.calltracks.com *.cargurus.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com cdn.datatables.net *.codeweavers.net *.doubleclick.net embedsocial.com *.facebook.net *.fontawesome.com g3-web.s3.eu-west-2.amazonaws.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.gubagoo.io *.hotjar.com *.impel.io *.judgeservice.com *.jquery.com *.jsdelivr.net *.lifeonshow.tv *.liveperson.net *.livevacancies.co.uk *.lpsnmedia.net *.mediahawk.co.uk newvehicle.com newvehicle.info media-player.aos.tv *.phyron.com sibautomation.com superconfig.com *.swipetospin.com *.tachyonplatform.com *.tiktok.com *.trustpilot.com *.twitter.com *.visitor.chat *.youtube.com visitorchat-client.s3.eu-west-2.amazonaws.com widget.scukcalculator.co.uk *.loyaltyevent.co.uk; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; media-src bluesky.sirv.com *.cdn.autosonshow.tv *.cogcms.co.uk *.gubagoo.io *.phyron.com api.reciteme.com player.vimeo.com *.vimeocdn.com blob:; object-src 'none'; frame-src 'self'  *.caranddriving.com plugins.codeweavers.net td.doubleclick.net *.liveperson.net *.lpsnmedia.net *.livevacancies.co.uk embedsocial.com cdn.impel.io/spincar-static/ www.google.com www.googletagmanager.com player.vimeo.com widget.scukcalculator.co.uk *.superconfig.com *.trustpilot.com www.youtube.com; frame-ancestors 'self' https://*.visitor.chat; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.feedbackcompany.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.feedbackcompany.com https://*.tawk.to https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ https://*.tawk.to https://*.doubleclick.net https://www.facebook.com https://assets.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://stellar.givingeurope.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.feedbackcompany.com 'self' data: https://*.sirv.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.tawk.to https://bat.bing.com https://c.bing.com https://cdn.jsdelivr.net https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://googleads.g.doubleclick.net https://tawk.link https://www.google.nl https://www.facebook.com https://i.pinimg.com https://log.pinterest.com https://imgsct.cookiebot.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://ade.googlesyndication.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d2a6mddvzruxpc.cloudfront.net https://stellar.givingeurope.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com https://*.sirv.com https://portal.zakeke.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.convertexperiments.com https://*.googletagmanager.com https://*.hotjar.com https://*.tawk.to https://bat.bing.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://snap.licdn.com https://script.adcalls.nl https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://assets.pinterest.com https://widgets.pinterest.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://s.pinimg.com https://ct.beslist.nl https://cdn.optimizely.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://stellar.givingeurope.com https://components.givingeurope.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.sirv.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.tawk.to https://v.pinimg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net https://*.sirv.com https://api.zakeke.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://api.adcalls.nl https://bat.bing.com https://cdn.linkedin.oribi.io https://fonts.gstatic.com https://www.facebook.com wss://*.hotjar.com wss://*.tawk.to https://consentcdn.cookiebot.com https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://ct.pinterest.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.metrics.convertexperiments.com https://logs.convertexperiments.com https://*.convertexperiments.com https://ct.beslist.nl https://ad.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://stellar.givingeurope.com https://components.givingeurope.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://hyperreal.info https://koks.hyperreal.top; default-src 'none'; font-src 'self'; img-src 'self' https://koks.hyperreal.top https://hyperreal.info; script-src 'self' 'unsafe-inline' https://hyperreal.info; style-src 'self' 'unsafe-inline'; manifest-src 'self' https://hyperreal.info; 1
object-src 'none';base-uri 'self';script-src 'nonce-JezzzT0E4zYgzNmUX8ruwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.klarna.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com *.awin1.com *.zenaps.com *.wepowerconnections.com magefan.com cm.magefan.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://cc-cdn.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cc-cdn.com *.disqus.com https://cdn.jsdelivr.net *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cc-cdn.com js.mollie.com *.stripe.com/* js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cc-cdn.com https://cdn.jsdelivr.net *.klarnacdn.net https://static.klaviyo.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com *.wepowerconnections.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.stripe.com *.hotjar.com *.calendly.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://biocare.webecast.atreemo.uk bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk *.cloudflare.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://tracking.atreemo.com https://bat.bing.com https://www.dwin1.com https://static.hotjar.com https://www.clarity.ms https://cdn.noibu.com https://script.hotjar.com https://services.postcodeanywhere.co.uk https://static.zdassets.com js-agent.newrelic.com bam.nr-data.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.calendly.com *.pcapredict.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.klaviyo.com services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.pcapredict.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://p.clarity.ms https://cdn.noibu.com wss://input.noibu.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://ekr.zdassets.com https://biocare.zendesk.com wss://widget-mediator.zopim.com *.pcapredict.com *.cloudflare.com *.twitter.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com assets-uk1-cloud.deskpro.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com esecure.sia.eu geoissuer.cardinalcommerce.com *.cardinalcommerce.com *.arcot.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.demdex.net *.adyen.com www.google.com *.google.com *.doubleclick.net *.facebook.com js.stripe.com *.hotjar.com *.paypalobjects.com esecure.sia.eu geoissuer.cardinalcommerce.com *.cardinalcommerce.com *.arcot.com *.wdscomponents.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com www.xtento.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com c.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk https://assets-uk1-cloud.deskpro.com via.placeholder.com *.wdscomponents.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com c.clarity.ms assets-uk1-cloud.deskpro.com  attachments-uk1-cloud-deskpro-com.s3.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * assets.adobedtm.com *.magento-ds.com *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.newrelic.com *.nr-data.net *.pcapredict.com *.hotjar.com *.trustpilot.com *.canddi.com *.wdscomponents.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com c.bing.com c.clarity.ms assets-uk1-cloud.deskpro.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com services.postcodeanywhere.co.uk *.typekit.net assets-uk1-cloud.deskpro.com *.wdscomponents.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com https://cdnjs.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net assets-uk1-cloud.deskpro.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com assets-uk1-cloud.deskpro.com *.zdassets.com ws: *.newrelic.com *.nr-data.net *.doubleclick.net *.hotjar.com *.wdscomponents.com wdsmedia.wdscomponents.com wdscomponents.deskpro.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; report-uri https://senhasegura.report-uri.com/r/d/csp/wizard 1
default-src 'self'; script-src 'self' https://www.youtube.com https://caspianstudios71626.activehosted.com https://script.hotjar.com https://s3-us-west-2.amazonaws.com https://hgs.cx https://scripts.clarity.ms https://www.googletagmanager.com https://cdnjs.cloudflare.com https://js.hsforms.net https://cdn.cookielaw.org https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://static.hotjar.com https://js.hs-scripts.com https://trk.techtarget.com https://www.clarity.ms https://js.hs-analytics.net https://js.hubspot.com https://js.hs-banner.com https://js.hsadspixel.net https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://vjs.zencdn.net https://js.zi-scripts.com https://ws-assets.zoominfo.com https://tags.clickagy.com https://js.adsrvr.org 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://hgs.cx https://fonts.bunny.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://vjs.zencdn.net https://cdnjs.cloudflare.com 'unsafe-inline'; img-src 'self' https://hgs.cx https://no-cache.hubspot.com https://pixel-sync.sitescout.com https://cm.g.doubleclick.net https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://d.agkn.com https://dpm.demdex.net https://us-u.openx.net https://idsync.rlcdn.com https://aa.agkn.com https://aorta.clickagy.com https://c.bing.com https://track.hubspot.com https://c.clarity.ms https://www.googletagmanager.com https://secure.gravatar.com https://px.ads.linkedin.com https://www.google.com https://www.facebook.com https://forms-na1.hsforms.com https://cdn.cookielaw.org https://bat.bing.com https://cdnjs.cloudflare.com https://perf-na1.hsforms.com data: blob:; font-src 'self' https://hgs.cx https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com data:; connect-src 'self' https://hgs.cx https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://insight.adsrvr.org https://hemsync.clickagy.com https://aorta.clickagy.com https://ws.zoominfo.com https://js.zi-scripts.com https://analytics.google.com https://v.clarity.ms https://*.hubspot.com https://*.hubapi.com https://content.hotjar.io wss://ws.hotjar.com https://px.ads.linkedin.com https://ibc-flow.techtarget.com https://www.google.com https://forms.hsforms.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.facebook.com https://metrics.hotjar.io; frame-src 'self' https://hgs.cx https://40058686.hs-sites.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org; media-src 'self' https://hgs.cx https://www.youtube.com https://player.vimeo.com https://40058686.hs-sites.com https://insight.adsrvr.org https://match.adsrvr.org; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com https://*.hubspot.com https://*.hubapi.com; 1
object-src 'none';base-uri 'self';script-src 'nonce--tjj67Ykidw1GPlSgDsMuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kAj61971ay_6iNdox15ENQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.fontawesome.com use.typekit.net www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com *.azureedge.net fonts.googleapis.com connect.summitna.com app.powerbi.com *.goo.gl tigunia.zoom.us *.clarity.ms *.convertexperiments.com *.doubleclick.net geoip-js.com *.typekit.net *.google.com *.google.ca *.dynamics.com *.ytimg.com geolocation-db.com geoip-js.com 1
object-src 'none';base-uri 'self';script-src 'nonce-9ecgXSKIj1GHsPpfHhfxPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; child-src 'self' https://www.google.com https://consentcdn.cookiebot.com; connect-src 'self' https://maps.googleapis.com https://consentcdn.cookiebot.com https://region1.google-analytics.com; font-src 'self' data: blob: ; form-action 'self'; frame-ancestors 'self'; frame-src https://www.google.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com; img-src 'self' data: https://maps.googleapis.com https://s3.eu-west-1.amazonaws.com https://log.pinterest.com https://imgsct.cookiebot.com https://www.googletagmanager.com; media-src 'self'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://assets.pinterest.com https://www.gstatic.com https://consent.cookiebot.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://js.createsend1.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self'; report-uri https://csp.tools.acato.nl/api/v1/report 1
font-src fonts.gstatic.com use.typekit.net https://*.klevu.com https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.braintreegateway.com https://*.kaptcha.com https://*.paypal.com https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://*.klevu.com https://*.paypal.com https://*.gumlet.io https://*.onetrust.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.cloudfront.net https://*.klevu.com https://*.google-analytics.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.onetrust.com https://*.newrelic.com https://*.nr-data.net https://*.trackedweb.net https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://secure.leadforensics.com https://*.googleapis.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.cloudfront.net https://*.klevu.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.freshdesk.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.braintreegateway.com https://*.braintree-api.com https://*.onetrust.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.sirv.com *.boldr.dev *.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: v2.zopim.com static.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com https://www.googletagmanager.com/ platform.twitter.com www.xtento.com www.google.com/recaptcha/ www.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ pinterest.com assets.pinterest.com syndication.twitter.com *.sirv.com *.youtube.com www.xtento.com cdn.xtento.com stats.g.doubleclick.net www.google.com/ads/ga-audiences www.google.co.uk/ads/ga-audiences cdn.sensorydirect.com https://s.ytimg.com *.feefo.com *.vzaar.com log.pinterest.com v2.zopim.com bat.bing.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io twitter.com platform.twitter.com *.sirv.com player.vimeo.com *.klaviyo.com js.datadome.co www.xtento.com cdn.xtento.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.usersnap.com *.clerk.io *.feefo.com chimpstatic.com v2.zopim.com static.zdassets.com assets.pinterest.com bat.bing.com/ *.getsitecontrol.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cc-cdn.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sirv.com *.klaviyo.com *.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.sirv.com vimeo.com *.youtube.com blob: *.klaviyo.com api-js.datadome.co *.google-analytics.com stats.g.doubleclick.net *.feefo.com widget-mediator.zopim.com ekr.zdassets.com wss://widget-mediator.zopim.com *.getsitecontrol.com *.getsitecontrol.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com mc.yandex.ru smartcaptcha.yandexcloud.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.drivebike.ru chat.drivebike.ru api-maps.yandex.ru yastatic.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://core-renderer-tiles.maps.yandex.net https://log.api-maps.yandex.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js core-renderer-tiles.maps.yandex.net cdn.jsdelivr.net stats.drivebike.ru chat.drivebike.ru api-maps.yandex.ru yastatic.net smartcaptcha.yandexcloud.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://api-maps.yandex.ru https://yastatic.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com mc.yandex.ru stats.drivebike.ru smartcaptcha.yandexcloud.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://yandex.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://log.api-maps.yandex.ru places.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src stats.drivebike.ru mc.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-JW9_yiR1xQbdXL6fvVn9Qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-n_83CLzE_cTwhml1BazNdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9z6oY-u7uDLv45TcasTzgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ 'self' https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicstream.s3.amazonaws.com/SITCANCER/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' https://eraluvat.fi https://www.eraluvat.fi https://*.eraluvat.fi; script-src 'nonce-TosQ1LEBReE/IY1Tf/+/y3jiKj7gi8EN' 'unsafe-eval' 'strict-dynamic' https: http: 'self' blob: https://*.askem.com https://*.cookiebot.com https://*.snoobi.eu; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; img-src 'self' data: blob: https://*.amazonaws.com https://era-static-public-content-production.s3.eu-central-1.amazonaws.com https://*.paytrail.com https://*.cookiebot.com https://*.google.com https://*.gstatic.com https://*.ytimg.com https://riista.fi; font-src 'self' data: https://*.gstatic.com; frame-src 'self' blob: https://*.youtube.com https://*.retkikartta.fi https://retkikartta.fi https://*.cookiebot.com https://*.powerappsportals.com https://*.cloudflare.com https://*.powerbi.com; connect-src https://*.eraluvat.fi https://eraluvat.fi https://www.eraluvat.fi https://*.production.elegantelmbranch.com 'self' https://*.sentry.io https://*.askem.com https://*.nsvcs.net https://*.cookiebot.com https://*.googleapis.com https://*.suomi.fi https://suomi.fi https://*.paytrail.com https://era-static-public-content-production.s3.eu-central-1.amazonaws.com https://*.luontoon.fi https://www.luontoon.fi; object-src 'none'; base-uri 'self'; form-action 'self' https://*.eraluvat.fi https://*.nordea.fi https://*.danskebank.fi https://*.paytrail.com https://*.paymenthighway.io https://v1.api.paymenthighway.io https://*.suomi.fi https://suomi.fi https://*.mobilepay.fi https://*.vipps.no mobilepay: mobilepayfi: vipps: intent:; manifest-src 'self' https://eraluvat.fi https://www.eraluvat.fi https://*.eraluvat.fi; media-src 'self' data: https://*.gstatic.com; report-uri https://o4508380741828608.ingest.de.sentry.io/api/4508381875798096/security/?sentry_key=36be02ca7164eaa9aabe5db910c6c7e1&sentry_environment=production 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://images.unsplash.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net magefan.com cm.magefan.com flagpedia.net https://www.mollie.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com tagmanager.google.com https://maps.googleapis.com *.gstatic.com maps.googleapis.com js.mollie.com https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src tagmanager.google.com fonts.google.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com www.gstatic.com maps.googleapis.com *.pay.nl https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://localhost/paynl/csp/report; report-to report-endpoint; 1
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu https://browser.sentry-cdn.com 'self' 'unsafe-inline' cdn.gtranslate.net translate.google.com translate.googleapis.com translate-pa.googleapis.com; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu 'self' 'unsafe-inline' www.gstatic.com; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com webcachex-eu.datareporter.eu *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com *.instagram.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://images.unsplash.com *.cdninstagram.com magefan.com cm.magefan.com *.disqus.com test.saferpay.com www.saferpay.com saferpay.com translate.google.com translate.googleapis.com cdn.gtranslate.net www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.klarna.com *.klarnacdn.net x.klarnacdn.net https://maps.googleapis.com *.instagram.com *.datareporter.eu https://api.usersnap.com https://cdn.usersnap.com *.disqus.com *.klarnaservices.com https://cdn.jsdelivr.net test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.datareporter.eu *.klarnacdn.net https://cdn.jsdelivr.net assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net https://maps.googleapis.com https://player.vimeo.com *.datareporter.eu *.klarnaservices.com *.klarna.com test.saferpay.com www.saferpay.com saferpay.com translate.googleapis.com translate-pa.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com  *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://2b973568-2ef7-4890-8ff8-fe126999d884.sansec.watch/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local 'self' data: *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.google.com *.youtube.com *.twitter.com *.facebook.com *.hotjar.com *.ladesk.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com data: *.facebook.com *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.cz *.google.sk *.gstatic.com *.googlesyndication.com *.googleapis.com *.twitter.com *.twimg.com *.facebook.net *.ytimg.com *.imedia.cz *.heureka.cz *.heureka.sk *.doubleclick.net im9.cz www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net maps.googleapis.com *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.twitter.com *.twimg.com *.facebook.com *.fontawesome.com *.hotjar.com *.doubleclick.net *.imedia.cz *.sentry.io *.sentry-cdn.com *.cookiehub.com cookiehub.net *.cookiehub.eu *.ladesk.com *.biano.sk bianopixel.com *.im9.cz im9.cz *.dognet.sk *.addthis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.cookiehub.com cookiehub.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.sentry.io *.google-analytics.com *.byvajsnami.cz *.byvajsnami.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.sk adservice.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.twitter.com *.twimg.com *.biano.sk *.bianopixel.com *.bianopixel.sk *.cookiehub.net *.cookiehub.eut *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.byvajsnami.sk *.byvajsnami.cz *.vegadesign.cz *.vegadesign.local 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.tawk.to *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.tawk.to *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.tawk.to *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.tawk.to cdn.jsdelivr.net *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://browser.sentry-cdn.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.oppwa.com oppwa.com *.peachpayments.com *.tawk.to cdn.jsdelivr.net *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com oppwa.com *.oppwa.com *.peachpayments.com cdn.jsdelivr.net *.cloudflare.com *.googleapis.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com oppwa.com *.oppwa.com *.peachpayments.com *.tawk.to wss://*.tawk.to *.testfreaks.com *.ksearchnet.com *.klevu.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com *.yotpo.com *.klarnacdn.net www.ekstralys.no data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.svea.com https://*.vipps.no https://*.trustly.com www.ekstralys.no 'self' 'unsafe-inline'; frame-ancestors www.ekstralys.no 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com www.xtento.com https://*.svea.com www.ekstralys.no 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.cloudfront.net www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com ts.tradetracker.net www.magmodules.eu www.ekstralys.no data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.criteo.net *.criteo.com *.facebook.net *.google-analytics.com *.amazon.co.uk *.amazon.com *.payments-amazon.com cookie-script.com s.kk-resources.com *.livechatinc.com bat.bing.com js.adsrvr.org sc-static.net *.hotjar.com *.snapchat.com *.sleeknote.com https://*.dibspayment.eu www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.svea.com *.klarnaservices.com tm.tradetracker.net www.ekstralys.no 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com https://static.klaviyo.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com www.ekstralys.no 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.ekstralys.no 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.klarnaevt.com *.amazon.co.uk *.amazon.com *.payments-amazon.com *.doubleclick.net *.google-analytics.com *.snapchat.com *.criteo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnacdn.net *.klarna.com *.klarnaservices.com www.ekstralys.no 'self' 'unsafe-inline'; child-src www.ekstralys.no http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.ekstralys.no 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-nAp2OYEcGq3I6v2xpAJZYEr85' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';  script-src   'self'   https://ajax.googleapis.com   https://static.cloudflareinsights.com   https://www.google-analytics.com   https://s7.addthis.com   https://img.reliablegun.com   'unsafe-inline' 'unsafe-eval' 'report-sample';  script-src-elem   'self'   https://ajax.googleapis.com   https://static.cloudflareinsights.com   https://www.google-analytics.com   https://s7.addthis.com   https://img.reliablegun.com   'unsafe-inline';  script-src-attr 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://img.reliablegun.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://img.reliablegun.com;  img-src 'self' data: https://img.reliablegun.com https://www.google-analytics.com;  font-src 'self' https://fonts.gstatic.com data:;  connect-src 'self' https://www.google-analytics.com https://static.cloudflareinsights.com;  frame-src 'self' https://gateway.moneris.com;  upgrade-insecure-requests; report-to csp; report-uri https://reports.reliablegun.com/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-eRhJl1EqHo9r2qdDn51dFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com https://analytics.ahrefs.com/ *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com *.doubleclick.net *.klarna.com *.sugarfreeshops.com *.grxchange.gr *.skroutz.gr skroutz.gr *.criteo.com criteo.com *.criteo.net criteo.net *.cookiebot.com cookiebot.com *.boxnow.gr boxnow.gr https://analytics.ahrefs.com/ *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.sugarfreeshops.com *.trustmark.gr trustmark.gr *.contactpigeon.com contactpigeon.com *.dmxleo.com dmxleo.com *.bidswitch.net bidswitch.net *.adnxs.com adnxs.com *.smartadserver.com smartadserver.com *.taboola.com taboola.com *.sharethrough.com sharethrough.com *.omnitagjs.com omnitagjs.com *.casalemedia.com casalemedia.com *.criteo.com criteo.com *.1rx.io 1rx.io *.id5-sync.com id5-sync.com *.360yield.com 360yield.com *.unrulymedia.com unrulymedia.com *.cookiebot.com cookiebot.com google.gr *.google.gr https://analytics.ahrefs.com/ *.adman.gr *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io 'unsafe-inline' data: *.sugarfreeshops.com *.weezmo.com *.skroutz.gr *.linkwi.se *.addsauce.com snapppt.com *.adman.gr *.trustmark.gr trustmark.gr *.criteo.com criteo.com *.criteo.net criteo.net skroutz.gr *.contactpigeon.com contactpigeon.com *.cookiebot.com cookiebot.com tiktok.com *.tiktok.com eyefitu.com *.eyefitu.com azure.com *.azure.com https://analytics.ahrefs.com/ *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com *.contactpigeon.com contactpigeon.com https://analytics.ahrefs.com/ *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.sugarfreeshops.com https://analytics.ahrefs.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.google.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.sugarfreeshops.com *.adman.gr *.contactpigeon.com contactpigeon.com *.criteo.com criteo.com *.skroutz.gr skroutz.gr tiktok.com *.tiktok.com *.cookiebot.com cookiebot.com eyefitu.com *.eyefitu.com azure.com *.azure.com visualstudio.com *.visualstudio.com https://analytics.ahrefs.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com contactpigeon.com https://analytics.ahrefs.com/ 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.co.za/api/csp-report; report-to csp-endpoint 1
worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com *.kxcdn.com static.klaviyo.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.googlesyndication.com *.facebook.com *.facebook.net 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.doubleclick.net www.facebook.com *.googlesyndication.com facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com www.google.com *.facebook.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.cdninstagram.com *.fbcdn.net *.google.co.th https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.facebook.com https://firebasestorage.googleapis.com https://www.magezon.com https://meetanshi.com/media/logo.png connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.googleapis.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com 'unsafe-eval' apis.google.com www.google.com www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.facebook.com *.avada.io *.shopify.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.google.com *.kxcdn.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.twitter.com *.zopim.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.intercomcdn.com fast.wistia.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.ubteam.com *.ubteam.co.uk *.twitter.com *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.b2clogin.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.networkmerchants.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.wistia.com *.wistia.net *.mercadolibre.com *.google.mu *.twitter.com *.vimeo.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.brightcove.net *.authorize.net *.kaptcha.com *.flipsnack.com *.ceros.com www.xtento.com landofcoder.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.networkmerchants.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.co.uk *.paypalobjects.com *.opayo.co.uk 'self' data: *.wistia.com *.wistia.net *.mercadopago.com *.mercadolibre.com *.magentocommerce.com *.ytimg.com www.xtento.com *.authorize.net *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.twitter.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.doubleclick.net *.zopim.com https://ryanscomputers.com https://www.ryanscomputers.com *.lenovo.com *.asus.com *.samsung.com *.raxcdn.com *.wikichip.org *.scan.co.uk *.broadcastbruce.com *.akamaihd.net *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr 'self' blob: *.news18.com *.google.mu *.google.co.nz *.google.co.uk *.google.com.ua *.google.com.ph *.klarna.com *.amazonaws.com *.rackcdn.com/ *.google.com.vn/ *.intercomcdn.com *.mcusercontent.com *.intercomassets.com *.linkedin.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.networkmerchants.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.avada.io *.wistia.com *.wistia.net *.google.mu *.mlstatic.com *.sagepay.co.uk www.google.com/recaptcha/api.js js-agent.newrelic.com https://bam.nr-data.net fonts.gstatic.com *.authorize.net *.cardinalcommerce.com *.ccdc02.com *.paypalobjects.com *.ytimg.com *.signifyd.com *.xtento.com *.getfirebug.com *.google-analytics.com *.braintreegateway.com *.zdassets.com *.zopim.com *.akamaihd.net *.googleadservices.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.cloudflareinsights.com *.googletagmanager.com *.embed.typeform.com *.intercom.io *.intercomcdn.com *.ceros.com *.cdnjs.cloudflare.com *.hotjar.com *.licdn.com munchkin.marketo.net *.chatwoot.com *.respond.io connect.facebook.net browser.sentry-cdn.com www.xtento.com cdn.xtento.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.networkmerchants.com assets.braintreegateway.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.getfirebug.com *.google.mu *.mercadopago.com *.zdassets.com *.omtrdc.net *.zopim.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.wistia.com *.wistia.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.networkmerchants.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com https://get.geojs.io *.avada.io *.mercadopago.com *.twitter.com *.doubleclick.net *.zdassets.com 'unsafe-inline' wss: *.google-analytics.com *.akamaihd.net *.wistia.com *.wistia.net *.litix.io *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.zendesk.com *.intercom.io *.cdnjs.cloudflare.com *.mktoresp.com *.hotjar.com *.hotjar.io *.linkedin.com *.chatwoot.com *.respond.io landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: * http: https: blob: 'self' 'unsafe-inline'; default-src blob: * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://images.unsplash.com *.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com apis.google.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';     script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://translate.google.com https://translate.googleapis.com https://unpkg.com;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com;     img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://google.com https://translate.google.com;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net;     frame-src 'self' https://www.facebook.com https://web.facebook.com https://translate.google.com;     font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.groupe.schmidt https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://axeptio.imgix.net https://*.axept.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axept.io https://*.googletagmanager.com https://*.googleapis.com https://cdnjs.cloudflare.com blob: *.google.com https://*.gstatic.com; font-src 'self' 'unsafe-eval' data: https://fonts.gstatic.com; connect-src 'self' https://*.axept.io https://*.axeptio.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' *.google.com data: https://*.youtube.com https://*.youtube-nocookie.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net www.meisterbarf.de media.meisterbarf.de t.meisterbarf.de https://cdnjs.cloudflare.com https://widgets.trustedshops.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.consentmanager.net https://delivery.consentmanager.net *.consentmanager.net a.meisterbarf.de t.meisterbarf.de www.meisterbarf.de media.meisterbarf.de *.googletagmanager.com widget.rational-ai.cloud js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://firebasestorage.googleapis.com *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.facebook.com *.consentmanager.net it-recht-kanzlei.de www.it-recht-kanzlei.de bing.com bat.bing.com bat.bing.net integrations.etrusted.com attachments.etrusted.com a.meisterbarf.de t.meisterbarf.de www.meisterbarf.de media.meisterbarf.de js.stripe.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsd-widget.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.avada.io *.facebook.com connect.facebook.net *.consentmanager.net *.clarity.ms bing.com bat.bing.com www.meisterbarf.de media.meisterbarf.de a.meisterbarf.de 'unsafe-inline' t.meisterbarf.de *.googletagmanager.com tagmanager.google.com widget.rational-ai.cloud https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net integrations.etrusted.com *.googletagmanager.com tagmanager.google.com fonts.gstatic.com t.meisterbarf.de https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com fonts.google.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net www.meisterbarf.de media.meisterbarf.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net autocomplete2.postdirekt.de https://get.geojs.io *.avada.io bat.bing.net bat.bing.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.de pagead2.googlesyndication.com *.consentmanager.net *.clarity.ms a.meisterbarf.de t.meisterbarf.de www.meisterbarf.de media.meisterbarf.de places.googleapis.com js.stripe.com widget.rational-ai.cloud api.rational-ai.cloud *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.meisterbarf.de; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-If_QNOkJ4LZH5kXP72NA3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none';block-all-mixed-content;default-src 'none';script-src 'none';style-src 'none';object-src 'none';frame-src 'none';child-src 'none';img-src 'none';font-src 'none';connect-src 'none';manifest-src 'none';base-uri 'none';form-action 'none';media-src 'none';prefetch-src 'none';worker-src 'none';report-uri https://sentec.report-uri.com/r/d/csp/reportOnly; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.fontawesome.com https://applepay.cdn-apple.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.monetico-services.com consentcdn.cookiebot.com consentcdn.cookiebot.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org magefan.com cm.magefan.com imgsct.cookiebot.com imgsct.cookiebot.eu *.disqus.com *.hsforms.net *.hsforms.com *.google.fr *.google.com https://bat.bing.com https://img.youtube.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu *.disqus.com *.hsforms.net *.hsforms.com widget.azu.levia.ai *.cookiebot.com cdn.almapay.com static.zdassets.com *.zendesk.com *.zopim.com googleads.g.doubleclick.net bat.bing.com *.googletagmanager.com *.facebook.net www.termsfeed.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com api.fontshare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com *.monetico-services.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu t.elasticsuite.io *.hsforms.net *.hsforms.com https://itjustgood.zendesk.com wss://widget-mediator.zopim.com https://ekr.zdassets.com https://bat.bing.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors *.bebemundo.com.do *.jugueton.com.do *.zdassets.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com https://applepay.cdn-apple.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.facebook.com/tr/ *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.google.com.pa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com https://googleads.g.doubleclick.net www.google.com.ar www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com https://connect.facebook.net https://notifications-icommkt.website *.google.com.do/ads/ga-audiences *.simpleanalyticscdn.com *.googlesyndication.com *.doubleclick.net *.mcprod.supermercadosnacional.com *.googletagmanager.com *.googleapis.com *.google.com.do *.zdassets.com/ekr/snippet.js *.google.com.ar/pagead/1p-conversion *.baidu.com *.cloudfront.net *.adtrafficquality.google data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://applepay.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net *.klaviyo.com *.xtento.com *.tiktok.com *.pangle-ads.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://www.google.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://www.gstatic.com/recaptcha/releases/tFhBvPrftr7Y91fo1S1ASkA6/recaptcha__es.js https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js https://static.zdassets.com ekr.zdassets.com https://maps.googleapis.com *.googlesyndication.com *.cloudflareinsights.com *.cloudfront.net *.woopra.com *.simpleanalyticscdn.com *.icommarketing.com *.singular.net *.adtrafficquality.google *.gbqofs.com *.icommkt.online xandar-lsw-v3.instaleap.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.zdassets.com *.youtube.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.comapi.com bam.nr-data.net https://apple.com https://applepay.cdn-apple.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net *.klaviyo.com *.xtento.com *.tiktok.com *.pangle-ads.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.hotjar.com https://script.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://static.zdassets.com ekr.zdassets.com jugueton.zendesk.com bebemundord.zendesk.com casacuesta.zendesk.com *.googletagmanager.com *.google.com.ar *.doubleclick.net *.icommkt.com wss://widget-mediator.zopim.com *.simpleanalyticscdn.com *.woopra.com *.googlesyndication.com *.icommkt.com/push-register/get-webhook-data *.gstatic.com *.googleapis.com *.zopim.com *.com.do/ads/ga-audiences *.singular.net *.gbqofs.io *.adtrafficquality.google xandar-lsw-v3.instaleap.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.stape.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com pay.google.com apm.przelewy24.pl *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com static.przelewy24.pl www.gstatic.com gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://img.youtube.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.stape.io *.gstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://maps.googleapis.com https://player.vimeo.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src  data: *.gstatic.com 'self' *.abtasty.com *.mews.li *.mews.com;  img-src 'self' *.smartadserver.com *.loopme.me *.dotomi.com conversio.s3.eu-west-2.amazonaws.com lpcdn.lpsnmedia.net *.googlesyndication.com sync.targeting.unrulymedia.com ups.analytics.yahoo.com us-east.ads.audio.thisisdax.com ads.stickyadstv.com match.sharethrough.com sync.1rx.io ps.eyeota.net contextual.media.net bh.contextweb.com *.pubmatic.com *.smaato.net *.linkedin.com *.teads.tv *.googleapis.com *.gstatic.com *.mews.li *.mews.com *.bing.com *.duettoresearch.com *.onetrust.com cx.atdmt.com data: *.doubleclick.net *.googleusercontent.com *.quantserve.com *.lockeliving.com *.windows.net *.facebook.com *.google-analytics.com www.google.co.uk www.google.com *.google.nl www.googletagmanager.com www.gstatic.com www.google.ie *.googleapis.com *.ggpht.com; script-src data: blob: 'wasm-unsafe-eval' 'self' 'unsafe-eval' 'unsafe-inline' web-sdk-eu.aptrinsic.com login-ds.dotomi.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/vue@2 https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.attribution.iife.js https://unpkg.com/web-vitals@3/dist/web-vitals.attribution.iife.js *.googlesyndication.com js.appboycdn.com snap.licdn.com *.treasuredata.com analytics.tiktok.com eu01.in.treasuredata.com p.relay-t.io js.zi-scripts.com ws.zoominfo.com tags.clickagy.com *.mews.com https://pay.datatrans.com/upp/payment/js/secure-fields-1.0.0.js https://www.recaptcha.net https://recaptcha.google.com/recaptcha cdn-ukwest.onetrust.com *.abtasty.com *.onetrust.com *.rollbar.com *.mczbf.com *.msecnd.net cdn.jsdelivr.net/npm/flatpickr *.googleoptimize.com *.teads.tv *.lpsnmedia.net *.triptease.io *.liveperson.net *.googleapis.com *.mews.li *.mews.com *.bing.com *.duettoresearch.com *.onetrust.com *.facebook.net *.doubleclick.net *.quantcount.com *.quantserve.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com fareharbor.com *.lockeliving.com *.instagram.com *.datatrans.com; style-src *.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' *.lockeliving.com *.mews.com web-sdk-eu.aptrinsic.com; connect-src https://google.com aorta.clickagy.com *.zoominfo.com *.liveperson.net wss://va.msg.liveperson.net js.zi-scripts.com *.ingest.sentry.io log-api.eu.newrelic.com *.aptrinsic.com *.launchdarkly.com *.googlesyndication.com hemsync.clickagy.com *.treasuredata.com *.googleapis.com *.braze.eu *.rollbar.com *.abtasty.com *.tiktok.com *.linkedin.com *.relay-t.io *.google.com *.sjwoe.com *.mczbf.com *.teads.tv *.triptease.io *.onetrust.com 'self' *.mews.li *.mews.com bat.bing.com *.duettoresearch.com *.visualstudio.com *.doubleclick.net *.facebook.com *.google-analytics.com *.instagram.com;  frame-src hemsync.clickagy.com *.teads.tv *.triptease.io *.lpsnmedia.net *.liveperson.net *.google.com *.recaptcha.net *.doubleclick.net *.facebook.com *.googletagmanager.com 'self' fareharbor.com gifer.com pay.datatrans.com *.onetrust.com *.instagram.com *.youtube.com *.clickdimensions.com *.lockeliving.com *.findingedyn.com;  media-src *.vimeo.com *.akamaized.net *.lpsnmedia.net; worker-src blob:; child-src blob; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.google.com *.mews.li *.mews.com *.onetrust.com;  report-uri https://lockeliving.report-uri.com/r/d/csp/wizard 1
default-src   'self' 'unsafe-inline';  img-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.karte.io *.revico.jp *.shoplive.cloud *.visumo.io *.visumo.jp ajax.googleapis.com analytics.twitter.com b98.yahoo.co.jp b99.yahoo.co.jp connect.facebook.net d2vfodruoehyag.cloudfront.net  forte-staging.s3.ap-northeast-1.amazonaws.com googleads.g.doubleclick.net i.ytimg.com images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com maihada.jp maison.kose.co.jp players.brightcove.net px.a8.net s3-ap-northeast-1.amazonaws.com sdk.hellouniweb.com seal.globalsign.com sekkisei.jp static-fe.payments-amazon.com static-na.payments-amazon.com stats.g.doubleclick.net t.co tr.line.me visumojp-www.s3-ap-northeast-1.amazonaws.com www.decorte.com www.facebook.com www.google.ca www.google.ch www.google.co.id www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.google.com.hk www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.fr www.google.ie www.google.pl www.google.se www.googleadservices.com www.googletagmanager.com www.jillstuart-floranotisjillstuart.com data:;  font-src   'self' 'unsafe-inline' *.karte.io *.revico.jp *.shoplive.cloud assets.payments-amazon.com at.alicdn.com cdn.jsdelivr.net cdn.yiban.io fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net s3-ap-northeast-1.amazonaws.com webfont.fontplus.jp data:;  connect-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.karte.io *.line.me *.revico.jp *.shoplive.cloud *.visumo.io *.visumo.jp analytics.google.com analytics.twitter.com apac.account.amazon.com api.amazon.co.jp api.amazon.com apm.yahoo.co.jp bs.nakanohito.jp dc.services.visualstudio.com dm.slim02.jp dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com edge.api.brightcove.com googleads.g.doubleclick.net hacobuneprodmedia.blob.core.windows.net liffsdk.line-scdn.net lightning-recommend.io movie-asset.codemarketing.cloud mws.amazonservices.com mws.amazonservices.jp o4506773005533184.ingest.sentry.io payments-fe.amazon.com payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net region1.analytics.google.com sdk.hellouniweb.com stats.g.doubleclick.net stats.ptengine.jp svc-prod-us.liveshopping.bambuser.com t.co webfont.fontplus.jp www.facebook.com www.google.ca www.google.ch www.google.co.id www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.google.com.hk www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.fr www.google.ie www.google.pl www.google.se www.google-analytics.com www.googleadservices.com www.googletagmanager.com blob:;  frame-src   'self' *.revico.jp *.shoplive.cloud api.kaiu-marketing.com lcx-player.bambuser.com payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net recaptcha.google.com static-fe.payments-amazon.com static-na.payments-amazon.com webfont.fontplus.jp www.facebook.com www.google.com www.googletagmanager.com www.youtube.com;  media-src   'self' *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.media.brightcove.com *.visumo.io *.visumo.jp movie-asset.codemarketing.cloud blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.ebis.ne.jp *.karte.io *.mul-pay.jp *.revico.jp *.shoplive.cloud *.visumo.io *.visumo.jp addiction.contents.liveact-vault.com adebisns.addiction-beauty.com ajax.googleapis.com api.kaiu-marketing.com assets.payments-amazon.com b98.yahoo.co.jp b99.yahoo.co.jp cdn.credit.gmo-ab.com cdn.jsdelivr.net cdn.liveshopping.bambuser.com cdnjs.cloudflare.com cms.handsup.shop connect.facebook.net cs.nakanohito.jp d.line-scdn.net fraud-buster.appspot.com googleads.g.doubleclick.net infird.com js.ptengine.jp lcx-embed.bambuser.com lightning-recommend.io platform.twitter.com players.brightcove.net rec.ebis.ne.jp s.yimg.jp s3-ap-northeast-1.amazonaws.com sdk.hellouniweb.com seal.globalsign.com ssif1.globalsign.com static.ads-twitter.com static.line-scdn.net static-fe.payments-amazon.com static-na.payments-amazon.com statics.a8.net taj1.ebis.ne.jp vjs.zencdn.net webfont.fontplus.jp www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.youtube.com blob:;  style-src   'self' 'unsafe-inline' *.revico.jp *.shoplive.cloud *.visumo.jp addiction.contents.liveact-vault.com ajax.googleapis.com api.kaiu-marketing.com assets.payments-amazon.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net s3-ap-northeast-1.amazonaws.com vjs.zencdn.net;  worker-src   'self' blob:;  report-to   csp-endpoint; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: wss: https://api.stripe.com https://maps.googleapis.com; frame-ancestors 'self' https:; frame-src 'self' https://www.google.com https://www.googletagmanager.com/ https://checkout.stripe.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.kingston.com https://www.eetgroup.com/ https://eetgroup.com/; report-uri https://www.misco.co.uk/csp-report; report-to csp 1
default-src 'self' www.ysoft.com player.vimeo.com www.googletagmanager.com www.youtube.com; script-src 'self' 'unsafe-inline' googletagmanager.com www.googletagmanager.com js-eu1.hs-scripts.com js-eu1.hsforms.net *.hsforms.net *.hubspotusercontent.com *.hubspot.com player.vimeo.com cdn.jsdelivr.net cdnjs.cloudflare.com assets.juicer.io static.hotjar.com *.hotjar.com *.storylane.com *.storylane.io unpkg.com npmcdn.com www.google-analytics.com 25268869.hs-sites-eu1.com www.ysoft.com snap.licdn.com platform.linkedin.com platform.twitter.com www.clarity.ms bat.bing.com connect.facebook.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.usemessages.com scripts.clarity.ms f.vimeocdn.com 7052064.fs1.hubspotusercontent-na1.net www.youtube.com static.doubleclick.net www.gstatic.com www.google.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com embed.typeform.com maps.googleapis.com; style-src 'self' 'unsafe-inline' assets.juicer.io *.hubspotusercontent.com *.hubspot.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com 25268869.hs-sites-eu1.com www.ysoft.com fonts.googleapis.com f.vimeocdn.com 7052064.fs1.hubspotusercontent-na1.net www.youtube.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net static.hsappstatic.net embed.typeform.com; img-src 'self' data: https: *.hubspotusercontent.com *.hubspot.com hubspot-no-cache-eu1-prod.s3.amazonaws.com 25268869.hs-sites-eu1.com www.ysoft.com js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net; font-src 'self' *.hubspotusercontent.com *.hubspot.com 25268869.hs-sites-eu1.com www.ysoft.com 25268869.fs1.hubspotusercontent-eu1.net fonts.gstatic.com static.juicer.io static.hsappstatic.net; frame-src 'self' *.hubspot.com *.hubspotusercontent.com player.vimeo.com *.storylane.com *.storylane.io www.googletagmanager.com www.youtube.com www.youtube-nocookie.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com *.hsforms.net *.hsforms.com form.typeform.com embed.typeform.com platform.twitter.com syndication.twitter.com; connect-src 'self' *.hubspot.com *.hubspotusercontent.com googletagmanager.com www.googletagmanager.com www.google-analytics.com *.hotjar.com 25268869.hs-sites-eu1.com www.ysoft.com px.ads.linkedin.com snap.licdn.com js-eu1.hs-banner.com v.clarity.ms region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net jnn-pa.googleapis.com www.juicer.io *.hubapi.com js.hscta.net js-eu1.hscta.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsforms.net www.googleadservices.com www.google.com *.google.com www.google.fi bat.bing.com bat.bing.net api.typeform.com form.typeform.com embed.typeform.com tracking.typeform.com api.storylane.io maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-nZXU6BghSaBSYOmMZJyAQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://interfaces.zapier.com https://*.zapier.app https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.trackedlink.net *.ddlnk.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://interfaces.zapier.com https://dapi.videoly.co https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.eckeroline.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src ap.thepayapays.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com blob: maps.googleapis.com maps.gstatic.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://files.newsletter2go.com https://*.francke-halle.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://global.frcapi.com/ https://*.googletagmanager.com https://*.youtube-nocookie.com https://*.francke-halle.de player.vimeo.com; script-src-elem 'self' 'nonce-TbYmYj_zu2RqXWiBEfcQLPz32zTStIFqDxnrIPyqEhHE6LmlI15Gfg' 'unsafe-inline' https://cdn.plyr.io https://*.noembed.com https://www.youtube.com https://player.vimeo.com https://unpkg.com https://static.newsletter2go.com https://matomo-infohub.cms-relaunch.de https://webstat.francke-halle.de https://maps.googleapis.com/maps/api/js 'report-sample'; script-src-attr 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample' https://fonts.googleapis.com https://unpkg.com https://www.googletagmanager.com; media-src 'self' blob: data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' 'unsafe-eval' cdn.plyr.io noembed.com youtube.com youtube.de maps.googleapis.com https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com https://api.newsletter2go.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.google-analytics.com https://*.francke-halle.de; frame-ancestors 'self' https://*.francke-halle.de; report-uri https://www.francke-halle.de/@http-reporting?csp=report&requestTime=1773716058352442&requestHash=57462d9d84659a20cd04547a11cbb9875e78dfe1 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-7co43ilntZi7/azPStvwSQ=='; style-src 'self' https: 'unsafe-inline' 'nonce-7co43ilntZi7/azPStvwSQ=='; connect-src 'self' https: wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484 wss://127.0.0.1:8181 wss://127.0.0.1:8282 wss://127.0.0.1:8383 wss://127.0.0.1:8484 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://*.medallia.eu https://*.liveperson.net https://*.lpsnmedia.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://*.medallia.eu https://*.liveperson.net https://*.lpsnmedia.net https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.facebook.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://secure.adnxs.com https://www.google.ie; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.medallia.eu https://*.liveperson.net https://*.lpsnmedia.net; frame-src 'self' https://www.googletagmanager.com https://*.medallia.eu https://*.liveperson.net https://*.lpsnmedia.net; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
font-src fonts.gstatic.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.rs www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.tawk.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com tagmanager.google.com https://www.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.adform.net *.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ampproject.org https://www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.tawk.to wss://vsa120.tawk.to www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' litium.revolutionrace.se fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.se *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.consensu.org *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.facebook.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.google.com *.sharethis.com *.googletagmanager.com *.facebook.net *.googleapis.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 1
object-src  'none'; connect-src 'self' *.sxx.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.sxx.com join.gammasecure.com; script-src 'self' *.sxx.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.sxx.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-k3t57OKzb4OFHjJV5TZnyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem data: https://a.omappapi.com https://fonts.googleapis.com https://www.gstatic.com https://www.threadcheck.com 'unsafe-inline' https://www.google.co.in https://maxcdn.bootstrapcdn.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com *.typekit.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.threadcheck.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu https://www.google.co.in https://googleads.g.doubleclick.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.threadcheck.com *.googleapis.com *.bing.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com www.googleadservices.com https://www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com https://*.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://acsbapp.com https://www.clickcease.com https://link.edgepilot.com https://ecwportal.vertexsmb.com https://assets.adobedtm.com go.threadcheck.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://geoapi.cardinalcommerce.com https://1eafapi.cardinalcommerce.com https://songbird.cardinalcommerce.com https://includestest.ccdc02.com https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://*.vimeocdn.com https://s.ytimg.com https://t.paypal.com *.gstatic.com https://*.cloudflare.com https://a.omappapi.com https://www.google.co.in 'unsafe-inline' data: http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.acsbapp.com *.livechatinc.com *.googletagmanager.com *.pardot.com *.doubleclick.net *.bing.com *.threadcheck.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: https://a.omappapi.com 'unsafe-inline' *.gstatic.com https://fonts.googleapis.com https://www.google.co.in https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com fonts.googleapis.com/ *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com data: https://api.omappapi.com https://*.googleapis.com 'unsafe-inline' https://www.google.co.in http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.doubleclick.net *.acsbapp.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://storage.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://services.postcodeanywhere.co.uk https://storage.googleapis.com https://cdn-cookieyes.com https://www.facebook.com https://syndication.twitter.com https://www.google.com/ https://www.google.co.uk/ https://bat.bing.com https://www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://www.snapengage.com http://storage.googleapis.com https://www.clarity.ms https://cdn-cookieyes.com https://www.facebook.com https://connect.facebook.net https://platform.twitter.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://platform.linkedin.com https://bat.bing.com https://cdn.callrail.com https://js.callrail.com https://analytics.tester.co.uk https://porta11117.pcapredict.com https://services.postcodeanywhere.co.uk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://services.postcodeanywhere.co.uk assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://analytics.tester.co.uk https://*.cookieyes.com https://cdn-cookieyes.com https://*.callrail.com https://*.clarity.ms https://capig.stape.host https://services.postcodeanywhere.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://*.cloudfront.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com https://unpkg.com https://streetviewpixels-pa.googleapis.com https://lh3.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.tamara.co *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com https://player.vimeo.com https://maps.gstatic.com https://unpkg.com https://cdn.moyasar.com https://polyfill.io https://applepay.cdn-apple.com https://img.mpay.samsung.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.tamara.co *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://fonts.googleapis.com https://cdn.moyasar.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.tamara.co tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com https://maps.gstatic.com https://nominatim.openstreetmap.org https://*.moyasar.com https://us-online.mpay.samsung.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.tamara.co *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com *.shopify.com *.philipkingsley.co.uk data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com https://seo.mageplaza.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com *.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net www.facebook.com *.googlesyndication.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com business.facebook.com *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com *.yotpo.com email.philipkingsley.co.uk ams.creativecdn.com consentcdn.cookiebot.com *.googletagmanager.com *.freshchat.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.magezon.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.yotpo.com imgsct.cookiebot.com *.cloudfront.net *.google.com.ua *.google.co.uk services.postcodeanywhere.co.uk *.creativecdn.com *.philipkingsley.co.uk d21m4dsqdd3b9h.cloudfront.net cfvod.kaltura.com *.philipkingsley.com ads.stickyadstv.com sync.outbrain.com ih.adscale.de sync.taboola.com dsum-sec.casalemedia.com sync.teads.tv eb2.3lift.com *.google.rs data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.com/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.nosto.com *.nos.to *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com *.yotpo.com *.salesfire.co.uk email.philipkingsley.co.uk *.cookiebot.com *.ordergroove.com *.feefo.com analytics.webgains.io tags.creativecdn.com *.hotjar.com *.freshworks.com *.clarity.ms *.freshchat.com klear.com *.mention-me.com *.pcapredict.com services.postcodeanywhere.co.uk *.zoovu.com *.zuko.io *.googleadservices.com cdn.salesfire.co.uk *.philipkingsley.co.uk gstatic.com connect.nosto.com cdn-sitegainer.com cdnapisec.kaltura.com pro.ip-api.com r.lrkt-in.com *.omniconvert.com https://cdn.lrkt-in.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net *.nosto.com *.nos.to *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.feefo.com *.freshworks.com services.postcodeanywhere.co.uk https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com tiktok.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.ordergroove.com *.smartmetrics.co.uk ams.creativecdn.com *.freshworks.com *.feefo.com *.cookiebot.com *.clarity.ms klear.com services.postcodeanywhere.co.uk *.salesfire.co.uk *.webgains.io *.mention-me.com *.zuko.io connect.nosto.com o970468.ingest.us.sentry.io *.freshdesk.com r.lrkt-in.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.googletagmanager.com *.freshchat.com *.mattisson.nl *.cookiebot.eu *.pinimg.com *.cloudfront.net *.amazonaws.com *.pinterest.com js.mollie.com https://plumrocket.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: www.google.co.in *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.mattisson.nl *.cookiebot.eu *.pinimg.com *.cloudfront.net *.amazonaws.com *.usercentrics.eu *.pinterest.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net https://www.mollie.com https://plumrocket.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.hotjar.com *.aiden.cx app.reloadify.com *.fw-cdn.com *.freshchat.com *.mattisson.nl *.cookiebot.eu *.pinimg.com *.cloudfront.net *.amazonaws.com *.pinterest.com js.mollie.com *.sendcloud.sc https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.freshchat.com *.mattisson.nl *.cookiebot.eu *.pinimg.com *.cloudfront.net *.amazonaws.com *.pinterest.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com app.reloadify.com *.hotjar.io *.mattisson.nl *.cookiebot.eu *.pinimg.com *.cloudfront.net *.amazonaws.com *.pinterest.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem 'self' 'unsafe-inline' cdn.matomo.cloud maps.googleapis.com agram.matomo.cloud ajax.googleapis.com analytics.google.com www.googletagmanager.com www.google.com www.gstatic.com; font-src *.fontawesome.com https://cdnjs.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org rms.ups.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com agram.matomo.cloud fonts.googleapis.com *.analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: *.3dcloud.io *.fontawesome.com *.taggbox.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cloudinary.com *.facebook.com *.cybersource.com *.bazaarvoice.com *.salsify.com *.3dcloud.io *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.certcapture.com cloudinary.com res.cloudinary.com *.pinterest.com *.facebook.com *.doubleclick.net *.cybersource.com *.trkn.us *.paypal.com *.bazaarvoice.com *.google.com *.salsify.com *.hotjar.com *.hon.com *.3dcloud.io *.kmail-lists.com/ *.braintreegateway.com *.kaptcha.com *.addtoany.com *.paystand.com *.paystand.co *.google.com/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hon.com *.allsteeloffice.com *.honbasyx.com honbasyx.com cloudinary.com res.cloudinary.com *.addtoany.com *.bing.com *.facebook.com *.pinterest.com *.google.com *.google.co.in *.cybersource.com *.bazaarvoice.com *.salsify.com meetanshi.com *.3dcloud.io *.paypal.com *.flippingbook.com *.taggbox.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com cloudinary.com *.addtoany.com *.bootstrapcdn.com *.googletagmanager.com *.doubleclick.net *.trkn.us *.pinimg.com *.facebook.net *.bing.com *.pinterest.com *.cybersource.com *.online-metrix.net *.hotjar.com *.hotjar.io *.google.com *.google.co.in *.google.in *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.vimeo.com *.cdn-scripts.com *.braintreegateway.com *.signifyd.com *.bazaarvoice.com *.salsify.com bam.nr-data.net *.crazyegg.com mczbf.com *.mczbf.com *.3dcloud.io *.chimpstatic.com *.paypal.com *.paystand.com *.paystand.co *.flippingbook.com *.cloudfront.net *.taggbox.com *.tagbox.com widget.freshworks.com m2epro.freshdesk.com *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com downloads.mailchimp.com cloudinary.com *.addtoany.com *.googleapis.com *.bootstrapcdn.com *.cybersource.com *.bazaarvoice.com *.salsify.com *.3dcloud.io *.fontawesome.com *.datatables.net *.typekit.net *.paystand.com *.paystand.co *.taggbox.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.hon.com *.allsteeloffice.com *.honbasyx.com honbasyx.com cloudinary.com res.cloudinary.com *.cybersource.com *.bazaarvoice.com *.salsify.com data: *.3dcloud.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.affirm.com *.affirm.ca *.certcapture.com *.addtoany.com *.facebook.com *.cybersource.com *.pinterest.com *.salsify.com *.google-analytics.com bam.nr-data.net *.hotjar.com *.hotjar.io *.crazyegg.com *.doubleclick.net mczbf.com *.mczbf.com sjwoe.com *.sjwoe.com *.3dcloud.io *.braintree-api.com *.flippingbook.com *.taggbox.com widget.freshworks.com m2epro.freshdesk.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com/ https://fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com https://maps.google.com/ www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com blob: https://bat.bing.com https://alb.reddit.com ssl.google-analytics.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com https://static.cloudflareinsights.com https://bat.bing.com https://www.redditstatic.com ssl.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com/ widget.freshworks.com m2epro.freshdesk.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.onrally.com js.sandbox.onrally.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com www.googletagmanager.com fonts.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net region1.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.onrally.com api.sandbox.onrally.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src use.typekit.net fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.iubenda.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.iubenda.com secure.metricsglobalgateway.com *.iubenda.com *.avada.io *.alothemes.com *.magepow.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.typekit.net fonts.googleapis.com *.google-analytics.com https://p.typekit.net https://use.typekit.net secure.metricsglobalgateway.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com secure.metricsglobalgateway.com *.iubenda.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src https://cdn.noibu.com; font-src data: https://assets.gorgias.chat *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://test.transafe.com https://post.live.transafe.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.affirm.com *.affirm.ca *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ https://test.transafe.com https://post.live.transafe.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.affirm.com *.affirm.ca *.certcapture.com store.paradoxlabs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br https://*.google.com https://*.google.ee https://*.googletagmanager.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com acsbapp.com www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ https://test.transafe.com https://post.live.transafe.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br https://*.g.doubleclick.net storage.googleapis.com config.gorgias.chat assets.gorgias.chat https://polyfill.io https://*.affirm.com https://cdn.verifypass.com https://cdn.noibu.com https://*.noibu.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com https://static.klaviyo.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br https://maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.affirm.ca *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br config.gorgias.chat *.gorgias.chat wss://*.gorgias.chat cdn.acsbapp.com wss://*.noibu.com https://*.noibu.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://assets.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net https://app.feetai.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net www.jakeshoes.co.uk data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.jakeshoes.co.uk 'self' 'unsafe-inline'; frame-ancestors www.jakeshoes.co.uk 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.jakeshoes.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.co.uk *.facebook.com *.placeholder.com placehold.it *.jakeshoes.co.uk *.googleapis.com https://sizewise.cloud https://cdn.prod.website-files.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.jakeshoes.co.uk data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.hotjar.com *.facebook.net *.mailchimp.com https://sizewise.cloud https://app.sizewise.cloud https://unpkg.com https://cdn.jsdelivr.net https://app.feetai.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.jakeshoes.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.typekit.net https://app.sizewise.cloud widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com tagmanager.google.com www.jakeshoes.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.jakeshoes.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doubleclick.net *.hotjar.io *.googleapis.com *.mailchimp.com *.intuit.com *.amazonaws.com https://sizewise.cloud https://app.sizewise.cloud widget.freshworks.com m2epro.freshdesk.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com www.jakeshoes.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.jakeshoes.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.jakeshoes.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/hpvyxowvuq/report-uri; report-to report-endpoint; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.datatrics.com https://fonts.gstatic.com https://searchserverapi.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.facebook.com https://*.googleapis.com https://searchserverapi.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://*.dialogflow.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://searchserverapi.com https://*.sharethis.com https://*.snapchat.com https://maps.google.com/ *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com *.tiktok.com https://*.cookiebot.com https://*.datatrics.com https://*.examenoverzicht.nl https://*.examessentials.co.uk https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.nl https://*.g.doubleclick.net https://*.privacysandbox.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.pay.nl https://*.reddit.com https://*.sharethis.com https://searchserverapi.com https://*.snapchat.com https://*.squeezely.tech https://*.visualwebsiteoptimizer.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.tiktok.com https://cdn.amplitude.com https://*.aptrinsic.com https://*.calendly.com https://*.cloudflareinsights.com https://*.cookiebot.com https://*.datatrics.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://sc-static.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.jsdelivr.net https://*.redditstatic.com https://searchserverapi.com https://*.sharethis.com https://*.snapchat.com https://squeezely.tech https://*.tiktok.com https://*.visualwebsiteoptimizer.com https://*.youtube.com https://cdnjs.cloudflare.com/ *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://*.datatrics.com https://*.googleapis.com https://searchserverapi.com https://*.sharethis.com https://*.googletagmanager.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ maxcdn.bootstrapcdn.com assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.tiktok.com https://*.cookiebot.com https://*.datatrics.com https://*.examenoverzicht.nl https://*. 1
font-src cash-f.squarecdn.com *.cdn-apple.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action * belgium-3ds-bxl.wlp-acs.com belgium-3ds-vdm.wlp-acs.com acs1.3dsecure.no tsys.arcot.com sicher-bezahlen.sparkasse.at acs1-3dsecure.targobank.de 'self' 'unsafe-inline'; frame-ancestors https://partner.eqology.com 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * belgium-3ds-bxl.wlp-acs.com belgium-3ds-vdm.wlp-acs.com acs1.3dsecure.no tsys.arcot.com sicher-bezahlen.sparkasse.at acs1-3dsecure.targobank.de https://eqology.com widget.trustpilot.com *.google.com/ 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.gstatic.com https://eqology.com https://www.magezon.com blob: magefan.com cm.magefan.com *.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.cdn-apple.com https://eqology.com cdn.scarabresearch.com widget.trustpilot.com *.google.com/ *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.adyen.com *.cdn-apple.com fonts.googleapis.com www.googletagmanager.com *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com * google.com *.google.com www.googleapis.com https://eqology.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.hotjar.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mitec.com.mx *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mitec.com.mx 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mitec.com.mx *.e-pago.com.mx www.threedsecurempi.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.pidesalud.com *.pidederma.com *.farmaciasespecializadas.com *.google.com *.google.com.mx *.bing.com *.clarity.ms *.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.mitec.com.mx https://cdnjs.cloudflare.com https://static.hotjar.com https://script.hotjar.com/modules.28e3191d8757c557b4b7.js https://www.clarity.ms https://bat.bing.com https://cdn.mouseflow.com *.hotjar.com *.gstatic.com *.adobe.io cdn.mxpnl.com cdn.brevo.com scripts.clarity.ms *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mitec.com.mx https://bam.nr-data.net https://bam-cell.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.mouseflow.com *.clarity.ms *.google.com.mx *.appspot.com wss://ws.hotjar.com/ *.hotjar.com *.hotjar.io live.store-locator.nx.iwdfun.com *.a.run.app https://demo-1.conversionsapigateway.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com *.pinterest.com/ widget.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net https://images.unsplash.com *.hipay.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net *.google.fr *.googleapis.com cdn-cookieyes.com *.cdn-cookieyes.com *.r202.fr *.abtasty.com *.clarity.ms *.pinimg.com *.facebook.net *.bing.com *.facebook.com *.pinterest.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com/maps/api/mapsjs https://maps.googleapis.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com *.doubleclick.net *.google.fr *.googleapis.com cdn-cookieyes.com *.cdn-cookieyes.com *.r202.fr *.abtasty.com *.clarity.ms *.pinimg.com *.facebook.net *.bing.com *.facebook.com *.pinterest.com widget.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.hipay.com *.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com/maps/api/mapsjs https://maps.googleapis.com https://player.vimeo.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net *.google.fr *.googleapis.com cdn-cookieyes.com *.cdn-cookieyes.com *.r202.fr *.abtasty.com *.clarity.ms *.pinimg.com *.facebook.net *.bing.com *.facebook.com *.pinterest.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://td.doubleclick.net; connect-src 'self' https://swile-privacy.my.onetrust.com https://cdn.cookielaw.org https://static.axept.io https://api.axept.io https://client.axept.io https://swile.containers.piwik.pro https://swile.piwik.pro/ https://adservice.google.com https://googleads.g.doubleclick.net https://www.google.com; img-src 'self' blob: data: https://cdn.cookielaw.org https://static.axept.io https://axeptio.imgix.net https://www.google.fr https://www.googletagmanager.com https://fonts.gstatic.com; manifest-src 'self'; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub1f7041eb55ec9a12eea50b161be3d8c0&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to csp; script-src 'nonce-MzYxZmYyMWEtZWQwYi00OWNmLTlmOTQtNGMyMmVhNTY5YmNl' 'strict-dynamic' https://static.axept.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.coinpayments.net www.amsterdamseedcenter.com amsterdamcbdcenter.com https://www.magezon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zopim.com *.getresponse.com browser.sentry-cdn.com static.hotjar.com script.hotjar.com static.zdassets.com static.cloudflareinsights.com *.google.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com ekr.zdassets.com support-wyqq9.zendesk.com wss://widget-mediator.zopim.com metrics.hotjar.com metrics.hotjar.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' vetoreditora.com.br *.vetoreditora.com.br wake-components.fbitsstatic.net vetoreditora.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.mlstatic.com *.fbits.net signalrcore.fbits.net wss://signalrcore.fbits.net *.rdstation.com.br *.cloudfront.net *.g.doubleclick.net *.googleadservices.com stats.g.doubleclick.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.vetoreditora.com.br *.pagar.me *.mundipagg.com *.movidesk.com cdnjs.cloudflare.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com popups.rdstation.com.br *.rdstation.com cta-redirect.rdstation.com pageview-notify.rdstation.com.br wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.smartlook.com web-sdk.smartlook.com *.cardinalcommerce.com *.rd.services *.yandex.ru *.yandex.com *.yango.com *.webvisor.com *.webvisor.org *.yastatic.net *.smartlook.cloud *.youtube.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.fbitsstatic.net *.cityadstracking.com *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.haaify.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.vetoreditora.com.br vetoreditora.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src https:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 1
font-src *.fontawesome.com https://fonts.bunny.net https://www.ppl.cz/ maxcdn.bootstrapcdn.com api.mapy.cz data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ https://*.doubleclick.net https://ehub.cz https://*.gls-czech.cz https://*.packeta.com/ https://*.heureka.cz/ https://*.heureka.sk/ https://tm.vitalpoint.cz https://*.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com https://firebasestorage.googleapis.com https://*.ppl.cz https://*.seznam.cz https://im9.cz https://*.google.cz https://*.google.sk https://*.google.de https://*.google.at https://*.google.pl https://*.google.nl https://*.google.hu https://*.facebook.com https://*.g.doubleclick.net https://*.mailkit.eu https://ehub.cz https://*.heureka.cz/ https://*.heureka.sk/ https://*.zbozi.cz https://*.bing.com https://*.clarity.ms/ https://tm.vitalpoint.cz https://bat.bing.net https://bat.bing.com https://*.analytics.google.com flagpedia.net www.ppl.cz api.mapy.cz data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.avada.io https://*.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud https://*.smartform.cz https://*.heureka.cz https://*.mailkit.eu https://*.google.cz/ https://*.google.sk https://*.google.de https://*.google.at https://*.google.pl https://*.google.nl https://*.google.hu https://*.seznam.cz https://*.dognet.sk https://ehub.cz https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.packeta.com/ https://*.zbozi.cz/ https://im9.cz/ https://*.clarity.ms/ https://bat.bing.com/ https://bat.bing.net/ https://cdn.heureka.group/ https://*.heureka.sk/ https://tm.vitalpoint.cz https://*.googlesyndication.com *.gstatic.com maps.googleapis.com www.ppl.cz api.mapy.cz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.bunny.net https://www.ppl.cz/ https://client.smartform.cz/ https://im9.cz maxcdn.bootstrapcdn.com *.gstatic.com api.mapy.cz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io https://*.ppl.cz https://*.smartlook.com https://*.smartlook.cloud https://*.mailkit.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://ehub.cz https://widget.packeta.com https://*.clarity.ms https://*.heureka.group https://bat.bing.net https://tm.vitalpoint.cz https://*.seznam.cz https://*.googlesyndication.com https://bat.bing.com www.gstatic.com maps.googleapis.com api.mapy.cz api.dhl.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com https://www.gstatic.com *.superpayments.com *.stripe.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.superpayments.com *.stripe.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.superpayments.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.superpayments.com *.stripe.com doubleclick.net secure.livechatinc.com *.trustpilot.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://*.gstatic.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.superpayments.com *.stripe.com bat.bing.net *.onetrust.com *.postcodeanywhere.co.uk *.facebook.com *.todd-doors.co.uk https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua *.doubleclick.net *.bing.com *.google.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com https://*.gstatic.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.superpayments.com *.stripe.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.trustpilot.com *.onetrust.com *.livechatinc.com *.reaktion.com *.avada.io *.bing.com c3.adalyser.com cdn.livechatinc.com chimpstatic.com *.facebook.net *.pinterest.com rum-static.pingdom.net *.pinimg.com *.hotjar.com scripts.clarity.ms *.postcodeanywhere.co.uk *.klaviyo.com www.clarity.ms toddd11112.pcapredict.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudfront.net https://cdn.superpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.superpayments.com *.stripe.com *.onetrust.com *.googleapis.com *.postcodeanywhere.co.uk *.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.superpayments.com *.stripe.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com *.onetrust.com ad.doubleclick.net *.reaktion.com *.storyblok.com bat.bing.net cdn.segment.com ct.pinterest.com in.eu2.segmentapis.com k.clarity.ms rum-collector-2.pingdom.net *.postcodeanywhere.co.uk *.klaviyo.com www.google.com api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.amazonaws.com *.clarity.ms *.merchant-center-analytics.goog 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; frame-ancestors 'self'; object-src 'none'; default-src 'self' https: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; frame-src https:; upgrade-insecure-requests; require-trusted-types-for 'script' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com platform.twitter.com *.nosto.com *.nos.to landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.google.co.uk *.google.com *.google.co.in *.googletagmanager.com www.gstatic.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.nosto.com *.nos.to https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflareinsights.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.gstatic.com *.line-scdn.net cookiecdn.com s7.addthis.com connect.facebook.net twitter.com platform.twitter.com *.nosto.com *.nos.to landofcoder.com *.googleapis.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.googleapis.com *.google.com https://fonts.bunny.net assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflareinsights.com *.googletagmanager.com *.g.doubleclick.net *.gstatic.com *.cookiewow.com ekr.zdassets.com/ *.nosto.com *.nos.to landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com static.payu.com https://geowidget.easypack24.net https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com static.payu.com credit-widget-config.payu.com/ https://geowidget-app.inpost.pl/ https://app2.salesmanago.com 'self' www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com credit-widget-config.payu.com/ https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.glami.pl *.pixel.wp.pl *.imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com static.payu.com credit-widget-config.payu.com/ https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.googletagmanager.com *.opineo.pl *.consent.cookiebot.com *.consentcdn.cookiebot.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com static.payu.com credit-widget-config.payu.com/ *.easypack24.net *.inpost.pl *.openstreetmap.org *.vc-service.saleago.com ws: *.consent.cookiebot.com *.consentcdn.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-o_aK4d3RKn2kX3_Ke2-eHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dWlN1dy36vL4HH73zIdC8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0OB3uF325zeLmSGlxarF6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com cdn.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com facebook.com www.facebook.com *.payfabric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com magento-cloudflare.jetrails.com https://www.googletagmanager.com/ facebook.com www.facebook.com secure.livechatinc.com *.payfabric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://www.shopperapproved.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ bat.bing.com facebook.com www.facebook.com *.marlowwhite.com *.payfabric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://www.shopperapproved.com https://direct.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ bat.bing.com *.cloudfront.net facebook.com www.facebook.com connect.facebook.net *.livechatinc.com *.tctm.co *.crazyegg.com cdn.mouseflow.com *.sentry-cdn.com *.payfabric.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.marlowwhite.com unsafe-inline assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.luckyorange.net *.crazyegg.com api.livechatinc.com *.mouseflow.com *.payfabric.com *.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com https://*.gstatic.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.pcapredict.com *.jellybooks.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * *.adyen.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ *.nosto.com *.nos.to *.pcapredict.com *.jellybooks.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://*.gstatic.com *.adyen.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com *.pcapredict.com *.jellybooks.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com *.pcapredict.com *.jellybooks.com *.cloudflare.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://fonts.googleapis.com/ webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.nosto.com *.nos.to *.pcapredict.com *.jellybooks.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to *.pcapredict.com *.jellybooks.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://34dfd997-cd9a-4714-8e13-90912cb2b216.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://pagesense-collect.zoho.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://connect.facebook.net https://m.facebook.com https://mobile.facebook.com https://platform.twitter.com https://web.facebook.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://pagesense-collect.zoho.com https://*.fbcdn.net https://stats.g.doubleclick.net https://www.gcis.gov.za https://www.google.com https://www.google.co.za https://www.googletagmanager.com https://*.ytimg.com https://www.google-analytics.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://cdn.pagesense.io https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' https://platform.twitter.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.gcis.gov.za/system/reporting/default; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.shopperapproved.com *.disqus.com www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.facebook.net *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.facebook.com *.facebook.net https://www.magezon.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://polyfill-fastly.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com s7.addthis.com *.facebook.com *.facebook.net *.avada.io *.google.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com sandbox-api.layup.co.za layup.co.za ekr.zdassets.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-h7EpFRxB7YsdznvLVyy9pA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.bglobale.com *.global-e.com *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://api.ometria.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trustpilot.com https://vars.hotjar.com https://www.paypalobjects.com https://lpcdn.lpsnmedia.net *.bglobale.com *.global-e.com *.hub-box.com *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://media.festive-lights.com https://www.festive-lights.com https://trk.ometria.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://paypal-eu-arh.cloudiq.com https://lpcdn.lpsnmedia.net https://t.co cookie-cdn.cookiepro.com https://www.magezon.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://static.hotjar.com https://script.hotjar.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://cdn.ometria.com https://cdn.cookielaw.org https://ajax.googleapis.com https://festi11112.pcapredict.com https://static.ads-twitter.com https://bat.bing.com https://connect.facebook.net https://www.gstatic.com https://googleads.g.doubleclick.net https://stglite.bglobale.com https://paypal-eu-arh.cloudiq.com https://paypal-eu-cdn.cloudiq.com https://accdn.lpsnmedia.net https://va.v.liveperson.net https://lpcdn.lpsnmedia.net https://static-eu.payments-amazon.com https://analytics.twitter.com *.cloudflare.com graph.facebook.com js-agent.newrelic.com *.mention-me.com https://cookie-cdn.cookiepro.com *.pinterest.com *.tiktok.com *.pinimg.com *.stackadapt.com *.adsrvr.org *.trustpilot.com *.bglobale.com *.global-e.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.googletagmanager.com tagmanager.google.com https://browser.sentry-cdn.com https://js.klevu.com https://eu-library.klarnaservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://optanon.blob.core.windows.net https://stglite.bglobale.com *.trustpilot.com *.bglobale.com *.global-e.com *.klarnacdn.net *.klevu.com *.ksearchnet.com assets.braintreegateway.com tagmanager.google.com fonts.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://stats.g.doubleclick.net https://payments-uk.amazon.com *.algolia.io cdn.cookielaw.org cdn.ometria.com https://cookie-cdn.cookiepro.com *.pinterest.com *.tiktok.com *.hub-box.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.googletagmanager.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com landofcoder.com *.google.com/ secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.inpost.pl https://firebasestorage.googleapis.com https://www.magezon.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org https://trustmate.io https://www.clarity.ms *.clarity.ms https://googletagmanager.com https://www.pagead.com *.3mk.pl https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr/ https://sherlock.ecdp.cloud https://imgsct.cookiebot.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com *.inpost.pl landofcoder.com *.avada.io *.shopify.com *.google.com/ secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org https://trustmate.io https://www.clarity.ms *.clarity.ms https://googletagmanager.com https://www.pagead.com https://www.googleadservices.com/ *.3mk.pl https://connect.facebook.net https://sherlock.ecdp.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://geowidget.inpost.pl https://trustmate.io https://www.clarity.ms *.clarity.ms *.3mk.pl https://googletagmanager.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com https://www.facebook.com graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com landofcoder.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org https://trustmate.io https://www.clarity.ms *.clarity.ms https://googletagmanager.com https://www.pagead.com https://www.googleadservices.com/ *.3mk.pl https://connect.facebook.net https://sherlock.ecdp.cloud https://consentcdn.cookiebot.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://iai-bridge.paxy.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://d3k81ch9hvuctc.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://script.crazyegg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://use.typekit.net https://p.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://script.crazyegg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com trustpilot.com widget.trustpilot.com www.xtento.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net typekit.net www.google.co.uk google.co.uk google.com via.placeholder.com agrilineproducts.com facebook.com www.facebook.com connect.facebook.net www.facebook.com/privacy_sandbox www.google-analytics.com assets.braintreegateway.com checkout.paypal.com b.stats.paypal.com dub.stats.paypal.com www.sandbox.paypal.com cdn.xtento.com www.xtento.com c.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page widget.trustpilot.com js-agent.newrelic.com bam.nr-data.net unpkg.com secure.authorize.net test.authorize.net js.braintreegateway.com video.google.com cdn.xtento.com payments-amazon.com payments-amazon.co.uk payments-amazon.co.jp payments-amazon.jp payments-amazon.it payments-amazon.fr payments-amazon.es trackedlink.net trackedweb.net webchat.dotdigital.com cdn.dnky.co api.comapi.com avada.i yotpo.com staticw2.yotpo.com w2.yotpo.com connect.facebook.net facebook.com www.xtento.com cc-cdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fontawesome.com getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com staticw2.yotpo.com w2.yotpo.com use.typekit.net typekit.net p.typekit.net cc-cdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com paypal.com bam.nr-data.net google-analytics.com stats.g.doubleclick.net google.co.uk api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com 'self' data: *.kxcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.google.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.twitter.com *.consensu.org *.sharethis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src  *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com https://mobicred.co.za/images/logo-mobicred-grey.png *.segment.io carrolboyes.filecamp.com carrolboyes.com *.digitradenow.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.googletagmanager.com *.adroll.com *.google.co.za *.bidswitch.net *.doubleclick.net *.casalemedia.com *.rlcdn.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.analytics.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.tribalfusion.com *.admission.net *.company-target.com *.choozle.com *.payflex.co.za *.mobicredwidget.co.za *.segment.com *.hotjar.com https://widgets.payflex.co.za maps.googleapis.com maps.gstatic.com cdn.ckeditor.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.kxcdn.com *.googleapis.com *.google.com *.fbcdn.net https://fevertreefinance.co.za http://fevertreefinance.co.za https://www.fevertreefinance.co.za http://www.fevertreefinance.co.za https://cdn.fevertreefinance.co.za http://cdn.fevertreefinance.co.za *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.instagram.com partpayassets.blob.core.windows.net *.payflex.co.za *.mobicredwidget.co.za 'unsafe-inline' *.netcoresmartech.com *.bootstrapcdn.com *.hotjar.com *.segment.io *.segment.com *.jsdelivr.net *.cloudflare.com *.twitter.com *.analytics.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.sharethis.com *.googletagmanager.com *.adroll.com *.googlesyndication.com cdn-4.convertexperiments.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net maps.googleapis.com cdn.ckeditor.com/ *.oppwa.com oppwa.com *.peachpayments.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com js.klevu.com *.ksearchnet.com *.disqus.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.segment.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.segment.com https://widgets.payflex.co.za fonts.googleapis.com/ cdn.ckeditor.com/ oppwa.com *.oppwa.com *.peachpayments.com *.google.com *.kxcdn.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://api.fevertreefinance.co.za *.mobicredwidget.co.za *.segment.com *.segment.io *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com *.googletagmanager.com *.adroll.com *.payflex.co.za *.netcoresmartech.com maps.googleapis.com/ oppwa.com *.oppwa.com *.peachpayments.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.youtube.com storage.googleapis.com/rtux-rtux-data-integration-rti/ maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com 'self' data: *.stape.io https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ https://www.googletagmanager.com https://td.doubleclick.net https://bat.bing.com https://ct.pinterest.com https://app-wallee.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.frankenspalter.ch https://images.unsplash.com magefan.com cm.magefan.com https://www.magezon.com https://files.alive5.com https://www.googleadservices.com https://www.google.ca https://bat.bing.com https://www.preisvergleich.ch https://app-wallee.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.youtube.com bx-cdn.com/static/bav2.min.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js bx-cdn.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ https://maps.googleapis.com *.google.com/ https://use.fontawesome.com https://assets.adobedtm.com https://*.adobe.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.cardinalcommerce.com https://*.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://s.ytimg.com https://*.vimeo.com https://*.vimeocdn.com https://www.gstatic.com https://www.google.com https://*.braintreegateway.com https://alive5.com https://*.listrakbi.com https://bat.bing.com https://r-st.wi-platform-cloud.com https://v2.zopim.com https://s.pinimg.com https://static.zdassets.com https://ct.pinterest.com https://script.hotjar.com https://static.hotjar.com https://storage.googleapis.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.youtube.com maxcdn.bootstrapcdn.com *.fontawesome.com https://*.adobe.com https://*.fontawesome.com https://assets.braintreegateway.com https://fonts.googleapis.com https://*.gstatic.com https://fonts.bunny.net https://alive5.com https://cdn.listrakbi.com https://storage.googleapis.com https://app-wallee.com *.googleapis.com *.googletagmanager.com *.stape.io *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com storage.googleapis.com/rtux-rtux-data-integration-rti/ https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.youtube.com track.bx-cloud.com main.bx-cloud.com track-gw1.bx-cloud.com bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ https://maps.googleapis.com https://player.vimeo.com https://storage.googleapis.com/rtux-rtux-data-integration-rti/ https://ct.pinterest.com https://bat.bing.com https://www.google.com wss://widget-mediator.zopim.com https://frankenspalterest.zendesk.com https://ekr.zdassets.com https://storage.googleapis.com https://app-wallee.com https://assets.secure.checkout.visa.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googletagmanager.com *.adobe.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.newrelic.com *.nr-data.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com 'self' data: *.skroutz.gr *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu *.bing.com *.zdassets.com *.google.com *.google.gr *.clarity.ms/ *.haritidis.gr *.klarnacdn.net https://fonts.bunny.net *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.vivapayments.com *.zdassets.com *.facebook.com *.contactpigeon.com *.google.gr *.skroutz.gr >https://skroutza.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com td.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widget-v3.boxnow.gr/ widget-v5.boxnow.cy *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.skroutz.gr >https://skroutza.skroutz.gr *.contactpigeon.com *.hotjar.com td.doubleclick.net widget-v3.boxnow.gr *.clarity.ms/ *.bing.com *.google.com/ *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com https://trustmark.gr *.tiktok.com *.contactpigeon.com *.googleapis.com *.gstatic.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.skroutz.gr >https://skroutza.skroutz.gr *.moosend.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.io td.doubleclick.net *.mastercard.com *.google.com *.google.gr *.googletagmanager.com *.clarity.ms/ *.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.magezon.com *.designer-images.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.vivapayments.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.tiktok.com *.googletagmanager.com *.googleapis.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.contactpigeon.com *.newrelic.com *.nr-data.net *.paypal.com *.google.com/ *.hotjar.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.youtube.com *.skroutz.gr >https://skroutza.skroutz.gr *.cloudflare.com *.google.gr https://trustmark.gr/badge/dist/index.js https://static.adman.gr/adman.js https://greca.adman.gr cdn.omnicliq.com/ss.js *.clarity.ms/ *.bing.com *.debugbear.com *.haritidis.gr *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.stat-track.com polyfill.io *.moosend.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.contactpigeon.com *.newrelic.com *.nr-data.net *.fontawesome.com *.trustpilot.com cdn.jsdelivr.net *.skroutz.gr *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.bing.com *.hotjar.com *.clarity.ms/ *.haritidis.gr *.klarnacdn.net https://fonts.bunny.net fonts.googleapis.com *.moosend.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: *.google.gr *.zopim.com *.skroutz.gr >https://skroutza.skroutz.gr *.moosend.com *.cloudflare.com *.youtube.com *.haritidis.gr 'self' 'unsafe-inline'; manifest-src *.haritidis.gr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.haritidis.gr *.skroutz.gr >https://skroutza.skroutz.gr *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.mastercard.com *.google.com *.google.gr *.googletagmanager.com *.tiktok.com *.contactpigeon.com *.paypal.com stats.g.doubleclick.net https://googleads.g.doubleclick.net/ *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.cloudflare.com https://pagead2.googlesyndication.com *.bing.com *.clarity.ms/ *.debugbear.com td.doubleclick.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0y8s7YDh7fi1MjZC6s_3pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Rp5p3jGccI_6jINTrYg_oA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZxtfZJj6GY-vu0Vg3LFVhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' cdn.globalpay.com.co cdnjs.cloudflare.com https://cdn.ampproject.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://s.tradingview.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://client.crisp.chat; style-src 'self' 'unsafe-inline' https://client.crisp.chat https://fonts.googleapis.com; img-src 'self' data: blob: https: http:; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat data:; connect-src 'self' https://api.nepsetrading.com wss://api.nepsetrading.com https://www.clarity.ms https://client.crisp.chat wss://client.relay.crisp.chat https://video.bunnycdn.com https://*.google-analytics.com https://*.analytics.google.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://s.tradingview.com https://game.crisp.chat; media-src 'self' https: blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://api.nepsetrading.com https://khalti.com https://login.connectips.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.clarity.ms js.stripe.com *.js.stripe.com checkout.stripe.com *.paypal.com *.paypalobjects.com challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *.paypalobjects.com; img-src 'self' data: blob: pdpd.b-cdn.net vz-32876b7d-513.b-cdn.net vz-bcc18906-38f.b-cdn.net pdphoto.b-cdn.net pdchatprod.b-cdn.net dev-pding-chat-images.s3.us-east-1.amazonaws.com dev-pding-chat-images.s3.amazonaws.com prod-pding-chat-images.s3.us-west-1.amazonaws.com prod-pding-chat-images.s3.amazonaws.com *.gstatic.com lh3.googleusercontent.com www.googletagmanager.com *.google-analytics.com www.google.com *.google.co.kr www.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.clarity.ms c.bing.com *.stripe.com *.paypal.com *.paypalobjects.com; font-src 'self' *.paypalobjects.com; connect-src 'self' *.pd-ing.com wss://*.pd-ing.com *.firebaseio.com wss://*.firebaseio.com *.firebaseapp.com *.googleapis.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.com *.clarity.ms c.bing.com *.stripe.com m.stripe.network *.paypal.com *.paypalobjects.com challenges.cloudflare.com video.bunnycdn.com pding.page.link dev-pding-chat-images.s3.us-east-1.amazonaws.com dev-pding-chat-images.s3.amazonaws.com prod-pding-chat-images.s3.us-west-1.amazonaws.com prod-pding-chat-images.s3.amazonaws.com pding-video-upload-temp.s3.ap-northeast-2.amazonaws.com; frame-src 'self' iframe.mediadelivery.net js.stripe.com *.js.stripe.com hooks.stripe.com verify.stripe.com checkout.stripe.com *.paypal.com *.paypalobjects.com www.googletagmanager.com *.google.com *.firebaseapp.com challenges.cloudflare.com; worker-src 'self' blob:; media-src 'self' blob: *.b-cdn.net; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.bunny.net cdn.jsdelivr.net cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com www.facebook.com interface.mailcampaigns.nl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com js.mollie.com *.multisafepay.com https://pay.google.com https://plumrocket.com www.googletagmanager.com *.doubleclick.net tagging.proforto.be www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.mollie.com maps.googleapis.com *.multisafepay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com px.ads.linkedin.com bat.bing.com www.google.nl t.squeezely.tech www.facebook.com region1.analytics.google.com www.google.fr *.faslet.net trengo.s3.eu-central-1.amazonaws.com *.mailcampaigns.nl *.doubleclick.net cdn.proforto.be tagging.proforto.be images.prismic.io proforto-cdn.imgix.net https://maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; style-src *.adobe.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.multisafepay.com tagmanager.google.com fonts.google.com fonts.bunny.net *.faslet.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu player.vimeo.com *.vimeocdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://tagging.proforto.be dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.com b.billypx.com px.ads.linkedin.com analytics.tiktok.com *.doubleclick.net rkkck31tec.execute-api.eu-central-1.amazonaws.com api.faslet.net cdn.api.prod.faslet.net bat.bing.com bat.bing.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com pagead2.googlesyndication.com metrics.hotjar.io *.trengo.eu *.convertexperiments.com tagging.proforto.be *.tiktokw.us wss://*.hotjar.com interface.mailcampaigns.nl *.yotpo.com https: 'self' 'unsafe-inline'; script-src https://tagging.proforto.be assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.mollie.com *.multisafepay.com https://pay.google.com *.googletagmanager.com tagmanager.google.com cdn-4.convertexperiments.com connect.facebook.net static.hotjar.com script.hotjar.com analytics.tiktok.com bat.bing.com squeezely.tech snap.licdn.com bgmin.cdn.billygrace.com d5yoctgpv4cpx.cloudfront.net widget.prod.faslet.net player.vimeo.com *.trengo.eu localhost:5174 *.proforto.be *.yotpo.com https: 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com fonts.gstatic.com https://cdnjs.cloudflare.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com www.gstatic.com www.google.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.addtoany.com fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com http://dpm.demdex.net maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure.paygate.co.za/payweb3/process.trans oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com https://plumrocket.com *.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com *.google.com/ oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com *.twitter.com *.freshchat.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://www.magezon.com https://firebasestorage.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.google.co.za *.mobicredwidget.co.za safarioutdoorweb2.s3.af-south-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com landofcoder.com *.avada.io *.google.com/ *.oppwa.com oppwa.com *.peachpayments.com *.cloudflare.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.cloudfront.net *.freshchat.com https://s.clarity.ms/collect https://www.clarity.ms/tag/mnkzg1hhv5 https://s.cartbooster.io/preload *.convertexperiments.com *.sfdr.co *.hotjar.com *.tmtarget.com *.trackmytarget.com https://sfdr.co/sfdr.js *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com oppwa.com *.oppwa.com *.peachpayments.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.getfirebug.com *.google.com 'self' data: *.freshchat.com *.jsdelivr.net *.doofinder.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com landofcoder.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.cloudflare.com *.twitter.com *.twimg.com 'self' data: *.mobicredwidget.co.za *.doofinder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com blog.tilemerchant.ie data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com blog.tilemerchant.ie 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com blog.tilemerchant.ie 'self'; frame-src https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com bid.g.doubleclick.net account.fetchify.com *.google.com/ *.meetanshi.com js.mollie.com *.trustpilot.com www.youtube.com *.weltpixel.com blog.tilemerchant.ie 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.facebook.com https://www.magezon.com *.meetanshi.com https://www.mollie.com *.tilemerchant.ie *.adobedtm.com *.adobe.com blog.tilemerchant.ie data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com *.facebook.net *.google.com/ *.meetanshi.com js.mollie.com *.trustpilot.com www.youtube.com player.vimeo.com https://www.googletagmanager.com tagmanager.google.com blog.tilemerchant.ie 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.doofinder.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com maxcdn.bootstrapcdn.com *.trustpilot.com tagmanager.google.com blog.tilemerchant.ie 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.tilemerchant.ie *.amazonaws.com *.googleapis.com blog.tilemerchant.ie 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.doofinder.com wss://*.doofinder.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.meetanshi.com cdn.plyr.io noembed.com https://www.google-analytics.com blog.tilemerchant.ie 'self' 'unsafe-inline'; child-src blog.tilemerchant.ie http: https: blob: 'self' 'unsafe-inline'; default-src blog.tilemerchant.ie 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net userlike-cdn-umm.b-cdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com td.doubleclick.net js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://firebasestorage.googleapis.com tracking.ke-webdev.de/ *.bing.com/ *.googletagmanager.com/ media.profipatch.com px.ads.linkedin.com *.google.com fast.smarketer.de fast-static.smarketer.de *.google.co.in integrations.etrusted.com *.userlike.com/ https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.adobedtm.com *.avada.io browser-update.org *.ke-webdev.de c.ke-webdev.de *.getsitecontrol.com *.bing.com web-sdk.smartlook.com fast.smarketer.de *.google.com fast-static.smarketer.de eu1-config.doofinder.com rec.smartlook.com snap.licdn.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com unpkg.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net integrations.etrusted.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.google-analytics.com https://get.geojs.io *.avada.io *.google.com browser-update.org *.ke-webdev.de c.ke-webdev.de googleads.g.doubleclick.net td.doubleclick.net/ px.ads.linkedin.com fast.smarketer.de fast-static.smarketer.de stats.g.doubleclick.net manager.eu.smartlook.cloud userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com unpkg.com api.userlike.com wss://umd.userlike.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/datacenters_google 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://api.reclameaqui.com.br https://s3.amazonaws.com/raichu-beta/selos https://newimgebit-a.akamaihd.net/ebitBR/medal use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://use.typekit.net https://*.konfidency.com.br https://fonts.googleapis.com https://*.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://gyruss.rdops.systems https://www.facebook.com/ https://*.rdstation.com.br https://*.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net https://api.reclameaqui.com.br https://chat.directtalk.com.br https://*.konfidency.com.br unsafe-inline https://fonts.gstatic.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://h.online-metrix.net https://td.doubleclick.net https://stape.madeiranit.com.br https://api.reclameaqui.com.br https://maps.google.com/ https://chat.directtalk.com.br unsafe-inline https://*.konfidency.com.br https://www.lojaconfiavel.com https://*.hotjar.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://www.facebook.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://ssif1.globalsign.com https://www.globalsign.com https://api.reclameaqui.com.br/* https://s3.amazonaws.com https://newimgebit-a.akamaihd.net/ebitBR/medal www.google.com.br newimgebit-a.akamaihd.net https://fonts.gstatic.com https://stats.g.doubleclick.net http://www.googletagmanager.com https://staticfiles.yviews.com.br https://yv-misc.s3.amazonaws.com https://uploadedfiles.yviews.com.br https://www.google.com https://newimgebit-a.akamaihd.net https://www.ebitempresa.com.br https://empresa.ebit.com.br/ https://chat.directtalk.com.br https://singularbaby.com.br https://*.madeiranit.com.br https://*.konfidency.com.br https://www.google.com.br/ http://www.googleadservices.com http://www.google-analytics.com https://www.facebook.com/ https://*.gstatic.com https://maps.googleapis.com https://*.cloudfront.net/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com https://h.online-metrix.net https://td.doubleclick.net https://stape.madeiranit.com.br https://s3.amazonaws.com https://api.reclameaqui.com.br https://newimgebit-a.akamaihd.net/ebitBR/medal/ https://ssif1.globalsign.com https://www.globalsign.com imgs.ebit.com.br www.clarity.ms unpkg.com reviews.konfidency.com.br d335luupugsy2.cloudfront.net js-agent.newrelic.com https://www.clarity.ms https://*.konfidency.com.br https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://staticfiles.yviews.com.br https://cdn.siteblindado.com https://api.siteblindado.com https://seal.globalsign.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://imgs.ebit.com.br https://chat.directtalk.com.br https://*.hotjar.com/ https://*.shoptarget.com.br/ https://*.cloudfront.net/ https://*.facebook.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://*.shopback.net/ https://*.shopconvert.com.br/ https://*.rdstation.com.br https://*.cloudfront.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://api.reclameaqui.com.br https://s3.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://api.reclameaqui.com.br https://*.konfidency.com.br https://fonts.gstatic.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://viacep.com.br https://www.viacep.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.facebook.com https://www.facebook.com/tr graph.facebook.com business.facebook.com places.googleapis.com https://h.online-metrix.net https://td.doubleclick.net https://stape.madeiranit.com.br https://api.reclameaqui.com.br https://s3.amazonaws.com https://newimgebit-a.akamaihd.net/ebitBR/medal/81589.json bam.nr-data.net https://*.clarity.ms https://*.konfidency.com.br https://api.siteblindado.com https://seal.siteblindado.com.br https://seal.siteblindado.com https://commerce.adobedc.net https://bam.nr-data.net https://www.google.com https://chat.directtalk.com.br wss://am.freshrelevance.com https://*.shoptarget.com.br/ https://*.rdstation.com.br/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://*.hotjar.io https://content.hotjar.io/ https://*.retargeter.com.br https://*.madeiranit.com.br/ https://ckies.net/ https://*.openfpcdn.io/ https://www.google-analytics.com https://*.rdstation.com.br https://gyruss.rdops.systems  https://gtm-kq9xxp7-mjg4y.uc.r.appspot.com/g/collect wss://ws.hotjar.com/api/v2/client/ws 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://newimgebit-a.akamaihd.net/ebitBR/medal/* bam.nr-data.net commerce.adobedc.net unsafe-inline https://*.konfidency.com.br https://fonts.gstatic.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://ssl.ingersoll-imc.com https://www.google-analytics.com https://platform.twitter.com  https://www.googletagmanager.com https://wpcc.io https://recruitingbypaycor.com; style-src 'self' 'unsafe-inline' http://ssl.ingersoll-imc.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://wpcc.io https://cdn.websitepolicies.io; img-src 'self' https://ssl.ingersoll-imc.com https://www.google-analytics.com https://syndication.twitter.com https://stats.g.doubleclick.net; connect-src 'self' https://syndication.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://ssl.ingersoll-imc.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src https://platform.twitter.com https://syndication.twitter.com https://recruitingbypaycor.com/; report-uri https://report.ingersoll-imc.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://ipgtest.monri.com/ https://ipg.monri.com/ https://formtest.wspay.biz/ https://form.wspay.biz/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://ipgtest.monri.com/ https://ipg.monri.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://www.facebook.com/ https://connect.facebook.net/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com https://ipgtest.monri.com/ https://ipg.monri.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://static.elfsight.com/ https://connect.facebook.net/ https://www.facebook.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://ipgtest.monri.com/ https://ipg.monri.com/ assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com places.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com https://core.service.elfsight.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.zoovu.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors ; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com js.mollie.com *.trustpilot.com *.intercom.io *.intercomcdn.com *.cookiebot.com *.facebook.com *.publitas.com *.pinterest.com *.doubleclick.net *.mollie.com *.addthis.com *.force.com *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com maps.gstatic.com maps.googleapis.com https://redchamps.com *.bing.com *.google.com *.google.be *.facebook.com *.pinterest.com *.cloudfront.net *.zoovu.com *.tradetracker.net *.doubleclick.net *.googletagmanager.com *.acquire.io *.clarity.ms *.sleepworld.be *.360yield.com *.yieldlab.net *.yieldmo.com *.krxd.net *.demdex.net *.casalemedia.com *.analytics.yahoo.com *.criteo.com *.adnxs.com *.tremorhub.com *.pubmatic.com *.outbrain.com *.mediavine.com *.ivitrack.com *.omnitagjs.com *.adform.net *.3lift.com *.taboola.com *.smartadserver.com *.sharethrough.com *.rubiconproject.com contextual.media.net *.bidswitch.net ts.tradetracker.net www.magmodules.eu *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io *.shopify.com js.mollie.com maps.googleapis.com *.trustpilot.com *.intercom.io *.intercomcdn.com *.cloudflare.com *.cloudflareinsights.com *.cookiebot.com *.acquire.io *.facebook.com *.facebook.net *.pinimg.com *.bing.com *.doubleclick.net *.zoovu.com *.tradetracker.net *.publitas.com *.googleoptimize.com *.addthis.com *.addthisedge.com *.moatads.com *.clarity.ms *.force.com *.cloudfront.net *.salesforceliveagent.com *.clerk.io *.salesforce.com instant.page *.criteo.com https://www.googletagmanager.com tagmanager.google.com tm.tradetracker.net *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.trustpilot.com *.intercom.io *.intercomcdn.com *.zoovu.com *.force.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src data: 'self' 'unsafe-inline'; media-src file: data: blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com *.newrelic.com *.nr-data.net *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.intercom.io *.intercomcdn.com *.doubleclick.net *.acquire.io *.pinterest.com *.bing.com ws: *.zoovu.com *.amazonaws.com *.trustpilot.com *.cookiebot.com *.stape.io *.sleepworld.be *.cwv-insights.com *.clarity.ms *.addthis.com *.google.com *.google.be https://www.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.almapay.com/ *.hipay-tpp.com *.hipay.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://rum.hlx.page cdn.jsdelivr.net *.almapay.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.almapay.com *.hipay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.getalma.eu *.almapay.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cloudflare.com *.bootstrapcdn.com *.dhlparcel.nl https://static.dhlecommerce.nl https://fonts.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.googlesyndication.com *.tiktok.com *.twitter.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com *.addthis.com *.hotjar.com *.cookiebot.com consentcdn.cookiebot.eu https://*.dpdconnect.nl js.mollie.com *.trustpilot.com *.twitter.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.googleapis.com *.gstatic.com *.google.nl *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com forza-refurbished.nl *.forza-refurbished.nl *.bluebirdday.io *.amazonaws.com *.google.com *.bing.com *.trustpilot.com *.trustpilot.net *.clarity.ms magefan.com cm.magefan.com https://maps.googleapis.com https://maps.gstatic.com *.disqus.com https://www.mollie.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.trengo.eu *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com *.cookiebot.com *.dhlparcel.nl *.bing.com *.hotjar.com *.trustpilot.com *.clarity.ms consent.cookiebot.eu consentcdn.cookiebot.eu https://static.dhlecommerce.nl https://maps.googleapis.com https://*.dpdconnect.nl *.disqus.com js.mollie.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.trustpilot.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.addthis.com *.trengo.eu *.bing.com *.hotjar.com *.trustpilot.com *.clarity.ms *.cookiebot.com consent.cookiebot.eu consentcdn.cookiebot.eu https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-LQmIezXpo_pNVp_ZUok5gw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com www.vlaggenclub.nl vlaggenclub.dev *.cloudflare.com *.linkedin.com *.adsymptotic.com *.google.nl *.printapi.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com *.zdassets.com polyfill.io static.zdassets.com *.zendesk.com *.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.cloudflare.com *.pingdom.net *.hotjar.com *.usercentrics.eu *.zdassets.com *.zendesk.com *.zopim.com widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://vlaggenclub.dev/; report-to report-endpoint; 1
default-src 'self'; worker-src 'self' https://unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://ep2.adtrafficquality.google https://cdn.taboola.com https://*.taboola.com https://cmp.gatekeeperconsent.com https://the.gatekeeperconsent.com https://www.ezojs.com https://*.ezoic.com; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: http://localhost:* http://127.0.0.1:* data: blob:; media-src 'self' https: data: blob:; frame-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://ep2.adtrafficquality.google https://www.google.com https://*.taboola.com https://cdn.taboola.com https://*.ezoic.com; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net *.cloudflare.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.maxmind.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.authorize.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.insuit.es *.insuit.eu *.insuit.net *.insuit.dev insuit.es insuit.eu insuit.net insuit.dev; script-src 'self' *.insuit.es *.insuit.eu *.insuit.net *.insuit.dev insuit.es insuit.eu insuit.net insuit.dev; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://sandbox-easy-geowidget-sdk.easypack24.net/ consentcdn.cookiebot.com consentcdn.cookiebot.eu *.doubleclick.net secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://images.unsplash.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org www.facebook.com connect.facebook.net img.sct.eu1.usercentrics.eu imgsct.cookiebot.com *.clarity.ms *.bing.com www.google.pl pixel.wp.pl static.payu.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com 'self' data: https://media.azan-cdn.pl/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.cookiebot.com *.cookiebot.eu connect.facebook.net www.google.pl www.google.com google.com analytics.tiktok.com *.clarity.ms pixel.wp.pl *.bing.com secure.payu.com secure.snd.payu.com https://www.datadoghq-browser-agent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://fonts.googleapis.com https://static.klaviyo.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com *.easypack24.net *.inpost.pl *.openstreetmap.org region1.google-analytics.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.clarity.ms www.facebook.com www.google.pl www.google.com google.com stats.g.doubleclick.net analytics.tiktok.com analytics-ie.tiktokw.eu analytics-ttp2.tiktokw.eu analytics-ipv6.tiktokw.us *.bing.com pixel.wp.pl secure.payu.com merch-prod.snd.payu.com https://browser-intake-datadoghq.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://media.azan-cdn.pl/media/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-x_a7H6y88_CoztkUuaximQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.google.com https://www.google.com.tr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://ads/ga-audiences https://connect.facebook.net https://td.doubleclick.net https://www.google.com https://analytics.google.com https://www.google-analytics.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ariba.com app.instapunchout.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.ariba.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr flagpedia.net https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn2.hubspot.net resources.paytrail.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com applepay.cdn-apple.com http://www.sinelli.fi 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com applepay.cdn-apple.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.paytrail.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self'; 1
font-src https://l.clarity.ms *.force.com 'self' https://stats.g.doubleclick.net https://i.clarity.ms https://api.paytrace.com https://a.clarity.ms https://*.g.doubleclick.net https://www.gemline.ca https://catalogs.merch.ai https://w.clarity.ms https://www.google.ge https://www.gstatic.com https://d.clarity.ms https://www.google.com https://analytics.google.com https://fonts.gstatic.com/ https://go.gemline.com blob: https://go.pardot.com https://thegemgroup.my.salesforce-scrt.com https://images.salsify.com https://d.la1-core2.sfdc-lywfpd.salesforceliveagent.com https://*.salesforceliveagent.com https://f.clarity.ms https://m.clarity.ms https://*.googletagmanager.com https://www.gravitytank.com https://*.google-analytics.com https://ssl.gstatic.com https://integrationdesigner.artifi.net https://thegemgroup.my.site.com https://*.analytics.google.com https://v.clarity.ms https://d.la4-c2-ia5.salesforceliveagent.com https://e.clarity.ms https://designer.artifi.net https://*.google.com https://scripts.clarity.ms https://tagmanager.google.com https://q.clarity.ms https://c.clarity.ms https://www.google.co.in https://www.gemline.com https://c.la1-core2.sfdc-lywfpd.salesforceliveagent.com https://www.googletagmanager.com https://www.google-analytics.com *.salesforce.com https://b.clarity.ms https://*.fastly.net https://j.clarity.ms data:; report-to sfdc-csp-ep; report-uri https://thegemgroup.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D3t000001K38v&networkId=0DM3t000000Q8vH&type=communities 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'self' https://bat.bing.com/p/insights/s/0.8.1 https://cdn-cookieyes.com/client_data/3163df0a6f39249079c92eb3/script.js https://cdn.taboola.com/libtrc/unip/1655489/tfa.js https://connect.facebook.net/en_US/fbevents.js; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://x.klarnacdn.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://api2.amplitude.com https://bat.bing.com https://bat.bing.net https://cdn-cookieyes.com https://edge.eu1.fullstory.com https://eu.klarnaevt.com https://js.klarna.com https://log.cookieyes.com https://o24547.ingest.sentry.io; font-src 'self' data: https://fonts.gstatic.com https://x.klarnacdn.net; frame-src 'self' https://hpp.worldpay.com https://js.klarna.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.recaptcha.net; img-src 'self' https://cdn-cookieyes.com https://googleads.g.doubleclick.net https://lantern.roeye.com https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-to csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-5-ZoQELOPDghrLje8CT6mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net script.hotjar.com *.gstatic.com *.livechatinc.com use.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com esqa.moneris.com www3.moneris.com *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.livechatinc.com *.hotjar.com *.doubleclick.net *.moneris.io *.pinterest.com vgdelivery.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net maps.googleapis.com *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' blob: bat.bing.com *.bing.net *.analytics.yahoo.com www.facebook.com maps.gstatic.com www.gstatic.com script.hotjar.com *.doubleclick.net *.everythingwine.ca ws1.postescanada-canadapost.ca *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net esqa.moneris.com www3.moneris.com maps.googleapis.com developers.google.com *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com null *.livechatinc.com *.hotjar.com script.crazyegg.com www.facebook.com *.yimg.com cdn.livesession.io *.doubleclick.net *.bing.com *.clarity.ms cdn.livechatinc.com ws1.postescanada-canadapost.ca unpkg.com *.gorgias.chat *.dyn-rev.app *.pinimg.com *.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com ws1.postescanada-canadapost.ca *.googleapis.com *.gstatic.com use.fontawesome.com https://static.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.yimg.com script.crazyegg.com *.clarity.ms *.livesession.io google.com www.google.com pay.google.com *.analytics.google.com maps.googleapis.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.livechatinc.com *.everythingwine.ca *.doubleclick.net unpkg.com *.gorgias.chat gorgias.win gorgias-convert.com *.dyn-rev.app *.pinterest.com *.bing.com *.bing.net ws1.postescanada-canadapost.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp: https://premier.trustcommerce.com;script-src 'nonce-3702f42ebb80462689dfb1d01cfbcd38' https://myreidhealth.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://static-map-tiles-api.arcgis.com https://us-api.experian.com/decisionanalytics/crosscore/npb2hjhva2fa/services/v0/applications/3 https://www.google.com/recaptcha/enterprise.js;style-src https://myreidhealth.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-obY44vQ4KzXBN3L_kT2S_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'report-sample' https://code.jquery.com; style-src 'self' 'report-sample' fonts.googleapis.com https://fonts.googleapis.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vercel-insights.com https://*.memberstack.com https://*.algolia.net https://*.algolianet.com https://accounts.google.com https://*.google.com https://*.bitcompare.net https://analytics.ahrefs.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://*.google.com; img-src 'self' blob: data: https://*.amazonaws.com https://*.bitcompare.net https://bitcompare.net https://accounts.google.com https://*.google.com ; font-src 'self' data:; connect-src 'self' https://*.vercel-insights.com https://*.memberstack.com https://*.algolia.net https://*.algolianet.com https://*.amazonaws.com https://*.bitcompare.net https://bitcompare.net https://accounts.google.com https://*.google.com https://analytics.ahrefs.com wss://*.vercel.live; frame-src 'self' https://*.memberstack.com https://accounts.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri https://bitcompare.net/api/csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-tQzfcdEGjBfLV24QJdptog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.homelux.ro *.tawk.to 'self' https://fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.homelux.ro *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.2performant.com *.addthis.com *.cookiebot.com *.googlesyndication.com *.homelux.ro *.pinterest.com *.tawk.to *.weltpixel.com https://www.google.com https://www.gstatic.com https://services.dpd.ro 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: *.google.ro *.google-analytics.com *.googlesyndication.com *.homelux.ro *.pinterest.com *.magentocommerce.com t.themarketer.com cdn1.themarketer.com *.tawk.to cdn.jsdelivr.net 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://services.dpd.ro https://stats.g.doubleclick.net https://www.google-analytics.com https://static.biano.ro https://imgsct.cookiebot.com https://i.pinimg.com https://s.pinimg.com https://ct.pinterest.com https://assets.pinterest.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.2performant.com *.addthis.com *.biano.ro *.cookiebot.com *.googleadservices.com *.googlesyndication.com *.homelux.ro *.moatads.com *.pinimg.com https://unpkg.com t.themarketer.com cdn1.themarketer.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://services.dpd.ro https://www.clarity.ms https://f.clarity.ms https://cdn.jsdelivr.net https://ct.pinterest.com https://widgets.pinterest.com https://assets.pinterest.com https://s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com assets.braintreegateway.com *.fontawesome.com *.homelux.ro t.themarketer.com cdn1.themarketer.com *.tawk.to cdn.jsdelivr.net tagmanager.google.com 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.addthis.com *.biano.ro *.cookiebot.com *.doubleclick.net *.googlesyndication.com *.homelux.ro *.pinterest.com t.themarketer.com cdn1.themarketer.com c1api.themarketer.com c2api.themarketer.com c3api.themarketer.com *.tawk.to wss://*.tawk.to 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://services.dpd.ro https://www.clarity.ms https://f.clarity.ms https://ct.pinterest.com https://log.pinterest.com https://s.pinimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.homelux.ro/; report-to report-endpoint; 1
script-src-elem *.eu-6.magentosite.cloud *.lamaisonvalmont.com *.bglobale.com *.global-e.com *.payments-amazon.com *.cookielaw.org *.abtasty.com *.bing.com *.clarity.ms *.doubleclick.net *.facebook.net *.googletagmanager.com *.rakuten.com *.tkrconnector.com googleapis.com *.googleapis.com 'self' 'unsafe-inline'; font-src *.bglobale.com *.global-e.com *.fontawesome.com *.gstatic.com 'self' data: *.cloudflare.com *.makeupar.com *.rakuten.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.global-e.com *.americanexpress.com *.arcot.com *.creditmutuel.fr *.mercurypaymentservices.it *.nexi.it *.nexigroup.com *.redsys.es *.rsa3dsauth.co.uk *.rsa3dsauth.com *.securesuite.co.uk *.securesuite.net *.cardinalcommerce.com facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com *.bglobale.com *.global-e.com checkout.postfinance.ch fragranceprofiler-storieveneziane.com *.qualifioapp.com *.sproutvideo.com *.timify.com *.webotit.ai *.3dsecure-csas.cz *.americanexpress.com *.arcot.com *.asseco-see.hr *.cardinalcommerce.com *.cic.fr *.cooppank.ee *.creditmutuel.fr *.dnp-cdms.jp *.mercurypaymentservices.it *.nexi.it *.redsys.es *.rsa3dsauth.co.uk *.rsa3dsauth.com *.secure.lcl.fr *.securesuite.net *.sparkasse.at *.criteo.com *.criteo.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com *.googlesyndication.com tracead.com *.tracead.com *.trustcommander.net tk.lamaisonvalmont.com youtu.be *.youtu.be youtube-nocookie.com pay.google.com *.nexigroup.com *.securesuite.co.uk *.wlp-acs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com *.bglobale.com *.global-e.com https://images.unsplash.com checkout.postfinance.ch 'self' data: s3s.fr *.s3s.fr *.amazonaws.com *.makeupar.com *.shipup.co *.googleusercontent.com adsrvr.org *.adsrvr.org *.baidu.com bing.com *.bing.com boxclone.com *.clarity.ms *.criteo.net http://sync.commander1.com/ commander1.com *.commander1.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com *.facebook.net *.fillr.com goldenbees.fr *.goldenbees.fr google-analytics.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com linksynergy.com *.linksynergy.com sync.smartadserver.com tagcommander.com *.tagcommander.com *.tiktok.com *.trustcommander.net *.google.ad *.google.ae *.google.af *.google.ag *.google.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.nr-data.net abtasty.com *.abtasty.com quanta.io *.quanta.io google.com *.google.com *.googleapis.com gstatic.com *.gstatic.com lamaisonvalmont.com *.lamaisonvalmont.com *.cookielaw.org data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com https://maps.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ checkout.postfinance.ch *.google.com *.gstatic.com *.tagcommander.com *.trustcommander.net *.amazonaws.com *.cloudflare.com *.makeupar.com *.qualifio.com *.qualifioapp.com *.rewardstyle.com *.shipup.co *.timify.com *.webotit.ai adition.com *.adition.com adnxs.com *.adnxs.com adventori.com *.adventori.com bing.com *.bing.com boxclone.com clarity.ms *.clarity.ms commander1.com *.commander1.com criteo.com *.criteo.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net *.giocdn.com googleadservices.com *.googleadservices.com *.googlesyndication.com hublosk.com jullyambery.net nxtck.com *.nxtck.com rakuten.com *.rakuten.com tiktok.com *.tiktok.com tracead.com *.tracead.com conoret.com newrelic.com nr-data.net *.hotjar.com *.tkrconnector.com abtasty.com *.abtasty.com quanta.io *.quanta.io googleapis.com *.googleapis.com youtube.com *.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bglobale.com *.global-e.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.shipup.co 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://maps.googleapis.com https://player.vimeo.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ t.elasticsuite.io *.google-analytics.com *.trustcommander.net fondationvalmont.com *.cloudflare.com *.ipify.org *.makeupar.com *.shipup.co *.valmontcosmetics.com *.global-e.com *.skeepers.io *.hotjar.com wss://*.hotjar.com *.tkrconnector.com bing.com *.bing.com commander1.com *.commander1.com clarity.ms *.clarity.ms *.doubleclick.net *.facebook.com google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.stape.net tiktok.com *.tiktok.com tk.lamaisonvalmont.com yandex.ru *.google.ad *.google.ae *.google.af *.google.ag *.google.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw nr-data.net abtasty.com *.abtasty.com *.hotjar.io noembed.com *.noembed.com quanta.io *.quanta.io plyr.io *.plyr.io googleapis.com *.googleapis.com *.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://valmont.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service1.artistsincanada.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://web.squarecdn.com https://sandbox.web.squarecdn.com https://challenges.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.bunny.net; font-src 'self' data: https://fonts.gstatic.com https://fonts.bunny.net https://kit.fontawesome.com https://ka-f.fontawesome.com; img-src 'self' data: blob: https://cdn-aic.nyc3.cdn.digitaloceanspaces.com https://www.paypalobjects.com https://*.cloudflare.com; media-src 'self' data:; connect-src 'self' wss: https://service1.artistsincanada.com https://artistsincanada.us4.list-manage.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com; frame-src 'self' https://challenges.cloudflare.com https://www.paypal.com; frame-ancestors 'self'; form-action 'self' https://artistsincanada.us4.list-manage.com; base-uri 'self'; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com *.googleusercontent.com https://*.googleadservices.com https://*.googletagmanager.com https://*.axept.io https://cdnjs.cloudflare.com https://*.tradelab.fr https://*.goldenbees.fr https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.adnxs.com https://*.tiktok.com https://*.indeed.com blob:;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; ; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com  https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://*.talent.com https://axeptio.imgix.net https://*.axept.io https://*.vimeocdn.com https://*.ytimg.com https://*.adsrvr.org https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.adnxs.com https://*.doubleclick.net https://*.googlesyndication.com https://*.indeed.com data:;; media-src 'self'; frame-src https://*.google.com https://*.googletagmanager.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://*.facebook.net;; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:;; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleadservices.com https://*.axept.io https://*.facebook.com https://*.facebook.net https://*.tiktok.com https://*.tiktokw.us https://*.linkedin.com data: blob:;; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' kontur.ru *.kontur.ru *.kontur.host *.skbkontur.ru data: https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://www.googletagmanager.com https://fonts.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://tagmanager.google.com *.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; connect-src 'self' kontur.ru *.kontur.ru *.kontur.host *.skbkontur.ru wss://*.kontur.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net *.google-analytics.com *.analytics.google.com https://analytics.google.com https://www.google-analytics.com; report-uri https://frontreport-relay.kontur.host/csp/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com guarantee-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.userway.org https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://static.ads-twitter.com https://snap.licdn.com https://chat.xxi-banorte.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.jotform.com https://cdn.jotfor.ms https://yoast.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.userway.org https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://static.ads-twitter.com https://snap.licdn.com https://chat.xxi-banorte.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.jotform.com https://cdn.jotfor.ms https://yoast.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.userway.org https://chat.xxi-banorte.com https://cdn.jotfor.ms https://api.mapbox.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org; frame-src 'self' blob: https://www.googletagmanager.com https://consentcdn.cookiebot.com https://www.google.com https://ep2.adtrafficquality.google https://www.youtube.com https://www.youtube-nocookie.com https://open.spotify.com https://embed.spotify.com https://googleadservices.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.jotform.com https://cdn.userway.org; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://consent.cookiebot.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://*.jotform.com https:; worker-src 'self' blob:; frame-ancestors 'self'; 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com https://img.youtube.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com https://cdn.jsdelivr.net *.google.com/ *.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * js.mollie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com widget.freshworks.com m2epro.freshdesk.com https://checkout.iwdagency.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net https://fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.gstatic.com *.googleapis.com *.b0e8.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.b0e8.com *.bc0a.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com/ https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sagepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-nydrVQlDhR1H2lJRbieQWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' www.googleadservices.com ct.pinterest.com bat.bing.net px.ads.linkedin.com settings.luckyorange.net bat.bing.com live.opayo.eu.elavon.com/api/v1/ pagead2.googlesyndication.com services.postcodeanywhere.co.uk api.vimeo.com fresnel.vimeocdn.com *.facebook.com *.g.doubleclick.net *.google.com *.google.co.uk *.google-analytics.com *.analytics.google.com *.googletagmanager.com; font-src 'self' www.westdean.ac.uk assets.westdean.ac.uk/ data:; frame-ancestors 'self'; frame-src 'self' ct.pinterest.com discoveruni.gov.uk widget.discoveruni.gov.uk live.opayo.eu.elavon.com/api/v1/ my.matterport.com player.vimeo.com vimeo.com www.youtube.com *.luckyorange.com *.facebook.com *.googletagmanager.com; img-src 'self' * data:; media-src d10lpsik1i8c69.cloudfront.net player.vimeo.com download-video-ak.vimeocdn.com/v3-1/playback/ vod-adaptive-ak.vimeocdn.com skyfire.vimeocdn.com; script-src 'self' static.cloudflareinsights.com www.westdean.ac.uk assets.westdean.ac.uk/ chimpstatic.com s.pinimg.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com snap.licdn.com assets.opayo.cloud/assets/js/opayo-1.2.40.js cdn.tickettailor.com www.googleadservices.com www.google.com pagead2.googlesyndication.com services.postcodeanywhere.co.uk player.vimeo.com www.youtube.com *.doubleclick.net *.bing.com *.facebook.net *.googletagmanager.com *.vimeocdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.westdean.ac.uk assets.westdean.ac.uk/ d10lpsik1i8c69.cloudfront.net services.postcodeanywhere.co.uk 'unsafe-inline'; report-uri https://o74830.ingest.us.sentry.io/api/215515/security/?sentry_key=610a8846728c479cb10b52482e41c8cc; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://cdnjs.cloudflare.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com fastcalc.dialux.com *.isoled.shop *.list-manage.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.isoled.info *.isoled.hu *.isoled.ch 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://youtube.com fastcalc.dialux.com *.isoled.shop *.googletagmanager.com *.doubleclick.net *.isoled.info youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io camo.githubusercontent.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com maps.gstatic.com widgets.trustedshops.com *.facebook.com fastcalc.dialux.com *.google.at *.google.com *.visableleads.com *.kununu.com *.linkedin.com *.bing.com *.isoled.shop isoled.shop blob: img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com youtube.com https://cdnjs.cloudflare.com maps.googleapis.com *.googleadservices.com *.googletagmanager.com *.usercentrics.eu widgets.trustedshops.com fastcalc.dialux.com *.visableleads.com *.isoled.shop *.isoled.info sst.dev.isoled.shop *.chimpstatic.com *.clarity.ms *.licdn.com *.bing.com *.paypal.com *.paypalobjects.com *.cloudflareinsights.com *.cardinalcommerce.com *.songbird.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.gstatic.com widgets.trustedshops.com static-app.connect.trustedshops.com static-app.connect-qa.trustedshops.com fastcalc.dialux.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com region1.google-analytics.com *.gstatic.com *.googlesyndication.com *.amazon.com *.amazon.de fastcalc.dialux.com *.doubleclick.net *.isoled.shop *.isoled.info *.linkedin.com *.clarity.ms *.bing.com *.usercentrics.eu *.cloudflareinsights.com *.adobe.com *.cardinalcommerce.com dev2.galaxy-profiles.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com *.stape.io https://sandbox-static.iyzipay.com https://static.iyzipay.com data: 'self' 'unsafe-inline'; form-action https://plumrocket.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://challenges.cloudflare.com www.googletagmanager.com https://plumrocket.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io js.mollie.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.stape.io https://img.youtube.com flagpedia.net https://www.mollie.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://sandbox-static.iyzipay.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://challenges.cloudflare.com https://static.cloudflareinsights.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.stape.io cdn.jsdelivr.net maps.googleapis.com js.mollie.com facebook.com www.facebook.com graph.facebook.com https://sandbox-api.iyzipay.com https://sandbox-static.iyzipay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.stape.io cdn.jsdelivr.net *.gstatic.com https://sandbox-static.iyzipay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://cloudflareinsights.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io www.gstatic.com maps.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://sandbox-api.iyzipay.com https://stg.iyzipay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cepmania.com/scommercereporturi/report/storefront; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-o25QgEBZE117ujZzrAcicw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; base-uri 'self'; form-action 'self' https://bam.nr-data.net; frame-ancestors 'self' 'none'; frame-src 'self' https://*.gcs-web.com https://*.convergepay.com https://www.google.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.doubleclick.net https://*.smartrecruiters.com https://nationalvision.gcs-web.com https://prnewswire2-a.akamaihd.net/; connect-src 'self' https://code.jquery.com https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.smartrecruiters.com https://*.doubleclick.net https://www.googletagmanager.com https://extreme-ip-lookup.com https://*.extreme-ip-lookup.com https://ipmeta.io https://*.ipmeta.io https://bam.nr-data.net https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://jobpal-sm.s3.amazonaws.com https://612dedf14e35cd00d7d60304.config.smooch.io https://api.smooch.io wss://api.smooch.io https://cdn.cookielaw.org/ https://cdn.linkedin.oribi.io; script-src 'self' https://code.jquery.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.smartrecruiters.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com http://www.youtube.com https://*.ytimg.com https://www.googleadservices.com https://www.google.com https://*.doubleclick.net 'unsafe-eval' https://tagmanager.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://jobpal-sm.s3.amazonaws.com https://api.smooch.io https://unpkg.com https://cdn.cookielaw.org/ https://*.convergepay.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.googleoptimize.com/ https://click.appcast.io/; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://*.smartrecruiters.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://jobpal-sm.s3.amazonaws.com https://cdnjs.cloudflare.com/; font-src 'self' https://*.typekit.net https://fonts.gstatic.com https://fonts.gstatic.com data: https://jobpal-sm.s3.amazonaws.com 'nonce-edf737975043485aa5bf0ed96f097ad4'; img-src 'self' data: https://www.google-analytics.com https://*.smartrecruiters.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://*.doubleclick.net https://www.google.com https://*.googleusercontent.com https://ssl.gstatic.com https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://media.smooch.io https://i.americasbest.com https://cdn.cookielaw.org/ https://click.appcast.io/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://px4.ads.linkedin.com https://www.multivu.com/national-vision-holdings/*; manifest-src 'self'; media-src 'self' https://jobpal-sm.s3.amazonaws.com; report-uri https://aclens.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-_4SZS3ZiVHbmNtNF2iDV6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2dwE0E9QAKQjPFcbKqQlPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com fonts.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bing.com *.google-analytics.com *.googleadservices.com *.google.co.uk *.googletagmanager.com *.expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.feefo.com *.adobedtm.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.ometria.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bing.com *.google-analytics.com *.googletagmanager.com googleadservices.com *.googleapis.com expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.noibu.com https://www.noibu.com https://cdn.noibu.com *.facebook.net https://cdn.jsdelivr.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.dixa.io x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://api.ometria.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bing.com *.bing.net *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com maps.googleapis.com *.expressentry.melissadata.net *.paypalobjects.com *.ometria.services *.advancedcommerce.services *.algolia.net https://cdn.noibu.com wss://input.noibu.com https://input.noibu.com *.noibu.com https://cdn.jsdelivr.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.dixa.io x.klarnacdn.net *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://api.ometria.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google.com https://platform.twitter.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.xj-storage.jp/public-graph/table/AS02420/ https://www.xj-storage.jp/public-graph-at/table/AS02420/ https://www.xj-storage.jp/public-list/ https://cache.dga.jp/s/sanyodk/ https://www.xj-storage.jp/resources/AS02420/ https://al-s.dc-tag.jp/dcam.min.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/ https://platform.twitter.com/widgets.js https://www.clarity.ms/ https://extend.vimeocdn.com/ga/ https://cdn.cookie.sync.usonar.jp/ https://ip2c.landscape.co.jp/lbcapi/ https://apis.usonar.jp/alog/ https://partner.googleadservices.com/ https://cookie.sync.usonar.jp/v1/ https://www.gstatic.com/ https://kitchen.juicer.cc/ https://cdn.kitchen.juicer.cc/ https://cdn.treasuredata.com/sdk/1.9.1/td.min.js https://cdn.id5-sync.com/api/1.0/id5-api.js https://dmp.im-apps.net/ https://in.treasuredata.com/ https://s.dc-tag.jp/ https://cdn.audiencedata.net/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com https://app.trust360.jp/js/consent-multi-language.js https://apisonar.go.usonar.jp/liveaccess/js/call.js https://usa-cooling.sanyodenki.com/pd.js https://usa-servo.sanyodenki.com/pd.js https://unpkg.com/@google/model-viewer/dist/model-viewer.min.js https://unpkg.com/@google/model-viewer/dist/model-viewer-legacy.js https://js.hs-scripts.com/22560505.js https://js.hsforms.net/forms/embed/v2.js https://scripts.clarity.ms/ https://sanyodenkiamerica--agentforce.sandbox.my.site.com/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com consentcdn.cookiebot.com secure.livechatinc.com *.vimeo.com *.sandbox.paypal.com schulershoes.fullslate.com tst.kaptcha.com *.socialannex.com *.socialannex.net *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://*.gstatic.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://redchamps.com *.stats.paypal.com *.sandbox.paypal.com cdn.livechat-files.com schulershoes-magento.s3.amazonaws.com ss-stg-magento.s3.amazonaws.com meetanshi.com maps.googleapis.com *.socialannex.com *.socialannex.net tn.alphonso.tv *.tvsquared.com bat.bing.com www.facebook.com connect.facebook.net cdn.ywxi.net imgsct.cookiebot.com jumbe.zaius.com api.zaius.com guarantee-cdn.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com apis.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.klevu.com *.ksearchnet.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.fontawesome.com *.cookiebot.com cdn.ywxi.net cdn.jsdelivr.net *.livechatinc.com acsbapp.com d1igp3oop3iho5.cloudfront.net *.socialannex.com *.socialannex.net maxcdn.bootstrapcdn.com *.cardinalcommerce.com bat.bing.com connect.facebook.com connect.facebook.net *.mountain.com *.tvsquared.com tag.simpli.fi onlinedialogue.s3.amazonaws.com www.trustedsite.com *.clarity.ms *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.klaviyo.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.vimeo.com *.socialannex.com *.socialannex.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com s3-us-west-2.amazonaws.com *.acsbapp.com tn.alphonso.tv bat.bing.com *.livechatinc.com maps.google.com maps.googleapis.com *.g.doubleclick.net *.socialannex.com *.socialannex.net consentcdn.cookiebot.com www.facebook.com www.facebook.net kg668dbov0.execute-api.us-east-1.amazonaws.com 3.212.39.155 18.210.229.244 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 100.20.58.101 *.clarity.ms s3.amazonaws.com d1igp3oop3iho5.cloudfront.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app schuler-apicentral.ddev.site apicentral.local.schulershoes.com schuler-apicentral-main-e92vxj.laravel.cloud apicentral.schulershoes.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; block-all-mixed-content; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://stats.liqd.net; default-src 'self' https://stats.liqd.net https://w.soundcloud.com 1
object-src 'none';base-uri 'self';script-src 'nonce--pCCXyfKQId8K4BmYAN5Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--Zcf1b1XPtcMkO-5A6xIuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googleapis.com *.bing.com *.facebook.net *.facebook.com *.attn.tv *.attentivemobile.com *.doubleclick.net *.lightwidget.com *.nextopiasoftware.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com landofcoder.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com flagpedia.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com google.com *.googleapis.com *.bing.com *.facebook.net *.facebook.com *.google.co.in *.clarity.ms *.betterhealthmarket.com *.nextopia.net *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nextopia.net *.nextopiasoftware.com *.bing.com *.facebook.net *.facebook.com *.attn.tv *.attentivemobile.com *.lightwidget.com https://seacrm.org/betterhealthmarket/dtag.js *.clarity.ms *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com landofcoder.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.bootstrapcdn.com *.nextopia.net *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.googletagmanager.com *.bing.com *.facebook.net *.facebook.com *.attn.tv *.attentivemobile.com *.lightwidget.com *.clarity.ms *.stape.ai *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com landofcoder.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Akt-tMZj15t_3o5woUAhmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://analytics.tiktok.com/i18n/pixel/static/main.MWZhMDU3MTU4MQ.jshttps://cdn.evgnet.com/beacon/siamcommercialbank/prod/scripts/evergage.min.jshttps://connect.facebook.net/signals/config/350129558785421https://snap.licdn.com/li.lms-analytics/insight.old.min.jshttps://www.googletagmanager.com/gtm.js 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdx-prod-ssc-frontend.cardx.co.thhttps://kong-prod-frontend.cardx.co.thhttps://www.google-analytics.comhttps://px.ads.linkedin.comhttps://firebase.googleapis.comhttps://firebaseinstallations.googleapis.comhttps://siamcommercialbank.australia-3.evergage.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.comhttps://www.google.comhttps://www.googletagmanager.com; img-src 'self' https://cdx-prod-ssc-frontend.cardx.co.thhttps://tr.line.mehttps://www.facebook.com data:; manifest-src 'self'; media-src 'self' https://cdx-prod-ssc-frontend.cardx.co.th; worker-src 'none' 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; media-src 'self' blob: https:; connect-src 'self' https:; frame-src 'self' https://www.youtube.com https://player.vimeo.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.posthog.com https://fonts.googleapis.com; script-src 'self' 'nonce-16WCob0xkdNO9R2DF9IqE8' https://*.posthog.com https://*.i.posthog.com; font-src 'self' https://*.posthog.com https://app-static.eu.posthog.com https://app-static-prod.posthog.com https://d1sdjtjk6xzm7.cloudfront.net https://fonts.gstatic.com https://cdn.jsdelivr.net https://assets.faircado.com https://use.typekit.net; worker-src 'self'; child-src 'none'; object-src 'none'; media-src https://res.cloudinary.com; img-src 'self' data: https://*.posthog.com https://posthog.com https://www.gravatar.com https://res.cloudinary.com https://platform.slack-edge.com https://raw.githubusercontent.com; frame-ancestors https://posthog.com https://preview.posthog.com; connect-src 'self' https://status.posthog.com https://*.posthog.com  https://raw.githubusercontent.com https://api.github.com; frame-src https:; manifest-src 'self'; base-uri 'self'; report-uri https://us.i.posthog.com/report/?token=sTMFPsFhdP1Ssg&sample_rate=0.1&v=2; report-to posthog 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ariba.com *.coupahost.com *.t1cloud.com app.instapunchout.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com *.ariba.com *.coupahost.com *.t1cloud.com app.instapunchout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net https://includestest.ccdc02.com *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.adobe.com *.adobedtm.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.zapier.com *.zapier.app *.fontawesome.com *.tidio.co *.tagshop.io *.tagshop.ai *.productreview.com.au *.taggshop.io *.taggshop.ai *.cdnfonts.com *.evergage.com *.tagbox.com *.eurekafurniture.com.au *.fonts.net *.jotfor.ms *.migaku.com *.onlinewebfonts.com *.alicdn.com *.taggbox.com unpkg.com images.latitudepayapps.com imageapi.magebinary.co.nz maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ashleyhome.com.au *.facebook.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.mycardsecure.com *.rsa3dsauth.co.uk *.securesuite.co.uk mycardsecure.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors data: *.form.jotform.com *.jotform.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com *.zapier.com *.zapier.app *.taggbox.com *.authorize.net *.pinterest.com *.form.jotform.com *.jotform.com *.doubleclick.net *.jotform.io *.twitter.com *.afterpay.com *.commbank.com.au *.fliphtml5.com *.opendns.com noop.style *.commercepartnerhub.com *.facebook.com *.googletagmanager.com *.americanexpress.com *.arcot.com *.avada.io *.cardinalcommerce.com *.mycardsecure.com *.rsa3dsauth.co.uk *.securesuite.co.uk *.zscalerthree.net mycardsecure.com *.cloudflare.com *.zscaler.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://plumrocket.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net *.zapier.com *.zapier.app *.magentocommerce.com *.latitudefinancial.com *.adnxs.com *.pinterest.com *.mediaiqdigital.com *.eurekafurniture.com.au *.google.com.vn *.google.com.au *.taggbox.com *.doubleclick.net *.latitudepayapps.com *.googleapis.com *.tagshop.io *.tagshop.ai *.ashleyhome.com.au *.facebook.com *.google.com *.jivox.com *.tagbox.com google.com ui-avatars.com www.google.ae www.google.al www.google.am www.google.at www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.de www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.la www.google.lk www.google.mv www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk www.google.vu *.eurekastreetfurniture.com.au *.local.com *.yahoo.com eurekastreetfurniture.com.au www.google.cl www.google.co.ck www.google.co.zm www.google.com.af www.google.com.bh www.google.com.ec www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.na www.google.com.pe www.google.com.py www.google.com.sb www.google.com.uy www.google.dk www.google.ge www.google.gg www.google.hn www.google.hr www.google.lt www.google.mk www.google.mn www.google.mu www.google.ws www.google.co.vi www.google.com.pr www.google.lv www.google.no www.google.tt *.jotfor.ms www.google.ba www.google.bt www.google.co.bw www.google.co.cr www.google.co.ls www.google.co.tz www.google.co.ve www.google.com.do www.google.com.ly www.google.dz www.google.gy www.google.kz www.google.me www.google.ru www.google.sc www.google.tl www.google.bs www.google.com.ag www.google.is www.google.sn www.google.to www.google.az www.google.com.et www.google.com.om www.google.gm www.google.ml www.google.sr *.adsrvr.org www.google.co.ao www.google.co.mz www.google.co.ug www.google.com.mm www.google.ga www.google.im www.google.je www.google.lu www.google.ps www.google.rw *.afterpay.com *.trackedweb.net www.google.co.uz www.google.com.bo www.google.com.gi www.google.li www.google.md www.google.mg www.google.nr www.google.tn zip.co *.googleusercontent.com www.google.cv www.google.ht *.googleadservices.com www.google.cm *.ggpht.com www.google.ad *.facebook.net *.fliphtml5.com *.igodigital.com *.cloudflare.com *.tidiochat.com www.google.dm *.evergage.com *.google-analytics.com *.googletagmanager.com tidio-images-messenger.s3.amazonaws.com unpkg.com www.google.com.tj www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.addressfinder.io https://rum.hlx.page https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.zapier.com *.zapier.app *.taggbox.com *.tidiochat.com *.tidio.co *.authorize.net *.jsdelivr.net *.lfscnp.com *.evgnet.com *.googleapis.com *.facebook.net *.pinimg.com *.adnxs.com *.crazyegg.com *.pinterest.com *.form.jotform.com *.jotform.com *.jotfor.ms *.productreview.com.au *.tagshop.io *.tagshop.ai *.twitter.com *.taggshop.io *.taggshop.ai *.latitudepayapps.com *.jivox.com *.zip.co *.commbank.com.au *.doubleclick.net *.evergage.com *.latitudefinancial.com *.tagbox.com *.zipmoney.com.au *.eurekafurniture.com.au *.yimg.com *.googletagmanager.com googletagmanager.com *.addressfinder.io *.afterpay.com *.avada.io *.bing.com *.googleadservices.com *.igodigital.com rum.hlx.page *.cloudflare.com *.google-analytics.com unpkg.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co https://accounts.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.zapier.com *.zapier.app *.googleapis.com *.jotfor.ms *.tagshop.io *.tagshop.ai *.taggshop.io *.taggshop.ai *.tagbox.com *.evergage.com *.typekit.net *.eurekafurniture.com.au *.fonts.net *.googletagmanager.com *.addressfinder.io *.taggbox.com *.cloudflare.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src noop.style 'self' 'unsafe-inline'; media-src *.adobe.com *.zapier.com *.zapier.app *.tidiochat.com *.tidio.co *.tagshop.ai *.taggbox.com *.gstatic.com *.cdninstagram.com *.tagbox.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.zapier.com *.zapier.app *.tidio.co wss://socket.tidio.co *.zip.co *.algolia.io *.google-analytics.com *.livechatinc.com *.form.jotform.com *.crazyegg.com *.tagshop.io *.tagshop.ai *.productreview.com.au *.taggbox.com *.adnxs.com *.pinterest.com *.evergage.com *.google.com.vn *.google.com.au *.datadoghq.com *.googleapis.com *.cloudfront.net *.afterpay.com *.jivox.com *.doubleclick.net *.facebook.com *.taggshop.io *.zipmoney.com.au localhost www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bn www.google.com.br www.google.com.co www.google.com.fj www.google.com.hk www.google.com.my www.google.com.np www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sg www.google.com.tr www.google.com.tw www.google.cz www.google.de www.google.es www.google.fr www.google.gr www.google.ie www.google.iq www.google.it www.google.jo www.google.lk www.google.mv www.google.nl www.google.pl www.google.pt www.google.sk *.ashleyhome.com.au *.eurekafurniture.com.au *.eurekastreetfurniture.com.au *.yimg.com www.google.al www.google.cl www.google.co.ck www.google.com.af www.google.com.au www.google.com.cy www.google.com.eg www.google.com.gh www.google.com.kh www.google.com.mx www.google.com.na www.google.com.ua www.google.dk www.google.ee www.google.ge www.google.gg www.google.lt www.google.mk www.google.mu www.google.ro www.google.se www.google.vu www.google.co.ke www.google.com.bh www.google.com.kw www.google.com.sa www.google.fi www.google.mn www.google.no www.google.tt www.google.ws www.google.bg www.google.co.bw www.google.co.cr www.google.co.tz www.google.com.ly www.google.com.mt www.google.com.pr www.google.com.sb www.google.kz www.google.rs www.google.ru www.google.sc www.google.tl www.google.bs www.google.co.zm www.google.com.ag www.google.com.bz www.google.com.do www.google.dz www.google.ba www.google.com.ec www.google.sn www.google.sr www.google.to www.google.by www.google.cd www.google.co.ao www.google.co.ma www.google.co.zw www.google.com.jm www.google.com.lb www.google.com.mm www.google.com.ng www.google.com.pe www.google.com.uy www.google.hr www.google.hu www.google.je www.google.la www.google.lv www.google.rw www.google.hn www.google.im www.google.md www.google.nr *.googleadservices.com www.google.co.mz www.google.com.om *.bugsnag.com www.google.me *.alicdn.com www.google.tn www.google.com.et www.google.co.ug www.google.co.uz www.google.com.py www.google.mg rum.hlx.page www.google.dm www.google.am www.google.si ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.eurekastreetfurniture.com.au 'self' 'unsafe-inline'; report-uri https://147192e4-59e8-4e1e-b034-ea7b09670aa9.sansec.watch/; report-to report-endpoint; 1
font-src *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.sirv.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.klarna.com js.mollie.com consentcdn.cookiebot.com/ ad.ad-srv.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com https://www.mollie.com ad.doubleclick.net cdn.notebookgalerie.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sirv.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.googletagmanager.com *.facebook.net *.fontawesome.com *.avada.io js.mollie.com *.adcell.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.sirv.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.google-analytics.com https://get.geojs.io *.avada.io *.adcell.com eu1-search.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sirv.com *.youtube.com blob: *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ pestweb.com https://*.cardconnect.com/ *.dotdigital-pages.com *.dotdigital.com *.google.com/ *.addthis.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.googleapis.com *.gstatic.com https://www.magezon.com https://cdn.brainier.com https://img.delvenetworks.com cdn.doofinder.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.nr-data.net uat01-ecommerceidentity.cs90.force.com univar--uat01.my.salesforce.com *.hsforms.net *.hsforms.com www.google.com.ua *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.googleapis.com *.gstatic.com *.rejoiner.com https://*.cloudfront.net https://*.gosquared.com https://sst.veseris.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.disqus.com *.google.com uat01-ecommerceidentity.cs90.force.com univar--uat01.my.salesforce.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com sst.veseris.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com *.typekit.net *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.rejoiner.com https://sst.veseris.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.stats.g.doubleclick.net *.doubleclick.net *.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net sst.veseris.com https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: https://*.paypal.com https://*.paypalobjects.com 'nonce-iJAGyGE4ZWeDKP3bxtv0MRk-C0GAgcQf'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.punchout2go.com *.tradecentric.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.tradecentric.com *.birchstreetsystems.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com/ *.punchout2go.com *.tradecentric.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net magefan.com cm.magefan.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com/ *.punchout2go.com *.tradecentric.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://acsbapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com webchat.dotdigital.com webchat.staging.dotdigital.com *.punchout2go.com *.tradecentric.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://cdn.acsbapp.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://stats.pusher.com https://cdn.datatables.net https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://pendo-static-5749076184662016.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://static.parcelplatform.com https://stats.pusher.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.pendo.io https://www.gstatic.com https://cdn.datatables.net https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; img-src 'self' data: https://www.google.com https://*.googleapis.com https://maps.gstatic.com https://*.collateral360.com https://*.pendo.io https://*.s3.amazonaws.com https://www.googletagmanager.com https://static.parcelplatform.com https://static.intercomassets.com https://*.intercomcdn.com https://content.pendo.spatialstream.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com; connect-src 'self' https://www.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://data.pendo.io https://sockjs-us2.pusher.com wss://ws-us2.pusher.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io; frame-src 'self' https://c360parc-datastorage-prod.s3.amazonaws.com https://www.google.com; form-action 'self'; report-to default 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com https://maps.googleapis.com https://gateway.moneris.com https://gatewayt.moneris.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.tawk.to 'self' data: maxcdn.bootstrapcdn.com *.sagepay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cashfree.com *.cardinalcommerce.com *.ccavenue.com *.twitter.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com *.arcot.com *.analytics.com *.googleadservices.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cashfree.com *.cardinalcommerce.com www.googletagmanager.com *.twitter.com *.addthis.com *.doubleclick.net *.embedly.com *.rvvup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.addtoany.com *.hotjar.com *.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.sagepay.com *.arcot.com *.analytics.com *.googleadservices.com https://lightwidget.com *.chatra.io *.lightwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cashfree.com https://images.unsplash.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.ccavenue.com *.cloudflare.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net www.independent4life.co.uk www.logicrays.com www.magecomp.com *.amazonaws.com *.securitymetrics.com *.pinterest.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.analytics.com https://cdn-media.vega.co.in https://cdnmedia.vega.co.in https://breeze.vega.co.in https://breeze-media.vega.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cashfree.com *.cardinalcommerce.com *.googleapis.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu embed.tawk.to cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.addtoany.com *.adobe.com *.hotjar.com *.clarity.ms *.avada.io *.pinterest.com www.facebook.com graph.facebook.com business.facebook.com *.sagepay.com *.arcot.com *.analytics.com *.lightwidget.com *.chatra.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.google.com *.addtoany.com maxcdn.bootstrapcdn.com *.sagepay.com *.analytics.com *.googleadservices.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.granberg.se 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cardinalcommerce.com *.cashfree.com *.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.twimg.com *.tawk.to *.doubleclick.net *.amazonaws.com *.securitymetrics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com wss://ws.hotjar.com/ *.clarity.ms *.hotjar.io *.googleadservices.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.addtoany.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com *.arcot.com *.analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TrYhprFG2t-cunL7IhTrJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JX7QGGYGvoA5wUSLWs1Y3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-FUcfTfFl8A2Rkdr_-0zp8w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com *.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.cloudflare.com assets.livecall.io *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.easypack24.net data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com * *.google.com sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk assets.livecall.io *.googletagmanager.com facebook.com facebook.net pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net https://www.magezon.com https://meetanshi.com/media/logo.png quickchart.io img.youtube.com *.google.pl assets.livecall.io *.cloudflare.com https://cdn.klarna.com *.magentocommerce.com *.paypal.com *.tpay.com *.payu.com https://s.ytimg.com *.usercentrics.eu translate.googleapis.com facebook.com facebook.net aktywnybaner.rzetelnafirma.pl *.googletagmanager.com www.facebook.com www.google.com pixel.homebook.pl pixel.wp.pl *.googleapis.com static.przelewy24.pl www.gstatic.com gstatic.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com *.cloudflare.com assets.livecall.io *.google-analytics.com translate.googleapis.com *.trustedshops.com *.usercentrics.eu *.tpay.com *.paypal.com *.payu.com *.easypack24.net *.unpkg.com *.jsdelivr.net *.mapbox.com connect.facebook.net bam.eu01.nr-data.net js-agent.newrelic.com *.edrone.me *.callback24.io pixel.homebook.pl pixel.wp.pl sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com assets.livecall.io *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.usercentrics.eu *.przelewy24.pl *.easypack24.net translate.googleapis.com fonts.googleapis.com/ secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src assets.livecall.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.cloudflare.com assets.livecall.io analytics.google.com *.paypal.com bam.eu01.nr-data.net facebook.com facebook.net stats.g.doubleclick.net consent.cookiefirst.com api.edrone.me *.edrone.me signalling.livecall.io geoip.livecall.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src *.mczbf.com; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://geowidget.easypack24.net *.cj.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com pay.google.com play.google.com *.autopay.eu *.packeta.com creativecdn.com ct.pinterest.com *.criteo.com *.criteo.net pudofinder.dpd.com.pl googletagmanager.com *.googletagmanager.com www.googletagmanager.com secure.payu.com merch-prod.snd.payu.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org www.googleadservices.com www.google-analytics.com www.google.pl bat.bing.com mrtg.emailpartners.net pixel.wp.pl ct.pinterest.com scontent-waw1-1.cdninstagram.com adservice.google.pl c.clarity.ms c.bing.com *.mczbf.com *.kdukvh.com *.emjcd.com *.dotomi.com *.adnxs.com contextual.media.net pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com visitor.omnitagjs.com id5-sync.com ad.360yield.com criteo-partners.tremorhub.com beacon.krxd.net gum.criteo.com s.thebrighttag.com ad.yieldlab.net *.seznam.cz *.bing.net duka.com *.duka.com *.criteo.net static.payu.com *.googleapis.com *.googleusercontent.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.autopay.eu pay.google.com *.packeta.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org www.googleadservices.com www.google-analytics.com static.hotjar.com bat.bing.com www.clarity.ms analytics.tiktok.com dsp-media.eskimi.com cdn.gdprcookiemanager.com cdn.tmtarget.com www.googleoptimize.com s.pinimg.com pixel.homebook.pl pixel.wp.pl js-agent.newrelic.com bam-cell.nr-data.net script.hotjar.com bam.nr-data.net *.mczbf.com *.cj.com *.criteo.net sslwidget.criteo.com googletagmanager.com *.clarity.ms *.seznam.cz paypalobjects.com secure.payu.com secure.snd.payu.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.autopay.eu *.fontawesome.com https://geowidget.easypack24.net *.cj.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.packeta.com *.easypack24.net *.inpost.pl *.openstreetmap.org www.google-analytics.com cdn.gdprcookiemanager.com analytics.tiktok.com n.clarity.ms ct.pinterest.com stats.g.doubleclick.net bam.nr-data.net in.hotjar.com dsp-trk.eskimi.com dsp-ap.eskimi.com *.mczbf.com *.sjwoe.com p.clarity.ms google.com *.clarity.ms googletagmanager.com *.googletagmanager.com *.bing.net *.hotjar.io *.criteo.net *.criteo.com secure.payu.com merch-prod.snd.payu.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.cj.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-AxbQBq8tnspEUmRV1A1UdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-to csp-report-only; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 1
default-src 'self' seatgeek.okta.com *.oktacdn.com; connect-src 'self' seatgeek.okta.com seatgeek-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com seatgeek.kerberos.okta.com seatgeek.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-qE4sgLPEAEsn3Zdu1t6SgQ' 'unsafe-eval' 'self' 'report-sample' seatgeek.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-qE4sgLPEAEsn3Zdu1t6SgQ' 'self' 'report-sample' seatgeek.okta.com *.oktacdn.com; frame-src 'self' seatgeek.okta.com seatgeek-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-680e7385.duosecurity.com; img-src 'self' seatgeek.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' seatgeek.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://seatgeekadmin.com 1
object-src 'none';base-uri 'self';script-src 'nonce-ixpYNzX_sljfpj6Iyd_KYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1iQaItu-HbTLG4rL5HEndg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com *.cloudflare.com cdnjs.cloudflare.com *.thuiswinkel-cdn.org *.feedbackcompany.com *.googleapis.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.cookiebot.com *.trustpilot.com js.mollie.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com https://belco-prod.s3-eu-central-1.amazonaws.com *.google.nl *.ytimg.com *.cookiebot.com *.visualwebsiteoptimizer.com *.thuiswinkel-cdn.org *.feedbackcompany.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://www.mollie.com https://redchamps.com *.hsforms.net *.hsforms.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.belco.io *.belco.io *.google-analytics.com *.googleadservices.com *.doubleclick.net js-agent.newrelic.com bam-cell.nr-data.net *.hotjar.com *.googlesyndication.com *.beslist.nl *.trustpilot.com *.ahrefs.com *.cookiebot.com *.thuiswinkel.org *.thuiswinkel-cdn.org *.convertexperiments.com *.getqonfi.com *.feedbackcompany.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.googleapis.com *.bootstrapcdn.com *.cloudflare.com cdnjs.cloudflare.com *.thuiswinkel-cdn.org *.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com *.gstatic.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com wss://chat.belco.io https://cdn.belco.io *.belco.io bam-cell.nr-data.net *.googlesyndication.com *.cookiebot.com *.doubleclick.net *.ahrefs.com *.beslist.nl *.visualwebsiteoptimizer.com *.thuiswinkel-cdn.org *.hotjar.io *.feedbackcompany.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.google-analytics.com *.feedbackcompany.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net code.ionicframework.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google-analytics.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com code.ionicframework.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com *.amazonaws.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.facebook.net *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.facebook.net *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.global-e.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src 'self' data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com *.facebook.net https://maps.gstatic.com https://maps.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.google.com *.zopim.com *.bing.com *.clarity.ms *.adroll.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com ipinfo.io https://maps.googleapis.com https://maps.gstatic.com maps.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.cloudflare.com chimpstatic.com *.surveymonkey.com *.kbmaxnext.com *.ctctcdn.com *.adroll.com *.zopim.com *.klaviyo.com sc-static.net *.twitter.com brighterimagelab.com *.ads-twitter.com *.doubleclick.net *.googleadservices.com globalshopex.com *.clickcease.com *.bing.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net https://ipinfo.io https://maps.googleapis.com www.gstatic.com maps.googleapis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.doubleclick.net brighterimagelab.com *.klaviyo.com *.zopim.com *.googleadservices.com *.clarity.ms *.adroll.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.feedbackcompany.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: www.cm.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com js.mollie.com www.xtento.com *.freshchat.com *.doubleclick.net *.vekto.nl *.cvtotaal.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://images.unsplash.com *.disqus.com *.feedbackcompany.com 'self' data: *.google.nl https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://img.youtube.com https://www.mollie.com flagpedia.net https://redchamps.com *.hsforms.net *.hsforms.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com *.visualwebsiteoptimizer.com *.cvtotaal.nl cvtotaal.nl *.eu.com *.mistersales.nu *.bing.com *.windows.net *.taggrs.io *.google.com *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.disqus.com *.feedbackcompany.com *.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.googletagmanager.com tagmanager.google.com js.mollie.com maps.googleapis.com *.hsforms.net *.hsforms.com tm.tradetracker.net www.xtento.com cdn.xtento.com gateway.tweakwisenavigator.net *.freshchat.com *.visualwebsiteoptimizer.com *.clarity.ms *.bing.com *.eu.com *.robinhq.com *.windows.net *.msecnd.net *.digitalcx.com *.vekto.nl *.beslist.nl *.facebook.net *.exatom.io *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com tagmanager.google.com fonts.google.com maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/fontawesome.min.css *.freshchat.com *.eu.com *.mistersales.nu mistersales.nu *.typeform.com embed.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.eu.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.feedbackcompany.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.gstatic.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com gateway.tweakwisenavigator.net *.visualwebsiteoptimizer.com *.doubleclick.net *.eu.com *.clarity.ms *.visualstudio.com wss://cxcomlive-webconvwa-weu.azurewebsites.net *.cvtotaal.nl *.vekto.nl *.beslist.nl *.exatom.io *.bing.com api.typeform.com wss://webchat-api.digitalcx.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'strict-dynamic' 'self' 'inline-speculation-rules' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com 'sha256-GyUsdBtdHKlqtQSzGDSvNCHPdK8s1GO2S2y9jj4oYog=' *.google-analytics.com stats.wp.com 'sha256-+zMjo4vywISTRiN+RDp+W665czd5i8MOxiovBqr69F0=' 'sha256-X7SYke/fTbXP5LTn1g56zfcWCiSzQpGhzSLHvvNm0jo=' form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com connect.facebook.net s3.tradingview.com https://www.google.com/recaptcha/ https://challenges.cloudflare.com/turnstile/ 'sha256-riitXBKGtl5y5ccA7GF6ccqJuwEVP5tm8j0ff/fbw9U=' 'sha256-k8zlbQ8Yw3tO1mzGrtP0m5BxCIEa+iH8LXA4dctSEMI=' 'sha256-wBhUGm/Lzl4TA4tJsiguA/vnV9LaNE6plmk4Xn/6/Mw=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-5oZoxPs07HkLGv2K/yyNWiLlCvxwJuQdhXLKg2AXhT0=' 'nonce-OUxEltpVsenl4G7HxJpse7eU' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.jotform.com; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com https://www.google.com/recaptcha/; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com *.youtube.com s.tradingview.com www.tradingview-widget.com challenges.cloudflare.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
default-src 'self' https: wss: *.binotel.com *.webpushs.com *.pushdata.sendpulse.com; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' *.binotel.com *.webpushs.com *.pushdata.sendpulse.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-violation-report-endpoint 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e72367b9-6e86-4604-bbda-cd4860d727c6.sansec.watch/; report-to report-endpoint; 1
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com *.checkout.vficloud.net *.vficloud.net *.amazonaws.com *.checkout.verifone.cloud *.verifone.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.revolut.com *.cdn-apple.com *.gstatic.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.revolut.com *.gstatic.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com *.checkout.vficloud.net *.vficloud.net *.checkout.verifone.cloud *.verifone.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-_04dcXaU0-G-I6bC_n7JKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://www.charly.com/ 'nonce-NGhqYzgwdHpva2xhMG05dmw3cXJiNnVkenMydTJuZWl2bDB6c2lmYmUwNmZv' 'self' 'unsafe-eval' 'unsafe-inline' *.adobe.com *.adobe.io *.adobedtm.com *.braintreegateway.com *.magento-datasolutions.com *.magento-ds.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com *.sentry-cdn.com *.sentry.io *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net cdn.jsdelivr.net/npm/@adobe/ commerce.adobe.net developers.google.com https://h64.online-metrix.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com js.magento-datasolutions.com magento-recs-sdk.adobe.net maps.googleapis.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ use.typekit.net vimeo.com www.vimeo.com byspotify.com tiktok.com global-cache.online infird.com gstatic.com paypalobjects.com googleapis.com facebook.net facebook.com connect.facebook.net *.googletagmanager.com *.google-analytics.com *.google.com pinimg.com pinterest.com; style-src 'self' blob: 'unsafe-inline' https://www.charly.com/ 'unsafe-hashes' *.fonts.googleapis.com https://fonts.googleapis.com; img-src data: 'self' https://www.charly.com/ *.facebook.com *.facebook.net connect.facebook.net google.com gstatic.com paypal.com flagcdn.com *.googletagmanager.com wolfcharly.com mcstaging.wolfcharly.com googleapis.com google.cctld com.mxmedia *.google.ie *.paypal.com *.paypalobjects.com *.maps.gstatic.com *.maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com use.typekit.net *fonts.googleapis.com https://fonts.gstatic.com cdnfonts.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adobe.com *.braintreegateway.com *.demdex.net fast.amc.demdex.net *.paypal.com *.paypalobjects.com *.youtube-nocookie.com schools-blocked.s3-website-us-east-1.amazonaws.com opendns.com paypal.com doubleclick.net pinterest.com *.googletagmanager.com *.google-analytics.com; report_uri https://5fe7c116-36c5-41f5-b861-bc20b8976b0b.sansec.watch/; report-to report-endpoint; frame-ancestors 'self' https://www.charly.com/; manifest-src 'self' 'unsafe-inline' https://www.charly.com/; connect-src 'self' https://www.charly.com/ *.adobe.io *.analytics.google.com *.braintreegateway.com 'unsafe-inline' *.magento-datasolutions.com *.magento-ds.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com *.sentry-cdn.com *.sentry.io *.snplow.net *.telemetry-dev.adobe.io *.telemetry.adobe.io amcglobal.sc.omtrdc.net api.magento.com commerce.adobedc.net dpm.demdex.net maps.googleapis.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com search-admin-ui-qa.magento-datasolutions.com search-admin-ui.magento-ds.com www.facebook.com https://*.googleapis.com *.google.com https://*.gstatic.com spotify.com tiktok.com google.com *.google-analytics.com *.google.com global-cache.online paypal.com googleapis.com freeipapi.com pinterest.com www.facebook.com connect.facebook.net; worker-src 'self'; 1
default-src 'self'; script-src 'self' 'inline' https://gmpg.org https://*.hubspot.com https://js.hs-banner.com https://*.6sc.co https://script.crazyegg.com https://bat.bing.net https://snap.licdn.com https://www.googletagmanager.com https://js.hs-analytics.net https://*.hs-scripts.com https://googleads.g.doubleclick.net https://*.hu-manity.co https://use.typekit.net; connect-src 'self' https://yoast.com https://*.hsforms.com https://www.google.com https://*.hubspot.com https://secure.adnxs.com https://*.google-analytics.com https://*.hu-manity.co https://*.6sc.co https://*.crazyegg.com https://*.googleadservices.com https://*.linkedin.com https://*.6sense.com https://www.googletagmanager.com https://js.hs-analytics.net https://bat.bing.net https://*.doubleclick.net https://googleads.g.doubleclick.net; img-src 'self' data: https://www.google.co.jp https://*.wpenginepowered.com https://www.admincolumns.com https://b.6sc.co https://px.ads.linkedin.com https://www.google.com https://*.gravatar.com https://*.bugherd.com https://*.hubspot.com https://*.hsforms.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://bat.bing.net https://bat.bing.com https://snap.licdn.com https://*.hu-manity.co https://script.crazyegg.com https://*.6sc.co http://www.google.co.uk; style-src 'self' https://fonts.bunny.net https://fonts.googleapis.com https://*.typekit.net https://*.hs-scripts.com https://*.hubspot.com; font-src 'self' data: https://fonts.bunny.net https://cluepoints.com https://fonts.gstatic.com https://use.typekit.net; script-src-elem 'self' https://bat.bing.com https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://*.googleadservices.com https://gmpg.org https://*.hubspot.com https://js.hs-banner.com https://*.hs-scripts.com https://js.hsforms.com https://secure.adnxs.com https://px.ads.linkedin.com https://*.crazyegg.com https://*.gravatar.com https://*.bugherd.com https://*.6sense.com https://*.6sc.co https://script.crazyegg.com https://bat.bing.net https://snap.licdn.com https://js.hs-analytics.net https://googleads.g.doubleclick.net https://*.hu-manity.co https://use.typekit.net; frame-ancestors 'self'; frame-src 'self' https://*.vimeo.com https://*.goconsensus.com;  base-uri 'self'; form-action 'self'; worker-src 'self' blob:; report-uri https://o4509980174254080.ingest.us.sentry.io/api/4511055214673920/security/?sentry_key=ff2b2ec69cb77185cf17606f62b0a3dd; 1
default-src 'self' https:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data: https://www.googletagmanager.com; object-src 'none'; script-src 'self' https: 'strict-dynamic' 'unsafe-eval' 'nonce-6yGhnUPH2DuWetV+CxnKvg=='; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; connect-src 'self' https: wss://*.karte.io; frame-ancestors 'self'; report-uri /csp-violation-report-endpoint 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com data: *.trustedshops.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com https://www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.trustedshops.com *.instagram.com *.fbcdn.net *.via.placeholder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.trustedshops.com *.cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com widget.freshworks.com m2epro.freshdesk.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.instagram.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Jlll2seuIHqwUKSnyA0j_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https://*.googletagmanager.com https://google.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://gdpr.mandarin-medien.de https://*.maven360.io https://bat.bing.com https://connect.facebook.net https://www.googleadservices.com https://*.frcapi.com; font-src 'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://ihreapotheken.de https://bid.g.doubleclick.net https://td.doubleclick.net https://*.frcapi.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com https://bat.bing.com https://gdpr.mandarin-medien.de https://*.maven360.io; media-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://gdpr.mandarin-medien.de https://*.maven360.io https://bat.bing.com https://www.youtube.com https://ihreapotheken.de https://maps.googleapis.com https://connect.facebook.net; style-src 'self' 'report-sample' 'unsafe-inline' https://gdpr.mandarin-medien.de https://*.maven360.io https://googletagmanager.com https://tagmanager.google.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://*.doccheck.com; frame-ancestors 'self'; report-uri https://www.gelomyrtol-forte.de/log-report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-mZw_kr2Mu3n-401gKW8big' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lHODf6bacYLUT2s-pFydZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' secure.gravatar.com;style-src 'self' fonts.googleapis.com;frame-ancestors 'self'; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.userway.org https://www.youtube.com https://s.w.org https://widget02.wolkvox.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://clients1.google.com https://connect.facebook.net;         style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.userway.org;         img-src 'self' data: https://secure.gravatar.com https://cdn.userway.org https://www.instagram.com https://www.google.com.co https://s.w.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://t0.gstatic.com https://ps.w.org https://connect.advancedcustomfields.com https://i.imgur.com;         font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org;         connect-src 'self' https://stats.g.doubleclick.net https://api.userway.org https://analytics.google.com https://www.google-analytics.com https://widget02.wolkvox.com https://www.google.com.co https://api.rankmath.com https://www.googletagmanager.com;         frame-src 'self' https://www.youtube.com https://widget02.wolkvox.com https://www.instagram.com https://digiturno.ugpp.gov.co https://chatbot.ugpp.gov.co https://consulteconcedula.ugpp.gov.co https://lookerstudio.google.com https://cdn.userway.org;         worker-src 'self' blob:;         report-uri /wp-json/ugpp-csp/v1/log; 1
img-src 'self' data: https://pixel.wp.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.tuttoperlestetica.com; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net https://yoast.com https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.tuttoperlestetica.com; font-src 'self' https://fonts.gstatic.com data:; 1
default-src 'self'; script-src 'self' https://exclusiverh.innocraft.cloud; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.newstank.fr data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://ipapi.co/json https://exclusiverh.innocraft.cloud https://fonts.googleapis.com; media-src 'self'; object-src 'none'; frame-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xENi7oPCPaCpSEd-XB6rhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Ad2DoAm5RqVkpaMOGF6QeA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com squeezely.tech assets.sitescdn.net googleads.g.doubleclick.net *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com consent.cookiebot.com pay.google.com www.paypalobjects.com www.paypal.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; worker-src 'self' *.psplugin.com blob:; frame-src consentcdn.cookiebot.com *.trustpilot.com *.hotjar.com *.braintreegateway.com www.googletagmanager.com *.doubleclick.net checkout.paypal.com pay.google.com *.cardinalcommerce.com *.paypal.com; frame-ancestors 'self' *.psplugin.com 1
object-src 'none';base-uri 'self';script-src 'nonce-xd62SibXDMir9nyt1LchCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com staticw2.yotpo.com cdn1.stamped.io static.klaviyo.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://seo.mageplaza.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.cash.app *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com t.zip.co app.hubspot.com tr.snapchat.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.googleapis.com *.gstatic.com *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.secure-afterpay.com.au stats.g.doubleclick.net www.google.com.au staticw2.yotpo.com p.yotpo.com cdn-yotpo-images-production.yotpo.com cfvod.kaltura.com a.klaviyo.com bat.bing.com tr.snapchat.com blob: www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com seal.geotrust.com static.zipmoney.com.au api.instagram.com www.google.com www.gstatic.com staticw2.yotpo.com bam.nr-data.net cdn.inspectlet.com static.klaviyo.com fast.a.klaviyo.com edge.fullstory.com secure.ewaypayments.com v2.zopim.com static.zdassets.com widget-mediator.zopim.com bat.bing.com static.hotjar.com script.hotjar.com browser.sentry-cdn.com unsafe-eval edge.marker.io sc-static.net tr.snapchat.com global-api.afterpay.com js.squarecdn.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com staticw2.yotpo.com cdn1.stamped.io static.klaviyo.com static-tracking.klaviyo.com use.typekit.net p.typekit.net analytics.tiktok.com sc-static.net tr.snapchat.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com stedi.s3.ap-southeast-2.amazonaws.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.zip.co api.zipmoney.com.au staticw2.yotpo.com app.hubspot.com api.hubspot.com payments.braintree-api.com/graphql fast.a.klaviyo.com edge.fullstory.com rs.fullstory.com sales-w7ssk.zendesk.com stedi.zendesk.com widget-mediator.zopim.com ekr.zdassets.com metrics.hotjar.io tr.snapchat.com tr6.snapchat.com api.marker.io api.experianaperture.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com stedi.s3.ap-southeast-2.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com www.google.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://connect.ekomi.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://connect.ekomi.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn.mundipagg.com api.pagar.me *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.mundipagg.com api.pagar.me t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: stats.g.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com https://int-ecommerce.nexi.it/ecomm/XPayBuild/ https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.fls.doubleclick.net www.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.addthis.com https://int-ecommerce.nexi.it/ https://hal9000.redintelligence.net/ https://ad4m.at/frame.html *.hotjar.com *.criteo.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bird.eu *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com https://ecommerce.nexi.it/ecomm/payment/img/visa.svg https://ecommerce.nexi.it/ecomm/payment/img/mastercard.svg https://ecommerce.nexi.it/ecomm/payment/img/logoNexiLarge.png https://ecommerce.nexi.it/ecomm/payment/img/maestro.svg https://form.jotform.com/ https://www.google.it/ https://as.ad4m.at/ad/ https://r.adserver01.de/rt/ *.taboola.com/ https://track.adform.net/ https://ads.creative-serving.com/ https://adservice.google.it/ https://secure.adnxs.com/ https://events.jotform.com/jsform/ *.favicon.ico https://cdn.jotfor.ms/assets/img/logo/logo-new@1x.png https://cdn.jotfor.ms/favicon.ico https://tr.outbrain.com/unifiedPixel https://criteo-partners.tremorhub.com/ https://contextual.media.net/ https://ad.360yield.com/ https://jadserve.postrelease.com https://simage2.pubmatic.com/ https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://visitor.omnitagjs.com/ https://s.thebrighttag.com *.criteo.com/ *.analytics.yahoo.com/ https://beacon.krxd.net/ https://x.bidswitch.net/ https://e1.emxdgt.com/ *.ads.yieldmo.com https://ad.yieldlab.net/ https://match.sharethrough.com/ https://sync.outbrain.com/ https://exchange.mediavine.com/ https://matching.ivitrack.com/ https://id5-sync.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.awin1.com www.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.nr-data.net js-agent.newrelic.com cdn.scalapay.com int-ecommerce.nexi.it form.jotform.com ad4m.at *.taboola.com *.hotjar.com *.outbrain.com static.criteo.net static.hotjar.com cdn.jotfor.ms dynamic.criteo.com *.smct.io *.smct.co https://smct.co/ *.iubenda.com hits-i.iubenda.com *.mainadv.com *.openapi.it *.cardinalcommerce.com cdn.doofinder.com ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com https://form.jotform.com/ *.jotfor.ms *.doofinder.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://www.wepowerconnections.com/ https://the.sciencebehindecommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.nr-data.net https://int-ecommerce.nexi.it/ *.hotjar.com https://stats.g.doubleclick.net/j/collect *.criteo.com https://trc-events.taboola.com/1052370/log/3/unip https://firehose.eu-west-1.amazonaws.com https://hits-i.iubenda.com/write https://cognito-identity.eu-west-1.amazonaws.com/ https://tr.outbrain.com/ *.openapi.it *.cardinalcommerce.com *.doofinder.com wss://*.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com maps.googleapis.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://integration-5ojmyuq-zgzvw2kr4mr5m.eu-5.magentosite.cloud/italiano; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-zIbe2d8phlis2YeH2NWwNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; child-src 'self' https://analytics.zoho.eu https://www.google.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://sc.lfeeder.com https://cdn.amcharts.com https://cdn.jsdelivr.net https://esm.run 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://tr-rc.lfeeder.com; connect-src 'self' https://*.google.com https://*.google-analytics.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-oO_ChMpkhxeC1OtLhI3Sbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self'  https://cdn.suitableshop.net https://bat.bing.com https://d5yoctgpv4cpx.cloudfront.net https://tggng.suitable.de 'unsafe-inline' ; 1
worker-src https://www.sakestore.nl https://dev.sakestore.nl blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net https://www.sakestore.nl https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv *.facebook.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.sakestore.nl https://vars.hotjar.com https://nl.pinterest.com https://www.pinterest.com https://ct.pinterest.com https://www.youtube.com https://documents.riverty.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.faslet.net magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.sakestore.nl https://www.google.com https://www.google.nl https://www.googletagmanager.com https://script.hotjar.com https://ct.pinterest.com https://dev.visualwebsiteoptimizer.com https://cdn.myafterpay.com https://log.pinterest.com https://www.facebook.com https://scontent-ams4-1.cdninstagram.com https://scontent-amt2-1.cdninstagram.com https://img.sct.eu1.usercentrics.eu https://c.bing.com *.clarity.ms maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ https://maps.googleapis.com https://player.vimeo.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.faslet.net *.disqus.com https://cdn.jsdelivr.net *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.sakestore.nl https://www.googletagmanager.com https://static.hotjar.com http://static.hotjar.com https://script.hotjar.com https://s.pinimg.com https://dev.visualwebsiteoptimizer.com https://www.smartsuppchat.com https://rec.smartlook.com https://widget-v2.smartsuppcdn.com https://widget-v3.smartsuppcdn.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://assets.pinterest.com https://chimpstatic.com https://connect.facebook.net https://cdn.matomo.cloud https://sakestore.matomo.cloud https://consentcdn.cookiebot.eu https://ct.pinterest.com *.clarity.ms https://matomojs.trackify.info http://172.17.0.2:15729 http://172.17.0.2:35729 http://127.0.0.1:35729 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com https://www.sakestore.nl https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.faslet.net https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.sakestore.nl https://www.google-analytics.com https://in.hotjar.com https://surveystats.hotjar.com https://surveystats.hotjar.io https://ct.pinterest.com https://bootstrap.smartsuppchat.com https://translations.smartsuppcdn.com https://widget-v2.smartsuppcdn.com https://widget-v3.smartsuppcdn.com wss://websocket-visitors.smartsupp.com https://websocket-visitors.smartsupp.com smartsupp.com *.smartsupp.com https://manager.smartlook.com https://web-writer.eu.smartlook.cloud https://bam.eu01.nr-data.net https://analytics.google.com https://graph.instagram.com https://sakestore.matomo.cloud https://googleads.g.doubleclick.net https://kleding.sakestore.nl *.clarity.ms https://consentcdn.cookiebot.eu http://172.17.0.2:35729 ws://172.17.0.2:35729 ws://127.0.0.1:35729 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://www.sakestore.nl https://dev.sakestore.nl http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self'; connect-src 'self' wss: https://*.google-analytics.com https://*.space-and-time.workers.dev https://o4506820159406080.ingest.us.sentry.io https://api.web3modal.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' http://js.stripe.com https://accounts.google.com https://verify.walletconnect.com; img-src * data:; manifest-src 'none'; media-src 'self' https://pub-470af287cceb43ff85efacf49a62a335.r2.dev; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://cdn.tailwindcss.com https://accounts.google.com https://js.stripe.com https://static.cloudflareinsights.com 'unsafe-eval' 'unsafe-inline' blob:; script-src-attr 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://accounts.google.com 'unsafe-inline'; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-to csp-endpoint; report-uri /bff/csp-reports; upgrade-insecure-requests 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.addthis.com https://d.hobbyshop-online.nl https://ct.pinterest.com https://www.facebook.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: https://maps.gstatic.com https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com downloads.mailchimp.com https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net https://core.helloretail.com https://helloretailcdn.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.feedbackcompany.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sirv.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.feedbackcompany.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.googleapis.com *.googletagmanager.com *.chimpstatic.com *.adobetm.com *.adobe.com polyfill.io *.doubleclick.net *.cookiebot.eu *.bing.com *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu *.sentry-cdn.com *.trustedshops.com *.helloretail.com *.google.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.googleapis.com *.googletagmanager.com *.chimpstatic.com *.adobetm.com polyfill.io *.cookiebot.eu *.cookiebot.com *.bing.com *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu *.sentry-cdn.com *.trustedshops.com *.helloretail.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.feedbackcompany.com *.cloudflare.com *.multisafepay.com *.amazonaws.com *.sirv.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com polyfill.io *.cookiebot.eu *.cookiebot.com *.bing.com *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu *.sentry-cdn.com *.trustedshops.com *.helloretail.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.feedbackcompany.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.cloudflare.com *.twitter.com *.fontawesome.com s7.addthis.com player.vimeo.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.sirv.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com polyfill.io *.cookiebot.eu *.bing.com *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu *.sentry-cdn.com *.trustedshops.com *.helloretail.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io *.clarity.ms maillist-manage.eu *.maillist-manage.eu *.getqonfi.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.multisafepay.com *.sendcloud.sc *.jsdelivr.net *.sirv.com *.twitter.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com polyfill.io *.cookiebot.eu *.bing.com *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu *.sentry-cdn.com *.trustedshops.com *.helloretail.com *.google.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.feedbackcompany.com *.sentry-cdn.com *.cloudflare.com ekr.zdassets.com/ *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.sirv.com *.youtube.com blob: *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.googletagmanager.com *.chimpstatic.com *.adobetm.com *.adobe.com polyfill.io *.cookiebot.eu *.bing.com *.bing.net *.chatbase.co *.zoho.eu *.zohocdn.com *.zohopublic.eu wss://vts.zohopublic.eu *.trustedshops.com *.helloretail.com *.fietsonline.com fietsonlinedev.hypernode.io *.fietsbandonline.nl *.fietszitjesonline.nl *.fahrrad-reifen-online.de *.fahrradteile-outlet.de *.fahrrad-reifen-online.at *.fahrradteile-outlet.at *.flaggel.com *.pagesense.io *.clarity.ms *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://flaggel.com/; report-to report-endpoint; 1
base-uri 'self'; default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://plausible.io; connect-src 'self' https://plausible.io https://statuspal.io; frame-src 'self' https://iframe.mediadelivery.net https://www.youtube.com; form-action 'self' https://www.activityinfo.org; report-uri /app/csp-violation; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://media.flixcar.com https://media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * consentcdn.cookiebot.com service.giosg.com static.hotjar.com https://www.googletagmanager.com https://tracking.veikonkone.fi 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.klevu.com *.ksearchnet.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn2.hubspot.net resources.paytrail.com *.visualwebsiteoptimizer.com bat.bing.com imgsct.cookiebot.com where-to-buy.co strack.where-to-buy.co *.videoly.co rt.flix360.com media.flixcar.com https://www.veikonkone.fi https://www.google.fi/ https://tracking.veikonkone.fi https://cdn.giosgusercontent.com https://embed-ssl.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://browser.sentry-cdn.com *.klevu.com *.ksearchnet.com https://api.unifaun.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com *.visualwebsiteoptimizer.com api.custobar.com consentcdn.cookiebot.com consent.cookiebot.com bat.bing.com service.giosg.com *.hotjar.com app.kuvio.io *.videoly.co where-to-buy.co payment-widget.avarda.com payment-widget.stage.avarda.com media.flixfacts.com media.flixcar.com https://js.klevu.com https://cdn.jsdelivr.net https://prod.flixgvid.flix360.io https://globalcdn.interactiondesigner.giosg.com https://js.klevu.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com https://cdn.jsdelivr.net https://media.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.paytrail.com tracking.veikonkone.fi service.giosg.com checkout-api.avarda.com stage.checkout-api.avarda.com *.hotjar.io media.flixcar.com bat.bing.com api.kuvio.io https://api.custobar.com https://9cfc0d92-bc44-495e-b48c-f1d005cf1d55.interactions.giosgusercontent.com https://consentcdn.cookiebot.com https://api.giosg.com https://0ab79cf7-f195-4696-8ae4-d038878b095c.interactions.giosgusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com https://www.google.com https://www.gstatic.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://www.facebook.com *.taggrs.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com https://www.google.com https://www.gstatic.com *.croapp.net https://unpkg.com landofcoder.com *.taggrs.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://analytics.ringostat.net https://region1.analytics.google.com https://sst.kuz.ua https://www.google.com https://www.gstatic.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://www.adis-assurances.com/csp-report.php; default-src 'self' https://www.adis-assurances.com/; connect-src 'self' https://www.adis-assurances.com/ https://api-gateway.app.smart-tribune.com https://bat.bing.com https://bat.bing.net https://google.com https://*.google.com https://*.google-analytics.com https://www.googleadservices.com https://translate.googleapis.com https://yoast.com https://my.yoast.com https://*.openstreetmap.org https://privacy.commander1.com https://privacy.trustcommander.net https://wpspectra.com https://www.facebook.com https://*.tarteaucitron.io https://*.matomo.cloud https://matomo.cloud; style-src 'self' 'unsafe-inline' https://www.adis-assurances.com/ https://fonts.googleapis.com https://assets.app.smart-tribune.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.tarteaucitron.io https://*.tarteaucitron.io https://*.matomo.cloud https://matomo.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.adis-assurances.com/ https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.app.smart-tribune.com https://bat.bing.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://connect.facebook.net https://googleads.g.doubleclick.net https://polyfill-fastly.io https://unpkg.com https://yoast.com https://tarteaucitron.io https://cdn.tarteaucitron.io https://*.tarteaucitron.io https://*.matomo.cloud https://matomo.cloud https://adisassurances.matomo.cloud; font-src 'self' data: https://www.adis-assurances.com/ https://assets.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://www.adis-assurances.com/ https://*.google.com https://www.google.fr https://www.google.be https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.app.smart-tribune.com https://bat.bing.com https://bat.bing.net https://*.openstreetmap.org https://*.tile.openstreetmap.org https://cdnjs.cloudflare.com https://manager.tagcommander.com https://secure.gravatar.com https://uploads.app.smart-tribune.com https://www.facebook.com https://i.ytimg.com https://*.tarteaucitron.io https://tarteaucitron.io https://*.matomo.cloud; manifest-src 'self' https://www.adis-assurances.com/; object-src 'self' https://www.adis-assurances.com/; frame-src 'self' blob: https://www.adis-assurances.com/ https://*.google.com https://www.googletagmanager.com https://cdn.trustcommander.net https://embed.acast.com https://*.doubleclick.net https://*.calameo.com https://www.youtube.com; frame-ancestors 'self' https://www.adis-assurances.com/; form-action 'self' https://www.adis-assurances.com/; worker-src 'self' blob: https://www.adis-assurances.com/; 1
font-src fonts.gstatic.com use.typekit.net *.livechatinc.com *.googlesyndication.com *.klaviyo.com *.cloudfront.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ api.sensepass.com api.sandbox.sensepass.com pay.sensepass.com pay.sandbox.sensepass.com ecom.sandbox.sensepass.com ecom.sensepass.com cdn.roomvo.com *.doubleclick.net/ *.publitas.com *.livechatinc.com *.googlesyndication.com *.pinterest.com *.klaviyo.com *.cloudfront.net *.facebook.com *.paycomonline.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pay.sensepass.com *.visualwebsiteoptimizer.com *.livechatinc.com *.googlesyndication.com *.google.co.in *.facebook.com *.jaipurliving.com *.klaviyo.com *.cloudfront.net *.taboola.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googletagmanager.com tagmanager.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klear.com klear.com js.sensepass.com sensepass.com cdn.roomvo.com *.livechatinc.com *.googlesyndication.com *.publitas.com *.visualwebsiteoptimizer.com cnstrc.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cdn.livechatinc.com *.newrelic.com *.facebook.net *.hotjar.com *.pinimg.com *.taboola.com *.pinterest.com *.google.com *.gstatic.com *.klaviyo.com *.cloudfront.net *.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.braintreegateway.com tagmanager.google.com fonts.google.com https://static.klaviyo.com *.publitas.com *.klaviyo.com *.cloudfront.net *.taboola.com *.facebook.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klear.com klear.com www.roomvo.com cdn.livechatinc.com *.googlesyndication.com cnstrc.com bam.nr-data.net *.google.com *.doubleclick.net *.taboola.com *.pinterest.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.gstatic.com *.klaviyo.com *.cloudfront.net *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-tdkFm1id5JYY2QOqQTnuvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.here.com https://vawidget.dhl.com;style-src 'self' 'unsafe-inline' ;object-src 'self' blob:;img-src 'self' data: blob:;connect-src blob: 'self' https://*.here.com https://vawidget.dhl.com https://vawidget-eu.dhl.com;frame-src https://vawidget.dhl.com;worker-src blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-LaijI4g9UsW28ver-nW7rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.authorize.net plausible.io cdn.userway.org *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.userway.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.authorize.net plausible.io cdn.userway.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com cdn.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.authorize.net plausible.io *.userway.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' wss: https://dev-niduu.web.app https://gupy.gupy.io https://firebase.googleapis.com; worker-src 'self' blob: https://dev-niduu.web.app; media-src 'self' https://surveys-static-prd.survicate-cdn.com https://*.vimeo.com https://*.vimeocdn.com; img-src 'self' data: blob: https://dev-niduu.web.app https://*.survicate.com https://firebasestorage.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://surveys-static-prd.survicate-cdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.gstatic.com; frame-src 'self' https://*.youtube.com https://dev-niduu.web.app https://gupy.gupy.io; frame-ancestors 'self' https://baianaomaisvoce.com.br; font-src 'self' https://*.gupy.io https://*.niduu.com https://niduu.com https://dev-niduu.web.app https://surveys-static-prd.survicate-cdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gupy.io https://niduu.com  https://*.niduu.com https://dev-niduu.web.app  https://surveys-static-prd.survicate-cdn.com https://*.survicate.com https://static.hotjar.com https://script.hotjar.com https://app.getbeamer.com https://static.getbeamer.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://www.datadoghq-browser-agent.com https://web-sdk.smartlook.com https://cdn.jsdelivr.net https://www.gstatic.com; connect-src 'self' data: blob: wss: https://*.gupy.io https://niduu.com  https://*.niduu.com https://dev-niduu.web.app  https://dev-niduu.web.app https://surveys-static-prd.survicate-cdn.com https://*.survicate.com https://www.alura.com.br https://i.ytimg.com https://www.iped.com.br https://cdn.descola.org https://i.vimeocdn.com https://*.hubspotusercontent40.net https://*.hubspotusercontent-na1.net https://www.pulses.com.br https://www.filepicker.io https://us-central1-dev-niduu.cloudfunctions.net https://*.vimeo.com https://*.vimeocdn.com https://us-central1-workeduc-694f4.cloudfunctions.net https://firebasestorage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://unleash-proxy-development.api.tools.gupy.io https://unleash-proxy-production.api.tools.gupy.io https://manager.eu.smartlook.cloud https://cdn.jsdelivr.net https://*.googleapis.com https://auth-api-6spdrb6fmq-uc.a.run.app https://auth.api.niduu.com https://events-api-6spdrb6fmq-uc.a.run.app https://events-api-add46kijxa-uc.a.run.app https://pathways-core-6spdrb6fmq-uc.a.run.app https://pathways-core-add46kijxa-uc.a.run.app https://core-api-6spdrb6fmq-uc.a.run.app https://core.api.niduu.com https://api-6spdrb6fmq-uc.a.run.app https://api.niduu.com https://educorp-content-api-6spdrb6fmq-uc.a.run.app https://educorp-content-api-add46kijxa-uc.a.run.app https://doc2course-api-add46kijxa-uc.a.run.app https://doc2course-api-6spdrb6fmq-uc.a.run.app https://browser-intake-datadoghq.com https://*.gstatic.com; 1
font-src cash-f.squarecdn.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com/ *.doubleclick.net *.googlesyndication.com *.tiktok.com *.googletagmanager.com sibautomation.com https://checkout.staging.devpayever.com https://checkout.payever.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com maps.gstatic.com magefan.com cm.magefan.com *.disqus.com ratenkauf.easycredit.de https://www.magezon.com https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com *.adobe.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com maps.googleapis.com *.disqus.com cdn.botpress.cloud files.bpcontent.cloud pim-staging.e-bikes4you.com:444 sibautomation.com *.doofinder.com ratenkauf.easycredit.de https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com pim-staging.e-bikes4you.com:444 *.doofinder.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com * *.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com google-analytics.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com maps.googleapis.com in-automate.brevo.com *.google.de *.googletagmanager.com *.doofinder.com wss://eu1-layer.doofinder.com ratenkauf.easycredit.de https://translate.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GfIa0sdNVY_sEvp-x3IvYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.addthis.com api.razorpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com 'self' data: https://www.magezon.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.avada.io checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com *.cloudflare.com *.twitter.com *.paypal.com https://get.geojs.io *.avada.io lumberjack.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.kundanrefinery.com/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-_37kAi2EbqSfBWwDU9lK7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.no https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: *.bootstrapcdn.com *.cloudflare.com *.google.fr *.google.com *.vital-agriculture.fr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.avis-verifies.com *.google.fr *.google.com *.sibforms.com *.sibautomation.com sibautomation.com *.vital-agriculture.fr *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.adobedtm.com *.amasty.com *.bing.com *.braintreegateway.com *.cookielaw.org *.demdex.net *.doubleclick.net *.facebook.com *.google.fr *.google.com *.magentocommerce.com meetanshi.com *.mydialoginsight.com *.paypal.info *.vital-agriculture.fr *.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io *.meetanshi.com https://cdnjs.cloudflare.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com 1map.com *.adobedtm.com *.addtoany.com *.avada.com *.bing.com *.cardinalcommerce.com *.cookielaw.org *.cloudfare.com sdk.privacy-center.org *.facebook.net *.google.fr *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.matomo.cloud *.trackify.info *.mydialoginsight.com *.newrelic.com *.paypalobjects.com *.piwik.pro *.vital-agriculture.fr https://www.googletagmanager.com tagmanager.google.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.aptrinsic.com *.bootstrapcdn.com *.braintreegateway.com *.cloudflare.com *.google.fr *.google.com *.googletagmanager.com *.vital-agriculture.fr tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.meetanshi.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.aptrinsic.com *.braintreegateway.com *.cookielaw.org *.demdex.net stats.g.doubleclick.net *.facebook.net *.google.fr *.googlesyndication.com *.matomo.cloud *.mydialoginsight.com *.onetrust.com *.payone.com *.vital-agriculture.fr *.worldline-solutions.com *.anzworldline-solutions.com.au *.zdassets.com https://www.google-analytics.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com newrelic.com www.google.com v2.zopim.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.google.com sbcheckout.payfort.com paymentservices.payfort.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com social-plugins.line.me newrelic.com vault.omise.co www.youtube.com youtu.be cdn.moengage.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com maps.gstatic.com *.visa.com www.apptrian.com facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com gourmetegypt.com maps.googleapis.com www.w3.org newrelic.com s.ytimg.com www.google.co.in api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com v2.zopim.com via.placeholder.com *.gourmetegypt.com moe-email-campaigns.s3.amazonaws.com image.moengage.com www.moengage.com app-cdn.moengage.com *.gourmetlms.com/ image-eu.moengage.com/ cdn.gourmetegypt.com gourmetegyptcdn.s3.eu-west-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.visa.com *.mastercard.com www.apptrian.com facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com omise.co cdn.omise.co maps.googleapis.com d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com newrelic.com www.google.co.in f.vimeocdn.com v2.zopim.com static.zdassets.com bam.nr-data.net cdn.moengage.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com newrelic.com www.google.com use.typekit.net p.typekit.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com facebook.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com bam-cell.nr-data.net newrelic.com www.google.com youtube.com googletagmanager.com paypal.com bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com wss://widget-mediator.zopim.com ekr.zdassets.com integration.richrelevance.com http://integration.richrelevance.com sdk-01.moengage.com sdk-02.moengage.com sdk-03.moengage.com gateway.richrelevance.com qa-gateway.richrelevance.com staging-gateway.richrelevance.com recs.richrelevance.com loadtest-eu.richrelevance.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BnopYQn79Tw4xccSYmRkEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.criteo.com *.hotjar.com *.pinterest.com *.useinsider.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com https: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com *.ads-twitter.com *.adnxs.com *.api.useinsider.com *.bat.bing.com *.cfjump.com *.clarity.ms *.criteo.com *.dev.visualwebsiteoptimizer.com *.doubleclick.net *.facebook.net *.getsitecontrol.com *.google.com *.googletagmanager.com *.hotjar.com *.inwebr.com *.licdn.com *.newrelic.com *.nr-data.net *.pinimg.com *.redditstatic.com *.roymorgan.com *.thewhiskyclub.com.au *.twitter.com *.zipmoney.com.au *.zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.bat.bing.com *.stats.g.doubleclick.net *.clarity.ms *.getsitecontrol.com *.getsitectrl.com *.hotjar.com *.nr-data.net *.pinterest.com *.useinsider.com *.thewhiskyclub.com.au *.zip.co *.zipmoney.com.au *.cdn.linkedin.oribi.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' https://palmbeachschools.us001-rapididentity.com https://mysdpbc.org/; style-src 'self' https://palmbeachschools.us001-rapididentity.com https://mysdpbc.org/; img-src 'self' https://palmbeachschools.us001-rapididentity.com https://mysdpbc.org/; form-action 'none'; frame-ancestors 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.nosto.com *.nos.to *.facebook.com *.facebook.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com *.nosto.com *.nos.to *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com *.nosto.com *.nos.to *.googleapis.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magefan.com cm.magefan.com *.facebook.com *.facebook.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.nosto.com *.nos.to *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://www.alexmonroe.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ *.nosto.com *.nos.to webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com *.nosto.com *.nos.to *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.facebook.com *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4YdEVuQZxRkpcpQnMhAwsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src v2.zopim.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.google.co.in googleads.g.doubleclick.net *.weltpixel.com landofcoder.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ www.gstatic.com apis.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.googletagmanager.com *.doubleclick.net *.typeform.com try.access.worldpay.com access.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.google.co.uk www.google.co.in www.facebook.com v2assets.zopim.io cms.supadu.com bat.bing.net bat.bing.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdnjs.cloudflare.com v2.zopim.com static.zdassets.com bat.bing.com www.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com landofcoder.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.shopify.com player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com try.access.worldpay.com access.worldpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' data: cdnjs.cloudflare.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com wss://widget-mediator.zopim.com bat.bing.com bat.bing.net q.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com landofcoder.com maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com *.gstatic.com applepay.cdn-apple.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com *.klarnacdn.net *.fontawesome.com static.klaviyo.com *.typekit.net *.linksynergy.com analytics.google.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ *.paypal.com *.cardinalcommerce.com *.securetrading.net *.yotpo.com *.arcot.com/ *.americanexpress.com/ omnicapital.co.uk/ *.omnicapital.co.uk/ omniporttest.ocrf.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.app.storyblok.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.rvvuptech.com *.rvvup.com *.afterpay.com *.clearpay.co.uk *.paypal.com *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.mastercard.com *.weltpixel.com *.yotpo.com *.klarna.com *.issuu.com widget.trustpilot.com *.klarnaservices.com omniport.omnicapital.co.uk *.arcot.com/ *.americanexpress.com/ *.facebook.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com applepay.cdn-apple.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.afterpay.com assets.dev.rvvuptech.com assets.rvvup.com *.paypal.com *.sandbox.paypal.com *.stats.paypal.com *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com widgets.dividebuy.co.uk widgets.dividebuysandbox.co.uk *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net mageside.com maps.googleapis.com cdn-cookieyes.com *.frenchbedroom.co.uk *.trustpilot.net *.trustpilot.com https://d3k81ch9hvuctc.cloudfront.net/company/ShSreF/images/53d7a9d8-704d-45f0-9571-4cfcdc1e1031.png bat.bing.com https://www.google.co.uk *.linksynergy.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.afterpay.com *.paypal.com *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net pay.google.com *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com applepay.cdn-apple.com widgets.dividebuysandbox.co.uk widgets.dividebuy.co.uk *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com ajax.googleapis.com cdn.jsdelivr.net querybuilder.js.org maps.googleapis.com cdn-cookieyes.com static.cloudflareinsights.com https://www.gstatic.com/wcm/ https://www.gstatic.com/call-tracking/ widget.trustpilot.com *.crazyegg.com bat.bing.com *.rakuten.com *.searchatlas.com d5yoctgpv4cpx.cloudfront.net *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src checkout.dev.rvvuptech.com checkout.rvvup.com fonts.googleapis.com widgets.dividebuy.co.uk widgets.dividebuysandbox.co.uk *.yotpo.com *.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.klarnacdn.net querybuilder.js.org netdna.bootstrapcdn.com cdn.jsdelivr.net *.fontawesome.com *.typekit.net static-tracking.klaviyo.com *.tagmanager.google.com *.googletagmanager.com *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ https://maps.googleapis.com https://player.vimeo.com *.afterpay.com *.paypal.com *.sandbox.paypal.com *.sentry.io *.cardinalcommerce.com google.com *.dev.rvvuptech.com *.rvvup.com www.apple.com apple.com browser-intake-datadoghq.com browser-intake-datadoghq.eu api.dividebuysandbox.co.uk api.dividebuy.co.uk *.yotpo.com api.addressy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com maps.googleapis.com cdn-cookieyes.com *.cookieyes.com *.crazyegg.com www.google.com https://pagead2.googlesyndication.com/ www.facebook.com d5yoctgpv4cpx.cloudfront.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com widget.trustpilot.com/ *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.insights.us.algolia.io insights.us.algolia.io *.insights.de.algolia.io insights.de.algolia.io 'self' 'unsafe-inline'; child-src *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.omniporttest.ocrf.co.uk/ *.omniport.omnicapital.co.uk/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.frenchbedroom.co.uk/csp-report; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d2ro8nulmiov87.cloudfront.net https://fast.appcues.com https://cdnjs.cloudflare.com https://production-aws-ihasco-ecommerce-public.s3.eu-west-2.amazonaws.com https://d1oqyjra2dknw2.cloudfront.net https://*.freshchat.com https://*.freshmarketer.eu https://euc-widget.freshworks.com https://ajax.googleapis.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.highcharts.com https://code.jquery.com http://localhost:* https://js-agent.newrelic.com https://d3v732z7m2wa8j.cloudfront.net https://js.pusher.com https://d3m3vzpdohm3qj.cloudfront.net; script-src-elem 'self' 'unsafe-inline' https://d2ro8nulmiov87.cloudfront.net https://fast.appcues.com https://cdnjs.cloudflare.com https://production-aws-ihasco-ecommerce-public.s3.eu-west-2.amazonaws.com https://d1oqyjra2dknw2.cloudfront.net https://*.freshchat.com https://*.freshmarketer.eu https://euc-widget.freshworks.com https://ajax.googleapis.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.highcharts.com https://code.jquery.com http://localhost:* https://js-agent.newrelic.com https://d3v732z7m2wa8j.cloudfront.net https://js.pusher.com https://d3m3vzpdohm3qj.cloudfront.net; style-src 'self' 'unsafe-inline' https://d2ro8nulmiov87.cloudfront.net https://fast.appcues.com https://stackpath.bootstrapcdn.com https://d4sn1cftmz9k0.cloudfront.net/ https://production-aws-ihasco-ecommerce-public.s3.eu-west-2.amazonaws.com https://d1oqyjra2dknw2.cloudfront.net https://*.freshchat.com https://euc-widget.freshworks.com https://fonts.googleapis.com http://localhost:* https://d3m3vzpdohm3qj.cloudfront.net; img-src 'self' data: https://images.appcues.com https://app.ihasco.co.uk https://www.interactive-training.net https://aws-ihasco-application-data-public.s3.amazonaws.com https://aws-ihasco-application-data-public.s3-eu-west-1.amazonaws.com https://aws-ihasco-application-data-public.s3-eu-west-2.amazonaws.com https://aws-ihasco-application-data-public.s3.eu-west-2.amazonaws.com https://s3.amazonaws.com https://aws-ihasco-application-data-public.s3.amazonaws.com https://aws-ihasco-application-data-public.s3-eu-west-1.amazonaws.com https://aws-ihasco-application-data-public.s3-eu-west-2.amazonaws.com https://aws-ihasco-application-data-public.s3.eu-west-2.amazonaws.com https://ihasco-application-data-public.s3.amazonaws.com https://ihasco-application-data-public.s3-eu-west-1.amazonaws.com https://ihasco-application-data-public.s3-eu-west-2.amazonaws.com https://ihasco-application-data-public.s3.eu-west-2.amazonaws.com https://d4sn1cftmz9k0.cloudfront.net/ https://*.freshchat.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.co.uk https://www.googletagmanager.com https://www.gravatar.com https://images.unsplash.com; font-src 'self' data: https://d2ro8nulmiov87.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.scite.ai; connect-src 'self' https://ixil4045vl.execute-api.eu-west-2.amazonaws.com https://ai-bespoke-service-production-files.s3.eu-west-2.amazonaws.com https://api.appcues.net wss://api.appcues.net https://fast.appcues.com https://authentication.ihasco.co.uk https://8vosgu2i00.execute-api.eu-west-2.amazonaws.com/tokens/request https://d4sn1cftmz9k0.cloudfront.net/ https://uph8je1ugd.execute-api.eu-west-2.amazonaws.com wss://*.freshchat.com https://*.freshchat.com https://*.freshmarketer.eu https://euc-widget.freshworks.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.ihasco.co.uk http://localhost:* ws://localhost:* https://bam.nr-data.net https://api.ihasco.co.uk https://api.interactive-training.net https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://787c9oc45m.execute-api.eu-west-2.amazonaws.com https://*.vimeocdn.com https://player.vimeo.com; object-src 'self' 'self' https://app.ihasco.co.uk https://www.interactive-training.net; media-src 'self' blob: https://d4sn1cftmz9k0.cloudfront.net/ https://player.vimeo.com; frame-src 'self' https://d4sn1cftmz9k0.cloudfront.net/ https://portal.e-lfh.org.uk https://*.freshchat.com https://d7xmptt7e32b1.cloudfront.net; child-src 'none'; worker-src 'self' blob:; form-action 'self' https://authentication.ihasco.co.uk; base-uri 'self'; manifest-src 'self'; frame-ancestors *; report-uri https://nye42htnnh.execute-api.eu-west-2.amazonaws.com/report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: *.paypal.com *.paypalobjects.com applepay.cdn-apple.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.dibspayment.eu *.google.co.uk *.google.com *.google.com.tr *.klaviyo.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.paypal.com *.braintreegateway.com *.klarna.com *.stripe.com *.trustedshops.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ google.com *.google.com www.google.com www.gstatic.com apis.google.com www.googletagmanager.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sandbox.paypal.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.demdex.net *.hotjar.com *.doubleclick.net *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.google.com *.gstatic.com *.facebook.com *.fbcdn.net *.paypal.com *.braintreegateway.com *.klarna.com *.klarnacdn.net *.trustedshops.com *.cookieyes.com *.pricerunner.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.typekit.net validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp https://info.dibs.se *.klarnaevt.com https://firebasestorage.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sandbox.paypal.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.dibs.se https://widgets.trustedshops.com *.omtrdc.net *.everesttech.net *.placeholder.com *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.com.tr *.google.ch *.hotjar.com *.amasty.com *.arebosnl.local *.arebosch.local *.stripe.com *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.windows.net https://arebos.sjv.io *.loggly.com *.ojrq.net https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.com *.fbcdn.net *.stripe.com js.stripe.com *.stripe.network *.paypal.com *.paypalobjects.com *.braintreegateway.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.cookieyes.com *.trustedshops.com *.pricerunner.com *.retailads.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.cdn-apple.com https://*.dibspayment.eu x.klarnacdn.net s7.addthis.com *.avada.io *.shopify.com connect.facebook.net *.googleadservices.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.sandbox.paypal.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.trackedlink.net *.cloudflareinsights.com *.cookiepro.com *.cookielaw.org *.onetrust.com *.hotjar.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.online-metrix.net *.google.com.tr *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.net *.clarity.ms *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.impactcdn.com https://arebos.sjv.io *.etrusted.com *.dibspayment.eu *.stripecdn.com klarna.com *.amazon.com *.link.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cookieyes.com *.trustedshops.com https://*.dibspayment.eu *.klarnacdn.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.dibspayment.eu *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io *.googletagmanager.com *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com *.facebook.com *.stripe.com *.stripe.network *.paypal.com *.braintreegateway.com *.klarna.com *.cookieyes.com *.trustedshops.com *.pricerunner.com *.retailads.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io google.com *.google.com *.braintree-api.com https://*.dibspayment.eu *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sandbox.paypal.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.etrusted.com *.googleapis.com *.demdex.net *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.ch wss://*.hotjar.com *.hotjar.io *.hotjar.com https://*.ingest.sentry.io *.bing.com *.cloudfront.net *.amazonaws.com wss://*.amazonaws.com wss://tufsuyburufn.transport.connect.eu-central-1.amazonaws.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.onetrust.com *.klaviyo.com https://arebos.sjv.io *.loggly.com klarna.com *.link.com *.amazon.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.klarna.com *.stripe.com *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com *.google.com.tr *.klaviyo.com https://arebos.sjv.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'self' data: https://cdn.assinebem.com.br https://www.google-analytics.com; font-src 'self' data: https://cdn.assinebem.com.br https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.assinebem.com.br; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' https://gadasource.storage.googleapis.com; frame-src 'self' https://player.vimeo.com https://*.google.com https://*.googletagmanager.com; media-src 'self' data: https://player.vimeo.com; img-src 'self' blob: data: https://*.assinebem.com.br https://www.google-analytics.com  https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.google.com.br https://*.google-analytics.com https://analytics.google.com https://*.gocache.com.br https://*.clarity.ms https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.linkedin.com; connect-src 'self' https://*.assinebem.com.br https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.google.com.br https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.linkedin.com; frame-ancestors 'self'; report-uri https://csp-report.softrh.com.br/csp-report; report-to csp-endpoint 1
connect-src 'self' https://stats.g.doubleclick.net/j/collect; default-src 'none'; font-src 'self' data:application/x-font-woff https://fonts.gstatic.com https://s0.wp.com/i/noticons/Noticons.ttf *.wp.com https://boards.greenhouse.io; frame-src https://www.podbean.com *.wp.com https://boards.greenhouse.io https://player.vimeo.com https://www.google.com https://widgets.wp.com; img-src 'self' data: https://boards.greenhouse.io https://secure.gravatar.com https://secure.gravatar.com https://*.wp.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pixel.wp.com https://www.google-analytics.com *.wp.com *.mailchimp.com *.list-manage.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://boards.greenhouse.io https://cdn.ampproject.org https://player.vimeo.com *.wp.com https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js https://*.wp.com https://s0.wp.com/wp-content/js/bilmur.min.js https://stats.wp.com/e-202042.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/recaptcha__en.js https://s0.wp.com/wp-content/mu-plugins/admin-bar/masterbar-overrides/masterbar.css?ver=9.0.2 https://s0.wp.com/i/noticons/noticons.css?ver=20120621 https://hurricanelabs.us1.list-manage.com https://downloads.mailchimp.com https://chimpstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wp.com https://*.wp.com/wp-content/mu-plugins/admin-bar/wpcom-admin-bar.css?ver=9.0.2 https://s0.wp.com/i/noticons/noticons.css?ver=20120621 https://s0.wp.com/wp-content/mu-plugins/admin-bar/masterbar-overrides/masterbar.css?ver=9.0.2 https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.css?ver=9.0.2-202042 downloads.mailchimp.com; base-uri ; frame-ancestors 'none'; report-uri https://hurricanelabs.report-uri.com/r/d/csp/enforce; report-uri /_/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-35kC1W4E3OQXYIZ0NiWyPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: ; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.zohocdn.com *.cloudflare.com *.cloudflareinsights.com *.bootstrapcdn.com gtm.mintt.com mintt.com *.fs1inc.com *.sitejabber.com chats.alphacrm.org maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cloudflareinsights.com *.facebook.com gtm.mintt.com mintt.com *.fs1inc.com *.sitejabber.com chats.alphacrm.org *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cloudflareinsights.com *.facebook.com 512435.stats.ryzeo.com secure.livechatinc.com js.stripe.com embedsocial.com gtm.mintt.com mintt.com *.fs1inc.com *.sitejabber.com chats.alphacrm.org *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.zohocdn.com *.zohopublic.com *.disqus.com *.cloudflare.com *.cloudflareinsights.com *.googleadservices.com *.googletagmanager.com *.google.com.co *.facebook.com pop1.screenpopper.com bat.bing.com cdn.livechatinc.com googletagmanager.com d2ldlvi1yef00y.cloudfront.net d69o642psi61v.cloudfront.net gtm.mintt.com mintt.com *.fs1inc.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.sitejabber.com chats.alphacrm.org quickchart.io img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.fs1inc.com *.zoho.com *.zohocdn.com *.disqus.com *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.clickcease.com *.livechatinc.com *.doubleclick.net cdn.statstrk01.com bat.bing.com connect.facebook.net stats.ryzeo.com js.stripe.com embedsocial.com pop1.screenpopper.com screenpopper.com gtm.mintt.com mintt.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.sitejabber.com chats.alphacrm.org *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.zohocdn.com *.zohopublic.com *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.bootstrapcdn.com embedsocial.com screenpopper.com gtm.mintt.com mintt.com *.fs1inc.com *.sitejabber.com chats.alphacrm.org maxcdn.bootstrapcdn.com fonts.gstatic.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zohocdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.zohocdn.com *.zohopublic.com *.zoho.com *.cloudflare.com *.cloudflareinsights.com *.googleadservices.com *.facebook.com stats.g.doubleclick.net analytics.google.com api.livechatinc.com facebook.com gtm.mintt.com mintt.com *.fs1inc.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.sitejabber.com chats.alphacrm.org *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com arthurknight.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * arthurknight.com 'self' 'unsafe-inline'; frame-ancestors arthurknight.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * arthurknight.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com arthurknight.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com arthurknight.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline assets.braintreegateway.com arthurknight.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com arthurknight.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://checkout.iwdagency.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com arthurknight.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com arthurknight.com http: https: blob: 'self' 'unsafe-inline'; default-src arthurknight.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp.threatview.app/report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.hub-box.com/assets/fonts/ *.nxedge.io/cdn/static/ fonts.intercomcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de app.remarkety.com/public/ 'self' 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de td.doubleclick.net googleads.g.doubleclick.net www.google.by www.google.co.uk mozbar.moz.com www.rsa3dsauth.co.uk tpc.googlesyndication.com safekey-3.americanexpress.com *.trustpilot.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.clerk.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com cdn.hub-box.com/assets/ *.nxedge.io/cdn/static/ www.dentalsky.com/media/ *.nxedge.io/cdn/media/ cdn.clerk.io *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com www.google.com/ads/ www.google.by/ads/ www.google.co.uk/ads/ www.google.co.ma/ads/ www.google.com.qa/ads/ www.google.com.cy/ads/ www.google.im/ads/ www.google.fr/ads/ www.google.com.sg/ads/ www.google.com.bd/ads/ www.google.co.in/ads/ www.google.com.tw/ads/ www.google.ch/ads/ static.intercomassets.com js.intercomcdn.com downloads.intercomcdn.com services.postcodeanywhere.co.uk/images/ retailer.commerce-connector.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.dentalsky.com/ cdn.hub-box.com services.hub-box.com cdn.hub-box.com/assets/ *.nxedge.io/cdn/static/ *.googletagmanager.com cdn.clerk.io api.clerk.io d3ryumxhbd2uw7.cloudfront.net/webtracking/ *.pcapredict.com services.postcodeanywhere.co.uk/js/ cdn.nmgassets.com cdn.480app.com widget.intercom.io/widget/ js.intercomcdn.com www.youtube.com/iframe_api www.youtube.com/s/player/ static.cloudflareinsights.com ajax.cloudflare.com tpc.googlesyndication.com/sodar/ *.trustpilot.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io unsafe-inline assets.braintreegateway.com cdn.hub-box.com/assets/ *.nxedge.io/cdn/static/ services.postcodeanywhere.co.uk/css/ *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com js.intercomcdn.com/audio/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.dentalsky.com/ *.hub-box.com *.nxedge.io/cdn/static/ www.google.com/ads/ www.google.by/ads/ www.google.co.uk/ads/ www.google.co.ma/ads/ www.google.com.qa/ads/ www.google.com.cy/ads/ www.google.im/ads/ www.google.fr/ads/ www.google.com.sg/ads/ www.google.com.bd/ads/ www.google.co.in/ads/ www.google.com.tw/ads/ www.google.ch/ads/ cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com/jdldata/ *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net webhooks.remarkety.com s3.amazonaws.com/remarkety-app/ api-iam.intercom.io wss://nexus-websocket-a.intercom.io services.postcodeanywhere.co.uk invitejs.trustpilot.com/api/ widget.trustpilot.com/data/ ascpqnj-oam.global.ssl.fastly.net writer.cardinalcommerce.com/prod/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com cdn.jsdelivr.net https://cdn.jotfor.ms https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://m6.mailplus.nl https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com cdn.jsdelivr.net https://cdn.jotfor.ms https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://m6.mailplus.nl https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.mailplus.nl https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.mailplus.nl https://unpkg.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.com *.stripe.network *.google.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.fls.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.awin1.com *.zenaps.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.opayo.eu.elavon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.stripe.com *.stripe.network downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com x.klarnacdn.net *.klarnaservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.sagepay.com *.opayo.eu.elavon.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com x.klarnacdn.net *.klarnaservices.com api.addressy.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4_gupd1C4BbDxYfBVaHGqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.googletagmanager.com/ js.mollie.com www.googletagmanager.com consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: www.google.fi *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ https://www.mollie.com imgsct.cookiebot.com *.maksuturva.fi http://host.docker.internal:7001 data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klevu.com *.ksearchnet.com *.avada.io *.shopify.com https://api.unifaun.com js.mollie.com consent.cookiebot.com digitalfeedback.euro.confirmit.com api.custobar.com *.videoly.co payments.maksuturva.fi *.maksuturva.fi http://host.docker.internal:7001 https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com a.omappapi.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io consentcdn.cookiebot.com *.maksuturva.fi digitalfeedback.euro.confirmit.com http://host.docker.internal:7001 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-q4Ph7jJFH3RAFBDD68t-lQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://www.google.com https://apikeys.civiccomputing.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; img-src 'self' data: https://www.hostellingscotland.org.uk https://hostellingscotland.org.uk https://static.hotjar.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.uk https://www.facebook.com https://t.co https://analytics.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hostelbookings.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://cc.cdn.civiccomputing.com https://static.ctctcdn.com https://www.youtube.com https://e.issuu.com https://cdnjs.cloudflare.com https://script.crazyegg.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.ctctcdn.com; connect-src 'self' https://listgrowth.ctctcdn.com https://script.crazyegg.com https://in.hotjar.com https://stats.g.doubleclick.net https://apikeys.civiccomputing.com https://surveystats.hotjar.io; object-src 'none'; frame-ancestors 'self'; frame-src https://www.youtube.com https://e.issuu.com https://www.google.com https://www.gstatic.com; 1
font-src *.klarnacdn.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com services.paytrail.com v1.api.paymenthighway.io maksu.pivo.fi kultaraha.op.fi epmt.nordea.fi verkkopankki.danskebank.fi verkkomaksu.poppankki.fi auth.aktia.fi verkkomaksu.saastopankki.fi verkkomaksu.omasp.fi online.s-pankki.fi online.alandsbanken.fi pay.paytrail.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ www.google.com www.facebook.com js.playground.klarna.com *.klarna.com policy.app.cookieinformation.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com www.google.fi pagead2.googlesyndication.com cdn2.hubspot.net static.paytrail.com resources.paytrail.com x.klarnacdn.net www.resursbank.fi ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.cdninstagram.com https://*.fbcdn.net https://scontent-fra3-1.cdninstagram.com https://*.scontent.cdninstagram.com *.klarna.com *.klarnaevt.com *.klarnacdn.net 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ graph.instagram.com static.zdassets.com widget-mediator.zopim.com connect.facebook.net x.klarnacdn.net chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.cdninstagram.com *.klarna.com *.klarnacdn.net *.klarnaservices.com policy.app.cookieinformation.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com https://*.cdninstagram.com https://*.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com hevari.zendesk.com wss://widget-mediator.zopim.com zendesk-eu.my.sentry.io www.facebook.com region1.analytics.google.com www.google.fi pagead2.googlesyndication.com eu.playground.klarnaevt.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com policy.app.cookieinformation.com consent.app.cookieinformation.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.paypal.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com *.disqus.com *.hsforms.net *.hsforms.com 'self' data: *.cloudfront.net https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.cloudflare.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; 	style-src 'self' 'unsafe-inline' 	https://content.quantcount.com https://code.jquery.com https://cdn.datatables.net https://fonts.googleapis.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.cloudflare.com https://www.gstatic.com https://trello.com; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' 	https://assets.adobedtm.com https://fordeu.d3.sc.omtrdc.net https://*.ampproject.org https://*.adnxs-simple.com https://*.comcar.co.uk https://*.adnxs.com https://*.googlesyndication.com https://*.googletagservices.com https://adservice.google.co.uk https://adservice.google.com https://cdn.jsdelivr.net https://use.typekit.net https://*.quantcount.com https://*.quantserve.com https://*.consensu.org https://datacygnal.io https://*.doubleclick.net https://*.googletagmanager.com https://*.opel.com https://*.vauxhall.co.uk https://*.googleadservices.com https://*.bing.com https://netmng.com https://*.hotjar.com https://*.cloudfront.net https://*.netmng.com https://cbvc.agilecrm.com https://*.cloudflare.com https://*.google-analytics.com https://*.amazonaws.com https://cdn.datatables.net https://use.fontawesome.com https://www.google.com https://stackpath.bootstrapcdn.com unpkg.com https://browser.sentry-cdn.com https://www.google.com/jsapi https://www.gstatic.com https://code.jquery.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://trello.com; 	font-src 'self' data: 		https://use.typekit.net https://cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://secure.carmendata.co.uk https://fonts.googleapis.com; 	img-src 'self' data: 	https://p.typekit.net https://*.google-analytics.com https://*.quantcount.com https://*.quantserve.com https://*.googlesyndication.com https://*.pubmatic.com https://*.google.com https://*.google.co.uk https://*.omtrdc.net https://*.bing.com https://*.adnxs.com https://*.doubleclick.net https://ssl.caranddriving.com https://secura.cloud https://s3-eu-west-1.amazonaws.com https://*.googleapis.com https://res.cloudinary.com; 	frame-ancestors 'self' https://kia.com https://www.kia.com https://www.seat.co.uk https://www.cupraofficial.co.uk https://www.ethosfinance.co.uk https://www.skoda.co.uk https://daysfleet.com https://www.mg.co.uk https://www.sgfleet.com https://www.fleetalliance.co.uk https://www.vanarama.com https://www.fleetnews.co.uk https://www.businesscar.co.uk https://www.whatvan.co.uk https://www.wessexfleet.co.uk; 	frame-src 'self' 		https://*.pubmatic.com https://*.comcar.co.uk  https://*.adnxs.com https://*.googlesyndication.com https://*.hotjar.com https://*.doubleclick.net https://ssl.caranddriving.com https://www.google.com; 	connect-src 'self' 		https://*.googlesyndication.com https://*.amazonaws.com wss://*.hotjar.com https://*.consensu.org https://*.doubleclick.net https://*.pubmatic.com https://*.teads.tv https://*.adnxs.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.googleapis.com  https://*.comcar.co.uk https://*.sentry.io https://sentry.io; 1
object-src 'none';base-uri 'self';script-src 'nonce-kS8ix7wYTSPmDmL5ZEmT_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com 'self' data: cdn.checkout.com *.fontawesome.com https://cdn.checkout.com *.klarnacdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.doubleclick.net *.paypalobjects.com https://js.checkout.com *.klarna.com js.mollie.com *.weltpixel.com *.googletagmanager.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.google.co.in *.zopim.com *.doubleclick.net *.googletagmanager.com *.amazon.com *.payments-amazon.com *.behance.net *.newrelic.com *.nr-data.net https://amasty.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com 'self' data: *.facebook.com *.reddit.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.paypal.com *.newrelic.com *.nr-data.net https://cdn.checkout.com *.klarnacdn.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnaservices.com js.mollie.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.newrelic.com *.nr-data.net https://cdn.checkout.com downloads.mailchimp.com *.klarnacdn.net *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.paypalobjects.com *.trustpilot.com *.payments-amazon.com *.newrelic.com *.nr-data.net google.com *.google.com *.googlesyndication.com https://js.checkout.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://widgets.trustedshops.com *.klaviyo.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.facebook.com platform.twitter.com *.weltpixel.com js.mollie.com *.googletagmanager.com *.cookiebot.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com https://images.unsplash.com *.gstatic.com imgsct.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.bodystore.nl *.google.nl *.cookiebot.com *.spotlersearch.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js consent.cookiebot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.gstatic.com maps.googleapis.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.hotjar.com *.cookiebot.com *.elfsight.com *.elfsightcdn.com *.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.profitmetrics.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com *.sooqr.com *.spotlersearch.com maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google.com *.hotjar.com *.cookiebot.com *.elfsight.com *.hotjar.io wss://ws.hotjar.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.datadome.co *.google.nl *.profitmetrics.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.stripe.com *.google.com *.fontawesome.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.pavingandflooring.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.pavingandflooring.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com www.pavingandflooring.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.pavingandflooring.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ * *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.pavingandflooring.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.stripe.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ * *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.pavingandflooring.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.com *.google.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.pavingandflooring.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com www.pavingandflooring.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.amplitude.com stats.g.doubleclick.net www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com *.stripe.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.pavingandflooring.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com www.pavingandflooring.com http: https: blob: 'self' 'unsafe-inline'; default-src www.pavingandflooring.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com/ https://player.vimeo.com https://www.youtube-nocookie.com event.2performant.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net blob: magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.magezon.com pinterest.com assets.pinterest.com syndication.twitter.com t.themarketer.com cdn1.themarketer.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com http://live.staticflickr.com https://live.staticflickr.com *.facebook.com facebook.com google.com *.google.ro google.ro *.retargeting.app data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.disqus.com *.google.com/ twitter.com t.themarketer.com cdn1.themarketer.com https://player.vimeo.com https://www.youtube.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app *.doubleclick.net attr-2p.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com https://fonts.googleapis.com http://fonts.googleapis.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com t.themarketer.com cdn1.themarketer.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://*.moneris.com/ www.googletagmanager.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.moneris.com https://www.youtube.com https://c.paypal.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.moneris.com/ *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.moneris.com *.webeyez.com paypal.com *.fontawesome.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com downloads.mailchimp.com https://*.moneris.com/ *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com paypal.com paypalobjects.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.transcend.io js.stripe.com s.ytimg.com tagmanager.google.com transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; upgrade-insecure-requests; connect-src 'self' cdn.transcend.io gtm.mozilla.org https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com telemetry.transcend.io telemetry.us.transcend.io transcend-cdn.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; frame-ancestors 'none'; form-action 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org; default-src 'self' *.mozilla.org; style-src 'self' 'unsafe-inline' cdn.transcend.io transcend-cdn.com www.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; base-uri 'none'; object-src 'none'; font-src 'self' www.mozilla.org 1
default-src 'self'; font-src 'self' fonts.bunny.net; img-src 'self' fraisa.cdn.celum.cloud *.tile.openstreetmap.org px.ads.linkedin.com data:; media-src 'self' 'unsafe-inline'; connect-src 'self' stat.fraisa.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' stat.fraisa.com; script-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-uri https://fraisa.uriports.com/reports/report; report-to default 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: *.tiktok.com; connect-src 'self' https: http: *.tiktok.com 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=18168&v=v1.0&payload=OmAZ91Za5TPbhRNpMd-KaiiZEyJJp5TKtczGBrr8Z4osz8b3uSUuTT6hGTdHyzoXjBqpY73JWwGAlynjVfza6admY_OgMM4T3VU3giznFkvq0pZ85WoLynN70uFasQMAU7FIVgQq6HUu9spZr5apXIqH1rUytM7MGYVFtSkMDzloDBeO9TFAmPsM9KtMMtyzKoUL6ymJvqwzkJkBu2IesQ==; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.monetico-services.com www.facebook.com platform.twitter.com *.criteo.com *.doubleclick.net *.criteo.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.doubleclick.net *.googleadservices.com *.paypalobjects.com *.ekomi.de *.pubmatic.com *.bing.com *.aralego.com *.googletagmanager.com *.bidswitch.net *.media.net *.smaato.net *.yahoo.net *.krxd.net *.adnxs.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.3lift.com *.yahoo.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.yieldmo.com *.zopai88.com *.google.com *.google.com.vn *.teads.tv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com *.googleapis.com *.ekomi.de *.googletagmanager.com *.bing.com *.criteo.net *.criteo.com *.doubleclick.net *.lgw.io *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.zopai88.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.monetico-services.com https://get.geojs.io *.avada.io *.googleapis.com *.doubleclick.net *.geojs.io *.criteo.com *.googleadservices.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.yieldmo.com *.zopai88.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; object-src 'self'; base-uri 'self' 1
default-src 'self'; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'nonce-UC/EF7P32TSB8gHj/cj+jg==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com api.userway.org cdn.userway.org https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com self https://dev-3jnwcczu.mrhankeystoys.com https://mrhankeystoys.magentoprojects.net/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.certcapture.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.certcapture.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://images.unsplash.com magefan.com cm.magefan.com *.amazonaws.com *.mrhankeystoys.com *.google.co.in https://*.gstatic.com *.clarity.ms api.userway.org cdn.userway.org https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.certcapture.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://maps.googleapis.com *.amazonaws.com *.mrhankeystoys.com *.googleapis.com *.clarity.ms api.userway.org cdn.userway.org https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.certcapture.com *.googleapis.com api.userway.org cdn.userway.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://player.vimeo.com *.mrhankeystoys.com *.googleapis.com *.clarity.ms api.userway.org https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src *.certcapture.com *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://script.crazyegg.com https://unpkg.com; script-src-elem 'self' https://www.googletagmanager.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://script.crazyegg.com https://unpkg.com; style-src 'self' 'report-sample' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://isealalliance.org/log-report-uri/reportOnly 1
font-src *.fontawesome.com fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.merchante-solutions.com https://hostedpayments.merchante.com https://merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://merchantacsstag.cardinalcommerce.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com js-agent.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com bam.nr-data.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com bam.nr-data.net *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com https://writer.cardinalcommerce.com rs.fullstory.com edge.fullstory.com stats.g.doubleclick.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pr11QKiTaYGcYYibGA1z-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.blowpass.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.blowpass.com join.gammasecure.com; script-src 'self' *.blowpass.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.blowpass.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-1jDHwt-vkXhtdqRDJ_cVHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://paymentsafe.experianhealth.com;script-src 'nonce-29cf9d0394e54ad8807724ad551ca377' https://www.myaccesshealth.net 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.myaccesshealth.net 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com data: *.multivlaai.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.multivlaai.nl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com https://www.paypal.com *.multivlaai.nl https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com *.googleapis.com *.google-analytics.com *.google.com *.google.nl *.google.be *.multivlaai.nl https://api.taggrs.io/ https://stats.g.doubleclick.net https://www.facebook.com https://bat.bing.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.multivlaai.nl *.cookie-script.com bat.bing.com *.facebook.net *.clarity.ms http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.fluxmill.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.googleapis.com *.multivlaai.nl *.cookie-script.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com *.multivlaai.nl *.google.nl https://stats.g.doubleclick.net *.googlesyndication.com *.google-analytics.com https://bat.bing.net https://bat.bing.com *.clarity.ms https://consent.cookie-script.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/; report-to report-endpoint; 1
font-src cash-f.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sharethis.com www.xtento.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.sharethis.com https://cdn.clerk.io *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net *.facebook.com www.google.it *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io cdnjs.cloudflare.com *.clerk.io *.clarity.ms connect.facebook.net *.cloudfront.net *.bing.com www.xtento.com cdn.xtento.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com network.oliunid.es https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.openstreetmap.org https://maps.googleapis.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com network.oliunid.es https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; frame-src 'self' https://web.cmp.usercentrics.eu https://www.googletagmanager.com https://www.youtube.com ; script-src 'self' https://www.googletagmanager.com https://web.cmp.usercentrics.eu https://*.pipedrive.com https://*.pipedriveassets.com https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://*.typekit.net ; img-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.usercentrics.eu https://www.w3.org ; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://*.pipedrive.com ; connect-src 'self' https://*.pipedrive.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://v1.api.service.cmp.usercentrics.eu ; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://cdn.clerk.io https://www.google.de https://x.bidswitch.net https://r.adserver01.de https://ad11.adfarm1.adition.com https://as.ad4m.at https://imagesrv.adition.com https://secure.adnxs.com https://ih.adscale.de https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://a.twiago.com https://c.clarity.ms https://c.bing.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.consensu.org www.google.com.ua https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://api.clerk.io https://cdn.clerk.io https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com https://custom.clerk.io https://t.adcell.com https://s.pinimg.com https://ct.pinterest.com https://www.clarity.ms https://conversations-widget.brevo.com https://tm.ad-srv.net https://ad4m.at https://pix.hyj.mobi https://ad.ad-srv.net https://*.ad-srv.net https://cdn.brevo.com https://sibautomation.com https://conversations-widget.sendinblue.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.consensu.org data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com a.massive-naturmoebel.de https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io *.consensu.org https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com https://t.adcell.com https://as.ad4m.at https://ct.pinterest.com https://googleads.g.doubleclick.net https://*.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.consensu.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site a.massive-naturmoebel.de https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src *.noibu.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com www.google.com www.gstatic.com *.bootstrapcdn.com *.paypalobjects.com *.gladly.com *.cookielaw.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com *.facebook.com *.facebook.net *.yotpo.com *.listrakbi.com *.cookielaw.org *.tilebar-vis.com *.byondxr.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://plumrocket.com *.weltpixel.com cdn.cardknox.com/ *.facebook.com *.paypalobjects.com *.yotpo.com *.cardknox.com *.vimeo.com vimeo.com *.googletagmanager.com *.xtento.com *.doubleclick.net *.gladly.com *.optimizely.com *.creativecdn.com *.pinterest.com *.listrakbi.com *.cookielaw.org *.noibu.com photos.pixlee.co *.tilebar-vis.com *.byondxr.com sketchfab.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * speedsize.com *.speedsize.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il *.google.com.sg *.google.co.uk *.google.de *.magentocommerce.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il vimeo.com *.vimeo.com *.tilebar.com *.zdassets.com *.pxlecdn.com *.cloudfront.net *.roomvo.com *.tilebar-vis.com *.byondxr.com *.searchspring.net *.gladly.com *.edgecastcdn.net *.doubleclick.net *.bing.com *.pinterest.com *.optimizely.com *.adnxs.com *.pubmatic.com *.adingo.jp *.adingo.com *.creativecdn.com *.yahoo.com *.yahoo.net *.33across.com *.mobon.net *.seedtag.com *.clarity.ms *.brcdn.com *.brsrvr.com *.listrakbi.com *.cookielaw.org wac.edgecastcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com cdn.cardknox.com/ifields/2.15.2405.1601/ifields.min.js *.googleapis.com *.gstatic.com *.fontawesome.com *.google-analytics.com apis.google.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.xtento.com *.paypal.com *.paypalobjects.com *.forsixty.com *.criteo.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.pixlee.com *.pxlecdn.com *.tilebar-vis.com *.byondxr.com *.cloudflare.com *.gladly.com *.smooch.io *.bing.com *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com cnstrc.com getrockerbox.com/ *.adnxs.com *.adingo.jp *.adingo.com *.cnstrc.com *.tilebar.com *.pinterest.com *.callrail.com *.clarity.ms *.algoliaradar.com *.brcdn.com *.listrakbi.com *.cloudfront.net *.cookielaw.org *.noibu.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.turnto.com *.gladly.com *.brcdn.com *.listrakbi.com *.cookielaw.org *.typekit.net assets.braintreegateway.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com www.google.com www.gstatic.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il player.vimeo.com *.luckyorange.com *.googleapis.com *.visitors.live *.zdassets.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com cloudflareinsights.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.tilebar-vis.com *.byondxr.com unpkg.com *.unpkg.com *.gladly.com *.smooch.io *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com *.pinterest.com *.cnstrc.com *.cardknox.com *.clarity.ms *.pixlee.com *.algolia.io *.listrakbi.com *.betanetqa.me *.cloudflare.com *.cookielaw.org https://*.noibu.com wss://*.noibu.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /bnews/csp/report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-P4E92p9OqcMWksHkzlruTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; child-src 'self' https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://*.pathfactory.com https://opps-widget.getwarmly.com blob: data:; connect-src 'self' https://forms.hsforms.com https://forms-na1.hsforms.com https://forms.hscollectedforms.net https://perf-na1.hsforms.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://track.hubspot.com https://*.hs-analytics.net https://www.google-analytics.com https://analytics.google.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://opps-api.getwarmly.com https://jukebox.pathfactory.com https://spcollector.pathfactory.com https://radar.snitcher.com https://snid.snitcher.com https://b.6sc.co https://j.6sc.co https://ipv6.6sc.co https://cdn.dreamdata.cloud https://www.clarity.ms https://y.clarity.ms https://bat.bing.com https://px.ads.linkedin.com https://snap.licdn.com https://s3-us-west-2.amazonaws.com blob: data:; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://cdn.pathfactory.com data:; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://js.hsadspixel.net https://js.hs-banner.com https://track.hubspot.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://jukebox.pathfactory.com https://opps-widget.getwarmly.com https://radar.snitcher.com https://cdn.snitcher.com https://6si.com https://b.6sc.co https://j.6sc.co https://cdnjs.cloudflare.com https://scripts.clarity.ms https://scout-cdn.salesloft.com https://cdn.dreamdata.cloud https://bat.bing.com https://px.ads.linkedin.com https://snap.licdn.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-app.pathfactory.com; upgrade-insecure-requests 1
font-src maxcdn.bootstrapcdn.com *.oct8ne.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com *.hotjar.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com cdn.flbx.io *.cloudfront.net *.equalweb.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.oct8ne.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com www.googletagmanager.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.getflowbox.com *.equalweb.com https://maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com *.oct8ne.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.getflowbox.com *.equalweb.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co www.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com v2.zopim.com *.klarnacdn.net *.honey.io *.fontawesome.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com www.facebook.com *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.youtube.com *.youtube-nocookie.com *.pinterest.com *.paypal.com *.google.com *.googletagmanager.com assets.braintreegateway.com https://ssl.kaptcha.com *.klarna.com https://js.playground.klarna.com *.criteo.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw account.fetchify.com platform.twitter.com *.cdn-apple.com pay.google.com *.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com v2.zopim.com bat.bing.com ct.pinterest.com *.google.gr *.paypal.com *.klarnacdn.net *.clarity.ms *.bing.com *.criteo.com *.yahoo.com *.yahoo.net *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.adform.net *.omnitagjs.net *.omnitagjs.com id5-sync.com *.ivitrack.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.krxd.net *.thebrighttag.com *.postrelease.com *.emxdgt.com dividebuy.co.uk *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com https://www.magezon.com pinterest.com assets.pinterest.com syndication.twitter.com *.designer-images.net https://redchamps.com *.revolut.com *.google.com *.cdn-apple.com pay.google.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com static.zdassets.com v2.zopim.com s.pinimg.com s.kk-resources.com bat.bing.com *.paypal.com *.google.com *.klarnaservices.com *.klarnacdn.net *.klarna.com *.zopim.com *.clarity.ms searchserverapi.com *.particularaudience.com *.tiktok.com *.criteo.com player.vimeo.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com twitter.com platform.twitter.com *.stat-track.com polyfill.io *.moosend.com *.revolut.com *.cdn-apple.com pay.google.com https://www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klarnacdn.net searchserverapi.com *.honey.io *.finance-calculator.co.uk *.fontawesome.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.moosend.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net google.com *.doubleclick.net *.googlesyndication.com ekr.zdassets.com wss://widget-mediator.zopim.com ct.pinterest.com stats.g.doubleclick.net bat.bing.com *.braintree-api.com *.paypal.com *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnacdn.net *.braintreegateway.com *.clarity.ms *.particularaudience.com *.tiktok.com *.google.com *.zendesk.com *.criteo.com vimeo.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stat-track.com *.m-pages.com *.m-operations.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-NkvsU2JQGtDHzywivYgnDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com *.cs.1worldsync.com *.gstatic.com 'self' data: fonts.gstatic.com www.technoworld.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.technoworld.com 'self' 'unsafe-inline'; frame-ancestors www.technoworld.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.quotes.stockinthechannel.co.uk www.technoworld.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net www.google.co.in seers-application-assets.s3.amazonaws.com bat.bing.com bat.bing.net static.zdassets.com *.cs.1worldsync.com media.stockinthechannel.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.technoworld.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.avada.io *.shopify.com cdnjs.cloudflare.com ajax.googleapis.com bat.bing.com cdn.seersco.com statsjs.klevu.com v2.zopim.com media.pointandplace.com static.zdassets.com app.hpconfigure.com *.cs.1worldsync.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com www.technoworld.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com cdn.seersco.com *.cs.1worldsync.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com www.technoworld.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com www.technoworld.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io stats.g.doubleclick.net cdn-auth.seersco.com zg7rh0seag.execute-api.eu-central-1.amazonaws.com statsjs.klevu.com bat.bing.com bat.bing.net *.googlesyndication.com www.merchant-center-analytics.goog ekr.zdassets.com technoworld.zendesk.com wss://widget-mediator.zopim.com platform-api-nexus.pointandplace.com app.hpconfigure.com *.cs.1worldsync.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.technoworld.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.technoworld.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.technoworld.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-m6DfqXfo7-Vt2jtwvYFCsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Oc7RcW3Fd0Ntp5KwmcoT3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' telligen.okta.com *.oktacdn.com; connect-src 'self' telligen.okta.com telligen-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com telligen.kerberos.okta.com telligen.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: art.login.telligen.com cqmv.login.telligen.com jira.login.telligen.com massqex.login.telligen.com pcmt.login.telligen.com qaqc.login.telligen.com qat.login.telligen.com tea.login.telligen.com; script-src 'unsafe-inline' 'nonce-DsOty91GMjfSOPruzvxnDw' 'unsafe-eval' 'self' 'report-sample' telligen.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' telligen.okta.com *.oktacdn.com; frame-src 'self' telligen.okta.com telligen-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' telligen.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: blob:; font-src 'self' telligen.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://myqualitrac.com 1
script-src-elem 'unsafe-inline' *.brightpearlapp.com *.google.com *.pokerchips.com *.adobedtm.com *.gstatic.com trustspot.io *.livechatinc.com *.designnbuy.us cdn.jsdelivr.net *.googleapis.com *.stripe.com www.googletagmanager.com www.google-analytics.com *.pokerchips.dev *.cloudflare.com www.dropbox.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md *.cometlytrack.com *.klaviyo.com app.ravecapture.com *.newrelic.com *.impactcdn.com *.attn.tv *.emotivecdn.io emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com; font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net trustspot.io s3.amazonaws.com *.stripe.com *.brightpearlapp.com *.demdex.net *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.google.md *.typekit.net fonts.gstatic.com use.typekit.net *.cometlytrack.com *.klaviyo.com trustspot-app-assets.s3.amazonaws.com app.ravecapture.com *.impactcdn.com *.attn.tv *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md *.impactcdn.com *.attn.tv *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com js.stripe.com magento-cloudflare.jetrails.com trustspot.io *.livechatinc.com *.google.com *.stripe.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md td.doubleclick.net *.impactcdn.com *.attn.tv *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.google.com s3.amazonaws.com trustspot.io *.stripe.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md *.cometlytrack.com *.klaviyo.com ravecapture-app-assets.s3.amazonaws.com app.ravecapture.com *.impactcdn.com *.attn.tv *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com *.cloudfront.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io 'unsafe-inline' trustspot.io *.livechatinc.com *.designnbuy.us cdn.jsdelivr.net *.google.com *.stripe.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md *.cometlytrack.com *.klaviyo.com *.impactcdn.com *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net trustspot.io s3.amazonaws.com *.stripe.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.google.md *.g.doubleclick.net tagmanager.google.com app.ravecapture.com *.cometlytrack.com *.klaviyo.com *.impactcdn.com *.attn.tv *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com *.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io stats.g.doubleclick.net trustspot.io *.livechatinc.com *.stripe.com *.brightpearlapp.com *.pokerchips.com *.pokerchips.dev *.cloudflare.com landofcoder.com connect.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.google.md *.cometlytrack.com *.klaviyo.com *.impactcdn.com *.emotivecdn.io *.reviews.co.uk *.reviews.io *.googletagmanager.com *.google.com pokerchipscom.sjv.io *.emotiveapp.co *.cloudfront.net *.google-analytics.com *.doubleclick.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://pokerchips.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.maksekeskus.ee *.test.maksekeskus.ee www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ceno.lv *.salidzini.lv *.kurpirkt.lv 'self' data: maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ player.vimeo.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookiebot.com/ https://*.cookiebot.eu/ 'nonce-H86QaIkfL73CsKU6GpHacA==' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klaviyo.com *.heyflow.cloud *.prd.heyflow.com *.reviews.io *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ test.saferpay.com www.saferpay.com saferpay.com js.mollie.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com bat.bing.com bat.bing.net *.storyblok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ test.saferpay.com www.saferpay.com saferpay.com https://*.usercentrics.eu https://userlike-cdn-operators.userlike.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com https://js-eu1.hsforms.net/forms/embed/v2.js bat.bing.com bat.bing.net cdn.mouseflow.com *.cloudfront.net *.prd.heyflow.com *.reviews.io *.clarity.ms *.abtasty.com *.storyblok.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ test.saferpay.com www.saferpay.com saferpay.com https://*.usercentrics.eu https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com www.youtube.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.typekit.net *.heyflow.cloud *.prd.heyflow.com *.reviews.io *.storyblok.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.storyblok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com https://player.vimeo.com bat.bing.com bat.bing.net *.execute-api.eu-central-1.amazonaws.com *.clarity.ms *.abtasty.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ test.saferpay.com www.saferpay.com saferpay.com https://*.usercentrics.eu https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://4b389dcc-7b01-4225-801a-74fac70c5da1.sansec.watch/; report-to report-endpoint; 1
img-src *.force.com https://content.instrumentation.getconga.com slack-imgs-mil-dev.com https://www.linkedin.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://payments.salesforce.com/icons/ https://cdn.cookielaw.org https://login.salesforce.com/icons/ https://*.forethought.ai https://acquia--full--c.sandbox.vf.force.com https://*.springcm.com http://adn.acquia.com https://www.gstatic.com https://status.widen.com *.slack-edge-gov.com *.my-salesforce.com https://feeds.feedburner.com *.cloudinary.com https://dev-adn.acquia.com https://app.launchdarkly.com https://services.congamerge.com https://d3mvpbun2t0ap6.cloudfront.net https://calendar.google.com https://usa326.sfdc-yfeipo.salesforce.com/icons/ blob: https://sentry.io slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://data.instrumentation.getconga.com *.widencollective.com https://ssl.gstatic.com *.twimg.com https://agent.acquia.net https://api.mixpanel.com *.slack.com https://www.paypal.com https://gateway.gainsightcloud.com https://acquia.gainsightcloud.com *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://dev-agent.acquia.net *.salesforce-experience.com https://acquia.file.force.com https://fonts.gstatic.com slack-imgs-gov-dev.com https://acquia.my.site.com *.slack-edge.com https://aq112111s.searchunify.com https://aq142201p.searchunify.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ slack-mil-dev.com https://tagmanager.google.com https://acquia.my.salesforce.com https://www.gstatic.com/recaptcha/ https://geolocation.onetrust.com https://*.congamerge.com https://sfapi-sandbox.formstack.io https://status.acquia.com https://embed.widencdn.net https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://www.acquia.com https://api.forethought.ai https://acquia.widen.net https://i.vimeocdn.com https://www.googletagmanager.com https://www.equusoft.com https://www.widen.com https://d1z9ryalr1cz6s.cloudfront.net https://www.google-analytics.com *.salesforce.com https://*.adyen.com https://widen.widen.net slack-imgs.mil https://sfapi.formstack.io data:; report-to sfdc-csp-ep; report-uri https://acquia.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D6g000003vCaM&networkId=0DM6g000000Rijv&type=communities 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-lSRgLLAc/KCiDOq0y82xaae/' 'unsafe-eval' https://pixel.byspotify.com *.travcorpservices.com https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://decagon.ai https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js https://vjs.zencdn.net https://cdn.amplitude.com/libs https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com data:;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io https://www.googletagmanager.com https://a25408250069.cdn.optimizely.com;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com *.travcorp.com *.corp.ttc:7443 https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api https://l.clarity.ms https://metrics.responsetap.com/infinity https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com https://logx.optimizely.com https://region1.analytics.google.com https://ttc.contiki.com 1
object-src 'none';base-uri 'self';script-src 'nonce-8E8aueO9Jfx2x3fin2DmTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.metrix-demo.com *.confmetrix.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.metrix-demo.com *.confmetrix.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.instagram.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu www.salesmanago.pl jewelry-viewer.herokuapp.com *.metrix-demo.com *.confmetrix.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.cdninstagram.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com devel.schubert-magento.centuria.pl www.google.pl images.autopay.eu testimages.autopay.eu jubilerschubert.pl 'self' blob: data: *.metrix-demo.com *.confmetrix.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com testcards.autopay.eu cards.autopay.eu pay.google.com *.js-agent.newrelic.com script.hotjar.com *.cookiebot.eu *.autopay.eu *.metrix-demo.com *.confmetrix.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.fontawesome.com *.metrix-demo.com *.confmetrix.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com vc-service.saleago.com bam.nr-data.net salesmanago.com google.com *.cookiebot.eu *.metrix-demo.com *.confmetrix.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=arome 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.oney.io *.staging.oney.io https://cdn.doofinder.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.brevo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/ *.e-transactions.fr *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hipay-tpp.com *.hipay.com *.googleapis.com https://sibautomation.com/ https://www.googletagmanager.com/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io https://www.leaderplant.com https://c.clarity.ms/ https://exchange.mediavine.com/ https://id5-sync.com/ https://matching.ivitrack.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.doofinder.com eu1-doofinderuser.s3.amazonaws.com log.pinterest.com *.adnxs.com eb2.3lift.com contextual.media.net sync.outbrain.com sync-t1.taboola.com r.casalemedia.com cm.g.doubleclick.net us-u.openx.net pixel.rubiconproject.com *.yahoo.com s.ad.smaato.net criteo-sync.teads.tv *.criteo.com ad.yieldlab.net *.adscale.de ad.360yield.com cm.adform.net match.sharethrough.com rtb-csync.smartadserver.com x.bidswitch.net idsync.rlcdn.com ums.acuityplatform.com visitor.omnitagjs.com simage2.pubmatic.com pixel.advertising.com *.stickyadstv.com *.yieldmo.com *.impact-ad.jp *.lemmatechnologies.com *.mathtag.com *.brightmountainmedia.com *.postrelease.com *.e-planning.net *.liadm.com *.bing.com *.tremorhub.com *.smartclip.net *.clmbtech.com *.ipredictive.com *.fwmrm.net *.sundaysky.com *.admedo.com *.tribalfusion.com *.google.fr *.ad-stir.com *.bird.eu maps.googleapis.com maps.gstatic.com bat.bing.net s.pinimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.oney.io *.staging.oney.io https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://js-agent.newrelic.com/ https://sdk.privacy-center.org/ https://bam.eu01.nr-data.net/ https://bat.bing.com/ https://sibautomation.com/ https://cdn.doofinder.com/ https://www.clarity.ms/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.doubleclick.net *.pinterest.com *.pinimg.com *.criteo.net *.criteo.com bat.bing.net sibforms.com *.clarity.ms *.brevo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com *.googleapis.com https://cdn.doofinder.com/ maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com sibforms.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://eu1-layer.doofinder.com/ https://in-automate.sendinblue.com/ https://j.clarity.ms/ https://bam.eu01.nr-data.net/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.fr *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.facebook.com *.brevo.com *.doofinder.com wss://*.doofinder.com/ *.clarity.ms *.bing.com *.bing.net *.pinterest.com *.privacy-center.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.leaderplant.com/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'nonce-lvgRmVkBP6jYllroT9L+wQ==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.googleapis.com *.gstatic.com https://script.hotjar.com *.landbot.io cash-f.squarecdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es api.paycomet.com *.ogone.com *.v-psp.com https://www.facebook.com *.redsys.es * 'self' 'unsafe-inline'; frame-ancestors *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.adobe.com https://bid.g.doubleclick.net https://www.linkbux.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es www.google.com api.paycomet.com *.doubleclick.net pay.google.com service.force.com hal9000.redintelligence.net https://pikolinrecommend.botslovers.com https://*.soreto.com https://ams.creativecdn.com/ https://www.facebook.com/ https://www.awin1.com/ *.redsys.es https://www.googletagmanager.com * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com *.trackedlink.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.pikolin.com https://pikolin.com *.magentosite.cloud *.beds.es *.gstatic.com *.adotmob.com *.facebook.com *.facebook.net *.google.com *.google.es *.googleapis.com *.omtrdc.net https://*.g.doubleclick.net/ *.doubleclick.net https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com *.media-amazon.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://ade.googlesyndication.com https://lantern.roeyecdn.com https://lantern.roeye.com https://pikolinrecommend.botslovers.com https://*.tagmanager.google.com https://pikolin.botslovers.com https://cdn.botslovers.com https://t.teads.tv/ https://c.clarity.ms/ https://*.bing.com/ https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://rt.udmserve.net/ https://pixel.rubiconproject.com https://www.awin1.com/ https://eb2.3lift.com/ https://secure.adnxs.com/ https://ih.adscale.de/ https://sync.outbrain.com/ https://ssp-csync.smartadserver.com/ https://ads.stickyadstv.com https://ads.yieldmo.com/ https://api.soreto.com/ https://cdn.doofinder.com/ https://ib.adnxs.com/ eu1-doofinderuser.s3.amazonaws.com https://*.collect.igodigital.com * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es www.google.com https://maps.googleapis.com *.gstatic.com *.zdassets.com js-agent.newrelic.com *.serving-sys.com *.facebook.net *.doubleclick.net *.zopim.com *.cstatic.weborama.fr https://cdn.cookielaw.org https://pikolin.botslovers.com.co https://pikolin.botslovers.com https://pikolinrecommend.botslovers.com https://cdn.landbot.io *.payments-amazon.com pay.google.com https://service.force.com https://cdn.doofinder.com *.clarity.ms *.hotjar.com https://www.dwin1.com https://www.wepowerconnections.com https://lantern.roeyecdn.com https://espadesa.my.salesforce.com/ https://*.googletagmanager.com https://*.tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://p.teads.tv/ https://*.soreto.com https://cdn.frizbit.com/ https://js.cookieless-data.com/ https://*.adform.net/ https://js.sddan.com/ https://tags.creativecdn.com/ https://*.bing.com https://www.awin1.com/ https://the.sciencebehindecommerce.com/ https://*.datnova.com/ https://static.lightning.force.com https://espadesa.secure.force.com https://d.la11-core1.sfdc-cehfhs.salesforceliveagent.com/ https://d.la2-c1-cdg.salesforceliveagent.com/ *.redsys.es https://sslwidget.criteo.com/ https://dynamic.criteo.com/ https://pikolin--presandbox.sandbox.my.site.com/ https://pikolin.my.site.com/ https://*.collect.igodigital.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com *.trustpilot.com https://espadesa.my.site.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es *.googleapis.com service.force.com *.clarity.ms https://cdn.doofinder.com https://*.googletagmanager.com https://*.tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.frizbit.com/ https://espadesa.secure.force.com/ https://pikolin--presandbox.sandbox.my.site.com/ https://pikolin.my.site.com/ *.cash.app *.trustpilot.com 'self' 'unsafe-inline'; object-src *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.pikolin.com https://pikolin.com *.magentosite.cloud *.beds.es *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.pikolin.com/es *.pikolin.com/pt pikolin.tt.omtrdc.net *.magentosite.cloud *.beds.es *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.serving-sys.com *.google-analytics.com *.analytics.analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.demdex.net *.paypal.com *.doubleclick.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://google.com https://www.google.es https://www.google.com https://pagead2.googlesyndication.com pay.google.com https://payments-eu.amazon.com *.amazon.com eu1-layer.doofinder.com wss://eu1-layer.doofinder.com/ *.clarity.ms https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://pikolinrecommend.botslovers.com *.tt.omtrdc.net https://pikolin.botslovers.com https://cdn.botslovers.com/ https://www.facebook.com/ https://cm.teads.tv/ https://t.teads.tv/ https://www.wepowerconnections.com https://*.soreto.com https://*.frizbit.com/ https://ams.creativecdn.com/ https://the.sciencebehindecommerce.com/ https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-eu.onetrust.com https://*.bing.com/ https://espadesa.secure.force.com/ *.googleapis.com *.landbot.io * https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://*.trustpilot.com/ 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es https://*.soreto.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.pikolin.com/es *.pikolin.com/pt *.magentosite.cloud *.beds.es 'self' 'unsafe-inline'; report-uri https://pikolin.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://widgets.trustedshops.com www.vedder-vedder.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.vedder-vedder.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com *.cookiebot.com *.weltpixel.com *.doubleclick.net *.pinterest.com *.facebook.com www.googletagmanager.com sst.vedder-vedder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com https://www.mollie.com www.magmodules.eu *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.vedder-vedder.com dev.visualwebsiteoptimizer.com interface.mailcampaigns.nl *.cloudfront.net www.google.nl www.facebook.com integrations.etrusted.com robincontentdesktop.blob.core.windows.net imgsct.cookiebot.com t.squeezely.tech api.taggrs.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.mollie.com https://widget-acc.paazl.com https://api-acc.paazl.com/ squeezely.tech www.squeezely.tech *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.paazl.com connect.facebook.net integrations.etrusted.com vedderveddernl.api.useinsider.com dev.visualwebsiteoptimizer.com interface.mailcampaigns.nl consentcdn.cookiebot.com az416426.vo.msecnd.net selfservice.robinhq.com www.vedder-vedder.com ct.pinterest.com js-agent.newrelic.com snapppt.com app.addsauce.com s.pinimg.com robincontentdesktop.blob.core.windows.net static.hotjar.com www.gstatic.com script.hotjar.com widgets.trustedshops.com consent.cookiebot.com www.google.com analytics.tiktok.com admin.revenuehunt.com *.cloudfront.net *.webpages.one https://www.googletagmanager.com tagmanager.google.com sst.vedder-vedder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://widget-acc.paazl.com https://api-acc.paazl.com/ https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.paazl.com www.gstatic.com www.vedder-vedder.com interface.mailcampaigns.nl integrations.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.vedder-vedder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://widget-acc.paazl.com https://api-acc.paazl.com/ squeezely.tech *.squeezely.tech *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.paazl.com *.tiktok.com *.googlesyndication.com *.visualstudio.com *.google-analytics.com https://www.google-analytics.com *.doubleclick.net *.pinterest.com *.cookiebot.com *.facebook.com interface.mailcampaigns.nl sst.vedder-vedder.com widget.paazl.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src td.doubleclick.net region1.google-analytics.com googleads.g.doubleclick.net bam.eu01.nr-data.net google.com ct.pinterest.com region1.analytics.google.com consentcdn.cookiebot.com api.paazl.com www.google.com dc.services.visualstudio.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.bunny.net *.yotpo.com *.googleapis.com https://accounts.livechat.com/ *.globewest.com.au *.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com *.globewest.com.au 'self' 'unsafe-inline'; frame-ancestors *.globewest.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com https://accounts.livechat.com/ *.globewest.com.au 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com https://accounts.livechat.com/ *.globewest.com.au *.linkedin.com *.facebook.com *.clarity.ms *.pinterest.com *.nr-data.net *.bing.com *.google.com *.google.com.vn data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.addressfinder.io https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com *.cloudflare.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com *.bpaygroup.com.au js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js www.xtento.com cdn.xtento.com *.yotpo.com https://accounts.livechat.com/ https://bam.nr-data.net/* *.facebook.net *.globewest.com.au *.addtoany.com *.hotjar.com *.livechatinc.com *.licdn.com *.pinimg.com *.bing.com *.clarity.ms unpkg.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.googleapis.com *.addtoany.com https://fonts.bunny.net assets.braintreegateway.com *.yotpo.com https://accounts.livechat.com/ *.globewest.com.au 'self' 'unsafe-inline'; object-src https://accounts.livechat.com/ *.globewest.com.au 'self' 'unsafe-inline'; media-src *.adobe.com https://accounts.livechat.com/ *.globewest.com.au 'self' 'unsafe-inline'; manifest-src *.globewest.com.au 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://dpm.demdex.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://beacon.searchspring.io/beacon *.yotpo.com https://accounts.livechat.com/ https://bam.nr-data.net/* *.globewest.com.au *.linkedin.com *.facebook.com *.clarity.ms *.pinterest.com *.bing.com *.google.com.vn 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://bam.nr-data.net/* *.globewest.com.au http: https: blob: 'self' 'unsafe-inline'; default-src https://accounts.livechat.com/ https://bam.nr-data.net/* *.globewest.com.au 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.globewest.com.au 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src 'self' https:; connect-src 'self' https:; default-src 'self'; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' blob:; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-v3fugeRoJxF_w9-aUKYUxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hk3Yz50KdlP3tvRq2FM6EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: array.io https://*.array.io https://payitoff-cdn.io https://maps.googleapis.com https://*.google.com https://yoast.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://monitor.clickcease.com https://www.clickcease.com https://*.bootstrapcdn.com https://rum.uptime.com https://rumcollector.uptime.com https://dev.visualwebsiteoptimizer.com https://tracker.gaconnector.com https://cdnjs.cloudflare.com https://widget.clutch.co https://connect.facebook.net https://bat.bing.com https://www.redditstatic.com https://snap.licdn.com https://*.zoho.com https://analytics.ahrefs.com https://app.800.com https://widget.trustpilot.com https://js.zi-scripts.com https://*.quora.com https://*.amazonaws.com https://*.doubleclick.net https://*.clarity.ms https://*.liadm.com https://challenges.cloudflare.com https://ws.zoominfo.com https://*.zohocdn.com https://*.zohostatic.com https://unpkg.com https://www.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://*.zohopublic.com https://cdn.callrail.com https://embedsocial.com https://*.sentry-cdn.com https://assets.calendly.com https://tools.luckyorange.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.zohocdn.com https://*.zohostatic.com https://embedsocial.com https://fonts.cdnfonts.com https://assets.calendly.com; img-src 'self' data: https:; font-src 'self' data: https://storage.googleapis.com https://cdn-web-assets.array.io https://fonts.gstatic.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://s0.wp.com https://*.zohocdn.com https://fonts.cdnfonts.com https://*.zohostatic.com; connect-src 'self' array.io https://*.netreputation.com https://*.array.io https://maps.googleapis.com https://events.launchdarkly.com https://app.launchdarkly.com https://us-central1-data-products-337817.cloudfunctions.net https://storage.googleapis.com https://settings.luckyorange.com https://translate.googleapis.com https://o411001.ingest.sentry.io https://my.yoast.com https://www.googletagmanager.com https://rum.uptime.com https://tracker.gaconnector.com https://dev.visualwebsiteoptimizer.com https://monitor.clickcease.com https://*.zoho.com https://*.zohopublic.com https://analytics.ahrefs.com https://*.analytics.google.com https://*.google-analytics.com https://cdn.jsdelivr.net https://api.800.com https://app.800.com https://widget.trustpilot.com https://px.ads.linkedin.com https://pro.ip-api.com https://a.usbrowserspeed.com https://js.zi-scripts.com https://challenges.cloudflare.com https://ws.zoominfo.com https://yoast.com https://*.amazonaws.com https://ckjzdn8vk.execute-api.us-west-2.amazonaws.com https://*.liadm.com https://pixel-config.reddit.com https://*.quora.com https://bat.bing.com https://bat.bing.net https://*.doubleclick.net https://snap.licdn.com https://*.zohocdn.com https://www.redditstatic.com wss://vts.zohopublic.com https://*.zohostatic.com https://*.clarity.ms https://rumcollector.uptime.com https://ipinfo.io https://www.googleadservices.com https://o4510874724663296.ingest.de.sentry.io https://*.sentry-cdn.com https://alocdn.com https://*.google.com https://widget.clutch.co https://www.facebook.com; frame-src 'self' https://widget.clutch.co https://*.zoho.com https://widget.trustpilot.com https://www.googletagmanager.com https://challenges.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com https://*.doubleclick.net https://snap.licdn.com https://www.facebook.com https://embedsocial.com; media-src 'self' https://*.zohocdn.com; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com; report-uri https://o4510874724663296.ingest.de.sentry.io/api/4510876651225168/security/?sentry_key=0a8582afe0e93e71215c90c6e7ae1829; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.hipay-tpp.com *.hipay.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.hipay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-RqbihwigqAd-7D4Z-EpzdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; object-src 'none'; img-src 'self' https://www.feistyduck.com https://queue.simpleanalyticscdn.com; connect-src 'self' https://*.ingest.de.sentry.io https://queue.simpleanalyticscdn.com; font-src 'self' data: https://assets.gumroad.com; script-src 'nonce-056cc018b9def811adb3d99a73590d91' 'strict-dynamic' 'report-sample' 'unsafe-inline' https: http:; style-src 'report-sample' 'self' 'unsafe-inline' https://www.feistyduck.com https://assets.gumroad.com; upgrade-insecure-requests; frame-src https://www.tickettailor.com; frame-ancestors 'none'; report-uri https://o4510000335486976.ingest.de.sentry.io/api/4510028218630224/security/?sentry_key=f18f1ce40d04e3436aa406dafaf65736 1
default-src 'self' *.cookiebot.com https://liveupdate.pimcore.org *.cloudflare.com *.googleapis.com maps.gstatic.com gtm.simplon.com youtube.com *.google.com *.google.at www.youtube.com youtube-nocookie.com geo.dailymotion.com dailymotion.com player.vimeo.com vimeo.com *.kameleoon.com *.doubleclick.net www.facebook.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://*.unzer.com https://h.online-metrix.net https://pay.google.com e.issuu.com https://www.bodyscanningcrm-cloud.de https://coronavirus.jhu.edu https://experience.arcgis.com https://simplon.factorialhr.de; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com https://*.hotjar.io https://*.unzer.com; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.google.at *.doubleclick.net gtm.simplon.com maps.googleapis.com www.googletagmanager.com https://cdnjs.cloudflare.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net www.facebook.com https://*.unzer.com https://h.online-metrix.net https://*.google.com https://*.google.at; style-src 'self' 'unsafe-inline' https://use.fontawesome.com fonts.googleapis.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net https://*.hotjar.com https://*.hotjar.io https://*.unzer.com; report-uri /nelmio/csp/report 1
default-src https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/YT0/RaC5kYyUD https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/SJ1EDVXYb9Y9/DlInKQE/YT0/RaC5kYyUD  https://www.oreilly.com/PGsgs_vbajYar/4/C9DSkk2dfE_Cg/Y31EDVhzSmkGDzzOc5/XGQeKQE/MU5/zJiB0Sg0C  https://www.oreilly.com  * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb898c25826db9d251f99fdcece943792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:wordpress-prod-cluster; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com googletagservices.com adservice.google.nl adservice.google.com www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com static.hotjar.com script.hotjar.com stats.nhg.org stats.henw.org stats.thuisarts.nl connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'self'; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.com fonts.googleapis.com fast.fonts.net; img-src * data:; media-src 'self' *.nhg.org; frame-src 'self' 'unsafe-inline' googleads.g.doubleclick.net adservice.google.nl *.safeframe.googlesyndication.com tpc.googlesyndication.com google.com app.springcast.fm securepubads.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptch; frame-ancestors 'self' *.prescriptor.nl; child-src 'self'; font-src 'self' use.typekit.com fonts.googleapis.com fonts.gstatic.com fast.fonts.net; connect-src 'self' securepubads.g.doubleclick.net pagead2.googlesyndication.com google-analytics.com stats.g.doubleclick.net stats.henw.org stats.nhg.org stats.thuisarts.nl *.hotjar.io fast.fonts.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-hashes' 'strict-dynamic' 'report-sample' https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://static.addtoany.com https://use.fontawesome.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://script.crazyegg.com https://snap.licdn.com https://static.hotjar.com https://googleads.g.doubleclick.net https://browser-update.org https://rtp-static.marketo.com https://sjrtp3.marketo.com https://script.hotjar.com https://sjrtp3-cdn.marketo.com https://vidassets.terminus.services https://munchkin.marketo.net https://extend.vimeocdn.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://static.addtoany.com https://use.fontawesome.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample' https://fonts.googleapis.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://use.fontawesome.com https://rtp-static.marketo.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; require-trusted-types-for 'script'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.syfpos.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.authorize.net syf.demdex.net *.syfpos.com *.syf.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.bing.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com store.paradoxlabs.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.mysynchrony.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.authorize.net *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.syf.com *.tiqcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.syfpos.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.authorize.net *.syfpos.com *.syf.com *.d1.sc.omtrdc.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com/ https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://cdn.voiceflow.com fonts.gstatic.com https://fonts.bunny.net *.googleapis.com *.gstatic.com https://geowidget.easypack24.net maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl addtoany.com bam.eu01.nr-data.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com https://www.instagram.com https://google.com https://www.googletagmanager.com/ pay.google.com https://geowidget-app.inpost.pl/ *.addtoany.com bam.eu01.nr-data.net https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.facebook.com https://www.google.de https://www.google.en https://www.google.pl https://www.google.com.ua https://www.google.com https://maps.gstatic.com https://cdn.voiceflow.com *.amazonaws.com static.przelewy24.pl www.gstatic.com gstatic.com https://firebasestorage.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleservices.com https://v2.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://connect.facebook.net https://region1.google-analytics.com https://analytics.google.com https://www.instagram.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://cdn.voiceflow.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://ipinfo.io *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://consent.cookiefirst.com https://www.google.com https://www.gstatic.com https://fast.fonts.net https://secure.przelewy24.pl https://edge.cookiefirst.com https://api.cookiefirst.com https://cdn.voiceflow.com fonts.googleapis.com https://fonts.bunny.net *.googleapis.com *.addtoany.com https://geowidget.easypack24.net https://geowidget.inpost.pl maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://widget-mediator.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://www.facebook.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://maps.googleapis.com https://google.com https://www.google.com https://analytics.tiktok.com https://general-runtime.voiceflow.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-EY1XsMNoI2rXpr4c7MlHiQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ analytics.ahrefs.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.disqus.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com app.promotron.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' assets.yourdiseaserisk.org cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://transparency.nrchealth.com https://unpkg.com https://www.google.com maxcdn.bootstrapcdn.com; style-src 'self' 'report-sample' assets.yourdiseaserisk.org cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-HIOabXPVXUY8sXs0mzaklg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.ultra-rouge.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.facebook.com https://ct.pinterest.com *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.trackedlink.net *.ddlnk.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://enews.lenotre.fr https://cook.shortest-route.com https://cdn.cookielaw.org https://www.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com *.lenotre.com https://cdn.cookielaw.org https://bam.nr-data.net *.aticdn.net https://connect.facebook.net https://snap.licdn.com *.hotjar.com *.criteo.net *.criteo.com https://s.pinimg.com *.pinterest.com *.googlesyndication.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com https://www.lenotre.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com https://maps.googleapis.com https://cdn.cookielaw.org https://bam.nr-data.net https://dmp.lenotre.com https://logs1412.xiti.com *.onetrust.com https://ct.pinterest.com https://region1.analytics.google.com *.linkedin.com *.criteo.com *.doubleclick.net *.googlesyndication.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-WXHzVxWXlvQ2fkYwL11CtmbgVpenguKY' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.google.com https://*.logic.azure.com/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/   https://intelisearch.azurewebsites.net https://directline.botframework.com https://websearchproxy.azure-api.net wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com https://fonts.gstatic.com https://ws.colissimo.fr *.cloudflare.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.e-transactions.fr https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com *.hotjar.com *.eventbrite.com sibautomation.com https://www.youtube.com https://form.typeform.com *.youtube.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com https://plumrocket.com *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.trackedlink.net business.facebook.com *.trustedshops.com *.etrusted.com *.google.fr *.bing.com *.clarity.ms *.bing.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr *.cloudflare.com *.ytimg.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com *.trustedshops.com *.etrusted.com *.hotjar.com *.eventbrite.com sibautomation.com *.bing.com *.clarity.ms *.jquery.com *.brevo.com *.cloudflare.com *.cloudflareinsights.com *.terreexotique.fr https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.trustedshops.com *.etrusted.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com *.trustedshops.com *.etrusted.com in.hotjar.com *.hotjar.io *.brevo.com *.clarity.ms *.bing.net *.bing.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://integrations.etrusted.site payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.clarity.ms *.stripe.com *.stripe.network *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors https://widget.reviews.co.uk *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.clarity.ms *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' *.clarity.ms https://c.bing.com https://www.google.co.in *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.clarity.ms *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: *.clarity.ms https://fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.clarity.ms 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.sandbox.paypal.com https://www.paypal.com *.clarity.ms *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BSW147kpvDaxmOxJ1bN9pQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ;          base-uri 'self' ;          object-src 'none' ;          script-src 'self' 'unsafe-eval' 'nonce-aNHuC7P74656JV8Al1oA1Q==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.cdn.pagesense.io *.youtube.com *.seatsio.net;          connect-src 'self' *.googleapis.com *.google-analytics.com *.nimbuspop.com ws: data: ;          font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data:  ;          style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com;          frame-src 'self' * ;          img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: blob: *.nimbuspop.com *.zohopublic.com 1
object-src 'none';base-uri 'self';script-src 'nonce--hcACC-oo0WUm8cKCBr5dA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.cleverreach.com *.ekomiapps.de *.gstatic.com https://fonts.gstatic.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.cleverreach.com accounts.google.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net *.googleapis.com *.fbcdn.net *.google.de *.google.com *.facebook.com *.cdninstagram.com *.instagram.com *.paypal.com *.drgoerg.com *.smartsuppcdn.com *.ytimg.com *.ekomiapps.de cdn-cookieyes.com magefan.com cm.magefan.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.googleapis.com *.gstatic.com *.instagram.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.smartsuppchat.com *.smartsuppcdn.com *.qualtrics.com *.adform.net *.google-analytics.com *.ekomiapps.de smart-widget-assets.ekomiapps.de cdn-cookieyes.com cdn.amasty.com platform-api.sharethis.com accounts.google.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.fontawesome.com *.avada.io *.shopify.com js.mollie.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.gstatic.com *.smartsuppcdn.com unsafe-inline sw-assets.ekomiapps.de *.fontawesome.com accounts.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.google.com *.gstatic.com *.smartsuppcdn.com *.smartsupp.com *.smartsuppchat.com *.google-analytics.com *.doubleclick.net *.qualtrics.com *.adform.net wss://websocket-visitors.smartsupp.com *.ekomiapps.de cdn-cookieyes.com *.cookieyes.com accounts.google.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.svea.com https://*.vipps.no https://*.trustly.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.svea.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.svea.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-AoEBXDyo1_c05X-MfJZTYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.js.stripe.com *.typekit.net analytics.twitter.com az416426.vo.msecnd.net bam.eu01.nr-data.net blob: cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com d2oh4tlt9mrke9.cloudfront.net googleads.g.doubleclick.net ipinfo.io js.stripe.com js-agent.newrelic.com maps.googleapis.com maxcdn.bootstrapcdn.com s3.amazonaws.com script.hotjar.com static.ads-twitter.com static.hotjar.com stats.g.doubleclick.net unpkg.com widget.trustpilot.com ws.sessioncam.com www.google-analytics.com www.googletagmanager.com www.instagram.com;style-src 'self' 'unsafe-inline' *.typekit.net cdn.jsdelivr.net code.jquery.com fonts.googleapis.com www.instagram.com;img-src 'self' *.akamaihd.net *.facebook.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.typekit.net analytics.twitter.com d2oh4tlt9mrke9.cloudfront.net data: s3-eu-west-1.amazonaws.com t.co ws.sessioncam.com www.google.co.uk www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.laywheeler.com;connect-src 'self' *.google.com *.googleapis.com *.gstatic.com *.nr-data.net *.typekit.net api.stripe.com blob: d2oh4tlt9mrke9.cloudfront.net data: googleads.g.doubleclick.net ipinfo.io maps.googleapis.com pay.realexpayments.com region1.google-analytics.com stats.g.doubleclick.net widget.trustpilot.com ws.sessioncam.com www.google-analytics.com www.googletagmanager.com www.instagram.com;font-src 'self' *.typekit.net analytics.twitter.com fonts.gstatic.com;frame-src 'self' *.facebook.com *.google.com *.js.stripe.com hooks.stripe.com js.stripe.com td.doubleclick.net widget.trustpilot.com www.googletagmanager.com www.instagram.com;worker-src 'self' blob:;block-all-mixed-content; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com dhv2ziothpgrr.cloudfront.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.flashyapp.com api.flashy.app *.flashy.dev *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.flashyapp.com api.flashy.app *.flashy.dev *.facebook.com platform.twitter.com www.googletagmanager.com https://analytics.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.afterpay.com/ *.cash.app www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.disqus.com https://img.youtube.com *.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.gstatic.com api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il maps.gstatic.com *.cloudfront.net dhv2ziothpgrr.cloudfront.net www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.flashyapp.com api.flashy.app *.flashy.dev *.disqus.com *.facebook.net *.facebook.com twitter.com platform.twitter.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.clarity.ms api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il *.googleapis.com *.cloudfront.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.flashyapp.com api.flashy.app *.flashy.dev *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com pay.google.com *.clarity.ms *.doubleclick.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.agechecker.net https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io img.agechecker.net https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://info.dibs.se c.bing.com c.clarity.ms imgsct.cookiebot.com imgsct.cookiebot.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.agechecker.net https://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com https://*.dibspayment.eu www.clarity.ms *.trustpilot.com consent.cookiebot.com consent.cookiebot.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.hotjar.com js.klevu.com *.ksearchnet.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com https://*.dibspayment.eu *.trustpilot.com downloads.mailchimp.com https://static.klaviyo.com https://test.checkout.dibspayment.eu https://checkout.dibspayment.eu *.google.com snusdaddy.test *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.agechecker.net https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.dibspayment.eu o.clarity.ms *.clarity.ms consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://test.checkout.dibspayment.eu https://checkout.dibspayment.eu *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' ws: data: https://builder.io https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js.map https://motionind.leadmethod.com https://cdn.builder.io https://cdn.cookielaw.org wss://centralus.stt.speech.microsoft.com https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://hit.uptrendsdata.com https://api.stripe.com https://r.stripe.com https://js.stripe.com https://www.googletagmanager.com https://fonts.gstatic.com https://fonts.googleapis.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://ka-p.fontawesome.com https://kit.fontawesome.com https://privacyportal-cdn.onetrust.com https://privacyportal.onetrust.com https://*.onelink-edge.com https://px.ads.linkedin.com https://f.monetate.net https://*.klaviyo.com https://dpm.demdex.net https://api9761.d41.co https://surveystats.hotjar.io https://content.hotjar.io https://vc.hotjar.io https://gpc.d2.sc.omtrdc.net https://google.com https://motion.groupbycloud.com https://*.signifyd.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.merchant-center-analytics.goog https://stats.g.doubleclick.net https://app.launchdarkly.com https://events.launchdarkly.com https://clientsdk.launchdarkly.com https://clientstream.launchdarkly.com https://otel.observability.app.launchdarkly.com https://pub.observability.app.launchdarkly.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.stripe.com https://www.googletagmanager.com https://imgs.signifyd.com https://h.online-metrix.net https://genuinepartscompany.demdex.net https://fonts.googleapis.com/ https://www.google-analytics.com https://privacyportal.onetrust.com https://privacyportal-cdn.onetrust.com https://apis.google.com/ https://appleid.cdn-apple.com/ https://js.stripe.com https://fonts.gstatic.com https://cdn.builder.io https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://ka-p.fontawesome.com https://privacyportal-cdn.onetrust.com https://static.klaviyo.com https://script.hotjar.com https://marketer.monetate.net https://*.signifyd.com https://*.klaviyo.com; form-action 'self' https://www.facebook.com; frame-src https://h.online-metrix.net https://motionindustries.navigator.traceparts.com https://www.traceparts.com https://js.stripe.com https://hooks.stripe.com https://www.google.com/ https://*.partcommunity.com https://motionnonttpn.navigator.traceparts.com/ https://genuinepartscompany.demdex.net https://www.youtube.com/ https://www.facebook.com https://td.doubleclick.net https://imgs.signifyd.com https://www.3dcontentcentral.com https://www.googletagmanager.com http://hubcity-ps.com https://*.monetate.net https://*.mi-labs.gcp https://*.motion.com https://motion.com https://www.product-config.net https://*.product-config.net; frame-ancestors 'self'; img-src * data:; manifest-src 'self' https://www.motion.com https://motionzt.cloudflareaccess.com/*; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.builder.io https://js.stripe.com https://tracking.moe-labs.com https://maps.googleapis.com https://cdn.cookielaw.org https://*.onelink-edge.com https://*.signifyd.com https://*.klaviyo.com 'sha256-7IQaH0GHL0i/NYRSpNhetf7bsLAdUb5plCa1zopomqQ=' 'sha256-jxr65fElPSBOghVMG86Oa+1MMueF5XrrNnKBxrSKNR4=' 'sha256-mq0FQ38XiRVr8QBX1KWMstgu+w2sSU0yJOISOMT8uCA=' 'sha256-rCc5T4hQqAV0Ug7xq3ex3dQHIz6POkm/UAbJBZKjH+g=' 'sha256-VMTg7GC0NsngXmVSkIYGrQXa4b320SA4uhCcc0puRdg=' 'sha256-Lpmug5Bj24IpRX9Ndaoigbig9HRqpXJOrVZkeXku0fM=' 'sha256-FGRuJhIHLNoCAfw5Kb9S2FSdJKk8WPbpY/kZTaHh3RM=' 'sha256-5LPe4p9xSNM/leeaQEH1Z6wPUud4wMVL0PbL8PeIC3M=' 'sha256-kpnnNmp+MLPg+Fjda/K7AJtULAgN7iidJ1ewzp/ohBk=' 'sha256-PCj4vgYYXM6VCEdc7heJLgTfFOaKiVZJpsxI5ZWd5t4=' 'sha256-oCs8W0eDmzWleSViR3QwoMmlWyVgfU55OcbOiHEcE8g=' 'sha256-o71Ig/I5ECDOBZ54K2HqrJog5oqNKbqyJ9dc1zd2tdQ=' 'sha256-uCmRe/UYuP3cioaYZgsPXxUxokNm74UQWm9/O2C1G9I=' 'sha256-VKjuplJ1QRySkDbQrgh+0biogvxxD0UbXrTrqHmLgOU=' 'sha256-8Dv4Ja24qJrfu3I7r6TOPLbHAlB63DbiDG6u+uwkn+U=' 'sha256-UttWgMmPrRk26GokTFwrZEv32kNSsOJflEfLjZmm+/I=' 'sha256-B81/WPg1m3H90Y0sm5oAXDNqUD8QLQ1EjR14JwA/b1Q=' 'sha256-19itzSn0e8zLc9z8nCE1IARl1X32ifhCpJMRpbAA16M=' 'sha256-Ew22nQRMcWa1Ibq+bAd4+6TFPN/tie3sLoyc6m6okfM=' 'sha256-eO3mn8/oi3ZTPuPqtur4mQyP0kjkGJ/UfhL4woUedgY=' https://static.cloudflareinsights.com/ https://kit.fontawesome.com https://assets.adobedtm.com https://connect.facebook.net https://api9761.d41.co https://cdn-0.d41.co https://snap.licdn.com https://se.monetate.net https://marketer.monetate.net https://id.rlcdn.com https://f.monetate.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://static.ads-twitter.com https://static.hotjar.com https://script.hotjar.com https://privacyportal-cdn.onetrust.com https://www.googletagmanager.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com https://fonts.googleapis.com https://marketer.monetate.net https://www.googletagmanager.com https://*.typekit.net; worker-src 'self' blob: https://localhost:8443 https://*.moe-labs.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=NZ5qZnbiYATaq_2MMepqLZxMf.IMk1iHbxxpOVHEph4-1773710721.260629-1.0.1.1-wfYHqLm_e5xfZKcYWimrXRvFsYnfgMUlBxydQi6zoC.kP9L7kPRQD4iD4zeVkoa77ygf99D1CdqVCsL2YxbWhKZylSWhiAqjd4v6PmDbtVW57vkzvsPi_bKXCHINmWTgDTjld32HsewaB86ErO90tQ6tvcqlGxQ0lQv3JvvuFrn3EkqE1N13jHCyLYWJW9I2Rw1KdkDlzf0x4y.AqEMKOA; report-to cf-uocjohupnwogciwr 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com blob: https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ca5-dGQvSjtyIJTRva6C-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://use.fontawesome.com https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://player.vimeo.com https://www.youtube-nocookie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com https://redchamps.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com player.vimeo.com https://player.vimeo.com https://www.youtube.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://use.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https://svanalytics.containers.piwik.pro/ https://predict.rekai.se/ https://view.rekai.se/view https://svanalytics.piwik.pro/; media-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-fdd30680-21a2-11f1-9056-cd3a9efb9d9a' https://svanalytics.containers.piwik.pro/ https://static.rekai.se/ 'unsafe-eval'; style-src 'self' 'nonce-fdd30680-21a2-11f1-9056-cd3a9efb9d9a'; frame-ancestors 'self'; frame-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com https://*.clarity.ms https://pagead2.googlesyndication.com https://google.com https://bat.bing.com https://*.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://cdn.cookielaw.org https://sentry.io https://*.sentry.io https://*.fullstory.com https://*.stripe.com/ https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io https://bitbucket.org; connect-src 'self' data: https://sonarcloud.io https://sonarqube.us https://*.sonarqube.us wss://*.sonarqube.us https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com https://google.com https://bat.bing.com https://*.g.doubleclick.net https://*.clarity.ms https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://*.onetrust.com https://*.observability.app.launchdarkly.com https://sentry.io https://*.sentry.io https://*.fullstory.com https://*.stripe.com/ https://*.gravatar.com https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io https://api.bitbucket.org https://*.atl-paas.net https://d301sr5gafysq2.cloudfront.net; img-src 'self' blob: data: https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com https://google.com https://bat.bing.com https://*.g.doubleclick.net https://px.ads.linkedin.com https://analytics.twitter.com https://t.co https://cdn.cookielaw.org https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io https://bitbucket.org https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io; font-src 'self' data: https://fonts.gstatic.com https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io; worker-src 'self'; frame-ancestors 'self' https://*.azure.com https://*.visualstudio.com https://cdn.vsassets.io https://bitbucket.org; child-src 'self' https://*.sonarcloud.io https://*.sonarqube.us https://*.stripe.com/; object-src 'none'; media-src 'self' data:; report-uri https://o1316750.ingest.sentry.io/api/6619196/security/?sentry_key=8c47526651d84562a9082224967f78c3; report-to sentry; 1
object-src 'none';base-uri 'self';script-src 'nonce-MRq0P_QrZZJPKOF8HVq-ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-K_0ZqcLCvbJ8T3s82-Wx6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.ca-dev.co *.chargeafter.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca https://cdn-sandbox.ca-dev.co https://cdn.chargeafter.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca https://cdn-sandbox.ca-dev.co https://cdn.chargeafter.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.ca-dev.co *.chargeafter.com http://dpm.demdex.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com apitest.authorize.net jstest.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/PTG/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/PTG/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogiclongterm.s3.amazonaws.com/PTG/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ 'self' https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicstream.s3.amazonaws.com/PTG/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QjDhtRg3OgSAjMsKnyQ-vA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com assets.xxlove.gr *.assets.xxlove.gr *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.iris.dias.com.gr *.test-iris.dias.com.gr *.twitter.com *.google.com assets.xxlove.gr *.assets.xxlove.gr *.piraeusbank.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://widget-v5.boxnow.gr https://widget-v4.boxnow.gr https://widget-v4-dev.boxnow.gr https://widget-v5-dev.boxnow.gr https://widget-v4-stage.boxnow.gr https://widget-v5-stage.boxnow.gr consentcdn.cookiebot.com consentcdn.cookiebot.eu *.klarna.com *.youtube.com/ *.google.com assets.xxlove.gr *.assets.xxlove.gr *.contactpigeon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com maps.gstatic.com *.googleapis.com *.google.com *.acscourier.net imgsct.cookiebot.com imgsct.cookiebot.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.maps.gstatic.com maps.googleapis.com assets.xxlove.gr *.assets.xxlove.gr *.js.klarna.com *.imgsct.cookiebot.com *.contactpigeon.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com maps.googleapis.com *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googletagmanager.com consent.cookiebot.com consent.cookiebot.eu *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com *.xxlove.gr *.xxlove.trust-servers.net assets.xxlove.gr *.assets.xxlove.gr *.js.klarna.com *.consent.cookiebot.com *.consentcdn.cookiebot.com *.contactpigeon.com *.disqus.com *.avada.io *.piraeusbank.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com assets.xxlove.gr *.assets.xxlove.gr 'unsafe-inline' https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com artserver.gr maps.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.com *.google.co.in *.maps.gstatic.com *.maps.googleapis.com assets.xxlove.gr *.assets.xxlove.gr *.js.klarna.com *.consentcdn.cookiebot.com *.contactpigeon.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.moprestamo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.moprestamo.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.moprestamo.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.moprestamo.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' www.scalemodelstore.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' www.scalemodelstore.com https://www.google.com www.gstatic.com https://www.googleadservices.com tpc.googlesyndication.com connect.facebook.net; frame-src www.google.com tpc.googlesyndication.com; img-src 'self' data: static.pay.nl www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com rms.ups.com; object-src 'none'; report-uri /csp-violations.php; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com *.amazonaws.com *.fontplus.jp data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.fontplus.jp p01.mul-pay.jp pt01.mul-pay.jp 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.fontplus.jp 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de landofcoder.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.demdex.net/ *.youtube.com/ *.fontplus.jp *.googletagmanager.com *.fontplus.js/* static.addtoany.com td.doubleclick.net ct.pinterest.com fledge.teads.tv p.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net/ dpm.demdex.net *.everesttech.net/ *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tasaki.inc/ www.google.co.jp ct.pinterest.com t.teads.tv cm.teads.tv b99.yahoo.co.jp t.co analytics.twitter.com tr.line.me www.facebook.com i.smartnews-ads.com i6.smartnews-ads.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com https://polyfill-fastly.io landofcoder.com *.avada.io *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.fontplus.jp static.addtoany.com s.pinimg.com ct.pinterest.com p.teads.tv s.yimg.jp b99.yahoo.co.jp www.clarity.ms static.ads-twitter.com d.line-scdn.net connect.facebook.net taj1.ebis.ne.jp rec.ebis.ne.jp cdn.smartnews-ads.com p01.mul-pay.jp pt01.mul-pay.jp static.mul-pay.jp stg.static.mul-pay.jp 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de madefor.github.io landofcoder.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com maps.googleapis.com static.addtoany.com *.fontplus.jp adservice.google.com www.google.com ct.pinterest.com cm.teads.tv t.teads.tv am.yahoo.co.jp www.clarity.ms *.clarity.ms c.bing.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' static.addtoany.com secure.gravatar.com fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com script.addtoany.com static.addtoany.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: jigsaw.w3.org www.w3.org www.google-analytics.com ssl.google-analytics.com www.linkedin.com static.addtoany.com s.w.org secure.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' static.addtoany.com; report-uri https://bishnet.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-{RANDOM}' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com https://js.hubspot.com https://*.hubspot.com https://*.hubspotusercontent-na1.net 'nonce-xruyZmdV5+ZvgXeotkdRyQ=='; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://*.googletagmanager.com https://*.hubspot.com https://*.hubspotusercontent-na1.net; style-src 'self' 'unsafe-inline' https://*.hubspotusercontent-na1.net; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.hubspot.com https://*.hubspotusercontent-na1.net; font-src 'self' https://*.hubspotusercontent-na1.net; frame-src https://*.hubspot.com https://*.googletagmanager.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es magefan.com cm.magefan.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://images.unsplash.com *.disqus.com https://firebasestorage.googleapis.com 'self' data: *.bing.com *.bing.net *.clarity.ms *.google.co.uk *.google.com *.linkedin.com *.test-meter.co.uk data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com https://maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.disqus.com *.avada.io *.shopify.com https://getaddress.io *.gstatic.com bat.bing.com bat.bing.net *.clarity.ms *.cookie-script.com *.googlesyndication.com snap.licdn.com code.jquery.com *.zdassets.com *.zopim.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://checkout.iwdagency.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com https://get.geojs.io *.avada.io https://api.getaddress.io *.google-analytics.com bat.bing.com bat.bing.net *.clarity.ms *.googlesyndication.com *.linkedin.com *.trustpilot.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-RWrxsLr4aht4N2Eej8PE6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: www.google-analytics.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com creditcard.wincraft.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.livechatinc.com cdn.livechatinc.com secure.livechatinc.com creditcard.wincraft.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com www.facebook.com www.facebook.net connect.facebook.net stats.g.doubleclick.net ssl.google-analytics.com ssl.gstatic.com www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.livechatinc.com cdn.livechatinc.com secure.livechatinc.com ssl.google-analytics.com tagmanager.google.com www.facebook.net connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.adobedtm.com *.cardinalcommerce.com *.googleadservices.com *.ccdc02.com *.paypal.com *.vimeo.com *.facebook.net *.hsforms.net *.adobedtm.net creditcard.wincraft.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com tagmanager.google.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.livechatinc.com cdn.livechatinc.com secure.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-rSn_c3MF-OLML0l7KAmD_w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://ct.pinterest.com https://consentcdn.cookiebot.com *.google.com/ https://plumrocket.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com https://scontent.cdninstagram.com *.cloudfront.net *.helloretail.com *.pinterest.com *.google.com *.google.dk https://info.dibs.se ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com www.google.com.ua maps.googleapis.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://gtm.bittekairand.com https://magento.com https://foursixty.com https://static.bambora.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.doubleclick.net https://*.hotjar.com https://*.mouseflow.com https://*.pinimg.com *.cookiebot.com https://*.dibspayment.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.gstatic.com *.fontawesome.com *.avada.io *.shopify.com *.google.com/ maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://foursixty.com https://cdn.jsdelivr.net https://*.dibspayment.eu downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://core.helloretail.com https://helloretailcdn.com https://foursixty.com *.pinterest.com https://gtm.bittekairand.com *.doubleclick.net *.cookiebot.com https://*.dibspayment.eu form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about 1
object-src 'none';base-uri 'self';script-src 'nonce-ntjymdqumBD3rBfznm2FLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-77zFQbkeEArGHCvmKvvOow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
configuration 1
font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://popsql.com https://popsql.com ; frame-src 'self' https://vercel.live ; media-src 'self' blob: ; script-src 'self' 'unsafe-inline' https://popsql.com https://popsql.com http://cdn.mxpnl.com http://fast.wistia.com http://static.asayer.io http://www.google-analytics.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://assets.customer.io https://cdn.koala.live https://cdn.segment.com https://cmp.osano.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://static.asayer.io https://vercel.live https://www.redditstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com ; worker-src 'self' blob: ; 1
font-src fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.cloudflare.com *.clarity.ms static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk *.tawk.to data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.facebook.com *.mdoq.io 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com js.mollie.com www.xtento.com widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com www.facebook.com *.clarity.ms td.doubleclick.net *.googletagmanager.com *.cookiebot.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com unsplash.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com magefan.com cm.magefan.com https://www.mollie.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.co.uk www.worldofpower.co.uk media.worldofpower.co.uk media.worldofbbqs.co.uk media.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk bat.bing.com *.clarity.ms c.bing.com media2.giphy.com www.facebook.com image.providesupport.com *.discountdisplays.co.uk *.unsplash.com img.sct.eu1.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com js.mollie.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.trustpilot.com *.lpsnmedia.net bat.bing.com world11215.pcapredict.com www.googlecommerce.com connect.facebook.net image.providesupport.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk *.cookiebot.eu *.usercentrics.eu *.tawk.to cdn.jsdelivr.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk static.klaviyo.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.stripe.com google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.ideal-postcodes.co.uk t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.pixriot.com *.storeimaging.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net *.clarity.ms www.facebook.com static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static-forms.klaviyo.com *.tawk.to wss://*.tawk.to bat.bing.com *.cookiebot.eu *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src www.paypalobjects.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; style-src downloads.mailchimp.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://tagging.argentorshop.be *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com https://www.google.com https: 'self' 'unsafe-inline'; script-src https://tagging.argentorshop.be *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com https: 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com d19ayerf5ehaab.cloudfront.net d1azc1qln24ryf.cloudfront.net dsb5btxtdmlo9.cloudfront.net globale-prod.s3-eu-west-1.amazonaws.com *.hotjar.com *.jsdelivr.net *.reviews.io s3-eu-west-1.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.facebook.com *.americanexpress.com *.arcot.com *.cardinalcommerce.com *.danskebank.com *.global-e.com *.modirum.com *.monzo.com *.privatbank.ua *.reviews.co.uk *.revolut.com *.rsa3dsauth.co.uk *.starlingbank.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com *.nosto.com *.nos.to *.weltpixel.com www.xtento.com *.americanexpress.com *.arcot.com *.awin1.com *.bwe.io *.cardinalcommerce.com *.danskebank.com *.facebook.com *.googletagmanager.com *.lloydsbankinggroup.com *.modirum.com *.monzo.com *.pinterest.com *.privatbank.ua *.reviews.co.uk *.revolut.com *.rsa3dsauth.co.uk *.securly.com *.starlingbank.com *.typeform.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com *.trackedlink.net *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.facebook.com *.reddit.com *.cdninstagram.com *.fbcdn.net www.xtento.com cdn.xtento.com *.awin1.com brippo.s3.amazonaws.com *.chatham.co.uk d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net dsb5btxtdmlo9.cloudfront.net ebizmartsextensions.s3.amazonaws.com *.ggpht.com *.googleadservices.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.tg www.google.tm www.google.tn www.google.tt *.googlesyndication.com *.googleusercontent.com *.mccreedie.co.uk *.ojrq.net *.pinterest.com *.postcodeanywhere.co.uk *.pxf.io *.rainbowclub.com *.rainbowclub.co.uk *.reviews.io s3.amazonaws.com s3-eu-west-1.amazonaws.com tawk.link *.tawk.to *.trackedweb.net *.usercentrics.eu data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com *.instagram.com www.xtento.com cdn.xtento.com https://dsb5btxtdmlo9.cloudfront.net *.awin1.com *.cloudflare.com *.doofinder.com *.doubleclick.net dsb5btxtdmlo9.cloudfront.net *.dwin1.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.impactradius-event.com *.jsdelivr.net *.payments-amazon.com *.paypal.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.reviews.co.uk *.tawk.to *.toolszen.com *.typeform.com *.usercentrics.eu *.wisepops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com *.klarnacdn.net https://static.klaviyo.com *.nosto.com *.nos.to tagmanager.google.com *.bwe.io d19ayerf5ehaab.cloudfront.net dsb5btxtdmlo9.cloudfront.net *.googletagmanager.com *.mccreedie.co.uk *.postcodeanywhere.co.uk *.reviews.co.uk *.reviews.io *.tawk.to *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com d21m4dsqdd3b9h.cloudfront.net *.tawk.to 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to wss://*.hotjar.com wss://*.tawk.to *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.instagram.com *.googleusercontent.com *.bglobale.com *.chatham.co.uk *.chathamfootwear.com *.datah04.com dsb5btxtdmlo9.cloudfront.net *.facebook.com *.global-e.com *.googleadservices.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.et www.google.com.gi www.google.com.kh www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.tn *.googlesyndication.com *.hotjar.io *.impct.site *.pinterest.com *.postcodeanywhere.co.uk *.pxf.io *.rainbowclub.co.uk *.reviews.co.uk *.reviews.io *.tawk.to *.typeform.com *.usercentrics.eu *.wepowerconnections.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e840a2bc-3d9d-4f2a-b6af-c5aad746125f.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-7NDTUu1o5ZgnsmqJ_HmN3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src self; font-src self; img-src self; script-src self; style-src self 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.addthis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com/ *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.trackedlink.net https://www.google.co.in/ https://www.facebook.com/ https://www.magecomp.com/ https://raw.githubusercontent.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://connect.facebook.net https://cookie-script.com/ https://cdn.cookie-script.com/ https://secure.paytmpayments.com/ https://staticpg.paytmpayments.com/ https://accounts.paytm.com/ *.disqus.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://maxcdn.bootstrapcdn.com/ https://staticpg.paytmpayments.com/ *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://secure.paytmpayments.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com lumberjack.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.trustedshops.com *.fontawesome.com data: https://fonts.bunny.net *.tawk.to https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.googlesyndication.com *.tiktok.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.cloudflare.com *.mailcampaigns.nl www.google.nl bat.bing.com bat.bing.net app.youshouldask.ai https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com *.amazonaws.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.trustedshops.com *.cloudflare.com *.fontawesome.com *.mailcampaigns.nl bat.bing.com api.ipify.org app.youshouldask.ai *.clarity.ms *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.getfirebug.com *.cloudflare.com *.trustedshops.com app.youshouldask.ai https://fonts.bunny.net *.multisafepay.com *.sendcloud.sc *.jsdelivr.net *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com bat.bing.com bat.bing.net exch.happyhorizon.com *.google.nl k.clarity.ms https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com fonts.googleapis.com *.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.criteo.com *.criteo.net *.hotjar.com *.google.com *.google.co.in *.github.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.google.com *.google.co.in magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.google.com *.google.co.in *.googletagmanager.com *.gstatic.com *.hotjar.com *.criteo.com *.criteo.net *.github.io *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com fonts.googleapis.com fast.fonts.net *.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.paypal.com *.doubleclick.net *.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-KLUo9LatR5bDY_WSt7Zicg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.fontawesome.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io maps.googleapis.com twitter.com platform.twitter.com *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com cdnjs.cloudflare.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.googlesyndication.com *.tiktok.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com *.googletagmanager.com consentcdn.cookiebot.eu www.gstatic.com apis.google.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.tawk.to 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.google.ro www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.usercentrics.eu https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com consentcdn.cookiebot.eu consent.cookiebot.eu *.googleapis.com *.fontawesome.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com cdnjs.cloudflare.com *.fontawesome.com *.google.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com consentcdn.cookiebot.eu http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8QsAytN1XPZD1lR23Vlrwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.21sextreme.com *.21members.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.21sextreme.com *.21members.com join.gammasecure.com; script-src 'self' *.21sextreme.com *.21members.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.21sextreme.com *.21members.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://plugin-magento-ui.glopalservice.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.weltpixel.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.pixriot.com *.storeimaging.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustpilot.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.klarnacdn.net https://static.klaviyo.com *.trustpilot.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; object-src *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; media-src *.adobe.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; manifest-src *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.pixriot.com *.storeimaging.com *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; child-src *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com http: https: blob: 'self' 'unsafe-inline'; default-src *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.americanexpress.com *.visa.com *.mastercard.com https://www.rsa3dsauth.co.uk https://sg-3ds-vdm.wlp-acs.com postfinance.ch *.postfinance.ch *.paypal.com *.stripe.com squareup.com *.squareup.com *.chase.com *.bankofamerica.com *.wellsfargo.com *.hsbc.com *.cic.fr *.amex.com *.nyse.com 'self' 'unsafe-inline'; 1
default-src 'self' auspost.net.au *.auspost.net.au cloudflare.com *.cloudflare.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com google.co.nz *.google.co.nz google.com *.google.com googletagmanager.com *.googletagmanager.com maps.googleapis.com *.maps.googleapis.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com rarespares.net.au *.rarespares.net.au youtube.com *.youtube.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yBxbXydrBYYgUDRnsfv2MWAKJAQf.NbV2PAshvEQEG4-1773712708.2745485-1.0.1.1-YoHmQ8eoodE7ju9VyU2bglu7x9CKFM1Ua.fQh98kMRRxyRR3Mf5dHWIMMDS9Y03b0SYkZLEazf.Z2D3llXgNlF8lixrI5TtOEoa.orFROE.porIpDbYAZ2hnO0iRCKHQjSzI2R698z1X7bY41v9yNWbOODPUBZJQ2xh3o3tAw8ALTttw_8pLa2coFT6nqMZwEy0TMJR1yTExjlajpNvi2g; report-to cf-otgbhwbjbcmbonnf 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ www.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com landofcoder.com *.disqus.com *.avada.io *.shopify.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org maps.googleapis.com www.gstatic.com connect.facebook.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://geowidget.inpost.pl www.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com landofcoder.com https://get.geojs.io *.avada.io *.easypack24.net *.inpost.pl *.openstreetmap.org places.googleapis.com www.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.microvision.com; script-src 'self' 'unsafe-inline' *.jobvite.com *.onlyfy.jobs *.googletagmanager.com 'unsafe-eval' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.vimeo.com www.youtube.com; object-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br *.google.com.my *.google.com.hk *.google.com.ng *.google.com.pk *.google.com.uk *.google.de *.google.it *.google.fr *.google.at *.google.ch *.google.ca *.google.co.ao *.google.co.nz *.google.co.jp *.google.co.in https://www.google.com https://google.com i.ytimg.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br *.google.com.my *.google.com.hk *.google.com.ng *.google.com.pk *.google.com.uk *.google.de *.google.it *.google.fr *.google.at *.google.ch *.google.ca *.google.co.ao *.google.co.nz *.google.co.jp *.google.co.in noembed.com; frame-src 'self' *.jobvite.com *.onlyfy.jobs https://bid.g.doubleclick.net https://td.doubleclick.net *.vimeo.com www.youtube.com www.youtube-nocookie.com; report-uri https://sentry.networkteam.com/api/321/security/?sentry_key=86c8eb4a595a42448a455afac3f49ef6 1
object-src 'none';base-uri 'self';script-src 'nonce-I86jSsjTCi_4Oq1W40eUQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.zopim.com v2.zopim.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.payflowlink.paypal.com *.paypal.com *.trustpilot.com *.hirekogolf.com www.orlimar.com *.karmagrips.com *.dev81.magecloud.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.addthis.com *.zdassets.com *.zopim.com v2.zopim.com *.payflowlink.paypal.com *.paypal.com *.trustpilot.com *.youtube.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.zopim.com v2.zopim.com *.omtrdc.net *.trustpilot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.googleadservices.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com *.zdassets.com *.zopim.com v2.zopim.com *.widget-mediator.zopim.com *.trustpilot.com www.facebook.com connect.facebook.net business.facebook.com static-tracking.klaviyo.com *.paypal.com *.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.trustpilot.com *.zopim.com v2.zopim.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.googletagmanager.com *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.zdassets.com *.zopim.com v2.zopim.com wss://widget-mediator.zopim.com *.trustpilot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com hireko.zendesk.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.zdassets.com *.zopim.com v2.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://api.sunbit.com/sampling/api/v1/csp-reports?application=my-sunbit&env=dev; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://fpnpmcdn.net https://use1.fptls.com *.sunbit.* *.google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://sentry.io *.googletagmanager.com *.google-analytics.com *.datadoghq-browser-agent.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/axios@1.6.2/dist/axios.min.js 'sha256-oNwErqIk8VRSUay1+8A7krM8W1V1Tq/5L14zrrLP8pw=' 'sha256-woAyRoW0yGOEl+CG3XDrIRRr4AqDTWyBET3GMzjr75g=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-AF490//jIflwN/2nTDszvAx/KI2V9GJG8gdwvGhO/zw=' 'sha256-8dULgHWW2eIwqjJTAQle9cUf85AipTjC2f9Ks83Sxks=' 'unsafe-eval' http://localhost:3010 http://localhost:3010 sunbit-dev-static.s3-us-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com blob:; frame-src data: http://epay *.sunbit.* *.google.com *.googletagmanager.com; child-src *.googletagmanager.com *.mysunbit.* blob:; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com https://www.google.co.il/ https://static.sunbit.*; font-src 'self' *.gstatic.com *.typekit.net data:; connect-src 'self' ws: about: http://api *.sunbit.* *.google.com https://sentry.io *.browser-intake-datadoghq.com *.datadoghq.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com *.datadoghq.com *.datadoghq.eu tls-use1.fpapi.io https://use1.fptls.com/ https://api-js.mixpanel.com/ https://stats.g.doubleclick.net/; 1
font-src www.paypalobjects.com maxcdn.bootstrapcdn.com https://embed.tawk.to https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.google.com js.mollie.com *.cookiebot.eu *.doubleclick.net www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.cloudfront.net validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.mollie.com https://api.mapbox.com *.tawk.to *.bing.com *.doubleclick.net *.google.com *.googleusercontent.com *.gstatic.com *.usercentrics.eu www.xtento.com cdn.xtento.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com *.google.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net js.mollie.com https://embed.tawk.to *.bing.com *.cookiebot.eu *.doubleclick.net *.rumvision.com www.xtento.com cdn.xtento.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://embed.tawk.to https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.friendlycaptcha.com eu-api.friendlycaptcha.eu autocomplete2.postdirekt.de *.tawk.to wss://*.tawk.to *.bing.com *.cookiebot.eu *.doubleclick.net *.google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e0517dc4-4d82-41e4-a04f-731d48ad3325.sansec.watch/; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com https://ep2.adtrafficquality.google 'sha256-kbSBue5+KI3QyDT+Y49cVpozCxbtP52DMNRotJOx+nY=' cdnjs.cloudflare.com https://ai.ocelotbot.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://ai.ocelotbot.com https://www.google.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-B4IlEM5ZElvRGLRKQKUZzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3k5jfSPqCpATxCCOQH5y2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.reedssports.com cdn.reedssports.com rum-static.pingdom.net a-52365312.cdn.ns8ds.com widget-mediator.zopim.com *.dotdigital-pages.com r2.dotdigital-pages.com r2-t.trackedlink.net www.google-analytics.com *.google.com www.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.newrelic.com *.nr-data.net *.com.imgeng.in *.miss.imgeng.in a-52365312.nscontrol.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net *.integrator.io js.authorize.net google-analytics.com www.google-analytics.com player.vimeo.com www.youtube.com cdn.dnky.co *.reedsvipdeals.com/* app.viralsweep.com cdn.sift.com static.zdassets.com *.turnto.com maps.googleapis.com js.klevu.com; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-sqJMc1UU-DDmSVA-4vujGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.googletagmanager.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.youtube.com https://c.paypal.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://b.stats.paypal.com/ https://slc.stats.paypal.com/ https://c.paypal.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hotjar.com pop1.screenpopper.com livereload.js cdn.statstrk01.com stats.ryzeo.com *.fontawesome.com https://bam.nr-data.net https://bam-cell.nr-data.net https://c.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://bam.nr-data.net https://bam-cell.nr-data.net https://payments.sandbox.braintree-api.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-aIHA6kVM-dhwqyieG4A5Rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https://cdn.brevo.com https://sibautomation.com https://www.clarity.ms https://script.hotjar.com https://static.hotjar.com https://static.axept.io https://tr.snapchat.com https://code.jquery.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://cdn-app.myLi.io/ https://tarteaucitron.io https://app.algomo.com/ 'unsafe-inline' 'unsafe-eval' data: https://js.stripe.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://sc-static.net https://connect.facebook.net https://google.fr https://www.facebook.com https://analytics.tiktok.com https://try.abtasty.com ; img-src 'self' data: blob: https://axeptio.imgix.net https://pictures.myLi.io https://tarteaucitron.io https://*.google.fr https://www.facebook.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://uicdn.toast.com https://assets-manager.abtasty.com 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.in/api/csp-report; report-to csp-endpoint 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-YWQ1MmZmNzItYzkzMS00OTMwLThlNWEtMTZmODBiNjkwZDQ0' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
report-uri /csp/log.php;    connect-src  'self' *.facebook.com *.google.com *.googleapis.com *.googletagmanager.com *.opendns.com ad.doubleclick.net demo-1.conversionsapigateway.com https://mpc-prod-14-s6uit34pua-ue.a.run.app https://mpc-prod-23-s6uit34pua-ue.a.run.app https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.cat https://*.google.co.jp https://*.googleadservices.com https://*.gstatic.com https://1637314617.rsc.cdn77.org https://adservice.google.com https://am.yahoo.co.jp https://analytics.google.com https://api.trongrid.io https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://bat.bing.com https://bat.bing.net https://c.bing.com https://connect.facebook.net https://measurement-api.criteo.com https://meetlookup.com https://p.typekit.net https://pagead2.googlesyndication.com https://sslwidget.criteo.com https://stats.g.doubleclick.net https://use.typekit.net https://wave-data.jp www.wave-inc.co.jp;       1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://static.olark.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com vyapay.transactiongateway.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com vyapay.transactiongateway.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com platform.twitter.com https://plumrocket.com https://accounts.google.com https://static.olark.com https://www.facebook.com https://assets.braintreegateway.com https://ssl.kaptcha.com https://www.google.com https://www.gstatic.com https://www.youtube.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com secure.nmi.com secure.networkmerchants.com collectcheckout.com vyapay.transactiongateway.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com *.disqus.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://seal-dallas.bbb.org https://www.facebook.com https://log.olark.com https://timepayment.net https://maps.gstatic.com *.cloudfront.net https://www.google.com https://www.google.com.ua https://secure.trust-provider.com/trustlogo/images/popup/seal_bg.gif https://secure.trust-provider.com/trustlogo/images/popup/warranty_level.gif https://www.positivessl.com/images/seals/positivessl_trust_seal_md_167x42.png *.klevu.com *.ksearchnet.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.disqus.com https://cdn.jsdelivr.net connect.facebook.net twitter.com platform.twitter.com static.addtoany.com *.googletagmanager.com https://accounts.google.com https://www.gstatic.com https://seal-dallas.bbb.org https://connect.facebook.net https://static.olark.com https://cdn.timepayment.com https://knrpc.olark.com https://api.olark.com https://ajax.googleapis.com https://c.paypal.com https://www.google.com https://secure.trust-provider.com/trustlogo/javascript/trustlogo.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js js.klevu.com *.ksearchnet.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.paytomorrow.com *.instagram.com *.maxmind.com secure.nmi.com secure.networkmerchants.com collectcheckout.com vyapay.transactiongateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://accounts.google.com https://www.gstatic.com https://seal-dallas.bbb.org https://static.olark.com https://seal-blue.bbb.org/legacy.min.css *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.paytomorrow.com secure.nmi.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.addtoany.com https://accounts.google.com https://knrpc.olark.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net *.klevu.com *.ksearchnet.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.instagram.com *.googleusercontent.com *.mmapiws.com secure.nmi.com secure.networkmerchants.com collectcheckout.com vyapay.transactiongateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' normatel.com.br *.normatel.com.br wake-components.fbitsstatic.net normatel.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br traycorp.paymee.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com googleadservices.com stats.g.doubleclick.net *.hotjar.com *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googlesyndication.com google-analytics.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.smarthint.co *.sandbox.3dsecure.io *.3dsecure.io wake-commerce-scripts.omni.chat *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.normatel.com.br normatel.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com *.googleapis.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.gstatic.com apis.google.com https://player.vimeo.com https://www.youtube-nocookie.com *.twitter.com try.access.worldpay.com access.worldpay.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googletagmanager.com *.clarity.ms chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.gstatic.com https://player.vimeo.com https://www.youtube.com *.hsforms.net *.hsforms.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com try.access.worldpay.com access.worldpay.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.clarity.ms form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com api.addressy.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.oct8ne.com *.jsdelivr.net *.payments-amazon.com *.ittweb.net *.googletagmanager.com *.accelasearch.net *.accelasearch.io *.scalapay.com *.google.com *.gstatic.com; font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: *.accelasearch.io *.accelasearch.net *.flixcar.com *.flixfacts.com *.azureedge.net *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com www.freeshop.it 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.flixcar.com *.criteo.com https://gum.criteo.com *.agos.it *.shopcall.io *.oct8ne.com *.azureedge.net *.salesmanago.pl https://secure.viewer.zmags.com/ *.googletagmanager.com *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://images.unsplash.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.feedaty.com validate.fishpig.co.uk *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com maps.gstatic.com https://via.placeholder.com https://widget.zoorate.com *.flixcar.com *.flix360.io *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.yahoo.com *.yahoo.net *.azureedge.net *.id5-sync.com *.google.it *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.feedaty.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com https://unpkg.com *.flix360.io *.flixcar.com https://widget.zoorate.com *.zendesk.com *.zdassets.com *.accelasearch.io *.accelasearch.net *.iubenda.com *.criteo.com *.criteo.net *.dwin1.com *.jsdelivr.net https://cas.zma.gs/ tracking.trovaprezzi.it www.trovaprezzi.it *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.feedaty.com *.fontawesome.com maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.stripe.network *.stripecdn.com *.amazon.com https://unpkg.com https://widget.zoorate.com *.accelasearch.io *.accelasearch.net *.flixcar.com *.jsdelivr.net *.freeshop.it https://cas.zma.gs/ *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.freeshop.it 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.feedaty.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.gstatic.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.zendesk.com *.zdassets.com *.accelasearch.io *.iubenda.com *.flixcar.com *.oct8ne.com https://analytics.tiktok.com *.criteo.com *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; child-src www.freeshop.it http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com www.freeshop.it 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.gstatic.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://static.addtoany.com/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' data: 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://stats.g.doubleclick.net https://staticfiles.yviews.com.br https://service.yourviews.com.br https://api.pagar.me https://cdn.mundipagg.com https://img.youtube.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://c.clarity.ms https://newimgebit-a.akamaihd.net https://c.bing.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://static.addtoany.com/ tagmanager.google.com https://www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://www.googleoptimize.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://commerce.adobedtm.com https://js-agent.newrelic.com/ https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://www.clarity.ms/ https://imgs.ebit.com.br/ https://onsite.optimonk.com/ https://cdn-asset.optimonk.com/ https://gs-cdn.optimonk.com/ 'self' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; object-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu https://www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://newimgebit-a.akamaihd.net/ https://w.clarity.ms/ https://front.optimonk.com/ https://cdn-account.optimonk.com/ https://cdn-limit.optimonk.com/ https://jfapiprod.optimonk.com/ 'self' 'unsafe-inline'; child-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' data: 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://td.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; 1
default-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' * data:; connect-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; report-uri https://unwomen.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net https://cdnjs.cloudflare.com https://unpkg.com https://static.elfsight.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://kit.fontawesome.com https://unpkg.com https://fonts.googleapis.com; img-src 'self' data: blob: https: https://www.facebook.com https://www.google.com https://www.gstatic.com; font-src 'self' data: https://kit.fontawesome.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://static.elfsight.com wss:; frame-src 'self' https://www.google.com https://www.recaptcha.net https://static.elfsight.com https://www.youtube.com https://www.youtube-nocookie.com https://api.stockdio.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pPcI-zWznv3n-_piatzW8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.sbb.spk-berlin.de *.staatsbibliothek-berlin.de *.sbb.berlin; child-src 'none'; object-src 'none'; script-src http: https: 'nonce-cxSq04v9DEeL5AILurcA5LKhsFrLxvp+4vvmBSjKUfg='; connect-src 'self' *.sbb.spk-berlin.de *.staatsbibliothek-berlin.de *.sbb.berlin; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self' *.sbb.spk-berlin.de *.staatsbibliothek-berlin.de *.sbb.berlin; font-src 'self'; base-uri 'self'; 1
font-src *.bootstrapcdn.com *.gstatic.com rsms.me *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com *.disqus.com *.usd.de *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.disqus.com *.googleapis.com unpkg.com *.adobedtm.com *.neocomapp.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.googleapis.com rsms.me *.stripe.network *.stripecdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.googleapis.com *.neocomapp.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src-elem luigisbox.tech *.luigisbox.tech *.trackjs.com 'self' *.doubleclick.net *.googleadservices.com 'unsafe-inline' *.s121.mhost.eu *.gr-cdn.com us-an.gr-cdn.com *.consentmanager.net *.gr-wcon.com *.fontawesome.com *.adobe.com *.adobedtm.com *.google.com *.cardinalcommerce.com *.googleapis.com *.facebook.com *.gstatic.com fonts.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.easypack24.net *.inpost.pl izi.inpost.pl *.trustedshops.com *.it4dev.pl *.klarnacdn.net *.klarnaservices.com *.etrusted.com *.klarnaevt.com *.paypal.com www.paypal.com *.sysadvisors.pl *.dhlparcel.nl *.stripe.com integrations.etrusted.com; script-src-elem luigisbox.tech *.luigisbox.tech scripts.luigisbox.com cdn.luigisbox.com *.trackjs.com *.cloudflareinsights.com 'self' *.klarna.com *.bing.com *.braintreegateway.com *.ahrefs.com *.clarity.ms *.przelewy24.pl *.livechatinc.com bing.com *.doubleclick.net *.googleadservices.com *.s121.mhost.eu *.hotjar.com cdnjs.cloudflare.com *.youtube.com 'unsafe-inline' *.gr-cdn.com us-an.gr-cdn.com *.consentmanager.net *.gr-wcon.com *.facebook.net *.lightwidget.com *.fontawesome.com *.adobe.com *.adobedtm.com *.google.com *.cardinalcommerce.com *.googleapis.com *.facebook.com *.gstatic.com fonts.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.easypack24.net *.inpost.pl izi.inpost.pl *.trustedshops.com *.it4dev.pl *.klarnacdn.net *.klarnaservices.com *.etrusted.com *.klarnaevt.com *.paypal.com www.paypal.com *.sysadvisors.pl *.dhlparcel.nl *.stripe.com integrations.etrusted.com; script-src-attr luigisbox.tech *.luigisbox.tech *.s121.mhost.eu *.doubleclick.net *.googleadservices.com *.gr-cdn.com us-an.gr-cdn.com 'unsafe-inline' *.fontawesome.com *.facebook.net *.adobe.com *.adobedtm.com *.google.com *.cardinalcommerce.com *.googleapis.com *.lightwidget.com *.gstatic.com *.facebook.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.easypack24.net *.inpost.pl *.trustedshops.com *.it4dev.pl https://dev.martom.it4dev.pl *.klarnacdn.net *.klarnaservices.com *.etrusted.com *.klarnaevt.com *.paypal.com *.sysadvisors.pl *.dhlparcel.nl; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.inpost.pl https://use.fontawesome.com *.adobe.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com geowidget.easypack24.net geowidget.inpost.pl widgets.trustedshops.com static-app.connect.trustedshops.com static-app.connect-qa.trustedshops.com *.klarnacdn.net *.klarnaevt.com *.paypal.com *.sysadvisors.pl *.dhlparcel.nl https://fonts.bunny.net https://geowidget.easypack24.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.inpost.pl luigisbox.tech *.luigisbox.tech *.googleadservices.com *.consentmanager.net *.fontawesome.com *.adobedtm.com *.google.pl www.google.com *.cardinalcommerce.com 'self' assets.adobedtm.com *.it4dev.pl *.klarnaevt.com *.sysadvisors.pl *.dhlparcel.nl https://dev.martom.it4dev.pl *.etrusted.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * apm.przelewy24.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://geowidget-app.inpost-group.com/ https://sandbox-global-geowidget.easypack24.net/ *.stripe.com klarna.com *.klarnacdn.net *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src 'self' *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.inpost.pl qestp-admin.questprofile.com blob: luigisbox.tech *.luigisbox.tech *.trackjs.com *.bing.com bing.com gls-group.com *.clarity.ms *.files-text.com *.questprofile.com questprofile.com questprofile.pl *.googleadservices.com markizeta.s121.mhost.eu *.consentmanager.net markizeta.info *.fontawesome.com *.google.pl *.cardinalcommerce.com assets.adobedtm.com *.it4dev.pl *.klarnaevt.com *.sysadvisors.pl *.dhlparcel.nl https://dev.martom.it4dev.pl *.etrusted.com *.klarna.com *.klarnacdn.net tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.inpost.pl luigisbox.tech *.luigisbox.tech scripts.luigisbox.com cdn.luigisbox.com *.googleadservices.com 'self' 'unsafe-inline' *.gr-cdn.com us-an.gr-cdn.com *.fontawesome.com *.cardinalcommerce.com *.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.lightwidget.com *.easypack24.net https://widgets.trustedshops.com *.it4dev.pl *.klarnacdn.net *.klarnaservices.com *.etrusted.com *.klarnaevt.com https://dev.martom.it4dev.pl *.paypal.com *.sysadvisors.pl *.dhlparcel.nl *.klarna.com x.klarnacdn.net https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com mapa.orlenpaczka.pl s7.addthis.com *.avada.io *.shopify.com js.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net *.openstreetmap.org *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.amazon.com *.link.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.inpost.pl luigisbox.tech *.luigisbox.tech 'self' https://use.fontawesome.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com geowidget.easypack24.net geowidget.inpost.pl widgets.trustedshops.com static-app.connect.trustedshops.com static-app.connect-qa.trustedshops.com *.klarnacdn.net *.klarnaevt.com *.paypal.com *.sysadvisors.pl *.dhlparcel.nl https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://fonts.bunny.net sandbox-global-geowidget-sdk.easypack24.net geowidget.inpost-group.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net luigisbox.tech *.luigisbox.tech 'self' *.trackjs.com gls-group.com *.questprofile.com questprofile.com questprofile.pl *.googleadservices.com *.doubleclick.net markizeta.s121.mhost.eu *.consentmanager.net markizeta.info *.fontawesome.com *.facebook.com *.adobe.com *.adobedtm.com *.google.com *.google.pl www.google.com *.cardinalcommerce.com assets.adobedtm.com *.it4dev.pl *.klarnaevt.com *.paypal.com *.sysadvisors.pl *.dhlparcel.nl https://dev.martom.it4dev.pl *.etrusted.com 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.inpost.pl luigisbox.tech *.luigisbox.tech 'self' *.trackjs.com gls-group.com *.questprofile.com questprofile.com questprofile.pl *.googleadservices.com *.doubleclick.net markizeta.s121.mhost.eu *.consentmanager.net markizeta.info *.fontawesome.com *.facebook.com *.adobedtm.com *.google.com *.google.pl www.google.com *.cardinalcommerce.com assets.adobedtm.com *.it4dev.pl *.klarnaevt.com *.paypal.com *.sysadvisors.pl *.dhlparcel.nl https://dev.martom.it4dev.pl *.etrusted.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.inpost.pl luigisbox.tech *.luigisbox.tech *.trackjs.com *.googleadservices.com *.clarity.ms 'self' *.hotjar.com wss://*.hotjar.com *.hotjar.io *.bing.com *.ahrefs.com *.consentmanager.net *.getresponse.com *.fontawesome.com *.adobe.com *.adobedtm.com *.cardinalcommerce.com *.googleapis.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.easypack24.net *.trustedshops.com *.it4dev.pl *.klarnacdn.net *.klarnaservices.com *.etrusted.com *.klarnaevt.com *.sysadvisors.pl *.dhlparcel.nl x.klarnacdn.net *.klarna.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com nominatim.openstreetmap.org ekr.zdassets.com/ https://get.geojs.io *.avada.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.openstreetmap.org *.stripe.com klarna.com *.link.com *.amazon.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://js.stripe.com https://www.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.trustpilot.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline'; script-src-elem 'self' https://js.stripe.com https://www.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.trustpilot.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com https://www.paypalobjects.com; connect-src 'self' https://api.taapi.io wss://streaming-website-widgets.taapi.io wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://api.stripe.com https://www.google-analytics.com https://www.googletagmanager.com https://www.sandbox.paypal.com; worker-src 'self' blob:; frame-src 'self' https://js.stripe.com https://www.sandbox.paypal.com; object-src 'none'; base-uri 'self'; form-action 'self' https://api.stripe.com; frame-ancestors 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-5WxmcqiEq3H1maersXdScA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.jwpltx.com *.liveperson.net *.lpsnmedia.net *.neolane.net *.omtrdc.net *.pinimg.com *.pinterest.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1
base-uri 'self'; connect-src 'self' https://ka-f.fontawesome.com https://plausible.io; default-src 'none'; font-src 'self' https://ka-f.fontawesome.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data: https:; media-src 'self'; object-src 'none'; script-src 'nonce-LPw57J8YsxQux10GBOcj6q/w28jkEFf6' 'self'; script-src-elem 'nonce-LPw57J8YsxQux10GBOcj6q/w28jkEFf6' https://kit.fontawesome.com https://plausible.io; style-src 'nonce-LPw57J8YsxQux10GBOcj6q/w28jkEFf6' 'self'; style-src-attr 'nonce-LPw57J8YsxQux10GBOcj6q/w28jkEFf6'; style-src-elem 'nonce-LPw57J8YsxQux10GBOcj6q/w28jkEFf6'; upgrade-insecure-requests; report-uri https://richardlouv.com/?ACT=57 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.klaviyo.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://plugin-magento-ui.glopalservice.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com agechecked.verifico.io unity.agechecked.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self' agechecked.verifico.io unity.agechecked.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.doubleclick.net embedsocial.com *.google.co.uk *.reviews.io *.reviews.co.uk *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com agechecked.verifico.io unity.agechecked.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cookiepro.com *.cloudfront.net *.cdninstagram.com *.postcodeanywhere.co.uk *.bing.com *.bing.net *.reviews.io *.reviews.co.uk https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ services.postcodeanywhere.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com agechecked.verifico.io unity.agechecked.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.cookiepro.com embedsocial.com *.zdassets.com *.doubleclick.net *.pcapredict.com *.postcodeanywhere.co.uk *.googlesyndication.com *.bing.com *.clarity.ms *.hotjar.com *.reviews.io *.reviews.co.uk https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com agechecked.verifico.io unity.agechecked.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com embedsocial.com *.postcodeanywhere.co.uk *.klaviyo.com 'self' data: *.cloudfront.net *.reviews.io *.reviews.co.uk https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com *.klarnacdn.net https://static.klaviyo.com api.addressy.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com agechecked.verifico.io unity.agechecked.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.cookiepro.com *.onetrust.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.googlesyndication.com *.postcodeanywhere.co.uk *.bing.net wss://ws.hotjar.com *.hotjar.io *.cloudfront.net *.reviews.io *.reviews.co.uk https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.amazon.com agechecked.verifico.io unity.agechecked.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/23noff24jl/report-uri; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-4I5ghcI07gQPEpeUxsi7yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content;connect-src  'self'    https://*.bimago.com  https://bimago.com  https://*.bimago.cz  https://bimago.cz  https://*.bimago.es  https://bimago.es  https://*.bimago.at  https://bimago.at  https://*.bimago.art  https://bimago.art  https://*.bimago.co.uk  https://bimago.co.uk  https://*.bimago.se  https://bimago.se  https://*.bimago.pl  https://bimago.pl  https://*.bimago.de  https://bimago.de  https://*.bimago.fr  https://bimago.fr  https://*.bimago.it  https://bimago.it  https://*.bimago.nl  https://bimago.nl  https://*.bimago.pt  https://bimago.pt    https://adyen.com  https://*.adyen.com  https://paypal.com  https://*.paypal.com  https://pay.google.com/gp/p/js/pay.js      https://google.*  https://*.google.*  https://gstatic.com  https://*.gstatic.com  https://googletagmanager.com  https://*.googletagmanager.com  https://googleadservices.com  https://*.googleadservices.com  https://googlesyndication.com  https://*.googlesyndication.com  https://googleapis.com  https://*.googleapis.com  https://doubleclick.net  https://*.doubleclick.net  https://google-analytics.com  https://*.google-analytics.com  https://bing.*  https://*.bing.*  https://facebook.*  https://*.facebook.*  https://pinterest.*  https://*.pinterest.*  https://exponea.com  https://*.exponea.com  https://cookiebot.com  https://*.cookiebot.com  https://clarity.ms  https://*.clarity.ms  https://yotpo.com  https://*.yotpo.com  https://sentry.io  https://*.sentry.io  https://trustpilot.com  https://*.trustpilot.com  https://trustedshops.com  https://*.trustedshops.com  https://etrusted.com  https://*.etrusted.com    https://biano.com  https://*.biano.com  https://biano.cz  https://*.biano.cz  https://bianopixel.com  https://*.bianopixel.com  https://pinimg.com  https://*.pinimg.com  https://capig.stape.host;script-src  'self'    https://*.bimago.com  https://bimago.com  https://*.bimago.cz  https://bimago.cz  https://*.bimago.es  https://bimago.es  https://*.bimago.at  https://bimago.at  https://*.bimago.art  https://bimago.art  https://*.bimago.co.uk  https://bimago.co.uk  https://*.bimago.se  https://bimago.se  https://*.bimago.pl  https://bimago.pl  https://*.bimago.de  https://bimago.de  https://*.bimago.fr  https://bimago.fr  https://*.bimago.it  https://bimago.it  https://*.bimago.nl  https://bimago.nl  https://*.bimago.pt  https://bimago.pt    https://adyen.com  https://*.adyen.com  https://paypal.com  https://*.paypal.com  https://pay.google.com/gp/p/js/pay.js      https://google.*  https://*.google.*  https://gstatic.com  https://*.gstatic.com  https://googletagmanager.com  https://*.googletagmanager.com  https://googleadservices.com  https://*.googleadservices.com  https://googlesyndication.com  https://*.googlesyndication.com  https://googleapis.com  https://*.googleapis.com  https://doubleclick.net  https://*.doubleclick.net  https://google-analytics.com  https://*.google-analytics.com  https://bing.*  https://*.bing.*  https://facebook.*  https://*.facebook.*  https://pinterest.*  https://*.pinterest.*  https://exponea.com  https://*.exponea.com  https://cookiebot.com  https://*.cookiebot.com  https://clarity.ms  https://*.clarity.ms  https://yotpo.com  https://*.yotpo.com  https://sentry.io  https://*.sentry.io  https://trustpilot.com  https://*.trustpilot.com  https://trustedshops.com  https://*.trustedshops.com  https://etrusted.com  https://*.etrusted.com    https://biano.com  https://*.biano.com  https://biano.cz  https://*.biano.cz  https://bianopixel.com  https://*.bianopixel.com  https://pinimg.com  https://*.pinimg.com  https://capig.stape.host;frame-src  'self'  https://*;frame-ancestors  https://acss-cms.prod.artgeist.co;default-src  'self';img-src  'self'  data:  blob:  https://*;media-src  'self'  data:  blob:  https://*;style-src  'self'  'unsafe-inline'  https://*;object-src  'none';font-src  'self'  data:  https://*;navigate-to  'self'  https://*;base-uri  'self'  https://*;worker-src  'self';manifest-src  'self'; 1
font-src 'unsafe-inline' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.ytimg.com *.bing.com *.doubleclick.net *.google.com *.mastercard.com *.tawk.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.bing.com *.zopim.com *.google.com *.tawk.to *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bing.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zopim.com *.zopim.io *.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.twitter.com *.google-analytics.com https://stats.g.doubleclick.net *.avada.io *.braintreegateway.com *.tawk.to wss://*.tawk.to self unsafe-inline 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.tawk.to 'self' data: *.streammarket.co.uk *.bksmotors.com *.cloudflareinsights.com static.cloudflareinsights.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ccavenue.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.streammarket.co.uk *.bksmotors.com *.cloudflareinsights.com static.cloudflareinsights.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.ccavenue.com landofcoder.com *.google.com.ua *.google.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com *.twitter.com *.addthis.com *.doubleclick.net *.embedly.com *.rvvup.com *.streammarket.co.uk *.bksmotors.com https://accounts.google.com/gsi/ *.cloudflareinsights.com static.cloudflareinsights.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com *.ccavenue.com *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net www.logicrays.com www.magecomp.com *.amazonaws.com *.securitymetrics.com *.postcodeanywhere.co.uk *.streammarket.co.uk *.bksmotors.com *.facebook.net *.facebook.com blob: *.cloudflareinsights.com *.cdn.trustindex.io/ *.googleusercontent.com static.cloudflareinsights.com https://cdn.trustindex.io/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com *.ccavenue.com landofcoder.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu embed.tawk.to cdn.jsdelivr.net *.razorpay.com indep11146.pcapredict.com *.postcodeanywhere.co.uk *.feefo.com *.streammarket.co.uk *.bksmotors.com *.facebook.net *.lightwidget.com *.googleadservices.com *.adobedtm.com *.checkout.razorpay.com *.cloudflareinsights.com https://accounts.google.com/gsi/client static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.google.com *.postcodeanywhere.co.uk *.streammarket.co.uk *.bksmotors.com *.unpkg.com https://unpkg.com/swiper@11.1.14/swiper-bundle.min.css https://unpkg.com/swiper/swiper-bundle.min.css https://accounts.google.com/gsi/style *.cloudflareinsights.com static.cloudflareinsights.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.granberg.se 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com *.ccavenue.com landofcoder.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.cloudflare.com *.twitter.com *.twimg.com *.tawk.to *.doubleclick.net *.amazonaws.com *.securitymetrics.com *.embedly.com *.rvvup.com *.postcodeanywhere.co.uk *.googleapis.com *.streammarket.co.uk *.bksmotors.com *.facebook.net *.facebook.com https://accounts.google.com/gsi/ *.cloudflareinsights.com static.cloudflareinsights.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.streammarket.co.uk *.bksmotors.com *.facebook.net *.cloudflareinsights.com static.cloudflareinsights.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com use.fontawesome.com assets.mitakosbooks.gr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.googletagmanager.com www.google.com/recaptcha vimeo.com www.youtube-nocookie.com leafstag.cardinalcommerce.com *.weltpixel.com *.google.com widget-v5.boxnow.gr widget-v5.boxnow.cy td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io fonts.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com https://firebasestorage.googleapis.com https://www.magezon.com *.paypal.com c.paypal.com checkout.paypal.com www.sandbox.paypal.com vimeo.com player.vimeo.com vimeocdn.com www.youtube.com www.apptrian.com gallery.mailchimp.com downloads.mailchimp.com form-assets.mailchimp.com chimpstatic.com *.list-manage.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.disqus.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com bat.bing.net *.vivapayments.com sandbox.braintree-api.com *.weltpixel.com www.google.gr www.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com adservice.google.com adservice.google.gr fonts.googleapis.com assets.mitakosbooks.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vivapayments.com *.avada.io *.shopify.com *.google.com/ player.vimeo.com www.youtube.com maps.googleapis.com *.paypal.com c.paypal.com checkout.paypal.com leafstag.cardinalcommerce.com centinelapi.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.behance.net *.ftcdn.net www.apptrian.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com js.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stat-track.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com pay.google.com analytics.braintreegateway.com sandbox.braintree-api.com region1.google-analytics.com *.googlesyndication.com pagead2.googlesyndication.com adservice.google.com adservice.google.gr googletagmanager.com assets.mitakosbooks.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com use.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.mitakosbooks.gr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://get.geojs.io *.avada.io cm.everesttech.net maps.googleapis.com www.googleapis.com *.paypal.com www.apptrian.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stat-track.com https://www.googleadservices.com https://www.googletagmanager.com google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cardinalcommerce.com https://www.google.com analytics.braintreegateway.com sandbox.braintree-api.com region1.google-analytics.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://adservice.google.com https://adservice.google.gr https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.gr https://region1.analytics.google.com assets.mitakosbooks.gr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lOg3qy1iApQzGuMoObKdRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: www.facebook.com/ bat.bing.net region1.analytics.google.com www.google.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com mail.desportivo.pl recostream.com trustmate.io 'sha256-gP1oNVTXBLfgTvNe/Fqkv6tcF4UVivtUXBKTYUUjkmc=' 'sha256-xrzx3VAUiE9YjZB6FTwbudERC18Hn8TWBp/5cZ5mu4Q=' 'sha256-QqMxYirdvmGWDghmc28HatqqDMWBMZF4Bo05rxgzHA4=' 'sha256-M1gyCA1OxlRXKeam1PtXmXNrwxUiPS2no8eJafmPHcw=' 'sha256-VauVwPyzKQJVB4JO0GY2KyPY7+3Ms6SIioUcusfJKdw=' 'sha256-ftxLHMNQKDsafHI5+QkFdcTvZj3AKuTMgt+LdIR9muc=' 'sha256-9hYTzaA9DDOQTiC1QkHH2mwKOp/n6xeB7aNM4KNAbK4=' 'sha256-sFjNEEgXewbvYtfdtF0q220nc3MRABC/ee3WKnw7cJo=' 'sha256-wgKgZXfnlNUfpqsC0ftJiX13R1Ypa5fbk64p7Q3jX3Y=' 'sha256-65DEwAH4V2XNW7nTnVZxmS/4cNFkWPXrtMLKVB6CXlg=' 'sha256-Gq0ymyi115HXafhBJHpN6BpOMqu/OsnGFQtTfad1soc=' 'sha256-ndJGwLDQahNctVNA6j6wqNGGNk3v5Ar2YX0PqXcUlyU=' 'sha256-07Pd3rfUurk1QYw9viTNB1wyxLuYRII41GW5cNzPIuQ=' 'sha256-l1dZUePoutyb8m22eKsbL+Ak2Ppw02qEm3ltY3E61BE=' an.gr-wcon.com us-an.gr-cdn.com 'sha256-R3ElzeGsi4VM1mSrEGi52r9WCpo6Hj1lmJVCcWIxa3g=' 'sha256-FZo0+9k2Upqwve84C5aShQkutPerAOMMlHWxdSbRFSw=' connect.facebook.net bat.bing.com 'sha256-H30t1+h5cSjM5hvPb2jlOZpTe8pxaMu9ES2nZkhkZlc=' 'sha256-+R/CMLea10rdFcdJCRvDjf9kPFvf88n37QVjmYMkWbo=' 'sha256-3bzWVxQE32IZQKH9eh8KzyHuhXOlMrboDVVBRd0fWTU=' *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com trustmate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.packeta.com stream.cloud.witbee.com j.clarity.ms google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl www.google.com pixel.wp.pl popups1-show.getresponse.com ts.getresponse.pl popups1-s.getresponse.com pagead2.googlesyndication.com metrics.desportivo.pl metrics.desportivo.cz metrics.desportivo.de *.desportivo.sk *.desportivo.ro *.bing.net *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://youtube.com https://comware.com.co https://google.com https://transfiriendo.com https://lfr.cloud https://google-analytics.com https://emtelco.co https://*.yahooapis.com https://*.gstatic.com https://*.fontawesome.com; script-src 'self' 'unsafe-eval' https://comware.com.co https://gstatic.com https://google.com https://*.liferay.com https://googletagmanager.com https://google-analytics.com https://previsora.gov.co https://emtelco.co https://*.fontawesome.com https://*.cloudflare.com https://unpkg.com https://*.jsdelivr.net; style-src 'self' https://*.googleapis.com https://unpkg.com https://*.jsdelivr.net; style-src-elem 'self' https://emtelco.co https://*.googleapis.com https://*.fontawesome.com https://unpkg.com https://*.jsdelivr.net; img-src 'self' data: https://comware.com.co https://google-analytics.com https://emtelco.co; font-src 'self' data: https://emtelco.co https://*.gstatic.com https://*.fontawesome.com; frame-src 'self' https://transfiriendo.com; frame-ancestors 'self' https://previsora.gov.co; 1
object-src  'none'; connect-src 'self' *.gangbangcreampie.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.gangbangcreampie.com join.gammasecure.com; script-src 'self' *.gangbangcreampie.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.gangbangcreampie.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.lightboxcdn.com *.tidio.co *.tidiochat.com *.fontawesome.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.affirm.com *.affirm.ca *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com fast.wistia.net www.facebook.com ct.pinterest.com td.doubleclick.net *.freshchat.com 747659468831792.webpush.freshchat.com *.tidio.co *.tidiochat.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com platform.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com bat.bing.com *.lightboxcdn.com c.bing.com c.clarity.ms www.facebook.com www.google.co.in ct.pinterest.com dev.visualwebsiteoptimizer.com seal-atlanta.bbb.org *.tidio.co *.tidiochat.com *.disqus.com *.paytomorrow.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.affirm.com *.affirm.ca *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com s.pinimg.com fast.wistia.net *.bing.com *.lightboxcdn.com c.bing.com c.clarity.ms connect.facebook.net *.s.pinimg.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com munchkin.marketo.net www.clarity.ms tools.luckyorange.com www.google.co.in *.tidio.co  *.tidiochat.com  *.adobe.com  *.cardinalcommerce.com *.paypal.com *.bolt.com *.commerce-quick-checkout.com www.gstatic.com/recaptcha/ polyfill.io *.yotpo.com *.clarity.ms tools.luckyorange.com  s7.addthis.com  www.facebook.com *.authorize.net *.braintreegateway.com *.tidio.co *.tidiochat.com *.fontawesome.com  *.braintreegateway.com  *.yotpo.com  *.googleapis.com *.pushengage.com static.hotjar.com test.popin.to static.popin.to acsbapp.com *.freshchat.com fw-cdn.com script.hotjar.com *.disqus.com *.paytomorrow.com https://storage.googleapis.com graph.facebook.com business.facebook.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.lightboxcdn.com *.tidio.co *.tidiochat.com *.fontawesome.com *.braintreegateway.com *.yotpo.com *.googleapis.com *.pushengage.com static.popin.to *.freshchat.com *.paytomorrow.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com analytics.google.com www.googleadservices.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.authorize.net  www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io *.affirm.com *.affirm.ca *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com ct.pinterest.com www.google-analytics.com bat.bing.com stats.g.doubleclick.net u.clarity.ms g.clarity.ms pagead2.googlesyndication.com settings.luckyorange.com *.tidio.co *.tidiochat.com *.bolt.com *.algolia.com *.pinterest.com www.facebook.com connect.facebook.net   *.braintreegateway.com  *.braintree-api.com  *.cardinalcommerce.com *.yotpo.com fw-cdn.com *.678-xif-269.mktoresp.com dev.visualwebsiteoptimizer.com *.hotjar.io *.acsbapp.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src checkout-sandbox.getbread.com *.tidio.co *.tidiochat.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https: data:; form-action 'self'; frame-ancestors 'self'; frame-src https:; img-src https: data:; media-src 'self' https://widget.molin.ai; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://kosik.bauhaus.sk/csp_report; report-to bauhaus-csp; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' polipet.com.br *.polipet.com.br wake-components.fbitsstatic.net polipet.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.conectiva.io *.sunset.systems *.cartstack.com.br *app.cartstack.com *.performa.ai *.cupom.social *.conectiva.app conectiva.io app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai cartstack.com.br app.cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai app.cartstack.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com gstatic.com *.koin.com.br *.soclminer.com.br *.ebit.com.br *.btg360.com.br *.socialminer.com *.tiktok.com analytics.tiktok.com *.googletagmanager.com *.g.doubleclick.net googleadservices.com *.instagram.com *.google-analytics.com *.polipet.com.br *.facebook.com facebook.com instagram.com *.google.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gtm-nxl3xbc-mwi2n.uc.r.appspot.com *.uc.r.appspot.com s.pinimg.com ct.pinterest.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.akamaihd.net *.pagbank.com wss://signalr.fbits.net googletagmanager.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com paymentconnectorwakesandbox.cieloecommerce.cielo.com.br paymentconnectorwake.cieloecommerce.cielo.com.br web.fpcs-monitor.com.br device.clearsale.com.br *.fpcs-monitor.com.br h.online-metrix.net *.checkout.fbits.store mpi.braspag.com.br api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.polipet.com.br polipet.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' litium.revolutionrace.fi fbcdn.revolutionrace.fi wss://fbcdn.revolutionrace.fi *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.fi *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
default-src 'self' litium.revolutionrace.pl fbcdn.revolutionrace.pl wss://fbcdn.revolutionrace.pl *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.pl *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://static-content.vnforapps.com https://cdn.chattigo.com https://media.chattigo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://maps.googleapis.com *.gstatic.com https://static-content.vnforapps.com https://m.vnforapps.com https://h.online-metrix.net https://components.chattigo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io maps.googleapis.com api.comapi.com bam.nr-data.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://config-global.chattigo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Wc5YFHT2bezohexc8bZEpcI3FKAwc2KS'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net blog.farmaciasvivo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.redsys.es sis-t.redsys.es:25443 blog.farmaciasvivo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com *.doubleclick.net cl.avis-verifies.com tagging.farmaciasvivo.com tagging-preview.farmaciasvivo.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io farmaciasvivo.com www.farmaciasvivo.com cdn.farmaciasvivo.com blog.farmaciasvivo.com cl.avis-verifies.com *.google.es *.google.com *.facebook.com *.sharethis.com *.doofinder.com *.aemps.es eu1-doofinderuser.s3.amazonaws.com cdn.connectif.cloud tagging.farmaciasvivo.com tagging-preview.farmaciasvivo.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.googleapis.com https://firebasestorage.googleapis.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com localhost:35729 *.doofinder.com connect.facebook.net *.plerdy.com *.sharethis.com cdn.connectif.cloud analytics.tiktok.com tagging.farmaciasvivo.com tagging-preview.farmaciasvivo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com blog.farmaciasvivo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.googletagmanager.com cdn.connectif.cloud *.fontawesome.com https://fonts.bunny.net *.multisafepay.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blog.farmaciasvivo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com ws://localhost:35729 *.doofinder.com wss://eu1-layer.doofinder.com *.doubleclick.net *.google.es *.analytics.google.com *.google-analytics.com *.facebook.com *.sharethis.com *.plerdy.com wss://d.plerdy.com eu8-api.connectif.cloud cdn.connectif.cloud cdn.farmaciasvivo.com analytics.tiktok.com tagging.farmaciasvivo.com tagging-preview.farmaciasvivo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.googleapis.com *.gstatic.com data: https://get.geojs.io *.avada.io *.multisafepay.com blog.farmaciasvivo.com 'self' 'unsafe-inline'; child-src blog.farmaciasvivo.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.farmaciasvivo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' crisecia.com.br *.crisecia.com.br wake-components.fbitsstatic.net crisecia.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com hertzen.com rdstation.com.br googleadservices.com konduto.com shoptarget.com.br traycheckout.com.br clearsale.com.br shopback.net yapay.com.br doubleclick.net online-metrix.net bing.com hotjar.com linximpulse.net cloudfront.net shopconvert.com.br cloudflare.com hotjar.io k-analytix.com retargeter.com.br jsdelivr.net *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.online-metrix.net *.doubleclick.net *.bing.com *.hotjar.com *.linximpulse.net *.clearsale.com.br *.shopback.net *.yapay.com.br *.hertzen.com *.rdstation.com.br *.googleadservices.com *.konduto.com *.shoptarget.com.br *.traycheckout.com.br *.cloudfront.net *.shopconvert.com.br *.hotjar.io *.k-analytix.com *.retargeter.com.br *.cloudflare.com *.jsdelivr.net wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.tiktok.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.crisecia.com.br crisecia.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-sEAJitODjrmyK04coUJQziBnRmedpiEq'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
frame-ancestors 'self'; report-uri https://eastus-swscsp.azurewebsites.net/reporting/secure.bpointsaas.it/reportOnly 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudflare.com *.twitter.com *.facebook.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.fontawesome.com https://fonts.bunny.net *.mncdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ *.twitter.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.asseco-see.com.tr *.param.com.tr *.modirum.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com https://firebasestorage.googleapis.com *.mncdn.com *.asseco-see.com.tr *.param.com.tr *.modirum.com *.mobilexpress.com.tr *.google.nl *.google.be *.segmentify.com *.sgmntfy.com *.vicco.com.tr *.yandex.com yandex.com *.yads.tech *.sharethis.com *.googlesyndication.com yandex.ru *.cloudflareinsights.com *.betweendigital.com *.bluevoox.com *.yandex.com.tr *.adkernel.com *.lunamedia.live *.bidswitch.net *.digital-services.solutions *.revotas.com *.quilljs.com *.yango.com *.opera.com vicco-middleware.mncdn.com pro.ip-api.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.avada.io *.shopify.com *.mncdn.com *.asseco-see.com.tr *.param.com.tr *.modirum.com *.mobilexpress.com.tr *.segmentify.com *.sgmntfy.com *.cookiespool.com *.vicco.com.tr *.yandex.com yandex.com *.yads.tech *.sharethis.com *.googlesyndication.com yandex.ru *.cloudflareinsights.com *.betweendigital.com *.bluevoox.com *.yandex.com.tr *.adkernel.com *.lunamedia.live *.bidswitch.net *.digital-services.solutions *.revotas.com *.quilljs.com *.jquery.com *.yango.com *.opera.com vicco-middleware.mncdn.com pro.ip-api.com *.adform.net s2.adform.net track.adform.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.fontawesome.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io https://fonts.bunny.net *.mncdn.com *.google.com *.jsdelivr.net *.segmentify.com *.sgmntfy.com *.vicco.com.tr *.yandex.com yandex.com *.yads.tech *.sharethis.com *.googlesyndication.com *.yandex.ru *.cloudflareinsights.com *.betweendigital.com *.bluevoox.com *.yandex.com.tr *.adkernel.com *.lunamedia.live *.bidswitch.net *.digital-services.solutions *.revotas.com *.quilljs.com *.yango.com *.opera.com vicco-middleware.mncdn.com pro.ip-api.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.google.com *.jsdelivr.net *.segmentify.com *.sgmntfy.com *.vicco.com.tr *.yandex.com yandex.com *.yads.tech *.sharethis.com *.googlesyndication.com *.yandex.ru yandex.ru *.cloudflareinsights.com *.betweendigital.com *.bluevoox.com *.yandex.com.tr *.adkernel.com *.lunamedia.live *.bidswitch.net *.digital-services.solutions *.revotas.com *.quilljs.com *.yango.com *.opera.com vicco-middleware.mncdn.com vicco-videos.lg.mncdn.com pro.ip-api.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io https://get.geojs.io *.avada.io *.segmentify.com *.sgmntfy.com *.googleapis.com *.cookiespool.com *.vicco.com.tr *.yandex.com yandex.com *.yads.tech *.sharethis.com *.googlesyndication.com yandex.ru *.cloudflareinsights.com *.betweendigital.com *.bluevoox.com *.yandex.com.tr *.adkernel.com *.lunamedia.live *.bidswitch.net *.digital-services.solutions *.revotas.com *.quilljs.com *.yango.com *.opera.com vicco-middleware.mncdn.com pro.ip-api.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--Hcl2-4V1F4wbIZKnqUzFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'nonce-MzBkOWM2Y2YtYzM1MC00YWI4LTlkMzItYjYyN2IzMmE3ZTRh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http:; script-src-elem 'nonce-MzBkOWM2Y2YtYzM1MC00YWI4LTlkMzItYjYyN2IzMmE3ZTRh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; style-src-attr 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://*.gstatic.com https://fonts.googleapis.com data:; img-src 'self' data: blob: https://cdn.mylens.ai https://cdn.dmtest.tech https://cdn.jsdelivr.net https://img.youtube.com https://i.ytimg.com https://api.producthunt.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.tolt.io https://track.customer.io https://assets.customer.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.googleads.g.doubleclick.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hubspot.com; connect-src 'self' https://api.mylens.ai wss://api.mylens.ai https://cdn.tolt.io https://api.tolt.io https://track.customer.io https://assets.customer.io https://*.hs-scripts.com https://*.hsforms.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.hubspot.com https://*.hscollectedforms.net https://api.hubapi.com https://js.hs-banner.com https://*.datadoghq.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://api-js.mixpanel.com https://*.mixpanel.com https://api.iconify.design https://api.unisvg.com https://api.simplesvg.com https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.cloudflareaccess.com https://fonts.gstatic.com https://*.gstatic.com; media-src 'self' https://cdn.mylens.ai https://cdn.dmtest.tech blob: data:; frame-src 'self' https://embed.mylens.ai https://www.youtube.com https://www.youtube-nocookie.com https://*.hubspot.com https://*.hsforms.com https://js.hsforms.net https://forms.hsforms.com https://meetings.hubspot.com https://accounts.google.com https://td.doubleclick.net https://www.googletagmanager.com https://cdn.tolt.io https://*.doubleclick.net https://*.google.com; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self' https://mylens.ai https://*.cloudflareaccess.com; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hubspot.com; frame-ancestors 'self'; block-all-mixed-content 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klaviyo.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com js.mollie.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.bing.com *.cloudfront.net *.google.co.uk *.lpsnmedia.net *.postcodeanywhere.co.uk *.postimg.cc *.quantserve.com *.mailchimp.com mcusercontent.com *.pingdom.net *.cookiebot.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com *.nosto.com *.nos.to *.hsforms.net *.hsforms.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.adnxs.com http://*.adnxs.com *.affiliatefuture.com *.bing.com *.cloudflare.com *.crazyegg.com *.dwin1.com *.esales-hub.com *.fullstory.com *.infinity-tracking.com *.liveperson.net *.lpsnmedia.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.quantserve.com *.quantcount.com *.roeyecdn.com *.mailchimp.com mcusercontent.com *.pingdom.net *.cookiebot.com intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com js.klevu.com *.ksearchnet.com js.mollie.com *.nosto.com *.nos.to *.hsforms.net *.hsforms.com tagmanager.google.com *.trustpilot.com https://js.klevu.com https://www.buyfencingdirect.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.postcodeanywhere.co.uk *.klevu.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to tagmanager.google.com fonts.google.com *.trustpilot.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.cloudfront.net *.crazyegg.com *.fullstory.com *.infinity-tracking.net *.infinity-tracking.com *.pinterest.com *.postcodeanywhere.co.uk *.bing.com/ *.mailchimp.com mcusercontent.com *.pingdom.net *.cookiebot.com intentclientscriptslon.s3.eu-west-2.amazonaws.com *.inference.madewithintent.ai api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com https://3ieimpact.us2.list-manage.com/subscribe/post-json cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://static.ads-twitter.com https://3ieinternational.my.salesforce-sites.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://script.hotjar.com https://s7.addthis.com https://www.google.com https://t.sharethis.com https://platform-api.sharethis.com https://e.infogram.com https://www.clarity.ms https://s3.amazonaws.com https://px.ads.linkedin.com https://3ieimpact.us2.list-manage.com/subscribe/post-json cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.highcharts.com https://d1bxh8uas1mnw7.cloudfront.net https://d3js.org https://kendo.cdn.telerik.com https://static.addtoany.com https://unpkg.com https://ws.sharethis.com https://www.gstatic.com mdbootstrap.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://ws.sharethis.com https://cdn-images.mailchimp.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://www.google.com mdbootstrap.com use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://ws.sharethis.com https://cdn-images.mailchimp.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://www.google.com mdbootstrap.com use.fontawesome.com; form-action 'self' https://3ieimpact.us2.list-manage.com/subscribe/post-json; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com staticw2.yotpo.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://www.magezon.com ifs-ccm.de fonts.gstatic.com www.gstatic.com p.yotpo.com cfvod.kaltura.com bat.bing.com www.google.de magefan.com cm.magefan.com https://www.mollie.com *.adobedtm.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ifs-ccm.de cdn-widgetsrepository.yotpo.com translate.google.com translate.googleapis.com translate-pa.googleapis.com d18eg7dreypte5.cloudfront.net staticw2.yotpo.com static-na.payments-amazon.com connect.facebook.net bat.bing.com cdnapisec.kaltura.com *.google.com/ js.mollie.com www.youtube.com player.vimeo.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com ifs-ccm.de www.gstatic.com cdn-widgetsrepository.yotpo.com cdn-widget-assets.yotpo.com staticw2.yotpo.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ifs-ccm.de api-cdn.yotpo.com staticw2.yotpo.com bat.bing.com cdn.plyr.io noembed.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src ifs-ccm.de translate.googleapis.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.googletagmanager.com ssl.gstatic.com *.google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com load.gtm.techntoys.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com thm.visa.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net load.gtm.techntoys.com https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.dhlparcel.nl *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com identity.bluebirdday.io accounts.google.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com *.cookiebot.com *.facebook.com *.doubleclick.net *.addthis.com *.criteo.com *.kiyoh.com *.robinhq.com *.pinterest.com *.googlesyndication.com *.weltpixel.com maps.googleapis.com chart.googleapis.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.sharethis.com dyka.nl *.dyka.nl *.dyka.bluebirdday.io *.bluebirdday.io *.dhlparcel.nl maps.gstatic.com *.googleapis.com *.ggpht *.google.com *.google.nl *.googletagmanager.com *.googlesyndication.com *.trustedshops.com *.facebook.com *.pinterest.com *.gravatar.com *.percolate-3.hipex.cloud *.bing.com *.windows.net robincontentdesktop.blob.core.windows.net *.doubleclick.net *.google-analytics.com *.clarity.ms *.speedcurve.com *.linkedin.com *.sendtric.com *.cloudfront.net cookiebot.com *.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com dyka.nl *.dyka.nl *.dyka.bluebirdday.io *.bluebirdday.io *.dhlparcel.nl maps.googleapis.com *.google.nl *.gstatic.com *.googleoptimize.com *.googleadservices.com *.pushbird.com chimpstatic.com *.cookiebot.com *.facebook.net *.pinimg.com *.addthisedge.com *.addthis.com *.criteo.net *.criteo.com *.bing.com unpkg.com *.klaviyo.com *.google-analytics.com *.clarity.ms *.robinhq.com robincontentdesktop.blob.core.windows.net surfly.com *.surfly.com *.msecnd.net *.vo.msecnd.net *.googlesyndication.com *.cookie-script.com *.tiktok.com *.licdn.com *.speedcurve.com *.livechatinc.com *.hotjar.com *.hotjar.io downloads.mailchimp.com *.list-manage.com chart.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.google.com *.klaviyo.com *.dhlparcel.nl downloads.mailchimp.com tagmanager.google.com *.fontawesome.com *.googleapis.com *.gstatic.com *.multisafepay.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.dhlparcel.nl dyka.nl *.dyka.nl *.dyka.bluebirdday.io *.bluebirdday.io *.klaviyo.com *.doubleclick.net *.googleapis.com *.pinterest.com *.bing.com *.google-analytics.com *.analytics.google.com *.clarity.ms surfly.com *.surfly.com *.visualstudio.com *.cookiebot.com *.tiktok.com *.linkedin.com *.googlesyndication.com *.cookie-script.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io wss://ws.hotjar.io maps.googleapis.com chart.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://cuatro.sim-cdn.nl; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-ODAzNmFlMDMtODczNS00YmYwLTg5NjUtZDBiZGM0NmJiZjE5' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-V9xaqNoLTH9HWgM0BwzfRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trustpilot.com https://www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.facebook.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com https://mylivechat.com https://uk.mylivechat.com https://www.google.nl https://tagging.camperpassie.nl data: 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com tagmanager.google.com fonts.google.com *.trustpilot.com https://uk.mylivechat.com https://www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://tagging.camperpassie.nl dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://partner.shoparize.com https://partner-cdn.shoparize.com *.googletagmanager.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com https://stats.g.doubleclick.net https: 'self' 'unsafe-inline'; script-src https://tagging.camperpassie.nl assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com *.facebook.net www.termsfeed.com https://partner-cdn.shoparize.com https://partner.shoparize.com tagmanager.google.com *.trustpilot.com https://www.feedbackcompany.com https://mylivechat.com https://uk.mylivechat.com https: 'self' 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-78zBtbeSMooeYI2VrELtXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src consent.cookiefirst.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com consent.cookiefirst.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consent.cookiefirst.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com consent.cookiefirst.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=20531&v=v1.0&payload=k-WT4gQxz0zNXsTJWjuX4KYca6kWcHawgV6KFHIHDG6X4EV78h8LIPTUax8O-0gBwQvdqsyS7UuzyM_gGNLmLeby3eIXzA3jCbiNzd1gurnDZSCIclVm-mD8jIR_UFhGAZf9_jizC4wiHZa_EQN2zXSVTO6freexXAq9U2WrbpI5xqZp5-BBmiQBgoEbp39j_84vRz4m73kFE_ATXOV66w==; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://bat.bing.com https://cdn.cookielaw.org https://app.pendo.io https://cdn.pendo.io https://cdn.segment.com https://cdn.walkme.com https://cdnssl.clicktale.net https://data.pendo.io https://ds-aksb-a.akamaihd.net https://nexus.ensighten.com https://siteintercept.qualtrics.com https://www.glancecdn.net https://www.googletagmanager.com https://*.clicktale.net https://*.cloudflare.com https://*.facebook.net https://*.fidelity.com https://*.fmr.com https://*.glancecdn.net https://*.online-metrix.net https://*.segment.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; script-src-elem 'self' 'unsafe-inline' https://analytics.google.com https://bat.bing.com https://cdn.cookielaw.org https://app.pendo.io https://cdn.pendo.io https://cdn.segment.com https://cdn.walkme.com https://cdnssl.clicktale.net https://data.pendo.io https://ds-aksb-a.akamaihd.net https://nexus.ensighten.com https://siteintercept.qualtrics.com https://www.glancecdn.net https://www.googletagmanager.com https://*.clicktale.net https://*.cloudflare.com https://*.facebook.net https://*.fidelity.com https://*.fmr.com https://*.glancecdn.net https://*.online-metrix.net https://*.segment.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; img-src 'self' data: *; connect-src 'self' blob: * chrome-extension: moz-extension:; style-src 'unsafe-inline' *; worker-src 'self' blob:; default-src *; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubdbe43cdb0fed70b9575444d8ad225b0d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aap118909-digital%2Cenv%3Aprod%2Cfid_index_id%3Acsp-prod 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.klarnacdn.net *.alothemes.com *.magepow.com *.zopim.com *.zdassets.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.klarna.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.zendesk.com *.zopim.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.trackedlink.net www.apptrian.com *.klarna.com *.klarnaevt.com *.klarnacdn.net t.zip.co static.zip.co *.alothemes.com *.magepow.com *.koongo.com guarantee-cdn.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com *.zopim.com *.zendesk.com *.zdassets.com bpi.zip.co data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adobe.io magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.apptrian.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com static.zip.co zip.co *.alothemes.com *.magepow.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.zopim.com *.zendesk.com *.zdassets.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.alothemes.com *.magepow.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.zopim.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.alothemes.com *.magepow.com *.koongo.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com wss://widget-mediator.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.zopim.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob: in.visitors.live smhttp2-ssl-66102.nexcesscdn.net; font-src *.forestfarm.com *.cloudflare.com maxcdn.bootstrapcdn.com *.gstatic.com storage.googleapis.com smhttp2-ssl-66102.nexcesscdn.net *.typekit.net *.trustedshops.com *.fontawesome.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com smhttp2-ssl-66102.nexcesscdn.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.apsclicktopay.com smhttp2-ssl-66102.nexcesscdn.net *.facebook.com *.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.forestfarm.com *.cloudflare.com https://cdn.klarna.com https://images.dmca.com https://smhttp-ssl-66102.nexcesscdn.net *.cloudfront.net *.gravatar.com *.nextdoor.com smhttp2-ssl-66102.nexcesscdn.net tools.luckyorange.com *.google.com *.facebook.com *.paypal.com *.rapidscansecure.com https://s.ytimg.com *.usercentrics.eu http://i.countdownmail.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.forestfarm.com *.cloudflare.com *.bootstrapcdn.com *.cloudfront.net www.google.com www.gstatic.com www.googletagmanager.com *.list-manage.com downloads.chimpstatic.com chimpstatic.com *.youtube.com ads.nextdoor.com *.trackedweb.net *.facebook.net portal.apsclicktopay.com images.dmca.com *.rapidscansecure.com tools.luckyorange.com *.trustedshops.com *.usercentrics.eu *.trackedlink.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.ampproject.org connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.forestfarm.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.cloudfront.net storage.googleapis.com tools.luckyorange.com hello.myfonts.net smhttp2-ssl-66102.nexcesscdn.net *.typekit.net *.trustedshops.com *.usercentrics.eu cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com unsafe-inline www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net smhttp2-ssl-66102.nexcesscdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.forestfarm.com *.luckyorange.net wss://visitors.live *.cardinalcommerce.com *.cloudflare.com *.paypal.com wss://in.visitors.live *.google-analytics.com stats.g.doubleclick.net r2.trackedweb.net spreadsheets.google.com tools.luckyorange.com settings.luckyorange.com wss://realtime.luckyorange.com public-auth-dot-lucky-orange.appspot-preview.com pubsub.googleapis.com api-preview.luckyorange.com smhttp2-ssl-66102.nexcesscdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src in.visitors.live smhttp2-ssl-66102.nexcesscdn.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net validator.swagger.io www.apptrian.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://maps.googleapis.com https://s3-eu-west-1.amazonaws.com https://script.hotjar.com https://static.hotjar.com https://static.inteliwise.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.recaptcha.net https://*.recaptcha.net https://*.google.com https://*.doubleclick.net https://*.googleusercontent.com https://*.youtube.com https://*.facebook.net https://*.hotjar.com https://*.inteliwise.com https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://bat.bing.com https://pixel.wp.pl https://www.clarity.ms https://scripts.clarity.ms https://*.clarity.ms https://analytics.tiktok.com https://static.ads-twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://microsoft.com https://perfo.salestube.pl https://sandbox.przelewy24.pl https://browser-update.org https://tenantpluginapiserver1.eloacc.warta.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3-eu-west-1.amazonaws.com https://*.hotjar.com https://*.inteliwise.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://www.gstatic.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://inteliwise-eu.s3.amazonaws.com https://maps.googleapis.com https://s3-eu-west-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.recaptcha.net https://*.hotjar.com https://*.inteliwise.com https://pixel.wp.pl https://rail-publisher.app.inteliwi.se https://ad.doubleclick.net https://*.clarity.ms wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://www.facebook.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://bat.bing.com https://unpkg.com https://vc.hotjar.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://microsoft.com https://perfo.salestube.pl https://*.run.app https://*.conversionsapigateway.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://10798259.fls.doubleclick.net https://9049979.fls.doubleclick.net https://s3-eu-west-1.amazonaws.com https://vars.hotjar.com https://www.google.com https://www.recaptcha.net https://*.google.com https://*.hotjar.com https://*.inteliwise.com https://www.googletagmanager.com https://td.doubleclick.net https://*.youtube.com https://*.vimeo.com https://player.vimeo.com https://www.youtube.com https://www.wp.pl https://tenantpluginapiserver1.eloacc.warta.pl; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://*.hotjar.com https://*.inteliwise.com https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://connect.facebook.net https://*.googleusercontent.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.facebook.com https://*.doubleclick.net https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://pixel.wp.pl https://ad.doubleclick.net https://bat.bing.com https://*.clarity.ms https://www.googletagmanager.com https://c.bing.com https://t.co https://analytics.twitter.com https://fonts.gstatic.com https://*.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-PsUwYZpkyfK_D8xh98jhpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.stripe.com https://www.google-analytics.com; frame-ancestors 'self' https://*.givecentral.org; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://app.cobrowser.com https://*.rivet-expert.com https://*.tools.expert; form-action 'self' https://payv2.multisafepay.com https://pay.ideal.nl https://tx.ideal.nl; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.youtube.com https://has.rivet-expert.com https://static.cloudflareinsights.com https://challenges.cloudflare.com https://ajax.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.googletagservices.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://app.cobrowser.com https://kit.fontawesome.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://*.leadinfo.net https://*.cookiebot.com https://*.salesfeed.com https://s.ytimg.com https://pay.multisafepay.com https://testpay.multisafepay.com https://cdn.multisafepay.com https://connect.facebook.net https://td.doubleclick.net https://consentcdn.cookiebot.com https://www.pro6pp.nl https://bat.bing.com https://dynamic.sooqr.com https://static.sooqr.com https://web.cmp.usercentrics.eu https://www.google.com/ https://www.gstatic.com/ https://accounts.google.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://app.cobrowser.com https://api.salesfeed.com; img-src 'self' data: blob: https: https://has.rivet-expert.com https://a.storyblok.com https://img2.storyblok.com https://www.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://i.ytimg.com https://s.ytimg.com https://*.googleusercontent.com https://pay.multisafepay.com https://payv2.multisafepay.com https://cdn.multisafepay.com https://app.cobrowser.com; font-src 'self' data: https: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com; connect-src 'self' https://has.rivet-expert.com https://api.storyblok.com https://*.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://app.cobrowser.com wss://app.cobrowser.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.leadinfo.net https://track.salesfeed.com https://*.cookiebot.com https://*.salesfeed.com https://www.google.com https://google.com https://api.multisafepay.com https://testapi.multisafepay.com https://rivet-expert.com https://www.pro6pp.nl https://www.google.nl/ads https://www.google.com/ccm/collect https://api.salesfeed.com https://v1.api.service.cmp.usercentrics.eu https://*.sooqr.com https://bat.bing.net https://consent-api.service.consent.usercentrics.eu https://cognito-identity.eu-central-1.amazonaws.com https://bat.bing.com https://www.gstatic.com/ https://payv2.multisafepay.com https://firehose.eu-central-1.amazonaws.com wss://livechatinc.network; frame-src 'self' https://has.rivet-expert.com https://youtube.be https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://youtube.com https://challenges.cloudflare.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://payv2.multisafepay.com https://pay.multisafepay.com https://testpay.multisafepay.com https://app.cobrowser.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://www.google.com https://googleusercontent.com https://maps.google.com https://www.google.com/maps https://web.cmp.usercentrics.eu https://pay.ideal.nl https://tx.ideal.nl; media-src 'self' https:; worker-src 'self' blob: data:; 1
default-src 'nonce-3694aeda335a7f414390a6e1e1fae904' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-wMQnung9uMFvI6F6vDhLYKdVt' 'strict-dynamic'; manifest-src 'self' 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'unsafe-inline' data: *.kxcdn.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.eglobal.com.mx *.newrelic.com *.hotjar.com *.facebook.net *.online-metrix.net *.ecommercebbva.com *.openpay.mx *.cardinalcommerce.com *.verifiedbyvisa.com *.arcot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net blob: cdn.doofinder.com *.disqus.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.google.com.mx *.cloudflare.com *.googletagmanager.com *.hotjar.com *.facebook.net *.newrelic.com *.cardinalcommerce.com *.online-metrix.net *.fraudlabspro.com *.magecomp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com cdn.doofinder.com *.disqus.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.comodo.com *.list-manage.com *.googletagmanager.com polyfill.io *.hotjar.com *.facebook.net *.fraudlabspro.com *.twitter.com *.fontawesome.com *.cardinalcommerce.com *.online-metrix.net *.algolianet.com *.arcot.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.doofinder.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cloudflare.com *.bootstrapcdn.com *.newrelic.com *.cardinalcommerce.com *.online-metrix.net *.arcot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.cloudflare.com *.fraudlabspro.com *.hotjar.com *.facebook.net *.doubleclick.net *.cardinalcommerce.com *.online-metrix.net *.algolia.net chimpstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.googleapis.com x.klarnacdn.net cdn.elev.io maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk policy.app.cookieinformation.com ct.pinterest.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io messenger.dixa.io www.googletagmanager.com facebook.com *.facebook.com *.klarna.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.dk *.facebook.com bat.bing.com bat.bing.net stats.g.doubleclick.net *.sleeknote.com parametre.online *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.at *.ditur.co.uk *.ditur.ie *.ditur.be *.ditur.nl *.ditur.is *.ditur.it *.ditur.es *.ditur.pt *.klockia.se *.klockia.dk *.klockia.no *.avile.dk ditur.dk ditur.no ditur.se ditur.de ditur.fi ditur.com ditur.fr ditur.at ditur.co.uk ditur.ie ditur.be ditur.nl ditur.is ditur.it ditur.es ditur.pt klockia.se klockia.dk klockia.no avile.dk tr.snapchat.com tr6.snapchat.com *.etrusted.com *.trustedshops.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://redchamps.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.reaktion.com policy.app.cookieinformation.com policy.cookieinformation.com *.facebook.net script.parametre.online ct.pinterest.com s.pinimg.com bat.bing.com *.tiktok.com *.sleeknote.com *.getdrip.com *.cloudfront.net *.kameleoon.eu *.kameleoon.io *.fontawesome.com *.ditur.dk *.ditur.se *.ditur.no *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl messenger.dixa.io sc-static.net tr.snapchat.com cdn.elev.io *.clarity.ms checkout.reepay.com static.cloudflareinsights.com *.trustedshops.com *.etrusted.com *.getzowie.com *.heylink.com *.posthog.com *.tangiblee.com *.impactcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.klarnacdn.net *.klarna.com *.profitmetrics.io *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.products.kameleoon.com x.klarnacdn.net fonts.googleapis.com *.etrusted.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.reaktion.com *.cookieinformation.com google.com *.google.com googleads.g.doubleclick.net *.pinterest.com *.tiktok.com *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk api.products.kameleoon.com *.kameleoon.eu data.kameleoon.io *.fontawesome.com bat.bing.com bat.bing.net invitejs.trustpilot.com tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io region1.google-analytics.com cdn.elev.io ipa.elev.io events.elev.io *.clarity.ms pagead2.googlesyndication.com *.etrusted.com *.getzowie.com analytics.sleeknote.com/ *.posthog.com *.tangiblee.com *.impactcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.klarnacdn.net *.klarna.com *.klarnaevt.com *.profitmetrics.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.accelasearch.io applepay.cdn-apple.com *.cloudflare.com *.googleapis.com *.gstatic.com *.typekit.net *.twitter.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com oct8necdneu.azureedge.net *.accelasearch.net *.oct8ne.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it *.twitter.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.iubenda.com *.twitter.com *.nexi.it www.google.com js.mollie.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * api-qa.payplug.com secure-qa.payplug.com *.payplug.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.accelasearch.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.iubenda.com *.cloudflare.com *.klarna.com *.twitter.com *.usercentrics.eu *.lightemporium.com *.pm7.it https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.camo.githubusercontent.com oct8necdneu.azureedge.net *.nexi.it *.sc.omtrdc.net action-wear.com media.action-wear.com *.accelasearch.net https://www.mollie.com *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://secure-magenta.dalenys.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.accelasearch.io chimpstatic.com downloads.mailchimp.com *.list-manage.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.iubenda.com *.cloudflare.com *.twitter.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io *.alothemes.com *.magepow.com *.unpkg.com cdn.jsdelivr.net *.google.com *.nexi.it *.accelasearch.net js.mollie.com *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.accelasearch.io downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.gstatic.com *.twitter.com *.typekit.net *.fontawesome.com *.trustedshops.com *.usercentrics.eu https://fonts.bunny.net *.alothemes.com *.magepow.com *.unpkg.com cdn.jsdelivr.net media.action-wear.com *.accelasearch.net unsafe-inline assets.braintreegateway.com https://secure-magenta.dalenys.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.accelasearch.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.iubenda.com *.cloudflare.com *.twitter.com *.trackedlink.net *.legalblink.it https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.oct8neeufrontal3microservicescheckdomain.azurewebsites.net *.nexi.it *.crmcag.it *.accelasearch.net *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com https://www.google.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; report-uri /csp-report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Tqb37dfjnXK0337IYfufMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline' 'unsafe-eval'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.heimkinowelt.at www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com tagmanager.google.com https://www.googletagmanager.com http://www.googleadservices.com https://devdocs.magento.com https://magento.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com/ *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.adobe.com 'self' 'unsafe-inline' 'unsafe-eval'; manifest-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://devdocs.magento.com *.cloudflare.com *.twitter.com *.twimg.com google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de *.google.co.in *.paypal.com *.blowoutmedical.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.paypalobjects.com *.kaptcha.com *.google.com/ landofcoder.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de *.blowoutmedical.com *.googletagmanager.com pixel.tracking.blokid.com c.clarity.ms assets.yieldify.com *.klevu.com *.ksearchnet.com https://www.magezon.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.bing.com *.facebook.com *.facebook.net *.listrakbi.com *.noibu.com *.blowoutmedical.com *.googletagmanager.com *.acsbapp.com *.clarity.ms acsbapp.com pixel.blokid.com js.klevu.com *.ksearchnet.com *.google.com/ cdn.jsdelivr.net landofcoder.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.listrakbi.com *.blowoutmedical.com *.klevu.com *.ksearchnet.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.listrakbi.com stats.g.doubleclick.net *.bing.com *.noibu.com input.noibu.com *.clarity.ms *.acsbapp.com cdn.acsbapp.com *.klevu.com *.ksearchnet.com *.yotpo.com pixel.blokid.com pixel.tracking.blokid.com c.clarity.ms assets.yieldify.com landofcoder.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de http: https: blob: 'self' 'unsafe-inline'; default-src *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.bing.com *.facebook.com *.listrakbi.com *.google.com https://www.google.co.in *.espssl.com *.google.de 'self' 'unsafe-inline'; 1
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; report-to main-endpoint; 1
base-uri 'self';connect-src 'self' *.iubenda.com maps.googleapis.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net;default-src 'self' data: fonts.gstatic.com www.google.com;form-action 'self';img-src 'self' data: via.placeholder.com *.iubenda.com maps.googleapis.com maps.gstatic.com www.google.it www.google.com www.google-analytics.com www.googletagmanager.com media.givi.it i.ytimg.com;media-src 'self';object-src 'none';script-src 'self' 'nonce-IRMCwRQpnXfs3X62FCftvnGewCThhmfA' *.iubenda.com www.google.it www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.googleapis.com;style-src 'self' *.iubenda.com fonts.googleapis.com 'unsafe-inline';frame-src *.iubenda.com www.google.com td.doubleclick.net 1
default-src 'self'; script-src 'self' 'nonce-Bosb7sRi8Rchp9jAH7h762aBtTfsGtXwvxBWsjJdNfddu_dSdo0v3A' 'report-sample' https://ajax.googleapis.com https://consent.cookiefirst.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://www.googletagmanager.com https://www.google.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://www.googletagmanager.com; script-src-elem 'report-sample' 'self' https://ajax.googleapis.com https://consent.cookiefirst.com https://www.googletagmanager.com 'sha256-dZ++zwJe3hSdFp4rDaEjRdd0J/M2jq9tGd716AeXLrM='; style-src 'self' 'report-sample' https://consent.cookiefirst.com 'sha256-Yv2mwg+vTGLO8iQC/FmD1QAT5YshB5WjzkPYOqesNbE='; font-src 'self' https://consent.cookiefirst.com; connect-src 'self' https://consent.cookiefirst.com https://edge.cookiefirst.com https://www.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.cookiefirst.com; manifest-src 'self'; worker-src 'none' 'report-sample'; form-action 'self'; report-uri https://www.otto-brenner-stiftung.de/@http-reporting?csp=report&requestTime=1773712189111280&requestHash=335cf1c6436c9319abed5530e938076804308c6b 1
object-src 'none';base-uri 'self';script-src 'nonce-GIX9iNQNwz-WvG1Sr_a6_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ENQwFkJ0YMxXbmq86tzNZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com cdn.babymax.nl *.fontawesome.com *.fonts.bunny.net widget.thuiswinkel-cdn.org data: 'self' 'unsafe-inline' https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.twitter.com *.paazl.com cdn.babymax.nl *.googletagmanager.com *.doubleclick.net unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.iubenda.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.paazl.com *.multisafepay.com cdn.babymax.nl bundleconfigurator.babymax.nl *.sleeknote.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.no *.google.com.np *.google.nl *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat blob: files.smartsuppcdn.com widget.thuiswinkel-cdn.org unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.iubenda.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paazl.com cdn.babymax.nl self *.sleeknote.com *.hotjar.com www.smartsuppchat.com *.smartsuppcdn.com *.thuiswinkel.org *.thuiswinkel-cdn.org g10696554090.co 'unsafe-inline' unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.iubenda.com *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com https://widget-acc.paazl.com https://api-acc.paazl.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paazl.com cdn.babymax.nl *.smartsuppcdn.com widget.thuiswinkel-cdn.org 'unsafe-inline' unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://fonts.bunny.net *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.babymax.nl widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com self *.cloudflare.com *.twitter.com *.twimg.com *.paazl.com cdn.babymax.nl *.google.nl *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com wss://*.smartsupp.com *.googlesyndication.com *.doubleclick.net *.hotjar.io *.thuiswinkel-cdn.org *.thuiswinkel.org *.sleeknote.com data: wss://ws.hotjar.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.iubenda.com https://get.geojs.io *.avada.io *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.paazl.com cdn.babymax.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://babymax.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
style-src-elem preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://static.klaviyo.com https://cdn.jsdelivr.net https://*.adobe.com https://fonts.googleapis.com https://*.doubleclick.net https://*.facebook.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.bunny.net https://fonts.static.com https://*.nosto.com https://*.nos.to https://assets.braintreegateaway.com https://*.cloudfront.net https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com https://fonts.bunny.net fonts.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.innoship.ro *.reviews.io *.reviews.co.uk *.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://www.googletagmanager.com https://consentcdn.cookiebot.eu https://event.2performant.com https://ams.creativecdn.com https://www.gstatic.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.tile.openstreetmap.org *.openstreetmap.org * https://www.magezon.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com quickchart.io img.youtube.com *.nosto.com *.nos.to www.google.com.ua preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net https://ss.tezyo.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com cdn.jsdelivr.net *.tiktok.com * *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com https://www.gstatic.com/ *.avada.io *.shopify.com *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com https://cdn.otter.ro https://ss.tezyo.ro 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.adobe.com fonts.googleapis.com *.googleapis.com https://*.doubleclick.net https://*.facebook.com *.gstatic.com https://*.googletagmanager.com https://*.googlesyndication.com *.tiktok.com https://*.fontawesome.com maxcdn.bootstrapcdn.com https://*.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://fonts.bunny.net fonts.gstatic.com https://*.nosto.com *.nos.to preprod-cdn.otter.ro cdn.otter.ro dev.otter247.local stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro data: https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.static.com https://*.nos.to https://assets.braintreegateaway.com https://*.reviews.io https://*.reviews.co.uk https://preprod-cdn.otter.ro https://cdn.otter.ro 'unsafe-inline' https://www.googletagmanager.com https://www.googlesyndication.com https://use.fontawesome.com https://assets.braintreegateway.com https://d2c7ipcroan06u2.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com preprod-cdn.otter.ro cdn.otter.ro static.klaviyo.com cdn.jsdelivr.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.facebook.com *.facebook.net https://www.google.com/ *.doubleclick.net *.googlesyndication.com *.tiktok.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to maps.googleapis.com preprod-cdn.otter.ro cdn.otter.ro stage2.otter.ro stage2.tezyo.ro stage2.gryxx.ro stage2.aldoshoes.ro static.klaviyo.com cdn.jsdelivr.net https://tezyo.zendesk.com https://ekr.zdassets.com https://*.zendesk.com https://*.zdassets.com https://event.2performant.com https://tidytracking.com https://ss.tezyo.ro 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src applepay.cdn-apple.com www.gstatic.com fonts.gstatic.com cfg.schmidtspiele-shop.de data: 'self' 'unsafe-inline'; form-action facebook.com www.facebook.com graph.facebook.com connect.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src payments.amazon.de applepay.cdn-apple.com challenges.cloudflare.com td.doubleclick.net facebook.com www.facebook.com graph.facebook.com connect.facebook.net *.google.com www.google.com/recaptcha/ www.googletagmanager.com googletagmanager.com jsctool.com www.jsctool.com js.playground.klarna.com secure.pay1.de player.vimeo.com *.youtube-nocookie.com *.youtube.com 'self' 'unsafe-inline'; img-src *.cloudfront.net *.cookielaw.org data: googleads.g.doubleclick.net *.g.doubleclick.net facebook.com www.facebook.com graph.facebook.com connect.facebook.net www.google-analytics.com *.google-analytics.com www.google.com analytics.google.com *.google.com *.analytics.google.com google.com *.google.de www.googleadservices.com *.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com ssl.gstatic.com www.gstatic.com x.klarnacdn.net www.magezon.com m.media-amazon.com *.onetrust.com cdn.pay1.de static-eu.payments-amazon.com www.paypalobjects.com *.vimeocdn.com *.youtube.com i.ytimg.com blob: cfg.schmidtspiele-shop.de data: 'self' 'unsafe-inline'; script-src *.adform.net includestest.ccdc02.com applepay.cdn-apple.com challenges.cloudflare.com *.cookielaw.org googleads.g.doubleclick.net facebook.com www.facebook.com graph.facebook.com connect.facebook.net *.ggpht.com www.google-analytics.com *.google-analytics.com analytics.google.com *.google.com www.google.com/recaptcha/ www.googleadservices.com www.googleapis.com maps.googleapis.com *.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com googletagmanager.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com www.gstatic.com/recaptcha/ jsctool.com cdn.klarna.com x.klarnacdn.net *.onetrust.com secure.pay1.de d.payla.io static-eu.payments-amazon.com www.paypalobjects.com d.ratepay.com vimeo.com www.vimeo.com *.vimeocdn.com sentry.webidea.cloud *.youtube.com s.ytimg.com cfg.schmidtspiele-shop.de https://cdn.cookielaw.org https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.google-analytics.com fonts.googleapis.com googletagmanager.com *.googletagmanager.com d.payla.io dr.payla.io d.ratepay.com cfg.schmidtspiele-shop.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src facebook.com www.facebook.com graph.facebook.com connect.facebook.net www.google-analytics.com www.googleadservices.com cfg.schmidtspiele-shop.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src payments-eu.amazon.com payments.amazon.de *.cookielaw.org stats.g.doubleclick.net *.g.doubleclick.net facebook.com www.facebook.com graph.facebook.com connect.facebook.net www.google-analytics.com *.google-analytics.com analytics.google.com *.google.com *.analytics.google.com google.com www.google.com *.google.de www.googleadservices.com maps.googleapis.com *.googleapis.com www.googletagmanager.com *.googletagmanager.com *.gstatic.com jsctool.com eu.playground.klarnaevt.com *.onetrust.com www.paypalobjects.com d.ratepay.com vimeo.com player.vimeo.com sentry.webidea.cloud cfg.schmidtspiele-shop.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.webidea.cloud/api/2/security&sentry_key=2f4936682b1c37fdb96bfe78a119e6ff&sentry_release=2380594672&sentry_environment=live&sentry_release=2380594672&sentry_environment=live; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://media.flixcar.com/ *.fontawesome.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.tiktok.com https://ipgtest.monri.com/ https://ipg.monri.com/ https://formtest.wspay.biz/ https://form.wspay.biz/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.googletagmanager.com https://ipgtest.monri.com/ https://ipg.monri.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com rt.flix360.com https://media.flixfacts.com/ https://media.flixcar.com/ *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com https://media.flixfacts.com/ https://media.flixcar.com/ https://ipgtest.monri.com/ https://ipg.monri.com/ *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://media.flixfacts.com/ https://media.flixcar.com/ *.fontawesome.com use.typekit.net p.typekit.net https://ipgtest.monri.com/ https://ipg.monri.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com eadn-wc03-463152.nxedge.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com customneon.com customneon.com.au customneon.co.uk/ eadn-wc02-9281796.nxedge.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self' https://support.customneon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.klarna.com *.twitter.com *.consensu.org *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com checkout.bluesnap.com ssl.kaptcha.com portal.afterpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.co.in lh3.googleusercontent.com phosphor.utils.elfsightcdn.com px.ads.linkedin.com d.adroll.com bat.bing.com *.google.com *.google.com.au eadn-wc02-9281796.nxedge.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apis.google.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.sharethis.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com static.elfsight.com apps.elfsight.com maps.googleapis.com cdn.audiencelab.io s.adroll.com d.adroll.com static.zdassets.com cdn.websitepolicies.io snap.licdn.com ssl.kaptcha.com universe-static.elfsightcdn.com sandbox.bluesnap.com ws.bluesnap.com bat.bing.com pixel.dashfi.dev ct.pinterest.com *.clarity.ms ipinfo.io eadn-wc02-9281796.nxedge.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com https://static.klaviyo.com *.klarnacdn.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com cdn.websitepolicies.io eadn-wc02-9281796.nxedge.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com *.amazon.com static.elfsight.com apps.elfsight.com service-reviews-ultimate.elfsight.com maps.googleapis.com ekr.zdassets.com pixel.audiencelab.io app.audiencelab.io pro.ip-api.com a.usbrowserspeed.com storage.elfsight.com customneon.zendesk.com stats.g.doubleclick.net d.adroll.com cdn.linkedin.oribi.io core.service.elfsight.com portal.afterpay.com ssl.kaptcha.com custom-neon.ts.r.appspot.com px.ads.linkedin.com www.facebook.com *.clarity.ms pixel.tracking.blokid.com *.google.com.au pixel.dashfi.dev eadn-wc02-9281796.nxedge.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self';         object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             blob:             https://*.consentmanager.net             https://*.cookiebot.com             https://*.doubleclick.net             https://google.com             https://*.google.com             https://*.google.de             https://*.google.be             https://*.google.nl             https://*.google.ch             https://*.googletagmanager.com             https://*.gstatic.com             https://*.youtube.com             https://*.lndo.site             https://*.mobiel.de             mobielfrontend.projektserver.org             https://*.westfalenfahrplan.de             https://*.stadtwerke-bielefeld.de             https://*.bielefeld.de             https://hcaptcha.com             https://www.google-analytics.com             https://www.googleadservices.com             https://connect.facebook.net             https://www.facebook.com         ;         img-src 'self' data:             https://*.analytics.google.com             https://*.consentmanager.net             https://*.cookiebot.com             https://*.doubleclick.net             https://*.google-analytics.com             https://google.com             https://*.google.com             https://*.google.de             https://*.google.be             https://*.google.nl             https://*.google.ch             https://*.googleapis.com             https://*.googletagmanager.com             https://*.gstatic.com             https://*.youtube.com             https://*.mobiel.de             mobielfrontend.projektserver.org             https://*.westfalenfahrplan.de             https://*.stadtwerke-bielefeld.de             https://*.bielefeld.de             https://*.tile.openstreetmap.org             https://www.googleadservices.com             https://*.ytimg.com             https://www.facebook.com         ;         connect-src 'self'             https://*.consentmanager.net             https://*.cookiebot.com             https://*.doubleclick.net             https://*.google-analytics.com             https://google.com             https://*.google.com             https://*.google.de             https://*.google.be             https://*.google.nl             https://*.google.ch             https://*.googletagmanager.com             https://*.mobiel.de             mobielfrontend.projektserver.org             https://*.westfalenfahrplan.de             https://*.stadtwerke-bielefeld.de             https://*.bielefeld.de             https://www.googleadservices.com             https://connect.facebook.net             https://www.facebook.com         ;         frame-src 'self'             https://*.cookiebot.com             https://*.consentmanager.net             https://*.doubleclick.net             https://*.youtube.com             https://player.vimeo.com             https://*.youtube-nocookie.com             https://google.com             https://*.google.com             https://*.google.de             https://*.google.be             https://*.google.nl             https://*.google.ch             https://*.googletagmanager.com             https://*.mobiel.de             https://westfalenfahrplan.de             https://*.westfalenfahrplan.de             https://*.bielefeld.de             https://germany.nextbike.net             https://connect.facebook.net             https://www.facebook.com         ;         style-src 'unsafe-inline' https:;         font-src 'self' data:;         report-uri /_cspreports 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; frame-src 'self' https://*.montonio.com https://*.youtube.com; connect-src 'self' https:; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com *.sooqr.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://z.moatads.com https://cdn.jsdelivr.net *.avada.io *.sooqr.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.sooqr.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sCGP3b_5lHhaGDQCTtuc9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-9ccG4bu7R6Sw1A8W2OgUTg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-8SgXTd93h2U2GTlOsDTb9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-r359lSZFVJ329DRVDStLCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LP9x50rFuVWeTLSXPaHjjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-9pQRvWlMb2FgwEVognhR-Q' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-fsOFuKod2KmP8DnErjBFCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src 'self' www.google.com www.youtube.com js.stripe.com widget.userlist.com; style-src 'self' ajax.googleapis.com fonts.googleapis.com *.gstatic.com js.stripe.com 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com client.crisp.chat editor.unlayer.com; img-src * data:; script-src 'self' ajax.googleapis.com *.googleanalytics.com *.googletagmanager.com storage.googleapis.com *.google-analytics.com *.segment.com *.smartlook.com *.stripe.com *.stripe.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com *.posthog.com *.google.com *.googleapis.com *.gstatic.com client.crisp.chat editor.unlayer.com js.userlist.com sentry.spotipo.dev browser.sentry-cdn.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net; font-src 'self' themes.googleusercontent.com *.gstatic.com client.crisp.chat; report-uri https://app.spotipo.com/csp_report/ 1
default-src 'self'; script-src 'nonce-7nYq+DwAOwYuyXsUJSeVGQ==' 'nonce-fyvffdaxlufja6l83kjrdq==' 'report-sample' 'self' 'strict-dynamic' https://js.hubspot.com/web-interactives-embed.js https://www.googletagmanager.com/gtm.js; style-src 'nonce-MeOG/FwviPIGwQ5ML0hETQ==' 'report-sample' 'self'; https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' https:; manifest-src 'self'; media-src 'none'; report-uri https://666e81840dfa2ed26f486533.endpoint.csper.io/?v=1; form-action 'none'; worker-src 'none'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-9-tkKKE4KSo_nG29vQ2FSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twimg.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.googleapis.com *.twimg.com *.fontawesome.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com secure.ewaypayments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-b8tFnva9J7reNsARv37vgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-f5RmHgZ9qm0Gk2CDubPjhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://checkout.stripe.com https://*.paypal.com https://*.paypalobjects.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.mxpnl.com https://cdn.retently.com/public/ https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://pro.fontawesome.com https://www.paypalobjects.com https://*.stripe.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://pro.fontawesome.com; img-src 'self' data: https://*.stripe.com https://www.paypalobjects.com https://www.paypal.com https://www.gravatar.com https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://js.stripe.com https://checkout.stripe.com https://hooks.stripe.com https://*.paypal.com https://*.paypalobjects.com; frame-ancestors 'self'; form-action 'self' https://www.paypal.com; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://www.paypal.com https://www.google-analytics.com https://www.googletagmanager.com https://app.retently.com/api/ https://*.paypal.com https://*.paypalobjects.comhttps://*.venmo.com; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; report-uri https://csp-reports.quick.net.au/csp-reports.php; report-to csp-endpoint; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1
object-src 'none';base-uri 'self';script-src 'nonce-uormQR_V2m3NYFNZKC874g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com www.searchanise.com *.searchserverapi.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.facebook.net *.canadapost.ca https://sso.epost.ca www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ *.weltpixel.com *.facebook.com *.facebook.net www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.jivosite.com *.convertcart.com *.naturalpigments.com yotpo-editor-production.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.facebook.com *.facebook.net https://img.youtube.com mageside.com *.canadapost.ca *.canadapost-postescanada.ca www.facebook.com https://meetanshi.com/media/logo.png *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.attn.tv events.attentivemobile.com *.klaviyo.com *.jivosite.com *.convertcart.com *.jsdelivr.net *.googleadservices.com *.google-analytics.com *.assets.adobedtm.com *.doubleclick.net *.googletagmanager.com *.cardinalcommerce.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.facebook.com *.facebook.net *.avada.io connect.facebook.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.jivosite.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.jivosite.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu *.googleapis.com *.attn.tv events.attentivemobile.com *.jivosite.com *.convertcart.com wss://vi-ya-5.jivosite.com *.naturalpigments.com *.naturalpigments.eu *.naturalpigments.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io api.amplitude.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.doubleclick.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'report-sample'; style-src  'self' https: 'unsafe-inline' 'report-sample'; img-src    'self' https: data: blob:; font-src   'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-XUGhW0uE9JYx8HU3KgIIRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vv0GPLtiUTTD0A-gvAy9sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com * *.hotjar.com *.google.com *.doubleclick.net https://www.googletagmanager.com/ cdn.dnky.co *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://maps.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.doubleclick.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com chimpstatic.com *.hotjar.com *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.zopim.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com cdn.prooffactor.com cdn.one.store https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app *.cookiehub.net *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.hotjar.com *.google.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.doubleclick.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.one.store 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-MoSvjgAl1fyxHz60J0ROoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Ey48bMO7C6qXdayiA7uC98B6zg_rhix.R3Ieq4BbaKk-1773709519-1.0.1.1-95HOcS22M6o9py0QUTxQjQk1ZUqd9TU0FklHwxqvs.lhFTEG45NPNxPSa55hR7JTMSY2QBXXps8YI.u3dhMdCHnOmHQsFsfqS7qJ0jjKqTwXLa.yy0bD2BSDetRH7W78XNPPby51BpspFOvE0Dy1N4Gx5yk7XKwVyFQ8xrIPOsbdUDloZFDk6byLeg5oH2mY; report-to cf-csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-pKyO7tiUPSYzSdLSL-B3rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.google-analytics.com *.facebook.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.sooqr.com *.amazonaws.com *.geojs.io *.paypal.com *.paypalobjects.com *.magezon.com *.channable.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com *.sooqr.com *.amazonaws.com *.geojs.io *.paypalobjects.com *.magezon.com *.channable.com *.googletagmanager.com *.facebook.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.google-analytics.com *.sooqr.com *.amazonaws.com *.geojs.io *.paypalobjects.com *.magezon.com *.bootstrapcdn.com *.channable.com *.googletagmanager.com *.google.com/ https://www.googletagmanager.com/ *.facebook.com *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.sooqr.com *.amazonaws.com *.geojs.io *.paypalobjects.com *.magezon.com *.bootstrapcdn.com *.channable.com *.googletagmanager.com https://images.unsplash.com imgsct.cookiebot.com https://www.magezon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.com *.facebook.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.sooqr.com *.amazonaws.com *.geojs.io *.magezon.com *.doubleclick.net *.channable.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js consent.cookiebot.com *.google.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google-analytics.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.sooqr.com *.amazonaws.com *.geojs.io *.paypal.com *.paypalobjects.com *.magezon.com *.channable.com *.googletagmanager.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.google-analytics.com *.facebook.com *.sooqr.com *.amazonaws.com https://get.geojs.io *.paypalobjects.com *.magezon.com *.bootstrapcdn.com *.channable.com *.googletagmanager.com https://www.sandbox.paypal.com https://www.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.facebook.net *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.schilderijenshop.com/; report-to report-endpoint; 1
default-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com; font-src 'self' https://font.circlekeurope.com data:; frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://www.google-analytics.com https://slim-prod.cksites-prod.alpaque.net https://maps.gstatic.com https://maps.googleapis.com https://imgsct.cookiebot.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://assets.adobedtm.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://assets.royalbagspa.com.au https://fonts.gstatic.com https://static.zipmoney.com.au data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com https://pay.google.com https://assets.royalbagspa.com.au https://fonts.gstatic.com https://static.zipmoney.com.au https://static.elfsight.com/ zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://assets.royalbagspa.com.au https://site-assets.afterpay.com https://lh3.googleusercontent.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.gstatic.com https://www.google-analytics.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://assets.royalbagspa.com.au https://static.elfsight.com https://www.gstatic.com https://t.labs.au.edge.zip.co https://apps.elfsight.com https://static.zipmoney.com.au https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://js.braintreegateway.com *.google.com https://www.google-analytics.com https://static.cloudflareinsights.com *.zip.co *.zipmoney.com.au *.demdex.net *.omtrdc.net *.afterpay-beta.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com https://assets.royalbagspa.com.au https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.zipmoney.com.au https://assets.royalbagspa.com.au https://apps.elfsight.com https://service-reviews-ultimate.elfsight.com *.zip.co https://www.google-analytics.com https://stats.g.doubleclick.net https://payments.braintree-api.com https://client-analytics.braintreegateway.com *.elfsight.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fbKGtXhdNjzJlIi3cHq95Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g8RVpTnPJYgINmO-GoEaFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' www.facebook.com www.instagram.com https://*.keywee.co https://images.ctfassets.net https://i.ytimg.com https://a.storyblok.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://www.facebook.com https://d25d2506sfb94s.cloudfront.net https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://www.google.com.de https://www.google.com.pl https://www.google.com.es https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://images.getinconvo.com https://cdn.yougov.chat https://attachments-bucket-eu-west-1-prod.s3.eu-west-1.amazonaws.com data:; report-uri https://o198417.ingest.sentry.io/api/5594314/security/?sentry_key=f6766c04be5e496fa1fbd7ee7f3ded56&sentry_environment=production&sentry_release=undefined; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://td.doubleclick.net; connect-src 'self' https://pocanaliticafapp.azurewebsites.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.redditstatic.com www.gstatic.com www.google.com *.klaviyo.com *.shopify.com cdn.attn.tv connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com; style-src 'self' 'unsafe-inline' cdn.shopify.com www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' pixel-config.reddit.com www.googletagmanager.com www.redditstatic.com *.klaviyo.com *.analytics.google.com analytics.google.com www.google-analytics.com www.googleadservices.com adservice.google.com www.google.com *.googleapis.com *.doubleclick.net *.instagram.com *.shopify.com images.prismic.io events.attentivemobile.com rogallery.attn.tv rogallery-us.attn.tv; font-src 'self' data: rogallery.cdn.prismic.io fonts.gstatic.com cdn.shopify.com static.klaviyo.com; frame-src 'self' td.doubleclick.net submit.jotform.com form.jotform.com creatives.attn.tv www.facebook.com www.googletagmanager.com; img-src 'self' data: blob: alb.reddit.com fonts.gstatic.com cdn.shopify.com events.attentivemobile.com prismic-io.s3.amazonaws.com images.prismic.io www.facebook.com *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: ; report-uri https://csp.hullforge.com/d64a3; 1
script-src 'self' https://www.paypal.com/sdk/js 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://fonts.gstatic.com *.bootstrapcdn.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.jsdelivr.net *.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.hollandlamp.nl *.hollandlamp.dev 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.hotjar.com *.googletagmanager.com *.cookiebot.eu *.pinterest.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com cdn.doofinder.com *.alothemes.com *.magepow.com flagpedia.net https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hollandlamp.nl *.hollandlamp.dev *.cloudflare.com *.cloudimage.io *.linkedin.com *.adsymptotic.com *.google.nl *.trengo.eu *.bing.com *.feedbucket.app *.doofinder.com www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com cdn.doofinder.com *.alothemes.com *.magepow.com js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com polyfill.io *.cookiebot.eu *.bing.com *.clarity.ms *.clarity.ms/collect *.pinimg.com *.pinterest.com *.trengo.eu *.feedbucket.app *.doofinder.com *.roeye.com flagpedia.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.doofinder.com https://fonts.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.multisafepay.com assets.braintreegateway.com *.bunny.net *.feedbucket.app 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.doofinder.com wss://*.doofinder.com *.alothemes.com *.magepow.com www.gstatic.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.pingdom.net *.hotjar.com *.usercentrics.eu *.pinterest.com *.bing.com *.trengo.eu *.clarity.ms *.clarity.ms/collect *.cookiebot.eu *.feedbucket.app *.hollandlamp.nl *.hollandlamp.dev 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://hollandlamp.dev/; report-to report-endpoint; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.dk/api/csp-report; report-to csp-endpoint 1
font-src *.fontawesome.com *.cleverreach.com https://www.gstatic.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.cleverreach.com newassets.hcaptcha.com landofcoder.com https://www.google.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net www.gstatic.com *.trackedlink.net *.googleapis.com *.fbcdn.net *.google.de *.google.com *.facebook.com *.cdninstagram.com *.instagram.com *.paypal.com *.crl.eu *.smartsuppcdn.com *.ytimg.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.google.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.instagram.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.smartsuppchat.com *.smartsuppcdn.com *.qualtrics.com hcaptcha.com landofcoder.com https://www.google.com https://www.gstatic.com *.avada.io https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.smartsuppcdn.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.google.com *.gstatic.com *.smartsuppcdn.com *.smartsupp.com *.smartsuppchat.com *.google-analytics.com *.doubleclick.net *.qualtrics.com wss://websocket-visitors.smartsupp.com *.hcaptcha.com landofcoder.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.monetate.net maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.monetate.net *.en25.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lxVBFYTwUzf8RmDqxloJog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'    https://*.bigcommerce.com    https://js.smile.io    https://www.googletagmanager.com    https://*.google-analytics.com    https://ajax.googleapis.com    https://analytics.ahrefs.com    https://static.klaviyo.com    https://static-tracking.klaviyo.com    https://pt.wisernotify.com    https://js.stripe.com    https://www.paypal.com    https://www.paypalobjects.com    https://pay.google.com    https://apple-pay-gateway.apple.com    https://static.cloudflareinsights.com    https://media.receiptful.com    https://static.elfsight.com    https://universe-static.elfsightcdn.com    https://verify.authorize.net    https://checkout-sdk.bigcommerce.com;   style-src 'self' 'unsafe-inline'    https://*.bigcommerce.com    https://fonts.googleapis.com    https://cdnjs.cloudflare.com    https://media.receiptful.com    https://pt.wisernotify.com;   font-src 'self' data:    https://*.bigcommerce.com    https://fonts.gstatic.com    https://cdnjs.cloudflare.com;   img-src 'self' data:    https://*.bigcommerce.com    https://www.paypalobjects.com    https://*.google-analytics.com    https://s.ytimg.com    https://verify.authorize.net    https://phosphor.utils.elfsightcdn.com    https://lh3.googleusercontent.com;   connect-src 'self'    https://*.bigcommerce.com    https://api.smile.io    https://analytics.ahrefs.com    https://*.google-analytics.com    https://stats.g.doubleclick.net    https://google.com/pay    https://apple-pay-gateway-cert.apple.com    https://fast-api.klaviyo.com    https://fast.a.klaviyo.com    https://a.klaviyo.com    https://static-forms.klaviyo.com    https://ns.wisermapp.com    https://pro.ip-api.com    https://core.service.elfsight.com    https://service-reviews-ultimate.elfsight.com    https://static.elfsight.com;   frame-src 'self'    https://*.bigcommerce.com    https://www.youtube.com    https://www.youtube-nocookie.com    https://js.stripe.com    https://www.paypal.com    https://pay.google.com    https://apple-pay-gateway.apple.com    https://player.vimeo.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.awswaf.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com https://*.gstatic.com *.certcapture.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com https://*.gstatic.com *.certcapture.com https://libs.masterffl.com *.awswaf.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.certcapture.com https://api-qa.masterffl.com https://ffl-api.masterffl.com *.awswaf.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';     script-src 'self' 'unsafe-inline' blob:       https://*.freshworks.com https://*.freshchat.com https://*.freshdesk.com       https://cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com       https://www.googletagmanager.com https://js.hs-scripts.com https://js.hs-analytics.net       https://js.hubspot.com https://js.hs-banner.com https://4895550.hs-sites.com       https://js.zi-scripts.com https://js.hsadspixel.net;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.freshchat.com https://*.freshworks.com;     font-src 'self' https://fonts.gstatic.com;     img-src 'self' data: https: https://*.freshchat.com https://stats.g.doubleclick.net;     connect-src 'self' https://*.freshchat.com https://*.freshworks.com       https://ws.zoominfo.com https://region1.analytics.google.com       https://cta-service-cms2.hubspot.com https://js.zi-scripts.com       https://stats.g.doubleclick.net;     frame-src https://*.freshchat.com https://*.freshworks.com https://4895550.hs-sites.com;     worker-src blob:;     base-uri 'self';     form-action 'self' 1
font-src www.paypalobjects.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com craftelier.com *.craftelier.com hartem.com *.hartem.com *.paypal.com *.paypalobjects.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com esh-blog.craftelier.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com webpay3g.transbank.cl webpay3gint.transbank.cl www.facebook.com www.paycomet.com api.paycomet.com https://plumrocket.com esh-blog.craftelier.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com esh-blog.craftelier.com 'self'; frame-src fast.amc.demdex.net *.adobe.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com bid.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com landofcoder.com www.facebook.com platform.twitter.com ct.pinterest.com td.doubleclick.net www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://plumrocket.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.googletagmanager.com esh-blog.craftelier.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com craftelier.com *.craftelier.com hartem.com *.hartem.com ct.pinterest.com s3-eu-west-1.amazonaws.com c.clarity.ms c.bing.com *.doofinder.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://redchamps.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google.es *.googleadservices.com esh-blog.craftelier.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com x.klarnacdn.net *.klarnaservices.com landofcoder.com *.avada.io *.shopify.com connect.facebook.net twitter.com platform.twitter.com static.addtoany.com craftelier.com *.craftelier.com hartem.com *.hartem.com static.zdassets.com analytics.tiktok.com cdn.stg.p-a.io cdn.scalapay.com api.instagram.com js-agent.newrelic.com bam.eu01.nr-data.net cdn.connectif.cloud cdn.particularaudience.com b2c-cdn.scalapay.com s.pinimg.com www.clarity.ms dev.visualwebsiteoptimizer.com snippet.maze.co *.doofinder.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.googletagmanager.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google-analytics.com *.googleadservices.com esh-blog.craftelier.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com craftelier.com *.craftelier.com hartem.com *.hartem.com *.doofinder.com instantcredit.net test.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.googletagmanager.com esh-blog.craftelier.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com esh-blog.craftelier.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.connectif.cloud *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com x.klarnacdn.net *.klarnaservices.com landofcoder.com https://get.geojs.io *.avada.io stats.addtoany.com craftelier.com *.craftelier.com hartem.com *.hartem.com analytics-ipv6.tiktokw.us stats.g.doubleclick.net ekr.zendesk.com ekr.zdassets.com recs-ap-e1a.stg.p-a.io craftelier.zendesk.com cdn.integration.scalapay.com wss://widget-mediator.zopim.com bam.eu01.nr-data.net eu5-api.connectif.cloud recs-us-e1a.particularaudience.com api.amplitude.com ct.pinterest.com www.facebook.com p.clarity.ms v.clarity.ms *.paypalobjects.com *.doofinder.com instantcredit.net *.instantcredit.net *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://analytics.tiktok.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com *.google.com *.googlesyndication.com *.googletagmanager.com googleads.g.doubleclick.net esh-blog.craftelier.com 'self' 'unsafe-inline'; child-src esh-blog.craftelier.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com craftelier.com *.craftelier.com hartem.com *.hartem.com widget-mediator.zopim.com analytics.tiktok.com esh-blog.craftelier.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline' data: *.klaviyo.com *.zip.co *.typekit.net *.cloudflare.com *.slant.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.workscene.com.au *.workscene.co.nz https://decorate.workscene.com.au *.google.com *.facebook.com *.braintreegateway.com *.kaptcha.com *.zipmoney.com.au https://9063659.fls.doubleclick.net *.zdassets.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.com.au *.google.ro *.workscene.com.au https://www.facebook.com *.zipmoney.com.au *.afterpay.com *.cloudflareaccess.com https://workscene.co.nz *.cloudfront.net *.zip.co https://zip.co *.google.com.vn *.workscene.co.nz *.workscene.co.au *.facebook.net workscene.com.au www.google.co.id www.google.co.in www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.com.eg www.google.com.my www.google.com.np www.google.com.ph www.google.com.pk www.google.com.sb www.google.com.sg www.google.com.tw www.google.de www.google.hn www.google.ie www.google.mk www.google.mn www.google.pl *.cloudflare.com www.google.am www.google.at www.google.ba www.google.be www.google.ca www.google.co.ao www.google.co.jp www.google.co.ug www.google.co.za www.google.com.bd www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.mt www.google.com.mx www.google.com.na www.google.com.pg www.google.com.qa www.google.com.sa www.google.com.tr www.google.com.ua www.google.dk www.google.dz www.google.es www.google.fi www.google.fr www.google.hr www.google.ht www.google.it www.google.jo www.google.lk www.google.lt www.google.lv www.google.nl www.google.ru www.google.se www.google.si www.google.so www.google.ws www.google.co.il www.google.com.fj www.google.ae www.google.bg www.google.bs www.google.cl www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.ma www.google.co.ve www.google.co.vi www.google.co.zm www.google.co.zw www.google.com.au www.google.com.bo www.google.com.gi www.google.com.jm www.google.com.ly www.google.com.ng www.google.com.pe www.google.com.sv www.google.com.uy www.google.gy www.google.hu www.google.no www.google.nu www.google.pt www.google.rs www.google.to www.google.tt www.google.al www.google.as www.google.az www.google.bf www.google.bj www.google.bt www.google.by www.google.cd www.google.ch www.google.ci www.google.co.ke www.google.co.ls www.google.co.tz www.google.co.uz www.google.com.ag www.google.com.ar www.google.com.bh www.google.com.bn www.google.com.do www.google.com.et www.google.com.gt www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.ni www.google.com.om www.google.com.pr www.google.cz www.google.dm www.google.ee www.google.ge www.google.gr www.google.im www.google.iq www.google.is www.google.kz www.google.la www.google.lu www.google.md www.google.me www.google.mg www.google.ml www.google.mu www.google.mv www.google.nr www.google.ps www.google.rw www.google.sk www.google.sr www.google.tg www.google.tl www.google.tn www.google.vu *.tiktok.com google.com workscene.co.nz www.google.co.mz www.google.com.cu www.google.com.pa www.google.com.py www.google.je www.google.sc www.google.sn *.ggpht.com *.tangooserver.com www.google.com.af yastatic.net www.google.com.vc *.googleadservices.com www.google.com.sl s3.amazonaws.com www.google.cg www.google.ki d3k81ch9hvuctc.cloudfront.net www.google.cm www.google.com.bz www.google.gg www.google.kg www.google.tm *.tiktokw.us t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.chimpstatic.com https://chimpstatic.com *.zdassets.com *.zipmoney.com.au *.afterpay.com https://bat.bing.com *.fullstory.com https://edge.fullstory.com https://analytics.tiktok.com *.zip.co *.cfjump.com *.newrelic.com *.retargeted.co localhost *.tangooserver.com *.workscene.com.au *.cloudflareinsights.com polyfill-fastly.io static.client.cardinaltrusted.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.googleapis.com *.zip.co *.typekit.net *.klaviyo.com *.cloudflare.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.zipmoney.com.au *.zip.co *.braintreegateway.com https://zipmoneyau.zendesk.com *.cardinaltrusted.com *.cloudfront.net *.afterpay.com *.google.com.vn *.google.com.au *.nr-data.net *.algolia.io *.facebook.com *.retargeted.co localhost www.google.co.in www.google.co.kr www.google.co.nz www.google.co.th www.google.com.pk www.google.de www.google.mk *.datadome.co www.google.am www.google.at www.google.be www.google.ca www.google.co.id www.google.co.jp www.google.co.uk www.google.co.za www.google.com.bd www.google.com.br www.google.com.co www.google.com.gh www.google.com.hk www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.pg www.google.com.ph www.google.com.sb www.google.com.sg www.google.com.tw www.google.fi www.google.it www.google.lt www.google.lv www.google.nl www.google.so www.google.ws www.google.bg www.google.cl www.google.co.ck www.google.co.ug www.google.co.vi www.google.com.fj www.google.com.ly www.google.com.np www.google.fr www.google.nu www.google.rs www.google.ru www.google.tt *.typekit.net www.google.ae www.google.as www.google.ba www.google.bt www.google.cd www.google.ch www.google.co.ao www.google.co.bw www.google.co.il www.google.co.ke www.google.co.ma www.google.co.tz www.google.co.uz www.google.co.ve www.google.co.zm www.google.co.zw www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bn www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ng www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.tr www.google.com.ua www.google.cz www.google.dk www.google.es www.google.gr www.google.hn www.google.hu www.google.ie www.google.iq www.google.is www.google.la www.google.lk www.google.md www.google.me www.google.mg www.google.ml www.google.mn www.google.mu www.google.no www.google.nr www.google.pl www.google.ps www.google.pt www.google.ro www.google.rw www.google.se www.google.si www.google.sk www.google.sr www.google.tg www.google.tl www.google.tn www.google.to www.google.vu *.pangle-ads.com *.tiktokw.us kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.az www.google.bs www.google.co.mz www.google.com.bo www.google.com.do www.google.com.ec www.google.com.py www.google.com.sv www.google.hr www.google.jo www.google.sc zip.co www.google.ge www.google.com.af *.sentry.io www.google.com.vc *.googleadservices.com www.google.com.ni www.google.bf www.google.com.sl www.google.kz www.google.cg www.google.com.om www.google.com.uy www.google.ki *.gstatic.com www.google.by www.google.ci www.google.gg www.google.sn www.google.com.mm www.google.gy 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://032d1b56-4a9f-455b-8863-84d9bea84b8f.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-vrD-D4HHvQe-HTc_Hz9v2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self' 1
default-src https: 'self' data:; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: 1
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mondu.ai/ *.mondu.local localhost:*/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net https://images.unsplash.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com magefan.com cm.magefan.com *.disqus.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com *.mondu.ai/ *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com bat.bing.com www.facebook.com www.google.nl www.btndehaas.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.disqus.com https://cdn.jsdelivr.net *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com d5yoctgpv4cpx.cloudfront.net bat.bing.com cdn.cookie-script.com connect.facebook.net js-agent.newrelic.com static.hotjar.com script.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://cdn.jsdelivr.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.googleapis.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app p2iqhncxyh.execute-api.eu-central-1.amazonaws.com l.clarity.ms bam.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com bat.bing.com l.clarity.ms bam.nr-data.net www.google.com bat.bing.net pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudfront.net data: *.typekit.net data: 'self' 'unsafe-inline'; form-action *.facebook.com *.cleverreach.com https://seu2.cleverreach.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com secure.pay1.de payments.amazon.de www.jsctool.com https://consentcdn.cookiebot.com *.hotjar.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com cdn.pay1.de www.paypal.com www.paypalobjects.com x.klarnacdn.net *.cloudfront.net *.trustedshops.com *.sleeknote.com *.cookiebot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com *.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com *.paypalobjects.com *.paypal.com *.trustedshops.com *.sleeknote.com *.amazonaws.com *.pay1.de *.klarna.com *.authorize.net *.braintreegateway.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com d.ratepay.com *.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com payments.amazon.de d.ratepay.com www.jsctool.com *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud *.googletagmanager.com *.hotjar.com https://consentcdn.cookiebot.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net http://fonts.gstatic.com https://online.feliubadalo.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://online.feliubadalo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.es https://online.feliubadalo.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.doofinder.com https://eu1-search.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://online.feliubadalo.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com http://fonts.googleapis.com https://online.feliubadalo.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://eu1-search.doofinder.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be http://77.224.171.53:7047 http://77.224.171.49:7047 https://online.feliubadalo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9Z0bEmK4gZ9OkrQD-pyJ6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-0qN5o3aacLTBqzl5vyU6sA==' 'self' cdn.orsted.com *.googletagmanager.com *.app.cookieinformation.com cdn.appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net;       style-src 'nonce-0qN5o3aacLTBqzl5vyU6sA==' 'self' cdn.orsted.com fonts.googleapis.com;       style-src-attr 'unsafe-inline' cdn.orsted.com;       img-src 'self' data: cdn.orsted.com *.azureedge.net *.youtube.com *.23video.com delivery.twentythree.com www.googletagmanager.com *.lfeeder.com *.linkedin.com *.doubleclick.net *.pardot.com;       media-src 'self' blob: cdn.orsted.com *.youtube.com *.23video.com delivery.twentythree.com;       font-src 'self' data: fonts.gstatic.com cdn.orsted.com;       frame-src *.app.cookieinformation.com *.youtube.com *.23video.com delivery.twentythree.com *.google.com *.google.nl *.googletagmanager.com *.doubleclick.net *.pardot.com;       connect-src *.app.cookieinformation.com *.euroland.com *.eum-appdynamics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.crazyegg.com *.linkedin.com orsted.piwik.pro *.pardot.com;       worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.paypal.com www.paypalobjects.com js.stripe.com connect.facebook.net static.addtoany.com www.googleadservices.com static.cloudflareinsights.com ajax.cloudflare.com googleads.g.doubleclick.net www.google.com servicepoints.sendcloud.sc www.gstatic.com cdn.jsdelivr.net analytics.tiktok.com static.olark.com assets.olark.com knrpc.olark.com maps.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net static.olark.com; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.paypal.com www.paypalobjects.com connect.facebook.net googleads.g.doubleclick.net www.google.com www.facebook.com analytics.tiktok.com log.olark.com; connect-src 'self' www.google-analytics.com www.paypal.com securepayments.paypal.com api.braintreegateway.com js.stripe.com api.stripe.com www.google.com www.google.fr region1.analytics.google.com www.merchant-center-analytics.goog www.googleadservices.com analytics.tiktok.com cdn.jsdelivr.net analytics-ipv6.tiktokw.us knrpc.olark.com api.getalma.eu maps.google.com maps.googleapis.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net data: static.olark.com/; frame-src 'self' www.paypal.com payments.amazon.com servicepoints.sendcloud.sc www.google.com www.youtube.com www.facebook.com static.addtoany.com www.googletagmanager.com static.olark.com; object-src 'none'; media-src 'self' static.olark.com; form-action 'self' www.paypal.com securepayments.paypal.com secure.payplug.com www.facebook.com 1
object-src 'none';base-uri 'self';script-src 'nonce-V3LXPO60jJnqSS2HaPwlhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-QrjDAjoCNI7SuddLnXI0Cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.googleapis.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.cashpresso.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.facebook.com *.cookiebot.com *.trustedshops.com *.googletagmanager.com https://www.google.com https://www.google.at *.aos.cc https://aos.cc *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.net *.googletagmanager.com *.cookiefirst.com *.cashpresso.com *.mailchimp.com *.jsdelivr.net *.gstatic.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.trackedlink.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.googletagmanager.com *.cashpresso.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.cookiefirst.com *.cashpresso.com *.chimpstatic.com *.intuit.com *.mailchimp.com *.amazonaws.com *.doubleclick.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1
object-src 'none';base-uri 'self';script-src 'nonce-fsk8LKoJI3YwsPqhLEqJxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self'; img-src 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.payfabric.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.trustedsite.com *.payfabric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com acsbapp.com acsbap.com *.acsbapp.com *.acsbap.com https://cdn.ywxi.net https://meetanshi.com/media/logo.png *.payfabric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com tagmanager.google.com https://www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com acsbapp.com acsbap.com *.acsbapp.com *.acsbap.com *.googleapis.com https://cdn.ywxi.net https://www.trustedsite.com *.payfabric.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com acsbapp.com acsbap.com *.acsbapp.com *.acsbap.com *.wikipedia.org *.googleapis.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com *.payfabric.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.zopim.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.hotjar.com wss://ws.hotjar.com *.typekit.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.zopim.com wss://*.zopim.com *.demdex.net *.klarnaservices.com *.studentbeans.com *.beans.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.addthis.com *.demdex.net *.criteo.com *.doubleclick.net *.vimeo.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com *.zopim.com wss://*.zopim.com https://rcgmal4n.klarnaservices.com *.klarnaservices.com *.dotmailer-surveys.com *.google.com *.freshchat.com *.reviews.co.uk *.hotjar.com wss://ws.hotjar.com *.zenaps.com *.braintreegateway.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.feefo.com *.nosto.com *.bing.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.google.co.in *.googletagmanager.com *.postcodeanywhere.co.uk *.klevu.com *.demdex.net *.omtrdc.net *.doubleclick.net *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.com *.loyaltylion.net *.googleapis.com https://www.facebook.com https://www.google-analytics.com *.zopim.com wss://*.zopim.com *.dotmailer-surveys.com blob: *.klarnaservices.com *.pinterest.com *.bootstrapcdn.com https://yznrgxhu.klarnaservices.com *.klarnacdn.net *.icons8.com *.linkedin.com ids-couk.m2.s.ayko.com *.gstatic.com *.awin1.com *.zenaps.com *.dancedirect.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googletagmanager.com chimpstatic.com *.nosto.com *.trackedweb.net trackedweb.net *.zopim.com *.dotmailer-surveys.com *.pcapredict.com *.loyaltylion.com *.klevu.com *.facebook.net *.bing.com *.rakuten.com *.zdassets.com *.jquery.com *.windows.net *.criteo.net *.criteo.com *.doubleclick.net *.addthis.com *.addthisedge.com *.moatads.com *.postcodeanywhere.co.uk *.google.com *.google.co.in *.gstatic.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.bootstrapcdn.com *.googleapis.com https://eu-library.klarnaservices.com/ *.pinterest.com *.klarnaservices.com *.klarnacdn.net *.adyen.com *.fontawesome.com *.freshchat.com *.hotjar.com wss://ws.hotjar.com *.pingdom.com *.dwin1.com *.pingdom.net *.scenttrail.co.uk scenttrail.co.uk *.licdn.com *.instagram.com *.adt313.net *.zenaps.com *.sciencebehindecommerce.com *.studentbeans.com *.beans.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.loyaltylion.com *.klevu.com *.windows.net *.postcodeanywhere.co.uk *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.bootstrapcdn.com fonts.googleapis.com *.zopim.com wss://*.zopim.com http://fonts.googleapis.com https://fonts.googleapis.com *.freshchat.com *.typekit.net data: downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedweb.net *.zdassets.com *.zopim.com wss://*.zopim.com *.google-analytics.com *.doubleclick.net *.loyaltylion.com *.demdex.net *.postcodeanywhere.co.uk *.addthis.com *.bing.com *.facebook.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://babea371.klarnauserservices.com *.feefo.com *.omtrdc.net *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.google.co.in *.hotjar.com *.hotjar.io wss://ws.hotjar.com wss://ws.hotjar.io *.pingdom.net *.dancedirect.com *.linkedin.com *.google.co.uk *.sciencebehindecommerce.com *.adt690.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klarna.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';   connect-src 'self' ddaudio.com adservice.google.com listgrowth.ctctcdn.com pro.ip-api.com properties stats.g.doubleclick.net facebook.com www.google-analytics.com google-analytics.com maps.googleapis.com translate.googleapis.com google-analytics.com ad.doubleclick.net www.google.com analytics.google.com;   font-src 'self' ddaudio.com use.typekit.net fonts.gstatic.com;   frame-src 'self' ddaudio.com www.facebook.com www.google.com www.youtube.com www.googletagmanager.com td.doubleclick.net;   img-src 'self' data: android-webview-video-poster ddaudio.com ddaudio.me www.facebook.com i.ytimg.com static.ctctcdn.com static.cloudflareinsights.com   ad.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com adservice.google.com maps.gstatic.com maps.googleapis.com translate.google.com www.googletagmanager.com www.gstatic.com   www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat;   media-src 'self' data: ddaudio.com www.youtube.com;   script-src-elem 'self' ddaudio.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googleadservices.com static.cloudflareinsights.com cdnjs.cloudflare.com googleads.g.doubleclick.net maps.googleapis.com static.cloudflareinsights.com static.ctctcdn.com www.google.com www.gstatic.com;   script-src 'self' ddaudio.com connect.facebook.net static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com cdnjs.cloudflare.com;   style-src-elem 'self' 'unsafe-inline' ddaudio.com p.typekit.net static.ctctcdn.com use.typekit.net fonts.googleapis.com;   style-src 'self' 'unsafe-inline' ddaudio.com googleads.g.doubleclick.net static.ctctcdn.com www.google.com www.gstatic.com maps.googleapis.com static.cloudflareinsights.com p.typekit.net use.typekit.net;   object-src 'none';   report-uri https://ddaudio.report-uri.com/r/d/csp/wizard 1
default-src                                         'self'                                         'unsafe-inline'                                         https://www.google-analytics.com                                         https://www.googletagmanager.com                                         https://connect.facebook.net;                                     img-src                                         'self'                                         data:;                                     font-src                                         'self'                                         data:; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.zendesk.com *.zdassets.com *.zopim.com connect.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com www.facebook.com checkout.tabby.ai testourcode.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.facebook.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.zdassets.com *.samma3a.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.googletagmanager.com *.facebook.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.doubleclick.net *.youtube.com *.artfut.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.samma3a.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.doubleclick.net *.artfut.com *.youtube.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sLZ-OvRIolsOlVjkry75jQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Wkj9yO7bQ53odeYfOuIQ8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' https://carross-eu.matomo.cloud https://www.facebook.com/tr/ https://*.google-analytics.com/*/; font-src 'self'; form-action 'self' https://paiement.systempay.fr/vads-payment/ https://www.facebook.com/tr/ https://*.ads.linkedin.com; frame-src https://www.youtube-nocookie.com; img-src 'self' data: https://cdn.matomo.cloud/carross-eu.matomo.cloud/ https://img.youtube.com https://i.ytimg.com https://ressources.carross.eu https://ressources.carross.local https://www.google-analytics.com https://11599994.fls.doubleclick.net https://ad.doubleclick.net https://www.facebook.com/tr/ https://*.ads.linkedin.com https://www.linkedin.com/px; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.matomo.cloud/carross-eu.matomo.cloud/matomo.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googletagmanager.com/gtag/js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/3051721451810486 https://snap.licdn.com/li.lms-analytics/insight.min.js; style-src 'report-sample' 'self' 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors https://carross-eu.matomo.cloud; base-uri 'self';  report-uri /csp-parser 1
object-src 'none';base-uri 'self';script-src 'nonce-pjUZDlmQewZtYidgZBgpJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com cdn.livehelpnow.net static.klaviyo.com eadn-wc04-195113.nxedge.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net developer.livehelpnow.net eadn-wc04-195113.nxedge.io www.facebook.com cdn.mouseflow.com google.com www.livehelpnow.net q.clarity.ms c.clarity.ms c.bing.com bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com cdn.mouseflow.com developer.livehelpnow.net cdn.livehelpnow.net eadn-wc04-195113.nxedge.io connect.facebook.net q.clarity.ms clarity.ms bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com webchat.dotdigital.com webchat.staging.dotdigital.com developer.livehelpnow.net eadn-wc04-195113.nxedge.io static-tracking.klaviyo.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com developer.livehelpnow.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com developer.livehelpnow.net stats.g.doubleclick.net wss://app.livehelpnow.net us01.rec.mouseflow.com eadn-wc04-195113.nxedge.io q.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri eadn-wc04-195113.nxedge.io 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.co https://*.google-analytics.com https://www.googleadservices.com https://adservice.google.com https://www.facebook.com https://*.google-analytics.com; frame-ancestors 'none'; font-src 'self' data: 'unsafe-inline' https://fcdn.thg-corporate.com/; frame-src 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com https://*.vimeocdn.com https://*.facebook.com; img-src 'self' https://cdn.cookielaw.org https://fcdn.thg-corporate.com/ https://*.googletagmanager.com https://*.google-analytics.com https://www.facebook.com; child-src 'self'; script-src 'self' 'strict-dynamic' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fcdn.thg-corporate.com/; object-src 'none'; script-src-elem https://cdn.cookielaw.org https://cookie-cdn.cookiepro.co https://*.google.com https://www.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net; worker-src 'none'; media-src 'self' https://fcdn.thg-corporate.com/ https://*.gstatic.com; report-uri https://csp.thehut.net/cspReport.txt 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-C4ijWnVOmyaOzs5uUBMDiQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-DAZyRN4bQVxhCBWMW6Rv2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.twitter.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.multisafepay.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.multisafepay.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://images.unsplash.com *.gstatic.com magefan.com cm.magefan.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.net *.hsforms.com https://www.mollie.com www.xtento.com cdn.xtento.com https://img.youtube.com https://api.mapbox.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.jsdelivr.net *.hsforms.net *.hsforms.com js.mollie.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com autocomplete2.postdirekt.de *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-RW1PsB5byHTqvHlpPUPPDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://*.matomo.cloud https://*.cookiebot.com https://*.cookiebot.eu https://*.readspeaker.com https://*.jsdelivr.net https://*.cookiebot.com https://*.youtube.com https://*.cloudflare.com https://*.googletagmanager.com 'nonce-YXZmaWVrdWlkYWhrd2t1cGlqcXlzZ2lnYXB4c3Z6dHhucml3' 'nonce-cmRhb3d3dWpvYm50cHh2cWdldnV3enhibmltc21menNycmN5' 'nonce-Z2JscnZpZ3d3Zmh1dW5laXloeWZwY3J4dXF3aGJ6Z3h6ZWVk' 'nonce-andqYXpsaWxva3l5dWh1Y3p1b2VrbGZybXlhcmx5d3RtY25s' 'nonce-dnFjbWJjY2tmaXB5aXNxdnhla2NkZHpsb2hpaWJjbGNyaWF2' 'nonce-dmJzeGxlY3ljcmNseWRid2ZyY2duanR2cmR5b2F6eWpmaXh5' 'nonce-a25odXhsbWxwZXF4YWFmY3Z6cmJ1Z2ZndnlieWRnZWl1ZXl4'; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://*.typekit.net https://*.cookiebot.com; img-src 'self' https://*.cookiebot.com data:; connect-src 'self' https://*.algolia.net https://*.algolia.io https://*.cookiebot.com https://*.cookiebot.eu https://*.matomo.cloud https://*.typekit.net https://*.readspeaker.com https://*.typekit.net https://*.analytics.google.com; font-src 'self' data: https://*.typekit.net; object-src 'none'; media-src 'self' https://*.mariamiddelares.be; frame-src 'self' https://*.cookiebot.com; form-action 'self'; frame-ancestors https://*.mariamiddelares.be https://*.mijnziekenhuis.be; base-uri 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-c3ENW8tsQl8mo5t3O9AHTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' lifepointhealth.okta.com www.lifepointone.net *.oktacdn.com; connect-src 'self' lifepointhealth.okta.com lifepointhealth-admin.okta.com www.lifepointone.net *.oktacdn.com *.mixpanel.com *.mapbox.com lifepointhealth.kerberos.okta.com lifepointhealth.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'nonce-a7FhdBAbCI0IHpgg2Vw43A' 'self' 'report-sample' lifepointhealth.okta.com www.lifepointone.net *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' lifepointhealth.okta.com www.lifepointone.net *.oktacdn.com; frame-src 'self' lifepointhealth.okta.com lifepointhealth-admin.okta.com www.lifepointone.net login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' lifepointhealth.okta.com www.lifepointone.net *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' lifepointhealth.okta.com www.lifepointone.net data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://jsappcdn.hikeorders.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.addtoany.com static.addtoany.com https://jsappcdn.hikeorders.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.affirm.com *.affirm.ca *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.lanailsupplies.com *.adobedtm.com static.addtoany.com www.google.co.in https://jsappcdn.hikeorders.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.affirm.com *.affirm.ca *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.addtoany.com *.dwin1.com *.adobedtm.com graph.facebook.com *.clarity.ms *.facebook.com *.facebook.net https://www.googletagmanager.com tagmanager.google.com https://jsappcdn.hikeorders.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.fontawesome.com https://jsappcdn.hikeorders.com https://static.klaviyo.com https://fonts.bunny.net *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.clarity.ms *.g.doubleclick.net https://www.google-analytics.com https://a11yenablerapi.hikeorders.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://jsappcdn.hikeorders.com https://a11yenablerapi.hikeorders.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; font-src 'self' *.cloudflare.com *.gstatic.com *.isecurenet.in; frame-src 'self' *.google.com; img-src 'self' *.isecurenet.in; script-src-elem 'self' *.isecurenet.in; style-src-attr 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.isecurenet.in; report-uri https://csp.isecurenet.in/_csp 1
object-src 'none';base-uri 'self';script-src 'nonce-Pw3ov1-CrWP9LlDsl_eDTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' *.clarity.ms *.cloudflareinsights.com *.doubleclick.net facebook.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.node-ya-9.jivosite.com *.code.jivosite.com *.linkedin.com popups.rdstation.com.br pageview-notify.rdstation.com.br tripla.com.br *.tripla.com.br px.ads.linkedin.com blog.tripla.com.br *.jivosite.com wss://*.jivosite.com www.google.com forms.rdstation.com.br stats.wp.com; default-src 'self'; font-src 'self' fonts.gstatic.com; form-action 'self' https://www.facebook.com; frame-src 'self' www.youtube.com www.googletagmanager.com https://www.google.com/ https://www.facebook.com; frame-ancestors 'self'; img-src 'self' clarity.ms *.clarity.ms cloudflare.com *.cloudflare.com dk9suync0k2va.cloudfront.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net *.google.com linkedin.com *.linkedin.com licdn.com *.licdn.com googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com tripla.com.br *.tripla.com.br wp.com *.wp.com; media-src 'self' code.jivosite.com; object-src 'none'; script-src 'self' *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.rdstation.com.br *.tripla.com.br ads.linkedin.com *.licdn.com *.jivosite.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.br *.googleadservices.com *.doubleclick.net *.facebook.net d335luupugsy2.cloudfront.net 'sha256-Q+8tPsjVtiDsjF/Cv8FMOpg2Yg91oKFKDAJat1PPb2g=' 'sha256-MbnxFvfPXtoyJ6TmTOZtw8+BNCBkpSQuQLp4JW4/f8I=' 'sha256-T3f9Uliete12zEa8XDgxDDtrw9RYUv4eX+JQV6beEPA=' 'sha256-mr6PsNupuONRxriMhhc3WIsCdIZ6TYcnR41Y3R91af0=' 'sha256-IhfYOsRGSBCZJ2unPSgMvFZL0nXbKjHzensxPMHFXyQ=' 'sha256-z6Ly89UBA7tRk0IJ8ugaVSzTOT5XlMKVjS0pUVVKFow=' 'sha256-y2tq2fwy+0Bl+r6MpWra6/FqcjKLVICA5hNyyYKp4O4=' 'sha256-b9qVlhYCkCN2ZP1ytWyP1tqEOTf+JatHCpjmevwrEXQ=' 'sha256-B5ZH0PEsU+IaMmex+0jD5Gi/e+3KCjA8to/4JzHueHM=' 'sha256-jj4mIUc8su+MSfIFtlkaPL5Tm6Y+HScixElPQ6UNqr4=' 'sha256-nA8T0KaS/VnUj3R1Q5h6IngAgsK44IxyTpJgA+he93U=' 'sha256-SGSUwDwaw+kzG4mNqJWpux1LlYz/N5wWCCuGP2VvzC8=' 'sha256-HfoXfF8DGzR7GLM2uhFdF3EpgVOqHjsf7Vx1y6DNKgI=' 'sha256-iokH+scqqegp6FaDOOrmp5yntZWoovp98/KRN2VAYbM=' 'sha256-h7rPlgOFGTvTd3ROslASvQ7WzNkRc5SW+CikV0Q0V10=' 'sha256-3QLoG1QSbzRTfQIMi7+wo8D/b5gZiHymhh5foKjHvCQ=' 'sha256-YoiTZbP35ftJSuqcXHIQKR0GkOgvwuSrIESq73qEh+4=' 'sha256-ptHnIRwsfFzWLwXO6JXle0f5K5J31gtbynSO9YHheB4=' 'sha256-wdIzHDkTzTjgIC3owakeHjy0YCwT7NZIziuydxYYVYU=' 'sha256-lxVKFS5+nk7XoFFtrOB0JhzpIkezhTz8pvDq2i9TuAE=' 'sha256-EEs7G2kZEtxNywuj7+MmQQDJMlsaodJoOS9Esp7v6y0=' 'sha256-BTLb1RF3GxGCMCvqDp4NDswt33LunbUjXVbN20qe8nY=' 'sha256-PtXao8r80QNfMMDtQp2nJHmN1b9pSzJElXmwEB/zmac=' 'sha256-42T+Svbw3Jzn4aERNaZPN6FfvZBd2egVWohEn8MV+JQ=' 'sha256-6KC2TuTwA4FB8jPjrGBMWkwmxeNML32Bz8RDtse4NLk=' 'sha256-03A5QrWYz0UzPgiXGrssIEM3Ni6WuD4Tp86WhkBDv7s=' 'sha256-xcTzwnt4z1ah38HEYzYMGbDeiJhIz77LoXkehoazKzo=' 'sha256-Ar7nISVYGiNLiFgmSItkqvMImPDdw54blgmj3Cq46gw=' 'sha256-84sNs3MYR1aKQfBTWsQ6MJM8s8VEoSu6E4To1ap5Z6E=' 'sha256-ukmngjYqEu+CYXVQv5+fmtmS4tGUD1amIqwj+5TO9Bg=' 'sha256-elgGfaUwkIVQb96uzG0D4gJvCmAOoVfhvk9nTiXcd9s=' 'sha256-ukGpjm7+nJhfEaYiq1Awba5itFaphDmrcXP3FQ8C000=' 'sha256-V0+m0s49RPa9+3WnsuRjtmgmk915V4goMObBCT0aYRI=' 'sha256-bNiQONDmEWPeu1VA8NoTGln3etFWR5EAEcvE/yK2Yvw=' 'sha256-+sydaweHXMykau4M/Z73lQv7ubFaYBOWryiH3q9nHL0=' 'sha256-dEqBelWbTDITqFrQjWf5ovhGJZawODnD8wrgfwiSQzk=' 'sha256-YGVB2xQZ7GMI0qdHDfBBcQJTiUvpEuVSJi+3RVf1vcw=' 'sha256-e/ZEV/PTIcE84G41vBuGWRL83Dg3rEDrjo+EX4HgOT4=' 'sha256-Cy8UK1xi2R7feOYbcWnCCQ/fWqWOMzZFKHtLxYszPcA=' 'sha256-hraNq2ZdtGqHLMIxrgOLuMn8EXLDj2+MVvKjIVNwCVg=' 'sha256-gMzN00T3PB2I6thwKFQ6pQxQXrVBof5cjiAvnyxXhbQ=' 'sha256-tknywueIJZTPt4yol4yVIYNAEcser+AkRdInnrm2ULM=' 'sha256-kCMX/t8hNk44fYfxRYI/HiK6C/iLX9nliDfNPYr4joQ=' 'sha256-wVA/nuI22m18Fp49eAm4Y9T0jdKW5jSAdjTIWXJarkM=' 'sha256-0kIcS026P/idEN7bFSjKxJafvIEC3Z5sSFdddwmjgBw=' 'sha256-PQmmhBnZTSrdiAsQXxp9XZIF3lHh98jx1BqE8vQmA9M=' 'sha256-PuSmJmNbNqEKw2zWNONIkffaeVLUYCdYs6Unxb7YUbA=' 'sha256-U/6lRpNQROPB6gqY1+5EvrGPnJnTCfyqhWelWHFmQZE=' 'sha256-6TLRfiFXYYIUD/2nNNiKA6S8d5wKT5S/nhi2krYFvyk=' 'sha256-XLDCMF/43O4B/d9RxPvdKX1OX9EDDXp5AnhwUMR19k4=' 'sha256-e1UgoedDkMEEBoCZNQ9W+6nWF6FcMbpSv3eDh68p0uI=' 'sha256-5A2+4x28MXUAYzIlpJfYb9GwbuTyaySx0tV5G6ZMfJ8=' 'sha256-k95uB4c4kXZ/in2UJqfGmyYnnbhJni5aA4ijT+1qq9A=' 'sha256-1CRmP5reAGOwDVPMSQCgxxZ0wQaw/DrdXml9rbAM+0I=' 'sha256-TPPlS7P3vCBBvu6WUyoEIMUuBvU3zrDvRBrnOSlZFoI=' 'sha256-EfXc3iI8Tyd2FVwogMtAj3YaRA3oZjcfj1BNO+4V9ec=' 'sha256-Tkd6yDRBMbJIxnmLOwJOJW/i+voX/l5GhGNhczR+Rc0=' ajax.googleapis.com 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-d+hhKfolDtBSIGy5wMSHpsMpdSMwC11HPECGVbtB81E=' 'sha256-Z3B6LtqouwYZ4wxSQIBYMfhxA0uV5d8/5Fr1lx1x9m0=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-ZDOfi9U/W4uGaOVuot24VmbdNh69qBVOfQJn/4rHuoo=' 'sha256-0qtCnM0nwfCgMF+uH5dODJ4M2+2n4+ytLRKx6YKpHWw=' 'sha256-fD+avu44R+GDn/W8C1PtHBx5vS0VAckmSHeMOxB8jYY=' 'sha256-c5XR+X5gA6vac49A0QvP/cSTKnZj5S6eY28aCq0KVFY=' 'sha256-OkUn0XOQn6G8OxXg2eG4gIIWd/H0WL0keW6Xq7UTuow=' 'sha256-PFtO0eV/i6NEbdFR12GRqWO3pEHzURqzrtTSusoWN+M=' 'sha256-3Q7Fer8VTVLBYfrpLbYBTwQkF9lmBnkJeuVShwQexS4=' 'sha256-v+Mk1ckWTVkCD8QeHiTNzWHUSJaX2EsG7O7hYAUcflk=' 'sha256-Fhk8k4BWats0nbntDQ4hMRrB10KrwJvW7H6xFyIhRyc=' 'sha256-nU8SdC1dlNwWIM4EDZaQwbT5KLmnMIuFP+X1ouvGsic=' 'sha256-xrPn+BNF9EIQZEiVnlKWb0zR2V9tyh2INKGfgLQHrGQ=' 'sha256-eMLp8clSpb41vv5Ir648QQ+QsDPTclF0ZJ62nZr9y9U=' 'sha256-xBMKUV3e/kusvfHM3b3j5DyeuugKZNy0j65f7KMAxTU=' 'sha256-qwkLE1TTxkeysAz5AIQsxAGlh4gnptCzmwm3KDV6Zhs=' 'sha256-JYbP6/STev2n9TD9cVAQeqrTq0kcndoV2bzuUXjgnEw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-EqHLBlprae6Qjrn2RpGa6Fx/BPZL1XmgatigOwKeiwE=' 'sha256-bfVrLH2fhRq9wycbqLdbLSR8jYFQBYtgY2FhzooViT4=' 'sha256-3rf49bjmRscSxbt7+wMIXXfWJaGfZFXbiVHsOJRn7lM=' 'sha256-yljSQUaWMWCEBkW1EkqH7vk4FH0Tm8HlrkmXWjLUyiE=' 'sha256-gMO35AplyONMbaMZJ9eMp34TpOUlFNcpL1wA01G9J/k='; style-src 'self' fonts.googleapis.com 'unsafe-inline' code.jivosite.com cdnjs.cloudflare.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=.uGrn8qaJStOVgIckDsLOA3ksSb0Ya2YTsh8FFbu6WA-1773720622-1.0.1.1-rDT33GkWjt1WYjQU_DUdx1sIIG1ny6Ze4kcSlyBRjFWh_tyN8bztG_nH.w5loN3mPA_SYQcVKfhJ05cV.rRiP_0C3fnG.LKUUeFd4jq7LjTKnKEJCnbfFOyAgm6Qp2BKAErHj5jfboYtr5oPk4qImZkARArLXumUKfhmKGHJsBTPO081gMql6nAEzG_.PrTCxQIShoqDawqonm1p8Y864A; report-to cf-wckcakctrvbqekqr 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cafdonate.cafonline.org assets.calendly.com *.googletagmanager.com *.google-analytics.com https://unpkg.com/htmx.org@1.7.0/dist/htmx.js https://unpkg.com/htmx.org@1.7.0/dist/htmx.min.js cdnjs.cloudflare.com/ajax/libs/gsap/3.10.2/gsap.min.js https://cdnjs.cloudflare.com/ https://www.eventbrite.co.uk/static/widgets/eb_widgets.js cdn.datatables.net; style-src 'self' 'unsafe-inline'; frame-src 'nonce-cWRrcGJycmplbmVuZWpnZ3Zsa2l0ZmZnZHpyeHVyc3drc3ps' *.youtube.com *.calendly.com *.cafonline.org *.eventbrite.co.uk; 1
script-src 'self' 'strict-dynamic' 'nonce-kvOTFkPnOMmA6svR/4mggw=='; report-uri https://creal.jp/csp_report; report-to default; 1
object-src 'none';base-uri 'self';script-src 'nonce--2SMe07yQ5iwHtkqPc8HIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src 'self' *.airwaysim.com *.airlinemanagementsim.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.airwaysim.com *.airlinemanagementsim.com fd.cleantalk.org js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com static.client.cardinaltrusted.com *.cdn-apple.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com *.doubleclick.net; style-src 'self' data: blob: 'unsafe-inline' *.airwaysim.com *.airlinemanagementsim.com assets.braintreegateway.com cdnjs.cloudflare.com fonts.googleapis.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' data: https: stats.airwaysim.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com pay.google.com *.cardinalcommerce.com *.cardinaltrusted.com www.google.com google.com www.gstatic.com www.facebook.com; frame-src 'self' https: assets.braintreegateway.com *.paypal.com www.google.com recaptcha.google.com www.facebook.com; form-action 'self' https:; img-src * data: blob:; object-src 'none'; report-uri /errors/cspreport 1
default-src 'self';  script-src   'self'   'unsafe-inline'   https://ajax.googleapis.com   https://www.googletagmanager.com   https://www.google-analytics.com   https://static.hotjar.com   https://script.hotjar.com   https://static.hj.contentsquare.net   https://t.contentsquare.net   https://connect.facebook.net   https://www.google.com   https://apis.google.com   https://www.gstatic.com   https://accounts.google.com   https://googleads.g.doubleclick.net   https://static.site24x7rum.com   https://cdn.jsdelivr.net   https://cdn2.easycredito.com.br;  style-src   'self'   'unsafe-inline'   https://cdn.jsdelivr.net   https://cdn2.easycredito.com.br;  img-src   'self'   https:   data:   blob:   https://www.google.com   https://www.gstatic.com   https://www.facebook.com;  connect-src   'self'   https:   https://www.google-analytics.com   https://www.google.com   https://stats.g.doubleclick.net   https://googleads.g.doubleclick.net   wss://ws.hotjar.com;  font-src   'self'   https:   https://www.gstatic.com;  frame-src   'self'   https:   https://accounts.google.com   https://www.google.com;  object-src 'none'; base-uri 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://phs.my.onetrust.eu https://www.googletagmanager.com https://*.porsche-holding.com https://maps.googleapis.com https://*.clarity.ms https://google-analytics.com; img-src 'self' 'unsafe-inline' data: blob: https://phs.my.onetrust.eu https://*.porsche-holding.com https://maps.googleapis.com https://*.nwi-ms.com https://www.googletagmanager.com https://*.porscheinformatik.cloud https://*.gstatic.com https://*.porscheinformatik.com https://*.google.com https://*.cloudfront.net https://*.clarity.ms; connect-src 'self' 'unsafe-inline' https://localhost:8180 https://*.carlog.com https://phs.my.onetrust.eu https://*.porsche-holding.com https://maps.googleapis.com https://*.porscheinformatik.cloud https://*.clarity.ms https://*.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' https://www.googletagmanager.com; report-uri /api/api-public/csp-report/report-uri; report-to csp-violation-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.google.com *.google.co.uk 'self' data: *.yotpo.com https://enchantwidgets-1358.kxcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com *.instagram.com *.braintreegateway.com *.google.com *.googleapis.com *.paypalobjects.com *.yotpo.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com account.fetchify.com *.cookiebot.com *.paypalobjects.com *.googleapis.com *.hotjar.com 'self' data: *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ www.facebook.com platform.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com *.rosemaryandco.com https://rosemaryandco.com *.cloudfront.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.in *.paypalobjects.com *.googletagmanager.com *.twitter.com *.facebook.com *.instagram.com *.sandbox.paypal.com *.googleapis.com *.newrelic.com *.adobedtm.com *.cookiebot.com https://imgsct.cookiebot.com https://www.google.co.uk 'self' data: *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cookiebot.com *.cloudfront.net *.braintreegateway.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.cardinalcommerce.com *.hotjar.com *.googletagservices.com *.googlesyndication.com *.paypal.com *.paypalobjects.com *.vimeo.com *.twitter.com *.facebook.com *.instagram.com *.cloudflareinsights.com *.cloudflare.com *.sandbox.paypal.com *.googleapis.com https://platform.enchant.com https://enchantwidgets-1358.kxcdn.com *.yotpo.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.google.com/ connect.facebook.net twitter.com platform.twitter.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.braintreegateway.com *.google.com *.google.co.uk *.sandbox.paypal.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.yotpo.com assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.paypal.com *.braintreegateway.com *.google.com *.googleapis.com *.gstatic.com *.paypalobjects.com *.yotpo.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.cloudflare.com *.cookiebot.com *.cardinalcommerce.com *.braintree-api.com *.twitter.com *.facebook.com *.instagram.com *.braintreegateway.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.google-analytics.com *.googleapis.com *.sandbox.paypal.com 'self' data: wss://ws.hotjar.com *.yotpo.com *.doubleclick.net *.demdex.net *.omtrdc.net *.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.rosemaryandco.com/; report-to report-endpoint; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://bot.io.gravyty.com; object-src 'none'; script-src 'self' 'report-sample' https://bot.io.gravyty.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src  'none'; connect-src 'self' *.xempire.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.xempire.com join.gammasecure.com; script-src 'self' *.xempire.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.xempire.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=16482&v=v1.0&payload=AAXF38vOSaaXGWoOrrKDU0TO8Z67w7B6wvdPMDuGYA_WR58i-Jpt2vKYunvjCKg1oYInp03amb7E45owz9kyeFWzqcpnfXZnrAK-NaAYDbmlY4hAPGxZCRkaXcSsMi9nrXY9xXR1_Vu8F_oiTdCfIixGHh2aSPZxQf-lWjtqzmMzt8JA_Ol91LysTgN-ORDZYJlHEkeIDFhVA947RNyMeQ==; 1
script-src 'self' 'unsafe-inline' https://cdn.weglot.com https://static.b-ite.com https://cs-assets.b-ite.com https://chat-app.neurabot.neuraflow.de https://prod-chat-app.neurabot.neuraflow.de/ cdn.jsdelivr.net cdn1.readspeaker.com code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com www.etracker.de; script-src-elem 'self' 'unsafe-inline' https://cdn.weglot.com https://static.b-ite.com https://cs-assets.b-ite.com https://chat-app.neurabot.neuraflow.de https://prod-chat-app.neurabot.neuraflow.de/ cdn.jsdelivr.net cdn1.readspeaker.com code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' https://cdn.weglot.com https://cs-assets.b-ite.com https://chat-app.neurabot.neuraflow.de https://prod-chat-app.neurabot.neuraflow.de/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com cdn1.readspeaker.com; style-src-elem 'self' 'unsafe-inline' https://cdn.weglot.com https://cs-assets.b-ite.com https://chat-app.neurabot.neuraflow.de https://prod-chat-app.neurabot.neuraflow.de/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com cdn1.readspeaker.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://*.fundingchoicesmessages.google.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://unpkg.com https://*.privacy-center.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https: http:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.fundingchoicesmessages.google.com wss://*.uakor.com https://uakor.com https://api.uakor.com; frame-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://*.fundingchoicesmessages.google.com https://www.youtube.com https://player.vimeo.com https://ep2.adtrafficquality.google; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; worker-src 'self' blob:; media-src 'self' blob: data:; manifest-src 'self' 1
font-src https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com fonts.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: https://code.tidio.co/widget-v4/fonts/ https://fonts.axept.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://cloudfront.s-a-g.fr/ https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.googletagmanager.com/ https://www.societe-des-avis-garantis.fr/wp-content/plugins/ag-core/widgets/iframe/2/h/ https://r.adserver01.de/r/797151516356679.html https://td.doubleclick.net https://lrf.configurateur.fybolia.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://ad3.adserver01.de/www/delivery/fc.php https://action.metaffiliation.com http://www.googleadservices.com http://www.google-analytics.com http://www.google.com https://ad3.adserver01.de https://v2assets.zopim.io https://axeptio.imgix.net https://cloudfront.s-a-g.fr/static/product-widget/img/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cloudfront.s-a-g.fr/ *.google.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://lqb.leroidelafenetre.fr https://static.axept.io https://static.zdassets.com https://profiling.socialperf.com https://r.adserver01.de https://tag.beyable.com https://tag.beyable.com/api/beYableJSv2.js https://soc.socialperf.com/profiling/perform.php https://front.activation.beyable.com/api/v2/displays https://assets.adobedtm.com https://www.googleadservices.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://analytics.google.com https://www.googletagmanager.com http://www.googleadservices.com http://www.googletagmanager.com https://www.google.com https://soc.socialperf.com https://code.tidio.co https://widget-v4.tidiochat.com https://embed.tawk.to https://lrf.configurateur.fybolia.com https://halc.iadvize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com http://www.googleapis.com https://cloudfront.s-a-g.fr/static/product-widget/css/ https://fonts.axept.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://static.zdassets.com https://widget-v4.tidiochat.com https://code.tidio.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.axept.io https://leroidelafenetre.zendesk.com https://lqb.leroidelafenetre.fr https://region1.analytics.google.com https://widget-mediator.zopim.com https://www.google.com https://ekr.zdassets.com https://googleads.g.doubleclick.net https://client.axept.io https://widget-mediator.zopim.com/s/W/ws/W05234pNQ9BT-RBK/c/1712579529421 https://widget-mediator.zopim.com/s/W/ws/FSus75S4Yg5FU2AJ/c/1712579533925 https://www.google-analytics.com https://www.googleadservices.com https://analytics.google.com https://www.googletagmanager.com http://www.googletagmanager.com http://www.google-analytics.com http://www.googleadservices.com wss://widget-mediator.zopim.com wss://socket.tidio.co https://va.tawk.to https://cloudfront.s-a-g.fr/dynamic/10007/productWidget/ https://lrf.configurateur.fybolia.com https://halc.iadvize.com https://api.iadvize.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://lrf.configurateur.fybolia.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://lrf.configurateur.fybolia.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://leroidelafenetre-fr.report.centralcsp.com/; report-to report-endpoint; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: www.gstatic.com https://challenges.cloudflare.com 'nonce-sKV0T3UTAx/qdYpZDDaqLA=='; style-src 'self' https:; report-uri https://craftcourses.report-uri.com/r/d/csp/enforce 1
object-src 'none';base-uri 'self';script-src 'nonce-dYdxsfiaNWKnVINhwSPk-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; report-to https://vimeo.com; report-uri https://vimeo.com; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-l0tEyf0UAo83VeDWpkXjw_hyNq6Dp-mF'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; img-src https://widgets.payflex.co.za/ widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.magezon.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; 1
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu sibautomation.com *.brevo.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com polyfill.mstage.dev *.usersnap.com www.google.com www.googleadservices.com googleads.g.doubleclick.net cdn.usersnap.com api.usersnap.com *.facebook.net *.codico.com *.broadband.se payda.krakow.pl content.payda.krakow.pl; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu cdn.jsdelivr.net fonts.googleapis.com *.bootstrapcdn.com *.typekit.net *.codico.com *.broadband.se payda.krakow.pl content.payda.krakow.pl googleads.g.doubleclick.net; font-src webcachex-eu.datareporter.eu *.fontawesome.com fonts.gstatic.com data: online.swagger.io *.codico.ecx *.codico.test *.codico.localhost *.stage-m-codico.ecxdev.io *.codico.com *.typekit.net https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com *.facebook.com *.usercentrics.eu https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com img.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.openstreetmap.org online.swagger.io validator.swagger.io cdn.usersnap.com cdn.jsdelivr.net www.facebook.com www.google.at magefan.com cm.magefan.com *.codico.ecx *.codico.test *.codico.localhost codico-typo3.typo3.test *.typo3.test *.stage-m-codico.ecxdev.io stage-m-codico.ecxdev.io content.stage-m-codico.ecxdev.io *.ecxdev.io *.prod-m-codico.ecxdev.io prod-m-codico.ecxdev.io content.prod-m-codico.ecxdev.io *.codico.com *.usercentrics.eu px.ads.linkedin.com bat.bing.com *.typekit.net *.broadband.se payda.krakow.pl content.payda.krakow.pl https://static.unzer.com *.online-metrix.net https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.datareporter.eu *.fontawesome.com polyfill.io polyfill.mstage.dev *.usersnap.com *.google.com *.gstatic.com *.payments-amazon.com *.codico.ecx *.codico.test *.codico.localhost *.stage-m-codico.ecxdev.io *.codico.com *.facebook.net https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.datareporter.eu *.fontawesome.com fonts.googleapis.com *.codico.ecx *.codico.test *.codico.localhost *.stage-m-codico.ecxdev.io *.codico.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io *.datareporter.eu *.amazon.com *.brevo.com *.google.com forms.hsforms.com *.paypal.com api.usersnap.com *.google-analytics.com googleads.g.doubleclick.net *.usercentrics.eu *.clarity.ms px.ads.linkedin.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.codico.com *.broadband.se payda.krakow.pl content.payda.krakow.pl 'self' 'unsafe-inline'; report-uri https://8a0f8218-cbf9-4e83-9819-6746d03b8225.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-vjrEZiqqKZdPtGvoPsZPjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.gstatic.com data: *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com scontent.* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ display.ugc.bazaarvoice.com *.fontawesome.com assets.braintreegateway.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://25839c8b-6d91-4819-9e40-a90276f15ff7.sansec.watch/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src 'self' *.gds-services.com 1
object-src 'none'; script-src 'nonce-abjL1iN9XJVf1i-_PwtKnAAAAiQ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self'; report-uri https://www.koaspeer.com/csp_process.php; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com d1b5rpvosb5ex9.cloudfront.net da4ehj3jkwbbp.cloudfront.net *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://sis-t.redsys.es:25443 https://sis.redsys.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com d1b5rpvosb5ex9.cloudfront.net da4ehj3jkwbbp.cloudfront.net lupa.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.cookiebot.com d1b5rpvosb5ex9.cloudfront.net da4ehj3jkwbbp.cloudfront.net *.avada.io *.shopify.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com d1b5rpvosb5ex9.cloudfront.net da4ehj3jkwbbp.cloudfront.net *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.cookiebot.com d1b5rpvosb5ex9.cloudfront.net da4ehj3jkwbbp.cloudfront.net *.lupa.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
media-src *; style-src 'unsafe-inline' *; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-w67H+KS6QIymFpnCKiuf+w=='; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; default-src 'none'; base-uri 'none'; img-src blob: data: *; frame-ancestors 'none'; worker-src 'none'; object-src 'none' 1
base-uri 'self' pay.google.com; default-src 'self'; font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com use.typekit.net *.bootstrapcdn.com cdn.userway.org static.rakuten.com; manifest-src 'self'; frame-src 'self' www.google.com pay.google.com *.googletagmanager.com assets.braintreegateway.com www.facebook.com *.fls.doubleclick.net *.signifyd.com *.online-metrix.net cdn.userway.org www.affirm.com cj.dotomi.com www.emjcd.com; frame-ancestors 'self'; form-action 'self' keepcalling.com *.keepcalling.com www.facebook.com/tr/; media-src data:; img-src 'self' data: blob: www.google-analytics.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.online-metrix.net img.youtube.com privacy-policy.truste.com imgs.signifyd.com www.google.com www.gstatic.com fonts.gstatic.com *.googletagmanager.com cdn.userway.org cdn-assets.affirm.com www.facebook.com connect.facebook.net alb.reddit.com bat.bing.com contentkit.t-mobile.com static.rakuten.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.com *.google.co.ma *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; connect-src 'self' data: *.affirm.com cdnjs.cloudflare.com cloudflare-dns.com cdn.jsdelivr.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com analytics.google.com *.analytics.google.com www.merchant-center-analytics.goog google.com www.google.com pay.google.com *.googletagmanager.com www.paypal.com www.sandbox.paypal.com payments.braintree-api.com payments.sandbox.braintree-api.com *.signifyd.com *.t-mobile.com *.doubleclick.net www.facebook.com analytics.tiktok.com analytics-ipv6.tiktokw.us bat.bing.com prodregistryv2.org *.taboola.com pixel-config.reddit.com dx.steelhousemedia.com featureassets.org api.userway.org cdn.userway.org cdn77.api.userway.org api.mapbox.com events.mapbox.com www.assetsconfigcdn.org 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.com *.google.co.ma *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; style-src 'report-sample' 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com use.typekit.net p.typekit.net *.affirm.com *.bootstrapcdn.com cdn.userway.org contentkit.t-mobile.com www.gstatic.com; script-src 'nonce-785897252aaedecb3bd70318e26856fe' 'strict-dynamic' 'report-sample' 'self' 'unsafe-eval' blob: cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com firebase.google.com flatpickr.js.org getbootstrap.com jquery.com jqueryvalidation.org stackpath.bootstrapcdn.com www.gstatic.com *.googletagmanager.com doubleclick.net *.doubleclick.net pay.google.com *.signifyd.com *.online-metrix.net *.affirm.com analytics.tiktok.com dx.steelhousemedia.com *.mountain.com; report-uri https://keepcalling.com/csp_report; report-to csp-report; 1
default-src 'self' https:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-tfWAvXmrQtouYHn1/s4RbA=='; script-src-elem 'self' 'strict-dynamic' 'report-sample' 'nonce-tfWAvXmrQtouYHn1/s4RbA=='; connect-src 'self' https:; report-uri /csp-violation 1
font-src *.googleapis.com *.gstatic.com data: *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com https://player.vimeo.com https://www.youtube-nocookie.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com flagpedia.net *.mobbex.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.stape.io https://cdn.jsdelivr.net *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maps.googleapis.com *.mobbex.com https://player.vimeo.com https://www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.gstatic.com *.google.ie *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com maps.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.gstatic.com *.mobbex.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; script-src 'self' 'report-sample' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://use.fontawesome.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-wgTiaVIj5-vw3uaoR0Qpig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aYSiAVUQKkDauIUpNpxrKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.retailrocket.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://*.retailrocket.net; img-src 'self' https://*.retailrocket.net https://*.dmi.es https://*.testseek.com https://www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://*.retailrocket.net; frame-src https://www.google.com https://www.gstatic.com https://www.youtube.com; report-uri /csp-report/ 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cdninstagram.com *.smarthint.co challenges.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com *.twitter.com *.cdninstagram.com *.smarthint.co *.hotjar.io *.hotjar.com *.sunset.systems challenges.cloudflare.com mymetric.com.br jcdecor-server.ue.r.appspot.com 'self' https://bid.g.doubleclick.net https://www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.io *.pagaleve.com.br *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.sharethis.com *.pinterest.com *.cdninstagram.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.mercadolibre.com *.mercadolivre.com *.facebook.com *.googletagmanager.com *.arrowhitech.net *.mercadopago.com *.mercadopago.com.br *.yourviews.com.br *.yviews.com.br *.jcdecor.com.br *.google.com.br *.googleusercontent.com *.amazonaws.com *.smarthint.co *.doubleclick.net *.conectiva.io https://conectiva.io *.jivosite.com *.clarity.ms *.bing.com *.imgur.com *.widde.io challenges.cloudflare.com *.mercadolibre.com.br https://mercadopago.com.br *.mlstatic.com *.pagaleve.com.br *.pagseguro.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.vimeo.com *.paypal.com *.paypalobjects.com *.cdninstagram.com *.facebook.net *.google.com *.yourviews.com.br *.yviews.com.br *.hotjar.io *.hotjar.com *.google.com.br *.smarthint.co *.jivosite.com *.jquery.com *.cartstack.com.br *.conectiva.io https://conectiva.io *.doubleclick.net *.clarity.ms *.widde.io *.zdassets.com *.zopim.com challenges.cloudflare.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagaleve.com.br *.pagseguro.com.br https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cdninstagram.com *.yourviews.com.br *.yviews.com.br *.smarthint.co *.googletagmanager.com *.jivosite.com *.jquery.com challenges.cloudflare.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.jivosite.com *.widde.io challenges.cloudflare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.twitter.com *.twimg.com *.cdninstagram.com *.facebook.net *.mercadolibre.com *.yourviews.com.br *.doubleclick.net *.hotjar.io wss://ws14.hotjar.com/* *.hotjar.com *.facebook.com *.openpix.com.br *.performa.ai *.conectiva.io *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com https://conectiva.io *.jivosite.com wss://vi-ya-4.jivosite.com *.google.com *.cartstack.com.br *.clarity.ms *.smarthint.co *.googlesyndication.com https://x.clarity.ms/collect *.widde.io jcdecor-server.ue.r.appspot.com challenges.cloudflare.com mymetric.com.br api.ip2location.io https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri *.jcdecor.com.br/; report-to report-endpoint; 1
font-src cash-f.squarecdn.com *.fontawesome.com *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ * magento-cloudflare.jetrails.com *.klarna.com *.trustpilot.com *.hotjar.com https://*.google.com/recaptcha/ *.zendesk.com *.zdassets.com *.zopim.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com * *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com *.klarna.com *.klarnaevt.com *.googleadservices.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.se *.paypal.com *.paypalobjects.com https://www.facebook.com https://mcusercontent.com https://js.klevu.com https://*.mgr.consensu.org https://cdn.consentmanager.net https://cx.atdmt.com *.zendesk.com *.zdassets.com *.zopim.com https://bat.bing.com/ https://*.cookiefirst.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.fontawesome.com *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com *.google.com https://connect.facebook.net/ *.trustpilot.com *.klarnacdn.net https://js.klevu.com https://downloads.mailchimp.com *.hotjar.com *.hotjar.io *.gtm.adt313.net https://checkoutshopper-test.adyen.com https://*.mgr.consensu.org https://*.cloudflareinsights.com *.zendesk.com *.zdassets.com *.zopim.com https://bat.bing.com/ *.clarity.ms https://consent.cookiefirst.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.cash.app downloads.mailchimp.com *.fontawesome.com *.fonts.googleapis.com *.googleapis.com *.gstatic.com https://downloads.mailchimp.com https://js.klevu.com https://*.mgr.consensu.org *.zendesk.com *.zdassets.com *.zopim.com https://consent.cookiefirst.com/ unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com * *.klarnaevt.com *.paypal.com *.cardinalcommerce.com *.stripe.com *.klarna.com *.klarnacdn.net *.google-analytics.com *.addwish.com *.doubleclick.net *.facebook.com *.hotjar.com https://*.mgr.consensu.org *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.clarity.ms/ https://bat.bing.com/ https://*.cookiefirst.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-vMlG4FuB8hN4USxZf7y308nV' http://localhost:5173 https://cosmos.enedis.fr https://www.datadoghq-browser-agent.com;object-src 'self';style-src 'self' 'unsafe-inline' http://localhost:5173 https://fonts.googleapis.com https://cosmos.enedis.fr;img-src 'self' https://cosmos.enedis.fr;font-src 'self' https://fonts.gstatic.com https://cosmos.enedis.fr;connect-src 'self' http://192.168.222.102:8088 https://oasice.enedis.fr https://oasice.edf.fr https://distri-ingepilot.enedis.fr https://distri-ingepilot-sei.edf.fr https://e-travaux.enedis.fr https://cosmos.enedis.fr https://api.e-plans.fr;report-uri /Csp/Report 1
object-src 'none';base-uri 'self';script-src 'nonce--3kvuC5vIzwZeo8sLXZJGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri /csp-violations 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clients1.google.com https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.google.at https://www.google.de https://www.google.it https://www.google.cl https://www.google.com https://www.google.com.ar https://www.google.com.br https://www.google.com.mx https://www.google.com.bo https://www.google.com.uy https://www.google.co.cr https://www.google.es https://www.google.com.ec https://www.google.com.pa https://www.google.tt https://www.google.com.pe https://www.google.lt https://www.google.fr https://www.google.com.co https://www.google.ru https://www.google.co.ve https://www.google.com.cu https://www.google.cl https://www.google.com https://www.google.com.ar https://googleads.g.doubleclick.net https://www.doubleclick.net https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.googlevideo.com https://static.ads-twitter.com https://platform.twitter.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' blob: https://apis.google.com https://www.youtube.com https://clients1.google.com https://googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.com.ar https://googleads.g.doubleclick.net https://www.doubleclick.net https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.googlevideo.com https://static.ads-twitter.com https://platform.twitter.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://accion.coop https://www.accion.coop https://analytics.tiktok.com https://www.tiktok.com https://data1.argmeteo.com; style-src 'self' 'unsafe-inline' data: https://www.gstatic.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://translate.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: https://www.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://translate.googleapis.com https://accion.coop https://www.accion.coop; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://accion.coop https://www.accion.coop; img-src 'self' data: https: http://accion-test.1961.com.ar https://t.co https://analytics.twitter.com https://img.youtube.com blob:; media-src 'self' data: blob:; connect-src 'self' data: https://apis.google.com https://t.co https://analytics.twitter.com https://*.run.app https://*.conversionsapigateway.com https://www.google.com.gt https://www.google.at https://www.google.de https://www.google.com.my https://www.google.gr https://www.google.com.do https://www.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.it https://www.google.cl https://www.google.com.ar https://www.google.com.br https://www.google.com.mx https://www.google.com.bo https://www.google.com.uy https://www.google.co.cr https://www.google.es https://www.google.com.ec https://www.google.com.pa https://www.google.tt https://www.google.com.pe https://www.google.lt https://www.google.fr https://www.google.com.co https://www.google.ru https://www.google.co.ve https://www.google.com.cu https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://translate.googleapis.com https://www.youtube.com https://www.googlevideo.com https://cdn.jsdelivr.net https://plugin.aioseo.com https://yoast.com https://www.facebook.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://accion.coop https://www.accion.coop; frame-src 'self' blob: https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://myaccount.google.com https://accounts.google.com https://access.workspace.google.com https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://staticxx.facebook.com https://platform.twitter.com https://player.vimeo.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.google-analytics.com https://www.facebook.com; frame-ancestors 'self' https://accion.coop https://www.accion.coop; report-uri /wp-content/themes/accioncoop/csp-report.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.livechatinc.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.livechatinc.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.certcapture.com *.livechatinc.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com *.certcapture.com *.livechatinc.com *.webdamdb.com *.files-text.com *.espssl.com *.blockboardtech.com magefan.com cm.magefan.com *.listrakbi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.livechatinc.com 'unsafe-eval' *.digiaccess.org *.ywxi.net *.trustpilot.com *.hlx.page *.trustedsite.com *.kaptcha.com *.listrakbi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.livechatinc.com *.listrakbi.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com *.livechatinc.com *.digiaccess.org *.amazonaws.com *.kaptcha.com *.listrak.com *.listrakbi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' goldcoast.admin.opencities.com www.goldcoast.qld.gov.au;  1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.userway.org api.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com cdn.userway.org api.userway.org cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com cdn.userway.org api.userway.org player.vimeo.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.userway.org api.userway.org cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.userway.org api.userway.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com cdn.userway.org api.userway.org cdn.jsdelivr.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://use.typekit.net *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.svea.com https://*.vipps.no https://*.trustly.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.trustpilot.com www.paypalobjects.com google-analytics.com vimeo.com *.yotpo.com *.googleapis.com https://use.typekit.net/* *.cookiebot.com/ *.fontawesome.com htps://fonts.gstatic.com https://*.svea.com *.weltpixel.com *.swiipe.com *.paymentiq.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkoutapistage.svea.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io *.google.com cdn.valuesportal.com log.adtraction.fail https://www.unifaunonline.se https://*.tile.openstreetmap.org/ imgsct.cookiebot.com *.swiipe.com maps.gstatic.com *.disqus.com https://img.youtube.com https://meetanshi.com/media/logo.png flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.clarity.ms *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com/ *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io *.api.unifaun.com cdn.clerk.io api.clerk.io custom.clerk.io widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js v2.zopim.com *.gstatic.com chimpstatic.com static.zdassets.com bam.eu01.nr-data.net *.cookiebot.com/ addrevenue.io/ valuesportal.com cdn.adt393.com gtm.adt313.net pin.gymkompaniet.se cdn1.profitmetrics.io t.adii.se https://*.svea.com https://api.unifaun.com consent.cookiebot.com *.swiipe.com maps.googleapis.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkoutapistage.svea.com *.bing.com *.clarity.ms *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://cdn1.profitmetrics.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.googleapis.com *.yotpo.com https://use.typekit.net cdn.dnky.com https://p.typekit.net *.fontawesome.com *.swiipe.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.swiipe.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com my.profitmetrics.io gymkompaniet.zendesk.com https://ekr.zdassets.com widget-mediator.zopim.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://stats.g.doubleclick.net www.youtube.com bam.eu01.nr-data.net api.adtraction.net pin.gymkompaniet.se log.adtraction.fail consentcdn.cookiebot.com *.swiipe.com maps.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://kit.fontawesome.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://www.facebook.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ka-f.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com; img-src 'self' data: blob: https:; media-src 'self' blob: https:; worker-src 'self' blob:; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://www.facebook.com; form-action 'self' https://www.facebook.com; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IkdIrmHZo9eJkS_Jo1KVpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com widgets.sandbox.afterpay.com *.cash.app https://static.addtoany.com/ www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk designer.printlane.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.afterpay.com/ *.cash.app https://images.unsplash.com www.xtento.com cdn.xtento.com *.trackedlink.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com magefan.com cm.magefan.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua t.zip.co static.zipmoney.com.au static.zip.co soy.liquifire.com https://soy.liquifire.com printlane.com https://printlane.com blob: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app https://static.addtoany.com/ https://maps.googleapis.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk maps.googleapis.com *.hsforms.net *.hsforms.com *.gstatic.com designer.printlane.com static.zipmoney.com.au static.zip.co zip.co https://unpkg.com/swiper/swiper-bundle.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.cash.app cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com https://unpkg.com/swiper/swiper-bundle.min.css https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com https://stats.addtoany.com/menu https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://img.tanie-loty.com.pl https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://rezerwacje.tanie-loty.com.pl https://cloudflareinsights.com; frame-src 'self' https://rezerwacje.tanie-loty.com.pl 1
connect-src 'self' blob: *.yakimachief.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: maps.googleapis.com www.gstatic.com www.google.com *.cloudmaestro.com *.addthis.com z.moatads.com v1.addthisedge.com www.googletagmanager.com www-google-analytics.com edge.fullstory.com assets.shipperhq.com www.google-analytics.com assets.juicer.io freegeoip.app rs.fullstory.com www.datadoghq-browser-agent.com r1-t.trackedlink.net https://www.datadoghq-browser-agent.com *.analytics.google.com *.google-analytics.com s7.addthis.com *.yakimachief.com; report-uri /.webscale/csp-report 1
font-src *.easypack24.net https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.oct8ne.com https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.weltpixel.com *.iubenda.com *.multisafepay.com https://pay.google.com *.oct8ne.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://cdn.clerk.io *.easypack24.net *.inpost.pl *.inpost.com *.openstreetmap.org *.iubenda.com *.multisafepay.com *.oct8ne.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://api.clerk.io https://cdn.clerk.io *.inpost.pl *.inpost.it *.easypack24.net *.googleapis.com widget.freshworks.com m2epro.freshdesk.com upstream.heidipay.com sbx-upstream.heidipay.io *.iubenda.com *.multisafepay.com https://pay.google.com *.oct8ne.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://api.clerk.io https://cdn.clerk.io geowidget.easypack24.net widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.inpost.pl *.inpost.it *.googleapis.com *.easypack24.net maps.googleapis.com widget.freshworks.com m2epro.freshdesk.com upstream.heidipay.com sbx-upstream.heidipay.io *.iubenda.com *.multisafepay.com *.oct8ne.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src i.icomoon.io fonts.gstatic.com *.typekit.net *.gstatic.com 'self' data: https://dashboard.trustprofile.comfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.becom.digital *.facebook.com *.google.com *.salesmanago.pl *.trustprofile.com *.youtube-nocookie.com becom.digital www.googletagmanager.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net https://dashboard.trustprofile.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googlesyndication.com *.gstatic.com *.newstat.net *.salesmanago.pl *.trustprofile.com blogger.googleusercontent.com www.google.be *.salesmanago.es *.salesmanago.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.multisafepay.com *.koongo.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com *.cookie-script.com *.facebook.net *.salesmanago.com *.salesmanago.pl *.salesmanago.es *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://dashboard.trustprofile.com/sidebar.js *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googletagmanager.com i.icomoon.io fonts.googleapis.com *.typekit.net *.multisafepay.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.cookie-script.com *.facebook.com *.google.com *.googleadservices.com *.googlesyndication.com google.com pay.google.com www.google.be www.google.com stats.g.doubleclick.net *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.multisafepay.com *.koongo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5a66314f-575a-41a8-9234-232d774a014f.sansec.watch/; report-to report-endpoint; 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.mollie.com https://vars.hotjar.com https://view.publitas.com https://www.google.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://wm.livechat-2-prod-dot.watermelonmessenger.appspot.com www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com maps.gstatic.com maps.googleapis.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.storyblok.com https://www.mollie.com https://www.facebook.com https://px4.ads.linkedin.com https://cdn-cookieyes.com https://www.google.com https://www.google.nl https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/assets/ https://www.prikentik.be https://integrations.etrusted.com https://www.google.be https://px.ads.linkedin.com https://wm.livechat-2-prod-dot.watermelonmessenger.appspot.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.storyblok.com js.mollie.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://www.google.com https://www.gstatic.com https://maps.google.com https://view.publitas.com https://bam.eu01.nr-data.net https://cdn-cookieyes.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://snap.licdn.com https://wm.livechat-2-prod-dot.watermelonmessenger.appspot.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com downloads.mailchimp.com *.storyblok.com https://fonts.googleapis.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/styles.css https://integrations.etrusted.com/applications/trusted-stars-service-widget/ https://wm.livechat-2-prod-dot.watermelonmessenger.appspot.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://in.hotjar.com https://www.google-analytics.com https://bam-cell.nr-data.net https://stats.g.doubleclick.net https://www.google.com https://*.conversionsapigateway.com https://cdn-cookieyes.com https://directory.cookieyes.com https://log.cookieyes.com https://content.hotjar.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-JpWE-AuxduB1dNPyvRMy3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://*.gstatic.com data: maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://images.unsplash.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://belco-prod.s3-eu-central-1.amazonaws.com *.google.nl *.disposablediscounter.nl *.bing.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com disposablediscounter.nl *.cookiebot.com imagedelivery.net *.belco.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.belco.io *.belco.io *.bing.com *.cloudfront.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.convertexperiments.com *.hotjar.com *.sgmntfy.com *.cookiebot.com *.cookiebot.co *.segmentify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.fontawesome.com *.multisafepay.com assets.braintreegateway.com *.segmentify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com wss://chat.belco.io https://cdn.belco.io *.belco.io *.klaviyo.com *.bing.com *.cloudfront.net *.doubleclick.net *.amazonaws.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.hotjar.io gandalf-eu.segmentify.com *.convertexperiments.com *.hotjar.com wss://ws.hotjar.com *.google-analytics.com *.cookiebot.com *.google.nl *.disposablediscounter.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hcaptcha.com https://www.googletagmanager.com https://maps.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://js.hcaptcha.com https://www.googletagmanager.com https://maps.googleapis.com https://s.go-mpulse.net *.siteintercept.qualtrics.com https://pi.pardot.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://siteintercept.qualtrics.com https://go.frieslandcampina-foodservice.com https://googleads.g.doubleclick.net https://static.xingcdn.com https://view.publitas.com https://zn40n3kie90teedbt-frieslandcampina.siteintercept.qualtrics.com https://www.youtube.com https://analytics.tiktok.com https://www.googleadservices.com https://dev.visualwebsiteoptimizer.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self' 1
report-to self; font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com 'self' data: widgets.trustedshops.com https://widgets.trustedshops.com d2jyby6zfixqwe.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com https://www.googletagmanager.com/ *.facebook.com js.mollie.com challenges.cloudflare.com td.doubleclick.net d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net *.ddlnk.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.hsforms.net *.hsforms.com *.cdninstagram.com flagpedia.net https://www.mollie.com 'self' data: *.cloudfront.net *.usercentrics.eu integrations.etrusted.com *.content.lego.com www.google.pl www.google.de www.google.en blob: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com maps.gstatic.com d2jyby6zfixqwe.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.hsforms.net *.hsforms.com player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.gstatic.com maps.googleapis.com js.mollie.com challenges.cloudflare.com *.usercentrics.eu *.content.lego.com *.hotjar.com toysforfun.matomo.cloud https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://d2jyby6zfixqwe.cloudfront.net d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com integrations.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; object-src d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.content.lego.com d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com www.gstatic.com maps.googleapis.com *.usercentrics.eu api.legogroup.io *.content.lego.com region1.analytics.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.pl www.google.de www.google.en wss://ws.hotjar.com content.hotjar.com content.hotjar.io metrics.hotjar.io toysforfun.matomo.cloud *.trustedshops.com *.etrusted.com https://integrations.etrusted.site d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com d2jyby6zfixqwe.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.cloudfront.net 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://cdnapisec.kaltura.com/;frame-src https://* 'self' epichttp: https://pge.phreesia.net;script-src 'nonce-264920b761d848f5afa1ed3d2333a9fa' https://www.tannermychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://www.tannermychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.mercadopago.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src http: https: https://www.wow.pt/ 'unsafe-inline' 'unsafe-eval' www.google.com connect.facebook.net  *.clarity.ms *.googletagmanager.com *.doubleclick.net *.criteo.com *.criteo.net *.rubiconproject.com *.unrulymedia.com *.creativecdn.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.ingest.sentry.io *.googleapis.com *.doubleclick.net *.googleadservices.com *.google.pt ; connect-src 'self' data: https://www.wow.pt/ *.google-analytics.com *.analytics.google.com *.google.com *.facebook.com *.recaptcha.net country.i18n.codes *.ventrata.com *.clarity.ms analytics.tiktok.com analytics.ahrefs.com *.creativecdn.com *.adyen.com  *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.vimeo.com vimeo.com *.tiktokw.us *.nr-data.net *.googlesyndication.com *.googletagmanager.com *.ingest.sentry.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagmanager.com www.google.pt pagead2.googlesyndication.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net www.google.nl www.google.pl stats.g.doubleclick.net pagead2.googlesyndication.com www.google.ca www.google.fr www.google.pt www.google.be www.google.es www.google.lu www.google.com.br googleads.g.doubleclick.net www.google.cz www.google.co.in www.google.co.uk www.google.com www.google.it www.google.com.au www.google.al www.google.com.pk www.google.hr www.google.de www.google.im www.google.co.kr www.google.hu www.google.ie www.google.mu sslwidget.criteo.com www.google.cl www.google.com.tr www.google.com.my www.google.at www.wow.pt www.google.com.eg overbridgenet.com www.google.com.hk www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.as www.google.az www.google.ba www.google.com.bd www.google.bf www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.bs www.google.bt www.google.co.bw www.google.com.bz www.google.cd www.google.cf www.google.cg www.google.ci www.google.co.ck www.google.cm www.google.cn www.google.com.cu www.google.cv www.google.com.cy www.google.dj www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.ga www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.ht www.google.co.id www.google.iq www.google.is www.google.je www.google.com.jm www.google.jo www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lv www.google.com.ly www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mv www.google.mw www.google.co.mz www.google.com.na www.google.com.ng www.google.ne www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.pn www.google.com.py www.google.com.qa www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.com.sg www.google.sh www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat ; style-src 'self' blob: https: 'unsafe-inline' https://www.wow.pt/ *.cash.app ; img-src 'self' data: blob: *.ventrata.com *.tremorhub.com *.postrelease.com id5-sync.com *.criteo.net *.criteo.com analytics.tiktok.com www.facebook.com *.creativecdn.com *.doubleclick.net bbnaut.ibillboard.com us-u.openx.net hb.yahoo.net pixel.rubiconproject.com atemda.com *.360yield.com *.pubmatic.com delivery.swid.switchads.com *.smartadserver.com rm.em.nscontext.eu profile.ssp.rambler.ru ib.adnxs.com match.c8.net.ua ssp.adriver.ru cm.adform.net x.bidswitch.net *.casalemedia.com bh.contextweb.com ads.betweendigital.com cs.gssprt.jp s-cs.send.microad.jp adlmerge.com an.yandex.ru cmeu.hit.gemius.pl ih.adscale.de cmrtbhpl.hit.gemius.pl cm.gammaplatform.com e1.emxdgt.com tg.socdm.com us.ck-ie.com inv-nets.admixer.net *.taboola.com ad.yieldlab.net ssp.wp.pl adn.caprofitx.com ad.as.amanad.adtdp.com localhost dmx.districtm.io analytics.ad.daum.net eb2.3lift.com match.sharethrough.com sync.ad-stir.com sync.outbrain.com sync.1rx.io ce.lijit.com visitor.omnitagjs.com *.teads.tv hb.adtarget.com.tr sofia.trustx.org rtb.adxpremium.services sync.addlv.smt.docomo.ne.jp sync.e-planning.net *.media.net csync.loopme.me onetag-sys.com cm.mgid.com idsync.rlcdn.com sync.console.adtarget.com.tr prebid-stag.setupad.net ads.yieldmo.com pixel.s3xified.com sync.adtelligent.com cs.mobfox.com s.ad.smaato.net s-cs.rmp.rakuten.com prebid-server.rubiconproject.com t.visx.net sync.dmp.otm-r.com goo.gamx.io us-east-pbs.automatad.com usersync.gumgum.com dot.wp.pl rt.udmserve.net t.adx.opera.com sync.connectad.io ad.mail.ru ad.tpmn.co.kr idsync.admixer.co.kr sync.adkernel.com vid.vidoomy.com prebid-server.rtbhouse.net sync.bidence.net csync.smilewanted.com ssc-cms.33across.com mixer.mobon.net sync.kueezrtb.com prebid.serve.admatic.com.tr ssp.api.tappx.com cm-exchange.toast.com prebid.pixad.com.tr prebid.adtarget.com.tr s.seedtag.com ads.enjoy4fun.com sp.gmossp-sp.jp sync.cootlogix.com sync.go.sonobi.com fast.nexx360.io z.cdn.adtarget.market sync.cenarius.orangeclickmedia.com pbs.optidigital.com router.infolinks.com sync.aniview.com us.shb-sync.com adasta-pbs.relevant-digital.com pbs.yahoo.com eexsync.com c1.adform.net cookiesyncgotham.com sync-service.net sync.bidmatic.io *.inmobi.com prebid.monetixads.com elb.the-ozone-project.com mynet-pbs.theadx.com usersync-america.rtblab.net sync.pubrise.ai cs.yellowblue.io public-prod-dspcookiematching.dmxleo.com mapping.lacunads.com u.4dex.io rt.marphezis.com cookiesync.axis-marketplace.com s2s.yieldbird.com prebid.admatic.de cdn.performax.cz cstb.adsinteractive.com hb.r2b2.cz pbjs.digitalmatter.services prebid-server.pbstck.com ms-cookie-sync.presage.io hb.r2b2.io *.adtech.ink *.amazon-adsystem.com optimics-ads.aimatch.com prebid.adocean.pl prebid.jixie.io rtb.valuad.io *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.googletagmanager.com *.demdex.net *.agkn.com *.vimeocdn.com *.googleapis.com *.googleadservices.com *.twiago.com *.clarity.ms *.mediavine.com *.fwmrm.net *.wow.pt *.googlesyndication.com c.bing.com maps.gstatic.com connect.facebook.net https://*.google.* *.pl.ing.com www.google.pt www.google.com www.google.co.in www.google.fr www.google.dk sync.adtech.ink www.google.es www.google.co.uk user-sync.fwmrm.net www.google.se www.google.nl www.google.ca www.google.ie googleads.g.doubleclick.net www.google.pl user-sync.fwmrm.net sync.adtech.ink ssc-cms.33across.com s.ad.smaato.net googleads.g.doubleclick.net www.google.com.br www.google.com.tr www.google.it www.google.co.jp www.google.no www.google.de www.google.lu www.google.ru www.google.ch www.google.cz www.google.be www.google.ro www.google.hu www.google.ge www.google.com.ar www.google.ee www.google.com.mx www.google.at www.google.com.au www.google.com.pk www.google.co.il www.google.hr www.google.bg www.google.im www.google.com.vn www.google.co.kr www.google.mu www.google.com.pr www.google.co.id www.google.cl www.google.co.ma www.google.co.cr www.google.com.my ; object-src 'none'; base-uri 'self' *.wow.pt; child-src 'self'; font-src 'self' data: fonts.gstatic.com cash-f.squarecdn.com *.cdn.office.net use.typekit.net r2cdn.perplexity.ai cdn.scite.ai moz-extension cdnjs.cloudflare.com ; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com audience.arcspire.io *.criteo.com *.criteo.net *.doubleclick.net *.googletagmanager.com *.recaptcha.net *.creativecdn.com *.adyen.com pay.google.com *.pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.ingest.sentry.io *.googleapis.com *.doubleclick.net *.googleadservices.com *.google.pt www.facebook.com *.nexigroup.com *.wlp-acs.com *.pl.ing.com acs.sibs.pt channel-cards-html.lloydsbankinggroup.com www.rsa3dsauth.co.uk vimeo.com acs-challenge.apata.io authentication-acs.marqeta.eu api.challenge.threeds.eu-central-1.mq02-eu-prod.int.marqeta.eu ; report-to csp-endpoint; report-uri https://n8n-prod.toogas.net/webhook/csp-report; 1
worker-src 'none'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-6eW1lWSfsjeK2FFq3rnrMA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.fontawesome.com *.brevo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ https://*.doubleclick.net https://*.heureka.cz/ https://*.heureka.sk/ https://*.googletagmanager.com *.brevo.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.seznam.cz https://im9.cz https://*.google.sk https://*.google.nl https://*.facebook.com https://*.g.doubleclick.net https://*.heureka.cz/ https://*.heureka.sk/ https://*.zbozi.cz *.linkedin.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ https://*.heureka.cz https://*.gopay.cz https://*.google.cz/ https://*.google.sk https://*.google.nl https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.heureka.sk/ *.brevo.com *.licdn.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.g.doubleclick.net *.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.crisp.chat static.fulfiller.com drhur8ajhi373.cloudfront.net d39xcqom8pbi81.cloudfront.net recette-static.fulfiller.com *.axept.io *.fontawesome.com applepay.cdn-apple.com *.fonts.googleapis.com data: *.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com connect.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com connect.facebook.net editor.fasteditor.com ucarecdn.com pitchprint.io payment.stancer.com 3ds.iliad78.net image.fulfiller.com js.mollie.com api-qa.payplug.com secure-qa.payplug.com *.payplug.com *.addthis.com *.twitter.com *.pinterest.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com blob: integration.ecom.back2print.fr www.fulfiller.com ucarecdn.com axeptio.imgix.net favicons.axept.io *.crisp.chat *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.fbcdn.net cdn.filestackcontent.com static.filestackapi.com static.fulfiller.com drhur8ajhi373.cloudfront.net d39xcqom8pbi81.cloudfront.net assets.fulfiller.com *.google.fr image.fulfiller.com *.elfsight.com *.elfsightcdn.com *.googleusercontent.com bat.bing.com *.amazonaws.com pitchprint.io recette-static.fulfiller.com zefiles.fulfiller.com https://www.mollie.com https://secure-magenta.dalenys.com *.addthisedge.com *.twitter.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com analytics.tiktok.com static.cloudflareinsights.com *.googletagmanager.com image.fulfiller.com connect.facebook.net graph.facebook.com js.facebook.com *.facebook.net static.filestackapi.com static.fulfiller.com drhur8ajhi373.cloudfront.net d39xcqom8pbi81.cloudfront.net *.axept.io ucarecdn.com *.crisp.chat *.elfsight.com *.elfsightcdn.com bat.bing.com *.gstatic.com *.paypal.com cdn.payplug.com pitchprint.io cdn.jsdelivr.net recette-static.fulfiller.com *.tiny.cloud *.tinymce.com *.kameleoon.io js.mollie.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.googleapis.com *.facebook.com *.pinterest.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.crisp.chat static.filestackapi.com static.fulfiller.com drhur8ajhi373.cloudfront.net d39xcqom8pbi81.cloudfront.net *.gstatic.com cdn.jsdelivr.net recette-static.fulfiller.com unpkg.com *.tiny.cloud *.axept.io *.fontawesome.com https://secure-magenta.dalenys.com *.googleapis.com 'self' 'unsafe-inline'; object-src ucarecdn.com 'self' 'unsafe-inline'; media-src axeptio-video.imgix.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com analytics.tiktok.com bat.bing.net blob: *.axept.io *.axeptio.eu *.axeptio.tech *.crisp.chat wss://client.relay.crisp.chat *.doubleclick.net connect.facebook.net filestack-uploads-persist-production.s3.amazonaws.com cloud.filestackapi.com upload.filestackapi.com *.filestackapi.com static.fulfiller.com drhur8ajhi373.cloudfront.net d39xcqom8pbi81.cloudfront.net *.google.fr image.fulfiller.com *.elfsight.com bat.bing.com pitchprint.io api.pitchprint.io recette-static.fulfiller.com reseller-sandbox.fulfiller.com reseller.fulfiller.com *.uploadcare.com https://uploadcare.s3-accelerate.amazonaws.com ucarecdn.com https://analytics-ipv6.tiktokw.us https://*.tiktok.com releases.transloadit.com *.kameleoon.io *.app.n8n.cloud *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src *.facebook.com connect.facebook.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://* data: https://www.feefo.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com *.googleusercontent.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google.co.uk https://www.googleadservices.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://eu-prod.inpendium.net data:; script-src 'unsafe-eval' 'unsafe-inline' https://google.com *.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://snap.licdn.com https://*.gstatic.com https://s3.tradingview.com https://*.zdassets.com https://px.ads.linkedin.com https://www.googleadservices.com https://v2.zopim.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googletagmanager.com https://cdn.respond.io https://edge.fullstory.com https://cdn.chatapi.net https://*.oppwa.com https://oppwa.com https://p11.techlab-cdn.com https://eu-prod.inpendium.net https: blob:; script-src-elem 'unsafe-eval' 'unsafe-inline' https://google.com *.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://snap.licdn.com https://*.gstatic.com https://s3.tradingview.com https://*.zdassets.com https://px.ads.linkedin.com https://www.googleadservices.com https://v2.zopim.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googletagmanager.com https://cdn.respond.io https://edge.fullstory.com https://cdn.chatapi.net https://*.oppwa.com https://oppwa.com https://p11.techlab-cdn.com https://eu-prod.inpendium.net https: blob:; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://*.oppwa.com https://oppwa.com https://eu-prod.inpendium.net; style-src-elem  'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://*.oppwa.com https://oppwa.com https://eu-prod.inpendium.net; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://at.alicdn.com https://use.typekit.net; connect-src 'self' *.google.com https://google.com https://*.zdassets.com https://ipmbullion.zendesk.com https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.googleadservices.com https://adservice.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://static.zdassets.com https://www.google.co.uk https://edge.fullstory.com https://cdn.chatapi.net https://cdn.respond.io https://rs.fullstory.com https://analytics.google.com https://app.respond.io https://ipapi.co https://eu-prod.inpendium.net https://analytics.tiktok.com https://www.facebook.com https://www.googleadservices.com https://www.google.ca https://www.google.co.id https://www.google.co.in https://www.google.com https://www.google.com.au https://www.google.com.co https://www.google.com.hk https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tw https://www.google.fr https://www.google.md https://www.google.nl https://www.google.sk data: blob:; media-src 'self' https://static.zdassets.com; frame-src 'self' *.google.com https://s.tradingview.com *.google-analytics.com *.googletagmanager.com https://trade-api.ipm.capital https://www.tradingview-widget.com https://soa.indigopreciousmetals.com https://prod-ipm-soa-frontend.live.ipmbullion.com https://prod-ipm-bsp-frontend.live.ipmbullion.com https://td.doubleclick.net https://cdn.respond.io https://cdn.chatapi.net https://analytics.google.com https://oppwa.com https://ppipe.net/ https://*.ppipe.net https://inpendium.net/ https://*.inpendium.net/ https://paymentauthenticationchallenge10.apac.citibank.com; worker-src blob:; report-uri /csp-report; 1
default-src 'self' litium.revolutionrace.co.uk fbcdn.revolutionrace.co.uk wss://fbcdn.revolutionrace.co.uk *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.co.uk *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudflare.com *.feedbackcompany.com *.googleapis.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.feedbackcompany.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.feedbackcompany.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com https://www.google.nl https://imgsct.cookiebot.com https://benem.nl https://bat.bing.com https://bat.bing.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.feedbackcompany.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.smartsuppchat.com https://widget-v3.smartsuppcdn.com https://bat.bing.com https://www.clarity.ms js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cloudflare.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net https://widget-v3.smartsuppcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com https://stats.g.doubleclick.net *.googlesyndication.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.feedbackcompany.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io https://www.postcode-checkout.nl https://consent.cookiebot.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://smartsuppcdn.com https://bootstrap.smartsuppchat.com https://widget-v3.smartsuppcdn.com https://translations.smartsuppcdn.com/ wss://websocket-visitors.smartsupp.com https://q.clarity.ms https://bat.bing.net https://o.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net *.newrelic.com *.nr-data.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' https://cdn.jollibee.com.vn 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.gstatic.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.google.com *.googleapis.com *.facebook.com *.google.com.vn https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net *.nr-data.net *.newrelic.com *.netcoresmartech.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.google.com *.google.com.vn *.netcoresmartech.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src *.netcoresmartech.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.ip-api.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://petdiscont.cz/ https://petdiscont.sk https://maps.googleapis.com/ https://www.googletagmanager.com https://widget.packeta.com/ https://widget.intime.cz/ https://ajax.googleapis.com/ https://fonts.googleapis.com/ *.gstatic.com https://*.mapy.cz im9.cz *.im9.cz *.youtube.com https://zoovyhodne.cz/ https://krmivazoo.cz/ https://aquazoo.cz *.seznam.cz *.google.com https://stats.g.doubleclick.net https://www.heureka.cz https://www.heureka.sk *.heureka.group https://www.zbozi.cz https://c.seznam.cz https://c.imedia.cz https://www.google-analytics.com *.facebook.net *.facebook.com https://www.facebook.com googleads.g.doubleclick.net https://www.heureka.cz https://www.google.cz *.googleadservices.com https://tracking.srovname.cz *.selltoro.com; report-uri /reportCSP.php 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zohocdn.com *.zohopublic.com *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.ampproject.net https://www.youtube.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.logoscorp.com *.zohopublic.com *.zohocdn.com *.preprod.sambilonline.com *.sambilonline.com *.google.co.ve *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://i.ytimg.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.zohocdn.com *.zoho.com *.zohopublic.com *.googletagmanager.com *.doubleclick.net s7.addthis.com *.avada.io *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.ampproject.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.zohocdn.com *.zohopublic.com *.alothemes.com *.magepow.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net https://w.clarity.ms/collect *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.zohocdn.com *.zoho.com *.zohopublic.com ws://vts.zohopublic.com *.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.ampproject.org *.ampproject.net https://connect.facebook.net https://www.google-analytics.com https://www.facebook.com/tr *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.sambilonline.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.boxnow.gr *.boxnow.cy applepay.cdn-apple.com *.klarnacdn.net *.bootstrapcdn.com https://assets.egalaxy.gr data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.boxnow.gr *.boxnow.cy int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.klarna.com https://widget-v5.boxnow.gr https://tbibank.gr https://www.googletagmanager.com https://www.facebook.com https://td.doubleclick.net https://youtu.be https://skroutza.skroutz.gr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io calc.tbibank.gr *.boxnow.gr *.boxnow.cy *.findbar.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com *.designer-images.net https://new.egalaxy.gr https://assets.egalaxy.gr https://www.facebook.com https://www.google.gr https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net calc.tbibank.gr *.boxnow.gr *.boxnow.cy *.findbar.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com pay.google.com applepay.cdn-apple.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com *.stat-track.com polyfill.io *.moosend.com https://assets.egalaxy.gr https://360.bestprice.gr https://scripts.bestprice.gr https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://www.gstatic.com https://skroutza.skroutz.gr https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.findbar.io *.klarnacdn.net *.moosend.com *.bootstrapcdn.com https://assets.egalaxy.gr https://use.typekit.net https://p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io calc.tbibank.gr *.boxnow.gr *.boxnow.cy *.findbar.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.stat-track.com *.m-pages.com *.m-operations.com https://assets.egalaxy.gr https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://www.google.gr https://www.facebook.com https://pagead2.googlesyndication.com https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://geowidget.easypack24.net mautic.sanpol.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * mautic.sanpol.pl mauticdev.sanpol.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ mautic.sanpol.pl mauticdev.sanpol.pl *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.bird.eu https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org mautic.sanpol.pl mauticdev.sanpol.pl *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.google.com *.google.pl *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org mautic.sanpol.pl mauticdev.sanpol.pl *.googletagmanager.com *.vercel.app connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl fonts.google.com mautic.sanpol.pl *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net mautic.sanpol.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.easypack24.net *.inpost.pl *.openstreetmap.org mautic.sanpol.pl mauticdev.sanpol.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com mautic.sanpol.pl http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' agrosolo.com.br *.agrosolo.com.br wake-components.fbitsstatic.net agrosolo.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.intelipost.com.br *.g.doubleclick.net *.googleadservices.com *.onesignal.com *.lahar.com.br *.googlesyndication.com *.smarthint.co dzpxyxks1bfmb.cloudfront.net imgs.ebit.com.br *.fabricadeaplicativos.com.br *.fabapp.com *.app.vc *.applink.com.br galeria.fabricadeaplicativos.com.br pwa.app.vc pages.agrosolo.com.br *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.facebook.net *.google.com.br connect.facebook.net gstatic.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com special.api.mandae.com.br mandae.com.br *.azurewebsites.net *.blob.core.windows.net *.avalio.eu avalio.eu *.jsdelivr.net *.mailbiz.one *.fbits.store *.adyen.com *.conectiva.io *.sunset.systems *.cartstack.com.br *.cartstack.com *.performa.ai *.cupom.social *.conectiva.app app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai cartstack.com.br app.cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai *app.cartstack.com *.clarity.ms conectiva.io *.goadopt.io *.pagar.me *.mundipagg.com *.getnet.com.br *.utmify.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.stapecdn.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.maxipago.net stapecdn.com *.cloudflare.com *.trlution.com trlution.com tracking.leadspark.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.tioliveira.com cdn.jsdelivr.net *.pagoexpress.com.br *.ipify.org *.agrosolo.cloud *.xp-wake.tech capi-automation.s3.us-east-2.amazonaws.com newimgebit-a.akamaihd.net api.reclameaqui.com.br s3.amazonaws.com youtube.com viacep.com.br google.ie app.avalio.com.br converta.app *.fbitsstatic.net *.btg360.com.br *.youtube.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.agrosolo.com.br agrosolo.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com *.googleapis.com cdn-cookieyes.com *.cookieyes.com *.facebook.net *.facebook.com *.google.pt https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com *.googleapis.com *.gstatic.com cdn-cookieyes.com *.cookieyes.com *.facebook.net *.facebook.com *.google.pt https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app *.fontawesome.com https://static.klaviyo.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://maps.googleapis.com https://player.vimeo.com *.googleapis.com cdn-cookieyes.com *.cookieyes.com *.facebook.net *.facebook.com *.google.pt https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://accounts.google.com https://www.facebook.com https://login.live.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://sync.smartadserver.com https://tracking.i-goal.com.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com https://static.sizebay.technology data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ storage.googleapis.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://static.i-goal.com.br https://static.sizebay.technology https://vfr-v3-production.sizebay.technology https://storage.googleapis.com https://js.dito.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com tagmanager.google.com https://unpkg.com https://static.sizebay.technology 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://login.plataformasocial.com.br *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://vfr-v3-production.sizebay.technology 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self'; connect-src 'self' https://*.siteimprove.com https://analytics-ipv6.tiktokw.us https://analytics.google.com https://analytics.tiktok.com https://bat.bing.com https://bot.kindly.ai https://chat.kindlycdn.com https://collect-eu-central-1.tealiumiq.com https://consent.app.cookieinformation.com https://contentassistant.eu.siteimprove.com https://ct.pinterest.com https://esp-eu.aptrinsic.com https://ingest.skyra.no https://ingest.staging.skyra.no https://pagead2.googlesyndication.com https://policy.app.cookieinformation.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://service-platform.huseierne.no https://sockjs-eu.pusher.com https://sr-huseierne-hsp-signalr-prod.service.signalr.net https://sr-huseierne-hsp-signalr-test.service.signalr.net https://stats.g.doubleclick.net https://tr.snapchat.com https://tr6.snapchat.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.google.de https://www.google.es https://www.google.nl https://www.google.no https://www.googleadservices.com https://www.googletagmanager.com https://www.huseierne.no wss://sr-huseierne-hsp-signalr-prod.service.signalr.net wss://sr-huseierne-hsp-signalr-test.service.signalr.net wss://ws-eu.pusher.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://cdn.jsdelivr.net https://chat.kindlycdn.com https://fonts.gstatic.com; frame-src 'self' https://*.siteimprove.com https://13892171.fls.doubleclick.net https://bli-medlem.huseierne.no https://contentassistant.eu.siteimprove.com https://ct.pinterest.com https://flo.uri.sh https://kommunikasjon.ntb.no https://player.flipsnack.com https://player.vimeo.com https://policy.app.cookieinformation.com https://tr.snapchat.com https://www.googletagmanager.com https://www.youtube-nocookie.com; img-src 'self' data: https://6053746.global.siteimproveanalytics.io https://ade.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://pagead2.googlesyndication.com https://public.flourish.studio https://px.ads.linkedin.com https://static.kindlycdn.com https://stats.g.doubleclick.net https://tr.snapchat.com https://www.google.ae https://www.google.at https://www.google.co.th https://www.google.co.uk https://www.google.com https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.no https://www.google.se https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://bat.bing.com https://chat.kindlycdn.com https://code.jquery.com https://connect.facebook.net https://ct.pinterest.com https://d2df291ti5v5sq.cloudfront.net https://googleads.g.doubleclick.net https://kommunikasjon.ntb.no https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://public.flourish.studio https://s.pinimg.com https://sc-static.net https://siteimproveanalytics.com https://snap.licdn.com https://survey.skyra.no https://tags.tiqcdn.com https://tr.snapchat.com https://visitor-service-eu-central-1.tealiumiq.com https://web-sdk-eu.aptrinsic.com https://www.googletagmanager.com https://www.ntbinfo.no https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.siteimprove.com https://contentassistant.eu.siteimprove.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://chat.kindlycdn.com https://fonts.googleapis.com https://web-sdk-eu.aptrinsic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-to stott-security-endpoint; 1
default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; script-src 'none' 'report-sample'; connect-src 'none'; form-action 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; report-uri https://csp.threatview.app/report; report-to threatview 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com magento-cloudflare.jetrails.com www.youtube.com *.google.com/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ytimg.com *.facebook.com https://img.youtube.com https://www.magezon.com store.paradoxlabs.com https://redchamps.com *.gstatic.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://connect.facebook.net *.facebook.com s7.addthis.com *.avada.io *.google.com/ player.vimeo.com *.authorize.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kxfi0ljolvesSst9MFrrJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com *.alothemes.com *.magepow.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com *.trackedlink.net *.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://scontent-bom1-1.cdninstagram.com/ https://scontent-bom1-2.cdninstagram.com https://scontent-bom1-2 ftcdn.net https://scontent-bom1-2.xx.fbcdn.net/ *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ email.nueskes.com connect.facebook.net script.crazyegg.com bat.bing.com em.nueskes.com dx.mountain.com js.adsrvr.org *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://apis.google.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://scontent-bom1-2.cdninstagram.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com secure.windriverfinancialgateway.com connect.facebook.net script.crazyegg.com tracking.crazyegg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.windows.net *.powerbi.com *.gstatic.com *.googleapis.com *.visualstudio.com content.powerapps.com stats.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com *.pendo.io; style-src 'self' 'unsafe-inline' www.gstatic.com content.powerapps.com fonts.googleapis.com *.pendo.io; img-src 'self' data: blob: file *.windows.net *.1bc.app *.powerapps.com www.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.pendo.io; frame-src 'self' *.google.com app.pendo.io; frame-ancestors 'self' app.pendo.io; worker-src blob:; report-uri https://1breadcrumb.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.canadapost.ca https://sso.epost.ca *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://firebasestorage.googleapis.com mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.googleapis.com cdn.ampproject.org raw.githubusercontent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com cdn.ampproject.org *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GISIjTBnerkPYHBp11K5GQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojavirus.com.br *.lojavirus.com.br wake-components.fbitsstatic.net lojavirus.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com googleadservices.com yapay.com.br googlesyndication.com cloudflare.com cnt.my clearsale.com.br zdassets.com ebit.com.br traycheckout.com.br doubleclick.net ecommercemail.com.br online-metrix.net hertzen.com k-analytix.com zendesk.com citydsp.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.yapay.com.br *.googleadservices.com *.cloudflare.com *.googlesyndication.com *.cnt.my *.ebit.com.br *.traycheckout.com.br *.clearsale.com.br *.zdassets.com *.k-analytix.com *.hertzen.com *.doubleclick.net *.ecommercemail.com.br *.online-metrix.net *.zendesk.com *.citydsp.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.btg360.com.br dzpxyxks1bfmb.cloudfront.net *.zopim.com *.gstatic.com *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.yourviews.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net *.ucarecdn.com *.uploadcare.com *.yviews.com.br *.lojaconfiavel.com *.lightwidget.com bt-wake-connector.com.br lojavirus.fbitsstatic.net *.fbitsstatic.net *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io gstatic.com *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojavirus.com.br lojavirus.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://connect.facebook.net https://graph.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://js.facebook.com https://js-cdn.dynatrace.com https://r.bing.com https://unpkg.com https://sec.windcave.com https://js-agent.newrelic.com https://www.clarity.ms https://*.clarity.ms https://gateway.zscaler.net; object-src *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.google.com *.bing.com unpkg.com https://www.googletagmanager.com https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.google.com https://*.google.com.au https://*.google.com.jp https://*.google.com.sg https://*.google.com.vn https://*.google.co.uk https://*.google.co.nz https://*.google.com.pg https://www.google-analytics.com https://*.google-analytics.com https://*.bing.com https://www.facebook.com https://*.analytics.yahoo.com https://ad.doubleclick.net https://gateway.zscaler.net https://*.clarity.ms https://*.g.doubleclick.net https://*.googletagmanager.com https://*.googleusercontent.com https://*.intentiq.com https://*.star.com.au; media-src data:; frame-src 'self' *.doubleclick.net *.pinterest.com *.googleadservices.com *.google.com *.googletagmanager.com *.windcave.com *.facebook.com *.bing.com https://gateway.zscaler.net; frame-ancestors 'self';; child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net *.googletagmanager.com; font-src 'self' data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleadservices.com *.dynatrace.com *.star.com.au *.doubleclick.net *.bing.com bam.nr-data.net https://www.facebook.com *.google.com *.google.com.au *.google.com.hk *.google.co.nz *.google.co.kr *.google.com.tr *.google.com.tw *.google.ae *.google.com.hk *.google.com.sg https://bf63062ypw.bf.dynatrace.com https://www.gstatic.com https://translate.googleapis.com https://*.clarity.ms https://*.intentiq.com; report-uri /report-csp-violation 1
style-src 'self' 'unsafe-inline' https://*.styla.com https://fast.fonts.net https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://delivery-assets.squarelovin.com https://fonts.googleapis.com https://cdn.parcellab.com https://www.gstatic.com; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://windsor.de https://*.windsor.de https://app.usercentrics.eu https://web.cmp.usercentrics.eu https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://*.fls.doubleclick.net https://pay.google.com https://www.paypal.com https://*.adyen.com https://*.global-e.com https://www.facebook.com https://bat.bing.com https://*.cdn-apple.com; img-src 'self' blob: data: https:; connect-src 'self' https://windsor.de https://*.windsor.de https://*.usercentrics.eu https://*.service.usercentrics.eu https://*.kameleoon.io https://*.kameleoon.eu https://blackbit-styla.s3.eu-central-1.amazonaws.com  https://*.styla.com https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://squarelovin-main-app.s3.eu-central-1.amazonaws.com https://tracking-api.squarelovin.com https://www.paypal.com https://*.adyen.com https://*.clarity.ms https://ad.doubleclick.net https://*.bing.com https://*.bing.net https://ct.pinterest.com https://px.ads.linkedin.com https://ib.adnxs.com/pixie/up https://www.facebook.com https://connect.facebook.net https://*.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com https://google.com https://*.google.com:* https://*.analytics.google.com https://*.googleapis.com https://*.googletagmanager.com:* https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.parcellab.com https://bt.fraud0.com https://recommender.scarabresearch.com https://in.hotjar.com https://analytics-ipv6.tiktokw.us:*; child-src 'self' https://windsor.de https://*.windsor.de; object-src 'none'; worker-src 'self' https://windsor.de https://*.windsor.de; media-src 'self' https://windsor.de https://*.windsor.de data: https://styla-prod-us.imgix.net https://cdn.kameleoon.com https://cdn-vid.squarelovin.com; frame-ancestors 'self' https://windsor.de https://*.windsor.de; default-src 'self' https://windsor.de https://*.windsor.de; font-src 'self' data: https://blackbit-styla-demo.s3.eu-central-1.amazonaws.com https://fast.fonts.net https://fonts.gstatic.com https://s3.global-e.com https://script.hotjar.com https://*.cdn-apple.com https://assets.faircado.com; report-uri https://windsor.de/csp/report; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud https://fonts.gstatic.com/ *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud https://maps.google.com/ *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com brippo.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.cdninstagram.com minimumworld.com services.postcodeanywhere.co.uk bat.bing.com www.google.pl i.stack.imgur.com i.sstatic.net s.clarity.ms c.clarity.ms c.bing.com cdn-images.mailchimp.com mcusercontent.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud widget.freshworks.com m2epro.freshdesk.com https://cdnjs.cloudflare.com/ *.avada.io *.shopify.com *.alothemes.com *.magepow.com scripts.clarity.ms minimumworld.com minim11118.pcapredict.com services.postcodeanywhere.co.uk player.vimeo.com bat.bing.com www.clarity.ms *.trustpilot.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com services.postcodeanywhere.co.uk *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.googleapis.com fonts.gstatic.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.opayo.cloud widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com f.clarity.ms *.instagram.com services.postcodeanywhere.co.uk w.clarity.ms bat.bing.com www.google.pl stats.g.doubleclick.net s.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-k_6B0MnBsIkaVMIM1cZFIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com ct.pinterest.com www.facebook.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com *.grshop.com grshop.com bat.bing.net https://meetanshi.com/media/logo.png maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com s.pinimg.com pw.grshop.com bat.bing.com ct.pinterest.com www.google.com www.gstatic.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net https://grshop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com *.google.com ct.pinterest.com pw.grshop.com bat.bing.net *.tiktokw.us dp.signifyd.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';object-src 'none';script-src 'self' 'nonce-NjRDRjNEOTM0Qjk0ODMwNjQyNDMyRjRGMjlFMkE5OEY' https://cdn.jsdelivr.net https://www.google-analytics.com https://siteimproveanalytics.com;style-src 'self' 'nonce-NjRDRjNEOTM0Qjk0ODMwNjQyNDMyRjRGMjlFMkE5OEY';img-src 'self' data: https://cdn.jsdelivr.net;font-src 'self' https://cdn.jsdelivr.net;connect-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl;worker-src 'self' blob:;media-src 'self' data:;frame-src https://www.youtube.com https://informatiemodel.istandaarden.nl;frame-ancestors 'self' https://informatiemodel.istandaarden.nl https://cms-o.kiesbeter.nl https://cms-ts.kiesbeter.nl https://cms-ac.kiesbeter.nl https://cms.kiesbeter.nl;form-action 'self';upgrade-insecure-requests; report-uri /services/cspreport; 1
img-src 'self' data:; script-src 'none'; object-src 'none'; style-src-elem 'self' 'unsafe-inline'; font-src 'self' https:; script-src-elem 'self' 'unsafe-inline'; manifest-src 'self' https:; connect-src 'self' https: wss:; frame-src http:; report-uri https://csp-report-endpoint.bms-les0501-lease-a-bike-dev.workers.dev/report; 1
default-src 'self' litium.revolutionrace.at fbcdn.revolutionrace.at wss://fbcdn.revolutionrace.at *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.at *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
default-src 'self' litium.revolutionrace.nl fbcdn.revolutionrace.nl wss://fbcdn.revolutionrace.nl *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.nl *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.paypal.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.cookiebot.com *.googletagmanager.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google-analytics.com *.googleapis.com *.google.com *.google.it https://images.unsplash.com 'self' data: *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.feedaty.com *.cookiebot.com https://secure-magenta.dalenys.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google-analytics.com *.gstatic.com *.googleapis.com https://maps.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.feedaty.com *.cookiebot.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.googlesyndication.com *.feedaty.com *.cookiebot.com *.fontawesome.com https://secure-magenta.dalenys.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.gstatic.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.feedaty.com PLACEHOLDER *.cookiebot.com *.google.it *.googletagmanager.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com 'self' *.powerreviews.com *.upsellit.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com *.powerreviews.com *.doubleclick.net ssl.kaptcha.com *.upsellit.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com *.google.com *.googleadservices.com *.powerreviews.com bat.bing.com pixel.quantserve.com *.acurite.com *.payments-amazon.com static-na.payments-amazon.com *.google.com.pk acurite.com *.acsbapp.com *.upsellit.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.paypalobjects.com *.paypal.com *.zdassets.com *.bing.com *.celebros.com *.adobedtm.com *.powerreviews.com *.fbot.me acsbapp.com secure.quantserve.com *.quantcount.com *.upsellit.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.google.com *.facebook.com *.gstatic.com 'self' *.zdassets.com http://celebrosnlp.com *.powerreviews.com *.acurite.com *.upsellit.com assets.braintreegateway.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.upsellit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.powerreviews.com *.acsbapp.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net/ maps.googleapis.com public.fbot.me *.upsellit.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem https://static.zdassets.com https://widget.trustpilot.com https://www.hifigear.co.uk https://www.googletagmanager.com https://js.stripe.com https://widget-mediator.zopim.com https://www.google-analytics.com https://staticw2.yotpo.com https://cdn-widgetsrepository.yotpo.com https://js.klarna.com https://x.klarnacdn.net https://code.jquery.com https://live.opayo.eu.elavon.com https://live.sagepay.com; font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.gstatic.com *.fontawesome.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com https://live.opayo.eu.elavon.com https://live.sagepay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://widget.trustpilot.com https://live.opayo.eu.elavon.com https://live.sagepay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://p.yotpoapi.com https://v2assets.zopim.io *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://code.jquery.com https://cdn-widgetsrepository.yotpo.com https://x.klarnacdn.net https://live.opayo.eu.elavon.com https://live.sagepay.com x.klarnacdn.net *.klarnaservices.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.klarnacdn.net *.googleapis.com *.googletagmanager.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://ekr.zdassets.com https://hifigear.zendesk.com wss://widget-mediator.zopim.com https://live.opayo.eu.elavon.com https://live.sagepay.com x.klarnacdn.net *.klarnaservices.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; child-src https://live.opayo.eu.elavon.com https://live.sagepay.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com blob: maps.googleapis.com maps.gstatic.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://www.google.co.in https://googleads.g.doubleclick.net; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://global.frcapi.com/ https://*.googletagmanager.com https://*.youtube-nocookie.com player.vimeo.com; media-src 'self' blob: data:; script-src-elem 'self' 'unsafe-inline' https://unpkg.com https://cdn.plyr.io https://*.noembed.com https://www.youtube.com https://player.vimeo.com https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com https://googleads.g.doubleclick.net 'report-sample'; script-src-attr 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample' https://fonts.googleapis.com https://unpkg.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' 'unsafe-eval' https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com cdn.plyr.io noembed.com youtube.com youtube.de maps.googleapis.com https://www.google.com https://www.google.de *.www.googletagmanager.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com; report-uri https://www.ifabrik.de/@http-reporting?csp=report&requestTime=1773718250061193&requestHash=5ebe12cff038d85b62f3714afc6455af85eb560c 1
script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; form-action 'none'; report-to default; report-uri https://tokemak.uriports.com/reports 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.livechat-files.com forms.hsforms.com track.hubspot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.fontawesome.com *.googleapis.com *.avada.io *.shopify.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.hs-scripts.com cdn.livechatinc.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net api.livechatinc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com api.hubapi.com forms.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms maxcdn.bootstrapcdn.com data: widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms flagpedia.net widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tamara.co google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms www.gstatic.com *.avada.io *.gstatic.com widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms maxcdn.bootstrapcdn.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tamara.co *.google.com google.com www.google.co.in googleads.g.doubleclick.net stats.g.doubleclick.net https://td.doubleclick.net/ https://dp-event-collector.tabby.ai/v1/t maps.googleapis.com maps.gstatic.com *.googleapis.com *.yallatyre.com https://cdn.segment.com checkout.tabby.ai *.hotjar.com www.googletagmanager.com *.clarity.ms https://get.geojs.io *.avada.io www.gstatic.com widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1TISI9I2ZshtE1YluqMxyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; object-src *; media-src *; frame-src *; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: https://*.paypal.com https://*.paypalobjects.com 'nonce-k0MVNqh25w33HVW6_5NZdr1l8JLbPlDc'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.blue.cl *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.blue.cl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.blue.cl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.boxnow.gr *.boxnow.cy *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.z-mall.gr *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardlink.gr *.alphaecommerce.gr *.eurocommerce.gr www.facebook.com *.bestprice.gr *.pstatic.gr *.z-mall.gr *.twitter.com *.piraeusbank.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com *.boxnow.gr *.boxnow.cy connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.cleverpoint.gr *.cookiebot.com *.boxnow.gr/ *.bestprice.gr *.pstatic.gr *.googletagmanager.com *.klarnaservices.com *.z-mall.gr *.twitter.com *.skroutz.gr www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://cube.commercebox.io *.boxnow.gr *.boxnow.cy connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.bestprice.gr *.pstatic.gr *.z-mall.gr *.googleapis.com *.klarnaservices.com *.cloudflare.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://cdn.jsdelivr.net/gh/CommerceBox-io/ *.boxnow.gr *.boxnow.cy connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.cleverpoint.gr 'self' data: *.cookiebot.com *.googleadservices.com *.bestprice.gr *.pstatic.gr *.linkwi.se *.octocom.ai octocomstorage.blob.core.windows.net *.hotjar.com *.scanandpay.gr *.hotjar.io *.z-mall.gr *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.piraeusbank.gr *.skroutz.gr www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.bestprice.gr *.pstatic.gr *.octocom.ai octocomstorage.blob.core.windows.net *.jsdelivr.net *.z-mall.gr *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://torus.commercebox.io https://cube.commercebox.io *.boxnow.gr *.boxnow.cy connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net *.cookiebot.com *.bestprice.gr *.pstatic.gr *.scanandpay.gr *.octocom.ai *.hotjar.com *.hotjar.io eu.klarnaevt.com *.ipify.org *.z-mall.gr *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
frame-src 'self' https://nolio-static.s3.eu-west-3.amazonaws.com https://js.stripe.com https://m.stripe.network https://www.youtube.com https://www.instagram.com https://platform.twitter.com https://platform.x.com https://player.vimeo.com https://www.dailymotion.com https://geo.dailymotion.com https://drive.google.com https://www.loom.com https://assets.calendly.com https://calendly.com https://intercom-sheets.com https://www.google.com https://www.tiktok.com https://embed.reddit.com; object-src https://nolio-static.s3.eu-west-3.amazonaws.com; connect-src 'self' wss://www.nolio.io wss://*.intercom.io wss://*.intercom-messenger.com https://matomo.nolio.beer https://nolio-static.s3.eu-west-3.amazonaws.com https://nolio-assets.s3.eu-west-3.amazonaws.com https://nolio-assets.s3.amazonaws.com https://nolio-tmp.s3.eu-west-3.amazonaws.com https://*.intercom.io https://*.intercom-messenger.com https://*.intercomcdn.com https://static.intercomassets.com https://*.stripe.com https://m.stripe.network https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://www.google.com https://www.gstatic.com https://unpkg.com/ https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://*.tile.opentopomap.org; frame-ancestors 'self'; img-src 'self' data: blob: https:; base-uri 'self'; report-to csp-endpoint; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://nolio-static.s3.eu-west-3.amazonaws.com https://fonts.intercomcdn.com; media-src 'self' https://nolio-static.s3.eu-west-3.amazonaws.com https://nolio-assets.s3.eu-west-3.amazonaws.com blob: https://*.intercomcdn.com data:; style-src 'self' 'unsafe-inline' https://nolio-static.s3.eu-west-3.amazonaws.com https://fonts.googleapis.com https://assets.calendly.com https://unpkg.com/leaflet@1.3.4/ https://unpkg.com/leaflet@1.3.4+HEAD.0e566b2/ https://unpkg.com/leaflet-ui@0.1.9/; default-src 'self'; script-src 'self' 'unsafe-inline' https://nolio-static.s3.eu-west-3.amazonaws.com https://js.stripe.com https://matomo.nolio.beer https://www.google.com https://www.gstatic.com https://www.instagram.com https://platform.twitter.com https://platform.x.com https://www.youtube.com https://www.tiktok.com https://embed.reddit.com https://widget.intercom.io https://js.intercomcdn.com https://assets.calendly.com https://www.loom.com https://unpkg.com/interactjs@1.2.9/ https://unpkg.com/leaflet.gridlayer.googlemutant@0.8.0/ https://unpkg.com/d3@5.15.0/ https://unpkg.com/leaflet-gpx@1.5.0/; worker-src 'self' blob:; form-action 'self' https://intercom.help; report-uri /csp-report/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.clarity.ms https://scripts.clarity.ms https://static.userguiding.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://snap.licdn.com https://connect.facebook.net https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://rum-static.pingdom.net; style-src 'self' 'unsafe-inline' https://static.klaviyo.com https://tags.srv.stackadapt.com; img-src 'self' data: https://res.cloudinary.com https://slattery-strapi-media-prod.s3.ap-southeast-2.amazonaws.com https://www.google.com https://www.google.com.au https://px.ads.linkedin.com https://www.facebook.com; connect-src 'self' https://www.google.com https://www.google.com.au https://www.google-analytics.com https://analytics.google.com https://www.googleadservices.com https://k.clarity.ms https://a.klaviyo.com https://sdk.userguiding.com https://rum-collector-2.pingdom.net https://bam.nr-data.net https://static.klaviyo.com https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com; font-src 'self' data: https://static.klaviyo.com; frame-src https://www.googletagmanager.com https://googleads.g.doubleclick.net; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.innoship.ro https://*.sameday.ro *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.tile.openstreetmap.org *.openstreetmap.org *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io https://*.sameday.ro https://pa.7w.ro http://pa.7w.ro *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://*.sameday.ro *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io https://pa.7w.ro http://pa.7w.ro *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-2igNFe9CXSttfHobFXk6j1IJEwJL4U5T'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
object-src 'none'; script-src 'nonce-k8q60za5cscwyhSPzOe2og==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://sentry.io/api/1258985/security/?sentry_key=1891ca9ff5bc416bbb0349a074c3b41f 1
script-src 'self' 'unsafe-inline' https://static.b-ite.com https://cs-assets.b-ite.com https://code.jquery.com https://beteiligung.nrw.de/portal/widgets/widgets-api.js https://api.service-digitale-verwaltung.de/ cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; script-src-elem 'self' 'unsafe-inline' https://static.b-ite.com https://cs-assets.b-ite.com https://code.jquery.com https://beteiligung.nrw.de/portal/widgets/widgets-api.js https://api.service-digitale-verwaltung.de/ cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://api.service-digitale-verwaltung.de/ https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com sf1-eu.readspeaker.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://api.service-digitale-verwaltung.de/ https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com sf1-eu.readspeaker.com 1
object-src 'none';base-uri 'self';script-src 'nonce-2Ztc2BTzBKB-ZW_rtsIDTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com account.fetchify.com *.google.com/ https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com cdn.doofinder.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://bat.bing.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com https://*.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.authorize.net https://*.braintreegateway.com https://*.cardinalcommerce.com https://*.paypal.com https://*.doofinder.com https://widget.freshworks.com https://m2epro.freshdesk.com https://*.googletagmanager.com *.trustpilot.com https://*.vimeocdn.com https://s.ytimg.com https://cdn-cookieyes.com https://*.hotjar.com https://www.clarity.ms https://bat.bing.com https://static.zdassets.com https://googleads.g.doubleclick.net https://includestest.ccdc02.com https://widget-mediator.zopim.com https://challenges.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://static.klaviyo.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ekr.zdassets.com https://bat.bing.net https://h.clarity.ms https://flyingspares.zendesk.com wss://widget-mediator.zopim.com https://challenges.cloudflare.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudfront.net *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com *.meetanshi.com https://meetanshi.com www.googletagmanager.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * snapwidget.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: https://firebasestorage.googleapis.com *.meetanshi.com https://meetanshi.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.co.in *.adroll.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.fontawesome.com *.avada.io *.meetanshi.com https://meetanshi.com connect.facebook.net *.googletagmanager.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cloudflare.com *.paypal.com *.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com https://meetanshi.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.fontawesome.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Qggsq-J09JwG0nIVpljFFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'  https://*.mipulse.co https://*.gstatic.com; style-src 'self'  'unsafe-inline' https://fonts.googleapis.com; script-src 'self'  'nonce-8EGacUQ394x8j8elVdhgAw==' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://connect.facebook.net https://*.krxd.net https://cstatic.weborama.fr https://cdn.livechatinc.com https://api.livechatinc.com https://pureinfluencer.idrove.it https://assets.adobedtm.com https://www.youtube.com/ 'sha256-IXwUgYQlz6whdqY9fAsuWm5tF3a/48gpSOx/RrJVM2M=' 'sha256-ZmOqvxu/SYXtKMZjkegWCZv0fNWqYPMIAbkDSAFd9HQ=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-mIJsOQOBL5URHW6ppIPLOp054yHEgxgh+tumu3VW4uY=' 'sha256-L6GTuf9tzJT4M/eRPyT9q18L0UnaWdBIpW2kYl6Fkwk=' 'sha256-IdzrL+27mccklOzBWVvXNgfZ8D6HIFjn7Y46BiYZxTY=' 'sha256-5Cz4ZsI1P9g7z/hqtco8MVFsPeuN1kkADoDE9KE5Nzw=' 'sha256-gJR8nYIj9BIisULplpuG6AU6/3PMeA+ZN5sISuG7Roc=' 'sha256-73tOv4V0QRBLpWjCPRThujEhdW5bB4Hx1uA8jBszxUQ=' 'sha256-zCzIA5Bv5v0Y/u686kOREhia31pT64lCSWPLez72SsI=' 'sha256-2sDhctfJAd53/P/qWSTE71aWvnK2vYVrDmF3P2a5yC0=' 'sha256-g6+9PI/TlodFbDrCPHRXzigoOKGKtu3pJ7F2bPLWRQ0=' 'sha256-7PyrcA0NOMOO1UolfxOEr0a+ClC2NRZZopOV0aDnqTc=' 'sha256-7sUD0rKPq7QkPTkJQIxh29ga8KBXgV/+rXHtn0jzPRg=' 'sha256-ULRvWsXdAu0tZgP5Lm/YcdG09i5xDrD0FTeK0+8+LDY=' 'sha256-ykJUQ34Vs5aGtiZ8/Y/3jk7xHgXHFFdobPe/XpUPwbU=' 'sha256-z8P9D8SlqjFhTbJlsocGwGVQPS1kjtDPFseU75brggM=' 'sha256-V685dp7Jpv93B7VcKE2er/ZlyPI5HIRWk2E6qllmjeY=' 'sha256-U7/M8TKZhT8DWAhD2RL1hr60w7H1i+GRfNYe7iOJMfE=' 'sha256-nOc3LegX/8ADmYdGC1d7ig0o995pVq2rfz34uz28tTo=' 'sha256-/XghktC/jSbJ/rP3BqRv6WKIGjlfgmVSGsI6nJAo5qw=' 'sha256-ae9Y2uLK/1m5oiL4aIDKOSYBXCHA/9LjsjAQ5a+qjd4='; img-src 'self'  data: https://*.krxd.net https://www.facebook.com https://*.adsrvr.org https://maps.googleapis.com https://www.google.com https://www.google.co.in https://www.google.ca https://ups.analytics.yahoo.com https://cm.g.doubleclick.net https://*.mipulse.co https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com http://report.mitsubishicars.com https://cdn.cookielaw.org; frame-src 'self' data: https://www.facebook.com https://8715429.fls.doubleclick.net https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://mitsubishi1.solution.weborama.fr https://*.krxd.net https://td.doubleclick.net https://*.mipulse.co https://secure.livechatinc.com; connect-src 'self'  https://cdn.cookielaw.org https://stats.g.doubleclick.net https://*.onetrust.com https://analytics.google.com https://pagead2.googlesyndication.com https://*.mipulse.co https://maps.googleapis.com/ https://www.google-analytics.com https://api.livechatinc.com https://pureinfluencer-api.idrove.it https://pro.ip-api.com https://rts-api.idrove.it; media-src 'self' data: https://*.mipulse.co https://cdn.livechatinc.com; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.feedbackcompany.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.feedbackcompany.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.nosto.com *.nos.to *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.getqonfi.com agryghsjho.cloudimg.io imgsct.cookiebot.com *.feedbackcompany.com magefan.com cm.magefan.com *.nosto.com *.nos.to https://www.unifaunonline.se https://*.tile.openstreetmap.org/ flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn2.hubspot.net resources.paytrail.com https://shareasale.com/sale.cfm https://track.linksynergy.com https://www.bizrate.com https://www.awin1.com https://track.webgains.com https://prf.hn https://track.flexlinks.com https://scripts.affiliatefuture.com https://t.powerreviews.com https://match.sharethrough.com https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://jadserve.postrelease.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://ps.eyeota.net https://public-prod-dspcookiematching.dmxleo.com *.amazonaws.com www.google.com.ua https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.getqonfi.com consent.cookiebot.com *.feedbackcompany.com *.nosto.com *.nos.to s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io https://api.unifaun.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com https://www.dwin1.com https://intljs.rmtag.com https://cdn.avmws.com https://images.bizrate.com https://www.awin1.com https://swrap.tradedoubler.com https://analytics.optimalpeople.fr https://www.linkconnector.com https://d3v27wwd40f0xu.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://*.affiliatefuture.com https://static.powerreviews.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://gluehbirnebillig.de https://load.kt1pq.gluehbirnebillig.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.getqonfi.com *.feedbackcompany.com *.nosto.com *.nos.to ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.paytrail.com https://shareasale.com/sale.cfm https://analytics.optimalpeople.fr https://measurement-api.criteo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://load.kt1pq.gluehbirnebillig.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * static.olark.com *.facebook.com amc.demdex.net *.certcapture.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.christianlight.com *.visualwebsiteoptimizer.com *.google.com *.windows.net *.facebook.com *.google.ru *.bing.com *.olark.com *.cookielaw.org *.googleapis.com https://*.gstatic.com *.certcapture.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com dev.visualwebsiteoptimizer.com connect.facebook.net bat.bing.com cdn.roirevolution.com js.bronto.com *.olark.com ajax.googleapis.com edge1.certona.net www.res-x.com *.celebros-analytics.com js-agent.newrelic.com bam-cell.nr-data.net *.cookielaw.org *.googleapis.com https://*.gstatic.com *.certcapture.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com use.fontawesome.com uitemplatev3stag.celebros.com static.olark.com www.christianlight.com *.certcapture.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.christianlight.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.roirevolution.com *.bronto.com *.olark.com *.doubleclick.net bam-cell.nr-data.net *.cookielaw.org *.onetrust.com *.googleapis.com *.certcapture.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.christianlight.com/; report-to report-endpoint; 1
font-src www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com www.facebook.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.doofinder.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.doofinder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XhTJ5Qs1bEyTndQ51YIhqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.burningangel.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.burningangel.com join.gammasecure.com; script-src 'self' *.burningangel.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.burningangel.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://use.typekit.net fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://consentcdn.cookiebot.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.hotjar.com https://script.hotjar.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com *.disqus.com *.avada.io *.shopify.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://use.typekit.net https://p.typekit.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9c7eaa4e-11d4-4b74-af4e-1758420c0a75.sansec.watch/; report-to report-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-1aNHWthCZrl5-Zq1iOTnXg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
child-src 'self' https * blob:; connect-src 'self' https *; default-src 'self' https; font-src 'self' https * data: moz-extension:; frame-src 'self' https *; img-src 'self' https * blob: data: android-webview-video-poster:; media-src 'self' https * data:; object-src 'self' https *; script-src 'self' https * data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https * blob: data: 'unsafe-inline'; worker-src 'self' https * blob:; report-uri https://sentry.io/api/6314511/security/?sentry_key=04126561748147289224fdbccbbe147d@o1192770.ingest.sentry.io/6314511 1
worker-src 'none'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' https://js.stripe.com landofcoder.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * test.saferpay.com www.saferpay.com saferpay.com https://app-wallee.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.adobedtm.com *.cloudflare.com *.googleadservices.com *.google-analytics.com cdn.jsdelivr.net www.google.by www.google.ru dsum.casalemedia.com csync.loopme.me *.lesperformads.com https://*.vo.msecnd.net cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com adservice.google.com *.google.co.uk *.trustedshops.com *.facebook.com *.usercentrics.eu *.bidswitch.net *.ad4m.at *.adnxs.com *.adserver01.de *.adition.com *.adnet.de ad.doubleclick.net dsum-sec.casalemedia.com pixel.rubiconproject.com usync.vrtcal.com cm.adform.net e1.emxdgt.com ad.yieldlab.net *.adcell.com *.converify.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.doubleclick.net *.ytimg.com *.validator.swagger.io *.cloudfront.net *.s3.amazonaws.com *.mailchimp.com *.google.com *.braintreegateway.com *.saferpay.com *.app-wallee.com *.xtento.com bodenheizung-24.de ad.360yield.com *.pubmine.com *.sync.1rx.io *.unrulymedia.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://app-wallee.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.cloudflare.com pay.google.com *.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com apis.google.com *.googleapis.com *.googleadservices.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com cdn.jsdelivr.net cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://polyfill.io landofcoder.com *.disqus.com *.alothemes.com *.magepow.com *.facebook.net *.usercentrics.eu matomo.bodenheizung-24.de *.adcell.com *.trustedshops.com *.smarketer.de *.ad-srv.net *.ad4m.at ad4m.at *.hyj.mobi *.adnet.de *.twitter.com js.mollie.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://app-wallee.com https://gmtech.mfgroup.ch https://assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.doofinder.com downloads.mailchimp.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.adnet.de assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://app-wallee.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' analytics.optimalpeople.fr *.gsitrix.com *.cloudflare.com 'self' https://maps.googleapis.com *.doofinder.com wss://*.doofinder.com landofcoder.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com matomo.bodenheizung-24.de *.usercentrics.eu *.doubleclick.net *.smarketer.de *.adcell.com *.ad4m.at *.trustedshops.com trustbadge.api.etrusted.com *.demdex.net *.omtrdc.net *.googlesyndication.com bodenheizung-24.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.etrusted.com https://integrations.etrusted.site https://app-wallee.com https://assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
report-uri https://cspevents.azurewebsites.net/api/collect;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.scope.ne.jp *.pay.jp stscopestatics001.blob.core.windows.net scope-files.s3.amazonaws.com *.rakuten.co.jp cse.google.com clients1.google.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com www.google.co.jp www.google.com www.gstatic.com func-bbs-scope-stage-japaneast.azurewebsites.net func-bbs-scope-prod-japaneast.azurewebsites.net *.youtube.com yt.ggpht.com *.gstatic.com i.ytimg.com static.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net player.vimeo.com td.doubleclick.net js-agent.newrelic.com bam.nr-data.net 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src  https: wss:; report-uri /csp-report 1
default-src 'self' 'nonce-WFbmgOE1846a' cc.js https://googleads https://cc-cdn.com https://api.craftyclicks.co.uk https://www.westfieldfasteners.co.uk https://bat.bing.com http://bat.bing.com https://bat.bing.net https://www.google-analytics.com https://www.google.com https://region1.google-analytics.com https://www.google.co.uk https://www.googleadservices.com https://google.com https://www.googletagmanager.com 1
object-src 'none';base-uri 'self';script-src 'nonce-raH-vHY9wTY_lIBg_oJZ4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.googleapis.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com www.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com https://www.gardenersedge.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; worker-src 'self' blob:; font-src 'self'; connect-src 'self'; report-uri https://dcc-cspreport.enovation.ie/csp-report-hlane.php 1
object-src 'none';base-uri 'self';script-src 'nonce-vPrdr0V9t2k3Tptar4staA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src-elem *.google.com google.com *.bing.com *.simpli.fi *.doubleclick.net www.googletagmanager.com www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ 'self' 'unsafe-inline'; font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.intuit.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net www.googletagmanager.com *.meetanshi.com *.intuit.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.meetanshi.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.meetanshi.com *.intuit.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com google.com *.doubleclick.net ekr.zdassets.com/ *.meetanshi.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';                             form-action 'Self' https://*.macmap.org https://export.highcharts.com https://mas-admintools.intracen.org;                             child-src 'Self' https://*.intracen.org https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://div.show;        frame-src 'Self' https://www.youtube.com https://*.intracen.org https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com http://auth.iws-hybrid.trendmicro.com https://auth.iws-hybrid.trendmicro.com https://auth.vemic.com https://block.opendns.com https://blocked.syd-1.linewize.net https://gateway.id.swg.umbrella.com https://gateway.zscaler.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://notify.bluecoat.com https://pwm-image.trendmicro.com https://safe.menlosecurity.com https://www.securly.com https://web-notification.capgemini.com;                             frame-ancestors 'Self' https://*.macmap.org https://www.trade.gov.in https://www.macmap.org;                             img-src 'Self' data: blob: https://www.googletagmanager.com https://fonts.gstatic.com https://translate.google.com https://cdn.honey.io:443 https://pos.baidu.com https://www.gstatic.com https://www.macmap.org https://yastatic.net https://cdn.shopimgs.com https://yastatic.net https://macmap.org;                             style-src 'Self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com;                             style-src-attr 'Self' 'report-sample' 'unsafe-inline';                             style-src-elem 'Self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.kaspersky-labs.com https://www.gstatic.com https://cdn.honey.io:443 https://fonts.googleapis.com https://pwm-image.trendmicro.com https://www.gstatic.com https://www.gstatic.com:443 https://www.l-sou.com https://www.macmap.org;                             script-src 'Self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://maxcdn.bootstrapcdn.com https://code.jquery.com https://platform.twitter.com https://www.googletagmanager.com https://*.macmap.org https://code.jquery.com;                             script-src-attr 'Self' 'unsafe-inline';                             script-src-elem 'Self' 'report-sample' 'unsafe-inline' blob: https://www.googletagmanager.com https://platform.twitter.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://ajax.googleapis.com:443 https://cdn.bootcdn.net https://code.jquery.com https://connect.facebook.net:443 https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://infird.com https://me.kis.v2.scr.kaspersky-labs.com https://platform.twitter.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com https://www.l-sou.com https://www.macmap.org;                             connect-src 'Self' blob: data: https://region1.google-analytics.com https://www.google-analytics.com https://api.adsfight.com https://cdn.shopimgs.com https://fonts.googleapis.com https://fonts.googleapis.com:443 https://fonts.gstatic.com https://fonts.gstatic.com:443 https://gateway.oyealva.com https://infragrid.v.network https://local.adblock360.com https://l-sou.com https://overbridgenet.com https://polyfilljs.org https://translate.googleapis.com https://translate.googleapis.com:443 https://translate-pa.googleapis.com https://translate-pa.googleapis.com:443 https://www.google-analytics.com https://www.googletagmanager.com https://www.macmap.org https://overbridgenet.com https://www.google-analytics.com https://cdn.shopimgs.com;                             font-src 'Self' data: https://fonts.gstatic.com https://account.affilitizer.com https://at.alicdn.com https://cdn.fastdic.com https://cdn.jsdelivr.net https://cdn.megabonus.com https://cdn.scite.ai https://cdn-uicons.flaticon.com https://migaku-public-data.migaku.com https://r2cdn.perplexity.ai https://use.typekit.net;                             media-src blob: data: https://ssl.gstatic.com;                             worker-src blob:;                             manifest-src 'Self' https://www.macmap.org;        object-src 'Self' https://www.macmap.org;                             report-uri https://fawedsitereporting.azurewebsites.net/api/csp-report?;                             report-to default                              1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com 'sha256-F+QMJISS2IIkRUd2a+c+u1owMqMSoidCaHFDAmzUgOo=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-yZHeusBmoqYSsqdm5ylf993dfqVyosFaYa5gueKZDsA=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-AgTl8Go9WFl+lprCLuWNLfmORUij6C8Lv3fUmWcnPPI=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-Z/5KpCpbC1WQJe1Jj6ExIT18j2xDgOUmWk53M7yuapg=' 'sha256-fPXetwWx4258jL256OrNtQQyvFVR4/BotkeZKtfk54Q=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-XcJhjhQeT3IZrXbvjXS7FdDB0mGtErY7S1qu8mAIatM=' 'sha256-qcT/R0HkWUs2DMxvtvcMobUms6Z5/fPtfgUe2hN67gE='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com https://sourcemap.devowl.io https://sourcemap.devowl.io/real-media-library/4.22.47/adb9a2f4ef22d5d85978840bd322bf76/index.js.map www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://my.mediahub.bnpparibas/AssetLink/1cwfu8n4ki414p6d240ff18r41ver00j.mp4 https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com blob: https://fxplus.bnpparibas.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
object-src  'none'; connect-src 'self' *.ragingstallion.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.ragingstallion.com join.gammasecure.com; script-src 'self' *.ragingstallion.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.ragingstallion.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://stats.g.doubleclick.net performance.typekit.net https://*.qa.moneymatch.com https://*.moneymatch.com https://*.training.moneymatch.com https://*.development.moneymatch.com https://*.dialogue.qa.moneymatch.com https://*.dialogue.training.moneymatch.com https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://ignitesales.com; font-src 'self' data: https://fonts.typekit.net https://use.typekit.net https://fonts.gstatic.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://unpkg.com https://ignitesales.com; frame-src https://jira.ignitesales.com https://ignitesales.com; img-src 'self' data: p.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://ignitesales.com https://cdn.datatables.net https://ignitesales.com; script-src 'self' 'unsafe-eval' https://use.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://maps.googleapis.com https://jira.ignitesales.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.datatables.net 'unsafe-inline' https://ignitesales.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://cdn.datatables.net https://cdnjs.cloudflare.com p.typekit.net https://unpkg.com https://ignitesales.com; report-uri /lift/content-security-policy-report 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com https://*.etracker.com https://*.etracker.de https://images.unsplash.com https://www.mollie.com *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://*.etracker.com https://*.etracker.de https://maps.googleapis.com js.mollie.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.etracker.de https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.certcapture.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-XEtpPenbSeUwUipq8L3DqA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self' https: https://backend.abuauf.com https://abuauf-stg.cloudhosta.com https://abuauf.com;script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.cloudflareinsights.com https://analytics.google.com https://api-gateway-uat.ngenius-payments.com https://paypage.sandbox.ngenius-payments.com https://paypage.ngenius-payments.com https://*.ngenius-payments.com https://www.googletagmanager.com https://backend.abuauf.com https://abuauf-stg.cloudhosta.com https://abuauf.com https://script.hotjar.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com;img-src 'self' blob: data: https://c.bing.com/ https://c.clarity.ms/c.gif https://scripts.clarity.ms/ https://*.googleapis.com https://backend.abuauf.com https://abuauf-stg.cloudhosta.com https://abuauf.com https://www.facebook.com  https://maps.gstatic.com https://www.google.com https://www.google.com https://www.google.com.eg https://www.googletagmanager.com https://www.google.ru https://*.abuauf.com https://googleads.g.doubleclick.net https://i.ytimg.com https://www.google-analytics.com https://fonts.gstatic.com;media-src 'self' blob: https://backend.abuauf.com https://abuauf-stg.cloudhosta.com https://abuauf.com ;font-src 'self' 'unsafe-eval' blob: data: webpack: https://fonts.gstatic.com;base-uri 'self';connect-src 'self' https://cloudflareinsights.com https://ipapi.co https://static.cloudflareinsights.com https://analytics.tiktok.com https://analytics.google.com https://api-gateway-uat.ngenius-payments.com https://paypage.sandbox.ngenius-payments.com https://paypage.ngenius-payments.com https://*.ngenius-payments.com https://www.googleleadservices.com https://www.googleadservices.com https://www.google-analytics.com https://backend.abuauf.com https://backendstg.abuauf.com/ https://www.googleapis.com https://www.facebook.com https://graph.facebook.com https://google.com https://vc.hotjar.io https://metrics.hotjar.io https://www.google.com https://www.google.com.eg https://stats.g.doubleclick.net https://www.clarity.ms https://*.clarity.ms https://api.ipapi.is https://googleads.g.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://scripts.clarity.ms/ https://static.cloudflareinsights.com https://analytics.tiktok.com https://analytics.google.com https://paypage.sandbox.ngenius-payments.com https://paypage.ngenius-payments.com https://*.ngenius-payments.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://js.createsend1.com https://*.googleapis.com https://*.google.com https://googleads.g.doubleclick.net https://script.hotjar.com https://ap-gateway.mastercard.com https://www.googleadservices.com https://www.youtube.com https://waffarad.com https://www.clarity.ms;form-action 'self' https://analytics.google.com https://api-gateway-uat.ngenius-payments.com https://authentication.cardinalcommerce.com  https://www.facebook.com https://secure-acs2ui-b1-indmum-mumrdc.wibmo.com https://ap.gateway.mastercard.com https://*.wibmo.com;frame-src 'self' https://analytics.google.com https://api-gateway.sandbox.ngenius-payments.com https://api-gateway-uat.ngenius-payments.com https://paypage.sandbox.ngenius-payments.com https://paypage.ngenius-payments.com https://*.ngenius-payments.com https://authentication.cardinalcommerce.com https://www.googletagmanager.com https://www.facebook.com https://backend.abuauf.com https://backendstg.abuauf.com/ https://abuauf.com https://www.youtube.com https://td.doubleclick.net https://ap-gateway.mastercard.com https://secure-acs2ui-b1-indmum-mumrdc.wibmo.com https://ap.gateway.mastercard.com https://*.wibmo.com;object-src 'self' blob: data:;worker-src 'self' blob:;report-to default; 1
default-src 'self'; form-action 'self' https://request.qlar.com; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://ad.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.es https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.ads.linkedin.com https://t.visitorqueue.com; frame-src 'self' https://request.qlar.com https://td.doubleclick.net https://*.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; script-src 'strict-dynamic' 'nonce-I9xLLZZO074wxCk6X2JcRrbQDcYYwLWW52E7d2jg' 'self' https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://snap.licdn.com https://t.visitorqueue.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://request.qlar.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://googleads.g.doubleclick.net  https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.es https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.ads.linkedin.com https://t.visitorqueue.com; report-uri https://www.qlar.com/api/report/csp; report-to csp-endpoint; upgrade-insecure-requests; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-qB-B1E4l2qt9AVavqaw2HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' https://go.siliconvalleycf.org https://www.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://translate.google.com https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://s3.amazonaws.com https://cdn-cookieyes.com/ https://www.googletagmanager.com https://w.recruiterbox.com; style-src 'self' https://go.siliconvalleycf.org https://www.gstatic.com https://fonts.gstatic.com https://cdn-images.mailchimp.com https://w.recruiterbox.com; img-src 'self' https://www.w3.org https://www.google.com https://www.gstatic.com https://fonts.gstatic.com/ data: https://www.siliconvalleycf.org https://cdn-cookieyes.com https://w.recruiterbox.com; connect-src 'self' https://translate.googleapis.com https://cdn-cookieyes.com https://log.cookieyes.com; font-src 'self' https://fonts.gstatic.com data:; frame-src https://www.google.com https://w.recruiterbox.com https://app.recruiterbox.com; form-action 'self'; base-uri 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.googletagmanager.com *.doubleclick.net insight.adsrvr.org c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.linkedin.com www.facebook.com *.doubleclick.net www.google.co.nz *.google.co.nz www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com *.avada.io *.shopify.com cdnjs.cloudflare.com connect.facebook.net snap.licdn.com js.adsrvr.org *.cybersource.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.fonts.net *.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net analytics.google.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io cdnjs.cloudflare.com www.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://cdn-custom.optimonk.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.magerocket.com *.gocuotas.com https://event.getblue.io https://www.googletagmanager.com *.mercadolibre.com https://mobbex.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io www.apptrian.com www.facebook.com *.magerocket.com *.gocuotas.com https://firebasestorage.googleapis.com https://wbg.menze.la https://res.sugaway.io https://media.wanamakids.com https://www.google.com.co *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com flagpedia.net *.mobbex.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.magerocket.com *.gocuotas.com *.avada.io https://onsite.optimonk.com https://cdn-account.optimonk.com https://cdn-limit.optimonk.com https://ekr.zdassets.com https://jfapiprod.optimonk.com https://front.optimonk.com https://d3v-menze.zendesk.com https://cdn-asset.optimonk.com https://player.vimeo.com https://gs-cdn.optimonk.com https://static.zdassets.com https://assets-cdn.woowup.com https://cdn.jsdelivr.net https://res.sugaway.io *.mlstatic.com *.mercadopago.com *.gstatic.com maps.googleapis.com *.mobbex.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://cdn.jsdelivr.net https://media.wanamakids.com https://cdn-asset.optimonk.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com connect.facebook.net graph.facebook.com *.magerocket.com *.gocuotas.com https://get.geojs.io *.avada.io https://front.optimonk.com https://cdn-account.optimonk.com https://cdn-limit.optimonk.com https://ekr.zdassets.com https://jfapiprod.optimonk.com https://d3v-menze.zendesk.com https://cdn-asset.optimonk.com https://player.vimeo.com https://gs-cdn.optimonk.com https://static.zdassets.com https://assets-cdn.woowup.com https://cdn.jsdelivr.net https://j.clarity.ms *.mercadopago.com *.mercadolibre.com www.gstatic.com maps.googleapis.com *.mobbex.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com https://fonts.gstatic.com https://static.payzen.eu/static/ *.twimg.com *.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.twitter.com *.addthis.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: blob: *.cloudflare.com *.www.googleadservices.com *.www.google-analytics.com *.twitter.com *.assets.adobedtm.com *.amcglobal.sc.omtrdc.net *.dpm.demdex.net *.cm.everesttech.net *.widgets.magentocommerce.com *.googleads.g.doubleclick.net *.bid.g.doubleclick.net *.analytics.google.com *.t.paypal.com *.fpdbs.paypal.com *.fpdbs.sandbox.paypal.com *.i.ytimg.com *.validator.swagger.io *.klarna.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.b.stats.paypal.com *.dub.stats.paypal.com *.assets.braintreegateway.com *.c.paypal.com *.checkout.paypal.com *.mcstaging.alcarrito.com https://cdn-int.safecharge.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://secure.safecharge.com/ https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ *.hsforms.net *.hsforms.com *.www.google.com.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com apis.google.com code.iconify.design *.geostag.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.geoapi.cardinalcommerce.com *.1eafapi.cardinalcommerce.com *.songbird.cardinalcommerce.com *.includestest.ccdc02.com *.googleadservices.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.t.paypal.com *.s.ytimg.com *.googleapis.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.trackedlink.net *.js.braintreegateway.com *.assets.braintreegateway.com *.c.paypal.com *.pay.google.com *.api.braintreegateway.com *.api.sandbox.braintreegateway.com *.client-analytics.braintreegateway.com *.client-analytics.sandbox.braintreegateway.com *.songbirdstag.cardinalcommerce.com  https://magento.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com https://cdn-int.safecharge.com https://play.google.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.twimg.com *.hsforms.net *.hsforms.com *.chart.apis.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.fontawesome.com *.bootstrapcdn.com https://cdn.safecharge.com https://devmobile.sccdev-qa.com  https://fonts.googleapis.com https://static.payzen.eu/static/ *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.cdn.connectif.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.operacionmayo.com *.audiosmadres.onrender.com  https://sdkmon.safecharge.com https://ppp-test.safecharge.com https://ppp-test.nuvei.com https://secure.safecharge.com https://play.google.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-nR_TXz-hTAFAwoCEiCfj1IHLCKFv3vqOMEYKcpvxsadsTpkIRXjmDQ' https://analytics.avv-augsburg.de https://cdn.eye-able.com https://translate-cdn.eye-able.com https://fahrtauskunft.avv-augsburg.de https://www.cdn.botfriendsx.com https://api.eu-1.smooch.io 'sha256-Pn59f+s+XVjLbIBPaKtcJMx+XrYnD9bly7kSRzkhfQw=' 'sha256-WMV6TCAKRqiJchBuLbDidJP71VKfKmtmQMLi2ITJGWY=' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://cdn.eye-able.com https://www.cdn.botfriendsx.com https://www.gravatar.com https://analytics.vwork.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://kundencenter.avv-augsburg.de; style-src-elem 'self' https://cdn.eye-able.com https://www.cdn.botfriendsx.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://fahrtauskunft.avv-augsburg.de https://analytics.avv-augsburg.de https://analytics.vwork.de https://translate.eye-able.com https://translate-cdn.eye-able.com https://www.cdn.botfriendsx.com https://690c6018ecaa9434b9fe2b5f.config.eu-1.smooch.io https://cdn.jsdelivr.net https://api.eu-1.smooch.io wss://api.eu-1.smooch.io; font-src 'self' data: https://cdn.eye-able.com https://www.cdn.botfriendsx.com; media-src 'self' data: https://www.cdn.botfriendsx.com; style-src 'self' https://cdn.eye-able.com 'unsafe-inline' 'report-sample'; report-uri https://www.avv-augsburg.de/@http-reporting?csp=report&requestTime=1773715149810014&requestHash=0565481add4986af617e0d29993f5fa5250185e8 1
object-src 'none';base-uri 'self';script-src 'nonce-PlrgEiYqB6uedV4OYc-H1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: trysen.kupibilet.ru top-fwz1.mail.ru personalization-web-stable.mindbox.ru web-static.mindbox.ru https://privacy-cs.mail.ru api.mindbox.ru google.nl yastatic.net apis.google.com mc.yandex.ru *.tildacdn.com www.google.com *.analytics.google.com analytics.google.com adservice.google.com td.doubleclick.net cdnjs.cloudflare.com static.aviasales.com avsplow.com *.avsplow.com vsplow.com tp.media *.travelpayouts.com travelpayouts.com vc.hotjar.io *.kupi.com uploads.intercomcdn.com capture.trackjs.com www.facebook.com connect.facebook.net appleid.cdn-apple.com mc.yandex.com translate.google.com script.hotjar.com sdk.inappstory.com *.hotjar.com vk.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com accounts.google.com fonts.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com nexus-websocket-a.intercom.io *.clarity.ms www.kupi.com  websdk.appsflyer.com banner.appsflyer.com ; base-uri 'self'; object-src 'none'; font-src 'self' cdn.appsflyer.com *.tildacdn.com https://fonts.gstatic.com www.travelpayouts.com fonts.intercomcdn.com data:; img-src 'self' data: *.kupi.com www.kupi.com landings-api-v2-img.kupibilet.ru landings-api-v2.kupibilet.ru top-fwz1.mail.ru www.google.ru mc.yandex.ru mc.yandex.com www.google.nl www.google.com facebook.com www.facebook.com *.travelpayouts.com downloads.intercomcdn.com static.intercomassets.com www.google-analytics.com www.googletagmanager.com vk.com login.vk.com usage.trackjs.com *.tile.openstreetmap.org js.intercomcdn.com; manifest-src 'self'; media-src 'self' js.intercomcdn.com; frame-src * 1
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com optimize.google.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.adobedc.net *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.acousticalsolutions.com *.googlesyndication.com *.google-analytics.com *.klevu.com api.exponea.com ct.pinterest.com *.abtasty.com *.adobedc.net *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com *.zendesk.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarnaevt.com *.google.de *.klarna.com *.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.de *.alothemes.com *.magepow.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.google.de *.doubleclick.net https://cdn.jsdelivr.net *.alothemes.com *.magepow.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.doubleclick.net *.google.de *.google-analytics.com *.alothemes.com *.magepow.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uusMbfzkOFrTs9_KgznfQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-diHsTt9VsWEivn_ybNZKUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.magezon.com magefan.com cm.magefan.com *.disqus.com *.imgix.net 'self' data: https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.authorize.net *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://plumrocket.com *.meetanshi.com https://www.google.com *.addthis.com *.pinterest.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.meetanshi.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com store.paradoxlabs.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.avada.io *.meetanshi.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.authorize.net https://apis.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.meetanshi.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://www.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'report-sample' js.adsrvr.org connect.facebook.net js-agent.newrelic.com app.pendo.io cdn.pendo.io c.amazon-adsystem.com data.pendo.io pendo-static-5713592751095808.storage.googleapis.com apps.cac1.pure.cloud tarion.breezy.hr www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/npm cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com 'nonce-QFLo_X6xr-w7FUYYMtAqLQ'; script-src-elem 'self' 'report-sample' js.adsrvr.org connect.facebook.net js-agent.newrelic.com app.pendo.io cdn.pendo.io c.amazon-adsystem.com data.pendo.io pendo-static-5713592751095808.storage.googleapis.com apps.cac1.pure.cloud tarion.breezy.hr www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/npm cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com 'nonce-QFLo_X6xr-w7FUYYMtAqLQ'; style-src 'self' fonts.googleapis.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self'; report-uri https://app.csplog.com/api/v1/report/tarion-com 1
object-src 'none';base-uri 'self';script-src 'nonce-cvCJ4IIReexDKtcuUWAIog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://client.crisp.chat *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.wesupply.xyz *.facebook.com https://load.stracking.weltpixel.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://image.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.crisp.chat v2assets.zopim.io *.zopim.io weltpixel.com www.weltpixel.com *.magento.com *.filestackapi.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw hn.inspectlet.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://client.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://www.googletagmanager.com tagmanager.google.com *.weltpixel.com *.cloudflare.com *.cloudflareinsights.com *.zdassets.com *.usefomo.com *.fomo.com *.gstatic.com *.vimeo.com *.googleoptimize.com *.inspectlet.com https://tracking.weltpixel.com https://load.stracking.weltpixel.com/ static-tracking.klaviyo.com *.nudgify.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://client.crisp.chat https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com tagmanager.google.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com weltpixel.com www.weltpixel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com https://www.google-analytics.com *.weltpixel.com capig.weltpixel.com load.stracking.weltpixel.com stracking.weltpixel.com *.a.klaviyo.com *.facebook.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.zendesk.com *.usefomo.com *.fomo.com https://tracking.weltpixel.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.inspectlet.com wss://ws.inspectlet.com/ t.co *.nudgify.com https://load.stracking.weltpixel.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com login.microsoftonline.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com www.gstatic.com https://www.google.com/recaptcha/ *.adyen.com magento-cloudflare.jetrails.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com policy.app.cookieinformation.com www.googletagmanager.com td.doubleclick.net onskeskyen.dk 'self'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com magefan.com cm.magefan.com scontent.cdninstagram.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.navipartner.dk *.googletagmanager.com t.raptorsmartadvisor.com maps.gstatic.com www.google.rs www.google.dk pagead2.googlesyndication.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.google.com www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com static.addtoany.com *.fontawesome.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com policy.app.cookieinformation.com *.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://bi.heyloyalty.com tag.heylink.com static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googletagmanager.com pagead2.googlesyndication.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com *.adyen.com ekr.zdassets.com/ graph.instagram.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com policy.app.cookieinformation.com consent.app.cookieinformation.com maps.googleapis.com pagead2.googlesyndication.com https://stats.g.doubleclick.net www.google.com tracking.heyloyalty.com *.analytics.google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com https://www.gstatic.com *.googleapis.com *.zopim.com 'self' data: *.chatchamp.com *.klarnacdn.net https://fonts.gstatic.com https://widgets.trustedshops.com https://webcachex-eu.datareporter.eu https://webcache-eu.datareporter.eu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.kaptcha.com *.facebook.com *.pinterest.com *.sharethis.com *.chatchamp.com td.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.klarna.com landofcoder.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.google.com *.google.de *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com region1.google-analytics.com *.analytics.google.com *.twitter.com *.twimg.com *.bing.com *.facebook.com *.facebook.net *.pinterest.com *.sleeknote.com *.zopim.com *.dalton-cosmetics.com *.googletagmanager.com *.googleapis.com *.sharethis.com *.newsletter2go.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://analytics.tiktok.com https://*.tiktokcdn.com https://bat.bing.com https://bat.bing.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google-analytics.com https://*.gstatic.com *.twitter.com *.googletagmanager.com *.googlesyndication.com *.pinimg.com *.bing.com *.facebook.net *.facebook.com *.zopim.com *.googleapis.com *.zdassets.com *.sleeknote.com *.cookielaw.org *.doubleclick.net www.dwin1.com *.paypal.com *.cardinalcommerce.com integrations.etrusted.com *.chatchamp.com *.sharethis.com *.newsletter2go.com 'self' data: js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com landofcoder.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://webcache-eu.datareporter.eu https://webcachex-eu.datareporter.eu https://cdn.brevo.com https://analytics.tiktok.com https://ct.pinterest.com https://sibautomation.com https://trck.linkster.co https://bat.bing.com https://webcache.datareporter.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.chatchamp.com *.sharethis.com 'self' data: assets.braintreegateway.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://webcache-eu.datareporter.eu https://webcachex-eu.datareporter.eu 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.google.com *.google-analytics.com *.googleapis.com region1.google-analytics.com *.analytics.google.com *.doubleclick.net *.twitter.com *.cookielaw.org *.pinterest.com *.zopim.com *.zdassets.com *.onetrust.com *.braintree-api.com *.braintreegateway.com *.zendesk.com wss://widget-mediator.zopim.com *.chatchamp.com *.sharethis.com *.newsletter2go.com pagead2.googlesyndication.com *.google.de *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat googleads.g.doubleclick.net *.googleadservices.com *.bing.com *.posthog.com *.sleeknote.com *.crwdcntrl.net *.stbuttons.click api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com landofcoder.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://webcache-eu.datareporter.eu https://swarmcrawler.datareporter.eu https://c.datareporter.eu https://analytics.tiktok.com https://business-api.tiktok.com https://bat.bing.com https://in-automate.brevo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.iubenda.com api.payplug.com secure.payplug.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.iubenda.com https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.iubenda.com api.payplug.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.iubenda.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hsforms.net/forms/ https://*.hsforms.com/embed/ https://sdk.privacy-center.org https://www.clarity.ms https://www.google-analytics.com/analytics.js https://cdn.amplitude.com https://*.google-analytics.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hs-scripts.com https://*.clarity.ms https://www.youtube.com/ https://ws.zoominfo.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://platform.twitter.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.amplitude.com https://code.jquery.com https://www.google.com https://www.googletagmanager.com https://j.6sc.co https://s.adroll.com https://d.adroll.com https://cdn.cookielaw.org https://www.workable.com https://apply.workable.com https://dcvxs6ggqztsa.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://cybelangel.com https://*.cybelangel.com https://d.adroll.com https://b.6sc.co https://eb2.3lift.com https://*.3lift.com https://image2.pubmatic.com https://*.pubmatic.com https://sync.taboola.com https://*.taboola.com https://pixel.rubiconproject.com https://*.rubiconproject.com https://dsum-sec.casalemedia.com https://*.casalemedia.com https://pixel.tapad.com https://*.tapad.com https://ml314.com https://*.ml314.com https://www.google.com https://www.google.fr https://*.hsforms.com/embed/ https://secure.gravatar.com https://www.googletagmanager.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://forms-eu1.hscollectedforms.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.facebook.com https://t.co https://analytics.twitter.com https://syndication.twitter.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://login.dotomi.com https://i.ytimg.com https://i.imgur.com https://media.discordapp.net https://cdn.discordapp.com https://ssl.gstatic.com https://translate.google.com data: blob:; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://cdn.fontshare.com https://cdn.megabonus.com https://static.zohocdn.com https://cdn.scite.ai https://cdn.faceworks.nl https://assets.faircado.com https://migaku-public-data.migaku.com https://unpkg.com data: chrome-extension: moz-extension:; connect-src 'self' https://*.hsforms.com/embed/ https://*.clarity.ms/ https://www.google-analytics.com https://region1.google-analytics.com https://js-eu1.hscollectedforms.net https://forms-eu1.hscollectedforms.net https://api2.amplitude.com https://ws.zoominfo.com https://px.ads.linkedin.com https://www.facebook.com https://pagead2.googlesyndication.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com https://translate.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.fr https://ipv6.6sc.co https://d.adroll.com/ https://c.6sc.co https://api.privacy-center.org https://cdn.cookielaw.org data: sentry.beapi.fr; media-src 'self' https://ssl.gstatic.com data:; frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://www.linkedin.com https://platform.twitter.com https://www.googletagmanager.com chrome-error:; worker-src 'self' blob:; manifest-src 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'self'; report-to csp-endpoint; report-uri https://sentry.beapi.fr/api/7/security/?sentry_key=a138dbe1a2fb42d0e8c2f51ebaa59f74&sentry_environment=production; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com www.travelinescotland.com www.nhsgrampian.com www.nhsgrampian.co.uk nhsgrampian.org *.nhsgrampian.org walkit.com nhs.attendanywhere.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com cdn.shopify.com 'self' data: *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com api.boldcommerce.com api.staging.boldcommerce.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.stripe.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io static.boldcommerce.com www.gstatic.com app.eu.usercentrics.eu config.eu.usercentrics.eu app.usercentrics.eu getkapp.alterspruefung365.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net *.google.com *.cdn-apple.com *.braintreegateway.com api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.paypal.com *.paypalobjects.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.stripe.com cdn.safecharge.com app.eu.usercentrics.eu config.eu.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.eu1.usercentrics.eu static.hotjar.com googletagmanager.com getkapp.alterspruefung365.de *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com/recaptcha/ *.gstatic.com c.paypal.com pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com getkapp.alterspruefung365.de https://static.klaviyo.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src api.boldcommerce.com api.staging.boldcommerce.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.sandbox.braintree-api.com eps.secure.boldcommerce.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com ppp-test.safecharge.com secure.safecharge.com app.eu.usercentrics.eu config.eu.usercentrics.eu app.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.eu1.usercentrics.eu *.google-analytics.com *.googletagmanager.com getkapp.alterspruefung365.de *.usercentrics.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src api.boldcommerce.com api.staging.boldcommerce.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.hotjar.com https://sc-static.net https://cdn.amplitude.com https://cdn-4.convertexperiments.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https://www.googletagmanager.com; report-to csp-endpoint; report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com https://*.iadvize.com fonts.googleapis.com https://static.payzen.eu/static/ https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://challenges.cloudflare.com https://ct.pinterest.com https://td.doubleclick.net https://*.criteo.com https://*.criteo.net https://static.lyra.com https://svs.comtessedubarry.com https://*.iadvize.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com https://*.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://axeptio.imgix.net https://comtessedubarry.twic.pics https://staging-comtessedubarry.twic.pics https://www.facebook.com https://*.bing.com https://*.google.fr https://*.google.com https://*.vo.msecnd.net https://*.clarity.ms https://cm.g.doubleclick.net https://*.adnxs.com https://*.smartadserver.com https://*.taboola.com https://*.adform.net https://visitor.omnitagjs.com https://*.casalemedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://*.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://*.comtessedubarry.com https://*.bidswitch.net https://beyable.twic.pics https://www.googletagmanager.com https://front.activation.beyable.com https://*.doubleclick.net https://sync.1rx.io https://*.unrulymedia.com https://*.imgix.net https://*.axept.io https://*.cloudfront.net https://*.fbcdn.net https://*.metaffiliation.com https://tag.beyable.com https://cdn.flbx.io https://static.lyra.com https://px.ads.linkedin.com https://*.iadvize.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.googletagmanager.com https://rum.hlx.page https://maps.googleapis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://challenges.cloudflare.com http://static.axept.io https://rqd.comtessedubarry.com https://sdk.privacy-center.org https://comtessedubarry.twic.pics https://staging-comtessedubarry.twic.pics https://connect.facebook.net https://s.pinimg.com https://ct.pinterest.com https://*.criteo.net https://*.criteo.com https://bat.bing.com https://*.beyable.com https://www.clarity.ms https://googleads.g.doubleclick.net https://*.social-media-system.com https://front.activation.beyable.com https://apibeyableprod.azure-api.net https://*.axept.io https://*.getflowbox.com https://*.adschoom.com https://*.apicit.net https://apicit.net https://*.bbd-tag.de https://bbd-tag.de https://*.metaffiliation.com https://apptracker.stream https://tags.clickintext.net https://static.lyra.com https://scripts.clarity.ms https://snap.licdn.com https://*.iadvize.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://cdnjs.cloudflare.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://www.googletagmanager.com https://static.lyra.com https://*.iadvize.com https://static.payzen.eu/static/ https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.flbx.io https://staging-comtessedubarry.twic.pics https://comtessedubarry.twic.pics 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com qa-api.magedevteam.com https://maps.googleapis.com https://player.vimeo.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://client.axept.io https://axeptio.imgix.net https://api.axept.io https://awsapis3.netreviews.eu https://pagead2.googlesyndication.com https://*.pinterest.com https://cl.avis-verifies.com https://rqd.comtessedubarry.com https://googleads.g.doubleclick.net https://*.clarity.ms https://*.criteo.com https://*.social-media-system.com https://stats.g.doubleclick.net https://apibeyableprod.azure-api.net https://beyableprodrt.blob.core.windows.net https://svs.comtessedubarry.com https://*.metaffiliation.com https://*.axept.io https://*.imgix.net https://*.getflowbox.com https://*.bing.net https://www.googletagmanager.com https://static.payzen.eu https://*.iadvize.com wss://*.iadvize.com maps.googleapis.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com maps.google.com maps.googleapis.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.marker.io https://edge.marker.io/latest/3.v2.15.0.d94e68f6b8a22e3b32c2.js https://edge.marker.io/latest/2.v2.15.0.f2fdbd0e05d6efcac7d3.js https://edge.marker.io/latest/shim.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/c9dd45ed/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/ platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://img.carzilla-services.com http://img.carzilla-services.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com data: blob: i.ytimg.com www.googletagmanager.com; connect-src 'self' https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://o149539.ingest.sentry.io/api/5793876/envelope/ https://www.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://api.marker.io/widget/ping https://s3.eu-west-1.amazonaws.com https://api.marker.io *.vimeo.com maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com data:; object-src 'none' ; media-src * ; frame-src 'self' www.instagram.com *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; manifest-src 'none' ; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' ; base-uri 'none' ; form-action 'self' ; frame-ancestors 'none' ; block-all-mixed-content; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-A6Z6JsFiEKt8O3Wr7SsElw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.hscollect.net *.hsappstatic.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com www.google.com www.google.es www.google.nl www.google.co.uk www.google.de www.google.fr *.youtube.com *.youtube-nocookie.com *.company-target.com *.demandbase.com tag.demandbase.com api.company-target.com tag-logger.demandbase.com cdn.banner.com googleads.g.doubleclick.net *.doubleclick.net code.jquery.com 'strict-dynamic' 'nonce-DtaYSge+R4GooszxJdC90w=='; script-src-elem 'self' 'unsafe-inline' *.hubspot.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.hsappstatic.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.googletagmanager.com *.google-analytics.com *.gstatic.com www.google.com www.google.es www.google.nl *.youtube.com googleads.g.doubleclick.net cdn.banner.com *.company-target.com *.demandbase.com; style-src 'self' 'unsafe-inline' *.hsappstatic.net *.cloudflare.com cdnjs.cloudflare.com *.googleapis.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.hsappstatic.net *.cloudflare.com cdnjs.cloudflare.com *.googleapis.com fonts.googleapis.com; font-src 'self' data: *.hsappstatic.net *.hubspotusercontent-eu1.net *.hubspotusercontent.net *.cloudflare.com cdnjs.cloudflare.com *.googleapis.com *.gstatic.com fonts.gstatic.com; frame-src 'self' *.hubspot.com *.hsforms.com *.vimeo.com *.youtube.com www.youtube.com *.youtube-nocookie.com *.google.com www.google.com www.google.es www.google.nl *.googletagmanager.com *.company-target.com *.demandbase.com; connect-src 'self' *.hsforms.net *.hscollectedforms.net *.hsappstatic.net *.hs-analytics.net *.hs-banner.com static.hsappstatic.net *.hubapi.com *.hubspot.com forms.hubspot.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net googleads.g.doubleclick.net *.google.com www.google.es www.google.nl *.company-target.com *.demandbase.com tag.demandbase.com api.company-target.com tag-logger.demandbase.com; img-src 'self' data: *.hsforms.com *.hsappstatic.net *.hubspot.com *.hubspotusercontent.net *.hubspotusercontent-eu1.net *.fs1.hubspotusercontent-eu1.net forms.hubspot.com track.hubspot.com track-eu1.hubspot.com *.googletagmanager.com *.google-analytics.com *.google.com www.google.es www.google.nl googleads.g.doubleclick.net id.rlcdn.com *.company-target.com *.demandbase.com; object-src 'none'; base-uri 'self'; form-action 'self' *.hubspot.com *.hsforms.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.googleapis.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.333obra.com.br *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' data: *.demdex.net *.online-metrix.net *.doubleclick.net *.googletagmanager.com *.facebook.com https://*.useinsider.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.online-metrix.net *.d.aa.online-metrix.net https://firebasestorage.googleapis.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com maps.gstatic.com *.google.com *.google.com.br *.facebook.com assets-shorts.mimo.com.br assets.mimo.com.br ad.doubleclick.net https://*.cloudfront.net https://cdn.cookielaw.org https://*.hotjar.com https://*.nr-data.net https://*.adobe.com https://*.adobedtm.com https://*.demdex.net https://cimentobomdemais.com.br *.333obra.com.br *.clarity.ms *.bing.com https://s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/verified.svg https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/ra-logo.svg https://votorantimcimentoshelp1697804564.zendesk.com https://*.votorantimcimentoshelp.zendesk.com https://static.zdassets.com/web_widget/latest/default_avatar.png https://*.useinsider.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://h.online-metrix.net *.cardinalcommerce.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com connect.facebook.net js-agent.newrelic.com analytics.tiktok.com bat.bing.com h64.online-metrix.net https://cdn.cookielaw.org https://*.cloudfront.net https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://bam.nr-data.net https://*.hotjar.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://cdn.popconvert.com.br/widget/popconvert.js https://cdn.popconvert.com.br/widget/dist/js/app.js https://cdn.pn.vg https://www.clarity.ms https://bat.bing.com/bat.js https://*.sentry-cdn.com https://*.zendesk.com https://static.zdassets.com https://*.s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://sdk.crmback.io/connect.js https://plugins.crmback.io/helpers/tresobra.js shorts.mimo.com.br https://*.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com assets.braintreegateway.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.css https://*.hotjar.com 'unsafe-inline' https://s3.amazonaws.com https://s3.amazonaws.com/raichu-beta/ra-verified/styles.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com assets-shorts.mimo.com.br 'self' 'unsafe-inline'; manifest-src 'self' data: 'unsafe-inline' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://viacep.com.br maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net analytics.tiktok.com bat.bing.com h64.online-metrix.net https://api.reclameaqui.com.br *.cookielaw.org https://privacyportal-br.onetrust.com https://geolocation.onetrust.com https://*.cloudfront.net *.rdstation.com.br https://bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.adobe.com *.adobedtm.com *.demdex.net *.magentocommerce.com *.doubleclick.net *.googleadservices.com *.vimeocdn.com *.vimeo.com *.youtube.com *.omtrdc.net *.googletagmanager.com *.adobedc.net *.magento.com *.adobe.net *.magedevteam.com *.metrix.net *.geojs.io wa.me web.whatsapp.com *.snplow.net paypal.com paypalobjects.com *.online-metrix.net viacep.com.br 'self' data: 'unsafe-inline' gyruss.rdops.systems/v2/conversions osp-assets.pn.vg *.clarity.ms https://*.ingest.sentry.io/api https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://*.zendesk.com https://*.s3.amazonaws.com https://static.zdassets.com https://ekr.zdassets.com https://iosite.reclameaqui.com.br wss://pod-27.zendesk.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://onsite.crmback.io/collect https://x.cbstatus.net/check https://www.333obra.com.br/share_cart/action/link/ pip.mimo.com.br assets-shorts.mimo.com.br assets.mimo.com.br cms.mimo.com.br https://api.shorts.mimo.com.br https://gtw.mimo.com.br analytics.mimo.com.br fonts.gstatic.com *.firebaseio.com player.live-video.net *.us-east-1.playback.live-video.net https://*.useinsider.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.youtube-nocookie.com https://youtu.be *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' https://*.hotjar.com https://*.google-analytics.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com;default-src 'self';form-action 'self' https://*.facebook.com;img-src * data:;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.twitter.com https://instant.page;style-src 'self' 'unsafe-inline' https://*.googleapis.com;frame-src https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://cdn.yoshki.com;font-src 'self' data: https://*.gstatic.com https://*.googleapis.com 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://translate.google.com/translate_a/element.js https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-groups/_/js/k=boq-groups.GroupsFrontendUi.en_US.mFJ0mNUSmuE.2018.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /_/GroupsFrontendUi/cspreport/fine-allowlist 1
default-src 'self'               https://connect.facebook.net               http://116389.tctm.co               https://td.doubleclick.net               https://cdn.userway.org               https://cdn.userway.org               https://api.userway.org               https://www.google.co.il               https://www.google.com               https://analytics.google.com                https://www.googletagmanager.com               https://www.google-analytics.com               https://maps.googleapis.com                https://fonts.gstatic.com                https://stats.g.doubleclick.net               https://client.crisp.chat               wss://client.relay.crisp.chat               https://googleads.g.doubleclick.net;               script-src 'self' 'unsafe-inline' 'unsafe-eval'               https://connect.facebook.net                http://116389.tctm.co               https://ajax.googleapis.com               https://www.toyota-europe.com               https://cdn.jsdelivr.net               https://code.jquery.com               https://cdn.userway.org               https://cdn.userway.org               https://api.userway.org               https://www.google.co.il               https://www.google.com               https://analytics.google.com               https://maps.googleapis.com               https://www.googletagmanager.com               https://www.google-analytics.com               https://fonts.gstatic.com               https://stats.g.doubleclick.net               https://client.crisp.chat               wss://client.relay.crisp.chat               https://googleads.g.doubleclick.net;               style-src 'self' 'unsafe-inline'               https://client.crisp.chat               https://cdn.userway.org               https://cdn.jsdelivr.net               https://cdn.jsdelivr.net;               img-src 'self' data:              https://www.facebook.com              https://www.googletagmanager.com               https://www.google.com               https://www.google.co.il               https://yos17.blob.core.windows.net               https://cdn.userway.org               https://haifaac.localtimeline.com               https://maps.gstatic.com; report-uri /csp-report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.localcrm.co.in https://*.zoho.com https://*.zoho.in https://*.zoho.com.au https://*.zoho.com.cn https://*.zoho.eu https://*.nimbuslocaledge.com https://*.nimbuspop.com https://*.zohocdn.com https://*.stratuscdn.com  https://*.zohocdn.com.cn  https://*.zappsusercontent.com https://*.zappsusercontent.sa https://*.zappsusercontent.ca https://*.zappsusercontent.jp https://*.zappsusercontent.eu https://*.zappsusercontent.in https://*.zappsusercontent.com.au https://*.zappsusercontent.com.cn https://*.localzappscontents.com https://*.zohostatic.com https://*.zohostatic.in https://*.zohostatic.com.au https://*.zohostatic.ca  https://*.zohostatic.eu https://*.zohostatic.jp  https://js.skydeskstatic.jp https://*.zoho.com https://static.zohocdn.com/phonebridge/javascript/twilio.min.js https://s.ytimg.com/yts/jsbin/ https://www.youtube.com https://dyjgaef5vuq51.cloudfront.net https://d3prssb3z78snv.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://d22czkv2r5ogmg.cloudfront.net https://d12h6dzwzn4m10.cloudfront.net https://d31g2a6snus4ly.cloudfront.net https://d17nz991552y2g.cloudfront.net  chrome-extension://*  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  https://cdn.pagesense.io https://zohotagmanager.cdn.pagesense.io https://www.zohowebstatic.com/ https://scripts.zohospotlight.com https://widgets.zohosalesiq.com https://*.zohopublic.com  https://*.zohopublic.eu  https://js.stripe.com https://connect.facebook.net https://ajax.googleapis.com https://apis.mappls.com https://*.mapmyindia.com; report-uri https://logsapi.zoho.com/csplog?service=crm 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com static.klaviyo.com *.bootstrapcdn.com *.cdnfonts.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: https://use.fontawesome.com https://d1cwup7r903a1d.cloudfront.net *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com blob: *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.tawk.to https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.amazonaws.com *.cloudinary.com *.google.com www.google.com.co.uk blob: *.cloudfront.net stats.g.doubleclick.net *.s3-us-west-2.amazonaws.com magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.amazonaws.com *.jst.ai *.cloudflare.com *.klaviyo.com static.klaviyo.com fast.a.klaviyo.com a.klaviyo.com *.typeform.com *.liadm.com *.retention.com *.execute-api.us-west-2.amazonaws.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net connect.facebook.net twitter.com platform.twitter.com https://player.vimeo.com https://www.youtube.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.routeapp.io https//fonts.googleapis.com https://protect-quote-q.route.com protection-widget.route.com protect-lightning-bolt-widget.route.com d3od5si8vgcekb.cloudfront.net ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.tawk.to cdn.jsdelivr.net https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klaviyo.com *.fontawesome.com *.bootstrapcdn.com assets.braintreegateway.com *.typekit.net *.typeform.com *.cdnfonts.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://use.fontawesome.com https//fonts.googleapis.com https://d1cwup7r903a1d.cloudfront.net fonts.cdnfonts.com *.tawk.to cdn.jsdelivr.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src blob: 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com stats.g.doubleclick.net *.typeform.com *.liadm.com *.retention.com *.klaviyo.com fast.a.klaviyo.com a.klaviyo.com *.execute-api.us-west-2.amazonaws.com aly.jst.ai *.sezzle.com 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com api.route.com https://protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net protect-lightning-bolt-widget.route.com ddbmicszvqxcg.cloudfront.net https://unpkg.com wobs.route.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.tawk.to wss://*.tawk.to https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to ReportCspViolations; report-uri /eventmanager-system/ReportCspViolations.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'unsafe-inline' data: *.paypal.com *.yotpo.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.braintreegateway.com *.signifyd.com *.trustspot.io trustspot.io s3.amazonaws.com trustspot-app-assets.s3.amazonaws.com use.fontawesome.com *.klaviyo.com stackpath.bootstrapcdn.com *.accessibly.app *.accessiblyapp.com *.octocom.ai data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com *.braintreegateway.com *.signifyd.com *.trustspot.io *.klaviyo.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.online-metrix.net *.signifyd.com www.google.com *.doubleclick.net *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com www.youtube.com *.vimeo.com *.demdex.net *.trustspot.io *.klaviyo.com www.socialintents.com *.octocom.ai www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com https://plumrocket.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.omtrdc.net *.yotpo.com *.bing.com *.signifyd.com *.online-metrix.net *.google.com p.adsymptotic.com *.linkedin.com *.atdmt.com *.eventstable.com eventstable.com *.atlaschairs.com *.globaleventsupply.com *.bbb.org *.scanalert.com *.cloudfront.net *.demdex.net *.klaviyo.com *.creditkey.com creditkey-assets.s3-us-west-2.amazonaws.com *.shopperapproved.com *.braintreegateway.com *.ravecapture.com ravecapture-app-assets.s3.amazonaws.com trustspot-logos.imgix.net trustspot-product-photos.imgix.net productphotos.trustspot.io *.roundprincemusic.com *.searchspring.io *.accessibly.app *.accessiblyapp.com *.octocom.ai *.hubspot.com *.hsforms.com *.clarity.ms www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.facebook.com *.reddit.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-eval' data: www.google.com maps.googleapis.com www.gstatic.com *.klaviyo.com *.signifyd.com static-na.payments-amazon.com a.optmnstr.com snap.licdn.com *.yotpo.com *.pushalert.co bat.bing.com www.socialintents.com www.clickcease.com *.paypal.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com bam.nr-data.net *.shopperapproved.com *.ravecapture.com trustspot.io cdn.jsdelivr.net *.adobetm.com *.roundprincemusic.com *.hotjar.com *.mouseflow.com *.online-metrix.net analytics.tiktok.com *.accessibly.app *.accessiblyapp.com rum.hlx.page *.octocom.ai *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hsforms.net *.hsforms.com *.clarity.ms https://cdn.mida.so unpkg.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' data: *.yotpo.com www.socialintents.com *.paypal.com eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.klaviyo.com *.braintreegateway.com *.signifyd.com *.ravecapture.com trustspot.io s3.amazonaws.com use.fontawesome.com www.shopperapproved.com stackpath.bootstrapcdn.com unpkg.com *.octocom.ai *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.usemessages.com *.hs-banner.com https://static.klaviyo.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'unsafe-inline' data: *.demdex.net *.yotpo.com api.omappapi.com *.klaviyo.com payments.amazon.com *.signifyd.com *.cardinalcommerce.com *.doubleclick.net eventstable.com *.eventstable.com *.atlaschairs.com *.globaleventsupply.com *.pushalert.co bam.nr-data.net www.creditkey.com *.ravecapture.com static-forms.klaviyo.com telemetrics.klaviyo.com https://px.ads.linkedin.com *.hotjar.io *.vimeocdn.com analytics.tiktok.com *.accessibly.app *.accessiblyapp.com *.octocom.ai *.hubspot.com *.hscollectedforms.net *.hubapi.com *.hsappstatic.net *.hsforms.net *.hsforms.com https://bat.bing.com *.clarity.ms https://cdn.mida.so https://api.mida.so https://api-us.mida.so https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com fonts.googleapis.com use.fontawesome.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; img-src 'self' https: data:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pNyghIRAhgkmPdQCde9f4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.affirm.com *.affirm.ca https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua https://info.nyif.com/ https://px.ads.linkedin.com/ https://www.google.co.in/ https://bat.bing.com/ https://fast.wistia.com/ https://px4.ads.linkedin.com/ https://sumome.com/ https://media.sumome.com/ https://www.linkedin.com/ https://nyif.com/pub/media/images/NYIF103_Logo_Main_HighRes.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.affirm.com *.affirm.ca *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com http://bat.bing.com/ http://js.hs-scripts.com/ https://snap.licdn.com/ http://nyinstituteoffinance.postaffiliatepro.com/ *.klaviyo.com http://cdn.inspectlet.com/ https://assets.calendly.com/ https://fast.wistia.com/ https://static.cloudflareinsights.com/ https://load.sumome.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com https://px.ads.linkedin.com/ https://pipedream.wistia.com/ https://stats.g.doubleclick.net/ https://www.google.co.in/ https://bat.bing.com/ https://sumome.com/ https://media.sumome.com/ https://hn.inspectlet.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://media.sumome.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; font-src 'self' https://*.hotjar.com *.livechatinc.com data:; manifest-src 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; img-src 'self' https:; script-src 'self' 'nonce-M0BZKcPrbQqukeHJNV8DKA==' 'unsafe-eval' https://*.hotjar.com *.mailxpert.ch *.livechatinc.com *.livechat-static.com *.google.ch *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.googleapis.com; frame-src *.livechatinc.com *.google.ch *.google.com *.googletagmanager.com *.doubleclick.net *.mailxpert.ch; media-src *.livechatinc.com *.livechat-static.com data:; object-src *.livechatinc.com; child-src *.livechatinc.com; report-uri https://mailxpert.uriports.com/reports/report; report-to default 1
connect-src 'self' 'unsafe-inline' data: *.adtrafficquality.google *.google.com csi.gstatic.com *.googlesyndication.com vimeo.com publickeyservice.keys.adm-services.goog completelyretail-single-property-signup.s3.eu-west-2.amazonaws.com accounts.google.com *.completelyretail.co.uk browser-intake-datadoghq.eu www.datadoghq-browser-agent.com *.google-analytics.com *.googleapis.com vitals.vercel-insights.com *.googletagmanager.com; report-to datadog 1
default-src 'self' https://assets.vividabkk.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.vividabkk.de/ https://vividabkk-cc.apps.cloud.itsc.de/ https://vividabkk-cc.apps40101.cloud.itsc.de/ https://www.googletagmanager.com/ https://www.provenexpert.com/ https://cdnjs.cloudflare.com/ https://download.digiaccess.org/ https://piwik.newsnavigators.de/analytics/ https://platform.twitter.com/; style-src 'self' 'unsafe-inline' https://assets.vividabkk.de/ https://vividabkk-cc.apps.cloud.itsc.de/ https://www.googletagmanager.com/ https://www.provenexpert.com/ https://download.digiaccess.org/ https://piwik.newsnavigators.de/analytics/ https://cdnjs.cloudflare.com/; worker-src 'none'; object-src 'none'; img-src 'self' https://assets.vividabkk.de/ https://images.provenexpert.com/ data: https://www.provenexpert.com/ https://www.vividabkk.de/ https://www.googletagmanager.com/ https://syndication.twitter.com/; font-src 'self' https://assets.vividabkk.de/ https://www.provenexpert.com/; connect-src 'self' https://assets.vividabkk.de/ https://piwik.newsnavigators.de https://cdnjs.cloudflare.com https://www.provenexpert.com https://api.digiaccess.org wss://vividabkk-livechat.apps.cloud.itsc.de; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com/ https://www.provenexpert.com/; media-src 'self' data:; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action *.twitter.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com/ bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.paytabs.com *.paytabs.sa * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.facebook.net *.googletagmanager.com *.google.com *.jsdelivr.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.equiti.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.disqus.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io wss: bat.bing.com *.force.com *.tiktok.com *.google.com *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BYDHaBEjjpBq00L-hsRZLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-h_pS41zDi4UKPX6fRxDxDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.googletagmanager.com https://metrics.fabriquedestyles.com *.googletagmanager.com googletagmanager.com maps.googleapis.com static.cdn.prismic.io prismic.io vimeo.com https://player.vimeo.com/api/player.js https://player.vimeo.com/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com https://*.attraqt.io https://www.youtube.com/embed https://www.google-analytics.com https://*.hotjar.com/ js.stripe.com *.google.com google.com *.google.fr https://*.facebook.net https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.facebook.com *.woosmap.com *.imagino.com blob: https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.privacy-center.org privacy-center.org;frame-src 'self' maps.googleapis.com *.google.com google.com *.prismic.io https://player.vimeo.com/ https://www.youtube.com/ https://player.vimeo.com/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com js.stripe.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net metrics.fabriquedestyles.com *.googletagmanager.com googletagmanager.com *.privacy-center.org privacy-center.org;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com *.googletagmanager.com googletagmanager.com *.google.com google.com *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.privacy-center.org privacy-center.org;img-src 'self' data: *;font-src 'self' data: *;connect-src 'self' https://vimeo.com/api/ *.hotjar.com maps.googleapis.com *.attraqt.io *.google.com google.com *.doubleclick.net https://*.facebook.net https://www.googletagmanager.com *.googletagmanager.com googletagmanager.com https://metrics.fabriquedestyles.com wss://ws.hotjar.com https://content.hotjar.io https://www.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://vc.hotjar.io https://*.facebook.com *.woosmap.com *.imagino.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.bing.com *.bing.net *.bing.fr *.microsoft.com *.microsoft.fr *.microsoft.net *.pinterest.com *.pinterest.net *.pinterest.fr *.privacy-center.org privacy-center.org;base-uri 'self' *;report-uri /csp/report 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.sagepay.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://live.opayo.eu.elavon.com/api/v1/js/sagepay.js chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://live.opayo.eu.elavon.com/api/v1/card-identifiers form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.sagepay.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com www.eichhorn-print-solutions.de *.trbo.com hal9000.redintelligence.net www.googletagmanager.com *.bing.com *.bing.net *.google.de *.doubleclick.net/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cloudfront.net *.trbo.com www.eichhorn-print-solutions.de widgets.trustedshops.com *.eichhorn-office-solutions.de *.google.com *.google.de *.usercentrics.eu *.bing.com *.bing.net cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.gstatic.com *.google.com *.gstatic.com *.trbo.com *.usercentrics.eu widgets.trustedshops.com www.dwin1.com www.ad4mat.de *.bootstrapcdn.com *.google.de *.bing.com *.bing.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.usercentrics.eu *.google.com *.google.de *.doubleclick.net *.google-analytics.com *.trustedshops.com *.bing.com *.bing.net payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pzyl55xUdA737yodZfqiiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-k0Kvdw8grSq0G3ECFF__UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://static.klaviyo.com https://embed.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com t.themarketer.com cdn1.themarketer.com *.klaviyo.com https://cdn-cookieyes.com https://embed.tawk.to https://www.google.ro https://www.googleadservices.com https://analytics.tiktok.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io t.themarketer.com cdn1.themarketer.com https://static.cloudflareinsights.com https://web-sdk.smartlook.com https://web-sdk.smartlook.com/es6 https://web-sdk.smartlook.com/recorder.js https://*.smartlook.com https://*.smartlook.cloud https://cdn.aqurate.ai https://www.google-analytics.com https://www.googleadservices.com https://region1.google-analytics.com *.klaviyo.com player.vimeo.com *.braintreegateway.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdn-cookieyes.com https://cdn.cookie-script.com www.google.ro *.clarity.ms https://cdn.roomvo.com https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/ https://analytics.tiktok.com/i18n/pixel/static/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net t.themarketer.com cdn1.themarketer.com https://static.klaviyo.com https://embed.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com https://region1.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.aqurate.ai www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klaviyo.com *.braintreegateway.com *.tawk.to *.cookieyes.com https://web-sdk.smartlook.com https://*.smartlook.com https://*.smartlook.cloud *.clarity.ms https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' https://*.paypal.com https://www.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com; img-src 'self' data: https://*.paypalobjects.com https://*.gstatic.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com ; connect-src 'self' https://*.paypal.com https://*.googleapis.com https://*.google-analytics.com; object-src 'none'; frame-ancestors 'self'; frame-src https://*.paypal.com 1
font-src fonts.googleapis.com fonts.gstatic.com data: *.wistia.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net *.googletagmanager.com sketchfab.com *.wistia.net *.wistia.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com *.hubspot.com *.bing.com *.bing.net *.facebook.com *.elfsight.com *.elfsightcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms tracking.monsido.com *.wistia.net *.wistia.com *.hsforms.net *.hsforms.com *.disqus.com https://img.youtube.com 'self' data: *.gstatic.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com *.osano.com *.hubspot.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com *.hscollectedforms.net *.sketchfab.com *.bing.com connect.facebook.net *.elfsight.com *.sentry-cdn.com *.clarity.ms app-script.monsido.com *.wistia.net *.wistia.com *.hsforms.net *.hsforms.com *.disqus.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net https://app-script.monsido.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.wistia.net *.wistia.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: *.wistia.net *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.osano.com *.google.com *.wistia.com *.elfsight.com *.bing.com *.bing.net *.doubleclick.net *.hubspot.com *.hubapi.com *.hscollectedforms.net static.hsappstatic.net *.litix.io *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.wistia.net *.wistia.com 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pay.google.com apm.przelewy24.pl *.weltpixel.com https://przelewy24.pl https://*.przelewy24.pl https://espago.com https://*.espago.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl s7.addthis.com *.avada.io *.shopify.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com ekr.zdassets.com/ https://get.geojs.io *.avada.io analytics.google.com *.visa.com 'self' 'unsafe-inline'; child-src https://przelewy24.pl https://*.przelewy24.pl https://espago.com https://*.espago.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://idm-dev-din.insuranceclaimcheck.com https://idm-model-mex.insuranceclaimcheck.com https://idm-icc.insuranceclaimcheck.com https://dev-assurant.oktapreview.com https://assurant.oktapreview.com https://assurant.okta.com https://sdk.asapp.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' https://fonts.googleapis.com https://sdk.asapp.com; object-src 'none';base-uri 'self'; connect-src 'self' https://idm-dev-din.insuranceclaimcheck.com https://idm-model-mex.insuranceclaimcheck.com https://idm-icc.insuranceclaimcheck.com https://dev-assurant.oktapreview.com https://assurant.oktapreview.com https://assurant.okta.com https://assuranthousing-demo01.test.asapp.com https://assuranthousing.asapp.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://idm-dev-din.insuranceclaimcheck.com https://idm-model-mex.insuranceclaimcheck.com https://idm-icc.insuranceclaimcheck.com https://dev-assurant.oktapreview.com https://assurant.oktapreview.com https://assurant.okta.com https://player.vimeo.com  https://sandbox.esignlive.com https://apps.esignlive.com https://sdk.asapp.com https://www.google.com; img-src 'self' https://i.vimeocdn.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; report-uri sso/cspreport; worker-src 'none'; 1
font-src maxcdn.bootstrapcdn.com *.hotjar.com *.hotjar.io *.gstatic.com *.facebook.com *.giosg.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com paytrail.com *.facebook.com *.giosg.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.hotjar.com *.hotjar.io www.facebook.com *.giosg.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.paytrail.com *.placeholder.com *.adnxs.com www.facebook.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.gstatic.com *.giosg.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn2.hubspot.net resources.paytrail.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com *.ccdc02.com *.hotjar.com *.hotjar.io www.facebook.com *.facebook.net *.giosg.com *.custobar.com connect.facebook.net graph.facebook.com business.facebook.com www.termsfeed.com https://api.unifaun.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com resources.paytrail.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com *.facebook.com *.giosg.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com stats.g.doubleclick.net www.facebook.com *.giosg.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.paytrail.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.tawk.to *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.docdatapayments.com *.payments.cm.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.docdatapayments.com *.payments.cm.com *.addthis.com *.google.com/ https://www.youtube.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.bird.eu https://www.magezon.com *.docdatapayments.com *.payments.cm.com *.tawk.to www.google.nl consent.cookiefirst.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com https://img.youtube.com https://www.mollie.com www.safemage.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.docdatapayments.com *.payments.cm.com .doubleclick.net static.hotjar.com script.hotjar.com static.cloudflareinsights.com embed.tawk.to consent.cookiebot.com consent.cookiefirst.com consent-eu.cookiefirst.com *.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.google.com js.mollie.com https://cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com consent.cookiefirst.com consent-eu.cookiefirst.com edge.cookiefirst.com *.tawk.to tagmanager.google.com fonts.google.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.docdatapayments.com *.payments.cm.com wss://ws.hotjar.com *.hotjar.io *.tawk.to wss://vsa29.tawk.to wss://vsa83.tawk.to wss://vsa47.tawk.to wss://vsa24.tawk.to wss://vsa100.tawk.to wss://*.tawk.to *.doubleclick.net consent.cookiefirst.com consent-eu.cookiefirst.com edge.cookiefirst.com pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com ekr.zdassets.com/ t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.docdatapayments.com *.payments.cm.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com applepay.cdn-apple.com 'self' data: fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com motorsport-tools.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.securetrading.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com motorsport-tools.com 'self' 'unsafe-inline'; frame-ancestors motorsport-tools.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.rvvuptech.com *.rvvup.com *.afterpay.com *.clearpay.co.uk *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com thm.visa.com *.mastercard.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com motorsport-tools.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net validate.fishpig.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.afterpay.com assets.dev.rvvuptech.com assets.rvvup.com *.sandbox.paypal.com *.stats.paypal.com *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com motorsport-tools.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com landofcoder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.google.com *.gstatic.com *.afterpay.com *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com applepay.cdn-apple.com *.googletagmanager.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com motorsport-tools.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com checkout.dev.rvvuptech.com checkout.rvvup.com fonts.googleapis.com tagmanager.google.com fonts.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com motorsport-tools.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com motorsport-tools.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.afterpay.com *.sandbox.paypal.com *.sentry.io *.dev.rvvuptech.com *.rvvup.com www.apple.com apple.com browser-intake-datadoghq.com browser-intake-datadoghq.eu t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com motorsport-tools.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com motorsport-tools.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com motorsport-tools.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.buyabattery.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com www.buyabattery.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com www.buyabattery.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com www.buyabattery.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com www.buyabattery.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com www.buyabattery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.stripe.network *.stripecdn.com *.amazon.com www.buyabattery.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.buyabattery.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.buyabattery.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.buyabattery.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.buyabattery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-S7UhQVX6iOUbRJws0Erndw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri https://api.sendsteps.com/csp-reports; connect-src https://salesiq.zohopublic.eu https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.sendsteps.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.analytics.google.com https://www.google.fr https://www.google.dk https://www.google.com.tr https://www.google.com.be https://www.google.com.nl; font-src 'self'; img-src 'self' https://dev.visualwebsiteoptimizer.com https://cdn.sendsteps.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.au https://www.google.fr https://www.google.nl https://www.google.dk https://www.google.co.in https://www.google.co.za https://www.googletagmanager.com https://www.google.co.id data:; script-src 'self' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://consent.cookiebot.com https://maillist-manage.eu https://salesiq.zoho.eu https://ma.zoho.eu https://consent.cookiebot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://www.google-analytics.com https://www.googleoptimize.com https://sendc.scdn4.secure.raxcdn.com https://*.newrelic.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://sendc.scdn4.secure.raxcdn.com; object-src 'none'; media-src https://sendsteps-cdn-bucket.s3.eu-central-1.amazonaws.com; frame-src https://consentcdn.cookiebot.com 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.gstatic.com maps.googleapis.com magefan.com cm.magefan.com *.disqus.com *.cloudfront.net https://www.mollie.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com *.disqus.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.gstatic.com https://cdn.jsdelivr.net/gh/orestbida/cookieconsent@v3.0.0/dist/cookieconsent.umd.js *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/gh/orestbida/cookieconsent@v3.0.0/dist/cookieconsent.css use.fontawesome.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com widget.trustpilot.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src    'self'    *.google.com   *.googleapis.com    *.google-analytics.com   *.googleadservices.com   *.googletagmanager.com   *.google.ad   *.google.ae   *.google.al   *.google.at   *.google.be   *.google.bg   *.google.ca   *.google.ch   *.google.co.id   *.google.co.il   *.google.co.in   *.google.co.kr   *.google.co.ma   *.google.co.nz   *.google.co.th   *.google.co.uk   *.google.co.za   *.google.com.ar   *.google.com.au   *.google.com.bd   *.google.com.bh   *.google.com.hk   *.google.com.lb   *.google.com.mt   *.google.com.mx   *.google.com.my   *.google.com.ph   *.google.com.sg   *.google.com.tr   *.google.com.tw   *.google.com.ua   *.google.com.uy   *.google.com.vn   *.google.cz   *.google.de   *.google.dk   *.google.ee   *.google.es   *.google.fr   *.google.ge   *.google.gr   *.google.hr   *.google.hu   *.google.ie   *.google.it   *.google.li   *.google.lt   *.google.lu   *.google.lv   *.google.md   *.google.mg   *.google.mu   *.google.nl   *.google.no   *.google.pl   *.google.pt   *.google.ro   *.google.ru   *.google.se   *.google.si   *.google.sk   *.google.sr   *.google.tn   api.leadinfo.com   collector.leadinfo.net     consentcdn.cookiebot.com   ct.pinterest.com     api.expertise.ai   *.hotjar.io   wss://ws.hotjar.com   www.rensonevents.com   renson-public.azure-api.net   adservice.google.com   bat.bing.com   googleads.g.doubleclick.net   px.ads.linkedin.com   stats.g.doubleclick.net   *.facebook.com   *.wisepops.net   *.wisepops.com   *wisepops.net   *.visualwebsiteoptimizer.com   app.getwisp.co   *.cookieinformation.com;  font-src    'self'   fonts.gstatic.com   cdnjs.cloudflare.com   www.renson.eu   *.bootstrapcdn.com;  frame-src    'self'   ct.pinterest.com   e.issuu.com   consentcdn.cookiebot.com   *.youtube.com   www.facebook.com   www.google.com   www.googletagmanager.com   *.calendly.com   td.doubleclick.net   td.doubleclick.net.x.09600de704fdb043ff099c40aabe2d8e7198.d0452329.id.opendns.com   td.doubleclick.net.x.0bd2460605b4e04bf409574056f2418fd810.d0452329.id.opendns.com   td.doubleclick.net.x.11f3929f0711204179088e1076d27c30fcfc.d0452329.id.opendns.com   td.doubleclick.net.x.12062b6606f6804057080e602e654f342153.d045232a.id.opendns.com   td.doubleclick.net.x.166dd5d20db1b04cb00bb5b0884c6cf94d6f.d0452329.id.opendns.com   td.doubleclick.net.x.2c7492b00bb7a04b350a6900ac977ec52030.d0452329.id.opendns.com   td.doubleclick.net.x.31c642540514d04bc80b949092146ba26358.d0452329.id.opendns.com   td.doubleclick.net.x.35cc51200e4c704c3f08a430eb59507708ab.d0452329.id.opendns.com   td.doubleclick.net.x.3b58afbe0ea5d04ae60988b023ea5ea2359b.d045232a.id.opendns.com   td.doubleclick.net.x.3e6a328505e2804f81088350914b066f49a0.d0452329.id.opendns.com   td.doubleclick.net.x.429955f002718049410bd6200e42c267599c.d0452329.id.opendns.com   td.doubleclick.net.x.4648cb5e0e5a404b490b9a105477214446b6.d0452329.id.opendns.com   td.doubleclick.net.x.489bb32f0a15404673098cb0c1351dd70222.d0452329.id.opendns.com   td.doubleclick.net.x.51fda7e1067db0405f0b2dd05608976fe2dd.d045232a.id.opendns.com   td.doubleclick.net.x.5a63bf430171304e730a84f0d9f52c4187dc.d0452329.id.opendns.com   td.doubleclick.net.x.6f93b53a0470d04633080d8024491a677636.d0452329.id.opendns.com   td.doubleclick.net.x.71f8a2360890f0488d09ea60691fad4265f6.d045232a.id.opendns.com   td.doubleclick.net.x.79e545d800555042160869703a3fb53d3d9d.d0452329.id.opendns.com   td.doubleclick.net.x.7c948fc00baef042bb0a8100764725ee9678.d045232a.id.opendns.com   td.doubleclick.net.x.7d7b73560e1e5044c80bba00ab620978d940.d0452329.id.opendns.com   td.doubleclick.net.x.7f206e2a0a44504d250b7100616d2172708b.d0452329.id.opendns.com   td.doubleclick.net.x.85acb37104bbe04e470af500fa5abc2a85c4.d0452329.id.opendns.com   td.doubleclick.net.x.8a5cdd200b65104e1e08e780ff4e6c9c2009.d0452329.id.opendns.com   td.doubleclick.net.x.8ae9da7f07c8a044fd09adb07b13a044244a.d0452329.id.opendns.com   td.doubleclick.net.x.9f4ee3e10e549048800b3d90307f47a07fb2.d0452329.id.opendns.com   td.doubleclick.net.x.ab2cb5e605336048a30b0df0f39973dacd76.d0452329.id.opendns.com   td.doubleclick.net.x.ac1ca9c20dc3e04c950a5fe0d8a1ffe32d5b.d045232a.id.opendns.com   td.doubleclick.net.x.b1b51f290464f04f5108e4201f4de2e7b690.d0452329.id.opendns.com   td.doubleclick.net.x.b46b14ab04c0a047b608ef905b8f1143837d.d0452329.id.opendns.com   td.doubleclick.net.x.ce9226f40c1f904c84090b6046a863167757.d0452329.id.opendns.com   td.doubleclick.net.x.d44cb5620a41404e4c091d00c62a34fdffd7.d0452329.id.opendns.com   td.doubleclick.net.x.e2bde31a00424041b60902f07e8b96739702.d0452329.id.opendns.com   td.doubleclick.net.x.e60e8ce80796004348081da00bb4f6cc1035.d0452329.id.opendns.com   td.doubleclick.net.x.ee2110460af800460008d110a9de7bf33df3.d0452329.id.opendns.com   td.doubleclick.net.x.fc22e2bb098ff047ed092f807e0a5b7a130a.d0452329.id.opendns.com   *.wisepops.com   wisepops.net   *.visualwebsiteoptimizer.com   *.cookieinformation.com;  img-src    'self'    data:    renson-co-renson-kentico-dev-cdn-wa-ep.azureedge.net   renson-co-stg-kentico-website-live-cdnep.azureedge.net   renson-co-prd-kentico-website-live-cdnep.azureedge.net   *.renson.eu   *.renson.net   *.bynder.com     imgsct.cookiebot.com    *.googleapis.com   *.google-analytics.com   *.google.com   www.googletagmanager.com   *.gstatic.com    img.youtube.com   i.ytimg.com     cdnjs.cloudflare.com   chatsimple-widget.s3.us-east-2.amazonaws.com     connect.facebook.net   www.facebook.com   *.doubleclick.net   googleads.g.doubleclick.net   i.vimeocdn.com   log.pinterest.com   *.linkedin.com   *.google.ad   *.google.ae   *.google.al   *.google.at   *.google.be   *.google.bg   *.google.ca   *.google.ch   *.google.co.id   *.google.co.il   *.google.co.in   *.google.co.kr   *.google.co.ma   *.google.co.nz   *.google.co.th   *.google.co.uk   *.google.co.za   *.google.com.ar   *.google.com.au   *.google.com.bd   *.google.com.bh   *.google.com.hk   *.google.com.lb   *.google.com.mt   *.google.com.mx   *.google.com.my   *.google.com.ph   *.google.com.sg   *.google.com.tr   *.google.com.tw   *.google.com.ua   *.google.com.uy   *.google.com.vn   *.google.cz   *.google.de   *.google.dk   *.google.ee   *.google.es   *.google.fr   *.google.ge   *.google.gr   *.google.hr   *.google.hu   *.google.ie   *.google.it   *.google.li   *.google.lt   *.google.lu   *.google.lv   *.google.md   *.google.mg   *.google.mu   *.google.nl   *.google.no   *.google.pl   *.google.pt   *.google.ro   *.google.ru   *.google.se   *.google.si   *.google.sk   *.google.sr   *.google.tn   *.wisepops.net   *.wisepops.com   *.visualwebsiteoptimizer.com   dx4nr741tfc02.cloudfront.net   wisp-production-storage.s3.amazonaws.com   ct.pinterest.com;  manifest-src    'self';  script-src-attr    'unsafe-inline';  script-src-elem    'self'    'unsafe-inline'      www.gstatic.com   *.google.com   *.googleapis.com    *.googlesyndication.com   *.google-analytics.com   *.googleadservices.com   www.googletagmanager.com   *.youtube.com   cdn.chatsimple.ai   *.wisepops.com   *.visualwebsiteoptimizer.com   chatsimple-widget.s3.us-east-2.amazonaws.com   code.jquery.com   *.cookiebot.com   cdn.leadinfo.net   *.hotjar.com   connect.facebook.net   *.cookieinformation.com   cdnjs.cloudflare.com   *.facebook.net   *.pinterest.com   googleads.g.doubleclick.net   https://cdnjs.cloudflare.com/ajax/libs/jquery/   https://cdnjs.cloudflare.com/ajax/libs/tooltipster/   https://cdnjs.cloudflare.com/ajax/libs/fotorama/4.6.4/fotorama.min.js;  script-src   'nonce-IDuKrHk6l9Ukhy/rgwlXJQ=='   'self'   code.jquery.com   cdn.leadinfo.net   connect.facebook.net   *.cookiebot.com   *.googlesyndication.com   *.google.com   www.google-analytics.com   *.googletagmanager.com   www.gstatic.com   maps.googleapis.com   www.googleadservices.com   *.cloudflare.com   *.wisepops.net   *.wisepops.com   *wisepops.net   *.visualwebsiteoptimizer.com   app.getwisp.co   googleads.g.doubleclick.net   *.youtube.com; style-src-attr    'unsafe-inline';  style-src-elem    'self'    'unsafe-inline'   *.calendly.com   cdn.chatsimple.ai   cdnjs.cloudflare.com   fonts.googleapis.com   stackpath.bootstrapcdn.com; report-uri https://440648cc39180e293ac22cb81bfa4281.report-uri.com/r/d/csp/reportOnly 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-JYDg2a3qQIsm8HgNpnvp2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.hotjar.com *.typekit.net *.reviews.io *.cloudfront.net *.topfurniture.co.uk *.icomoon.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.hotjar.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.io *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.google.com/ *.hotjar.com *.addthis.com *.pinterest.com *.reviews.io *.paypalobjects.com *.googletagmanager.com *.finance-calculator.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com js.mollie.com *.nosto.com *.nos.to *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.bing.com *.bing.net *.klevu.com *.clarity.ms *.reviews.io *.norton.com *.onetrust.com *.pinterest.com *.cloudfront.net *.klarnacdn.net *.google.co.uk *.topfurniture.co.uk t.co *.twitter.com https://images.unsplash.com *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com magefan.com cm.magefan.com *.klarna.com *.klarnaevt.com *.ksearchnet.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com *.nosto.com *.nos.to *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.bing.com *.bing.net *.klevu.com *.nosto.com *.hotjar.com *.pinimg.com *.tiktok.com *.addthis.com *.clarity.ms *.moatads.com static.ads-twitter.com *.zdassets.com *.pinterest.com *.cloudflare.com *.pcapredict.com *.klarnacdn.net *.reviews.io *.trustpilot.com *.addthisedge.com *.trackedlink.net *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk https://maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com s7.addthis.com https://cdn.jsdelivr.net x.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.avada.io js.mollie.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com data: *.klevu.com *.icomoon.io *.myfonts.net *.typekit.net *.cloudfront.net *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com https://cdn.jsdelivr.net *.klarnacdn.net *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.nosto.com *.nos.to https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.topfurniture.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.bing.com *.bing.net *.zopim.com google.com *.hotjar.com *.tiktok.com *.clarity.ms public.ecologi.com topfurnitureltd.zendesk.com *.onetrust.com *.zdassets.com *.hotjar.io *.cookielaw.org *.pinterest.com wss://widget-mediator.zopim.com *.postcodeanywhere.co.uk *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.playground.klarnaevt.com https://maps.googleapis.com https://player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com ekr.zdassets.com/ x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com *.finance-calculator.co.uk *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pay.realexpayments.com pay.sandbox.realexpayments.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org *.klarna.com https://player.vimeo.com https://www.youtube-nocookie.com pay.realexpayments.com pay.sandbox.realexpayments.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.finance-calculator.co.uk *.dekopay.com 'self' data: *.klarna.com *.klarnaevt.com *.klarnacdn.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com player.vimeo.com *.finance-calculator.co.uk *.dekopay.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://player.vimeo.com https://www.youtube.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.finance-calculator.co.uk *.dekopay.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.farmakeio101.gr assets.farmakeio101.gr *.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.vivapayments.com *.cardlink.gr *.eurocommerce.gr *.iris.dias.com.gr *.test-iris.dias.com.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.skroutz.gr *.hotjar.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.gr *.stage-farmakeio101.artserver.gr *.farmakeio101.gr farmakeio101.gr *.zevioo.com *.trustmark.gr *.skroutz.gr *.sharethis.com *.bsscommerce.com *.magecomp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.facebook.com *.designer-images.net https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.g.doubleclick.net *.googletagmanager.com *.stage-farmakeio101.artserver.gr *.farmakeio101.gr farmakeio101.gr *.zevioo.com *.adman.gr *.hotjar.com *.trustmark.gr *.skroutz.gr *.sharethis.com *.facebook.net *.vivapayments.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.avada.io *.stat-track.com polyfill.io *.moosend.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.googleapis.com *.stage-farmakeio101.artserver.gr *.farmakeio101.gr farmakeio101.gr *.zevioo.com *.cloudflare.com *.findbar.io *.fontawesome.com maxcdn.bootstrapcdn.com *.moosend.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.findbar.io 'self' 'unsafe-inline'; manifest-src *.stage-farmakeio101.artserver.gr *.farmakeio101.gr farmakeio101.gr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.analytics.google.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com artserver.gr *.sharethis.com *.facebook.net *.facebook.com *.g.doubleclick.net *.farmakeio101.gr assets.farmakeio101.gr www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.google-analytics.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-c-RkgHRy_Zb_stAq4JSn_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
https://maps.googleapis.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://connect.facebook.net/ 1
object-src 'none';base-uri 'self';script-src 'nonce-I_6oWOJKhsDv9VwpOYB_2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cookiefirst.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://www.kazenmaier-bikeleasing.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.doubleclick.net *.bikeleasing.de *.bosch-ebike.com *.easycredit.de *.kazenmaier-bikeleasing.de *.lease-a-bike.de *.neocomapp.com radimdienst.web.app *.rashedi-consulting.de *.ad-srv.net *.onlinesizing.bike maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net *.cookiefirst.com *.roeye.com lantern.roeye.com www.econda-monitor.de google.pl www.google.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com *.hsforms.net *.hsforms.com maps.googleapis.com https://www.mollie.com ratenkauf.easycredit.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com ad.doubleclick.net *.adition.com adservice.google.com as.ad4m.at www.google.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.googleapis.com *.gstatic.com *.cookiefirst.com the.sciencebehindecommerce.com lantern.roeye.com *.ad-srv.net *.onlinesizing.bike production.neocomapp.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com connect.facebook.net cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.googleoptimize.com js.mollie.com ratenkauf.easycredit.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://app.uptain.de retrack-kupona.kuponacdn.de ad4m.at ad.doubleclick.net ad11.adfarm1.adition.com dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: bid.g.doubleclick.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com p.typekit.net validator.swagger.io *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.roeye.com google.pl b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.adition.com adservice.google.com as.ad4m.at www.econda-monitor.de www.google.pl www.google.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cookiefirst.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com *.cookiefirst.com the.sciencebehindecommerce.com *.onlinesizing.bike maps.googleapis.com chart.googleapis.com stats.g.doubleclick.net t.elasticsuite.io *.hsforms.net *.hsforms.com ratenkauf.easycredit.de *.google-analytics.com d28gf49ln4tix8.cloudfront.net ad.ad-srv.net www.fahrradlagerverkauf.com www.econda-monitor.de staging.fahrradlagerverkauf.com prompts.api.production.neocomapp.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://app.uptain.de *.google.pl *.google.de *.google.ch *.ad-srv.net ad.doubleclick.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.ebike-24.com/csp/report/; report-to report-endpoint; 1
default-src 'self'; img-src https: *.google-analytics.com www.10life.com https://cdn-media.10life.com data:; worker-src 'self' blob: www.10life.com; style-src 'self' 'unsafe-inline' www.10life.com https://fonts.googleapis.com https://www.googletagmanager.com accounts.google.com https://cdn.jsdelivr.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; script-src 'self' 'self' 'unsafe-inline' www.10life.com *.google-analytics.com connect.facebook.net accounts.google.com www.googletagmanager.com s3-ap-southeast-1.amazonaws.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com script.hotjar.com s.yimg.com *.cloudfront.net cse.google.com; connect-src www.10life.com https://strapi-cms.10life.com https://auth.10life.com *.google-analytics.com analytics.google.com stats.g.doubleclick.net s.yimg.com api.tenlife.asia api.10life.com vc.hotjar.io in.hotjar.com *.cloudfront.net *.tenlife.asia *.10lifeconnect.com https://api.10life.com *.next-insur.tech; frame-src www.10life.com accounts.google.com vars.hotjar.com youtube.com www.youtube.com https://auth.10life.com; media-src youtube.com www.youtube.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri www.10life.com 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://fonts.gstatic.com *.gstatic.com data: *.fontawesome.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com blob: facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.googleapis.com *.gstatic.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.google.com https://cdnjs.cloudflare.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu *.almapay.com *.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com https://fonts.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.dream2000.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.googleadservices.com *.youtube.com *.iq-mobiles.com https://use.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.dream2000.com *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.iq-mobiles.com https://www.googletagmanager.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.commercepartnerhub.com *.paytabs.com *.paytabs.sa * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.paypalobjects.com *.google.lk *.google.com *.payhere.lk *.dream2000.com *.googlesyndication.com *.iq-mobiles.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.adobedtm.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.cloudflareinsights.com *.googlesyndication.com *.doubleclick.net *.iq-mobiles.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.avada.io waffarad.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com https://fonts.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://use.fontawesome.com *.getfirebug.com *.dotdigital.com *.dream2000.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.iq-mobiles.com *.youtube.com *.googleapis.com *.googletagmanager.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com *.iq-mobiles.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net *.cardinalcommerce.com *.google-analytics.com *.dream2000.com *.googlesyndication.com *.googleadservices.com *.youtube.com *.iq-mobiles.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.force.com https://player.vimeo.com https://omt.honda.com https://owners.honda.com https://honda.demdex.net 'self' https://www.acura.com https://stats.g.doubleclick.net *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://media-ahfc.cdn-us.techsee.me https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://cdn.cookielaw.org *.cybersource.com *.youtube.es http://code.jquery.com https://ahfc-api.techsee.me https://somt.honda.com *.adis.ws https://ahfc--webproj1.my.salesforce.com https://www.gstatic.com https://usa690.sfdc-lywfpd.salesforce.com *.youtube.ie https://www.youtube.com https://assets.adobedtm.com *.cloudinary.com https://www.google.com https://pay.google.com https://analytics.google.com *.vimeo.com *.youtube.jp https://rec1.techsee.me bcove.video https://dpm.demdex.net https://techsee.me https://survey2.sendyouropinions.com *.youtube.fr *.gstatic.com https://eshopping.americanhondafinance.com https://*.a.forceusercontent.com *.facebook.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.youtube.com *.brightcove.net *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://www.paypal.com https://imagebaseurl.techsee.me https://appiniummastertrial.secure.force.com https://play.vidyard.com https://ahfc.file.force.com https://cm.everesttech.net *.youtube.com.br https://uat2.sendyouropinions.com https://prod-us.techsee.me https://prod-eu.techsee.me *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://sdk-us.techsee.me https://checkoutshopper-live.adyen.com/ *.sfdcfc.net https://maps.a.forceusercontent.com https://consent-api.onetrust.com *.youtube.ca https://location.force.com https://ahfc.sf-na.techsee.me https://fonts.googleapis.com *.vidyard.com https://rec.techsee.me https://www.gstatic.com/recaptcha/ https://geolocation.onetrust.com https://players.brightcove.net https://td.doubleclick.net https://automobiles.honda.com https://powersports.honda.com https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://ahfc.sf-na.desktop.show *.youtube.pl; report-to sfdc-csp-ep; report-uri https://ahfc.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dj0000001oPqD&networkId=0DM5b000000wk5s&type=communities 1
script-src https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ 'self' https://payments.salesforce.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com blob: https://www.google.com/recaptcha/ https://js.stripe.com/ https://scriptsrx.my.salesforce-scrt.com https://checkoutshopper-live.adyen.com/ import: https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ *.salesforce.com https://www.paypal.com/sdk/js https://scriptsrx.my.site.com 'report-sample' 'nonce-LNclw6JJz4JIdSvOq3RevWAWnw9XGDXJ' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://scriptsrx.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D46000000qngH&networkId=0DM8Y000000g2XG&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-t5WE1VEbjCVwJMVOiA1CkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.efpa.es api.locize.app maxcdn.bootstrapcdn.com ka-f.fontawesome.com; img-src efpa.es *.efpa.es 'self' data: 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.fontawesome.com fonts.googleapis.com data: 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com; object-src 'self'; 1
media-src static.artforum.sk; style-src 'self' 'unsafe-inline' static.artforum.sk *.typekit.net cdn.luigisbox.tech tools.luckyorange.com; default-src 'self' blob:; worker-src 'self'; img-src * data:; frame-src 'self' www.facebook.com staticxx.facebook.com connect.facebook.net *.doubleclick.net www.google.com www.googletagmanager.com player.vimeo.com www.youtube-nocookie.com www.podbean.com w.soundcloud.com www.scribd.com online.fliphtml5.com www.mixcloud.com www.soundtier.com sibautomation.com widget.packeta.com static.posta.sk; object-src 'none'; connect-src * 'unsafe-eval' 'unsafe-inline'; font-src 'self' static.artforum.sk use.typekit.net data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.artforum.sk cdn.luigisbox.tech scripts.luigisbox.tech cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.google.com www.google.sk www.google.cz connect.facebook.net login.dognet.sk browser.sentry-cdn.com js.sentry-cdn.com *.sentry.io sibautomation.com widget.packeta.com tools.luckyorange.com static.posta.sk scripts.clarity.ms www.clarity.ms bat.bing.com; form-action 'self' www.facebook.com connect.facebook.net; report-uri https://o230028.ingest.sentry.io/api/6140909/security/?sentry_key=b0d95dc832b24fc0888fce3d780b74c6&sentry_environment=production&sentry_release=14fecd98ab1ed107e985adbfde27e479ae5c898e 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.squarecdn.com *.googleapis.com data: *.sterlingparts.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.tts-pim.com.au *.zip.co *.bpi.zip.co *.static.zip.co static.zipmoney.com.au *.zipmoney.com.au *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.sterlingparts.com.au *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com www.google.com *.sterlingparts.com.au *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com  *.googleapis.com *.adobedtm.com *.sterlingparts.com.au  *.assets.adobedtm.com  *.z.clarity.ms  *.clarity.ms  rec.smartlook.com  *.smartlook.com  t.cfjump.com  *.cfjump.com *.zip.co *.bpi.zip.co *.static.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.com www.google.co.in *.google.co.in *.sc.omtrdc.net  *.demdex.net  dpm.demdex.net  cm.everesttech.net  *.everesttech.net  *.magentocommerce.com www.googleadservices.com  *.googleadservices.com  www.google-analytics.com   *.analytics.yahoo.com www.paypalobjects.com  *.paypalobjects.com  x.bidswitch.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ftcdn.net  *.behance.net  p.typekit.net  *.typekit.net  fpdbs.paypal.com  fpdbs.sandbox.paypal.com  *.ytimg.com  validator.swagger.io  static.afterpay.com  site-assets.afterpay.com www.facebook.com  connect.facebook.net  graph.facebook.com  business.facebook.com  cdn-redirector.glopal.com  plugin-magento-ui.glopalservice.com  www.sandbox.paypal.com  b.stats.paypal.com  dub.stats.paypal.com  assets.braintreegateway.com  c.paypal.com  checkout.paypal.com  cdn1.stamped.io  stamped.io  *.gstatic.com  *.sandbox.paypal.com  *.swagger.io  *.facebook.com  *.glopal.com  *.glopalservice.com  *.braintreegateway.com  *.stamped.io  d.adroll.com  *.adroll.com  c.bing.com  *.bing.com  *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.sandbox.my.site.com *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.files-text.com *.livechat-files.com *.livechat-static.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.sterlingparts.com.au  *.assets.adobedtm.com  *.z.clarity.ms  *.clarity.ms  rec.smartlook.com  *.smartlook.com  t.cfjump.com  *.cfjump.com *.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com www.google.co.in a.adroll.com *.adroll.com  x.bidswitch.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.google-analytics.com   *.3lift.com *.rubiconproject.com *.bpi.zip.co *.static.zip.co *.google.co.in *.sc.omtrdc.net  *.demdex.net  dpm.demdex.net  cm.everesttech.net  *.everesttech.net  *.magentocommerce.com widgets.magentocommerce.com www.googleadservices.com  *.googleadservices.com  www.google-analytics.com   www.paypalobjects.com  *.paypalobjects.com  *.paypal.com *.ftcdn.net  *.behance.net  p.typekit.net  *.typekit.net  fpdbs.paypal.com  fpdbs.sandbox.paypal.com  *.ytimg.com  validator.swagger.io  static.afterpay.com  site-assets.afterpay.com *.sandbox.afterpay.com *.afterpay-beta.com *.portal.sandbox.afterpay.com *.portal.afterpay.com *.jsdelivr.net *.cdn.jsdelivr.net www.facebook.com  connect.facebook.net  graph.facebook.com  business.facebook.com  cdn-redirector.glopal.com  plugin-magento-ui.glopalservice.com  www.sandbox.paypal.com  b.stats.paypal.com  dub.stats.paypal.com  assets.braintreegateway.com  c.paypal.com  checkout.paypal.com  cdn1.stamped.io  stamped.io  *.gstatic.com  *.sandbox.paypal.com  *.swagger.io  *.afterpay.com  *.facebook.com  *.glopal.com  *.glopalservice.com  *.braintreegateway.com  *.stamped.io  d.adroll.com  c.bing.com  *.bing.com  *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.a.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.livechat-static.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.sterlingparts.com.au *.service.force.com *.force.com *.zip.co *.bpi.zip.co *.static.zip.co *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sterlingparts.com.au *.adobedtm.com  *.assets.adobedtm.com  *.z.clarity.ms  *.clarity.ms  rec.smartlook.com  *.smartlook.com  t.cfjump.com  *.cfjump.com *.zip.co *.bpi.zip.co *.static.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.com www.google.co.in a.adroll.com *.adroll.com  x.bidswitch.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.google-analytics.com   *.3lift.com *.rubiconproject.com *.google.co.in *.sc.omtrdc.net  *.demdex.net  dpm.demdex.net  cm.everesttech.net  *.everesttech.net  *.magentocommerce.com widgets.magentocommerce.com www.googleadservices.com  *.googleadservices.com  www.google-analytics.com   www.paypalobjects.com  *.paypalobjects.com  t.paypal.com *.paypal.com *.ftcdn.net  *.behance.net  p.typekit.net  *.typekit.net  fpdbs.paypal.com  fpdbs.sandbox.paypal.com  *.ytimg.com  validator.swagger.io  static.afterpay.com  site-assets.afterpay.com www.facebook.com  connect.facebook.net  graph.facebook.com  business.facebook.com  cdn-redirector.glopal.com  plugin-magento-ui.glopalservice.com  www.sandbox.paypal.com  b.stats.paypal.com  dub.stats.paypal.com  assets.braintreegateway.com  c.paypal.com  checkout.paypal.com  cdn1.stamped.io  stamped.io  *.gstatic.com  *.sandbox.paypal.com  *.swagger.io  *.afterpay.com  *.facebook.com  *.glopal.com  *.glopalservice.com  *.braintreegateway.com  *.stamped.io  d.adroll.com  c.bing.com  *.bing.com  *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.tts-pim.com.au *.www.tts-pim.com.au *.pim.com.au *.pim.com *.tooltechnic.my.salesforce.com *.salesforce.com *.tooltechnic--tts.sandbox.my.site.com *.sandbox.my.site.com *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com *.livechat-static.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sterlingparts.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.zip.co *.bpi.zip.co *.static.zip.co static.zipmoney.com.au *.zipmoney.com.au *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com  *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.sterlingparts.com.au  *.z.clarity.ms  *.clarity.ms  stats.g.doubleclick.net  manager.eu.smartlook.cloud  *.smartlook.com www.google.co.in *.adobedtm.com *.adobe.com  *.assets.adobedtm.com  rec.smartlook.com  t.cfjump.com  *.cfjump.com *.zip.co *.bpi.zip.co *.static.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.co.in *.sc.omtrdc.net  *.demdex.net  dpm.demdex.net  cm.everesttech.net  *.everesttech.net  *.magentocommerce.com widgets.magentocommerce.com www.googleadservices.com  *.googleadservices.com  www.google-analytics.com   *.analytics.yahoo.com www.paypalobjects.com  *.paypalobjects.com  t.paypal.com x.bidswitch.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ftcdn.net  *.behance.net  p.typekit.net  *.typekit.net  fpdbs.paypal.com  fpdbs.sandbox.paypal.com  *.ytimg.com  validator.swagger.io  static.afterpay.com  site-assets.afterpay.com *.sandbox.afterpay.com *.afterpay-beta.com *.portal.sandbox.afterpay.com *.portal.afterpay.com *.jsdelivr.net *.cdn.jsdelivr.net www.facebook.com  connect.facebook.net  graph.facebook.com  business.facebook.com  cdn-redirector.glopal.com  plugin-magento-ui.glopalservice.com  www.sandbox.paypal.com  b.stats.paypal.com  dub.stats.paypal.com  assets.braintreegateway.com  c.paypal.com  checkout.paypal.com  cdn1.stamped.io  stamped.io  *.gstatic.com  *.sandbox.paypal.com  *.swagger.io  *.facebook.com  *.glopal.com  *.glopalservice.com  *.braintreegateway.com  *.stamped.io  d.adroll.com  *.adroll.com  c.bing.com  *.bing.com  *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com *.cdn.productreview.com.au *.service.force.com *.static.hotjar.com *.beacon.cdnma.com *.d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.productreview.com.au *.force.com *.hotjar.com *.salesforceliveagent.com *.tts-pim.com.au *.uibcdn.com *.22102.l.useitbetter.com *.l.useitbetter.com *.useitbetter.com *.livechatinc.com *.cdn.livechatinc.com *.api.livechatinc.com *.klaviyo.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.text.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.livechatinc.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: *.alicdn.com fonts.googleapis.com https://static.netcarat.com https://embed.tawk.to http://cdnjs.cloudflare.com/ajax/libs/ *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://player.vimeo.com https://www.youtube-nocookie.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com https://www.commercepartnerhub.com https://td.doubleclick.net https://www.googletagmanager.com https://www.google.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.affirm.com *.affirm.ca blueskytechmage.com mageblueskytech.com placehold.jp magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com https://ct.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.google.co.in google.co.in *.google.com *.googleadservices.com https://image.netcarat.com https://static.netcarat.com https://*.cdninstagram.com https://netcarat.com https://c.clarity.ms https://c.bing.com https://bat.bing.com https://eadn-wc04-14808313.nxedge.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com *.disqus.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com ct.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com clarity.ms *.clarity.ms static.cloudflareinsights.com *.googleadservices.com accounts.google.com analytics.tiktok.com analytics.ahrefs.com bat.bing.com invitejs.trustpilot.com widget.trustpilot.com embed.tawk.to static.netcarat.com image.netcarat.com eadn-wc04-14808313.nxedge.io */walletsystem/index/applypaymentamount *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com https://static.netcarat.com https://image.netcarat.com https://embed.tawk.to https://accounts.google.com/gsi/style unsafe-inline http://cdnjs.cloudflare.com/ajax/libs/ *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: https://image.netcarat.com https://vimeo.com https://player.vimeo.com https://scontent-ord5-1.cdninstagram.com https://scontent-ord5-3.cdninstagram.com https://scontent-ord5-2.cdninstagram.com https://embed.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.facebook.com *.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://ct.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.clarity.ms https://static.netcarat.com https://image.netcarat.com https://va.tawk.to https://analytics.tiktok.com wss://*.tawk.to https://analytics.ahrefs.com https://embed.tawk.to https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudfront.net *.reviews.io *.reviews.co.uk maxcdn.bootstrapcdn.com *.gstatic.com *.stape.io *.cloudflare.com *.google.com *.google.co.uk *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.typekit.net *.fontawesome.com embed.tawk.to fonts.salesfire.co.uk 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.reviews.io *.reviews.co.uk *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * td.doubleclick.net *.google-analytics.com googleads.g.doubleclick.net *.gstatic.com *.payments-amazon.com widget.reviews.co.uk js.stripe.com m.stripe.network 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com cdn.doofinder.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com www.google.pt www.google.fr www.google.de www.google.es www.google.it *.google-analytics.com *.pagead2.googlesyndication.com bat.bing.com *.fbcdn.net d23yuld0pofhhw.cloudfront.net ut.ra.linksynergy.com *.snapengage.com frontline.imgix.net assurance.sysnetgs.com cookie-cdn.cookiepro.com px4.ads.linkedin.com px.ads.linkedin.com image.salesfire.co.uk services.postcodeanywhere.co.uk 'self' data: sealserver.trustwave.com embed.tawk.to images.salesfire.co.uk cdn.salesfire.co.uk *.usercentrics.eu bat.bing.net data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com cdn.doofinder.com *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'unsafe-eval' *.cloudflare.com js.stripe.com static.klaviyo.com static-tracking.klaviyo.com *.google-analytics.com *.pagead2.googlesyndication.com *.googleads.g.doubleclick.net *.googleapis.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.payments-amazon.com connect.facebook.net tag.rmp.rakuten.com *.typekit.net theed11117.pcapredict.com services.postcodeanywhere.co.uk cookie-cdn.cookiepro.com cdn.jsdelivr.net snap.licdn.com embed.tawk.to cdn.salesfire.co.uk bat.bing.com widget.trustpilot.com eu1-config.doofinder.com assurance.sysnetgs.com static.cloudflareinsights.com front11154.pcapredict.com snid.snitcher.com 'sha256-q9DVAh9/poiVE5lEkZWM7JZGuJiJKtOU2sVUW5E2qhA=' cdn.ldnfrpl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com maxcdn.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.stape.io unsafe-inline assets.braintreegateway.com *.cloudflare.com *.gstatic.com *.fontawesome.com *.klevu.com *.postcodeanywhere.co.uk unpkg.cm cdn.doofinder.com fonts.salesfire.co.uk embed.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.doofinder.com wss://*.doofinder.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.feefo.com *.instagram.com *.amazon.com *.google.co.uk googleads.g.doubleclick.net *.pagead2.googlesyndication.com *.gstatic.com *.googletagmanager.com cookie-cdn.cookiepro.com eu1-api.doofinder.com cdn.doofinder.com px.ads.linkedin.com hit.salesfire.co.uk aix.salesfire.co.uk live.smartmetrics.co.uk va.tawk.to vsa46.tawk.to m.stripe.com wss://*.tawk.to services.postcodeanywhere.co.uk snid.snitcher.com *.usercentrics.eu embed.tawk.to *.bing.com bat.bing.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://zhklrkwwz3qjjxbsljqmqe2b.httpschecker.net/report 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com use.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com https://shopline.itau.com.br 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de magento-cloudflare.jetrails.com www.youtube.com *.despegar.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.getbeamer.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com *.despegar.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.mundipagg.com api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.getbeamer.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com apis.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.despegar.com/ *.googleapis.com *.google.com *.gstatic.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.smarthint.co *.googletagmanager.com *.facebook.net *.getbeamer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline use.fontawesome.com *.getbeamer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.despegar.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com http://api.itaushopline.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.mundipagg.com api.pagar.me www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://viacep.com.br/ws/ *.google-analytics.com *.getbeamer.com https://api.mundipagg.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com https://*.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.facebook.com https://*.youtube.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com https://*.bing.com https://*.pinterest.com https://*.clarity.ms https://*.paypal.com https://*.paypalobjects.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.adobe.com https://*.adobedtm.com https://*.youtube.com https://*.cloudflare.com https://*.ytimg.com https://*.cardinalcommerce.com https://*.googleads.g.doubleclick.net https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://cm.everesttech.net https://*.magentocommerce.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.feedbackcompany.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.pinimg.com https://*.bing.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.google.com https://*.paypal.com https://*.paypalobjects.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.adobe.com https://*.adobedtm.com https://*.youtube.com https://*.cloudflare.com https://*.ytimg.com https://*.cardinalcommerce.com https://prism.app-us1.com https://trackcmp.net https://diffuser-cdn.app-us1.com https://js-agent.newrelic.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://*.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.feedbackcompany.com https://*.pinterest.com https://*.clarity.ms https://bam.nr-data.net https://*.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.flashyapp.com api.flashy.app *.flashy.dev *.yotpo.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.pelecard.biz *.queue-it.net *.facebook.com *.facebook.net *.vimeo.com vimeo.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com *.google.com *.flashyapp.com api.flashy.app *.flashy.dev www.xtento.com *.paypal.com *.yotpo.com *.creditguard.co.il *.googletagmanager.com *.xtento.com *.doubleclick.net acsbapp.com *.acsbap.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.magentocommerce.com *.entrust.net *.google.com *.google.com.vn *.doubleclick.net *.cloudfront.net *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.mltp.co.il *.adoric.com *.adoric-om.com *.tiktok.com *.giphy.com *.acsbapp.com *.amazonaws.com *.shw.co.il www.xtento.com cdn.xtento.com *.googleadservices.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.co.il https://www.google *.paypal.com *.paypalobjects.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adscale.com ascl.pro *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.adobedtm.com *.authorize.net *.entrust.net *.gstatic.com www.google.com *.adyen.com *.queue-it.net *.googletagmanager.com *.googleapis.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.signifyd.com *.nowdialogue.com *.xtento.com *.facebook.com *.facebook.net *.nagich.co.il *.rawgit.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com *.flashyapp.com api.flashy.app *.flashy.dev www.xtento.com cdn.xtento.com *.google-analytics.com *.google.com *.fontawesome.com *.googleadservices.com *.doubleclick.net *.analytics.com *.youtube.com *.paypal.com *.paypalobjects.com acsbapp.com acsbap.com *.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.adoric.com *.adoric-om.com *.googleapis.com *.nowdialogue.com *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.entrust.net *.google-analytics.com *.google.com *.nowdialogue.com nowdialogue.com *.nagich.co.il *.doubleclick.net *.vimeo.com vimeo.com *.demdex.com *.adoric.com *.adoric-om.com *.tiktok.com *.glassix.com *.flashyapp.com api.flashy.app *.flashy.dev *.analytics.com *.facebook.com player.vimeo.com *.googleapis.com *.acsbapp.com acsbap.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.reviews.io static.lipscore.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.justjuice-eliquids.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk www.justjuice-eliquids.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://widget.reviews.co.uk https://webservices.securetrading.net *.oppwa.com https://eu-prod.oppwa.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.reviews.io *.placeholder.com https://s3-eu-west-1.amazonaws.com/ 'self' data: validate.fishpig.co.uk static.lipscore.com blob: img.youtube.com https://firebasestorage.googleapis.com flagpedia.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://widget.reviews.co.uk *.gstatic.com *.page1monk.com https://chimpstatic.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://webservices.securetrading.net *.oppwa.com https://eu-prod.oppwa.com *.techlab-cdn.com https://p11.techlab-cdn.com https://p11.techlab-cdn.com/e/65319_1825172608.js *.clarity.ms blob: static.lipscore.com *.avada.io maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://oppwa.com/ *.oppwa.com/ *.gstatic.com/ https://gstatic.com/ *.google.com/ https://google.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.reviews.io *.googleapis.com *.myfonts.net static.lipscore.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com 'self' 'unsafe-inline'; object-src https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: www.justjuice-eliquids.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.reviews.io https://api.reviews.co.uk *.google-analytics.com *.clarity.ms wapi.lipscore.com users.lipscore.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://oppwa.com/ *.oppwa.com/ https://ppipe.net/ *.ppipe.net/ www.justjuice-eliquids.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.justjuice-eliquids.com http: https: blob: 'self' 'unsafe-inline'; default-src www.justjuice-eliquids.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://catalate.report-uri.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ https://consent.trustarc.com/ *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ https://www.facebook.com/ *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://hpi.izysync.com/media/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ https://consent.trustarc.com/ https://fast.wistia.com/ https://embed-ssl.wistia.com/ https://www.facebook.com/ *.facebook.net www.google.com.vn www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com s7.addthis.com *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://za.zdn.vn/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ https://static.accesstrade.vn/ www.google.com https://www.facebook.com/ *.facebook.net cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://www.googletagmanager.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.abbottvietnam.com.vn https://pediasure.vn *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.cootlogix.com https://dsum-sec.casalemedia.com https://za.zalo.me/ https://delivery-cloud.cdp.asia/interaction/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://analytics.tiktok.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://ade.clmbtech.com/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/ https://static.accesstrade.vn/ https://consent.trustarc.com/ https://fast.wistia.com/ https://embed-ssl.wistia.com/ https://www.facebook.com/ *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *.fn-sb-notification-handler-dev.azurewebsites.net *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site *.cookielaw.org superbookkids.com *.brightcovecdn.com 'self' data:; script-src *.googleoptimize.com *.google-analytics.com *.googletagmanager.com 'unsafe-eval' ajax.googleapis.com *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site *.addtoany.com superbookkids.com *.cookielaw.org *.brightcove.net *.zencdn.net js-agent.newrelic.com 'self' 'unsafe-inline' *.go-mpulse.net ; object-src *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site superbookkids.com 'self'; style-src p.typekit.net use.typekit.net *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site fonts.googleapis.com 'self' 'unsafe-inline'; img-src *.cbn.com http://bible.cbn.com *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site *.cookielaw.org superbookkids.com sb-avatar-generator-aac5era4f5hfc7aq.eastus-01.azurewebsites.net *.brightcove.com *.boltdns.net 'self' data:; media-src *.cbn.com *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site superbookkids.com cbn.brightcovecdn.com 'self'; frame-src *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site *.addtoany.com superbookkids.com 'self'; frame-ancestors *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site superbookkids.com 'self'; child-src *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site superbookkids.com 'self' blob:; font-src use.typekit.net *.superbook.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site fonts.googleapis.com fonts.gstatic.com superbookkids.com 'self' data:; connect-src *.google-analytics.com *.superbook.cbn.com superbook-api.cbn.com superlibro.tv *.pantheonsite.io superbookindo.tv superbook.docksal.site *.cookielaw.org *.onetrust.com oss-cosmo-router-dev.fingent.net oss-cosmo-router-qa.fingent.net fn-sb-notification-handler-dev.azurewebsites.net superbookkids.com *.cbn.com *.boltdns.net bam.nr-data.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.brightcove.com *.brightcovecdn.com wss://sr-superbook-prod.service.signalr.net 'self'; report-uri /report-csp-violation 1
default-src 'self' *.moesif.com; script-src 'self' 'unsafe-inline' *.moesif.com *.unpkg.com *.jsdelivr.net *.auth0.com *.datadoghq.com *.amplitude.com *.unlayer.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hubspot.com *.hsappstatic.net *.apollo.io; script-src-elem 'self' 'unsafe-inline' *.moesif.com *.auth0.com *.hscollectedform.net *.hubspot.com *.hs-scripts.com *.facebook.net *.clarity.ms *.googletagmanager.com *.unpkg.com *.jsdelivr.net; script-src-attr 'unsafe-inline'; style-src 'self' *.moesif.com 'unsafe-inline' *.unlayer.com *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' *.moesif.com *.jsdelivr.net unpkg.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.moesif.com *.auth0.com blob: *.datadoghq.com *.amplitude.com *.wp.com *.unlayer.com *.gravatar.com *.mapbox.com *.google-analytics.com *.googleusercontent.com *.googletagmanager.com *.googleleadservices.com *.hsappstatic.net *.hs-banner.com *.hsforms.com *.facebook.net *.hubspot.com *.doubleclick.net; connect-src 'self' *.moesif.net *.moesif.com *.auth0.com *.datadoghq.com *.amplitude.com browser-intake-datadoghq.com *.unlayer.com *.clarity.com *.clarity.ms *.google-analytics.com *.google.com *.googletagmanager.com *.googleleadservices.com *.google.ca *.doubleclick.net *.aplo-evnt.com aplo-evnt.com *.facebook.net *.facebook.com *.hubspot.com *.hscollectedforms.net *.hs-banner.com *.statuspage.io; font-src 'self' data: *.moesif.com moz-extension: *.unlayer.com *.googleapis.com *.gstatic.com; frame-src 'self' *.moesif.com *.doubleclick.net *.hubspot.com *.facebook.com *.auth0.com *.unlayer.com *.googletagmanager.com; media-src 'self' data: *.moesif.com; worker-src 'self' blob: *.moesif.com *.unlayer.com; object-src 'none'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub5216f5ae0690200e71eff84be3b1303a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod 1
object-src 'none';base-uri 'self';script-src 'nonce-6UaKtDD2TKlENIiyGQB-pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com https://*.fontawesome.com *.fontawesome.com *.googleapis.com https://*.gstatic.com *.alothemes.com *.magepow.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline' https://embed.tawk.to https://*.googleapis.com data: https://fonts.gstatic.com https://fonts.googleapis.com https://i.ytimg.com https://yt3.ggpht.com https://assets.reviews.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net magefan.com cm.magefan.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.hsforms.net *.hsforms.com 'self' data: 'self' https://tawk.link data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.hsforms.net *.hsforms.com https://www.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' https://www.googleadservices.com https://cdn.evgnet.com https://t.elasticsuite.io https://www.google-analytics.com https://www.googletagmanager.com https://cc.cdn.civiccomputing.com https://embed.tawk.to https://apikeys.civiccomputing.com https://va.tawk.to https://js.stripe.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com https://assets.reviews.io https://widget.reviews.io https://www.clarity.ms https://c.clarity.ms https://l.clarity.ms https://b.clarity.ms https://settings.luckyorange.com https://tools.luckyorange.com https://sg-production.wcdpreview.uk https://apple-pay-gateway.apple.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.alothemes.com *.magepow.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' https://embed.tawk.to https://*.dotdigital-pages.com https://assets.reviews.io 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://t.elasticsuite.io *.hsforms.net *.hsforms.com https://analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' https://apikeys.civiccomputing.com https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://pilot-payflowlink.paypal.com https://*.paypal.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.trackedlink.net https://*.trackedweb.net https://*.dotdigital-pages.com https://webchat.dotdigital.com https://webchat.staging.dotdigital.com https://*.klarna.com https://klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.stripe.com https://r.stripe.com https://apple-pay-gateway.apple.com https://*.avada.io https://*.alothemes.com https://*.magepow.com https://*.hsforms.net https://*.hsforms.com https://va.tawk.to https://embed.tawk.to wss://*.tawk.to https://cdn.evgnet.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.com https://c.clarity.ms https://l.clarity.ms https://b.clarity.ms https://www.clarity.ms https://connect.facebook.net https://px.ads.linkedin.com https://snap.licdn.com https://api.reviews.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com td.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.awin1.com *.zenaps.com js.mollie.com consentcdn.cookiebot.com www.googletagmanager.com https://www.googletagmanager.com https://td.doubleclick.net https://widget.trustpilot.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://images.unsplash.com magefan.com cm.magefan.com https://www.mollie.com *.cloudflare.com imgproxy.vendic.dev imgsct.cookiebot.com *.hsforms.net *.hsforms.com https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://maps.googleapis.com js.mollie.com *.cdnjs.cloudflare.com data: *.increasingly.co *.googleadservices.com *.sandbox.paypal.com *.googleapis.com *.paypalobjects.com *.the.sciencebehindecommerce.com *.sciencebehindecommerce.com *.hal9000.redintelligence.net *.redintelligence.net googleads.g.doubleclick.net td.doubleclick.net script.hotjar.com consentcdn.cookiebot.com *.albeka.nl *.mollie.com *.google.co.in *.static.widget.trengo.eu *.widget.trengo.eu *.trengo.s3.eu-central-1.amazonaws.com *.google.nl *.api.widget.trengo.eu *.trengo.eu bat.bing.com/bat.js www.clarity.ms *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://www.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.wepowerconnections.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://player.vimeo.com *.cloudflare.com consentcdn.cookiebot.com/ sst.albeka.nl/ t.elasticsuite.io *.hsforms.net *.hsforms.com https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YE4s3Kt0jZNQzVyv9Q_L3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rgtoMTbB-Yg7QGmp6ZX1Bg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests;    default-src 'none';    script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'      https://cdn.tagcommander.com/6863/tc_EDFPART.js      https://cdn.tagcommander.com/6863/uat/tc_EDFPART.js      https://cdn.trustcommander.net/iab-tcfapi/tcfapi.js      https://cdn.trustcommander.net/privacy/6863/privacy_v2_13.js      https://challenges.cloudflare.com/turnstile/v0/api.js      https://track.adform.net/Serving/Cookie/;    style-src 'self' 'unsafe-inline' 'report-sample';    img-src 'self' data:      https://particulier.edf.fr      https://manager.tagcommander.com/utils/hit.php;    font-src 'self';    connect-src 'self'      https://data.geopf.fr      https://openmaptiles.geo.data.gouv.fr      https://openmaptiles.github.io      https://collect.commander1.com      https://privacy.commander1.com      https://privacy.trustcommander.net      https://cdn.trustcommander.net      https://sentry.economiedenergie.fr      https://events-phoenix.commander1.com      https://trk.edf.fr;    object-src 'none';    frame-src 'self'      https://challenges.cloudflare.com;    worker-src 'self';    manifest-src 'self';    frame-ancestors 'self';    form-action 'self';    base-uri 'self';    report-uri      https://sentry.economiedenergie.fr/api/283/security/?sentry_key=46ddb76860611603da6a84155806a8a6&sentry_environment=prd;    report-to      csp-endpoint 1
connect-src 'self' https://www.ub.uit.no https://www.google.com 1
default-src 'self' frame-ancestors 'self'; connect-src 'self' https://api.newsletter2go.com https://consent.cookiefirst.com https://edge.cookiefirst.com; script-src 'self' 'unsafe-inline' https://static.newsletter2go.com/utils.js https://consent.cookiefirst.com; font-src 'self'; style-src 'self' https://consent.cookiefirst.com 'unsafe-inline'; img-src 'self' data: https://api.newsletter2go.com https://files.newsletter2go.com; frame-src 'self' https://report.sayway.com/s/pj8vbA https://3d-tour.linsenspektrum.de/tour/ https://www.youtube-nocookie.com/embed/; worker-src 'self'; 1
font-src www.paypalobjects.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: fonts.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com/tr/ *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.kiyoh.com https://widget.trustpilot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://www.facebook.com https://ar.salta.com/ challenges.cloudflare.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io images.unsplash.com *.googleapis.com *.gstatic.com https://wohobvimages.s3.eu-central-1.amazonaws.com www.wohi.nl https://wohi.nl www.keurmerk.info www.magezon.com www.google-analytics.com https://fonts.gstatic.com https://consentcdn.cookiebot.com https://connect.facebook.net https://www.facebook.com https://www.google.nl https://www.wohi.nl/media/wysiwyg/kiyoh_logo.webp http://www.hellemachocolade.nl/nieuwsbrief/ https://imgsct.cookiebot.com https://cdnimg.retailrocket.net https://gallery.retailrocket.net https://assets.adobedtm.com *.hsforms.net *.hsforms.com 'self' data: guarantee-cdn.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googleapis.com *.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://widget.trustpilot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://www.facebook.com https://static.cloudflareinsights.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms https://*.clarity.ms https://ajax.googleapis.com https://ar-view-zieny.com https://cdn.jsdelivr.net https://cdn1.profitmetrics.io https://rrstatic.retailrocket.net //cdn.retailrocket.net challenges.cloudflare.com *.hsforms.net *.hsforms.com *.google.com *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com https://pagead2.googlesyndication.com www.google.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://connect.facebook.net https://www.facebook.com https://stats.g.doubleclick.net https://www.clarity.ms https://*.clarity.ms https://tracking.retailrocket.net https://cdn.retailrocket.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.pay.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wohi.nl/paynl/csp/report; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.hotjar.com *.typekit.net cdn.curator.io static.klaviyo.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com *.multisafepay.com https://pay.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com * scontent.fzty3-2.fna.fbcdn.net *.multisafepay.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com *.googleadservices.com *.cookiefirst.com www.datadoghq-browser-agent.com bat.bing.com *.tidio.co *.tidiochat.com *.iubenda.com js-agent.newrelic.com *.multisafepay.com https://pay.google.com *.googletagmanager.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.typeform.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net *.googleapis.com *.curator.io *.cookiefirst.com maxcdn.bootstrapcdn.com *.multisafepay.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src curatorio.s3.amazonaws.com curator-assets.b-cdn.net video-lga3-2.cdninstagram.com video-iad3-1.xx.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com gtm-mm85h6s-nzi2m.uc.r.appspot.com www.google-analytics.com www.google.com maps.googleapis.com *.livechatinc.com www.paypalobjects.com dev.visualwebsiteoptimizer.com www.googletagmanager.com pagead2.googlesyndication.com googleadservices.com rum.ewings.cloud *.multisafepay.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.google.com www.googletagmanager.com www.gstatic.com production3.powermusic.com production3.royaltyfreefitnessmusic.com powermusic.com www.powermusic.com royaltyfreefitnessmusic.com www.royaltyfreefitnessmusic.com; report-uri /.webscale/csp-report 1
default-src 'self'; font-src 'self' fonts.gstatic.com; connect-src apikeys.civiccomputing.com region1.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; img-src 'self' www.google.co.uk; script-src 'self' 'sha256-DSXgEcZ0C6Gsvtb1NkKdPd0sgBG3DjQZlapeGipGQtQ=' 'sha256-hzyz3SKhd3Ybpqsw1kCEaVE9kkkRNSX+eE4Yaxps1Ng=' 'sha256-kkCkm3ch0TczZjKM0ESPCXZ9GDo66cYX3x/3pUib4OM=' 'sha256-ipbBoKixwqjquK36IWNLfyxCJva8UyLfGrfvxPHxr38=' 'sha256-+t757rqGNQwT0q1uqZHS/O5DqZqoP+z9XB2xcJexy44=' 'sha256-02h9Kd7OaXbDwKfiCMcUqDlHhCchx6G7lQz9BnewZ4Q=' www.googletagmanager.com widget.trustpilot.com cc.cdn.civiccomputing.com; style-src 'unsafe-hashes' 'self' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-gj3hXMTISjefzHKc3LvwPGkgIqBnMTl1JhLIdwcC/O8=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-lHUKqGdl+4OehsZGVG+FKk+4B6tXm4KELpn17gDOWYI=' 'sha256-vPkO6PkFMX5iA0kFO1jXAURY633sJnJ60Zv2e1qkvRg=' 'sha256-SO0UQB6fd3Ui8RV8k0GukXnJfp8gsz8gTz71WGkq8MM=' fonts.googleapis.com; frame-ancestors 'self' widget.trustpilot.com; child-src wdiget.trustpilot.com, report-uri https://fx7h2e0u.uriports.com/reports/report; report-to default 1
img-src https://higherlogicdownload.s3.amazonaws.com/POPULATIONASSOCIATION/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/POPULATIONASSOCIATION/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/POPULATIONASSOCIATION/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogicdownload.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogiclongterm.s3.amazonaws.com/POPULATIONASSOCIATION/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/POPULATIONASSOCIATION/ 'self' https://higherlogiclongterm.s3.amazonaws.com/POPULATIONASSOCIATION/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogicdownload.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogicstream.s3.amazonaws.com/POPULATIONASSOCIATION/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/POPULATIONASSOCIATION/ https://higherlogicdownload.s3.amazonaws.com/POPULATIONASSOCIATION/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/POPULATIONASSOCIATION/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.kxcdn.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.googletagmanager.com *.paypal.com https://www.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://www.magezon.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com 'self' assets.braintreegateway.com *.paypal.com *.vimeo.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com https://www.google.com/ *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.google-analytics.com twitter.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.cloudflare.com pay.google.com c.paypal.com *.paypal.com *.typekit.net bat.bing.com static.zdassets.com maps.googleapis.com *.aptrinsic.com 'self' https://t.profitshare.ro https://profitshare.ro/tgt/js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' api.braintreegateway.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.gstatic.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://js.tuna.uy *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://js.tuna.uy *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.hsforms.net *.hsforms.com *.gstatic.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://js.tuna.uy *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://js.tuna.uy *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com landofcoder.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com https://js.klevu.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com https://widgets.payflex.co.za oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://polyfill-fastly.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.oppwa.com oppwa.com *.peachpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com oppwa.com *.oppwa.com *.peachpayments.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GVWns9BJM-vFprXxPqRADg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qjjKVYvqxLT-Xdt5A8S8bA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com landofcoder.com *.mercadolibre.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br https://www.google.com/ https://d335luupugsy2.cloudfront.net https://www.google.com.br https://www.googletagmanager.com *.gstatic.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com landofcoder.com *.avada.io *.mlstatic.com *.mercadopago.com http://viacep.com.br https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br https://d335luupugsy2.cloudfront.net https://static.zdassets.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com/ *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com landofcoder.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com https://ekr.zdassets.com https://sacsitiodamata.zendesk.com https://popups.rdstation.com.br https://pageview-notify.rdstation.com.br wss://widget-mediator.zopim.com https://google.com/ *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.ariba.com https://*.ariba-network.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.newrelic.com *.herokuapp.com *.doubleclick.net/ *.googleapis.com b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://sumatec.co *.google.com.ar *.mercadopago.com *.facebook.com *.newrelic.com *.clarity.ms *.bing.com *.googleapis.com b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.herokuapp.com *.clarity.ms b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.herokuapp.com *.newrelic.com b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.google.com.ar *.doubleclick.com *.doubleclick.net *.clarity.ms b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src b2b.mcstaging.sumatec.co mcstaging.ferricentro.com b2b.mcstaging.ferricentro.com mcstaging.werkindustrial.com sumatec.co ferricentro.com ferrindustria.ferricentro.com werkindustrial.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' data: inrecruitingfr.intervieweb.it; 		connect-src 'self' *.google-analytics.com; 		img-src * data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com www.gstatic.com www.google.com inrecruitingfr.intervieweb.it; 		frame-src 'self' inrecruitingfr.intervieweb.it www.gstatic.com recaptcha.google.com; 		font-src 'self' fonts.googleapis.com data:; 		report-to csp-collection; 		report-uri /wp-json/recrutement-pv/v1/csp-reports 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.oney.io *.staging.oney.io *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hipay-tpp.com *.hipay.com *.googleapis.com *.klarna.com www.googletagmanager.com gum.criteo.com widget.trustpilot.com ct.pinterest.com fledge.eu.criteo.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com https://cdn.clerk.io cdn.doofinder.com *.hipay.com *.oney.io *.staging.oney.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu 'self' data: blob: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.gstatic.com https://api.clerk.io https://cdn.clerk.io cdn.doofinder.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.oney.io *.staging.oney.io *.klarna.com *.klarnacdn.net *.klarnaservices.com tps.trovaprezzi.it cdn.iubenda.com cs.iubenda.com widget.trustpilot.com s.kk-resources.com eu1-config.doofinder.com dynamic.criteo.com s.pinimg.com cdn.clerk.io api.clerk.io ct.pinterest.com sslwidget.criteo.com *.avada.io *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.sendcloud.sc *.jsdelivr.net tm.tradetracker.net tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.doofinder.com *.hipay.com *.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.doofinder.com cdn.iubenda.com *.fontawesome.com *.sendcloud.sc *.jsdelivr.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.doofinder.com wss://*.doofinder.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.oney.io *.staging.oney.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com stats.g.doubleclick.net region1.analytics.google.com eu1-api.doofinder.com mug.criteo.com ct.pinterest.com idb.iubenda.com widget.trustpilot.com measurement-api.criteo.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net www.google.it www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com data: *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com https://seo.mageplaza.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.authorize.net static.addtoany.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.authorize.net static.addtoany.com acsbapp.com apis.google.com *.cloudflare.com cloudflare.com static.cloudflareinsights.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.authorize.net cdn.acsbapp.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.trustedshops.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.facebook.com/ www.google.com youtu.be *.vimeo.com *.addthis.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net gateway.apaylater.com gateway.atome.sg *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: https://www.magezon.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com gateway.apaylater.com gateway.atome.sg https://connect.facebook.net/ *.cloudflare.com *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com gateway.apaylater.com gateway.atome.sg *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://socialplugin.facebook.net/ https://www.facebook.com/ *.cloudflare.com *.googleapis.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.addthis.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://www.mollie.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.mollie.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net *.fontawesome.com *.multisafepay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://analytics.tiktok.com https://graph.tiktok.com https://cdn.landbot.io         data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com js.mollie.com *.authorize.net https://ct.pinterest.com     https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.affirm.com *.affirm.ca *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com magefan.com cm.magefan.com mageside.com https://www.mollie.com https://www.google.co.in https://storage.googleapis.com https://media3.giphy.com https://cdn.landbot.io https://bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net js.mollie.com *.authorize.net https://s.pinimg.com https://ct.pinterest.com https://bat.bing.com https://cdn.landbot.io https://media.sonlineinc.com https://static.cloudflareinsights.com https://www.paypal.com https://www.paypalobjects.com https://*.paypal.com https://*.paypalobjects.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com downloads.mailchimp.com *.fontawesome.com https://static.landbot.io https://cdn.landbot.io https://use.typekit.net https://p.typekit.net      'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.tiktok.com *.tiktok.net https://analytics.tiktok.com https://graph.tiktok.com *.authorize.net https://www.merchant-center-analytics.goog https://storage.googleapis.com https://welcome.landbot.io https://firestore.googleapis.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.co.in https://identitytoolkit.googleapis.com https://ct.pinterest.com https://messages.landbot.io featureassets.org prodregistryv2.org https://analytics-ipv6.tiktokw.us 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src 'self' https://www.youtube.com https://www.googletagmanager.com https://obseu.bmccfortress.com https://DynaFile.ewebinar.com https://td.doubleclick.net https://www.google.com https://recaptcha.google.com https://www.cbvisittracker.com https://app.hubspot.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://analytics.google.com https://api-gateway.scriptintel.io https://js.hs-analytics.net https://forms.hubspot.com https://api.hubspot.com https://track.cbdatatracker.com https://bat.bing.com https://snap.licdn.com https://static.hotjar.com https://a.usbrowserspeed.com https://js.hubspot.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsadspixel.net https://www.cbvisittracker.com https://www.gstatic.com https://www.google.com https://api.hubapi.com https://forms.hscollectedforms.net https://cta-service-cms2.hubspot.com https://monitor.clickcease.com https://px.ads.linkedin.com https://www.googleadservices.com https://analytics.ahrefs.com https://api.unifyintent.com https://q.clarity.ms https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://stats.g.doubleclick.net; default-src 'self'; form-action 'self' https://forms.hubspot.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; navigate-to 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://obseu.bmccfortress.com https://www.clickcease.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspot.com https://js.usemessages.com https://js.hs-banner.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com https://api-gateway.scriptintel.io https://a.usbrowserspeed.com https://snap.licdn.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://track.cbdatatracker.com https://www.cbvisittracker.com https://www.googleadservices.com https://www.gstatic.com https://analytics.ahrefs.com https://tag.unifyintent.com https://www.clarity.ms https://scripts.clarity.ms https://js-na1.hs-scripts.com https://q.clarity.ms; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://js.hs-scripts.com https://obseu.bmccfortress.com https://www.clickcease.com https://static.hotjar.com https://script.hotjar.com https://js.hsadspixel.net https://js.hubspot.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hs-banner.com https://s3-us-west-2.amazonaws.com https://track.cbdatatracker.com https://snap.licdn.com https://api-gateway.scriptintel.io https://a.usbrowserspeed.com https://bat.bing.com https://cdnjs.cloudflare.com https://www.cbvisittracker.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://analytics.ahrefs.com https://tag.unifyintent.com https://www.clarity.ms https://scripts.clarity.ms https://js-na1.hs-scripts.com https://q.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; upgrade-insecure-requests 1
frame-ancestors 'self' ; frame-src 'self' *.google.com *.youtube.com *.doubleclick.net ; connect-src 'self' *.axept.io *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.google.com *.google.fr *.googleadservices.com *.googleapis.com *.mapbox.com *.matomo.cloud *.pointvision.com *.pointvision.fr yoast.com *.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.axept.io *.clarity.ms *.clickcease.com *.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.matomo.cloud *.s4mdsp.com tarteaucitron.io *.youtube.com ; font-src 'self' data: *.gstatic.com ; style-src 'self' 'unsafe-inline' *.mapbox.com *.googleapis.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.pointvision.com *.clarity.ms *.ggpht.com *.google-analytics.com *.google.com *.google.fr *.googletagmanager.com *.gravatar.com *.gstatic.com *.imgix.net *.pointvision.fr *.youtube.com *.ytimg.com 1
default-src 'self'; report-uri https://csp.threatview.app/report; report-to csp-endpoints 1
object-src 'none';base-uri 'self';script-src 'nonce-nBCMZtJAx9Q6uyNeHlviLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net applepay.cdn-apple.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.fontawesome.com https://fonts.bunny.net *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://cdn.cardknox.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cardknox.com/ifields/2.6.2006.0102/ifields.min.js *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://h.online-metrix.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' *.bluekai.com *.doubleclick.net *.facebook.com *.pay.jp *.pa-mieruka.net platform.twitter.com; connect-src 'self' wss: http://*.milltalk.jp https://*.milltalk.jp *.juicer.cc *.facebook.com *.nr-data.net *.o2u.jp *.optimizely.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net; font-src 'self' data:; form-action 'self' http://*.milltalk.jp https://*.milltalk.jp *.facebook.com questant.jp; frame-ancestors 'self' http://*.milltalk.jp https://*.milltalk.jp; img-src 'self' data: *.milltalk.jp s3-ap-northeast-1.amazonaws.com *.s3-ap-northeast-1.amazonaws.com *.s3.ap-northeast-1.amazonaws.com *.adsrvr.org *.adsymptotic.com *.audiencedata.net *.bluekai.com *.eyeota.net *.doubleclick.net *.google.com *.google.co.jp *.google-analytics.com *.analytics.google.com *.facebook.com *.interactive-circle.jp *.tapad.com *.logly.co.jp *.macromill.com *.mookie1.com *.o2u.jp *.rfihub.com *.socdm.com *.treasuredata.com *.amazon-adsystem.com *.ec-concier.com *.id.amgdgt.com a.ddli.jp idsync.rlcdn.com secure.adnxs.com r.turn.com www.googletagmanager.com; media-src 'self'; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.audiencedata.net *.bkrtx.com *.bluekai.com *.doubleclick.net *.ec-concier *.facebook.net *.google.com *.google.co.jp *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.im-apps.net *.iogous.com *.juicer.cc *.logly.co.jp *.newrelic.com *.nr-data.net *.o2u.jp *.optimizely.com *.pay.jp *.st-hatena.com *.treasuredata.com *.twitter.com *.yahoo.co.jp ec-concier.com; style-src 'self' 'unsafe-inline' http://*.milltalk.jp https://*.milltalk.jp 1
frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; style-src-elem app.leadfox.co blog.clubtissus.com www.clubtissus.com fonts.googleapis.com; form-action www.facebook.com payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.facebook.com 'self' 'unsafe-inline'; img-src www.facebook.com ct.pinterest.com google.com www.google.com www.google.ca admin.thefabricclub.ca data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com https://firebasestorage.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src-elem script.hotjar.com www.googletagmanager.com www.clubtissus.com clubtissus.com www.thefabricclub.ca www.google-analytics.com static.hotjar.com www.youtube.com s.pinimg.com google.com connect.facebook.net app.leadfox.co blog.clubtissus.com www.google.com www.gstatic.com 'sha256-B4yPHKaXnvFWtRChIbabYmUBFZdVfKKXHbWtWidDVF8=-0'; frame-src www.google.com vars.hotjar.com www.facebook.com payflowlink.paypal.com ct.pinterest.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; style-src fonts.googleapis.com *.adobe.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com www.paypalobjects.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; script-src www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com static.hotjar.com s.pinimg.com connect.facebook.net clubtissus.com www.clubtissus.com www.thefabricclub.ca assets.adobedtm.com *.adobe.com www.googleadservices.com googleads.g.doubleclick.net analytics.google.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com graph.facebook.com *.avada.io *.shopify.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src www.google-analytics.com ct.pinterest.com in.hotjar.com stats.g.doubleclick.net ws17.hotjar.com wss://ws17.hotjar.com blog.clubtissus.com rest.leadfox.co app.leadfox.co dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UmTD7s-RjXCNr7uQSjsrZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src-elem https://static.klaviyo.com/ https://js.klevu.com/ https://static-tracking.klaviyo.com/ https://www.shopperapproved.com/ https://bat.bing.com/ https://js.stripe.com/ https://www.paypal.com/ https://html5.dcatalog.com/ https://ct.pinterest.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://mockett.services.answerbase.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/nr-spa-1.293.0.min.js www.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem https://maxcdn.bootstrapcdn.com/ https://js.klevu.com/ https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com/ https://mockett.services.answerbase.com/ https://data3.answerbase.com/ https://www.shopperapproved.com/ https://www.shopperapproved.com/seal/2253.css static.klaviyo.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.shopperapproved.com/ https://maxcdn.bootstrapcdn.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.mockett.com/dmcadmin/swatches/iframe/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io github.blog www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://bat.bing.com/ https://www.shopperapproved.com/ https://assets.pinterest.com/ https://data3.answerbase.com/ https://mockett.services.answerbase.com/ https://log.pinterest.com/ https://mockett.com/pub/media/wysiwyg/mockett_sa_milestone_award.png d3k81ch9hvuctc.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com maps.googleapis.com https://m.stripe.network/ https://www.mockett.com/ self 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://statsjs.klevu.com/ https://maps.googleapis.com/ https://mockett.services.answerbase.com/ https://stats.g.doubleclick.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' cdnjs.cloudflare.com https://unpkg.com stackpath.bootstrapcdn.com; script-src-attr 'self'; style-src 'self' https://pro.fontawesome.com https://use.fontawesome.com stackpath.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.revolut.com *.google.com google.com *.cdn-apple.com pay.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online https://*.yahoo.net https://*.criteo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://*.dnafactory.it https://*.dnalab.online https://*.yahoo.net https://*.criteo.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.revolut.com *.google.com *.cdn-apple.com google.com *.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com https://cdn.clerk.io *.feedaty.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.feedaty.com https://*.dnafactory.it https://*.dnalab.online https://*.omappapi.com https://*.liberotech.it https://liberotech.it https://*.bing.com https://*.yahoo.net https://*.criteo.com https://*.krxd.net https://*.thebrighttag.com https://*.doubleclick.net https://*.bidswitch.net https://*.adnxs.com https://*.media.net https://*.rubiconproject.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.adform.net https://*.omnitagjs.com https://*.casalemedia.com https://id5-sync.com https://*.360yield.com https://*.ivitrack.com https://*.mediavine.com https://*.postrelease.com https://*.outbrain.com https://*.pubmatic.com https://*.sharethrough.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.emxdgt.com https://*.kelkoogroup.net https://*.1rx.io https://*.unrulymedia.com/ https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.revolut.com *.google.com *.cdn-apple.com google.com pay.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io *.feedaty.com cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.clerk.io https://*.feedaty.com https://*.dnafactory.it https://*.dnalab.online https://*.facebook.net https://*.criteo.com https://*.omappapi.com https://*.addthis.com https://*.bing.com https://*.kk-resources.com https://*.twenga.it https://*.yandex.ru https://*.yandex.com https://*.yahoo.net https://*.googlesyndication.com *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com *.revolut.com *.google.com *.cdn-apple.com google.com https://*.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com *.doofinder.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://*.feedaty.com https://*.dnafactory.it https://*.dnalab.online https://*.omappapi.com https://*.yahoo.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.yahoo.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.feedaty.com *.doofinder.com wss://*.doofinder.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.feedaty.com https://*.dnafactory.it https://*.dnalab.online google.com https://google.com https://*.google-analytics.com https://*.omappapi.com https://*.liberotech.it https://liberotech.it https://*.scalapay.com https://*.yandex.ru https://*.yandex.com https://*.criteo.com https://*.yahoo.net https://*.googlesyndication.com https://*.kelkoogroup.net https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com *.revolut.com *.cdn-apple.com pay.google.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
; report-uri https://realtyhive.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'nonce-x5J-jsknLpYva84rZc8WyRK2MPFev-0XoVM0en0aYwCXmaounSoTyw' data: 'unsafe-eval' https://www.googletagmanager.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com data: 'unsafe-inline' https://www.paypalobjects.com; base-uri 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com https://www.sandbox.paypal.com https://www.googletagmanager.com; style-src 'self' 'nonce-x5J-jsknLpYva84rZc8WyRK2MPFev-0XoVM0en0aYwCXmaounSoTyw' data: 'unsafe-eval' 'report-sample'; connect-src 'self' https://region1.google-analytics.com; report-uri https://livory-group.de/@http-reporting?csp=report&requestTime=1773709338481353&requestHash=64611ef0e3132ba082da01fbd7bc046fb02879a9 1
default-src 'self'; font-src fonts.gstatic.com; frame-src www.google.com; img-src data: www.gravatar.com; script-src-elem cdnjs.cloudflare.com www.google-analytics.com www.google.com www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' fonts.googleapis.com; report-uri https://a51hosting.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' Voceconstroi.com.br *.Voceconstroi.com.br wake-components.fbitsstatic.net voceconstroi.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.voceconstroi.com.br *.ecommercegateway.com.br *.itau.com.br *.itau.com *.itaushopline.com *.itaushopline.com.br *.clearsale.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.alphassl.com seal.alphassl.com *.navdmp.com *.googleadservices.com *.octadesk.services *.bing.com *.cloudfront.net *.amazonaws.com *.compreconfie.com.br *.g.doubleclick.net *.rdstation.com.br googleadservices.com *.google-analytics.com *.google.com checkout.lojacss.ecommercestore.com.br *.lojacss.ecommercestore.com.br *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.yandex.ru *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br cl.avis-verifies.com wss://signalr.fbits.net wss://signalrcore.fbits.net wss://www2.voceconstroi.com.br:1234 *.googletagmanager.com gstatic.com paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.yango.com *.sandbox.3dsecure.io *.3dsecure.io yandex.com yandex.ru yandex.md yads.tech yango.com *.yandex.com *.yandex.md *.webvisor.com *.webvisor.org *.yastatic.net *.doubleclick.net *.yads.tech t.adx.opera.com *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.Voceconstroi.com.br Voceconstroi.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src *.gstatic.com cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com 'self' data: *.jsdelivr.net *.almapay.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://www.youtube.com https://vimeo.com https://www.dailymotion.com https://www.google.com http://www.google.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.com *.gstatic.com *.doubleclick.net *.imgix.net 'self' data: https://a.tile.openstreetmap.fr https://a.tile.openstreetmap.org https://b.tile.openstreetmap.fr https://b.tile.openstreetmap.org https://c.tile.openstreetmap.fr https://c.tile.openstreetmap.org https://www.google.fr https://fonts.gstatic.com https://www.googletagmanager.com *.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.imgix.net *.axept.io https://www.googletagmanager.com https://www.google.com https://www.gstatic.com *.doubleclick.net cdn.jsdelivr.net jquery.sellxed.com *.avada.io *.google.com *.gstatic.com https://api.instagram.com https://analytics.1789.fr https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com *.gstatic.com *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.axept.io *.google-analytics.com *.google.com *.doubleclick.net *.getalma.eu https://get.geojs.io *.avada.io t.elasticsuite.io https://nominatim.openstreetmap.org https://analytics.1789.fr *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mdPAw3RmSJjXsI71jD3deA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=d5PmUmMguEvkszEu6dfJMdg3mCus52FnAkhYx16f7.g-1773710595.8224664-1.0.1.1-_HAjnQlIunalZBFOTxH.KbGDGaB07ARXFzpQi3tjza2VwdVFqdNiY15_HtTSW3gES9uIJBic9rfwwGF1hSbfBchK938XSUOSyjpYPFtTvQ0hnErAZ7hOwcyL4yvRyPen_YAsZL6kpLnxZ7_HD3RG4POGIxi.K2A2w9gmTIzWXG13r5.1eD7oEn03yX1EBOfz; report-to cf-csp-endpoint 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.shopee.com *.shopeepay.com 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.gstatic.com *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.trustedshops.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net *.tiktok.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl paywall.imoje.pl process.paypo.pl eblik.pl javascript 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com pay.google.com apm.przelewy24.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ tr.snapchat.com ct.pinterest.com *.tiktok.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://images.unsplash.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://firebasestorage.googleapis.com *.cloudflare.com https://cdn.klarna.com *.magentocommerce.com *.tpay.com *.payu.com https://s.ytimg.com *.usercentrics.eu static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: scontent-waw1-1.cdninstagram.com www.google.pl scontent-fra5-2.cdninstagram.com scontent-fra5-1.cdninstagram.com scontent-fra3-2.cdninstagram.com scontent.cdninstagram.com scontent-vie1-1.cdninstagram.com us-ms.gr-cdn.com scontent-fra3-1.cdninstagram.com data.imoje.pl www.google.co.uk www.google.com.tr www.google.hu www.przelewy24.pl pagead2.googlesyndication.com www.admor.co *.google.pl *.gr-cdn.com *.googleadservices.com *.cdninstagram.com *.imoje.pl embedsocial.com *.embedsocial.com *.googlesyndication.com *.snapchat.com t.co *.t.co *.twitter.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com mapa.orlenpaczka.pl *.avada.io *.shopify.com *.cloudflare.com *.usercentrics.eu *.tpay.com *.payu.com player.vimeo.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com ga.getresponse.com www.google.com analytics.tiktok.com code.jquery.com cdnjs.cloudflare.com ruch-osm.sysadvisors.pl gstatic.com googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com admor.co admor.de *.apptrian.com *.facebook.com *.getresponse.com *.gr-cdn.com *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com *.pinimg.com *.sc-static.net *.snapchat.com sc-static.net snapchat.com pinimg.com pinterest.com *.pinterest.com *.ads-twitter.com *.tiktok.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.usercentrics.eu https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com fonts.cdnfonts.com cdnjs.cloudflare.com geowidget.inpost.pl fonts.bunny.net *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com ruch-osm.sysadvisors.pl *.tiktok.com *.cloudfront.net 'self' 'unsafe-inline'; object-src *.tiktok.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net data streetwear.group *.google.pl *.google.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; manifest-src *.tiktok.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.googleapis.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com nominatim.openstreetmap.org https://get.geojs.io *.avada.io *.cloudflare.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com region1.analytics.google.com ga2.getresponse.com graph.instagram.com analytics.pangle-ads.com adservice.google.com ts.getresponse.pl popups1-show.getresponse.com popups1-s.getresponse.com www.google.gr data service.gstatic-cache.com d2pky5fwbi4lk0.cloudfront.net www.google.hr ruch-osm.sysadvisors.pl assets.adobedtm.com *.adobe.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com gstatic.com googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.criteo.net *.criteo.com cdn.mouseflow.com https://geowidget.easypack24.net ga.getresponse.com analytics.tiktok.com code.jquery.com cdnjs.cloudflare.com admor.co admor.de *.apptrian.com *.getresponse.com *.gr-cdn.com *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com *.pinimg.com *.sc-static.net *.snapchat.com sc-static.net snapchat.com pinimg.com pinterest.com *.pinterest.com *.ads-twitter.com *.tiktok.com *.edrone.me *.cloudfront.net 'self' 'unsafe-inline'; child-src *.tiktok.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-SqC8euxmvxGe97e6SjUtTu92_XjariS8nZhbrUkwt6S0eG5PPjw2iA' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; report-uri https://www.asterdmhealthcare.in/@http-reporting?csp=report&requestTime=1773715943737934 1
img-src 'self' data: *.commercecloud.salesforce.com *.googleapis.com *.gstatic.com *.ctfassets.net *.autoshack.com *.autoshack.ca *.demandware.net nova.collect.igodigital.com prd-cdn-talkdesk.talkdesk.com www.facebook.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ca googleads.g.doubleclick.net www.google.com pagead2.googlesyndication.com www.googleadservices.com google.com google.ca *.equalweb.com *.usercentrics.eu www.paypal.com www.paypalobjects.com www.sandbox.paypal.com;script-src 'self' 'unsafe-eval' localhost:* *.site.com *.cybersource.com www.cybersource.com storage.googleapis.com *.autoshack.ca https://api.rates.autoshack.com *.autoshack.com autoshack.ca autoshack.com *.collect.igodigital.com *.googleapis.com talkdeskchatsdk.talkdeskapp.com *.googletagmanager.com *.google-analytics.com clarity.ms www.clarity.ms www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net connect.facebook.net 546006088.collect.igodigital.com *.equalweb.com *.usercentrics.eu ipapi.co script.crazyegg.com *.crazyegg.com crazyegg.com wwww.crazyegg.com runtime.commercecloud.com api.quotiient.com *.doubleclick.net spglobal.com www.paypal.com www.sandbox.paypal.com pay.google.com *.cdn-apple.com www.gstatic.com gstatic.com www.google.com google.com 'unsafe-inline';connect-src 'self' localhost:* *.salesforce-scrt.com *.cybersource.com www.cybersource.com *.googleapis.com api.cquotient.com api.talkdeskappca.com *.autoshack.com *.autoshack.ca *.spglobal.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ca *.clarity.ms pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com *.mobify-storefront.com *.collect.igodigital.com *.equalweb.com *.usercentrics.eu ipapi.co script.crazyegg.com *.crazyegg.com crazyegg.com wwww.crazyegg.com www.facebook.com api.paypal.com api.sandbox.paypal.com www.paypal.com www.sandbox.paypal.com;media-src *.ctfassets.net *.autoshack.com *.autoshack.ca;frame-src *.site.com *.cybersource.com www.cybersource.com *.ctfassets.net youtube.com www.youtube.com vimeo.com www.vimeo.com talkdeskchatsdk.talkdeskapp.com td.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pay.google.com *.cdn-apple.com www.google.com google.com www.gstatic.com gstatic.com *.demandware.net demandware.net development-na01-autoshack.demandware.net staging-na01-autoshack.demandware.net production-na01-autoshack.demandware.net;frame-ancestors 'self' *.salesforce.com *.autoshack.com *.autoshack.ca autoshack.ca autoshack.com;child-src www.facebook.com staticxx.facebook.com *.autoshack.ca *.autoshack.com autoshack.ca autoshack.com www.autoshack.ca www.autoshack.com *.demandware.net demandware.net development-na01-autoshack.demandware.net staging-na01-autoshack.demandware.net production-na01-autoshack.demandware.net www.paypal.com www.sandbox.paypal.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self' blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.criteo.com *.pinterest.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com *.googleapis.com *.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com *.cdninstagram.com *.google.lk *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.media.net *.bing.com *.yieldmo.com *.aralego.com *.3lift.com *.clmbtech.com *.teads.tv *.smaato.net *.rubiconproject.com *.pubmatic.com *.outbrain.com *.aralego.net *.1rx.io *.bluekai.com *.contextweb.com *.unrulymedia.com *.trackedlink.net *.ddlnk.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.googleapis.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.tiktok.com *.pinimg.com *.criteo.com *.pinterest.com *.freshworks.net *.freshworks.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co https://www.bedbathntable.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au *.use.typekit.net *.p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.crazyegg.com googleads.g.doubleclick.net bam-cell.nr-data.net *.lr-ingest.io *.foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.nr-data.net foursixty.com *.pinterest.com *.pangle-ads.com *.tiktok.com *.criteo.com *.google.com *.freshworks.net *.freshworks.com *.attraqt.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src  'self'  'unsafe-inline'; script-src  'unsafe-eval'  'unsafe-inline'  blob:  'self'  chatbot.ecbeing.io  chatecbstgstrgoutside.blob.core.windows.net  https://lightning-recommend.io  https://stg.lightning-recommend.io  show.revico.jp  show.staging.revico.jp  https://event.lib.visumo.io  https://tagdelivery.visumo.io  https://www.visumo.jp  https://video.visumo.jp  http://ajax.googleapis.com  https://connect.facebook.net  https://static.xx.fbcdn.net  https://static-fe.payments-amazon.com  https://static-na.payments-amazon.com  https://assets.payments-amazon.com  https://*.googletagmanager.com  https://www.googletagmanager.com  https://static.line-scdn.net  *.karte.io  blitz-production-action.s3.ap-northeast1.amazonaws.com  https://syndication.twitter.com  https://cdn.syndication.twimg.com  https://analytics.tiktok.com  https://api.awoo.org  https://b99.yahoo.co.jp  https://branshes-f-s.snva.jp  https://cd.valis-cpx.jp  https://cdn-f.adsmoloco.com  https://cdn.activity.smart-bdash.com  https://cdn.jsdelivr.net  https://cdn.microad.jp  https://connect.buyee.jp  https://d.line-scdn.net  https://d.shutto-translation.com  https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://px.ladsp.com  https://r2.snva.jp  https://s.yimg.jp  https://*.clarity.ms  https://unpkg.com  https://yappli.io  https://static.criteo.net  https://sslwidget.criteo.com  https://bnr.cl.unisize.makip.co.jp  https://app2.gorilla-efo.com  https://dmp.im-apps.net  https://fraud-buster.appspot.com  https://use.typekit.net  https://cms.handsup.shop  https://b98.yahoo.co.jp  https://code.jquery.com  https://s.yjtag.jp  https://static.ads-twitter.com  https://tag.ladsp.com  https://cd.ladsp.com  https://cdn.smartnews-ads.com  https://cl.unisize.makip.co.jp  https://fpnpmcdn.net  https://tracker.handsup.shop  https://script.crazyegg.com  https://infird.com  https://seal.globalsign.com  https://ssif1.globalsign.com; connect-src  'self'  chatbot.ecbeing.io  chatecb-stg-saruyama.azurewebsites.net  chatecb-stg-appquestionchoice.azurewebsites.net  chatecb-stg-http-trigger.azurewebsites.net  https://lightning-recommend.io  https://stg.lightning-recommend.io  show.revico.jp  mail.revico.jp  show.staging.revico.jp  mail.staging.revico.jp  https://video.visumo.io  https://video.visumo.jp  https://media.visumo.io  https://contents.visumo.io  https://track.api.visumo.io  https://dc.services.visualstudio.com  https://dpolc4ci3j.execute-api.ap-northeast1.amazonaws.com  https://www.visumo.jp  https://mws.amazonservices.com  https://api.amazon.com  https://payments.amazon.co.jp  https://payments-fe.amazon.com  https://api.amazon.co.jp  https://mws.amazonservices.jp  https://api.sandbox.amazon.com  https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com  https://*.line.me  https://liffsdk.line-scdn.net  *.karte.io  https://platform.twitter.com  https://analytics-ipv6.tiktokw.us  https://analytics.tiktok.com  https://api.awoo.org  https://tra.awoo.org  https://apm.yahoo.co.jp  https://b.shutto-translation.com  https://cdn.microad.jp  https://*.clarity.ms  *.a.run.app  https://pbfnt-us-1.dsp-api.moloco.com  https://pixel-service.awoo.org  https://www.google.com  https://analytics.google.com  https://api-l.unisize.makip.co.jp  https://api.unisize.makip.co.jp  https://bnr.cl.unisize.makip.co.jp  https://api.tigerfly.tw  https://r2.snva.jp  https://app2.gorilla-efo.com  https://audiencedata.im-apps.net  https://branshes-f-s.snva.jp  https://demo-1.conversionsapigateway  https://dm.slim02.jp  https://pixelfnt-us.dsp-api.moloco.c  https://stats.g.doubleclick.net  https://www.facebook.com  https://www.google.co.jp  https://www.google.com.tw  https://www.googleadservices.com  https://api.fpjs.io  https://demo-1.conversionsapigateway.com  https://pixelfnt-us.dsp-api.moloco.com  https://www.google.com.ar  https://connect.facebook.net  https://www.google.co.th  https://googleads.g.doubleclick.net  https://tag.ladsp.jp  https://www.google.com.hk  https://www.google.com.mx  https://www.google.com.vn  https://matomo.handsup.shop  https://o.clarity.ms  https://oneseven-realtime.ably.io  https://ozasp.jp  https://sslwidget.criteo.com  https://status.handsup.shop  https://www.branshes.jp  https://m.media-amazon.com  https://p.typekit.net  https://script.crazyegg.com  https://use.typekit.net  https://www.google.de  https://api.handsup.shop  https://notify.bugsnag.com  https://overbridgenet.com  https://service.handsup.shop  https://sessions.bugsnag.com  https://www.google.co.id  https://www.google.co.kr  https://www.google.com.np  https://universe.send.microad.jp  https://www.google.co.in  https://www.google.com.bd  https://www.google.com.my; img-src  'self'  data:  chatbot.ecbeing.io  chatecbstgstrgoutside.blob.core.windows.net  show.staging.revico.jp  show.revico.jp  https://image.visumo.io  https://video.visumo.io  https://video.visumo.jp  https://media.visumo.io  https://www.visumo.jp  https://s3-ap-northeast-1.amazonaws.com  https://static.xx.fbcdn.net  https://static-fe.payments-amazon.com  https://static-na.payments-amazon.com  https://images-na.ssl-images-amazon.com  https://m.media-amazon.com  https://images-fe.ssl-images-amazon.com  https://*.google-analytics.com  https://*.googletagmanager.com  www.googletagmanager.com  https://ajax.googleapis.com  *.karte.io  img-karte-io.s3.amazonaws.com  https://syndication.twitter.com  https://abs-0.twimg.com  https://pbs.twimg.com  https://www.branshes.com  https://www.branshes.jp  https://b99.yahoo.co.jp  https://pixelfnt-us.dsp-api.moloco.com  https://tr.line.me  https://universe.send.microad.jp  https://www.facebook.com  https://www.google.co.jp  https://www.google.com  https://ad.as.amanad.adtdp.com  https://ade.clmbtech.com  https://c.bing.com  https://cm.g.doubleclick.net  https://criteo-sync.teads.tv  https://cs.media.net  https://eb2.3lift.com  https://gum.criteo.com  https://ib.adnxs.com  https://idsync.rlcdn.com  https://pixel.rubiconproject.com  https://r.casalemedia.com  https://rtb-csync.smartadserver.com  https://simage2.pubmatic.com  https://simage4.pubmatic.com  https://sync-t1.taboola.com  https://sync.1rx.io  https://sync.outbrain.com  https://tg.socdm.com  https://x.bidswitch.net  https://bnr.cl.unisize.makip.co.jp  https://r2.snva.jp  https://app2.gorilla-efo.com  https://connect.facebook.net  https://googleads.g.doubleclick.net  https://px.ladsp.jp  https://www.google.com.tw  https://analytics.tiktok.com  https://b98.yahoo.co.jp  https://cdnjs.cloudflare.com  https://client-side-metrics.jp2.as.criteo.net  https://img.unisize.makip.co.jp  https://inviewv6.ladsp.com  https://pixel-service.awoo.org  https://sztpmc.branshes.com  https://www.google.ca  https://www.google.co.kr  https://www.google.co.uk  https://www.google.com.ar  https://www.google.com.hk  https://www.google.com.sg  https://www.google.ie  https://www.google.se  https://*.clarity.ms  https://www.googleadservices.com  https://www.google.co.th  https://analytics.twitter.com  https://t.co  https://www.google.com.mx  https://www.google.com.vn  https://api.unisize.makip.co.jp  https://i.smartnews-ads.com  https://i6.smartnews-ads.com  https://www.google.bg  https://www.google.it  https://www.google.pl  https://client-side-metrics.sg1.as.criteo.net  https://fonts.gstatic.com  https://www.google.cl  https://www.google.co.id  https://www.google.com.au  https://www.google.com.tr  https://www.google.de  https://www.google.es  https://cdn.jsdelivr.net  https://lh3.googleusercontent.com  https://stats.g.doubleclick.net  https://www.google.com.my  https://www.google.com.np  https://www.google.fr  https://www.google.nl  https://seal.globalsign.com  https://ssif1.globalsign.com  https://www.google.ch  https://www.google.co.in  https://www.google.com.bd  https://www.google.fi; style-src  'unsafe-inline'  'self'  chatbot.ecbeing.io  chatecbstgstrgoutside.blob.core.windows.net  show.revico.jp  show.staging.revico.jp  https://www.visumo.jp  https://assets.payments-amazon.com  fonts.googleapis.com  https://ajax.googleapis.com  https://demo4-m-s.snva.jp  https://maxcdn.bootstrapcdn.com  https://cdn.jsdelivr.net  https://d.shutto-translation.com  https://bnr.cl.unisize.makip.co.jp  https://cdnjs.cloudflare.com  https://fonts.cdnfonts.com  https://unpkg.com  https://use.fontawesome.com  https://p.typekit.net  https://use.typekit.net; media-src  blob:  chatbot.ecbeing.io  chatecbstgstrgoutside.blob.core.windows.net  chatecb-stg-saruyama.azurewebsites.net  https://video.visumo.io  https://video.visumo.jp  https://media.visumo.io  https://show.revico.jp; font-src  'self'  data:  show.revico.jp  show.staging.revico.jp  https://assets.payments-amazon.com  fonts.googleapis.com  fonts.gstatic.com  *.karte.io  https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com  https://fonts.cdnfonts.com  https://use.fontawesome.com  https://use.typekit.net  https://cdn.jsdelivr.net; frame-src  show.revico.jp  show.staging.revico.jp  https://www.facebook.com  https://static-fe.payments-amazon.com  https://static-na.payments-amazon.com  https://payments.amazon.co.jp  www.googletagmanager.com  www.youtube.com  https://platform.twitter.com  https://syndication.twitter.com  https://cache.send.microad.jp  https://gum.criteo.com  https://connect.buyee.jp  https://static.criteo.net  https://um.ladsp.com  https://v3.cl.unisize.makip.co.jp  https://www.branshes.jp  https://handsup.shop  https://gumi.criteo.com; worker-src  'self'  blob:; report-to  csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.boxnow.gr *.boxnow.cy *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com *.auglio.com cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.piraeusbank.gr *.vivapayments.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.boxnow.gr *.boxnow.cy x.grxchange.gr iframe.auglio.com *.twitter.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.boxnow.gr *.boxnow.cy https://firebasestorage.googleapis.com *.designer-images.net trustmark.gr greca-obj.adman.gr *.dustandcream.gr www.google.gr l.sharethis.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.boxnow.gr *.boxnow.cy *.avada.io *.stat-track.com polyfill.io *.moosend.com static.adman.gr trustmark.gr go.linkwi.se mirror.virtooal.com greca.adman.gr tryon.auglio.com static.cloudflareinsights.com auglio.pages.dev cdn.stat-track.com platform-api.sharethis.com buttons-config.sharethis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.piraeusbank.gr *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.moosend.com *.bootstrapcdn.com cdnjs.cloudflare.com use.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.dustandcream.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.boxnow.gr *.boxnow.cy https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com greca.adman.gr static.adman.gr www.virtooal.com iframe.auglio.com t.stat-track.com forms.m-pages.com l.sharethis.com tryon.auglio.com *.cloudflare.com *.twitter.com *.twimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src iframe.auglio.com greca.adman.gr auglio.pages.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TOI5COAthD4OkkD1EOIzsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com use.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.pre.globalgetnet.com https://api.globalgetnet.com magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.getbeamer.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://newimgebit-a.akamaihd.net *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.getbeamer.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://imgs.ebit.com.br https://newimgebit-a.akamaihd.net *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com *.facebook.net *.getbeamer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline use.fontawesome.com *.getbeamer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://newimgebit-a.akamaihd.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.getbeamer.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com https://applepay.cdn-apple.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com p.monetico-services.com/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cl.avis-verifies.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com t4.my-probance.one/ www.google.fr t4.my-probance.one https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://secure-magenta.dalenys.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com static.cloudflareinsights.com ajax.cloudflare.com/ t4.my-probance.one/ t4.my-probance.one *.avada.io *.shopify.com js.mollie.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com https://secure-magenta.dalenys.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com maps.googleapis.com region1.analytics.google.com https://get.geojs.io *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src t4.my-probance.one/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.minecraft.jp; script-src 'self' 'unsafe-inline' 'nonce-Qiq5oAFoqPkAeuMLCuF-LQ' 'report-sample' https://*.minecraft.jp https://ajax.googleapis.com https://apis.google.com https://connect.facebook.net https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.minecraft.jp; img-src 'self' data: https://*.minecraft.jp https://*.gstatic.com https://www.facebook.com; font-src 'self' data:; frame-src https://*.facebook.com https://*.twitter.com; report-uri https://report-uri.appspot.com/987875600540635136?ro=1 1
font-src *.googleapis.com *.gstatic.com https://script.hotjar.com *.kueskipay.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.kueskipay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api-static.mercadopago.com td.doubleclick.net *.kueskipay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.hotjar.com cdn.aplazo.mx www.google.com.mx *.kueskipay.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com cdn.conekta.io conektaapi.s3.amazonaws.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.jsdelivr.net *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com fonts.gstatic.com unsafe-inline assets.braintreegateway.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com api.conekta.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.kueskipay.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net maxcdn.bootstrapcdn.com fonts.gstatic.com widget-v4.tidiochat.com x.klarnacdn.net code.tidio.co data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com www.googletagmanager.com td.doubleclick.net *.doubleclick.net pagead2.googlesyndication.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com https://resources.paytrail.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net *.googleusercontent.com cdnjs.cloudflare.com facebook.com google.se *.google.fi avatars.tidiochat.com resources.paytrail.com pagead2.googlesyndication.com google.com maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com code.tidio.co widget-v4.tidiochat.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com widget-v4.tidiochat.com code.tidio.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com sentry-new.tidio.co wss://socket.tidio.co api-v2.tidio.co google.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google.com www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=AH8B_z33DihE.MPnCMX5640WeHaTRuG0wW7enC8yFQY-1773713688.1288753-1.0.1.1-NU2_C3cAB28zapYfmoBEnMeAaQd4im2aZDgVaHPCpxILPZ3xlzYvc5byhQo3YB0CKN.6bMmkVIkKc2Td.iWrEGOL0kCsintbMwpKULxtxBVRWGpU5Yw66n0iBsAH4TuZF4KMU_lUQJslHLxSucYd8f1VGeii.MUgmSxeunMULLCgOmiuXQS4pQlEVxTCKxfqQTVG5TLvsaD8c8J6RN_S.g; report-to cf-etyakadkmnzptmms 1
connect-src 'self' *.google-analytics.com ws: http://localhost:* https://localhost:*; default-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
font-src maxcdn.bootstrapcdn.com *.cloudfront.net *.zohocdn.com *.amazonaws.com *.gstatic.com; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googleapis.com *.gstatic.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudfront.net *.facebook.com *.zohocdn.com *.zohopublic.in *.google.co.in 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.cloudfront.net *.cloudflare.com *.fontawesome.com *.zohocdn.com *.zoho.in *.facebook.net *.google.com www.gstatic.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.cloudfront.net *.zohocdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com https://www.google-analytics.com *.cloudfront.net *.paypal.com *.zoho.in *.cardinalcommerce.com *.zohopublic.in wss://vts.zohopublic.in *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: blob: https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: https:; frame-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; connect-src 'self' https:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com https://static.addtoany.com/ *.instagram.com www.google.com js.stripe.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com ad.ipredictive.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://redchamps.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com js.stripe.com *.matomo.cloud https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://shopstarship.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://stats.addtoany.com/menu *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.matomo.cloud https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kAxT61CidZqKM0CNb5VfGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xo9kcDPhVHkVbKSxZVNDTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com 'unsafe-inline' data: *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com https://www.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.hana.ondemand.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.meetanshi.com *.addthis.com *.pinterest.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com https://www.magezon.com *.meetanshi.com https://meetanshi.com/media/logo.png *.cloudflare.com https://cdn.klarna.com *.youtube.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.jsdelivr.net *.facebook.com *.azurewebsites.net app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://browser.sentry-cdn.com s7.addthis.com https://www.google.com *.meetanshi.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.mouseflow.com *.nr-data.net www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.cloudflare.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.ingest.sentry.io ekr.zdassets.com/ *.meetanshi.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.testfreaks.com *.ksearchnet.com *.klevu.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar connect.facebook.net graph.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.google.com https://www.gstatic.com *.avada.io business.facebook.com www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com www.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com one.elavonpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com *.klarnacdn.net fonts.googleapis.com www.yorkshirecaravans.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sagepay.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.yorkshirecaravans.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.yorkshirecaravans.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://my.matterport.com https://secure-img3.caravanfinder.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com landofcoder.com maps.googleapis.com chart.googleapis.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com www.yorkshirecaravans.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://secure-img.webpurchaseimages.co.uk https://secure-render2.caravanfinder.co.uk https://secure.caravanfinder.co.uk https://maps.gstatic.com https://maps.googleapis.com https://secure-render1.caravanfinder.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://lh3.googleusercontent.com https://*.gstatic.com https://googleads.g.doubleclick.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.yorkshirecaravans.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com https://*.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://use.fontawesome.com https://assets.adobedtm.com https://secure.authorize.net https://test.authorize.net https://www.googleadservices.com https://js.braintreegateway.com https://maps.google.com https://connect.facebook.net https://secure-render2.caravanfinder.co.uk https://static.cloudflareinsights.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com maps.googleapis.com chart.googleapis.com *.sagepay.com https://maps.googleapis.com https://www.gstatic.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.yorkshirecaravans.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://secure-render2.caravanfinder.co.uk https://secure-render1.caravanfinder.co.uk *.klarnacdn.net https://static.klaviyo.com assets.braintreegateway.com www.yorkshirecaravans.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.yorkshirecaravans.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com maps.googleapis.com chart.googleapis.com *.sagepay.com https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.yorkshirecaravans.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.yorkshirecaravans.com http: https: blob: 'self' 'unsafe-inline'; default-src www.yorkshirecaravans.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.svea.com https://*.vipps.no https://*.trustly.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com static.addtoany.com vars.hotjar.com ct.pinterest.com checkoutapi.svea.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.weltpixel.com *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.svea.com https://td.doubleclick.net/ td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com www.google.se merit.soliditet.se maps.gstatic.com maps.googleapis.com ct.pinterest.com s.pinimg.com www.google.co.uk px.ads.linkedin.com cookie-cdn.cookiepro.com *.trustpilot.net *.trustpilot.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com *.google.pl www.google.pl px4.ads.linkedin.com *.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com static.addtoany.com maps.googleapis.com cookie-cdn.cookiepro.com static.zdassets.com script.hotjar.com static.hotjar.com snap.licdn.com s.pinimg.com checkoutapi.svea.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com *.trustpilot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://*.svea.com 'self' 'unsafe-inline' 'unsafe-eval' *.pod-29.zendesk.com https://pod-29.zendesk.com/sc/faye *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com *.trustpilot.com https://static.klaviyo.com tagmanager.google.com https://cdn.jsdelivr.net https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com www.facebook.com *.facebook.net stats.g.doubleclick.net pagead2.googlesyndication.com ct.pinterest.com cookie-cdn.cookiepro.com vesaniswedenab.zendesk.com geolocation.onetrust.com *.analytics.google.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval' *.pod-29.zendesk.com https://pod-29.zendesk.com/sc/faye *.zendesk.com *.hotjar.io *.klaviyo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magefan.com cm.magefan.com *.disqus.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.cloudfront.net https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.disqus.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.cloudflare.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.dhlparcel.nl *.fontawesome.com https://fonts.bunny.net http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.facebook.com www.xtento.com https://www.googletagmanager.com/ landofcoder.com *.multisafepay.com https://pay.google.com http://www.youtube.com https://vars.hotjar.com https://consentcdn.cookiebot.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.facebook.com *.fournituren4fun.eu *.googleapis.com www.xtento.com cdn.xtento.com *.disqus.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://firebasestorage.googleapis.com *.multisafepay.com *.hsforms.net *.hsforms.com https://stats.g.doubleclick.net https://www.google.com http://www.google.com https://www.google.nl http://www.google.nl https://dev.visualwebsiteoptimizer.com http://www.w3.org 'self' data: https://imgsct.cookiebot.com 'self'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.dhlparcel.nl *.newrelic.com *.nr-data.net www.xtento.com cdn.xtento.com *.disqus.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ landofcoder.com *.avada.io *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://polyfill.io http://assets.pinterest.com https://log.pinterest.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.googletagmanager.com http://dev.visualwebsiteoptimizer.com https://www.google.com https://www.gstatic.com *.google.com *.gstatic.com https://www.clarity.ms https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://static.dhlecommerce.nl https://scripts.clarity.ms https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.dhlparcel.nl *.fontawesome.com https://fonts.bunny.net *.multisafepay.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.googleapis.com *.facebook.com *.nr-data.net *.analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ landofcoder.com https://get.geojs.io *.avada.io *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://in.hotjar.com https://vc.hotjar.io *.google-analytics.com https://www.google.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.sitepen.com; base-uri 'self'; child-src *; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com; font-src 'self' fonts.gstatic.com use.typekit.net; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src *; media-src *; object-src 'self'; report-to default; report-uri https://sitepen.report-uri.com/r/d/csp/reportOnly; script-src 'self' 'unsafe-inline' www.google-analytics.com player.vimeo.com; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self' 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vmtawsjkbhlls5jckka33h0c.httpschecker.net/report 1
default-src 'self'; img-src 'self' data: 'unsafe-eval' https://cdn.rand.com https://s1749.t.eloqua.com https://cihost.uberflip.com https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://match.adsrvr.org https://ps.eyeota.net https://px.ads.linkedin.com https://b.6sc.co https://ml314.com https://chatserver12.comm100.io https://www.google.com https://www.google.ca https://www.google-analytics.com https://insights.sitesearch360.com https://content.cdntwrk.com https://i.ytimg.com https://app.cdntwrk.com https://blogs.rand.com https://vue.comm100.com https://www.googletagmanager.com https://bat.bing.com https://tags.bluekai.com https://cm.g.doubleclick.net https://ws.rqtrk.eu https://pippio.com https://pixel.tapad.com https://dmp.adform.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://googleads.g.doubleclick.net https://ajax.aspnetcdn.com https://img.en25.com/i/elqCfg.min.js https://img.en25.com/i/elqCfg.min.js https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.sitesearch360.com/ https://j.6sc.co/6si.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://vue.comm100.com https://ml314.com https://415621.tctm.xyz/t.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://content.cdntwrk.com; connect-src 'self' https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co https://stats.g.doubleclick.net https://chatserver12.comm100.io https://cdn.linkedin.oribi.io https://analytics.google.com https://epsilon.6sense.com https://insights.sitesearch360.com ; font-src 'self' data: https://fonts.gstatic.com https://vue.comm100.com; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; 1
default-src 'self' www.google-analytics.com  cdnjs.cloudflare.com 'unsafe-inline' bam.nr-data.net; script-src 'self' bam.nr-data.net www.googletagmanager.com 'unsafe-inline' ajax.googleapis.com www.google-analytics.com cdn.jsdelivr.net js-agent.newrelic.com static.addtoany.com unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'  www.google-analytics.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com use.fontawesome.com www.google-analytics.com img.youtube netdna.bootstrapcdn.com; img-src 'self' data: https: img.youtube.com google-analytics.com; frame-src 'self' static.addtoany.com www.youtube.com; font-src 'self' use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com netdna.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' https:; img-src 'self' data: https://cdn.shopify.com https://cdn.sweettooth.io https://alb.reddit.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://*.bing.com https://*.clarity.ms https://*.gorgias.io https://*.gorgias.chat https://services.postcodeanywhere.co.uk https://dev.poq.io/ https://productreviews-attachments.trustpilot.com https://proxy.elfsightcdn.com https://www.googletagmanager.com https://api-uploads-cdn.sweettooth.io https://dev.visualwebsiteoptimizer.com https://i.ytimg.com https://www.facebook.com https://d2bzfgi7sjutmd.cloudfront.net https://static.elfsight.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://s3.amazonaws.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.redditstatic.com https://cdn.rollbar.com https://polyfill.io https://*.gorgias.chat https://*.hotjar.com https://*.bing.com https://*.clarity.ms https://analytics.tiktok.com https://shy.elfsight.com https://static.elfsight.com https://cdn.sweettooth.io https://www.dwin1.com https://services.postcodeanywhere.co.uk https://dev.poq.io/ https://client-builds.production.gorgias.chat https://dev.visualwebsiteoptimizer.com https://the.sciencebehindecommerce.com https://connect.facebook.net https://websdk.appsflyer.com https://*.fontawesome.com https://*.klaviyo.com https://*.mention-me.com https://cdn.amplitude.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://dev.poq.io https://*.typekit.net; connect-src 'self' https://storeapi.arenaflowers.com/ https://*.arenaflowers.net https://services.postcodeanywhere.co.uk https://arenaflowers.us7.list-manage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://*.gorgias.chat https://*.hotjar.com https://*.bing.com/ https://*.clarity.ms https://stats.g.doubleclick.net https://analytics.tiktok.com https://api.trustpilot.com https://api.rollbar.com https://dev.poq.io/ https://api.segment.io https://api.instacloud.io https://dev.visualwebsiteoptimizer.com https://the.sciencebehindecommerce.com https://vc.hotjar.io https://adservice.google.com https://banner.appsflyer.com https://*.klaviyo.com https://*.analytics.google.com https://*.doubleclick.net https://*.mention-me.com https://cdn.amplitude.com wss://*.gorgias.chat wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://mention-me.com; report-uri https://qavfg2ndxaczvneictfzdaap2m0xlrlc.lambda-url.eu-west-1.on.aws/; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-wg2awC-qbzlkJOSDT499Uw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com fonts.googleapis.com assets.ottu.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com sandbox.ottu.net sandbox.ottu.dev assets.ottu.net pay.muscatdutyfree.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com landofcoder.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com assets.ottu.net assets.ottu.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.addtoany.com assets.ottu.net assets.ottu.dev 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com landofcoder.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io http://dpm.demdex.net sentry.ottu.net sdkstudio.ottu.dev sdkstudio.ottu.net sandbox.ottu.dev sandbox.ottu.net pay.muscatdutyfree.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.unitek.com *.nitrocdn.com *.googleapis.com *.cloudflare.com; script-src-elem mc.yandex.ru *.gtranslate.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitek.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.googleadservices.com *.nitrocdn.com *.bing.com cdn.calltrk.com snap.licdn.com *.clickcease.com *.clarity.ms rdata.mpio.io js.callrail.com cdn.jsdelivr.net nexus.ensighten.com *.mxradon.com cdata.modernpostcard.com *.cloudflareinsights.com *.cloudflare.com *.facebook.net aa.agkn.com mc.yandex.ru embed.typeform.com blob: data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com api.ipify.org js.callrail.com *.clarity.ms *.nitrocdn.com *.getnitropack.com *.google.com *.doubleclick.net www.facebook.com *.bing.com *.unitek.com monitor.clickcease.com *.gtranslate.net data:; font-src 'self' *.nitrocdn.com *.gstatic.com *.cloudflare.com zip.co data:; media-src 'self' data:; img-src * data:; frame-src 'self' insight.adsrvr.org *.cloudfront.net *.doubleclick.net *.facebook.com *.google.com *.vimeo.com *.youtube.com data:; worker-src blob:; child-src blob:; report-uri https://dreamwire.uriports.com/reports/report; report-to default 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; frame-ancestors 'self'; report-uri https://account-subdomain.uriports.com/reports/report; report-to default 1
font-src *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.klaviyo.com 'self' data: use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.hsforms.com *.hsforms.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.affirm.com *.affirm.ca *.youtube.com/ *.hs-sites.com *.hsforms.com *.hsforms.net *.roomvo.com app.hubspot.com *.googlesyndication.com *.doubleclick.net *.googleadservices.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://maps.gstatic.com/ *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.affirm.com *.affirm.ca *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.com *.hubspot.com static.hsappstatic.net *.hsforms.net *.roomvo.com *.googlesyndication.com m.bbb.org tpc.googlesyndication.com www.google.pl yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com https://maps.googleapis.com https://tabrizi.com/ *.roomvo.com player.vimeo.com https://*.clarity.ms *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hotjar.com *.hs-scripts.com *.hs-banner.com *.usemessages.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.paypal.com *.ampproject.org pagead2.googlesyndication.com *.doubleclick.net a.klaviyo.com *.hsforms.com *.hsforms.net js.hsadspixel.net js.hscollectedforms.net *.addtoany.com *.sentry-cdn.com *.hs-analytics.net *.hubspot.com *.licdn.com *.safeframe.googlesyndication.com static.addtoany.com telemetrics.klaviyo.com track.hubspot.com cta-service-cms2.hubspot.com fast.a.klaviyo.com m.bbb.org maps.gstatic.com static.hsappstatic.net static.hubspot.com static.klaviyo.com tpc.googlesyndication.com *.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com *.hscta.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com https://maps.googleapis.com https://*.clarity.ms *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hsforms.com *.hsforms.net *.hotjar.com *.roomvo.com *.hotjar.io wss://ws.hotjar.com m.bbb.org tpc.googlesyndication.com track.hubspot.com api.hubapi.com api.hubspot.com cta-service-cms2.hubspot.com forms.hscollectedforms.net pagead2.googlesyndication.com region1.analytics.google.com securepubads.g.doubleclick.net t.elasticsuite.io yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.hcaptcha.net https://*.azureedge.net https://*.azurefd.net 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; media-src 'self' https:; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookie-script.com https://www.eek.ee https://vjs.zencdn.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.datatables.net https://t.contentsquare.net https://connect.facebook.net https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.eek.ee https://vjs.zencdn.net https://cdn.datatables.net; img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://google.com https://www.google.ee; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://t.contentsquare.net; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net; 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ingest.sentry.io *.acsbapp.com *.tiqcdn.com;    style-src 'self' 'unsafe-inline';    img-src 'self' blob: data: images.ctfassets.net otbnet.d3.sc.omtrdc.net;    media-src 'self' blob: data: dacastmmod-mmd-cust.lldns.net;    font-src 'self';    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    upgrade-insecure-requests;    connect-src 'self' *.ingest.sentry.io *.acsbapp.com *.tiqcdn.com dacastmmod-mmd-cust.lldns.net otbnet.d3.sc.omtrdc.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net; style-src 'self' 'unsafe-inline' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net fonts.googleapis.com; img-src 'self' data: blob: *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net *.gravatar.com *.wp.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net *.youtube.com *.vimeo.com; frame-ancestors 'self' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net; connect-src 'self' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net; media-src 'self' *.detecon.com *.stc.info *.stc365.de *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspotusercontent.com *.usemessages.com *.hubspot.net; base-uri 'self'; form-action 'self' 1
object-src  'none'; connect-src 'self' *.oopsieanimated.com *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.oopsieanimated.com *.adulttime.com join.gammasecure.com; script-src 'self' *.oopsieanimated.com *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.oopsieanimated.com *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://firebasestorage.googleapis.com https://maps.googleapis.com https://maps.gstatic.com flagpedia.net t.zip.co static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api.addressfinder.io *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://api.goaffpro.com https://static.goaffpro.com *.avada.io *.shopify.com https://maps.googleapis.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com static.zip.co zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://api.addressfinder.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://api.goaffpro.com https://static.goaffpro.com https://get.geojs.io *.avada.io https://maps.googleapis.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-op8p9baWUKKXcWlYVP244A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com maps.gstatic.com guarantee-cdn.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com apis.google.com *.affirm.com *.affirm.ca *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.ruggedmade.com *.googleapis.com maps.googleapis.com *.cloudflare.com guarantee-cdn.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com https://static.klaviyo.com assets.braintreegateway.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.affirm.com *.affirm.ca *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.stape.io https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: https://*.sovendus.com sw-assets.ekomiapps.de schroniskobukowina.pl geowidget.easypack24.net *.ekomiapps.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com schroniskobukowina.pl 'self' 'unsafe-inline'; frame-ancestors schroniskobukowina.pl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com play.google.com *.autopay.eu cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com td.doubleclick.net www.googletagmanager.com more.edrone.me pudofinder.dpd.com.pl inpost.pl bat.bing.com youtube.com tally.so.x.8f6b6a3108c7e043de0ade801f2f5b1af46d.9270fc5e.id.opendns.com tally.so.x.2b2eaeb70669a04a06094ec0ef003bf0fc66.9270fc52.id.opendns.com tally.so.x.64db8c23030890405b09c4c038baeabb723e.9270fc42.id.opendns.com schroniskobukowina.pl 'self' testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com https://images.unsplash.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.disqus.com *.google.com.ua *.google.co.uk *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.stape.io https://img.youtube.com https://firebasestorage.googleapis.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: https://*.sovendus.com consent.cookiefirst.com smart-widget-assets.ekomiapps.de www.google.pl bat.bing.com c.clarity.ms www.google.it www.google.se sw-assets.ekomiapps.de ekomi-srr.s3.eu-central-1.amazonaws.com www.google.com.bd www.google.com.eg www.google.fr dgk28ckagqims.cloudfront.net pagead2.googlesyndication.com ruch-osm.sysadvisors.pl www.google.ie www.magentocommerce.com www.google.pt www.google.ch www.google.cz www.google.com.ng www.google.dk data www.google.sk www.google.no www.google.gr www.google.es www.google.hr blob www.google.dz www.google.is www.google.fi www.google.at www.google.ca www.google.lt www.google.iq www.google.hu www.google.ro www.google.co.uk restauracja.schroniskobukowina.pl www.google.co.cr c.bing.com lh3.googleusercontent.com schroniskobukowina.pl images.autopay.eu upload.cdn.baselinker.com bat.bing.net ssl.google-analytics.com d3vhsxl1pwzf0p.cloudfront.net api.trustisto.com *.clarity.ms www.google-analytics.com analytics.google.com testimages.autopay.eu geowidget.easypack24.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com https://cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.stape.io *.avada.io *.shopify.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com https://*.sovendus.com https://www.sovopt.com https://static.sovopt.com https://www.getback.ch consent.cookiefirst.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de bat.bing.com d3bo67muzbfgtl.cloudfront.net ruch-osm.sysadvisors.pl static.hotjar.com script.hotjar.com www.clarity.ms pagead2.googlesyndication.com cdnjs.cloudflare.com cards.autopay.eu geowidget.inpost.pl tally.so scripts.clarity.ms js.trustisto.com schroniskobukowina.pl 'self' cdn.cards.autopay.eu d3vhsxl1pwzf0p.cloudfront.net api.edrone.me testcards.autopay.eu cdn.jsdelivr.net s7.addthis.com geowidget.easypack24.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.autopay.eu *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://cdn.jsdelivr.net *.googletagmanager.com *.stape.io https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com https://static.getback.ch https://*.sovendus.com consent.cookiefirst.com sw-assets.ekomiapps.de d3bo67muzbfgtl.cloudfront.net smart-widget-assets.ekomiapps.de ruch-osm.sysadvisors.pl geowidget.easypack24.net geowidget.inpost.pl schroniskobukowina.pl 'self' testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu cdn.jsdelivr.net  'self' 'unsafe-inline'; object-src schroniskobukowina.pl 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net data www.youtube.com youtube.com schroniskobukowina.pl 'self' 'unsafe-inline'; manifest-src schroniskobukowina.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com https://*.sovendus.com https://www.sovendus-benefits.com https://www.sovendus-campaign.com https://www.sovendus-connect.com https://www.sovendus-network.com smart-widget-assets.ekomiapps.de consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com bat.bing.com www.google.pl ws.hotjar.com api.edrone.me data api-s.edrone.me properties www.google.com.bd www.google.com.hk www.google.se ruch-osm.sysadvisors.pl www.google.it region1.google-analytics.com pagead2.googlesyndication.com www.google.co.uk www.google.ch spay.samsung.com www.google.nl www.google.fr www.google.com.ng www.google.de www.google.dk region1.analytics.google.com www.google.com adservice.google.com t.clarity.ms e.clarity.ms r.clarity.ms j.clarity.ms v.clarity.ms vc.hotjar.io p.clarity.ms y.clarity.ms www.google.es www.google.no widgets.ekomi.com www.google.sk www.google.cz x.clarity.ms www.google.com.eg www.google.at m.clarity.ms sw-assets.ekomiapps.de app.autopay.pl w.clarity.ms o.clarity.ms z.clarity.ms q.clarity.ms s.clarity.ms bat.bing.net k.clarity.ms h.clarity.ms a.clarity.ms l.clarity.ms schroniskobukowina.pl f.clarity.ms n.clarity.ms api.trustisto.com js.trustisto.com 'self' *.cloudfront.net googleads.g.doubleclick.net analytics.google.com ekr.zdassets.com 'self' 'unsafe-inline'; child-src schroniskobukowina.pl http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com schroniskobukowina.pl 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri schroniskobukowina.pl 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net 'self' data: *.google.com *.google.co.in https://fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.chimpstatic.com *.googleadwordswidget.com *.nr-data.net *.newrelic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.cloudfront.net www.youtube-nocookie.com *.google.com *.cloudflare.com *.chimpstatic.com *.googleadwordswidget.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube-nocookie.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.weltpixel.com *.cloudfront.net https://www.google.com https://www.google.co.in *.cloudflare.com *.trustpilot.com *.flashingblinkylights.com *.fullstory.com *.googleadwordswidget.com *.nr-data.net *.newrelic.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.youtube-nocookie.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.cloudfront.net *.google.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.magentocommerce.com *.flashingblinkylights.com *.herokuapp.com *.cloudflare.com *.doubleclick.net *.chimpstatic.com *.fullstory.com *.googleadwordswidget.com *.nr-data.net *.newrelic.com https://meetanshi.com/media/logo.png blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube-nocookie.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.paypal.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.fullstory.com fullstory.com *.trustpilot.com *.springbot.com *.gstatic.com *.chimpstatic.com *.cloudflare.com *.hellobar.com chimpstatic.com *.googleadwordswidget.com *.googleapis.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com guarantee-cdn.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.cloudfront.net *.paypal.com www.youtube-nocookie.com *.googleapis.com *.google.com *.google.co.in *.cloudflare.com *.bootstrapcdn.com *.flashingblinkylights.com *.fullstory.com *.googleadwordswidget.com *.nr-data.net *.newrelic.com *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net www.youtube-nocookie.com *.google.co.in *.fullstory.com *.cloudflare.com *.flashingblinkylights.com *.chimpstatic.com *.googleadwordswidget.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.reviews.io *.reviews.co.uk *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.reviews.io *.reviews.co.uk *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com https://unpkg.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.avada.io *.reviews.io *.reviews.co.uk *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-3qPiY2JnsT6QSyEw8xZS6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.amplitude.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.stripe.com https://accounts.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' data: blob: https://accounts.google.com https://www.googleapis.com https://oauth2.googleapis.com https://*.google-analytics.com https://*.amplitude.com https://api.stripe.com https://*.sentry.io https://www.googletagmanager.com; media-src 'self' data: blob:; frame-src 'self' https://www.youtube.com https://osrd6v6dgck.typeform.com https://www.g2.com https://js.stripe.com https://accounts.google.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; report-uri /csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-zbGLLYUZB81RDpvqmWQB1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5Qbzo2GdfIRf3vwe2kV_bA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.adobe.com *.facebook.com *.facebook.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://meetanshi.com/media/logo.png magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com guarantee-cdn.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com *.facebook.net landofcoder.com *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.typeform.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.apptrian.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com landofcoder.com *.google-analytics.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src https://use.typekit.net/byt4ecx.css https://p.typekit.net/ https://*.smartsuppcdn.com/ 'self' 'unsafe-inline' https://cdn.luigisbox.com/ https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/; font-src https://use.typekit.net/ https://*.smartsuppcdn.com/ 'nonce-Nh0SNJjvDhIiaP/ESAV+jg==' 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com/ data:; script-src 'unsafe-eval' 'nonce-Nh0SNJjvDhIiaP/ESAV+jg==' 'strict-dynamic' 'unsafe-inline' https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.luigisbox.com/ https://scripts.luigisbox.com/ https://scripts.luigisbox.tech/ https://tagmanager.google.com/; connect-src https://ares.gov.cz/ https://maps.googleapis.com/ https://google.com/ https://*.google.com/ https://*.google.cz/ https://*.leady.com/ https://bat.bing.net/ https://bat.bing.com/ https://*.amazonaws.com/ https://*.smartsuppchat.com/ https://*.smartsuppcdn.com/ wss://*.smartsuppcdn.com/ wss://*.smartsupp.com/ https://*.clarity.ms/ https://*.seznam.cz/ https://*.googlesyndication.com/ https://www.facebook.com/ https://artisan.ecomailapp.cz/ 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.openstreetmap.org/ https://*.cpost.cz/ https://*.mapy.cz/ https://api.luigisbox.com/ https://live.luigisbox.com/ https://api.luigisbox.tech/ https://live.luigisbox.tech/ https://stats.g.doubleclick.net/ https://www.google.com/pagead/ https://analytics.google.com/ https://*.analytics.google.com/ https://*.google-analytics.com/ https://www.google.sk/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/; frame-src https://assets.pinterest.com/ https://*.doubleclick.net/ https://*.zbozi.cz/ 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com/ https://www.youtube.com/ https://www.instagram.com/ https://www.facebook.com/ https://twitter.com/ https://twitframe.com/ https://www.google.com/ https://www.google.sk/ https://www.google.cz/ https://www.googletagmanager.com/ https://apis.google.com/ https://gate.gopay.cz/ https://gate.gopay.com/ https://gw.sandbox.gopay.com/; img-src https://maps.gstatic.com/ https://*.seznam.cz/ https://*.zbozi.cz/ https://bat.bing.net/ https://*.bing.com/ https://*.smartsuppcdn.com/ https://*.clarity.ms/ https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ https://*.amazonaws.com/ https://*.cloudfront.net/ https://*.facebook.net/ https://*.artisan.cz/ https://artisan.cz/ 'nonce-Nh0SNJjvDhIiaP/ESAV+jg==' 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com/ https://www.google.cz/ blob: https://maps.googleapis.com/ https://*.openstreetmap.org/ https://*.mapy.cz/ https://www.google.com/ https://www.google.sk/ https://www.google.cz/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://c.imedia.cz/ https://ssl.gstatic.com/ https://www.gstatic.com/ https://fonts.gstatic.com/; media-src https://*.smartsuppcdn.com 'self' https://www.youtube.com/ https://www.instagram.com/ https://www.facebook.com/ https://twitter.com/ https://twitframe.com/; default-src 'none'; script-src-elem 'nonce-Nh0SNJjvDhIiaP/ESAV+jg==' 'strict-dynamic' 'unsafe-inline' https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'self' 'nonce-Nh0SNJjvDhIiaP/ESAV+jg==' https://scripts.luigisbox.com/ https://scripts.luigisbox.tech/ https://www.googletagmanager.com/ https://gate.gopay.cz/ https://gate.gopay.com/ https://gw.sandbox.gopay.com/; frame-ancestors 'self'; object-src 'self'; form-action 'self' https://www.facebook.com/ https://gate.gopay.cz/ https://gate.gopay.com/ https://gw.sandbox.gopay.com/; manifest-src 'self'; base-uri 'self';  report-uri https://csp.webovy-servis.cz/api/798f42ab59b3cfd1a86143904fd02dd4; 1
connect-src *.visualwebsiteoptimizer.com app.vwo.com https://*.azure.com https://*.doubleclick.net https://*.flagstoneim.com https://*.google.com https://*.heapanalytics.com https://*.hotjar.io https://*.infinigrow.com https://*.shareaholic.com https://*.usercentrics.eu https://api-js.mixpanel.com https://bat.bing.com https://cdn.jsdelivr.net https://flagstoneim.chilipiper.com https://gtm-p4623vq-yzbjn.uc.r.appspot.com https://heapanalytics.com https://px.ads.linkedin.com https://widget.trustpilot.com https://www.facebook.com https://www.google.co.uk https://www.googletagmanager.com 'self' wss://ws.hotjar.com;img-src *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com data: https://*.doubleclick.net https://*.flagstoneim.com https://*.google.com https://*.usercentrics.eu https://analytics.twitter.com https://bat.bing.com https://c5.adalyser.com https://heapanalytics.com https://px.ads.linkedin.com https://t.co https://track.trakkr.ai https://www.facebook.com https://www.google.co.uk https://www.googletagmanager.com https://www.gstatic.com 'self' useruploads.vwo.io;script-src *.visualwebsiteoptimizer.com app.vwo.com cdn.corvidae.ai cdn.pushcrew.com https://*.azure.com https://*.doubleclick.net https://*.flagstoneim.com https://*.google.com https://*.heapanalytics.com https://*.hotjar.com https://*.infinigrow.com https://*.pardot.com https://*.shareaholic.com https://*.usercentrics.eu https://bat.bing.com https://c5.adalyser.com https://cdn.openshareweb.com https://cdn.trakkr.ai https://connect.facebook.net https://djb06171wln95.cloudfront.net https://extend.vimeocdn.com https://fimstaticassets.blob.core.windows.net https://flagstoneim.chilipiper.com https://snap.licdn.com https://static.ads-twitter.com https://view.ceros.com https://widget.trustpilot.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com 'self' 'unsafe-eval' 'unsafe-inline';style-src *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://*.flagstoneim.com https://*.google.com https://cdn.jsdelivr.net https://www.gstatic.com 'self' 'unsafe-inline';frame-src *.visualwebsiteoptimizer.com app.vwo.com https://*.doubleclick.net https://*.google.com https://*.usercentrics.eu https://flagstoneim.chilipiper.com https://gtm-p4623vq-yzbjn.uc.r.appspot.com https://player.vimeo.com https://view.ceros.com https://widget.trustpilot.com https://www.googletagmanager.com https://www.youtube.com 'self';child-src *.visualwebsiteoptimizer.com app.vwo.com;default-src *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://*.flagstoneim.com 'self' useruploads.vwo.io;font-src application/font-woff data: https://*.flagstoneim.com https://cdn.openshareweb.com 'self';worker-src blob: 'self';object-src 'none';manifest-src 'self';media-src 'self';base-uri 'self';frame-ancestors 'self' 1
default-src 'self' http: https:; font-src 'self' https: data:; img-src 'self' http: https: data: blob:; object-src 'none'; connect-src 'self' wss: http: https:; script-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: http: 'unsafe-inline'; worker-src blob:; report-uri https://hlidacky.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-QYB8hlql1CTVrT0cmGXaEw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.tyba.com.co *.gstatic.com *.googleapis.com www.googletagmanager.com www.google.com *.hotjar.com *.licdn.com *.googletapmanager.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.facebook.net *.doubleclick.net *.ads-twitter.com *.segment.com *.leadgenios.net *.appsflyer.com *.clarity.ms *.criteo.com *.google-analytics.com *.tiktok.com *.hs-scripts.com *.leadgenios.net *.g2afse.com leadgenios.net cdnjs.cloudflare.com js.hubspot.com js.hsforms.net *.hsappstatic.net *.onesignal.com *.cdn.onesignal.com onesignal.com i2.wp.com *.quantumcloud.com *.qcld.com *.qcld-wpbot.com *.qchatbox.com 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-ZjZBNvqjPWiK77gkwSChzw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
upgrade-insecure-requests; object-src 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.plyr.io https://cdnjs.cloudflare.com https://code.jquery.com https://go.everstream.ai https://munchkin.marketo.net https://static.addtoany.com https://tag.demandbase.com https://fonts.googleapis.com https://ws-assets.zoominfo.com https://www.googletagmanager.com https://assets.codepen.io https://443-ezw-095.mktoweb.com https://cdn-cookieyes.com https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://boards.greenhouse.io https://snap.licdn.com https://*.googleusercontent.com http://*.googleusercontent.com https://www.youtube.com https://cdn.bizible.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fast.wistia.com; connect-src 'self' https://boards-api.greenhouse.io https://443-ezw-095.mktorest.com https://munchkin.marketo.net https://tag.demandbase.com https://ws-assets.zoominfo.com https://www.googletagmanager.com https://go.everstream.ai https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://yoast.com https://ams.wpml.org https://noembed.com https://cdn.plyr.io https://px.ads.linkedin.com https://content.hotjar.io wss://ws.hotjar.com https://api.company-target.com https://analytics.google.com https://region1.google-analytics.com https://www.google-analytics.com https://tag-logger.demandbase.com https://pagead2.googlesyndication.com https://www.google.com https://stats.g.doubleclick.net https://metrics.hotjar.io https://www.google.ca; frame-src 'self' https://player.vimeo.com https://443-ezw-095.mktoweb.com https://static.addtoany.com https://job-boards.greenhouse.io https://www.youtube.com https://*.googleusercontent.com http://*.googleusercontent.com https://s.company-target.com https://td.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn.plyr.io https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.codepen.io https://cdn-cookieyes.com https://unpkg.com https://443-ezw-095.mktoweb.com https://ams.wpml.org; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' data: https://cdn.plyr.io https://cdnjs.cloudflare.com https://go.everstream.ai https://munchkin.marketo.net https://static.addtoany.com https://tag.demandbase.com https://ws-assets.zoominfo.com https://www.googletagmanager.com https://assets.codepen.io https://cdn-cookieyes.com https://secure.gravatar.com https://*.ytimg.com https://i.ytimg.com https://px.ads.linkedin.com https://cdn.bizible.com https://id.rlcdn.com https://www.google.ca https://www.google.be; worker-src 'self' blob:; report-uri https://o82685.ingest.us.sentry.io/api/4509293955907584/security/?sentry_key=d0bac385543dfe367058e2015e42c128; 1
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src *.certcapture.com https://aws-staging-aeroprecisionusa.smarterspecies.com https://aws-staging-2-aeroprecisionusa.smarterspecies.com/ https://www.aeroprecisionusa.com blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' *.avantlink.com *.certcapture.com *.credova.com www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.publicsquare.com 'self'; form-action 'self' https://enews.aeroprecisionusa.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://cdn.listrakbi.com https://mediacdn.espssl.com *.adobe.com *.certcapture.com https://maxcdn.bootstrapcdn.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://cdn.listrakbi.com https://s1.listrakbi.com https://m1.listrakbi.com https://at1.listrakbi.com https://www.google-analytics.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js.hs-scripts.com https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://f.vimeocdn.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://js.hs-analytics.net https://static.zdassets.com https://widget-mediator.zopim.com/ https://bam-cell.nr-data.net/ https://cdn.quantummetric.com https://plugin.credova.com https://tags.clickagy.com https://tags.clickagy.com/  https://widget.gleamjs.io *.upsellit.com https://upsellit.com https://prod.upsellit.com/ https://bl.listrakbi.com https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/3.3.1/jquery.inputmask.bundle.js assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.certcapture.com https://static.elfsight.com *.credova.com https://js.hs-banner.com https://bat.bing.com https://ekr.zdassets.com https://plugin.credova.com/plugin.min.js https://www.youtube.com *.gettopple.com *.aggle.net cdn.mouseflow.com *.googleapis.com *.gstatic.com *.kaptcha.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://assets.armanet.us https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.publicsquare.com *.basistheory.com *.sitevibes.com sitevibes.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/ *.adobe.com 'self' 'unsafe-inline'; img-src 'self' https://stats.g.doubleclick.net https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bat.bing.com https://bam.nr-data.net https://www.googletagmanager.com https://track.hubspot.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://pippio.com https://d2df4e9l5rljaz.cloudfront.net https://api.delivrabl.net https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://yotpo-editor-production.s3.amazonaws.com https://aa.agkn.com https://sync.crwdcntrl.net https://pixel-sync.sitescout.com https://d.agkn.com https://region1.google-analytics.com https://v2assets.zopim.io  https://js.gleam.io https://upsellit.com https://prod.upsellit.com/ *.upsellit.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com https://files.elfsightcdn.com https://sca1.listrakbi.com https://img.youtube.com https://via.placeholder.com *.gettopple.com *.googleapis.com *.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.publicsquare.com *.sitevibes.com sitevibes.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com https://ssl.kaptcha.com https://hemsync.clickagy.com  https://gleam.io https://upsellit.com https://prod.upsellit.com/ *.upsellit.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.credova.com * https://tst.kaptcha.com www.google.com https://plumrocket.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.publicsquare.com *.basistheory.com *.sitevibes.com sitevibes.com www.xtento.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ https://yotpo-stool.s3.amazonaws.com https://maxcdn.bootstrapcdn.com https://993ecd1fa9.nxcli.io *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.sitevibes.com sitevibes.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api2.authorize.net/ https://js.authorize.net https://jstest.authorize.net https://apitest.authorize.net https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://www.google-analytics.com https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://oc.listrakbi.com/coupon https://enews.aeroprecisionusa.com/ https://aeroprecisionsupport.zendesk.com/ https://aeroprecision-app.quantummetric.com/ https://rl.quantummetric.com/ https://region1.google-analytics.com https://aorta.clickagy.com https://hemsync.clickagy.com https://maps.googleapis.com https://vimeo.com https://upsellit.com https://prod.upsellit.com/ *.upsellit.com https://cdn.listrakbi.com https://bl.listrakbi.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://core.service.elfsight.com *.credova.com https://api2.authorize.net wss://widget-mediator.zopim.com https://onsite-api.listrak.com https://product.listrakbi.com https://stats.g.doubleclick.net https://aeroprecision-app.quantummetric.com https://rl.quantummetric.com https://sandbox-lending-api.credova.com https://lending-api.credova.com *.gettopple.com oirt.aggle.net https://www.stagarms.com *.googleapis.com *.kaptcha.com https://srv.armanet.us https://assets.armanet.us https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.publicsquare.com *.basistheory.com *.launchdarkly.com *.browser-intake-datadoghq.com *.sitevibes.com sitevibes.com 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-H4gZMnSeAIH_krotZvfPOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'sha256-96tAWMQwxNKMxdznhDbMIX9Yqboxwaen2r2/8i+mBR8=' 'self' 'self' https://collect.impressiondigital.com https://bat.bing.com https://ads-twitter.com https://static.ads-twitter.com https://doubleclick.net https://cdn-cookieyes.com https://connect.facebook.net https://posthog.com https://eu.posthog.com https://eu-assets.i.posthog.com https://www.youtube-nocookie.com https://clarity.ms https://y.clarity.ms https://snap.licdn.com https://hsforms.net https://hs-analytics.net https://hs-banner.com https://js-eu1.hs-banner.com https://hs-scripts.com https://js-eu1.hs-scripts.com https://js-eu1.hubspot.com https://usemessages.com https://js-eu1.hs-analytics.net https://js-eu1.hsforms.net https://o377590.ingest.sentry.io https://forms-eu1.hsforms.com https://www.googleadservices.com https://www.google.co.uk https://px.ads.linkedin.com https://*.typekit.net https://t.co https://www.facebook.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; script-src-elem 'self' https://www.youtube.com https://*.clarity.ms https://gateway.impressiondigital.com https://collect.impressiondigital.com https://www.gstatic.com https://js-eu1.hs-banner.com https://cdn-cookieyes.com https://js-eu1.hs-scripts.com https://bat.bing.com https://snap.licdn.com https://static.ads-twitter.com https://eu.posthog.com https://eu-assets.i.posthog.com https://js-eu1.hsforms.net https://js-eu1.hubspot.com https://js-eu1.hs-analytics.net; style-src 'self' https://cdn-cookieyes.com https://fonts.googleapis.com https://*.typekit.net https://www.gstatic.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' https://bat.bing.com https://ads-twitter.com https://doubleclick.net https://ad.doubleclick.net https://connect.facebook.net https://posthog.com https://clarity.ms https://*.clarity.ms https://snap.licdn.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://images.impression.co.uk https://track-eu1.hubspot.com https://perf-eu1.hsforms.com https://forms-eu1.hsforms.com https://www.glassdoor.co.uk https://adservice.google.com https://cdn-cookieyes.com https://analytics.twitter.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://i.ytimg.com https://stape.io https://collect.impressiondigital.com https://cdn.impression.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://gateway.impressiondigital.com https://px.ads.linkedin.com; connect-src 'self' https://o377590.ingest.sentry.io https://www.google-analytics.com https://www.google.co.uk https://clarity.ms https://posthog.com https://eu.posthog.com https://hs-analytics.net https://js-eu1.hs-analytics.net https://usemessages.com https://collect.impressiondigital.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://accounts.google.com https://cta-eu1.hubspot.com https://forms-eu1.hsforms.com https://pagead2.googlesyndication.com https://staging.admin.impressiondigital.com https://admin.impressiondigital.com https://api.teamtailor.com https://eu.i.posthog.com https://log.cookieyes.com https://directory.cookieyes.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://www.googleadservices.com https://bat.bing.com https://bat.bing.net https://sitemap-tool.impression.co.uk https://gateway.impressiondigital.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://pagead2.googlesyndication.com https://google.com https://eu-assets.i.posthog.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://forms-eu1.hsforms.com https://hsforms.net https://collect.impressiondigital.com https://www.googletagmanager.com https://consent.cookieyes.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; require-trusted-types-for 'script'; report-uri https://report.centralcsp.com/68b831ea648355d9060a0089 1
default-src 'self' http://127.0.0.1:8080/ https://*.mrisoftware.com/ https://*.pendo.io/ https:; script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' 'unsafe-inline' https://*.mrisoftware.com/ https://*.pendo.io/ https:; style-src 'self' 'unsafe-inline' https://*.mrisoftware.com/ https://*.pendo.io/ https://cdn.jsdelivr.net/ https:; img-src 'self' https: data:; report-uri /cspendpoint/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qualtrics.com www.google-analytics.com analytics.google.com www.googletagmanager.com/gtag/js *.onpointsuite.ca *.siteintercept.qualtrics.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.0.2/leaflet.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.0.2/leaflet.js cdn.rawgit.com/hayeswise/Leaflet.PointInPolygon/v1.0.0/wise-leaflet-pip.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.6.0/leaflet.js *.facebook.net otf.us16.list-manage.com; script-src-attr 'self' 'unsafe-inline' *.qualtrics.com www.google-analytics.com analytics.google.com www.googletagmanager.com/gtm.js?id=GTM-NFRDMRX www.googletagmanager.com www.googletagmanager.com/gtag/js *.onpointsuite.ca s3.amazonaws.com/downloads.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.0.2/leaflet.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.0.2/leaflet.js cdn.rawgit.com/hayeswise/Leaflet.PointInPolygon/v1.0.0/wise-leaflet-pip.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.6.0/leaflet.js *.facebook.net otf.us16.list-manage.com; script-src-elem 'self' 'unsafe-inline' blob: *.qualtrics.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.googletagmanager.com/gtag/js *.onpointsuite.ca s3.amazonaws.com/downloads.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.2/leaflet.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.0.2/leaflet.js cdn.rawgit.com/hayeswise/Leaflet.PointInPolygon/v1.0.0/wise-leaflet-pip.js cdnjs.cloudflare.com/ajax/libs/leaflet/1.6.0/leaflet.js *.facebook.net otf.us16.list-manage.com; style-src 'self' data: 'unsafe-inline' *.typekit.net cdnjs.cloudflare.com *.googleapis.com www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.2f3WBw8L4SI.L.W.O/am=AAAM/d=0/rs=AN8SPfp0Aw7R6LuNGcvWztc4ZbKYxlauww/m=el_main_css; style-src-attr 'self' data: 'unsafe-inline' *.typekit.net cdnjs.cloudflare.com *.googleapis.com; style-src-elem 'self' data: 'unsafe-inline' *.typekit.net cdnjs.cloudflare.com *.googleapis.com; img-src 'self' data: *.qualtrics.com www.google.ca api.mapbox.com fonts.gstatic.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat stats.g.doubleclick.net; media-src 'self' data:; frame-src 'self' *.qualtrics.com *.googletagmanager.com otf.us16.list-manage.com; font-src 'self' data: *.typekit.net *.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-regular-400.woff cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.svg cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.eot? cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.woff cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-regular-400.ttf cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.ttf cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.woff cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-regular-400.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.ttf https://cdn.scite.ai/assets/fonts/scite-icons/scite-icons.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-regular-400.svg cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.svg cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.eot? cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-regular-400.eot? r2cdn.perplexity.ai/fonts/FKGroteskNeue.woff2 cdn.scite.ai/assets/fonts/scite-icons/scite-icons.ttf?v=5; connect-src 'self' *.qualtrics.com *.analytics.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com geocoder.ca *.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' https://analytics.tiktok.com https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn-4.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cdn.ometria.com https://script.hotjar.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://p.teads.tv https://s.pinimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://widget.trustpilot.com https://www.bing.com https://js.klarna.com https://payments.worldpay.com https://rum-static.pingdom.net https://www.awin1.com https://www.dwin1.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://app.convert.com https://ct.pinterest.com https://no-cdn.convertexperiments.com https://r.bing.com https://apis.google.com https://js.playground.klarna.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.ssl.ak.dynamic.tiles.virtualearth.net https://www.flyingflowers.co.uk https://www.interflora.ie https://www.interflora.co.uk https://www.paypal.com https://static.zdassets.com 'report-sample'; script-src-attr 'self'; script-src-elem 'self' https://cdn-4.convertexperiments.com https://www.paypal.com https://tr.snapchat.com https://atlas.microsoft.com https://static.zdassets.com https://www.googletagmanager.com https://www.dwin1.com https://widget.trustpilot.com https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://s.pinimg.com https://rum-static.pingdom.net https://js.klarna.com https://googleads.g.doubleclick.net https://ct.pinterest.com https://connect.facebook.net https://cdn.ometria.com https://cdn.debugbear.com https://cdn.cookielaw.org https://bat.bing.com https://analytics.tiktok.com https://payments.worldpay.com; connect-src 'self' https://hpp.worldpay.com https://tr.snapchat.com https://tr6.snapchat.com https://*.metrics.convertexperiments.com https://ekr.zdassets.com https://ad.doubleclick.net https://analytics.tiktok.com https://ask.hotjar.io https://bat.bing.com https://cdn-3.convertexperiments.com https://cdn.cookielaw.org https://cdn.debugbear.com https://cm.teads.tv https://content.hotjar.io https://ct.pinterest.com https://data.debugbear.com https://googleads.g.doubleclick.net https://in.hotjar.com https://insights.algolia.io https://l.teads.tv https://logs.convertexperiments.com https://metrics.hotjar.io https://msn7pvpzhu-1.algolianet.com https://msn7pvpzhu-2.algolianet.com https://msn7pvpzhu-3.algolianet.com https://msn7pvpzhu-dsn.algolia.net https://stats.g.doubleclick.net https://surveystats.hotjar.io https://t.teads.tv https://trk.ometria.com https://unpkg.com https://vc.hotjar.io https://widget.trustpilot.com wss://ws.hotjar.com https://www.bing.com https://www.facebook.com https://media.interflora.co.uk https://apis.google.com https://cdn.ometria.com https://geolocation.onetrust.com https://payments.worldpay.com https://privacyportal-eu.onetrust.com https://rum-collector-2.pingdom.net https://rum-static.pingdom.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://uksouth-0.in.applicationinsights.azure.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://o4506853695881216.ingest.us.sentry.io https://*.playground.klarnaevt.com https://adservice.google.com https://cdn-4.convertexperiments.com https://connect.facebook.net https://js.klarna.com https://js.playground.klarna.com https://oc.klarnaevt.com https://eu.klarnaevt.com https://region1.analytics.google.com https://analytics.google.com https://api.edq.com https://bat.bing.net https://dev.virtualearth.net https://translate.googleapis.com https://translate-pa.googleapis.com https://www.google.co.uk https://na.klarnaevt.com https://atlas.microsoft.com https://na.klarnaevt.com https://www.interflora.ie https://www.flyingflowers.co.uk https://dc.services.visualstudio.com https://www.awin1.com https://www.googleadservices.com https://wepowerconnections.com https://fonts.gstatic.com https://google.com https://www.paypal.com https://analytics-ipv6.tiktokw.us https://www.sandbox.paypal.com https://cdn.media.amplience.net https://o24547.ingest.sentry.io; style-src 'self' 'unsafe-inline'; frame-src 'self' https://tr.snapchat.com https://*.fls.doubleclick.net https://match.adsrvr.org https://ct.pinterest.com https://hpp.worldpay.com https://js.klarna.com https://payments.worldpay.com https://td.doubleclick.net https://widget.trustpilot.com https://www.awin1.com https://www.facebook.com https://js.klarna.com https://pay.klarna.com https://www.paypal.com https://www.googletagmanager.com https://www.sandbox.paypal.com; img-src 'self' data: https://www.interflora.co.uk https://media.interflora.co.uk https://ad.doubleclick.net https://analytics.tiktok.com https://bat.bing.com https://cdn.cookielaw.org https://cm.teads.tv https://connect.facebook.net https://googleads.g.doubleclick.net https://l.teads.tv https://stats.g.doubleclick.net https://t.teads.tv https://trk.ometria.com https://www.awin1.com https://www.bing.com https://www.facebook.com https://logs.convertexperiments.com https://adservice.google.com https://media.flyingflowers.co.uk https://translate.google.com https://www.flyingflowers.co.uk https://www.googletagmanager.com https://t.ssl.ak.dynamic.tiles.virtualearth.net https://interflora.a.bigcontent.io https://ade.googlesyndication.com https://www.wepowerconnections.com https://eu.fareye.co https://cdn.media.amplience.net https://media.interflora.ie https://www.interflora.ie https://fonts.gstatic.com https://www.google.co.uk https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.net https://analytics-ipv6.tiktokw.us https://google.com https://www.googleadservices.com; form-action 'self' https://payments.worldpay.com; worker-src 'self'; report-uri https://flyingflowers.report-uri.com/r/t/csp/reportOnly;  1
default-src 'self'; base-uri 'self'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com https://www.googletagmanager.com https://*.firebasedatabase.app; script-src-elem 'self' https://js.stripe.com https://*.stream-io-api.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com https://apis.google.com https://*.firebasedatabase.app https://static.cloudflareinsights.com; connect-src 'self' https://*.sentry.io https://api.gamerprofiles.com https://api.staging.gamerprofiles.com https://consentcdn.cookiebot.com wss://*.stream-io-api.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://storage.googleapis.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com wss://*.firebasedatabase.app https://gp-db1-prod.europe-west1.firebasedatabase.app https://firebaselogging-pa.googleapis.com ; child-src 'self'; worker-src 'self'; frame-src 'self' https://player.twitch.tv https://td.doubleclick.net https://js.stripe.com https://gp-vpc-host-prod-302509.firebaseapp.com https://*.firebasedatabase.app https://auth.gamerprofiles.com https://consentcdn.cookiebot.com https://www.youtube-nocookie.com/ https://www.tiktok.com ; style-src 'self' 'unsafe-inline' *.gamerprofiles.com; media-src 'self' blob: *.gamerprofiles.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.gamerprofiles.com blob: data: https:; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://fonts.gamerprofiles.com; report-uri https://o4504750872920064.ingest.sentry.io/api/4505188474028032/security/?sentry_key=31ed91db89c7497583e8981442d7cf70 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * consentcdn.cookiebot.com consentcdn.cookiebot.eu 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com imgsct.cookiebot.com imgsct.cookiebot.eu blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com 'unsafe-inline' https://matomo.gpseo.fr.stratis.pro/; script-src-attr 'self'; script-src-elem 'self' cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-UvjkEgnY5w4pCvUW4To7mQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com static.lipscore.com *.fontawesome.com https://fonts.bunny.net www.dartington.co.uk s3-eu-west-1.amazonaws.com static.olark.com static.klaviyo.com script.hotjar.com www.dropbox.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.bglobale.com *.global-e.com js.mollie.com m.stripe.network streamable.com lightwidget.com www.mainadv.com ban.tangooserver.com td.doubleclick.net www.googletagmanager.com webservices.global-e.com www.google.com pay.google.com www.paypalobjects.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com static.olark.com g3d-app.com *.wufoo.com www.facebook.com *.googletagmanager.com marketing.dartington.co.uk *.sharethis.com *.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.dycdn.net *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com static.lipscore.com blob: img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com www.gstatic.com www.dartington.co.uk cdn-cf-east.streamable.com statics.streamable.com bat.bing.com www.google.co.uk gepi.global-e.com sync.crwdcntrl.net dsum-sec.casalemedia.com d3k81ch9hvuctc.cloudfront.net l.sharethis.com platform-cdn.sharethis.com region1.analytics.google.com services.postcodeanywhere.co.uk static.afterpay.com www.xtento.com cdn.xtento.com log.olark.com utils.global-e.com www.facebook.com connect.facebook.net *.segmentify.com *.shipup.co s3-eu-west-1.amazonaws.com *.lipscore.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com static.lipscore.com s7.addthis.com *.avada.io js.mollie.com www.gstatic.com www.google.com static-tracking.klaviyo.com www.dartington.co.uk js.klevu.com app.termly.io cdn.lightwidget.com grid.shopbox.ai static.klaviyo.com gepi.global-e.com widget.shopbox.ai web.global-e.com bat.bing.com shopbox-widgets-storybook.pages.dev utt.impactcdn.com darti11115.pcapredict.com cdn.embed.ly v.embed-cdn.com webservices.global-e.com cdn.tangooserver.com m.stripe.network platform-api.sharethis.com js.afterpay.com buttons-config.sharethis.com ban.tangooserver.com pay.google.com services.postcodeanywhere.co.uk portal.afterpay.com cdn.hub-box.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com ajax.googleapis.com api.olark.com cdn.segmentify.com *.pcapredict.com s.stripe.com *.postcodeanywhere.co.uk static.olark.com cdn.sgmntfy.com *.run.app *.shipup.co portal.clearpay.co.uk openfpcdn.io *.shopbox.ai *.lipscore.com *.sharethis.com *.playground.klarna.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net *.bglobale.com *.global-e.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com static.lipscore.com *.fontawesome.com https://fonts.bunny.net www.gstatic.com static-tracking.klaviyo.com www.dartington.co.uk gepi.global-e.com statics.streamable.com static.klaviyo.com services.postcodeanywhere.co.uk tagmanager.google.com cdn.segmentify.com *.googletagmanager.com *.shipup.co *.lipscore.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://the.sciencebehindecommerce.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com wapi.lipscore.com users.lipscore.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.dartington.co.uk statsjs.klevu.com klaviyo.klevu.com app.termly.io fast.a.klaviyo.com static-forms.klaviyo.com backend.shopbox.ai storage.googleapis.com event-service-jtdpxp3bfa-ew.a.run.app a.klaviyo.com m.stripe.com l.sharethis.com r.stripe.com merchant-ui-api.stripe.com play.google.com pay.google.com services.postcodeanywhere.co.uk api.stripe.com portal.clearpay.co.uk pagead2.googlesyndication.com dartingtoncrystal.pxf.io https://www.google-analytics.com bat.bing.com *.segmentify.com knrpc.olark.com *.run.app *.hotjar.com *.hotjar.io ws.hotjar.com *.googlesyndication.com *.g.doubleclick.net *.shipup.co *.bglobale.com *.lipscore.com *.crwdcntrl.net *.sharethis.com *.global-e.com *.playground.klarna.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src www.dartington.co.uk bat.bing.com pagead2.googlesyndication.com googleads.g.doubleclick.net dartingtoncrystal.pxf.io socket.streamable.com google.com r.stripe.com www.google.com *.lipscore.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com  https://images.wegmans.com https://s7d1.scene7.com https://hello.myfonts.net https://dok.js-cdn.dynatrace.com https://cm.everesttech.net https://www.google.com https://ct.pinterest.com https://px.ads.linkedin.com https://www.facebook.com https://connect.facebook.net https://googleads.g.doubleclick.net *.adobedc.com https://di.rlcdn.com https://s.pinimg.com https://snap.licdn.com ; connect-src data: https://meals2go.cert.wegmans.cloud https://meals2go.dev.wegmans.cloud https://meals2go.test.wegmans.cloud *.livediagnostics.monitor.azure.com *.applicationinsights.azure.com https://images.wegmans.com https://meals2go.wegmans.com https://www.meals2go.com https://meals2go.com https://wfm-cmp-functionapp-prod-eastus.azurewebsites.net https://wfm-cmp-functionapp-cert-eastus.azurewebsites.net https://wfm-cmp-functionapp-dev-eastus.azurewebsites.net https://wfm-cmp-functionapp-sandbox-eastus.azurewebsites.net https://*.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://google.com https://www.google.com https://myaccount.wegmans.com https://stagingmyaccount.wegmans.com https://wegapi.azure-api.net https://wegdevapi.azure-api.net https://wegcertapi.azure-api.net https://*.digitaldevelopment.wegmans.cloud https://mbox.wegmans.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.akstat.io https://*.go-mpulse.net https://dc.services.visualstudio.com https://dpm.demdex.net https://adobedc.demdex.net https://edge.adobedc.net https://clientstream.launchdarkly.com https://js.monitor.azure.com https://s.pinimg.com  https://ct.pinterest.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://*.bf.dynatrace.com https://www.googleadservices.com https://dok.js-cdn.dynatrace.com https://cm.everesttech.net https://www.googletagmanager.com https://fonts.gstatic.com https://connect.facebook.net https://hello.myfonts.net https://s7d1.scene7.com https://beacon.riskified.com https://c.riskified.com https://*.ingest.us.sentry.io; script-src 'self' 'unsafe-inline' https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://myaccount.wegmans.com https://*.go-mpulse.net https://cm.everesttech.net https://px.ads.linkedin.com https://s.pinimg.com https://googleads.g.doubleclick.net https://www.google.com  https://hello.myfonts.net https://di.rlcdn.com https://connect.facebook.net px.ads.linkedin.com ; script-src-elem 'self' 'unsafe-inline' data: https://images.wegmans.com https://myaccount.wegmans.com https://wfm-cmp-functionapp-prod-eastus.azurewebsites.net https://wfm-cmp-functionapp-cert-eastus.azurewebsites.net https://wfm-cmp-functionapp-dev-eastus.azurewebsites.net https://wfm-cmp-functionapp-sandbox-eastus.azurewebsites.net https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://dok.js-cdn.dynatrace.com https://*.go-mpulse.net https://*.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://cm.everesttech.net px.ads.linkedin.com https://px.ads.linkedin.com https://ct.pinterest.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com *.adobedc.com https://assets.adobedtm.com https://di.rlcdn.com https://s.pinimg.com https://snap.licdn.com https://fonts.gstatic.com https://dpm.demdex.net https://hello.myfonts.net https://s7d1.scene7.com https://cdn.cookielaw.org https://beacon.riskified.com; img-src 'self' data: https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://myaccount.wegmans.com https://images.wegmans.com https://images.salsify.com https://cdn.cookielaw.org https://*.akstat.io https://img.riskified.com https://d19hn3jcfcdeky.cloudfront.net https://d17qf54098xvyo.cloudfront.net *.adobedc.com https://di.rlcdn.com https://s.pinimg.com https://ct.pinterest.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.linkedin.com https://www.googletagmanager.com https://s7d1.scene7.com https://cm.everesttech.net https://www.google.com https://www.facebook.com px.ads.linkedin.com https://px.ads.linkedin.com https://dok.js-cdn.dynatrace.com https://fonts.gstatic.com https://dpm.demdex.net https://hello.myfonts.net https://connect.facebook.net https://snap.licdn.com; frame-src 'self' data: https://images.wegmans.com https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://myaccount.wegmans.com https://stagingmyaccount.wegmans.com *.adobedc.com https://login.microsoftonline.com *.aurusepay.com *.auruspay.com https://0324.semafone.cloud https://0324.preprod.semafone.cloud https://di.rlcdn.com https://s.pinimg.com https://connect.facebook.net https://ct.pinterest.com https://wegmans.demdex.net https://snap.licdn.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://dok.js-cdn.dynatrace.com https://cm.everesttech.net https://px.ads.linkedin.com https://fonts.gstatic.com  https://www.google.com https://www.facebook.com https://hello.myfonts.net https://s7d1.scene7.com ; style-src-elem 'self' 'unsafe-inline' https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://px.ads.linkedin.com https://hello.myfonts.net; font-src 'self' data: https://meals2go.com https://meals2go.wegmans.com https://www.meals2go.com https://dok.js-cdn.dynatrace.com https://cm.everesttech.net https://www.google.com https://fonts.gstatic.com ; worker-src 'self' blob: ; frame-ancestors 'self' https://googleads.g.doubleclick.net https://td.doubleclick.net ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.stape.io *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com https://widgets.trustedshops.com userlike-cdn-umm.b-cdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com https://saphtmlphtmlviewer.sap.com paies2.de.elringklinger.org:44330 cits3.de.elringklinger.org:44369 cips2.de.elringklinger.org:44363 impact.freudenberg.de *.group.pfeifer.tld *.eu.net.dana.com:1443 *.eu.net.dana.com:8001 mpg-connection-test.subseq.net 'self' 'unsafe-inline'; frame-ancestors *.eu.net.dana.com:1443 *.eu.net.dana.com:8001 mpg-connection-test.subseq.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com https://saphtmlphtmlviewer.sap.com impact.freudenberg.de *.group.pfeifer.tld *.eu.net.dana.com:1443 *.eu.net.dana.com:8001 mpg-connection-test.subseq.net *.usercentrics.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cloudfront.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com www.google.de *.googlesyndication.com riegler.de www.riegler.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.userlike.com *.leadlab.click 'self' data: *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.shopify.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.google.com www.google.de *.googlesyndication.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.leadlab.click *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://saphtmlphtmlviewer.sap.com paies2.de.elringklinger.org:44330 cits3.de.elringklinger.org:44369 cips2.de.elringklinger.org:44363 impact.freudenberg.de *.group.pfeifer.tld *.eu.net.dana.com:1443 *.eu.net.dana.com:8001 mpg-connection-test.subseq.net t.elasticsuite.io *.hsforms.net *.hsforms.com www.google.com www.google.de *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com *.leadlab.click *.usercentrics.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.riegler.de/de/de/pr-csp/report/add/; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com planetazenok.com zenok.66ecommerce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com planetazenok.com zenok.66ecommerce.com static.whatsapp.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com planetazenok.com zenok.66ecommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com planetazenok.com d1758cn8v20huy.cloudfront.net zenok.66ecommerce.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com planetazenok.com zenok.66ecommerce.com static.whatsapp.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com planetazenok.com zenok.66ecommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.certcapture.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com *.fontawesome.com *.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.certcapture.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3UelNXFLjqro16Ot-rMKUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com;script-src 'self' 'unsafe-inline' vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com fontawesome.com *.fontawesome.com jquery.com *.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com stripe.com *.stripe.com googletagmanager.com *.googletagmanager.com ajax.aspnetcdn.com cdn3.devexpress.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com browser-update.org *.browser-update.org unpkg.com *.unpkg.com js.monitor.azure.com *.google.com *.inspectlet.com *.hs-scripts.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.hs-banner.com snap.licdn.com *.g.doubleclick.net *.hsadspixel.net;style-src 'self' 'unsafe-inline' vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com fontawesome.com *.fontawesome.com jquery.com *.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com stripe.com *.stripe.com googletagmanager.com *.googletagmanager.com ajax.aspnetcdn.com cdn3.devexpress.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com browser-update.org *.browser-update.org unpkg.com *.unpkg.com *.google.com browser-intake-datadoghq.com;connect-src 'self' vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com google-analytics.com www.google-analytics.com *.applicationinsights.azure.com fontawesome.com *.fontawesome.com googleapis.com *.googleapis.com js.monitor.azure.com *.inspectlet.com wss://*.inspectlet.com *.hubapi.com *.hubspot.com *.google.com forms.hscollectedforms.net *.linkedin.com;font-src 'self' vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com fontawesome.com *.fontawesome.com jquery.com *.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com stripe.com *.stripe.com googletagmanager.com *.googletagmanager.com ajax.aspnetcdn.com cdn3.devexpress.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com browser-update.org *.browser-update.org unpkg.com *.unpkg.com;img-src 'self' data: vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com stripe.com *.stripe.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com *.googletagmanager.com *.inspectlet.com browser-update.org *.browser-update.org google-analytics.com www.google-analytics.com *.hsforms.com *.hubspot.com *.linkedin.com *.google.com;media-src 'self' data: vrmproperties.com *.vrmproperties.com vrmco.com *.vrmco.com stripe.com *.stripe.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com;frame-src 'self' vrmproperties.com *.vrmproperties.com stripe.com *.stripe.com https://www.google.com *.elf.site *.googletagmanager.com td.doubleclick.net;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf8efd5a55f319bb301802ad5204f8c81&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cservice%3Avrmproperties.com 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.jquery.com https://*.googletagmanager.com https://*.hubspot.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hsforms.com https://*.consentmanager.net https://*.clarity.ms https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.hubspot.com https://*.consentmanager.net; img-src 'self' data: https: https://*.bing.com https://*.linkedin.com https://*.licdn.com https://*.doubleclick.net https://*.hubspot.com; font-src 'self' data: https://*.hubspot.com https://*.consentmanager.net; connect-src 'self' https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.hs-analytics.net https://*.hubspot.com https://*.linkedin.com; frame-src 'self' https://*.youtube.com https://*.hubspot.com https://*.doubleclick.net https://*.consentmanager.net https://*.linkedin.com https://*.google.com https://*.google.nl; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com https://oct8necdneu.azureedge.net *.fontawesome.com *.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ https://www.google.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://oct8necdneu.azureedge.net https://www.google.com https://www.google.es *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdn.doofinder.com https://eu1-search.doofinder.com http://cdn.doofinder.com http://eu1-search.doofinder.com https://www.googletagmanager.com https://chimpstatic.com https://static-eu.oct8ne.com https://maxcdn.bootstrapcdn.com s7.addthis.com *.oct8ne.com *.cookiepro.com *.cookiepro.com.cdn.cloudflare.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://maxcdn.bootstrapcdn.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://eu1-search.doofinder.com http://eu1-search.doofinder.com https://frontal-eu.oct8ne.com https://www.google-analytics.com https://stats.g.doubleclick.net ekr.zdassets.com/ *.oct8ne.com *.cookiepro.com *.cookiepro.com.cdn.cloudflare.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://downloads-global.3cx.com *.cloudflare.com *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp https://downloads-global.3cx.com https://intercomp.3cx.eu:5001 *.googleapis.com 'self' data: *.onesignal.com onesignal.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdnjs.cloudflare.com https://downloads-global.3cx.com https://intercomp.3cx.eu:5001 *.googleapis.com *.onesignal.com onesignal.com s7.addthis.com https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdnjs.cloudflare.com https://downloads-global.3cx.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.onesignal.com onesignal.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://intercomp.3cx.eu:5001 https://downloads-global.3cx.com *.googleapis.com *.onesignal.com onesignal.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com/_/translate_http/ https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css; connect-src 'self' ws://localhost:3000 https://shop-api.kfm-motorraeder.de https://webhook.kfm-motorraeder.de https://translate.googleapis.com https://shops-si.trustedshops.com https://api.trustedshops.com https://widgets.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://payments-eu.amazon.com https://payments.amazon.de https://*.kaspersky-labs.com wss://*.kaspersky-labs.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://widgets.trustedshops.com https://static-eu.payments-amazon.com; img-src 'self' data: https://www.kfm-motorraeder.de https://img.kfm-motorraeder.de https://widgets.trustedshops.com https://translate.google.com https://translate.googleapis.com https://fonts.gstatic.com/s/i/ https://www.gstatic.com/images/ https://yastatic.net https://m.media-amazon.com/images/ https://static-eu.payments-amazon.com/assets/; font-src 'self' data: https://fonts.gstatic.com https://github.com/google/fonts/; object-src 'none'; report-uri https://webhook.kfm-motorraeder.de/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-sMClt0o707AVP7HaqmGRxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline'; font-src *.itemis.com fonts.gstatic.com cdnjs.cloudflare.com data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-01a465b5911828ae3dfdef68f266a0c3-argus' 'strict-dynamic'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://a.quora.com https://connect.facebook.net https://mc.yandex.ru https://bat.bing.com https://static.ads-twitter.com https://www.redditstatic.com https://top-fwz1.mail.ru https://www.clarity.ms https://analytics.tiktok.com https://telegram.org https://googleads.g.doubleclick.net https://vk.com https://www.clarity.ms https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://widget.intercom.io; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https: https://a.quora.com https://c.admetr.ru https://mc.yandex.ru https://vk.com https://q.quora.com https://www.google.ru; connect-src 'self' https: wss: https://api-iam.intercom.io https://analytics.google.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://sc-static.net https://widget.intercom.io https://dolphin-anty.net dolphin-anty.net https://telegram.org https://www.google.com https://stats.g.doubleclick.net; font-src 'self' data: https:; object-src 'none'; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://widget.intercom.io; frame-ancestors 'none'; base-uri 'self'; worker-src 'self' blob:; form-action 'self'; upgrade-insecure-requests; report-uri https://dolphin-anty.net/csp_report.php; 1
object-src  'none'; connect-src 'self' *.mommysgirl.com *.girlsway.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.mommysgirl.com *.girlsway.com join.gammasecure.com; script-src 'self' *.mommysgirl.com *.girlsway.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.mommysgirl.com *.girlsway.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com applepay.cdn-apple.com *.fontawesome.com https://*.doofinder.com https://*.clerk.io https://*.google.com https://meetanshi.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * https://*.paypalobjects.com https://*.google.com https://meetanshi.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.gstatic.com pay.google.com applepay.cdn-apple.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.doofinder.com https://*.clerk.io https://*.google.com https://meetanshi.com https://admin.abc.sm https://softandsoft.it https://www.facebook.com https://ecommerce.nexi.it www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com pay.google.com applepay.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.doofinder.com https://*.clerk.io https://*.google.com https://meetanshi.com https://nc.admin.abc.sm https://v2.zopim.com https://connect.facebook.net https://static.zdassets.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com assets.braintreegateway.com https://*.doofinder.com https://*.clerk.io https://*.google.com https://meetanshi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.doofinder.com https://*.clerk.io https://*.google.com https://meetanshi.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com pay.google.com applepay.cdn-apple.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://*.doofinder.com wss://*.doofinder.com https://*.clerk.io wss://*.clerk.io https://*.google.com wss://*.google.com https://www.safarasoftair.com wss://www.safarasoftair.com https://meetanshi.com wss://meetanshi.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://softsoft.zendesk.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com 'self' data: https://surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: https://agentcore.s3.amazonaws.com https://www.google.com.ar https://c.clarity.ms https://c.bing.com https://www.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com https://www.google.com.ar *.gstatic.com https://maps.googleapis.com https://cdn.agentbot.net https://agentcore.s3.amazonaws.com https://www.googleoptimize.com https://www.clarity.ms https://survey.survicate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com cdn.dnky.co *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://agentcore.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com maps.googleapis.com api.comapi.com bam.nr-data.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.cookielaw.org https://stats.g.doubleclick.net https://adapter.aivo.co https://i.clarity.ms https://f.clarity.ms https://www.mercadopago.com.mx https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; base-uri 'self'; manifest-src 'self'; report-to: default; report-uri https://07fd.report-uri.com/r/d/csp/reportOnly 1
img-src https://higherlogicdownload.s3.amazonaws.com/AWB/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AWB/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogiclongterm.s3.amazonaws.com/AWB/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicstream.s3.amazonaws.com/AWB/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com assets.myparcel.nl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.com *.googleadservices.com www.google.ad www.google.ae www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.by www.google.ca www.google.cd www.google.ch www.google.cl www.google.cm www.google.co.cr www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.cv www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tm www.google.tn *.google.com *.openstreetmap.fr s3.amazonaws.com *.taggrs.io *.treasurejuwelier.nl treasurejuwelier.nl data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://chimpstatic.com *.bing.com *.clarity.ms *.cookiebot.com *.fullstory.com *.hotjar.com *.marker.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.multisafepay.com cdnjs.cloudflare.com assets.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com api.myparcel.nl api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.bing.com *.bing.net *.clarity.ms *.contentsquare.net *.cookiebot.com *.googleadservices.com www.google.nl *.hotjar.com *.hotjar.io *.marker.io s3.eu-west-1.amazonaws.com *.samsung.com *.treasurejuwelier.nl 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a717a566-b317-4973-bbbe-bb61b5876afa.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-P_GC832h69cXbDSatPTQEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.mommysboy.com *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.mommysboy.com *.adulttime.com join.gammasecure.com; script-src 'self' *.mommysboy.com *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.mommysboy.com *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://firebasestorage.googleapis.com https://maps.omnivasiunta.lt crystals.co.uk i.crystalidea.shop maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io https://unpkg.com https://static.cloudflareinsights.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * https://get.geojs.io *.avada.io https://geocode.arcgis.com https://cloudflareinsights.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.paytrace.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://meetanshi.com/media/logo.png fmgaggi.com images.simpletire.com rs.fullstory.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com *.paytrace.com hotjar.com fmgaggi.com simpletire.com edge.fullstory.com rs.fullstory.com cdn.rudderlabs.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com simpletire.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com fmgaggi.com static.hotjar.com simpletire.com affiliate.simpletire.com edge.fullstory.com rs.fullstory.com api.rudderstack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cookiebot.com https://*.cloudflareinsights.com https://trackcmp.net https://*.hotjar.com https://script.hotjar.com https://cdn.mxpnl.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https: blob:; connect-src 'self' https://*.thethirdwave.co https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.cookiebot.com https://*.hotjar.com https://*.mixpanel.com https://*.facebook.com https://connect.facebook.net; frame-src 'self' https://www.google.com https://www.youtube.com https://*.cookiebot.com https://*.hotjar.com https://*.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-OqBIO_OcpcLMGyfa_4p6xA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: blob:;         script-src 'self' https: 'unsafe-inline' 'unsafe-eval' yandex.net *.yandex.net yandex.ru *.yandex.ru yadro.ru *.yadro.ru clarity.ms *.clarity.ms youtube.com *.youtube.com googleusercontent.com *.googleusercontent.com yastatic.net *.yastatic.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.codepen.io;         img-src 'self' data: https: yandex.net *.yandex.net yandex.ru *.yandex.ru youtube.com *.youtube.com googleusercontent.com *.googleusercontent.com yastatic.net *.yastatic.net;         style-src 'self' https: 'unsafe-inline';         font-src 'self' https: data:;         connect-src 'self' https: yandex.net *.yandex.net yandex.ru *.yandex.ru clarity.ms *.clarity.ms google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com yastatic.net *.yastatic.net;         frame-src 'self' https: youtube.com *.youtube.com;         frame-ancestors 'self';         report-uri https://www.internet-technologies.ru/csp-report/; 1
object-src 'none';base-uri 'self';script-src 'nonce-27PSxMV87-BltfnbhEINBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' https://bitrix.info blob: 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://m.youtube.com chrome-extension: https://www.youtube.com https://dl.metabar.ru https://player.twitch.tv https://mc.yandex.ru https://div.show https://acestream.tv https://emet.news https://emet.live https://loader.media; object-src 'self'; report-uri /cspreportonly; 1
object-src 'none';base-uri 'self';script-src 'nonce-MQ4VZZLm0qsMogHes9CFuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g-jm_iaMaP98YsdTOUTc6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'nonce-mZXrVJcjTb6Se5HWE7IT2auRhkoOjMX1YAaXRyw9lNa178GzlKLfMQ' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob: https://*.googletagmanager.com https://*.google-analytics.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.ggpht.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.google.com https://*.doubleclick.net https://*.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' 'nonce-mZXrVJcjTb6Se5HWE7IT2auRhkoOjMX1YAaXRyw9lNa178GzlKLfMQ' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; report-uri https://www.socialistinternational.org/@http-reporting?csp=report&requestTime=1773710821934369&requestHash=c3b706400712051aaaa6f5d7c66c09c91a259828 1
object-src 'none'; script-src 'self' https://cdn.sitesearch360.com; script-src-attr 'self'; script-src-elem 'self' 'sha256-VtLbptTCSm3jeSvRUzB+CPBwTSsB9AakwFfXzfB5KIM=' 'sha256-411iMeKYRcpnk4P7Na9t7S/SUktppQzhlV7IkHhi2Rw=' 'sha256-9lWMZ1pgATx8xxlVGk200wyBPXM8GxvQog50vlC2lSQ=' 'sha256-vmNnZKz6MgH48IL/LiVkksCqgQKan2DM7cM/4uDsVhI=' 'sha256-ScFWj1a+rvHUYn0mrNrFJp8cnHPz35rnIkArZGFSmQ8=' 'sha256-7ETVW78hOgJGElH075ZGRkxh05uWg10+g+hUKE4ykEA=' https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://snap.licdn.com https://js.zi-scripts.com https://cdn.sitesearch360.com; style-src 'self' https://use.typekit.net 'unsafe-inline'; style-src-attr 'self'; style-src-elem 'self' https://p.typekit.net https://use.typekit.net 'unsafe-inline'; frame-ancestors 'self'; report-uri https://radisys.com/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-2tOyNOrUSLtEdvqKRlSBrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://*.adtrafficquality.google; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.google.com https://*.google.fr https://*.googletagmanager.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.ytimg.com https://*.ebayimg.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.google.com https://*.google.fr https://*.googletagmanager.com https://*.googlesyndication.com https://*.g.doubleclick.net https://*.adtrafficquality.google https://*.ebayimg.com; frame-ancestors 'none'; frame-src 'self' https://*.google.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.youtube.com; child-src 'self' https://*.google.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.youtube.com; base-uri 'self'; form-action 'self' 1
style-src-elem *.bazaarvoice.com www.ovedecors.com fonts.googleapis.com www.gstatic.com platform.illow.io maxcdn.bootstrapcdn.com *.kaspersky-labs.com about: 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem static.addtoany.com ws1.postescanada-canadapost.ca maps.googleapis.com translate.google.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com www.ovedecors.com *.bazaarvoice.com connect.facebook.net mpsnare.iesnare.com polyfill.io *.zopim.com static.zdassets.com *.algolianet.com *.algolia.net www.google.com www.google.ca googleads.g.doubleclick.net static.klaviyo.com static-tracking.klaviyo.com static.hotjar.com script.hotjar.com *.helpscout.net platform.illow.io chimpstatic.com *.moneris.com *.gstatic.com *.kaspersky-labs.com www.pagespeed-mod.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: maxcdn.bootstrapcdn.com platform.illow.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com ca.indeed.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors moneris.com gatewayt.moneris.com gateway.moneris.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.googletagmanager.com static.addtoany.com www.facebook.com moneris.com gatewayt.moneris.com gateway.moneris.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com www.google.com vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.bird.eu www.facebook.com network.bazaarvoice.com photos-us.bazaarvoice.com photos-eu.bazaarvoice.com c6.ugc.bazaarvoice.com s3.amazonaws.com maps.googleapis.com www.gstatic.com fonts.gstatic.com maps.gstatic.com translate.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com 'self' data: www.xtento.com cdn.xtento.com *.g.doubleclick.net www.google.* www.google.co.* www.google.com.* *.huffpost.com yupik.com *.google-analytics.com about: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com ws1.postescanada-canadapost.ca *.algolianet.com *.algolia.net connect.facebook.net v2.zopim.com static.zdassets.com static.addtoany.com maps.googleapis.com moneris.com gatewayt.moneris.com gateway.moneris.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com graph.facebook.com business.facebook.com *.google.com www.xtento.com cdn.xtento.com www.google.com www.google.ca www.gstatic.com https://static-tracking.klaviyo.com static.hotjar.com script.hotjar.com platform.illow.io *.helpscout.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com www.ovedecors.com apps.bazaarvoice.com www.gstatic.com moneris.com gatewayt.moneris.com gateway.moneris.com *.fontawesome.com https://static.klaviyo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com platform.illow.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://ws1.postescanada-canadapost.ca ekr.zdassets.com wss://widget-mediator.zopim.com *.google-analytics.com stats.g.doubleclick.net www.facebook.com maps.googleapis.com http://ip-api.com *.algolianet.com stats.addtoany.com translate.googleapis.com moneris.com gatewayt.moneris.com gateway.moneris.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.cloudfront.net platform.illow.io api.platform.illow.io www.google.* *.helpscout.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.bootstrapcdn.com *.braintreegateway.com *.cloudflare.com *.cloudmaestro.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.livechatinc.com *.paypal.com *.tealiumiq.com *.twpinc.com bam.nr-data.net chimpstatic.com connect.facebook.net ct.pinterest.com js-agent.newrelic.com payments.braintree-api.com *.sitescout.com s.pinimg.com script.crazyegg.com tags.tiqcdn.com www.facebook.com www.google-analytics.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.google.com *.dotdigital-pages.com *.dotdigital.com *.braintreegateway.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.hotjar.com *.livechatinc.com *.paypal.com *.tealiumiq.com *.twpinc.com bam.nr-data.net chimpstatic.com connect.facebook.net ct.pinterest.com js-agent.newrelic.com payments.braintree-api.com *.sitescout.com s.pinimg.com script.crazyegg.com tags.tiqcdn.com www.facebook.com www.google-analytics.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.bootstrapcdn.com *.braintreegateway.com *.cloudmaestro.com *.doubleclick.net *.godaddy.com *.google.com *.gstatic.com *.hotjar.com *.livechatinc.com *.paypal.com *.tealiumiq.com *.twpinc.com bam.nr-data.net chimpstatic.com connect.facebook.net ct.pinterest.com d10lpsik1i8c69.cloudfront.net js-agent.newrelic.com payments.braintree-api.com *.sitescout.com s.pinimg.com script.crazyegg.com tags.tiqcdn.com www.facebook.com www.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com *.facebook.com *.reddit.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cookie-script.com *.addtoany.com *.bootstrapcdn.com *.braintreegateway.com *.cloudflare.com *.cloudmaestro.com *.crazyegg.com *.ctctcdn.com *.doubleclick.net *.facebook.com *.fontawesome.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.ipdata.co *.kaptcha.com *.klaviyo.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com *.tealiumiq.com *.twpinc.com connect.facebook.net d10lpsik1i8c69.cloudfront.net payments.braintree-api.com *.sitescout.com seal.godaddy.com tags.tiqcdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com landofcoder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com guarantee-cdn.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.bootstrapcdn.com *.braintreegateway.com *.cloudflare.com *.cloudmaestro.com *.ctctcdn.com *.doubleclick.net *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.hotjar.com *.livechatinc.com *.paypal.com *.tealiumiq.com *.twpinc.com *.youtube.com bam.nr-data.net chimpstatic.com connect.facebook.net ct.pinterest.com d10lpsik1i8c69.cloudfront.net js-agent.newrelic.com payments.braintree-api.com *.sitescout.com s.pinimg.com script.crazyegg.com tags.tiqcdn.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.braintreegateway.com *.doubleclick.net *.google.com *.gstatic.com *.hotjar.com *.livechatinc.com *.paypal.com *.tealiumiq.com *.twpinc.com bam.nr-data.net chimpstatic.com connect.facebook.net ct.pinterest.com d10lpsik1i8c69.cloudfront.net js-agent.newrelic.com payments.braintree-api.com *.sitescout.com s.pinimg.com script.crazyegg.com tags.tiqcdn.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline';, connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.addthis.com *.braintreegateway.com *.cloudflare.com *.crazyegg.com *.doubleclick.net *.google.com *.googletagmanager.com *.gstatic.com *.hotjar.io *.hotjar.com *.kaptcha.com *.livechatinc.com *.luckyorange.net *.paypal.com *.pinimg.com *.pinterest.com *.tealiumiq.com *.twpinc.com *.visitors.live chimpstatic.com connect.facebook.net js-agent.newrelic.com payments.braintree-api.com *.sitescout.com tags.tiqcdn.com www.facebook.com www.google-analytics.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src *.googletagmanager.com d10lpsik1i8c69.cloudfront.net blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cookie-script.com *.addtoany.com *.bootstrapcdn.com *.braintreegateway.com chimpstatic.com *.cloudflare.com *.cloudmaestro.com *.crazyegg.com *.ctctcdn.com *.doubleclick.net *.facebook.com *.fontawesome.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.ipdata.co *.kaptcha.com *.klaviyo.com *.livechatinc.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.pinimg.com *.pinterest.com *.tealiumiq.com *.twpinc.com connect.facebook.net d10lpsik1i8c69.cloudfront.net payments.braintree-api.com *.sitescout.com seal.godaddy.com tags.tiqcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a1d80435-4e21-470f-aed0-a54f39d4d350.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self'; upgrade-insecure-requests 1
worker-src https: blob: 'self'; font-src *.googleapis.com *.gstatic.com data: https://static2.sharepointonline.com https: *.fontawesome.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com https://littlebit.eu-test.encoway.cloud/ https://littlebit.eu.encoway.cloud https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io ratenkauf.easycredit.de magefan.com cm.magefan.com *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://littlebit.eu-test.encoway.cloud/ https://littlebit.eu.encoway.cloud btodev.littlebit.ch bto.littlebit.ch *.visualwebsiteoptimizer.com app.vwo.com ratenkauf.easycredit.de *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://littlebit.eu-test.encoway.cloud/ https://littlebit.eu.encoway.cloud btodev.littlebit.ch bto.littlebit.ch *.visualwebsiteoptimizer.com app.vwo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com https://widgets.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://littlebit.eu-test.encoway.cloud/ https://littlebit.eu.encoway.cloud btodev.littlebit.ch bto.littlebit.ch https: wss: *.visualwebsiteoptimizer.com app.vwo.com ratenkauf.easycredit.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https: blob: *.visualwebsiteoptimizer.com app.vwo.com test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv; script-src 'self' https://e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv 'unsafe-inline' 'unsafe-eval' https://www.youtube.com; style-src 'self' https://e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv 'unsafe-inline'; font-src 'self' https://e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv; img-src 'self' https://e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv data: https://www.youtube.com https://i.ytimg.com; frame-src 'self' https://www.youtube.com; worker-src 'self' blob:; object-src 'none'; report-uri /_csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.clarity.ms   *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com access.equalweb.com cdn.equalweb.com *.onetrust.com *.cookielaw.org *.tiktok.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com   cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com tracker.metricool.com unpkg.com *.facebook.net *.vimeo.com *.ekomiapps.de *.bing.com; style-src 'self' 'unsafe-inline' cdn.equalweb.com *.onetrust.com   cdn.jsdelivr.net *.gstatic.com *.ekomiapps.de; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.clarity.ms *.ekomi.es *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com   *.google.com *.google.es *.gstatic.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.tiktokw.us *.onetrust.com tracker.metricool.com *.facebook.com *.ekomiapps.de *.bing.com; font-src 'self' data:    cdn.equalweb.com *.ekomiapps.de; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.clarity.ms *.visualwebsiteoptimizer.com *.onetrust.com *.cookielaw.org *.google.com *.googleapis.com   *.doubleclick.net *.googlesyndication.com *.googleadservices.com region1.analytics.google.com stats.g.doubleclick.net *.tiktok.com *.tiktokw.us cdn.equalweb.com tracker.metricool.com ipapi.co *.facebook.com   *.ekomiapps.de *.bing.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com; frame-src 'self' *.google.com *.equalweb.com *.onetrust.com *.doubleclick.net *.vimeo.com; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-azt1LwbxXEthwIsSd8LrCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kueskipay.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: *.mipc.com.mx *.icecat.biz *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com mipc.com.mx 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.sandbox.paypal.com *.paypalobjects.com www.facebook.com *.sharethis.com *.doubleclick.net *.livechatinc.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.googleadservices.com *.googletagmanager.com *.kueskipay.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.sandbox.paypal.com *.paypalobjects.com *.hsforms.net *.hsforms.com 'self' data: blob: *.mipc.com.mx www.google.com.mx *.icecat.biz *.sharethis.com *.mercadopago.com.mx device.clearsale.com.br h.online-metrix.net seal.godaddy.com *.clarity.ms *.omappapi.com *.bing.com img.mlstatic.com *.elfsightcdn.com *.facebook.com storage.getbutton.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.kueskipay.com *.mxpnl.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.hsforms.net *.hsforms.com *.gstatic.com cdn.ampproject.org www.gstatic.com *.mipc.com.mx cdn.mouseflow.com cdn.bitrix24.es kit.fontawesome.com *.omappapi.com *.app-us1.com trackcmp.net io.clickguard.com *.mipcapps.mx *.icecat.biz cdn.jsdelivr.net mipc.bitrix24.es *.doubleclick.net *.sharethis.com *.clarity.ms seal.godaddy.com device.clearsale.com.br h.online-metrix.net *.bing.com *.firecheckout.com cdn.clickydata.com dash.callbell.eu polyfill.io static.getbutton.io js.stripe.com *.googleapis.com *.elfsight.com *.cloudflare.com *.livechatinc.com *.hotjar.com *.callbell.eu studio.icecat.biz live-html.icecat.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googleapis.com *.gstatic.com www.gstatic.com *.mipc.com.mx *.omappapi.com *.icecat.biz cdn.jsdelivr.net mipc.bitrix24.es dash.callbell.eu polyfill.io *.livechatinc.com *.callbell.eu studio.icecat.biz live-html.icecat.biz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.icecat.biz *.callbell.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googletagmanager.com stats.g.doubleclick.net *.kueskipay.com *.doubleclick.net https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.sandbox.paypal.com *.paypalobjects.com t.elasticsuite.io *.hsforms.net *.hsforms.com cdn.ampproject.org www.googleapis.com *.mipc.com.mx io.clickguard.com *.omappapi.com *.fontawesome.com *.icecat.biz *.mipcapps.mx *.sharethis.com *.clarity.ms *.mixpanel.com dash.callbell.eu widget.getbutton.io *.googleapis.com *.bing.com *.elfsight.com https://www.googletagmanager.com/debug/badge.css facebook.com api.livechatinc.com bcp.crwdcntrl.net *.callbell.eu wss://centrifugo.callbell.eu studio.icecat.biz live-html.icecat.biz 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.mipc.com.mx *.mipcapps.mx 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TubKAPT09ouNXNUFBBKLVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com https://cdn.checkout.com *.fontawesome.com *.klarnacdn.net *.salesfire.co.uk *.typekit.net fonts.gstatic.com data: hello.myfonts.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://js.checkout.com *.klarna.com https://www.googletagmanager.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.salesfire.co.uk tikkurila-dev.prismic.io *.cookiebot.com wisepops.net www.awin1.com td.doubleclick.net *.attn.tv pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.salesfire.co.uk www.photofusion.org www.tikkurila.co.uk images.prismic.io *.prismic.io *.feefo.com v2assets.zopim.io www.google.co.uk www.google.ie *.cookiebot.com www.awin1.com www.tagserve.com lantern.roeye.com bat.bing.com www.wepowerconnections.com events.attentivemobile.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.attn.tv events.attentivemobile.com https://*.checkout.com *.klarnacdn.net *.cdn-apple.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk static.zdassets.com register.feefo.com cdn.noibu.com static.cdn.prismic.io *.googleoptimize.com wisepops.net *.wisepops.net *.gorgias.chat *.cookiebot.com bat.bing.com static.hotjar.com script.hotjar.com lantern.roeyecdn.com *.googlesyndication.com *.google-analytics.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com api.feefo.com pay.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com cc-cdn.com *.klarnacdn.net *.salesfire.co.uk *.typekit.net hello.myfonts.net *.feefo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.attn.tv events.attentivemobile.com https://js.checkout.com *.klarnaevt.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.salesfire.co.uk *.smartmetrics.co.uk ekr.zdassets.com api.feefo.com valttihelp.zendesk.com collect.feefo.com wss://widget-mediator.zopim.com tikkurila-dev.prismic.io wisepops.net *.wisepops.com *.gorgias.chat *.cookiebot.com *.analytics.google.com *.googlesyndication.com *.google-analytics.com ws.hotjar.com content.hotjar.io the.sciencebehindecommerce.com bam.eu01.nr-data.net google.com pay.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report/log; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-f8zox2O3Xs-BqTYDqo2-_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NES9CxqsFOx45P1E7QWYTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem 'self' https://embed.tawk.to 'unsafe-inline'; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://embed.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube-nocookie.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.instagram.com https://espace-revendeurs.ign.fr https://embed.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' https://tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://embed.tawk.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://www.instagram.com https://embed.tawk.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.tawk.to wss://*.tawk.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.consensu.org *.sharethis.com secure.payu.com merch-prod.snd.payu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.gstatic.com *.googleapis.com https://firebasestorage.googleapis.com static.payu.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com *.sharethis.com maps.googleapis.com *.avada.io secure.payu.com secure.snd.payu.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com maps.googleapis.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net;                                         img-src 'self' data: https: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com www.googletagmanager.com https://ajax.googleapis.com https://googleads.g.doubleclick.net;                                         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;                                         connect-src 'self' data: blob: https://*.paidy.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.clarity.ms https://apm.yahoo.co.jp https://bat.bing.com https://dm.slim02.jp https://fspark-ap.com https://googleads.g.doubleclick.net https://jp.analytics.omnisegment.com https://o4506693258641408.ingest.us.sentry.io https://omnitag.omnisegment.com https://sslwidget.criteo.com https://stats.g.doubleclick.net https://www.google.co.jp https://www.google.com https://www.google.com.tw https://www.googleadservices.com;                                         frame-src 'self' https://www.google.com https://www.recaptcha.net https://checkout-v2.paidy.com/ *.google.com www.googletagmanager.com https://gum.criteo.com https://platform.twitter.com https://static.criteo.net;                                         script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.googletagmanager.com static.mul-pay.jp p01.mul-pay.jp https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://yubinbango.github.io https://apps.paidy.com/ http://code.jquery.com https://ajax.googleapis.com https://b99.yahoo.co.jp https://bat.bing.com https://dynamic.criteo.com https://fspark-ap.com https://googleads.g.doubleclick.net https://h.accesstrade.net https://intljs.rmtag.com https://omnitag.omniscientai.com https://platform.twitter.com https://rec.ebis.ne.jp https://s.yimg.jp https://scripts.clarity.ms https://sslwidget.criteo.com https://static.criteo.net https://taj1.ebis.ne.jp https://www.clarity.ms;                                         style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com;                                         worker-src blob:;                                         report-to csp-endpoint; 1
font-src *.fontawesome.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.weltpixel.com landofcoder.com maps.googleapis.com chart.googleapis.com https://amc.demdex.net https://portal.zakeke.com *.hotjar.com https://www.google.com https://www.google.it *.vimeo.com *.tradedoubler.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com https://www.facebook.com https://www.google.com https://www.google.it http://maps.googleapis.com https://maps.googleapis.com *.cookielaw.org https://barcode.tec-it.com *.nau.it *.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com https://www.gstatic.com landofcoder.com maps.googleapis.com chart.googleapis.com *.alothemes.com *.magepow.com *.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam-cell.nr-data.net https://static.zdassets.com https://chimpstatic.com *.hotjar.com *.tradedoubler.com *.cookielaw.org *.optimalpeople.fr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com https://fonts.googleapis.com *.hotjar.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com https://nau.it *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com landofcoder.com maps.googleapis.com chart.googleapis.com *.alothemes.com *.magepow.com https://dpm.demdex.net https://api.instagram.com https://instagram.com https://naucare.zendesk.com https://ekr.zdassets.com https://bam-cell.nr-data.net https://stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookielaw.org *.facebook.com *.onetrust.com *.optimalpeople.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: fonts.ub-assets.com builder-assets.unbounce.com; img-src 'self' data: *.join-stories.com linsenmax.join-stories.com linsenmax.my.join-stories.com https://*.googlesyndication.com https://www.google.pt https://*.teads.tv https://integrations.etrusted.com https://www.google.ch https://www.google.com bat.bing.com www.googletagmanager.com https://*.clarity.ms res.cloudinary.com googleads.g.doubleclick.net https://www.facebook.com https://ad.doubleclick.net *.mcoptic.ch d9hhrg4mnvzow.cloudfront.net maps.gstatic.com i.ytimg.com maps.googleapis.com yt3.ggpht.com https://widgets-images.abtasty.com https://widgets.trustedshops.com https://cdn-cookieyes.com https://c.bing.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.mczbf.com https://analytics.optimalpeople.fr *.join-stories.com linsenmax.join-stories.com linsenmax.my.join-stories.com https://config1.veinteractive.com https://www.dwin1.com https://*.tradedoubler.com https://*.teads.tv script.hotjar.com maps.googleapis.com cdn.goodays.co www.youtube.com 171acc6227d04b16a51477d1e15beb3b.js.ubembed.com try.abtasty.com www.google.com www.clarity.ms builder-assets.unbounce.com bat.bing.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net bat.bing.net dcinfos-cache.abtasty.com www.sqli.ch pagead2.googlesyndication.com app.goodays.co static.doubleclick.net 171acc6227d04b16a51477d1e15beb3b.events.ubembed.com issuu.com terms.mfgroup.ch https://*.ubembed.com js-agent.newrelic.com googleads.g.doubleclick.net cdn-cookieyes.com https://*.clarity.ms https://*.nr-data.net https://widgets.trustedshops.com https://assets.ubembed.com https://ea699c206b994dccb266a248b485ac2e.js.ubembed.com https://*.etrusted.com https://widgets.abtasty.com https://static.profity.ch https://pagead2.googlesyndication.com static.hotjar.com https://*.adform.net https://connect.facebook.net https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' fonts.ub-assets.com builder-assets.unbounce.com https://*.goodays.co https://*.googleapis.com https://*.gstatic.com www.youtube.com https://integrations.etrusted.com *.abtasty.com; connect-src 'self'  *.mcoptic.ch *.linsenmax.ch *.visilab.ch *.join-stories.com linsenmax.join-stories.com linsenmax.my.join-stories.comhttps://www.mczbf.com https://analytics.optimalpeople.fr bat.bing.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io https://*.teads.tv *.g.doubleclick.net *.facebook.com *.hotjar.com https://analytics.tiktok.com https://ad.doubleclick.net https://bat.bing.com https://www.google.ch https://www.googleadservices.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.etrusted.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.algolia.io https://*.algolia.net https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://*.nr-data.net *.abtasty.com; frame-src 'self' https://*.adform.net https://ad.ad-srv.net https://www.google.com https://*.goodays.co https://www.googletagmanager.com https://*.doubleclick.net; 1
default-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com; script-src 'self' 'nonce-673dbce4-90b2-46d6-9bbd-e0d733393cbd' 'nonce-a92edb51-a967-4845-95ae-84212c30df23' 'nonce-74d623f7-b0fa-47d7-9417-f15c244bad72' 'nonce-cabd0637-b4b1-49c4-8abd-3fa94a551e1c' 'nonce-d95029a9-6536-41ab-bd21-5eaa4b58a267' 'nonce-6ada93ef-8449-4da6-af33-fe0f9d054d6d' 'nonce-cb1e2492-b160-469b-80e6-310cfcc9d7d9' 'nonce-84e06150-a96d-48f2-a477-50338d992d39' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.checkout.visa.com *.fundraiseup.com *.paypal.com *.paypalobjects.com *.plaid.com *.src.mastercard.com *.stripe.com cdn.fundraiseup.com m.stripe.network pay.google.com *.googletagmanager.com api.olark.com cdn-ukwest.onetrust.com knrpc.olark.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js static.olark.com; script-src-elem 'self' 'unsafe-inline' *.checkout.visa.com *.fundraiseup.com *.paypal.com *.paypalobjects.com *.plaid.com *.src.mastercard.com *.stripe.com cdn.fundraiseup.com m.stripe.network pay.google.com *.googletagmanager.com api.olark.com cdn-ukwest.onetrust.com knrpc.olark.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js static.olark.com bat.bing.com connect.facebook.net www.google.com googleads.g.doubleclick.net c5.adalyser.com *.gstatic.com cdn-ukwest.onetrust.com; style-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com https://careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com cdn-images.mailchimp.com cdn-images.mailchimp.com/embedcode/classic-061523.css static.olark.com; style-src-attr 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' static.olark.com careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com; style-src-elem 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com https://careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com cdn-images.mailchimp.com static.olark.com; object-src 'none'; base-uri 'self'; connect-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.checkout.visa.com *.fundraiseup.com *.mastercard.com *.paypal.com *.paypalobjects.com *.plaid.com *.stripe.com api.addressy.com fndrsp-checkout.net fndrsp.net google.com/pay knrpc.olark.com pay.google.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onetrust.com adservice.google.com *.google.co.ug *.google.com *.analytics.google.com *.onetrust.com at.bing.com *.google.com stats.g.doubleclick.net adservice.google.com *.google.co.uk adservice.google.com www.facebook.com; font-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.fundraiseup.com *.stripe.com static.olark.com; frame-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com platform.twitter.com player.vimeo.com syndication.twitter.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com/ static.olark.com *.fundraiseup.com *.stripe.com *.src.mastercard.com *.checkout.visa.com *.plaid.com *.paypal.com pay.google.com www.google.com *.doubleclick.net *.paypalobjects.com *.google.com; img-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' abs.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com ton.twimg.com www.facebook.com www.google.co.uk www.google.com data: *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com log.olark.com t.paypal.com cdn-ukwest.onetrust.com bat.bing.com ad.doubleclick.net c5.adalyser.com *.google.es *.googletagmanager.com *.gstatic.com; manifest-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com; media-src 'self'; worker-src 'self'; report-uri /csp/report/; 1
default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 1
connect-src *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com https://consentcdn.cookiebot.com 'self';img-src *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com data: googletagmanager.com https://consentcdn.cookiebot.com https://img.youtube.com https://imgsct.cookiebot.com 'self' ssl.gstatic.com www.gstatic.com;frame-src *.google.com *.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com 'self';script-src-elem *.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline' www.gstatic.com;font-src data: fonts.gstatic.com 'self';script-src googletagmanager.com 'self' tagmanager.google.com 'unsafe-eval' 'unsafe-inline';style-src https://consentcdn.cookiebot.com 'self' tagmanager.google.com 'unsafe-eval' 'unsafe-inline';base-uri 'self';manifest-src 'self';media-src 'self';default-src 'self';worker-src 'self';frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://s7.addthis.com https://payflowlink.paypal.com/ https://www.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.co.in https://www.googletagmanager.com *.doubleclick.net *.kickfire.com *.yahoo.com *.clarity.ms https://c.bing.com *.facebook.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js-agent.newrelic.com https://bam.nr-data.net https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com *.kickfire.com *.clarity.ms https://tag.simpli.fi *.yimg.com *.facebook.net https://assets.adobedtm.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com assets.braintreegateway.com https://fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://letsmakebeauty.com/media/wysiwyg/Masthead_Video_v4.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://analytics.google.com https://bam.nr-data.net https://stats.g.doubleclick.net https://m.addthis.com *.clarity.ms *.yimg.com *.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ervZVdFPTb7Jn7M7lb6TxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uBqMw0iwEDZqOMnOMVh0Fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-c10558fc7ad31c461de6c9e6c85fb403dfe9a0afc751a407c24dd0f64747bf80' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; img-src 'self' https: data:; base-uri 'none'; frame-ancestors 'self' ; 1
object-src 'none';base-uri 'self';script-src 'nonce-zZ8PzsV-avxZiePcB-X5FA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net https://cdnjs.cloudflare.com https://maps.googleapis.com static.client.cardinaltrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://maps.googleapis.com https://nominatim.openstreetmap.org *.cardinaltrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.fuelyourbody.nl *.fuelyourbody.de *.fuelyourbody.be *.fuelyourbody.fr data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com *.fuelyourbody.nl *.fuelyourbody.de *.fuelyourbody.be *.fuelyourbody.fr consentcdn.cookiebot.eu www.googletagmanager.com www.youtube-nocookie.com www.facebook.com app.aiden.cx 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com *.fuelyourbody.nl *.fuelyourbody.de *.fuelyourbody.be *.fuelyourbody.fr d3k81ch9hvuctc.cloudfront.net lh4.googleusercontent.com region1.analytics.google.com www.google.nl www.google.be www.google.de bat.bing.com stats.g.doubleclick.net www.facebook.com *.clarity.ms integrations.etrusted.com connect.facebook.net i.ytimg.com jf79.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'unsafe-eval' 'unsafe-inline' *.fuelyourbody.nl *.fuelyourbody.de *.fuelyourbody.be *.fuelyourbody.fr app.aiden.cx bat.bing.com consent.cookiebot.eu consentcdn.cookiebot.eu d5yoctgpv4cpx.cloudfront.net l.getsitecontrol.com popup.projects.webpages.one s2.getsitecontrol.com script.hotjar.com static.hotjar.com www.clarity.ms scripts.clarity.ms www.feedbackcompany.com analytics.tiktok.com pagead2.googlesyndication.com static.klaviyo.com static-tracking.klaviyo.com connect.facebook.net integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com static.klaviyo.com static-tracking.klaviyo.com integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com *.fuelyourbody.nl *.fuelyourbody.de *.fuelyourbody.be *.fuelyourbody.fr app.aiden.cx bat.bing.com consentcdn.cookiebot.eu l.getsitecontrol.com events.getsitectrl.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com www.feedbackcompany.com www.google.com region1.analytics.google.com analytics.tiktok.com analytics-ipv6.tiktokw.us a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com www.facebook.com *.clarity.ms integrations.etrusted.com vc.hotjar.io api-js.datadome.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.cleverreach.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.cloudfront.net https://images.unsplash.com https://www.mollie.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com einfach-heimat.de *.googleapis.com *.pinterest.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com https://maps.googleapis.com matomo.einfach-heimat.de js.mollie.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.queue-it.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com einfach-heimat.de *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://05aadb17-b9ac-4fc9-8bf8-faba68544722.sansec.watch/; report-to report-endpoint; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-NFNZ7DG8yQkCNShQ5AZ0yQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com *.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io tracker.aqurate.ai https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com *.flix360.com *.flixcar.com *.flix360.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tracker.aqurate.ai *.sameday.ro unpkg.com/map-fanbox-points@0.0.5/umd/map-fanbox-points.js https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com *.gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com aqurate.ai *.flixcar.com *.flix360.io *.flixfacts.com popupsmart.com *.sharethis.com *.tiktok.com *.omniconvert.com *.2performant.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sameday.ro assets.braintreegateway.com *.googleapis.com *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com *.popupsmart.com popupsmart.com *.flixcar.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com tracker.aqurate.ai *.fancourier.ro https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.ro googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io *.google-analytics.com *.sharethis.com *.enzuzo.com *.flixcar.com *.tiktok.com *.omniconvert.com region1.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-S3d67p6abAbqVUOwg-WMCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; connect-src 'self' https: https://api.amazingtunes.com https://apiv3.amazingtunes.com https://analytics.amazing-media.com; font-src 'self' https: data:; img-src 'self' https: data: blob:; media-src 'self' https: blob:; object-src 'none'; script-src 'self' https: https://analytics.amazing-media.com 'nonce-'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' blob: 1
default-src bam.nr-data.net cdn.growthbook.io cdn-ukwest.onetrust.com geolocation.onetrust.com pagead2.googlesyndication.com privacyportal-uk.onetrust.com prod.global-fragments-server.green.which.co.uk tpc.googlesyndication.com *.safeframe.googlesyndication.com www.googletagmanager.com ep2.adtrafficquality.google which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk;script-src a.quora.com ajax.googleapis.com bat.bing.com c.amazon-adsystem.com cdn-magiclinks.trackonomics.net cdn-ukwest.onetrust.com cdn.amplitude.com cdn.jsdelivr.net connect.facebook.net ct.pinterest.com cdn.growthbook.io googleads.g.doubleclick.net manifest.prod.boltdns.net maps.googleapis.com pagead2.googlesyndication.com platform.twitter.com player.captivate.fm players.brightcove.net prod.global-fragments-server.green.which.co.uk public.flourish.studio pym.nprapps.org region1.google-analytics.com s.pinimg.com siteintercept.qualtrics.com static-ssl.responsetap.com static.ads-twitter.com static.digidip.net t.contentsquare.net tpc.googlesyndication.com track.omguk.com which.resultspage.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yksbw1yr.micpn.com zeta-live.getsquirrel.co znbiyguoobqgm5gwu-which.siteintercept.qualtrics.com which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk 'nonce-a4d8e8a711b12ee52ce275fcfcc5c7e572be6e1f4f80e14c93e63227521ff48f';style-src aaf1a18515da0e792f78-c27fdabe952dfc357fe25ebf5c8897ee.ssl.cf5.rackcdn.com cdn.jsdelivr.net flo.uri.sh fonts.googleapis.com pagead2.googlesyndication.com player.captivate.fm public.flourish.studio service.force.com zeta-live.getsquirrel.co which.resultspage.com which-group.my.site.com 'unsafe-inline' 'self' https://*.which.co.uk;font-src fonts-which-co-uk.s3.amazonaws.com player.captivate.fm public.flourish.studio 'unsafe-inline' 'self' https://*.which.co.uk;img-src abs-0.twimg.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com alb.reddit.com analytics.twitter.com artwork.captivate.fm bat.bing.com c.contentsquare.net cdn-ukwest.onetrust.com cf-images.eu-west-1.prod.boltdns.net ct.pinterest.com googleads.g.doubleclick.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com maps.gstatic.com media.which.gpp.io metrics.brightcove.com pagead2.googlesyndication.com pbs.twimg.com q.quora.com s3-eu-west-1.amazonaws.com securepubads.g.doubleclick.net siteintercept.qualtrics.com storage.googleapis.com syndication.twitter.com t.co tpc.googlesyndication.com tracking.audio.thisisdax.com trx-hub.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com yksbw1yr.micpn.com ep1.adtrafficquality.google 'unsafe-inline' 'self' https://*.which.co.uk;connect-src region1.google-analytics.com which-group.my.salesforce-scrt.com cdn.growthbook.io cdn-ukwest.onetrust.com geolocation.onetrust.com pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google 'unsafe-inline' 'self' https://*.which.co.uk;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 1
default-src 'self' 'unsafe-inline' data: stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net static.addtoany.com addtoany.com www.googletagmanager.com www.youtube.com *.fontawesome.com www.google-analytics.com *.googleapis.com fonts.gstatic.com *.gstatic.com; script-src 'self' 'unsafe-inline' data: stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net static.addtoany.com addtoany.com www.googletagmanager.com www.youtube.com *.fontawesome.com www.google-analytics.com *.googleapis.com fonts.gstatic.com *.gstatic.com; report-uri /report-csp-violation 1
font-src *.anyday.io *.fontawesome.com *.klarnacdn.net *.typekit.net https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.anyday.io *.klarna.com *.addthis.com *.facebook.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.anyday.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.addthisedge.com *.twitter.com cdn.barlife.dk https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.anyday.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com policy.app.cookieinformation.com cookieinformation.com ct.pinterest.com pinterest.com checkout.reepay.com load.ss.barlife.dk ss.barlife.dk ss.barlife.no barlifese.bar-life.se ss.barliife.de bat.bing.com s.pinimg.com widget.trustpilot.com *.googletagmanager.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com ajax.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.anyday.io *.fontawesome.com https://static.klaviyo.com *.klarnacdn.net *.typekit.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.anyday.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ ws: *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.playground.klarna.com cdn.klarna.com www.google.com js.klarna.com youtube.com www.youtube.com *.cookiebot.com *.klarna.com *.kustom.co *.issuu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io *.clerk.io *.algolia.net *.algolianet.com polyfill.io cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.com www.gstatic.com *.cookiebot.com cdn.clerk.io api.clerk.io vjs.zencdn.net player.vimeo.com js.playground.klarna maps.googleapis.com *.klarna.com *.kustom.co *.hotjar.com *.emailplatform.com *.sleeknote.com *.klarnaservices.com s.zavanna.no bat.bing.com secure.authorize.net test.authorize.net *.googleadservices.com js.braintreegateway.com *.paypal.com 1eafapi.cardinalcommerce.com.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com widget.postenlabs.no cdn.clerk api.clerk *.paypalobjects.com *.snapchat.com sc-static.net *.klarnacdn.net songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.playground.klarnaevt.com *.cookiebot.com *.klarnaevt.com *.klarnauserservices.com *.klarnaservices.com maps.googleapis.com *.klarna.com *.kustom.co s.zavanna.no stats.g.doubleclick.net *.snapchat.com bat.bing.com *.klarnacdn.net x.klarnacdn.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.zavanna.no/ fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com x.klarnacdn.net maxcdn.bootstrapcdn.com s.zavanna.no data: *.klarnacdn.net data: 'self' 'unsafe-inline'; style-src https://pim.zavanna.no/ *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://api.clerk.io https://cdn.clerk.io tagmanager.google.com vjs.zencdn.net maxcdn.bootstrapcdn.com x.klarnacdn.net s.zavanna.no *.klarnacdn.net assets.braintreegateway.com 'self' 'unsafe-inline'; img-src https://pim.zavanna.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://cdn.clerk.io *.clerk.io cdn.klarna.com *.playground.klarnaevt.com ssl.gstatic.com www.gstatic.com *.cookiebot.com eu.playground.klarnaevt.com maps.gstatic.com maps.googleapis.com *.klarnaservices.com *.kustom.co s.zavanna.no bat.bing.com *.google.com *.google.pl *.snapchat.com sc-static.net pim.zavanna.no *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; report-uri /csp/report; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.inpost.pl *.fontawesome.com *.cloudflare.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net *.twitter.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com play.google.com *.autopay.eu *.inpost.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu *.inpost.pl *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.google.pl *.2way.app tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org *.twitter.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.autopay.eu pay.google.com *.inpost.pl *.cloudflare.com *.twitter.com *.google.pl js-agent.newrelic.com *.2way.app *.allekurier.pl *.disqus.com mapa.orlenpaczka.pl https://geowidget.easypack24.net *.easypack24.net *.openstreetmap.org *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.autopay.eu *.inpost.pl *.fontawesome.com *.cloudflare.com *.twimg.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.twitter.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.inpost.pl *.larix.com.pl https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.inpost.pl *.cloudflare.com *.paypal.com *.2way.app nominatim.openstreetmap.org *.easypack24.net *.openstreetmap.org *.twitter.com *.twimg.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com optimize.google.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.adobedc.net *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.stackers.com *.googlesyndication.com *.google-analytics.com *.klevu.com api.exponea.com ct.pinterest.com *.abtasty.com *.adobedc.net *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com *.zendesk.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src *.fontawesome.com *.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ landofcoder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.g.doubleclick.net *.googlesyndication.com *.facebook.com www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.googlesyndication.com *.google.com.bd *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ landofcoder.com s7.addthis.com *.addtoany.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.facebook.com *.googlesyndication.com *.googleadservices.com *.google.com.bd *.localhost *.clarity.ms *.hotjar.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.facebook.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com landofcoder.com ekr.zdassets.com/ http://dpm.demdex.net *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.facebook.com *.googlesyndication.com ap.stape.info *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.cookiebot.com *.googletagmamanger.com https://*.google.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.twitter.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com magefan.com cm.magefan.com *.disqus.com www.magmodules.eu *.squeezely.tech i0.wp.com *.leef.nl *.linkedin.com *.varuvo.nl *.yourskin.nl *.zorghulpdrogist.nl https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com *.sooqr.com *.spotlersearch.com https://www.mollie.com *.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.disqus.com squeezely.tech www.squeezely.tech *.squeezely.tech *.clarity.ms cognito-identity.eu-central-1.amazonaws.com/ *.converterexperiments.com *.cookiebot.com *.corewebvitals.io developer.adobe.com *.facebook.net/ firehose.eu-central-1.amazonaws.com/ http://*.googleadservers.com *.google-analytics.com *.googlesyndication.com *.googletagmamanger.com *.hotjar.com *.licdn.com magento.com *.spotlersearch.com *.spotlersearchanalytics.com *.trustpilot.com *.zdassets.com *.zopim.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com *.sooqr.com spotlersearchanalytics.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com squeezely.tech *.squeezely.tech *.clarity.ms cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com *.linkedin.com *.zdassets.com *.zendesk.com *.zopim.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3adac9fa-e067-4112-86fb-a8b949bec21a.sansec.watch; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-TUJctrME/ipfGnfNwrITRg==' 1
default-src 'nonce-ce2bedd6a3bc881a8639760b4b9f06e2' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
object-src 'none';base-uri 'self';script-src 'nonce-WPwOZeijzCtFp5DIzugQJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com/ *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.twitter.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ https://cdn.omise.co https://www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.pixriot.com *.storeimaging.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.google-analytics.com https://www.google.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdn.omise.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://cdn.omise.co *.pixriot.com *.storeimaging.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com www.xtento.com *.googletagmanager.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com www.xtento.com cdn.xtento.com *.googletagmanager.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-I8vQSc824ggM7jLcg4JLvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-hr6XeRg3WZXAYCFx32RTXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-o8WG6tz2OvAiXDlWWsifmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.superpayments.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.superpayments.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.superpayments.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com https://redchamps.com 'self' data: *.superpayments.com *.stripe.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.superpayments.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.superpayments.com *.stripe.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.superpayments.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com acsbapp.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com payflowlink.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.google.com *.braintreegateway.com *.paypal.com google.com www.googletagmanager.com *.certcapture.com *.dotdigital-pages.com *.dotdigital.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com d1l7z5ofrj6ab8.cloudfront.net payflowlink.paypal.com googleads.g.doubleclick.net data: *.google.co.in www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.certcapture.com *.trackedlink.net *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.keekaroo.com *.specialtomato.com *.adaptivemall.com *.adaptivemall.ca app.certcapture.com nxtuploads.s3.amazonaws.com i.imgur.com verify.authorize.net *.bizrate.com blob: *.bing.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com fonts.gstatic.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com *.nextopia.net *.ecomm-nav.com www.gstatic.com www.google.com checkout.getbread.com app.certcapture.com www.adaptivemall.com staging.adaptivemall.com vector.nextopiasoftware.com verify.authorize.net bat.bing.com js-agent.newrelic.com www.facebook.com d1l7z5ofrj6ab8.cloudfront.net *.bizrate.com bam.nr-data.net *.googleadservices.com acsbapp.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.searchspring.net/intellisuggest/is.min.js *.googletagmanager.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.nextopia.net *.ecomm-nav.com fonts.gstatic.com maxcdn.bootstrapcdn.com app.certcapture.com *.bizrate.com *.tagmanager.google.com *.googletagmanager.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.certcapture.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com app.certcapture.com happyfoxchat.com bam.nr-data.net *.bizrate.com stats.g.doubleclick.net cdn.acsbapp.com acsbapp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://beacon.searchspring.io/beacon *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.nextopia.net *.ecomm-nav.com fonts.gstatic.com fonts.googleapis.com checkout.getbread.com www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net bat.bing.com app.certcapture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.zohocdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com/ *.securesuite.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.doubleclick.net https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.google.co.uk *.zohopublic.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.noibu.com *.zoho.eu *.intelligentdatawisdom.com *.cookiefirst.com *.zohocdn.com *.googleoptimize.com *.addthis.com *.cloudflareinsights.com *.hotjar.com *.google.com *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.what3words.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.noibu.com *.zohocdn.com *.googleapis.com *.cookiefirst.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.cookiefirst.com wss://vts.zohopublic.eu *.zohopublic.eu *.analytics.google.com *.liadm.com *.google-analytics.com *.google.co.uk *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.what3words.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/zaake7p6mj/report-uri; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce--T4evF-KZq7Kc7Y2158D3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LSf6n6Zfd-xJ5Kb4lLzC5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com *.facebook.net www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de magefan.com cm.magefan.com *.facebook.com *.facebook.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.facebook.com *.facebook.net connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.facebook.com *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-5cbb9219d09dbd40abf8098607410310ccc05505' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-Nl-BKvSktQ07hbTp8hfG6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8vc58oR1lxTK6miUWqUQzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' *.hubspot.com *.google.com *.bing.com *.hotjar.com *.hotjar.io *.linkedin.com *.licdn.com *.reddit.com *.facebook.com *.stackadapt.com *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.api.osano.com api.hubapi.com connect.facebook.net cdn.acsbapp.com forms.hscollectedforms.net forms.hsforms.com fonts.gstatic.com fonts.googleapis.com js.zi-scripts.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hubspotfeedback.com js.hs-banner.com js.hsleadflows.net js.usemessages.com monitor.clickcease.com www.googletagservices.com www.google-analytics.com www.redditstatic.com ws.zoominfo.com www.googletagmanager.com cdn.cookie-script.com *.nr-data.net t.contentsquare.net  wss://ws.hotjar.com https://tracker-shield.funnelytics.workers.dev https://track-v3.funnelytics.io https://consent.cookie-script.com/; default-src 'self'; font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src 'self' data: *.hubspot.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net sdx.microsoft.com vars.hotjar.com www.linkedin.com www.googletagmanager.com x.adroll.com; img-src 'self' data: blob: *.hubspot.com *.bing.com *.microsoft.com *.linkedin.com *.licdn.com *.facebook.com *.facebook.net *.fbcdn.net *.stackadapt.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am alb.reddit.com cdn2.hubspot.net d.adroll.com forms.hsforms.com fonts.gstatic.com p.adsymptotic.com script.hotjar.com tr-rc.lfeeder.com www.googleadservices.com www.redditstatic.com www.googletagmanager.com match.adsrvr.org pixel.tapad.com; media-src 'self' dai.google.com media.licdn.com; object-src *.googlesyndication.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://*.imp.stackadapt.com https://*.srv.stackadapt.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.srv.stackadapt.com https://acsbapp.com https://bat.bing.com https://connect.facebook.net https://content.linkedin.com https://cdn.calltrk.com https://cmp.osano.com https://d.adroll.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://js.zi-scripts.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://lftracker.leadfeeder.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://platform.linkedin.com https://r.bing.com https://ssl.google-analytics.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://s.adroll.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.clickcease.com https://www.redditstatic.com https://www.googletagmanager.com https://pi.pardot.com/ https://js-agent.newrelic.com/ https://code.jquery.com https://cdn.cookie-script.com https://t.contentsquare.net https://qvdt3feo.com  https://geo.cookie-script.com/ https://cdn.funnelytics.io/; style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com *.google.com *.bing.com *.licdn.com *.srv.stackadapt.com fonts.googleapis.com www.googletagmanager.com; 1
font-src *.klevu.com *.ksearchnet.com *.gstatic.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com ssl.kaptcha.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.gstatic.com cookie-cdn.cookiepro.com bat.bing.com www.google.pl www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com cookie-cdn.cookiepro.com consent.cookiebot.com bat.bing.com connect.facebook.net *.clarity.ms https://js.klevu.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://fonts.googleapis.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com cookie-cdn.cookiepro.com *.braintreegateway.com *.onetrust.com https://fonts.googleapis.com https://fonts.gstatic.com googleads.g.doubleclick.net *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';script-src 'self' 'unsafe-eval' 'sha256-1HSYoHPNTbixa7+46Xv8f+3gadEZzOWccgJ5VEsRCiQ=' 'sha256-XuH0V153tQcl8LhZeLlndEOZG6QhtgYh1+ihKE5C868=' 'sha256-8jS2Lc6yn1GiMS47eJ+YV0fsxtcpruvBArE+gXskWNo=' 'sha256-lRrbM2V5sTNreGuT1/B5ajbrhZh+on/rLKZMZhfWeFs=' 'sha256-oMGSw0xMGzg1gjQaVIGcgRTAmZe3sc2mmakN2nRqNHo=' 'sha256-i3m4iVgmScSPeR2xpTQshzvWp6yWcpPo+FEGRhLqR2o=' 'sha256-5xpwWECJkydDHHC2dRivFODBlvo0+bAPUNG+RkTgbA0=' 'sha256-WFYUplEj4LXJ/ekxb5jHDDZQNE+Kh2rqbiOLsW+R7Zo=' 'sha256-UZKZ74NbTbmq926byVVaEcRoYpYhC5GiA8w3Kl1fC6w=' 'sha256-VoBBkelMmeLYY4t85pvGT2QkL84jVRZIBSN7gB/Ne8c=' 'sha256-lv2/Bkel4VfG0RBQMcIVtZi+4YG95TT74oD7gK3y5kg=' 'sha256-FfU5EZYIyuxQzChjCOCieSAu7TytMOv3i3sqhxI+V/8=' 'sha256-IFc2JzX73wRAuIynFDejk443JLlTSluFDhlQ/xEOea0=' 'sha256-MMxKS86qxcm4u/S1eKsKm76muWdBNinYgTX03lETS5k=' 'sha256-Sik91OjA1UoRJBO1HNxPVz8QHcwfjSbilmh849MJlWE=' 'sha256-eMkljhIX97D6vb4FsKXpC00TVIL4rVsyg76/6CRMkek=' 'sha256-c1h3tqjDRzs6Mz3p7oVNGcQrKXCZ38DqdlFZ1seAU1s=' 'sha256-k+wT4MUV4XdjOzCRtpZCN1Ero2kjjt9PYBbgz13tMCY=' 'sha256-aEuGb0ht5DXR7K1wyDaZ+ukhrUKh5eb3hzXOISi/7pE=' 'sha256-qbvMnSEbbg5W7gDIQD/ZFa2Nb5M1NEkkPcMBf0Tft6w=' 'sha256-kF8AD9ljMuFhg4UgNOkd++cEhP+hkODmcMigC5L3P+Y=' 'sha256-DhC8Un1/6teHnb+LSHQGApVW/N4iSBIYC1RB9SfQ3Z4=' 'sha256-sO1gYu4spgKCEbJIn93pvwyc/e3wH5ZcCTP88LxOjaA=' 'sha256-1pWcvs1OWR7oidr0ek5JfNgOamrCW1t/Ut+dclnTJw8=' 'nonce-bLV+O9sc/Mf2BUQ9hMhPOA=='  maven.zohodl.com    *.zohocdn.com       dre.zoho.uk   *.zohostatic.com *.zohostatic.uk   salesiq.zohopublic.com;style-src 'self' 'unsafe-inline' maven.zohodl.com    *.zohocdn.com          *.zohostatic.com *.zohostatic.uk   ;img-src https: data: blob:;connect-src 'self' blob: wss:     *.zohocdn.com flow.zoho.uk  zia.zoho.uk phonebridge.zoho.com *.manageengine.com      *.zohostatic.com *.zohostatic.uk   ;form-action 'self';frame-src https: blob:;worker-src 'self' blob:;media-src 'self' blob:      *.zohocdn.com          *.zohostatic.com *.zohostatic.uk   ;object-src blob:;font-src 'self' data: maven.zohodl.com    *.zohocdn.com          *.zohostatic.com *.zohostatic.uk   ;report-uri https://logsapi.zoho.uk/csplog?service=SDPOnDemand 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://vir2store.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com ; img-src 'self' 'unsafe-inline' https: data: https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.g.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://vir2store.com https://*.googlesyndication.com https://svrdntfctn.com/; font-src 'self' data:; media-src 'self' https: data: https://vir2store.com; report-uri 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self' https: *.googletagmanager.com calendar.google.com; worker-src blob:; base-uri 'none'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-B6WafhCBPlnZTeL59oSKnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TeUNog3nAIq1WUEQ4pN48A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com widget-v4.tidiochat.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com td.doubleclick.net *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com www.monacorc.com www.google.it a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com www.monacorc.com cdn.jsdelivr.net chimpstatic.com cdn.iubenda.com cs.iubenda.com widget-v4.tidiochat.com code.tidio.co downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net www.monacorc.com code.tidio.co downloads.mailchimp.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com widget-v4.tidiochat.com code.tidio.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com region1.analytics.google.com region1.google-analytics.com www.monacorc.com idb.iubenda.com code.tidio.co googleads.g.doubleclick.net pagead2.googlesyndication.com socket.tidio.co *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.monacorc.com pagead2.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net socket.tidio.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-T2R_pz_Yt5too1I4INQWkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com *.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com *.groupeseb.com *.creativecdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com tracker.aqurate.ai tbicp.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com *.flix360.com *.flixcar.com *.flix360.io *.3lift.com *.doubleclick.net *.google.com *.nexx360.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com tracker.aqurate.ai tbicp.com *.sameday.ro unpkg.com/map-fanbox-points@0.0.5/umd/map-fanbox-points.js https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mczbf.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com *.gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com aqurate.ai *.flixcar.com *.flix360.io *.flixfacts.com popupsmart.com *.sharethis.com *.tiktok.com *.omniconvert.com *.2performant.com tagmanager.google.com *.creativecdn.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sameday.ro assets.braintreegateway.com *.googleapis.com *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com *.popupsmart.com popupsmart.com *.flixcar.com tagmanager.google.com 'self' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com tracker.aqurate.ai *.fancourier.ro https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.ro googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io *.google-analytics.com *.sharethis.com *.enzuzo.com *.flixcar.com *.tiktok.com *.omniconvert.com region1.google-analytics.com *.usehardal.com *.creativecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://chat01.wolkvox.com https://www.googletagmanager.com https://ajax.aspnetcdn.com; script-src-elem 'self' 'unsafe-inline' https://chat01.wolkvox.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com https://code.getmdl.io https://cdn.jsdelivr.net https://www.gstatic.com https://www.google.com https://unpkg.com https://api.ipify.org; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://formden.com; img-src 'self' data: https://www.google-analytics.com https://positiva.adacsc.co https://www.alissta.gov.co https://www.googletagmanager.com https://www.greatplacetowork.com.co https://vicetecnica-test-positiva.adacsc.co; font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://formden.com; connect-src 'self' https://nominatim.openstreetmap.org https://www.google-analytics.com https://www.googletagmanager.com https://api.ipify.org https://app.powerbi.com https://api.powerbi.com blob:; frame-src 'self' https://chat01.wolkvox.com https://www.google.com https://app.powerbi.com; object-src 'self' https://app.powerbi.com;report-uri /csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-WeGQHXm6q7lxYmi0OijwLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.ap-gateway.mastercard.com *.mastercard.com www.googletagmanager.com googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com 'self' data: blob: 'unsafe-inline' data: *.ap-gateway.mastercard.com *.mastercard.com *.clarity.ms c.bing.com www.google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.ap-gateway.mastercard.com ap-gateway.mastercard.com *.mastercard.com *.clarity.ms www.clarity.ms c.bing.com *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.clarity.ms www.clarity.ms c.bing.com *.cloudflareinsights.com www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.zizel.gr *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardlink.gr *.alphaecommerce.gr *.eurocommerce.gr *.iris.dias.com.gr *.test-iris.dias.com.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://widget-v5.boxnow.gr https://widget-v4.boxnow.gr https://widget-v4-dev.boxnow.gr https://widget-v5-dev.boxnow.gr https://widget-v4-stage.boxnow.gr https://widget-v5-stage.boxnow.gr https://go.linkwi.se 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://flagcdn.com data: www.apptrian.com www.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr *.findbar.io *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr *.static.adman.gr https://go.linkwi.se https://assets.zizel.gr *.findbar.io *.googletagmanager.com *.facebook.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.zizel.gr *.findbar.io *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zizel.gr *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.apptrian.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.zizel.gr artserver.gr *.findbar.io *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.cloudfront.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.commercepartnerhub.com *.ap-gateway.mastercard.com *.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com flagpedia.net *.ap-gateway.mastercard.com *.mastercard.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net checkout.kashier.io *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.fontawesome.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com maps.googleapis.com *.ap-gateway.mastercard.com ap-gateway.mastercard.com *.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.facebook.com *.facebook.net *.gstatic.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src *.cloudfront.net assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';script-src 'nonce-e3d696fb786caf1606dd105d6e530e842149655b' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'report-sample' https:;script-src-attr 'unsafe-inline';report-uri https://www.startpagina.be/ajax/csp_report_uri; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com moroso.us14.list-manage.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.weltpixel.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com *.googleapis.com *.clarity.ms *.bing.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com *.gstatic.com *.googleapis.com use.fontawesome.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net developers.google.com acsbapp.com *.acsbapp.com *.addthis.com *.clarity.ms chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.gstatic.com *.googleapis.com use.fontawesome.com downloads.mailchimp.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com *.gstatic.com *.googleapis.com bam.nr-data.net bam-cell.nr-data.net developers.google.com acsbapp.com *.acsbapp.com *.addthis.com *.clarity.ms form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /_csp/report; report-to report-endpoint; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://api-maps.yandex.ru https://cdn.ampproject.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com widget.cloudpayments.ru; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors * 1
frame-ancestors 'self'; default-src 'nonce-ac6d19b343d1602b1cb97c3bed2ffa75' 'strict-dynamic'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://cdn.walkme.com/users/4351fcec0f5b403f93eb714dc275dffb/ https://*.kampyle.com https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; script-src 'nonce-ac6d19b343d1602b1cb97c3bed2ffa75' 'strict-dynamic'; img-src 'self' blob: data: https:; media-src 'self' blob: https: https://*.xactimate.com https://*.xactcontents.com https://xactcontents.com https://xactware-claimx-us-prod.s3.us-west-1.amazonaws.com https://*.claimxperience.com https://claimxperience.com; connect-src 'self' blob: https://www.google.com/recaptcha/ https://*.kampyle.com https://*.verisk.com https://*.xactware.com/ https://*.xactcontents.com/ https://xactcontents.com/ https://*.xactimate.com/ https://servicenotify.statuspage.io https://*.walkme.com https://*.launchdarkly.com https://maps.googleapis.com https://places.googleapis.com https://*.tokbox.com https://*.opentok.com wss://*.tokbox.com https://*.medallia.com https://xactware-claimx-us-prod.s3.us-west-1.amazonaws.com https://*.claimxperience.com https://claimxperience.com https://contentstrack.com; frame-src 'self' blob: https://*.360-value.com https://nebula-cdn.kampyle.com https://www.google.com/recaptcha/ https://*.verisk.com https://servicenotify.statuspage.io https://www.youtube.com; object-src 'none'; base-uri 'self'; 1
default-src 'self'; connect-src 'self' https://translate.googleapis.com https://koop.piwik.pro; font-src 'self' https://themes.googleusercontent.com https://koop.piwik.pro; img-src 'self' data: https://validator.swagger.io https://fonts.gstatic.com https://www.gstatic.com https://koop.piwik.pro; script-src 'self' https://translate-pa.googleapis.com https://translate.google.com https://koop.piwik.pro 'nonce-8eccb7cae66126a0f78507c5c687efe7e40079823b8055a0008e213a5c3c55b1'; script-src-elem 'self' https://translate-pa.googleapis.com https://translate.google.com https://koop.piwik.pro 'nonce-8eccb7cae66126a0f78507c5c687efe7e40079823b8055a0008e213a5c3c55b1'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://koop.piwik.pro 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.fbcdn.net https://*.google.com https://*.ingenious.ai  https://*.googleapis.com https://*.facebook.net https://siteimproveanalytics.com https://js.createsend1.com https://www.googletagmanager.com https://fburl.com https://theta360.com https://ecommunications.wyndham.vic.gov.au https://www.createsend.com https://soundcloud.com https://wyndham.vudoo.io https://*.eventbrite.com.au https://cdn.jsdelivr.net https://unpkg.com https://*.ingest.sentry.io https://*.buzzsprout.com https://www.gstatic.com https://api.smooch.io https://www.pagespeed-mod.com https://*.google-analytics.com https://*.cloudflare.com https://conoret.com https://*.hotjar.com ; object-src 'self'; style-src 'self' 'unsafe-inline' blob: https://*.fbcdn.net https://*.ingenious.ai https://*.googleapis.com https://www.gstatic.com tagmanager.google.com https://theta360.com https://ecommunications.wyndham.vic.gov.au https://www.createsend.com https://soundcloud.com https://wyndham.vudoo.io https://*.eventbrite.com.au https://cdn.jsdelivr.net https://unpkg.com https://*.ingest.sentry.io https://*.buzzsprout.com https://*.cloudflare.com https://*.opoint.no  https://*.trendmicro.com; img-src 'self' 'unsafe-inline' data: blob: https://*.ingenious.ai https://*.fbcdn.net *.google-analytics.com https://*.twimg.com https://*.gstatic.com https://*.siteimproveanalytics.io https://*.twitter.com https://*.eventbrite.com.au https://cdn.jsdelivr.net https://unpkg.com https://*.ingest.sentry.io https://*.buzzsprout.com https://*.googletagmanager.com https://*.google.com https://*.ytimg.com https://theta360.com https://*.cloudfront.net https://*.googleapis.com https://digital.wyndham.vic.gov.au https://*.smooch.io https://*.facebook.com https://*.g.doubleclick.net https://*.google.com.au; media-src 'self' data: https://web-messenger-v5.ingenious.ai https://*.gstatic.com; frame-src 'self' data: https://youtu.be https://www.youtube.com *.google.com https://*.twitter.com https://js.createsend1.com https://w.soundcloud.com https://wyndham.vudoo.io https://*.eventbrite.com.au https://cdn.jsdelivr.net https://unpkg.com https://*.buzzsprout.com https://wyndham.civicclerk.com.au https://*.facebook.com https://block.localnetwork.zone https://theta360.com https://*.wyndham.vic.gov.au https://*.zscalertwo.net https://*.trendmicro.com https://*.vimeo.com https://*.zscloud.net https://td.doubleclick.net https://au.api.ingenious.ai https://cloud.enrolnow.com.au ; frame-ancestors 'self'; child-src 'self' https://youtu.be https://www.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://web-messenger-v5.ingenious.ai https://at.alicdn.com https://shopping.qantas.com https://cdn.jsdelivr.net https://script.hotjar.com; connect-src 'self' data: https://*.googleapis.com https://web-messenger-v5.ingenious.ai *.smooch.io https://*.google-analytics.com wss://api.smooch.io https://createsend.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.global-cache.online https://*.ytlogs.ru https://meetlookup.com https://zone1-services-cdn.com https://*.cdn77.org https://ecmacore.com https://zone1-services-cdn.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com.au https://fonts.gstatic.com https://connect.facebook.net https://www.google.com.bn https://www.google.com.np https://c.ba.contentsquare.net https://web-messenger-v5.ingenious.ai https://www.googletagmanager.com https://stats.g.doubleclick.net https://widget-config.au.ingenious.ai; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.google.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ *.authorize.net www.google.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://www.magezon.com store.paradoxlabs.com *.cdn.imgeng.in r1mp5vx1.cdn.imgeng.in www.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.com/ *.authorize.net *.cdn.imgeng.in www.gstatic.com connect.facebook.net www.google.com r1mp5vx1.cdn.imgeng.in js.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.adobedtm.com *.cdn.imgeng.in fonts.googleapis.com/ r1mp5vx1.cdn.imgeng.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.authorize.net stats.g.doubleclick.net www.google.com js.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; 1
font-src https://www.google.com *.force.com https://fonts.gstatic.com/ 'self' https://*.123formbuilder.com https://1millioncups--uat.livepreview.salesforce-communities.com blob: https://*.vimeo.com https://beta22.1millioncups.com https://1millioncups--c.visualforce.com https://salesforce.123formbuilder.com https://www.gstatic.com https://www.googletagmanager.com https://storage101.iad3.clouddrive.com https://www.google-analytics.com *.salesforce.com data:; report-to sfdc-csp-ep; report-uri https://1millioncups.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D4W000006kWdP&networkId=0DM4W0000000Z5o&type=communities 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.amazonaws.com maxcdn.bootstrapcdn.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.authorize.net *.global-e.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.googleapis.com *.google.com *.zopim.com *.trustwave.com *.facebook.com *.ywxi.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.authorize.net *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.facebook.net *.cloudflare.com chimpstatic.com *.surveymonkey.com *.kbmaxnext.com *.ctctcdn.com *.adroll.com *.zopim.com *.klaviyo.com sc-static.net *.tiktok.com *.twitter.com brighterimagelab.com *.ads-twitter.com *.doubleclick.net *.googleadservices.com cdn.ywxi.net *.trustwave.com *.cloudflareinsights.com *.trustedsite.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.mailchimp.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.authorize.net *.doubleclick.net brighterimagelab.com *.klaviyo.com *.zopim.com *.googleadservices.com *.tiktok.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-785266267471410b88b5beccd6fe7e5c' https://minsundhedsplatform.dk 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://minsundhedsplatform.dk 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 1merchantacsstag.cardinalcommerce.com payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com webservices.securetrading.net cdn.eu.trustpayments.com brw.3ds.trustpayments.com songbirdstag.cardinalcommerce.com 1merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.sagepay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com webservices.securetrading.net cdn.eu.trustpayments.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.sagepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com o402164.ingest.sentry.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vivapayments.com *.twitter.com *.google.com *.cardlink.gr *.eurocommerce.gr *.iris.dias.com.gr *.test-iris.dias.com.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.boxnow.gr *.boxnow.cy *.youtube.com/ https://scontent-ams4-1.cdninstagram.com *.contactpigeon.com https://www.googletagmanager.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.boxnow.gr *.boxnow.cy https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://scontent-ams4-1.cdninstagram.com *.contactpigeon.com https://firebasestorage.googleapis.com https://www.magezon.com https://cdn-cookieyes.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vivapayments.com *.boxnow.gr *.boxnow.cy *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://buttons-config.sharethis.com/ https://connect.facebook.net https://sharethis.com/ https://scontent-ams4-1.cdninstagram.com *.contactpigeon.com *.avada.io *.shopify.com https://www.googletagmanager.com/ https://*.cookieyes.com https://cdn-cookieyes.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://fonts.bunny.net tagmanager.google.com https://*.cookieyes.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.boxnow.gr *.boxnow.cy *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://scontent-ams4-1.cdninstagram.com *.contactpigeon.com https://get.geojs.io *.avada.io https://www.google-analytics.com https://cdn-cookieyes.com 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://*.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self' https://*.stripe.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' https://player.vimeo.com https://*.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://*.stripe.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://firebasestorage.googleapis.com 'self' https://www.paypal.com https://www.sandbox.paypal.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://*.google.de data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.avada.io *.shopify.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com 'self' https://esd.equipment https://*.google-analytics.com https://*.googletagmanager.com https://*.paypal.com https://*.stripe.com https://*.klarna.com https://cdn.ampproject.org https://*.newrelic.com https://*.nr-data.net https://s.ytimg.com https://*.doubleclick.net  https://static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com places.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.paypal.com https://*.stripe.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.google.com https://*.analytics.google.com https://*.newrelic.com https://*.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com *.elfsight.com *.nr-data.net *.addthis.com *.hsforms.net *.hsforms.com *.youtube.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.addthis.com *.hsforms.net *.hsforms.com *.youtube.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.elfsight.com *.nr-data.net *.addthis.com *.hsforms.net *.hsforms.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cloudflare.com *.addthis.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.cvoptical.com *.ggpht.com *.elfsight.com *.nr-data.net *.hsforms.net *.hsforms.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com http://www.w3.org/2000/svg https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.sharethis.com *.elfsight.com https://static.elfsight.com/ *.addthis.com *.moatads.com *.addthisedge.com *.hsforms.net *.hsforms.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com *.elfsight.com *.nr-data.net *.addthis.com *.hsforms.net *.hsforms.com *.youtube.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.embedsocial.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io https://static.zdassets.com/ https://bam.nr-data.net/ *.sharethis.com *.nr-data.net *.addthis.com *.hsforms.net *.hsforms.com *.youtube.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.googleapis.com www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.elfsight.com *.addthis.com *.hsforms.net *.hsforms.com *.youtube.com *.office.net *.cdninstagram.com *.elfsightcdn.com *.tiktokcdn-us.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.affirm.com *.affirm.ca *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca *.google.com/ https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.adobedc.net *.demdex.net beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.sentry.io *.paypal.com google.com *.google.com qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdn.livechatinc.com https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://fonts.gstatic.com https://click2mail.cloudflareaccess.com/ data: https://staticw2.yotpo.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://v3mdvz78qnm1.statuspage.io/ https://td.doubleclick.net/ https://industry-templates.click2mail.com/ https://templates.click2mail.com/ https://stage-industry-templates.click2mail.com/ https://stage-templates.click2mail.com/ https://dev-industry-templates.click2mail.com/ https://dev-templates.click2mail.com/ https://click2mail.kayako.com/ https://amc.demdex.net/ https://forms.helpdesk.com/ https://click2mail.kb.help/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://secure.livechatinc.com https://s7.addthis.com https://imgs.signifyd.com/ https://h.online-metrix.net/ https://www.paypal.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://player.vimeo.com https://industry-templates.click2mail.com https://click2mail.kayako.com https://imgs.signifyd.com https://h.online-metrix.net https://www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://compliancy-group.com/ https://notify.bugsnag.com/ https://google.com/ https://www.google.com/ https://www.google.co.in/ https://click2mail.kayako.com/ https://assets.kayako.com/ https://templates.click2mail.com https://stage-templates.click2mail.com/ https://dev-templates.click2mail.com/ https://img.youtube.com/ https://zapier-images.imgix.net https://zapier.com https://seal-dc-easternpa.bbb.org https://i0.wp.com https://click2mail.wpcomstaging.com/ https://i0.wp.com/click2mail.wpcomstaging.com/ https://industry-templates.click2mail.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://click2mail.com/ https://click2mail.cloudflareaccess.com/ https://www.click2mail.com/ https://data.pendo.io https://blog.click2mail.com https://dev-blog.click2mail.com/ https://stage-blog.click2mail.com/ https://p.yotpo.com/ https://cdn-yotpo-images-production.yotpo.com/ https://yotpo-editor-production.s3.amazonaws.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://amcglobal.sc.omtrdc.net https://imgs.signifyd.com/ https://cdn.klarna.com/ https://store.paradoxlabs.com/ https://sealserver.trustwave.com/ https://w2txo5aane2loy5fxwduxmtkesjvfskqugiqazyy7eb55235936d6b30am1.e.aa.online-metrix.net/ store.paradoxlabs.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://googleads.g.doubleclick.net/ https://google.com/ https://click2mail.kayakocdn.com/ https://assets.kayako.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://click2mail.kayako.com/ wss://kre.kayako.net/ https://api-public.addthis.com/ https://cdn.calltrk.com/ https://js.calltrk.com/ https://zapier.com/ https://cdn.zapier.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com https://ekr.zendesk.com/ http://cdn.livechatinc.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://maps.googleapis.com/ https://www.google.com https://api.livechatinc.com https://cdn.livechatinc.com https://cdn4.mxpnl.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://imgs.signifyd.com/ https://secure.livechatinc.com https://cdn.pendo.io https://data.pendo.io https://ajax.cloudflare.com/ https://staticw2.yotpo.com https://s7.addthis.com https://z.moatads.com https://static.cloudflareinsights.com/ https://v1.addthisedge.com https://m.addthis.com https://apis.google.com *.cardinalcommerce.com https://sealserver.trustwave.com/ https://click2mail.cloudflareaccess.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net https://api.zapier.com/ https://staticw2.yotpo.com/ https://get.geojs.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.zapier.com/ https://fonts.googleapis.com/ https://click2mail.cloudflareaccess.com/ https://staticw2.yotpo.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ *.fontawesome.com downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://click2mail.kayakocdn.com/ https://google.com/ https://www.google.com https://dev-industry-templates.click2mail.com/ https://assets.kayako.com/ https://js.calltrk.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://click2mail.kayako.com/ wss://kre.kayako.net/ https://api-public.addthis.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://ekr.zendesk.com/ https://zendesk-eu.my.sentry.io/ https://zapier.com/ https://api.zapier.com/ https://dev.click2mail.com/ https://data.pendo.io/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://m.addthis.com/live/ https://jstest.authorize.net https://staticw2.yotpo.com/ https://maps.googleapis.com/ https://api.livechatinc.com https://amcglobal.sc.omtrdc.net https://ekr.zdassets.com/ https://click2mail.zendesk.com/ https://imgs.signifyd.com/ https://www.google-analytics.com/ https://cdn4.mxpnl.com/ https://www.google-analytics.com https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.it https://*.amazon.fr https://*.amazon.es https://*.amazon.de https://mws.amazonservices.com https://mws.amazonservices.co.uk https://mws.amazonservices.co.jp https://mws.amazonservices.it https://mws.amazonservices.fr https://mws.amazonservices.es https://mws.amazonservices.de https://get.geojs.io *.avada.io *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://api.curator.io/restricted/feeds/ https://maps.googleapis.com/ https://www.google.com.au/ads/ga-audiences https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ https://www.google.com/recaptcha/api2/ 'self'; default-src 'self'; font-src https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ 'self'; frame-src https://www.google.com/recaptcha/api2/anchor https://www.youtube.com/embed/ https://experience.arcgis.com/experience/ https://td.doubleclick.net/; img-src https://*.google-analytics.com https://*.googletagmanager.com https://i.ytimg.com/ https://curator-assets.b-cdn.net/ https://*.analytics.google.com https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://*.googleapis.com/kh https://www.google.com.au/ads/ga-audiences https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://www.google.com/ads/ga-audiences https://curatorio.s3.amazonaws.com/ https://stats.g.doubleclick.net/g/collect 'self' data:; script-src https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://www.gstatic.com/ https://*.googletagmanager.com https://www.google.com/recaptcha/api.js 'report-sample' https://cdnjs.cloudflare.com/ajax/libs/loading-attribute-polyfill/ https://cdnjs.cloudflare.com/ajax/libs/hashids/ https://cdnjs.cloudflare.com/ajax/libs/luxon/ https://cdnjs.cloudflare.com/ajax/libs/store.js/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://connect.facebook.net/ https://cdn.curator.io/ https://cdnjs.cloudflare.com/ajax/libs/slick-lightbox/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ 'sha256-3LKc6VuEDqIK10n0BmLThJMvzc2rcj3FF5gupJ43mQo=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' https://maps.googleapis.com/maps/api/js https://www.google-analytics.com/ https://unpkg.com/@googlemaps/ https://maps.googleapis.com/maps-api-v3/api/js/ 'self' 'nonce-54abd3498a92df43'; style-src-attr 'report-sample' 'unsafe-inline'; style-src https://fonts.googleapis.com/ https://cdn.curator.io/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://cdnjs.cloudflare.com/ajax/libs/slick-lightbox/ 'report-sample' 'nonce-curator-feed-f6b6707c-0dda-4f49-bbb5-773bfa288210' 'sha256-7/oUFWj1DNyyVQN6ynX9BhPeXLS/cJpyHuiHduJbGLk=' 'self' 'nonce-54abd3498a92df43'; media-src https://curator-assets.b-cdn.net/ 'self'; base-uri 'self'; object-src 'none'; form-action 'self';report-uri https://nswoss.report-uri.com/r/t/csp/reportOnly;report-to csp-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com h.online-metrix.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.sharethis.mgr.consensu.org *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com platform-api.sharethis.com platform-cdn.sharethis.com l.sharethis.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com cdn.conekta.io conektaapi.s3.amazonaws.com h.online-metrix.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com static.zdassets.com buttons-config.sharethis.com platform-cdn.sharethis.com platform-api.sharethis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.conekta.io ekr.zdassets.com l.sharethis.com *.zendesk.com wss://widget-mediator.zopim.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self' https://fonts.gstatic.com; report-uri https://web-api.attempt.signicat.io/security/csp/report; frame-ancestors 'none'; form-action 'none'; base-uri 'none'; require-trusted-types-for 'script'; connect-src 'self' https://pink-panther.prod-eu.identity.signicat.global wss://pink-panther.prod-eu.identity.signicat.global; style-src 'self' https://fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-fNw4bil3JBKS+MQcMzAmRVRc4aHCgdPeiScEGmny6ec='; img-src 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.payu.co.za *.spitz.co.za 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.payu.co.za *.spitz.co.za 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-68627fd9c9304b531bf5c689fb543392' 'unsafe-inline' 'unsafe-eval' https: ; frame-ancestors 'self' ; base-uri 'self'; object-src 'none'; report-uri https://csp.phenompeople.com/violations; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' minhacasasolar.com.br *.minhacasasolar.com.br wake-components.fbitsstatic.net minhacasasolar.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.minhacasasolar.com.br *.ecommercegateway.com.br *.itau.com *.itau.com.br *.itaushopline.com.br *.itaushopline.com *.clearsale.com.br *.criteo.net *.shoptarget.com.br app.shoptarget.com.br *.onesignal.com *.trustvox.com.br *.ip.sb *.alphassl.com *.ecommercemail.com.br rawgit.com *.jivosite.com *.criteo.com *.googleadservices.com *.masterpass.com *.amazonaws.com *.gstatic.com *.dc.linximpulse.net *.g.doubleclick.net cdnjs.cloudflare.com checkout.minhacasasolar.com.br masterpass.com apis.google.com cdn.onesignal.com rate.trustvox.com.br sslwidget.criteo.com integration-healthy.dc.linximpulse.net *.mundipaggone.com *.linximpulse.net *.fbits.net poscompra.shopconvert.com.br *.shopconvert.com.br static.shopback.net *.ckies.net *.shopback.net cdn.jsdelivr.net ajax.googleapis.com *.retargeter.com.br trustvox.com.br events.chaordicsystems.com *.chaordicsystems.com click.retargeter.com.br onesignal.com wss://chat-ca.jivosite.com ckies.net google.com *.google.com *.facebook.net certificate.trustvox.com.br api-ads.percycle.com wss://node224.jivosite.com *.googlesyndication.com *.google-analytics.com connect.facebook.net recursos.minhacasasolar.com.br recursos.ecommercegateway.com.br k-analytix.com *.k-analytix.com i.konduto.com ssl.google-analytics.com *.facebook.com facebook.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net cdn.bitrix24.com *.bitrix24.com googletagmanager.com *.googletagmanager.com gm.fbits.net suite.linximpulse.net collect.chaordicsystems.com api.shopback.net gum.criteo.com wss://rtc-v2-us1.bitrix24.com google-analytics.com static.trustvox.com.br *.sun21.com.br *.mundipagg.com *.smarthint.co *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.shoppush.com.br *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.bitrix24.site signalrcore.fbits.net wss://signalrcore.fbits.net .crazyegg.com *.crazyegg.com *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com gstatic.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.pagaleve.com.br *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br *.tiktok.com *.byspotify.com *.spotify.com analytics.tiktok.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.minhacasasolar.com.br minhacasasolar.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src www.paypalobjects.com https://www.gricegunshop.com https://maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.gricegunshop.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js-agent.newrelic.com https://www.googleoptimize.com *.avada.io *.shopify.com *.authorize.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.gricegunshop.com https://maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.gricegunshop.com https://bam.nr-data.net https://get.geojs.io *.avada.io *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e9a3e5c9-ee3e-4f4f-9dd4-386287fd71e8.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.multisafepay.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.googlesyndication.com *.tiktok.com *.tbibank.ro tbicp.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.tbibank.ro www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.apptrian.com tbicp.com *.tbibank.ro t.themarketer.com cdn1.themarketer.com https://redchamps.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.apptrian.com tbicp.com *.tbibank.ro t.themarketer.com cdn1.themarketer.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com www.apptrian.com *.tbibank.ro http://dpm.demdex.net https://www.google.com https://www.gstatic.com t.themarketer.com cdn1.themarketer.com c1api.themarketer.com c2api.themarketer.com c3api.themarketer.com c4api.themarketer.com c5api.themarketer.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src td.doubleclick.net/ https://lockerplugin.sameday.ro https://www.googletagmanager.com/ fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; connect-src www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://web.facebook.com/ pagead2.googlesyndication.com/pagead/buyside_topics/set/ region1.analytics.google.com/g/ https://stats.g.doubleclick.net/ dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com https://cdn.sameday.ro *.adobe.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com bimg.abv.bg/GDPR/GDPR.js dmp.adwise.bg chimpstatic.com cdn.onesignal.com/sdks/OneSignalSDK.js static.zdassets.com/ekr/asset_composer.js v2.zopim.com/ cdn.onesignal.com/ onesignal.com/ https://cdn.sameday.ro http://www.facebook.com/tr/ assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; form-action https://3dsgate.borica.bg/cgi-bin/cgi_link geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.hotjar.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com www.googletagmanager.com *.hotjar.com www.google.com secure.pay1.de *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com https://www.mollie.com www.google-analytics.com *.google.com www.facebook.com *.hotjar.com stats.g.doubleclick.net api.omappapi.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com js.mollie.com *.googletagmanager.com connect.facebook.net www.clarity.ms *.clarity.ms static.hotjar.com script.hotjar.com polyfill.io maps.googleapis.com secure.pay1.de cdn.klarna.com a.opmnstr.com diffuser-cdn.app-us1.com www.google.com prism.app-us1.com www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com trackcmp.net plausible.io *.posthog.com *.i.posthog.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu www.google-analytics.com *.googletagmanager.com analytics.google.com www.facebook.com connect.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io api.omappapi.com sentry.smdm.at *.ingest.sentry.io plausible.io *.posthog.com *.i.posthog.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/MORS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/MORS/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/MORS/ blob: https://d132x6oi8ychic.cloudfront.net 'self' https://cdn.higherlogic.com/iconfiletypes/ https://cdn.higherlogic.com/libraryfilethumbnails/ https://www.w3.org/2000/svg; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/MORS/ https://higherlogicdownload.s3.amazonaws.com/MORS/ https://higherlogiclongterm.s3.amazonaws.com/MORS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/MORS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/MORS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/MORS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://higherlogicdownload.s3.amazonaws.com/MORS/2d494ab1-2f51-45e0-b90a-107285801b13/UploadedImages/Scripts/ https://cdn.jsdelivr.net/jquery.slick/1.6.0/; media-src https://higherlogiclongterm.s3.amazonaws.com/MORS/ https://higherlogicdownload.s3.amazonaws.com/MORS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/MORS/ https://higherlogicstream.s3.amazonaws.com/MORS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/MORS/ https://higherlogicdownload.s3.amazonaws.com/MORS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/MORS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://info.mors.org/ https://www.mors.org/ https://online.fliphtml5.com/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
child-src blob:;default-src 'none';img-src 'self'   https://images.ctfassets.net/t0p2cqcl8cn8/   *.googleapis.com   *.gstatic.com   www.facebook.com   ad.doubleclick.net   www.googletagmanager.com   *.contentsquare.net   data:   blob:   ade.googlesyndication.com   adservice.google.com   www.googleadservices.com   https://bat.bing.com   https://googleads.g.doubleclick.net   https://www.google.com   https://www.google.fr   https://sdk.privacy-center.org  https://assets.funecap.org  *.kameleoon.io;font-src 'self' https://fonts.gstatic.com;connect-src 'self'   roc-eclerc.com   *.roc-eclerc.com     https://*.google-analytics.com   *.googleapis.com   *.gstatic.com   *.google.com   google.com   metrics.roc-eclerc.com   *.realytics.io   *.pa-cd.com   *.doubleclick.net   *.contentsquare.net   https://login.microsoftonline.com   https://graph.microsoft.com   https://www.facebook.com   https://pagead2.googlesyndication.com   https://affdjz.go2cloud.org/   https://www.googleadservices.com/   https://tpmtrk.com   https://graph.facebook.com/   https://bat.bing.com   https://sdk.privacy-center.org   https://api.privacy-center.org   *.kameleoon.io;script-src 'self'   'unsafe-inline'   *.googleapis.com   www.googletagmanager.com   *.contentsquare.net   app.contentsquare.com   https://tag.aticdn.net   https://connect.facebook.net   *.realytics.io   *.realytics.net   https://www.googleadservices.com   https://bat.bing.com   *.doubleclick.net   https://www.google.com   https://www.google.fr   https://sdk.privacy-center.org   https://api.privacy-center.org   https://tag.imagino.com   'unsafe-eval'   *.kameleoon.io  ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css;media-src 'self' https://videos.ctfassets.net/t0p2cqcl8cn8/;frame-src 'self'   https://www.youtube.com   https://youtube.com   *.doubleclick.net   https://www.facebook.com   https://tbl.tradedoubler.com/;frame-ancestors roc-eclerc.com *.roc-eclerc.com https://app.contentful.com;report-uri https://9jnmnwzx.uriports.com/reports;report-to csp-endpoint; 1
object-src  'none'; connect-src 'self' *.cuckoldsessions.com *.dfxtra.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.cuckoldsessions.com *.dfxtra.com join.gammasecure.com; script-src 'self' *.cuckoldsessions.com *.dfxtra.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.cuckoldsessions.com *.dfxtra.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-vPxM6g2PRUoxT46zm6XTXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OUYatIHdcbPGM5aY4hYBag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; connect-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com papi.hobex.at ors.custhelp.com ors--tst1.custhelp.com ors.widget.custhelp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com simplitv.docker https://simplitv.docker integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud https://integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud www3.simplitv.at https://www3.simplitv.at www.simplitv.at https://www.simplitv.at *.google.com/ papi.hobex.at js.mollie.com orfdigital.thelounge.net digital.orf.at viveum.test.v-psp.com viveum.v-psp.com insight.adsrvr.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://www.magezon.com papi.hobex.at magefan.com cm.magefan.com https://www.mollie.com www.rnengage.com www.simplitv.at www3.simplitv.at www.google.ro *.clarity.ms *.bing.com *.simplitv.at data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com simplitv.docker https://simplitv.docker integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud https://integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud www3.simplitv.at https://www3.simplitv.at www.simplitv.at https://www.simplitv.at *.google.com/ papi.hobex.at js.mollie.com ors.custhelp.com ors--tst1.custhelp.com www.rnengage.com js-agent.newrelic.com bam.nr-data.net imagesrv.adition.com *.bing.com connect.facebook.net js.adsrvr.org *.adform.net *.doubleclick.net *.clarity.ms ors.widget.custhelp.com www.googleoptimize.com *.simplitv.at https://io.fusedeck.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://fonts.googleapis.com papi.hobex.at ors.custhelp.com *.datatables.net ors--tst1.custhelp.com ors.widget.custhelp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com simplitv.docker https://simplitv.docker integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud https://integration-5ojmyuq-ltroc5ehej66o.eu-3.magentosite.cloud www3.simplitv.at https://www3.simplitv.at www.simplitv.at https://www.simplitv.at papi.hobex.at ors.custhelp.com ors--tst1.custhelp.com ors.widget.custhelp.com ors--tst1.widget.custhelp.com bam.nr-data.net google-analytics.com *.google-analytics.com *.doubleclick.net *.clarity.ms maps.googleapis.com www.google.com *.simplitv.at wss://io.fusedeck.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.googleusercontent.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.wistia.com yotpo-stool.s3.amazonaws.com *.zohocdn.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.b0e8.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klevu.com *.ksearchnet.com magefan.com cm.magefan.com *.mageside.com mageside.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.attentivemobile.com *.attn.tv *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.net *.ggpht.com *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.tg www.google.tl www.google.tn www.google.to www.google.vu www.google.ws google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.kaltura.com *.linksynergy.com *.listrakbi.com *.ometria.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.spode.co.uk *.wistia.com yastatic.net *.yotpoapi.com yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page *.attn.tv events.attentivemobile.com *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.b0e8.com *.bc0a.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.ometria.com https://cdn.cookielaw.org https://www.nambe.com *.bing.com *.clarity.ms d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaltura.com *.klevu.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.rakuten.com *.sentry-cdn.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://statsjs.klevu.com https://js.klevu.com d21m4dsqdd3b9h.cloudfront.net *.googletagmanager.com *.gstatic.com *.listrakbi.com *.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.gstatic.com *.kaltura.com video-s3-bucket.s3.eu-west-2.amazonaws.com *.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.attn.tv events.attentivemobile.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.hub-box.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.ometria.com *.attentivemobile.com *.bc0a.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.com *.googleadservices.com *.googleapis.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.tg www.google.tl www.google.tn www.google.vu www.google.ws *.googlesyndication.com *.hotjar.com *.hotjar.io *.kaltura.com *.listrakbi.com *.livechatinc.com *.onetrust.com *.pinterest.com *.portmeirion.com *.portmeirion.co.uk *.postcodeanywhere.co.uk *.samsung.com *.spode.com *.spode.co.uk *.wistia.com *.yotpoapi.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://32ede476-ded8-4814-88cb-f8ecfa864227.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-GX3HQ8gEVmtbUshBgfagBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'report-sample' 'nonce-j7o2kNS3zrdD1RdXaPJV2w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /us/_/ThinkWithGoogle/cspreport 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.geotrust.com https://www.youtube.com https://vimeo.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.jivosite.com *.pingdom.net *.google.co.in *.google.com *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.youtube.com *.vimeo.com *.paypalobjects.com https://app.cpscentral.com/ maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com https://www.youtube.com https://vimeo.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.jivosite.com *.pingdom.net *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.youtube.com *.vimeo.com *.paypalobjects.com https://app.cpscentral.com/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.twitter.com *.geotrust.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com https://vimeo.com *.jivosite.com *.pingdom.net *.google.co.in *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.vimeo.com *.paypalobjects.com https://app.cpscentral.com/ tokenization.sandbox.accept.blue tokenization.accept.blue api.3dsintegrator.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.g.doubleclick.net *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://vimeo.com *.googletagmanager.com https://www.googletagmanager.com *.jivosite.com *.pingdom.net *.googleapis.com *.google.co.in *.google.com *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.youtube.com *.vimeo.com *.paypalobjects.com https://www.rapidscansecure.com/ *.clarity.ms *.lfeeder.com *.userway.org https://rapidswholesale.com/ https://app.cpscentral.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.geotrust.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.jivosite.com *.pingdom.net *.googleapis.com *.google.co.in *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.youtube.com *.vimeo.com *.paypalobjects.com *.googleadservices.com *.disqus.com https://www.rapidscansecure.com/ https://www.clarity.ms/ https://sc.lfeeder.com/ https://cdn.userway.org/ https://static.cloudflareinsights.com/ https://cpscentral.ngrok.io/ https://app.cpscentral.com/ https://scripts.clarity.ms/ https://munchkin.marketo.net/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com tokenization.sandbox.accept.blue tokenization.accept.blue api.3dsintegrator.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.geotrust.com https://www.youtube.com https://vimeo.com *.googletagmanager.com https://www.googletagmanager.com/ *.g.doubleclick.net *.googleadservices.com *.jivosite.com *.pingdom.net *.google.co.in *.google.com *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.youtube.com *.vimeo.com *.paypalobjects.com https://app.cpscentral.com/ https://cdn.userway.org/ downloads.mailchimp.com tokenization.sandbox.accept.blue tokenization.accept.blue api.3dsintegrator.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://code.jivosite.com/ https://app.cpscentral.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.cloudflare.com *.twitter.com *.twimg.com *.geotrust.com https://www.youtube.com *.youtube.com *.vimeo.com *.paypalobjects.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.jivosite.com *.pingdom.net *.googleapis.com *.google.co.in *.bing.com *.quickspark.com *.chimpstatic.com https://chimpstatic.com *.roirevolution.com *.clarity.ms *.userway.org wss://vi-ya-3.jivosite.com/ https://app.cpscentral.com/ *.mktoresp.com/ form-assets.mailchimp.com *.intuit.com *.amazonaws.com tokenization.sandbox.accept.blue tokenization.accept.blue api.3dsintegrator.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://rapidswholesale.com/; report-to report-endpoint; 1
connect-src 'self' https://b5c203b1-eba3-415d-9d93-7f1c38ab7c2a.rlets.com https://capture-api.reachlocalservices.com https://capturelogger-prod-usa.localiq.com https://clientstream.launchdarkly.com https://connect.facebook.net https://fg8vvsvnieiv3ej16jby.litix.io https://ipinfo.io https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://www.facebook.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.wistia.com; font-src 'self' https://fonts.gstatic.com https://r2cdn.perplexity.ai https://static.shopback.com https://use.typekit.net data:; frame-src 'self' https://authenticate.ibotta.com https://b5c203b1-eba3-415d-9d93-7f1c38ab7c2a.rlets.com https://challenges.cloudflare.com https://fast.wistia.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://zscaler.nml.com https://*.doubleclick.net; img-src 'self' https://api.phia.com https://connect.facebook.net https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://fault.rlets.com https://fonts.gstatic.com https://i0.wp.com https://iad1.qualtrics.com https://joko-mobile-app-media.s3.eu-west-1.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://secure.gaug.es https://siteintercept.qualtrics.com https://translate.google.com https://trkn.us https://um.simpli.fi https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.timevaluecalculators.com blob: data: https://*.doubleclick.net; media-src 'self' https://embed-cloudfront.wistia.com https://fast.wistia.com blob:; script-src 'self' https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://cdn.rlets.com https://challenges.cloudflare.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://i.simpli.fi https://maps.googleapis.com https://secure.gaug.es https://siteintercept.qualtrics.com https://snap.licdn.com https://static.cloudflareinsights.com https://tag.simpli.fi https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.timevaluecalculators.com https://www.youtube.com https://zn4i5fadq3hiyrond-needhambank.siteintercept.qualtrics.com data: https://*.doubleclick.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://cloud.typography.com https://fonts.googleapis.com https://www.gstatic.com https://www.timevaluecalculators.com 'unsafe-inline'; worker-src 'self' blob:; default-src 'self'; report-to csp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/ *.fonts.googleapis.com *.fonts.gstatic.com https://cdn.livechatinc.com *.usablenet.com *.usgoldbureau.com *.yotpo.com data: https://cdn.jsdelivr.net/npm/ *.udev1a.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.portfolio-tracker-live.appspot.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypal.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ *.nr-data.net *.online-metrix.net *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com https://portfolio-tracker-dev.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.yotpo.com *.ytimg.com *.insight.adsrvr.org *.match.adsrvr.org *.criteo.net *.doubleclick.net *.facebook.net https://pym.nprapps.org https://cdn.jsdelivr.net/npm/ *.nr-data.net *.online-metrix.net *.udev1a.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.googleapis.com https://*.gstatic.com *.certcapture.com https://ad.360yield.com https://eb2.3lift.com https://e.dlx.addthis.com https://ib.adnxs.com https://secure.adnxs.com https://aa.agkn.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com https://tags.bluekai.com *.bulliongoldprices.com https://r.casalemedia.com https://ade.clmbtech.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com https://login.dotomi.com https://e1.emxdgt.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/1p-conversion/1037092911/ https://www.google.com/pagead/1p-conversion/961433705/ https://www.google.com/pagead/1p-user-list/1037092911/ https://www.google.com/pagead/1p-user-list/961433705/ *.googleadservices.com *.googletagmanager.com https://*.hsforms.com https://track.hubspot.com https://matching.ivitrack.com https://*.liadm.com *.livechatinc.com https://exchange.mediavine.com https://partner.mediawallahscript.com *.newrelic.com https://visitor.omnitagjs.com https://sync.outbrain.com *.paypalobjects.com https://pippio.com https://jadserve.postrelease.com https://simage2.pubmatic.com https://trends.revcontent.com *.riskified.com https://idsync.rlcdn.com https://pixel.rubiconproject.com *.securetrust.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://tg.socdm.com https://ads.stickyadstv.com https://sync-t1.taboola.com https://pixel.tapad.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com https://ups.analytics.yahoo.com https://sync-criteo.ads.yieldmo.com *.yotpo.com *.ytimg.com https://www.google.de https://ad.tpmn.co.kr https://x.bidswitch.net *.d9hhrg4mnvzow.cloudfront.net *.criteo.net *.demdex.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ https://contextual.media.net *.nr-data.net *.online-metrix.net https://s.ad.smaato.net *.udev1a.net *.insight.adsrvr.org https://insight.adsrvr.org/track/evnt/ *.match.adsrvr.org https://match.adsrvr.org/track/cmb/generic https://match.adsrvr.org/track/cmf/generic https://criteo-sync.teads.tv https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com https://*.gstatic.com *.certcapture.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com https://imgs.cdn-btsg.com *.fiztrade.com *.facebook.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com https://js.hs-banner.com https://js.hs-scripts.com https://solutions.invocacdn.com *.kaptcha.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.riskified.com https://beacon.riskified.com https://c.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://pnapi.invoca.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org portfolio-tracker-frontend-stage.usgb.io portfolio-tracker-frontend.usgb.io spot-server-dev.usgb.io https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypal.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net *.nr-data.net *.udev1a.net portfolio-tracker-frontend-stage.usgb.io portfolio-tracker-frontend.usgb.io https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usablenet.com *.usgoldbureau.com *.youtube.com *.ytimg.com *.udev1a.net 'self' 'unsafe-inline'; manifest-src *.usgoldbureau.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.googleapis.com *.certcapture.com *.portfolio-tracker-live.appspot.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://analytics.google.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.googleadservices.com *.googletagmanager.com *.gstatic.com https://*.hsforms.com https://api.hubapi.com https://forms.hubspot.com *.kaptcha.com *.livechatinc.com *.paypalobjects.com *.riskified.com https://beacon.riskified.com https://c.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://forms.hscollectedforms.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net https://com-usgoldbureau-dev1.mini.snplow.net/d620e/wc0 *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org wss: portfolio-tracker-frontend-stage.usgb.io portfolio-tracker-frontend.usgb.io portfolio-tracker-stage.usgb.io spot-server-dev.usgb.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self'; report-uri https://sentry.brandung-dev.de/api/91/security/?sentry_key=8b18a4321a9f31cba011ca31ab657d42; 1
object-src 'none'; script-src-attr 'self'; frame-ancestors 'self' 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.authorize.net *.brevo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com magefan.com cm.magefan.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.authorize.net *.brevo.com *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com ekr.zdassets.com/ *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://683a17cb-2730-43d7-9160-6b8b43e52cd9.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self' https://*.webflow.com https://webflow.com; connect-src 'self' https://webflow.com https://*.webflow.com https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://webflow-assets.s3.us-east-1.amazonaws.com https://beyondwickedmapping.org https://cloudflare-dns.com https://featureassets.org https://prodregistryv2.org https://api.segment.io https://www.google-analytics.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://050-lkc-745.mktoresp.com https://050-lkc-745.mktoutil.com https://api.claydar.com https://api.intellimize.co https://api.sprig.com https://app.clearbit.com https://app.qualified.com https://bat.bing.com https://bat.bing.net https://boards-api.greenhouse.io https://c.6sc.co https://dhygzobemt712.cloudfront.net https://embed-cloudfront.wistia.com https://grsm.io https://ipv6.6sc.co https://log.intellimize.co https://partnerlinks.io https://pixel-config.reddit.com https://px.ads.linkedin.com https://q.quora.com https://sock.birdie.so https://telemetry.us.transcend.io https://transcend-cdn.com https://www.facebook.com https://www.googleadservices.com wss://ws7.qualified.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.prod.website-files.com https://fonts.googleapis.com https://transcend-cdn.com; img-src 'self' https://*.clarity.ms https://alb.reddit.com https://assets.website-files.com https://b.6sc.co https://bat.bing.com https://bat.bing.net https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://dhygzobemt712.cloudfront.net https://px.ads.linkedin.com https://q.quora.com https://webflow.itsoffbrand.io https://www.facebook.com https://www.googletagmanager.com; report-uri https://webflow.report-uri.com/r/t/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-vAMldbksvzS9DPiXRNLswA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypal.com https://www.sandbox.paypal.com https://*.paypalobjects.com https://widget.trustpilot.com https://*.trustpilot.com http://widget.trustpilot.com https://applepay.cdn-apple.com https://*.cookiebot.com https://eu1-config.doofinder.com https://*.doofinder.com https://cdn.doofinder.com https://assets.klicktipp.com https://*.sentry.io https://www.googletagmanager.com https://www.google-analytics.com https://tracking.paqato.com https://*.paqato.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.doofinder.com; worker-src 'self' blob:; img-src 'self' data: blob: https:; media-src 'self' https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' checkout.seeger24.de https://*.paypal.com https://*.paypalobjects.com https://apple-pay-gateway.apple.com https://*.trustpilot.com https://*.doofinder.com https://*.sentry.io https://sentry.habitatmade.com https://*.cookiebot.com https://*.paqato.com https://tracking.paqato.com https://www.google-analytics.com https://data.seeger24.de; frame-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://*.paypal.com https://applepay.cdn-apple.com https://widget.trustpilot.com https://*.trustpilot.com https://portal.combeenation.com https://*.cookiebot.com https://*.paqato.com https://tracking.paqato.com https://www.googletagmanager.com https://www.google-analytics.com https://data.seeger24.de; form-action 'self' https://www.paypal.com https://www.sandbox.paypal.com; base-uri 'self'; object-src 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://* data: blob: https://challenges.cloudflare.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://* blob: data:; frame-src 'self' *.google.com https://* data: blob: https://challenges.cloudflare.com; connect-src 'self' * https://*.googleapis.com *.google.com https://*.gstatic.com wss://* https://* data: blob:; font-src 'self' https://fonts.gstatic.com https://* data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://* data: blob:; worker-src 'self' https://* data: blob:; report-to browser-intake-datadoghq; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-eKNVKiOOiqLI95tV3D7PBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ICk4v0o_f82juvH9Qb8OqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://clients2.google.com/gr/gr_full_2.0.6.js https://clients2.google.com/gr/gr_sync.js https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.pt_BR.az1XEyYIgvY.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.feedbackcompany.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedbackcompany.com 'self' data: magefan.com cm.magefan.com https://firebasestorage.googleapis.com * *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.fontawesome.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedbackcompany.com *.avada.io *.shopify.com * *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com https://cdn.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://maxcdn.bootstrapcdn.com *.googleapis.com https://fonts.bunny.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://sst.wagnershop.eu https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.mida.so www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedbackcompany.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src *.ceneo.pl https://webep1.com https://webetech.pl *.tiktok.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com 'self' data: *.ekomi.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.easypack24.net *.google.pl *.google.com *.inpost.pl *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com *.ekomi.com *.ceneo.pl *.dpd.com.pl *.cookiebot.com/ *.inpost.pl *.googletagmanager.com *.doubleclick.net *.facebook.com *.tiktok.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com static.payu.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.ekomi.com *.amazonaws.com *.imgur.com *.ekomiapps.de *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.twitter.com *.facebook.com *.magentocommerce.com *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.sysadvisors.pl *.google.pl *.google.com *.cookiebot.com *.inpost.pl *.doubleclick.net blob: *.ceneo.pl *.hotjar.com https://almamed.pl data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com apis.google.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com *.googletagmanager.com tagmanager.google.com *.ekomi.com *.ekomiapps.de *.hotjar.com *.sysadvisors.pl *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.facebook.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.google.pl *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.ekomiapss.de *.easypack24.net *.allekurier.pl *.cookiebot.com *.inpost.pl *.doubleclick.net *.googleadservices.com ssl.ceneo.pl *.pagead.google.com *.pagead.google.pl *.googlesyndication.com *.adservice.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.ekomi.com *.ekomiapps.de *.sysadvisors.pl *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.easypack24.net *.google.pl *.google.com *.inpost.pl *.googletagmanager.com *.doubleclick.net *.cookiebot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ekomi.com *.ekomiapps.de *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.sysadvisors.pl *.salesmanago.pl *.googleadservices.com *.google.pl *.googlesyndication.com *.cookiebot.com *.saleago.com *.hotjar.com *.doubleclick.net *.inpost.pl wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.ekomi.com *.tile.osm.org *.openstreetmap.org *.paypal.com *.google.pl *.google.com *.inpost.pl *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1
img-src 'self' data: https://www.googletagmanager.com  https://imgsct.cookiebot.com  https://www.facebook.com  https://www.google.es  https://www.google-analytics.com  https://t.co  https://analytics.twitter.com  https://www.google.co.nz  https://www.google.co.ve  https://adservice.google.com  https://region1.google-analytics.com  https://www.google.co.uk  https://www.google.com.pe  https://i.liadm.com  https://www.google.no  https://i.ytimg.com  https://www.google.com.ph  https://www.google.com.ar  https://www.google.com.co  https://www.google.fr  https://www.google.com.bo  https://www.google.com.cu  https://www.google.hn  https://www.fcarreras.org  https://www.google.com.mx  https://www.google.com.eg  https://www.google.pl  https://www.google.ch  https://www.google.cl  https://www.google.com.sv  https://www.google.co.kr  https://www.google.com.ec  https://www.google.de  https://sync.intentiq.com  https://www.google.com.pa  https://www.google.com.do  https://www.google.pt  https://www.google.com.au  https://www.google.com.ni  https://trc.taboola.com  https://www.google.com.tr  https://analytics.google.com  https://stats.g.doubleclick.net  https://translate.google.com  blob:  https://www.google.com.pr  https://googleads.g.doubleclick.net  https://www.google.co.za  https://www.google.co.id  https://www.google.com.py  https://fcarreras.org  https://www.google.at  https://fonts.gstatic.com  https://www.google.nl  https://www.google.ad  https://www.google.co.cr  https://www.google.com.uy  https://www.google.ca  https://www.google.com.hk  https://www.google.co.ma  https://www.google.com.gt  https://www.google.com.my  https://www.google.ru  https://ad.doubleclick.net  https://www.google.al  https://www.google.com.br  https://www.google.ie  https://www.google.it  https://analytics.pangle-ads.com  https://analytics.tiktok.com  https://www.google.co.in  https://www.google.lu  https://www.google.dk  https://www.google.co.zm  https://www.google.co.ao  https://www.google.com.ua  https://live.primis.tech  https://www.google.gr  https://www.google.ro  https://www.google.com.fj  https://www.google.com.kh  https://www.google.com.lb  https://www.google.lv  https://www.google.com.ng  https://www.google.ge  https://www.google.co.il  https://www.google.se  android-webview  https://www.google.com.et  https://www.google.cz  https://www.google.com.kw  https://www.google.sn  https://www.google.co.th  https://www.google.com.gh  https://www.google.hu  https://www.google.ae  https://www.google.co.jp  https://www.google.mk  https://www.google.be  https://region1.analytics.google.com  https://www.google.com.sg  https://www.google.ml  https://www.google.com.pk  https://www.google.co.zw  https://www.google.co.ug  https://www.google.lk  https://www.google.co.ke  https://www.google.by  https://www.google.tl  https://www.google.rs  https://www.google.com.vc  https://www.google.tn  https://www.google.cm  https://www.google.com.qa  https://www.google.cv  https://www.google.co.tz  https://www.googleadservices.com  https://www.google.com.na  https://connect.facebook.net  https://www.google.ee  https://www.google.com.vn  https://tr.outbrain.com  https://cdn.honey.io  https://www.google.com.sa  https://www.google.bg  https://www.google.jo  https://www.google.ci  https://www.google.iq  https://www.google.com.ly  https://s01.europapress.net  https://www.google.ga  https://mc.yandex.ru  https://sync1.intentiq.com  https://www.google.az  https://www.google.com.gi  https://tpcs.payu.in  https://www.google.is  https://www.google.co.uz  https://www.google.cn  https://www.google.com.bd  https://www.google.cf  https://www.google.so  https://www.google.mu  https://www.google.dz  https://www.google.com.np  https://www.google.ps  https://www.google.com.sl  https://pos.baidu.com  https://www.google.com.jm  https://www.google.com.cy  https://www.rtve.es  https://www.google.com.bz  https://www.google.com.bh  https://www.google.bs  https://www.google.bj  https://www.google.kz  https://www.google.li  https://www.google.co.mz  https://www.google.sk  https://www.google.sc  https://adminmenueditor.com  https://www.gstatic.com  https://www.google.com.tw  https://www.google.bf  https://updates.themepunch-ext-c.tools  https://cdn.leanlibrary.app  https://www.google.mv  https://www.google.si  https://www.google.cd  https://www.google.rw  https://www.google.tt  https://www.google.com.mt  https://www.google.md  https://www.reprintsdesk.com  https://www.researchsolutions.com  https://s3.amazonaws.com  https://www.google.gg  https://www.google.gm  https://www.google.me  https://test.fcarreras.org  https://blocks.jupiterx.com  https://www.google.hr  https://keepupnews.org  https://www.google.ba  https://www.google.je  https://storage.googleapis.com  https://www.descubrir.com  https://library.elementor.com  https://ce.lijit.com  https://u.openx.net  https://ad.360yield.com  https://surfe.be  https://px.ads.linkedin.com  https://c.clarity.ms  https://tr.line.me  https://tr.charleskeith.co.th  https://i6.liadm.com  https://pixel.quantserve.com  https://stamp.wma.comb.es  https://www.google.lt  https://www.google.mn  https://www.google.com.ag  https://static.gamezop.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://consentcdn.cookiebot.com  https://llamamegratis.es  https://www.google-analytics.com  https://analytics.tiktok.com  https://cdn.taboola.com  https://static.addtoany.com  https://wave.outbrain.com  https://trc.taboola.com  https://tr.outbrain.com  https://connect.facebook.net  https://googleads.g.doubleclick.net  https://static.ads-twitter.com  https://static.hotjar.com  https://amplify.outbrain.com  https://script.hotjar.com  https://www.youtube.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdn.jsdelivr.net  https://cdnjs.cloudflare.com  https://apis.google.com  https://www.googleadservices.com  https://me.kis.v2.scr.kaspersky-labs.com  https://data1.vulapo.com  https://data1.thetto.com  https://data1.griloup.com  https://negbar.ad-blocker.org  https://data1.hatolep.com  https://www.pagespeed-mod.com  https://ssl.google-analytics.com  https://savingsslider-a.akamaihd.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google.com  https://data1.muarrf.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://data1.app-fast.com  http://amplify.outbrain.com  https://conoret.com  https://mstat.acestream.net  https://data1.gestona.com  https://fcarreras.org  https://ytskip.b-cdn.net  https://ams.wpml.org  https://data1.phistouquet.com  https://cdn.reskyt.com  https://data1.limclir.com  https://editor-static-bucket.elementor.com  https://accounts.google.com  https://translate.google.com  https://translate.googleapis.com  https://lazyload.org  https://player.vimeo.com  https://s3.amazonaws.com  https://s.pinimg.com  https://ct.pinterest.com  https://data1.blicot.com  data:  https://data1.imc-peso.com  blob:  https://infimv.com  https://pagead2.googlesyndication.com  https://sc-static.net  https://farmatodo.api.useinsider.com  https://js.appboycdn.com  https://dynamic.criteo.com  https://apps.bazaarvoice.com  https://snap.licdn.com  https://tr.charleskeith.co.th  https://www.clarity.ms  https://d.line-scdn.net  https://charleskeithth.api.useinsider.com  https://atag.adgile.media  https://websdk.appsflyer.com  https://static.zdassets.com  https://pixel.mathtag.com  https://s.zzcdn.me  https://secure.quantserve.com  https://tags.creativecdn.com  https://static.usizy.es  https://p2s.boyner.com.tr  https://vsh.visilabs.net  https://rules.quantcount.com  https://belcorpbrand.api.useinsider.com  https://cdn.treasuredata.com  https://tag.goadopt.io  https://cdn.logr-ingest.com  https://app.varify.io  https://survey.survicate.com  https://assets-cdn.woowup.com  https://cdn.embluemail.com  https://surveys-static.survicate.com  https://ipmeta.io  https://bat.bing.com  https://init.blackcrow.ai  https://www.artfut.com  https://s.yimg.com  https://static.criteo.net  https://analytics.webgains.io  https://infirc.com  https://secure-cdn.mplxtms.com  https://cdn.cookielaw.org  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com  https://www.googletagmanager.com  https://consentcdn.cookiebot.com  https://llamamegratis.es  https://www.google-analytics.com  https://analytics.tiktok.com  https://cdn.taboola.com  https://static.addtoany.com  https://wave.outbrain.com  https://trc.taboola.com  https://tr.outbrain.com  https://connect.facebook.net  https://googleads.g.doubleclick.net  https://static.ads-twitter.com  https://static.hotjar.com  https://amplify.outbrain.com  https://script.hotjar.com  https://www.youtube.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdn.jsdelivr.net  https://cdnjs.cloudflare.com  https://apis.google.com  https://www.googleadservices.com  https://me.kis.v2.scr.kaspersky-labs.com  https://data1.vulapo.com  https://data1.thetto.com  https://data1.griloup.com  https://negbar.ad-blocker.org  https://data1.hatolep.com  https://www.pagespeed-mod.com  https://ssl.google-analytics.com  https://savingsslider-a.akamaihd.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google.com  https://data1.muarrf.com  https://gc.kes.v2.scr.kaspersky-labs.com  https://data1.app-fast.com  http://amplify.outbrain.com  https://conoret.com  https://mstat.acestream.net  https://data1.gestona.com  https://fcarreras.org  https://ytskip.b-cdn.net  https://ams.wpml.org  https://data1.phistouquet.com  https://cdn.reskyt.com  https://data1.limclir.com  https://editor-static-bucket.elementor.com  https://accounts.google.com  https://translate.google.com  https://translate.googleapis.com  https://lazyload.org  https://player.vimeo.com  https://s3.amazonaws.com  https://s.pinimg.com  https://ct.pinterest.com  https://data1.blicot.com  data:  https://data1.imc-peso.com  blob:  https://infimv.com  https://pagead2.googlesyndication.com  https://sc-static.net  https://farmatodo.api.useinsider.com  https://js.appboycdn.com  https://dynamic.criteo.com  https://apps.bazaarvoice.com  https://snap.licdn.com  https://tr.charleskeith.co.th  https://www.clarity.ms  https://d.line-scdn.net  https://charleskeithth.api.useinsider.com  https://atag.adgile.media  https://websdk.appsflyer.com  https://static.zdassets.com  https://pixel.mathtag.com  https://s.zzcdn.me  https://secure.quantserve.com  https://tags.creativecdn.com  https://static.usizy.es  https://p2s.boyner.com.tr  https://vsh.visilabs.net  https://rules.quantcount.com  https://belcorpbrand.api.useinsider.com  https://cdn.treasuredata.com  https://tag.goadopt.io  https://cdn.logr-ingest.com  https://app.varify.io  https://survey.survicate.com  https://assets-cdn.woowup.com  https://cdn.embluemail.com  https://surveys-static.survicate.com  https://ipmeta.io  https://bat.bing.com  https://init.blackcrow.ai  https://www.artfut.com  https://s.yimg.com  https://static.criteo.net  https://analytics.webgains.io  https://infirc.com  https://secure-cdn.mplxtms.com  https://cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  https://llamamegratis.es  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://fcarreras.org  https://www.gstatic.com  https://cdn.honey.io  https://ams.wpml.org  https://www.googletagmanager.com  https://cdn.jsdelivr.net  https://surveys-static.survicate.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  https://llamamegratis.es  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  http://fonts.googleapis.com  https://fcarreras.org  https://www.gstatic.com  https://ams.wpml.org  https://www.googletagmanager.com  https://cdn.jsdelivr.net  https://surveys-static.survicate.com ; font-src 'self' https://fonts.gstatic.com  https://use.fontawesome.com  https://cdnjs.cloudflare.com  https://cdn.goin.cloud  https://cdn-uicons.flaticon.com  https://cdn.blerp.com  https://cdn.scite.ai  moz-extension  https://static.zohocdn.com  chrome-extension  https://fcarreras.org  https://www.slant.co  https://app.escribelo.ai  https://aceify.ai  http://themes.googleusercontent.com  https://cdn.megabonus.com  data:; frame-src 'self' https://consentcdn.cookiebot.com  https://td.doubleclick.net  https://static.addtoany.com  https://tsdtocl.com  https://cdn.taboola.com  https://www.youtube.com  https://cdn.knightlab.com  https://maps.google.com  https://www.google.com  https://www.googletagmanager.com  https://e.issuu.com  https://cdncache-a.akamaihd.net  http://notify.bluecoat.com  https://assistance.quantumadblocker.com  https://block.opendns.com  https://www.ciuvo.com  https://global.acs.prismaaccess.com  https://llamamegratis.es  https://santjosepobrer.imtlazarus.com  https://www.facebook.com  https://mozbar.moz.com  https://myaccount.google.com  https://www.carrerasresearch.org  https://gateway.zscloud.net  https://translate.googleapis.com  https://r.zozezop.com  https://emet.news  https://emet.live  https://acestream.tv  https://ct.pinterest.com  https://aldapeta.imtlazarus.com  https://feedback-pa.clients6.google.com  https://sanignacio.imtlazarus.com  mailto  https://gateway.zscalertwo.net  https://td.doubleclick.net.fvhs2nchnr2gm4lzgzfte4tfnbudamtj.redirect.b1tdc.infoblox.com  https://sase.merck.com  gsa://onpageload  https://charleskeithth.api.useinsider.com  https://gum.criteo.com  https://farmatodo.api.useinsider.com  http://192.168.128.141  http://www.youtube.com.x.987f63ec0f4dc04bf40a5500eff7ec16bc93.ccc2ef7d.id.opendns.com  blob:; connect-src 'self' https://analytics.tiktok.com  https://pips.taboola.com  https://region1.analytics.google.com  https://consentcdn.cookiebot.com  https://www.google.com  https://stats.g.doubleclick.net  https://www.facebook.com  https://region1.google-analytics.com  https://cds.taboola.com  https://tr.outbrain.com  https://www.google-analytics.com  https://analytics.pangle-ads.com  https://trc-events.taboola.com  https://analytics.google.com  https://vc.hotjar.io  https://adservice.google.com  https://googleads.g.doubleclick.net  https://api.mkmediaworks.com  https://skincareadvertsking.com  https://assistance.quantumadblocker.com  https://metrics.hotjar.io  properties  https://yoast.com  https://translate.googleapis.com  https://api.intentiq.com  https://api.verdevisionresearch.com  https://stats.addtoany.com  https://pagead2.googlesyndication.com  https://overbridgenet.com  http://uc.gre  http://pluginx.uc.local  https://psb.taboola.com  https://savingsslider-a.akamaihd.net  https://ajax.googleapis.com  https://api.solarspireconsulting.com  https://api.ultimateaderaser.com  https://stickyid-a.akamaihd.net  https://api.blocksly.org  https://api.amcreativemedia.com  https://www.googleadservices.com  https://api.ciuvo.com  https://metrics-dra.dt.dbankcloud.cn  https://api.redirects-4.com  https://translate-pa.googleapis.com  data:  https://api.global-data-lab.com  https://ams.wpml.org  https://api.freevideoguard.org  https://rktstats.reskyt.com  https://api.fbanalytics.org  https://infragrid.v.network  https://metrics-dre.dt.dbankcloud.cn  https://api.adblocking247.com  https://api.solaranalyticscorp.com  https://api.range-offer.com  https://ct.pinterest.com  https://www.googletagmanager.com  https://use.fontawesome.com  https://amplify.outbrain.com  https://analytics.twitter.com  https://t.co  https://api.aituria.com  https://fonts.googleapis.com  https://llamamegratis.es  http://ad.doubleclick.net  https://static.addtoany.com  https://get663.com  http://148.153.18.0  https://px.ads.linkedin.com  https://atag.adgile.media  https://ekr.zdassets.com  https://charleskeithth.zendesk.com  https://q.clarity.ms  https://zendesk-eu.my.sentry.io  https://x.clarity.ms  https://p.clarity.ms  https://wa.onelink.me  https://sdk.iad-06.braze.com  https://wa.appsflyer.com  https://v.clarity.ms  https://t.clarity.ms  https://api.finemob.com  https://myip.duoduodev.com  https://api.vid-adblocker.com  https://ams.creativecdn.com  https://usizy.com  https://u.clarity.ms  https://b.clarity.ms  https://api.bigdatacloud.net  https://cdp.in.treasuredata.com  https://disclaimer-api.goadopt.io  https://api.socialsolutionapp.com  https://lb.eu-1-id5-sync.com  https://fonts.gstatic.com  https://aiqua-sdk.c.appier.net  https://analyticsgroupcom.bnpparibas.com  https://id5-sync.com  https://rp.liadm.com  https://tr.snapchat.com  https://s.clarity.ms;  worker-src 'self' blob:  data:;  media-src 'self' data:  https://updates.themepunch-ext-c.tools;  object-src 'self' https://static.issuu.com  https://www.tv3.cat  http://www.irtve.es;  report-uri https://fcarreras.org/en/wp-json/rsssl/v1/csp?rsssl_apitoken=844942300; 1
font-src *.googleapis.com *.gstatic.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.weltpixel.com *.livechatinc.com https://secure.livechatinc.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com magefan.com cm.magefan.com * activity-websites.data-crypt.com www.google.co.uk https://www.carlislebrass.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com s7.addthis.com * www.google.co.uk stats.g.doubleclick.net https://www.googletagmanager.com https://static.hotjar.com *.force24.co.uk https://cdnjs.cloudflare.com maps.gstatic.com fonts.gstatic.com maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com ekr.zdassets.com/ stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src www.paypalobjects.com *.gstatic.com 'self' data: https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com js.mollie.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://images.unsplash.com imgsct.cookiebot.com magefan.com cm.magefan.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: https://www.myhairshop.nl https://www.google.com https://www.google.com.ua https://www.google.nl https://www.google.pl https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://maps.googleapis.com consent.cookiebot.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://dashboard.webwinkelkeur.nl/sidebar.js https://d5yoctgpv4cpx.cloudfront.net https://cdn1.profitmetrics.io https://pagead2.googlesyndication.com https://static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.googleadservices.com https://analytics.google.com *.analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google.com https://google.com https://www.google.com.ua https://www.google.nl https://www.google.pl https://my.profitmetrics.io https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://p2iqhncxyh.execute-api.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://media.laspepas.com.ar https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com www.facebook.com *.trackedlink.net *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com http://www.afip.gob.ar https://notifications-icommkt.website https://media.laspepas.com.ar *.postimg.cc *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com https://www.googletagmanager.com/ *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com https://maps.google.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net *.cloudfront.net/ *.jsdelivr.net/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://media.laspepas.com.ar https://fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io https://maps.googleapis.com/ https://track-icommkt.com/ https://notifications-icommkt.com https://www.mailing.laspepas.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bglobale.com *.global-e.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.bglobale.com *.global-e.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.bglobale.com *.global-e.com maps.gstatic.com www.xtento.com cdn.xtento.com *.sharethis.com *.doubleclick.net www.kong.it *.googleapis.com www.google.ae www.google.as www.google.at www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.vi www.google.co.za www.google.co.zw www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.mx www.google.com.my www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dj www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.li www.google.lt www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk *.castellarisrl.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.bglobale.com *.global-e.com maps.googleapis.com www.xtento.com cdn.xtento.com *.sharethis.com *.hotjar.com *.googleapis.com kenect.com resource.kenect.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com downloads.mailchimp.com *.bglobale.com *.global-e.com https://fonts.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sharethis.com *.doubleclick.net *.crwdcntrl.net stbuttons.click *.ltmsphrcl.net *.googleapis.com www.google.as www.google.at www.google.be www.google.by www.google.ca www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.com.ar www.google.com.au www.google.com.br www.google.com.hk www.google.com.mx www.google.com.my www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dj www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.it www.google.li www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.sc www.google.se www.google.si www.google.sk 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://98827900-8df7-48df-8bab-e0358eaca440.sansec.watch/; report-to report-endpoint; 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src *; media-src *; object-src 'none'; report-uri https://usrmcpxnrfnyeqqrkhqo.supabase.co/functions/v1/csp-report 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.facebook.com https://www.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com/ *.facebook.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com s7.addthis.com *.avada.io *.google.com/ *.facebook.net *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com www.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://translate.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src-attr *.tesup.com; script-src-elem *.tesup.com; font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://firebasestorage.googleapis.com https://www.mollie.com *.designer-images.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com js.mollie.com *.stat-track.com polyfill.io *.moosend.com *.zendesk.com *.zdassets.com *.tesup.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net fonts.googleapis.com *.moosend.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com ipinfo.io *.zendesk.com wss://widget-mediator.zopim.com *.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src cdnjs.cloudflare.com *.cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.kxcdn.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com *.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.livechatinc.com *.livechat-static.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com *.cdnjs.cloudflare.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.livechatinc.com unsafe-inline assets.braintreegateway.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.livechatinc.com *.livechat-static.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.instagram.com *.livechatinc.com *.text.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazonaws.com *.cloudfront.net *.global.prod.fastly.net 'self' 'unsafe-inline'; child-src *.livechatinc.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'unsafe-inline' https://pagead2.googlesyndication.com https://adservice.google.com https://www.googletagmanager.com *.google-analytics.com https://fundingchoicesmessages.google.com https://widget.spreaker.com *.doubleclick.net https://sync.search.spotxchange.com/; style-src 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://i.ytimg.com https://www.google-analytics.com https://www.spreaker.com/ https://www.facebook.com/ *.adtrafficquality.google *.doubleclick.net https://sync.search.spotxchange.com/; frame-src 'self' https://www.google.com https://www.youtube.com https://www.spreaker.com/ https://www.facebook.com/ https://*.googlesyndication.com https://tpc.googlesyndication.com https://fundingchoicesmessages.google.com https://widget.spreaker.com https://*.adtrafficquality.google https://googleads.g.doubleclick.net https://sync.search.spotxchange.com/ https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://www.shinystat.com/ https://www.facebook.com/ https://www.postpickr.com/ https://*.googlesyndication.com https://adservice.google.com https://fundingchoicesmessages.google.com https://*.adtrafficquality.google https://*.doubleclick.net https://googleads.g.doubleclick.net https://sync.search.spotxchange.com/ https://www.google.com https://www.googleadservices.com; frame-ancestors 'self' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src http: https: data:; font-src https: data:; 1
worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://secure.asxgw.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.fbcdn.net blob: ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com maps.gstatic.com *.ggpht https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://asxgw.com https://asxgw.paymentsandbox.cloud https://secure.asxgw.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com https://cdnjs.cloudflare.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.google.com *.kxcdn.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://asxgw.com https://asxgw.paymentsandbox.cloud https://www.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn2.hubspot.net resources.paytrail.com *.google.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.paytrail.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.adobe.com *.googleapis.com data: *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com *.adobedtm.com hcaptcha.com *.hcaptcha.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com *.google.com https://www.google.co.in *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com https://script.crazyegg.com https://bat.bing.com https://www.facebook.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com http://www.googleadservices.com http://www.google-analytics.com *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://static.hotjar.com https://script.crazyegg.com http://script.crazyegg.com/ hcaptcha.com *.hcaptcha.com js.hcaptcha.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.google.com *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com https://script.crazyegg.com hcaptcha.com *.hcaptcha.com https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com https://script.crazyegg.com https://static.zdassets.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com wss://widget-mediator.zopim.com https://metrics.hotjar.io/ *.klaviyo.com https://embedsocial.com *.zdassets.com *.bing.com *.cloudfront.net *.orthomed.ca *.hotjar.com *.crazyegg.com *.zendesk.com *.zopim.com https://script.crazyegg.com wss://ws.hotjar.com https://content.hotjar.io *.adobe.com hcaptcha.com *.hcaptcha.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/chrome-cloudcast 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.sandbox.my.site.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.pricespider.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.my.salesforce-sites.com https://sbmlifescience.my.site.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.salesforce.com *.force.com *.sandbox.my.site.com *.pricespider.com *.my.salesforce-sites.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.facebook.com *.facebook.net *.salesforce-scrt.com *.bazaarvoice.com *.pricespider.com *.my.salesforce-sites.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'nonce-44d84647eaa876694d61d0e374738ce9' 'self'; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data https://images.ctfassets.net; script-src 'self' 'self' 'unsafe-inline' https://browser.sentry-cdn.com/ https://europcar.adding-sst.dev/ https://sdk.privacy-center.org/ https://*.europcar.com https://*.goldcar.com; connect-src 'self' sentry.io *.sentry.io https://*.europcar.com https://*.goldcar.com; report-uri https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943; report-to https://f7b20c2f87f95d7d60d819766c53e983@o274321.ingest.us.sentry.io/1887943 1
font-src *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.vivapayments.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com www.googletagmanager.com www.google.com www.google.com/recaptcha vimeo.com www.youtube-nocookie.com leafstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com *.google.com widget-v5.boxnow.gr td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.paypal.com c.paypal.com checkout.paypal.com www.sandbox.paypal.com vimeo.com player.vimeo.com www.youtube.com gallery.mailchimp.com downloads.mailchimp.com form-assets.mailchimp.com chimpstatic.com *.list-manage.com ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com *.disqus.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.facebook.com bat.bing.net *.vivapayments.com www.clarity.ms https://ss.butlers.gr https://osm.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net business.facebook.com connect.facebook.net graph.facebook.com sandbox.braintree-api.com *.weltpixel.com www.google.gr www.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com adservice.google.com adservice.google.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com player.vimeo.com www.youtube.com maps.googleapis.com *.paypal.com c.paypal.com checkout.paypal.com leafstag.cardinalcommerce.com centinelapi.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.behance.net *.ftcdn.net *.gstatic.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com js.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stat-track.com *.avada.io *.vivapayments.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com pay.google.com analytics.braintreegateway.com sandbox.braintree-api.com bat.bing.com www.clarity.ms *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com region1.google-analytics.com *.googlesyndication.com pagead2.googlesyndication.com adservice.google.com adservice.google.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com cm.everesttech.net maps.googleapis.com www.googleapis.com *.paypal.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stat-track.com *.avada.io google.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cardinalcommerce.com *.google.com analytics.braintreegateway.com sandbox.braintree-api.com bat.bing.com www.clarity.ms *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com region1.google-analytics.com *.googlesyndication.com pagead2.googlesyndication.com adservice.google.com adservice.google.gr stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.klarnacdn.net *.tawk.to *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.klarna.com tawk.to *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ www.facebook.com *.tawk.to 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.bing.com *.bing.net *.klarna.com *.klarnaevt.com *.klarnacdn.net px.ads.linkedin.com bat.bing.com *.tawk.to magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com https://www.magezon.com tawk.link cdn.jsdelivr.net s3.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js-eu1.hs-scripts.com bat.bing.com snap.licdn.com static.cloudflareinsights.com rum-static.pingdom.net px.ads.linkedin.com *.tawk.to *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com *.google.com/ cdn.ampproject.org www.gstatic.com connect.facebook.net cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.klarnacdn.net *.tawk.to *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com www.gstatic.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.bing.com *.bing.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com px.ads.linkedin.com *.tawk.to embed.tawk.to *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io cdn.ampproject.org www.googleapis.com wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://plumrocket.com app.chatterspot.com *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net nrastore.com *.cloudfront.net *.certcapture.com www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com nrastore.com *.cloudfront.net cdn.nextopia.net *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.typekit.net *.cloudfront.net cdn.nextopia.net *.certcapture.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudfront.net persona.nextopia.net *.certcapture.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.gstatic.com kavat.com *.gstatic.com *.googleapis.com data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.klarna.com *.kustom.co https://www.tradera.com www.google.com www.googletagmanager.com *.trustpilot.com *.hotjar.com https://*.google.com/recaptcha/ checkout-uat.collector.se checkout.uat.walleydev.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klarna.com *.klarnaevt.com *.kustom.co editor-upload-cdn.optimonk.com kavat.com www.facebook.com www.googletagmanager.com *.googleadservices.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.se *.paypal.com *.paypalobjects.com *.ytimg.com https://www.facebook.com https://mcusercontent.com https://js.klevu.com https://*.mgr.consensu.org https://cdn.consentmanager.net https://d1pna5l3xsntoj.cloudfront.net https://cx.atdmt.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.klarna.com *.kustom.co apis.google.com cdn-asset.optimonk.com cdn.fibbl.com chimpstatic.com connect.facebook.net consent.cookiefirst.com core.helloretail.com d1pna5l3xsntoj.cloudfront.net gs-cdn.optimonk.com kavat.com onsite.optimonk.com pagead2.googlesyndication.com script.hotjar.com static.hotjar.com static.zdassets.com https://www.tradera.com widget-mediator.zopim.com www.googletagmanager.com *.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com *.google.com *.gstatic.com https://connect.facebook.net/ *.trustpilot.com https://chimpstatic.com *.klarnacdn.net *.adyen.com https://js.klevu.com https://d1pna5l3xsntoj.cloudfront.net https://downloads.mailchimp.com *.list-manage.com *.hotjar.com *.hotjar.io *.gtm.adt313.net https://checkoutshopper-test.adyen.com https://*.mgr.consensu.org https://*.cloudflareinsights.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ checkout-uat.collector.se checkout.uat.walleydev.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com cdn-asset.optimonk.com consent.cookiefirst.com d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com kavat.com *.fonts.googleapis.com *.googleapis.com *.gstatic.com https://downloads.mailchimp.com https://js.klevu.com https://*.mgr.consensu.org https://d1pna5l3xsntoj.cloudfront.net tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.klarnaevt.com *.kustom.co api.fibbl.com cdn-account.optimonk.com cdn-limit.optimonk.com cdn-renderer.optimonk.com consent.cookiefirst.com core.helloretail.com edge.cookiefirst.com ekr.zdassets.com *.amazonaws.com front.optimonk.com jfapiprod.optimonk.com kavat.com kavat.zendesk.com pagead2.googlesyndication.com region1.google-analytics.com wss://*.zopim.com wss://widget-mediator.zopim.com www.google-analytics.com *.paypal.com *.cardinalcommerce.com *.stripe.com *.klarna.com *.klarnacdn.net *.google-analytics.com *.addwish.com *.doubleclick.net *.facebook.com *.hotjar.com https://*.mgr.consensu.org https://core.helloretail.com api.checkout.uat.walleydev.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src core.helloretail.com kavat.com pagead2.googlesyndication.com arclight.vimeo.com lensflare.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.disqus.com *.addthisedge.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.disqus.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-DaaiMzbNjNczJdYqwr84unJn4DHVX_NgRcioVp1fVAe18_4i71tl1A' data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://*.google.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; connect-src 'self' data: https://*.openstreetmap.org https://www.piwik.bayern.de/; font-src 'self' data:; object-src 'none'; script-src-elem 'self' 'nonce-DaaiMzbNjNczJdYqwr84unJn4DHVX_NgRcioVp1fVAe18_4i71tl1A' 'strict-dynamic' 'report-sample'; style-src-elem 'self' 'nonce-DaaiMzbNjNczJdYqwr84unJn4DHVX_NgRcioVp1fVAe18_4i71tl1A' https://www.google.com/ 'report-sample'; worker-src 'self' 'nonce-DaaiMzbNjNczJdYqwr84unJn4DHVX_NgRcioVp1fVAe18_4i71tl1A' data: https://*.openstreetmap.org blob: 'report-sample'; report-uri https://www.hdbg.de/@http-reporting?csp=report&requestTime=1773711055827528&requestHash=fd8170cab2d6158247feece15199ab3527d7285c 1
default-src 'none';script-src 'unsafe-eval' 'unsafe-inline' analytics.twitter.com www.googleadservices.com c.la2-c1-ph2.salesforceliveagent.com d.la3-c1-ph2.salesforceliveagent.com bat.bing.com c.paypal.com teechip.com d18p8z0ptb8qab.cloudfront.net fast.appcues.com cdn.freshmarketer.com edge.fullstory.com fullstory.com api.scalablelicensing.com cdn.32pt.com dbcpu9gznkryx.cloudfront.net js.stripe.com www.google.com www.paypal.com www.paypalobjects.com www.gstatic.com www.google-analytics.com static.ads-twitter.com s.pinimg.com googleads.g.doubleclick.net www.googletagmanager.com connect.facebook.net;style-src 'unsafe-inline' cdn.32pt.com teechip.com fast.appcues.com translate.googleapis.com inkp-production.32pt.com fonts.googleapis.com p.typekit.net use.typekit.net;font-src inkp-production.32pt.com cdn.32pt.com data: fonts.gstatic.com teechip.com use.typekit.net;img-src * data: blob:;frame-src checkout.stripe.com fbrpc: www.facebook.com www.google.com bid.g.doubleclick.net assets.braintreegateway.com js.stripe.com www.googletagmanager.com www.paypalobjects.com;object-src 'none';connect-src dbcpu9gznkryx.cloudfront.net translate.googleapis.com checkout.stripe.com bat.bing.com api.appcues.net fast.appcues.com www.google.com graph.facebook.com z-m-graph.facebook.com launcher.teechip.com rs.fullstory.com client-analytics.braintreegateway.com www.facebook.com app.getsentry.com api.braintreegateway.com stats.g.doubleclick.net teechip.com wss://api.appcues.net www.paypal.com api.scalablelicensing.com scalable-licensing.s3.amazonaws.com www.google-analytics.com ct.pinterest.com src.freshmarketer.com sentry.io t.getletterpress.com m.stripe.com scalablepress.com; report-uri /__csp-reports; 1
object-src 'none';base-uri 'self';script-src 'nonce-sVj-Hy4C79natXgShHxwjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; script-src 'none' 'report-sample'; connect-src 'none'; form-action 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.threatview.app/report; 1
script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.discoverearly.com d.la3-c1-ia2.salesforceliveagent.com invitejs.trustpilot.com js.stripe.com service.force.com widget.trustpilot.com www.google.com www.gstatic.com www.avivasysbio.com www.genwaybio.com static.avivasysbio.com admin.avivasysbio.com 'unsafe-eval' static.avivasysbio.com static.hotjar.com www.googletagmanager.com snippets.freshchat.com wchat.freshchat.com www.google-analytics.com script.hotjar.com js-agent.newrelic.com; report-uri /.webscale/csp-report 1
font-src *.googleapis.com *.gstatic.com data: eadn-wc04-5065958.nxedge.io *.klevu.com *.ksearchnet.com *.zopim.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com use.typekit.net https://fonts.bunny.net https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://player.vimeo.com https://www.youtube-nocookie.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ secure.trust-guard.com *.ads.linkedin.com *.adsymptotic.com *.google.com *.google.ca v2assets.zopim.io v2.zopim.com eadn-wc04-5065958.nxedge.io https://firebasestorage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zopim.com static.zdassets.com eadn-wc04-5065958.nxedge.io resource.kenect.com connect.facebook.net static.cloudflareinsights.com *.avada.io https://player.vimeo.com https://www.youtube.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com eadn-wc04-5065958.nxedge.io https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com wss://widget-mediator.zopim.com stats.g.doubleclick.net eadn-wc04-5065958.nxedge.io https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://browser.sentry-cdn.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com https://js.klevu.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.siteblindado.com *.cloudflare.com *.avis-verifies.com *.octadesk.services *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.magentocommerce.com *.cloudflare.com *.fbcdn.net magefan.com cm.magefan.com https://www.magezon.com cdn.mundipagg.com api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.clarity.ms *.bing.com *.goadopt.io *.google.com *.google.com.br *.viallure.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.twitter.com *.fontawesome.com *.googletagmanager.com *.siteblindado.com *.octadesk.services *.gstatic.com *.itaushopline.com *.instagram.com *.cloudfront.net *.searchanise.com *.kxcdn.com *.aspnetcdn.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql 3ds2.pagar.me 3ds2-sdx.pagar.me js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.clarity.ms *.bing.com *.goadopt.io *.google-analytics.com *.viallure.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.kxcdn.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.google.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com sts.itau.com.br api.itau.com.br sts.itau.com.br/api/oauth/token secure.api.itau/pix_recebimentos/v2 secure.api.itau/pix_recebimentos_conciliacoes/v2 *.siteblindado.com *.cloudflare.com *.avis-verifies.com *.itaushopline.com *.instagram.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com analytics.google.com *.facebook.net *.clarity.ms *.goadopt.io *.googletagmanager.com *.viallure.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.lever.co https://backend.tendermint.com https://www.google-analytics.com; font-src 'self' data: fonts.gstatic.com https://raw.githubusercontent.com; frame-src 'self'; img-src 'self' data: about: blob: https://www.gstatic.com/images/ https://cdn-images-1.medium.com https://d33wubrfki0l68.cloudfront.net https://www.google-analytics.com; manifest-src 'self'; media-src 'self' data:; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; report-uri https://bce8f9ed809bb395c2d2805d76f7e87a.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-tJHA9Nieno4jHc-3TK4NFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://celebrosnlp.com/autocompletev6/Clients/KsiInt/output/CelScriptsAC.js https://connect.facebook.net/ https://data.brandible.de/ https://googleads.g.doubleclick.net/ https://integrations.etrusted.com/ https://rns.matelso.de/ https://secure.pay1.de/client-api/js/ajax.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/ https://script.hotjar.com/ https://widgets.trustedshops.com/ https://www.google.com/recaptcha/ https://static-eu.payments-amazon.com/ https://secure.pay1.de/client-api/ https://www.gstatic.com/ https://cl.avis-verifies.com/ https://d388us03v35p3m.cloudfront.net/js/conversions_min.js https://stats.cleverreach.com/ https://snap.licdn.com/li.lms-analytics/ https://script.brandible.de/; style-src 'self' 'unsafe-inline' https://celebrosnlp.com https://integrations.etrusted.com/ https://widgets.trustedshops.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https:; font-src 'self' https://www.brandible.at/ https://celebrosnlp.com/AutoCompleteV6/Templates/Default/fonts/ https://widgets.trustedshops.com/reviews/tsSticker/fonts/; frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.youtube-nocookie.com https://secure.pay1.de/ https://data.brandible.de/; img-src data: *; manifest-src 'self'; media-src *; worker-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.googleapis.de *.zopim.com *.zopim.io *.unpkg.com unpkg.com *.trustedshops.com trustedshops.com *.cdnfonts.com 'self' data: *.ratepay.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.trustedshops.com *.unpkg.com *.ratepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.sandbox.paypal.com *.twitter.com *.trustedshops.com trustedshops.com *.unpkg.com unpkg.com *.doubleclick.net www.googletagmanager.com *.jsctool.com *.ratepay.com https://www.roomvo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.de *.google.co.in *.mastercard.com *.trustedshops.com trustedshops.com *.unpkg.com *.etrusted.com magento-dev.habisreutinger.de magento-test.habisreutinger.de habisreutinger.de *.hsforms.net *.hsforms.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.googleapis.com *.ratepay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://www.roomvo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.roomvo.com roomvo.com *.trustedshops.com *.unpkg.com *.doubleclick.net magento-dev.habisreutinger.de magento-test.habisreutinger.de habisreutinger.de *.clarity.ms *.hsforms.net *.hsforms.com *.googleapis.com *.pay1.de *.ratepay.com *.jsctool.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://cdn.roomvo.com/static/scripts/b2b/habisreutingerde.js https://cdn.amplitude.com/libs/amplitude-4.4.0-min.gz.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.unpkg.com https://unpkg.com/ *.googletagmanager.com *.etrusted.com *.cdnfonts.com magento-dev.habisreutinger.de magento-test.habisreutinger.de habisreutinger.de *.usercentrics.eu *.ratepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io *.trustedshops.com trustedshops.com *.unpkg.com unpkg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com www.google.com www.google.de *.google-analytics.com www.google-analytics.de *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net *.doubleclick.net *.trustedshops.com trustedshops.com *.unpkg.com *.roomvo.com roomvo.com *.googlesyndication.com api.saws.de magento-dev.habisreutinger.de magento-test.habisreutinger.de habisreutinger.de *.clarity.ms t.elasticsuite.io *.hsforms.net *.hsforms.com *.ratepay.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'none'; script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=UQVqNWimu3G.UOjrLzzCneBjxPGonpK_J2mdVCjni7Q-1773711806.5144658-1.0.1.1-e2PVyAIXQUa3AI11rUCLMdqyv_OoEWg5m1GB8lsVH19w8uB5cP7L993z3kqUPxczSWjDelzyf_ohtvjvqO0ga.6vQ1LXEK91UhYM514r7HqvXbv.bM5kGEWsjqZ8BpAqxHthHBTWzHoH6_fC.EcCfn_vQ_8RkEvXe2UnqOfiw37lE3N7kL0OsyyhfJWRCE1hNVVKg3WIZKrdgH8lxxfHLg; report-to cf-unvyaknmfoqzvviy 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.clickhelp.com *.gravatar.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com mc.yandex.ru cdnjs.cloudflare.com cdn.jsdelivr.net integration.graphcomment.com *.youtube.com *.vimeo.com canny.io *.canny.io *.calendly.com d3h3meckw07nf.cloudfront.net *.scalar.com; frame-ancestors 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.searchanise.com *.searchserverapi.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com www.thehandlestudio.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com www.thehandlestudio.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com www.thehandlestudio.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.xtento.com www.thehandlestudio.co.uk 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com *.facebook.com www.xtento.com cdn.xtento.com www.thehandlestudio.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.sagepay.com *.opayo.eu.elavon.com *.googletagmanager.com *.facebook.net www.xtento.com cdn.xtento.com www.thehandlestudio.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com www.thehandlestudio.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.thehandlestudio.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.amplitude.com stats.g.doubleclick.net www.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.thehandlestudio.co.uk 'self' 'unsafe-inline'; child-src www.thehandlestudio.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.thehandlestudio.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Yhx3yhPiId9p9-CHmNFL3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tA00_QavlUQHhyCGI0Jpag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com 'self' data: cdnjs.cloudflare.com *.gstatic.com fonts.bunny.net data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' data: consentcdn.cookiebot.com *.facebook.com *.livechatinc.com *.koalendar.com/ 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com 'self' data: imgsct.cookiebot.com/ *.google.nl *.google.com *.bing.com data: 'self' 'unsafe-inline'; style-src fonts.googleapis.com *.multisafepay.com 'self' data: fonts.bunny.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' data: *.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://tagging.buffalo.nl www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com 'self' data: *.widget.trengo.eu it.buffalo.nl *.doubleclick.net *.visualstudio.com *.amazonaws.com *.google.nl *.google.com *.bing.com *.googlesyndication.com https: 'self' 'unsafe-inline'; script-src https://tagging.buffalo.nl www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com 'self' data: *.widget.trengo.eu *.cookiebot.com *.googlesyndication.com *.windows.net *.msecnd.net *.bing.com *.livechatinc.com cdn.livechatinc.com api.livechatinc.com https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
default-src                                                 'self'                                                 'unsafe-inline'                                                 https://www.google-analytics.com                                                 https://www.googletagmanager.com                                                 https://connect.facebook.net;                                             img-src                                                 'self'                                                 data:                                                 https://tr.line.me                                                 https://files-m01.lightning-search.io                                                 https://www.googletagmanager.com                                                 https://ajax.googleapis.com                                                 https://syndication.twitter.com                                                 https://www.google.com;                                             font-src                                                 'self'                                                 data:                                                 https://maxcdn.bootstrapcdn.com                                                 https://at.alicdn.com                                                 https://cdn.yiban.io;                                             connect-src                                                 'self'                                                 https://apm.yahoo.co.jp                                                 https://bs.nakanohito.jp                                                 https://chatecb-stg-appquestionchoice.azurewebsites.net                                                 https://chatecb-stg-http-trigger.azurewebsites.net                                                 https://chatecbstgstrgoutside.blob.core.windows.net                                                 https://www.google.com                                                 https://app.tag-plus.com                                                 https://*.cloudfront.net                                                 https://*.lambda-url.ap-northeast-1.on.aws                                                 https://fanbi-store.jp                                                 https://www.google-analytics.com                                                 https://region1.google-analytics.com                                                 https://www.googleadservices.com                                                 https://www.googletagmanager.com                                                 https://dm.slim02.jp;                                             frame-src                                                 https://www.google.com                                                 https://platform.twitter.com                                                 https://www.facebook.com                                                 https://www.youtube.com;                                             script-src                                                 'unsafe-inline'                                                 'unsafe-eval';                                             script-src-elem                                                 'unsafe-inline'                                                 https://ajax.googleapis.com                                                 https://chatecbstgstrgoutside.blob.core.windows.net                                                 https://cs.nakanohito.jp                                                 https://d.line-scdn.net                                                 https://files-m01.lightning-search.io                                                 https://s.yimg.jp                                                 https://stg.static.mul-pay.jp                                                 https://www.google.com                                                 https://www.gstatic.com                                                 https://www.google-analytics.com                                                 https://www.googletagmanager.com                                                 https://fanbi-store.jp                                                 https://p01.mul-pay.jp                                                 https://static.mul-pay.jp                                                 https://tag-plus-bucket-for-distribution.s3.ap-northeast-1.amazonaws.com                                                 https://connect.facebook.net                                                 https://platform.twitter.com;                                             style-src-elem                                                 'self'                                                 'unsafe-inline'                                                 https://ajax.googleapis.com                                                 https://cdn.jsdelivr.net                                                 https://chatecbstgstrgoutside.blob.core.windows.net                                                 https://files-m01.lightning-search.io                                                 https://maxcdn.bootstrapcdn.com                                                 https://stg.fanbi-store.jp                                                 https://app.tag-plus.com                                                 https://adblockers.opera-mini.net;                                             report-to                                                 csp-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com https://applepay.cdn-apple.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com www.promessedefleurs.es data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com p.monetico-services.com www.promessedefleurs.es 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.es 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com api-qa.payplug.com secure-qa.payplug.com www.promessedefleurs.es 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat cl.avis-verifies.com bat.bing.com s.pinimg.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com https://cdn.payplug.com https://cdn-qa.payplug.com https://unpkg.com/pwacompat *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.promessedefleurs.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com www.promessedefleurs.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org *.arcgis.com *.doubleclick.net www.promessedefleurs.es 'self' 'unsafe-inline'; child-src www.promessedefleurs.es http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com www.promessedefleurs.es 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.analytics.google.com stats.g.doubleclick.net www.google.co.uk *.facebook.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.onetrust.com *.klarna.com *.klarnacdn.net *.klarnaservices.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.onetrust.com *.klarnaevt.com *.analytics.google.com stats.g.doubleclick.net *.klarnacdn.net *.klarna.com *.klarnaservices.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src cms-cdn.onjax.com gstatic.com connect.facebook.net www.google.com translate.google.com www.googletagmanager.com www.googleadservices.com bat.bing.com *.googleapis.com captivated-api.herokuapp.com testimonialtree.com 'self' 'nonce-FBds7kz4JgYo7Pg1JOItFD4LC6o9Li7J'; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com *.cloudflare.com maxcdn.bootstrapcdn.com fonts.bunny.net cdn.jsdelivr.net 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors sst.mooihorloge.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://maps.google.com/ *.addthis.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://img.youtube.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com *.adyen.com *.google-analytics.com googletagmanager.com *.google.com *.laroyale.nl www.google.nl www.facebook.com widgets.trustedshops.com e1.emxdgt.com *.doubleclick.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-criteo.ads.yieldmo.com contextual.media.net pixel.rubiconproject.com sync-t1.taboola.com eb2.3lift.com beacon.krxd.net *.criteo.com *.analytics.yahoo.com criteo-partners.tremorhub.com match.sharethrough.com trends.revcontent.com ad.yieldlab.net criteo-sync.teads.tv cm.adform.net *.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com s.thebrighttag.com simage2.pubmatic.com sync.outbrain.com *.trengo.eu *.giphy.com *.amazonaws.com hb.yahoo.net cdn.laroyale.nl c1.adform.net sst.mooihorloge.nl sst.mooihorloge.be sst.montresboutique.fr sst.uhr247.de *.taggrs.io *.1rx.io *.agkn.com sync.targeting.unrulymedia.com *.etrusted.com assets.myparcel.nl *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io widgets.trustedshops.com dynamic.criteo.com sslwidget.criteo.com connect.facebook.net *.adyen.com *.trengo.eu *.google-analytics.com *.googleadservices.com googletagmanager.com *.googletagmanager.com sst.mooihorloge.nl sst.mooihorloge.be sst.montresboutique.fr sst.uhr247.de sc-static.net cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com assets.braintreegateway.com downloads.mailchimp.com https://cdn.jsdelivr.net *.fontawesome.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.adyen.com *.paypal.com *.trengo.eu *.etrusted.com *.google.com googletagmanager.com cdnjs.cloudflare.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com/ wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net measurement-api.criteo.com *.trengo.eu *.amazonaws.com ws-eu.pusher.com sslwidget.criteo.com *.googlesyndication.com sst.mooihorloge.nl sst.mooihorloge.be sst.montresboutique.fr sst.uhr247.de api.myparcel.nl t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /csp-violation-report;default-src 'self';base-uri 'self';script-src 'self' 'unsafe-eval' https://assets.ymshub.com https://www.datadoghq-browser-agent.com https://cdn.jsdelivr.net https://cdn.datatables.net https://kit.fontawesome.com https://cdnjs.cloudflare.com https://canvasjs.com https://cdn.canvasjs.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: 'nonce-B27uH82KdIR3T86l8499gVDlEalwxKB8MwnmGWAD';style-src 'self' 'unsafe-inline' https://assets.ymshub.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.datatables.net https://ka-p.fontawesome.com https://fonts.bunny.net;font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.fontawesome.com https://fonts.bunny.net data:;img-src 'self' https://assets.ymshub.com https://yms-client-storage-production.s3.us-east-2.amazonaws.com https://yms-client-storage-production.s3.us-west-2.amazonaws.com https://yms-client-storage-production.s3.amazonaws.com https://yms-client-storage-production-us-east-2.s3.us-east-2.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com blob: data: https://ymshub-assets.s3.amazonaws.com;connect-src 'self' wss://ws.ymshub.com:443 https://cdn.jsdelivr.net https://browser-intake-datadoghq.com https://ka-p.fontawesome.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com data: blob:;frame-src 'self' https://www.googletagmanager.com *.google.com;form-action 'self';object-src 'none';media-src 'self';manifest-src 'self';worker-src 'self' blob: 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://devdocs.magento.com https://magento.com *.google.com *.google.ca *.google-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.facebook.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com placide.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com *.yotpo.com placide.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com placide.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.affirm.com *.affirm.ca https://devdocs.magento.com https://magento.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.googletagmanager.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.facebook.net insight.adsrvr.org *.yotpo.com placide.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://devdocs.magento.com https://magento.com *.google.ca *.bootstrapcdn.com *.postescanada-canadapost.ca *.flix360.com https://firebasestorage.googleapis.com *.yotpo.com placide.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.affirm.com *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://devdocs.magento.com https://magento.com *.google.ca *.bootstrapcdn.com *.postescanada-canadapost.ca *.googleadservices.com *.adobedtm.com js.adsrvr.org cdn-cookieyes.com *.flixfacts.com *.flix360.io *.flixcar.com *.milwaukeetool.com *.contentsquare.net *.avada.io *.shopify.com *.yotpo.com placide.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com https://devdocs.magento.com https://magento.com *.google.com *.google.ca *.google-analytics.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.facebook.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com placide.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com placide.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.affirm.com *.affirm.ca form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://devdocs.magento.com https://magento.com *.gstatic.com *.google.ca *.googletagmanager.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.flixcar.com *.contentsquare.net https://get.geojs.io *.avada.io *.yotpo.com placide.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com placide.com http: https: blob: 'self' 'unsafe-inline'; default-src placide.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com https://elements.sandbox.fortis.tech https://elements.fortis.tech *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.certcapture.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.com *.listrakbi.com *.sharethis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.listrakbi.com *.sharethis.com https://www.google.com https://maps.googleapis.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com https://fonts.googleapis.com https://cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.certcapture.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com *.sharethis.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e642b22f-d607-4621-92e1-03494fa44c2a.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-oIhc82JHb5J7mSh-nX-BoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' data: *.tawk.to fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ https://cash-f.squarecdn.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.yotpo.com swellrewards.com *.swellrewards.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.tawk.to *.yotpo.com swellrewards.com *.swellrewards.com https://*.online-metrix.net https://imgs.signifyd.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.tawk.to cdn.jsdelivr.net *.yotpo.com swellrewards.com *.swellrewards.com https://imgs.signifyd.com https://*.online-metrix.net https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://franklin-assets.s3.amazonaws.com/ https://static.sandbox.afterpay.com/ https://static.afterpay.com/ https://static.sandbox.afterpay.com/logo/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com utt.impactcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.yotpo.com swellrewards.com *.swellrewards.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com thm.visa.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.tawk.to wss://*.tawk.to *.yotpo.com swellrewards.com *.swellrewards.com https://imgs.signifyd.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://api.lab.amplitude.com/sdk/vardata https://sandbox.plaid.com/ https://production.plaid.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; font-src data: https:; frame-ancestors 'none'; form-action 'self'; script-src 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; style-src https: 'unsafe-inline'; connect-src https:; media-src https:; frame-src https:; worker-src blob:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://internationalepolitik.de https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net https://fonts.gstatic.com; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org https://audio.podigee-cdn.net https://sign.dgap.dev https://www.helpmundo.de https://www.helpdirect.org https://tube.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' https://www.google.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://sign.dgap.dev; report-uri https://internationalepolitik.de/en/system/reporting/default; report-to default 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.attr-2p.com www.google.co.in 'self' data: blob: 'unsafe-inline' data: *.facebook.com quickchart.io img.youtube.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.cloudflareinsights.com attr-2p.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com s7.addthis.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.addthis.com *.graph.instagram.com *.google-analytics.com ekr.zdassets.com/ *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GcznTII4uN9Jj0HZzIuFpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-XRK9YE9oIx3gtZCPLRqVTA==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://connect.facebook.net/ connect.facebook.net graph.facebook.com business.facebook.com apis.google.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ;          base-uri 'self' ;          object-src 'none' ;          script-src 'self' 'unsafe-eval' 'nonce-imSh3jujF5koJtLAmwfaTQ==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.cdn.pagesense.io *.cdn-in.pagesense.io *.youtube.com *.seatsio.net;          connect-src 'self' *.googleapis.com *.google-analytics.com *.nimbuspop.com ws: data: ;          font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data:  ;          style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com;          frame-src 'self' * ;          img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: blob: *.nimbuspop.com *.zohopublic.com 1
object-src 'none';base-uri 'self';script-src 'nonce-D1B9JD0QyABQOxrCR4SB2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://static.lyra.com/static/ *.fontawesome.com 'self' data: *.cloudfront.net *.wistia.com *.hotjar.com *.hotjar.io *.join.com snippet.maze.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ http://info.soprema.fr info.soprema.fr *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com app.sarooma.de *.sopremauvalue.com connectify.pixee.be 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ *.bynder.com my.assets-library.com app.ideta.io checkout.sandbox.dev.clover.com checkout.clover.com copilotstudio.microsoft.com sopremap.wpenginepowered.com app.sarooma.de sopremauvalue.com *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.soprema.pt *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com s7.addthis.com *.hotjar.com *.hotjar.io fast.wistia.com fast.wistia.net fortress.maptive.com widget.getcody.ai ausschreiben.de *.calameo.com uvalue.nettt.nl websiteintegration.source.thenbs.com bimobject.com *.bimobject.com productsite.bimobject.com youtube.googleapis.com outlook.office365.com soprema.factorialhr.pt tel: *.soprema-cms.awstudio.website 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com maps.googleapis.com *.googleapis.com magefan.com cm.magefan.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ *.disqus.com https://img.youtube.com 'self' data: *.bynder.com my.assets-library.com *.cloudfront.net *.cloudinary.com checkout.sandbox.dev.clover.com checkout.clover.com *.soprema.fr *.soprema-eu.test *.soprema-na.test *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com *.google.com *.google.fr *.google.ca *.googletagmanager.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.pardot.com *.linkedin.com *.facebook.com bat.bing.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.clarity.ms pagead2.googlesyndication.com *.teads.tv tags.srv.stackadapt.com *.join.com snippet.maze.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com developers.google.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.disqus.com d8ejoa1fys2rk.cloudfront.net ucv.bynder.com checkout.sandbox.dev.clover.com checkout.clover.com www.ingenuityinsightful-52.com info.soprema.fr *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com bam.nr-data.net js-agent.newrelic.com z.moatads.com v1.addthisedge.com m.addthis.com *.hotjar.com *.hotjar.io *.googletagmanager.com cdn.leadinfo.net cdn.jsdelivr.net *.pardot.com connect.facebook.net snap.licdn.com bat.bing.com *.wistia.com *.wistia.net src.litix.io secure.leadforensics.com *.clarity.ms *.teads.tv *.bugherd.com join.com *.join.com tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com/ *.soprema-cms.awstudio.website snippet.maze.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.lyra.com/static/ *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudfront.net cdn-images.mailchimp.com *.hotjar.com *.hotjar.io *.typekit.net fast.wistia.com *.googletagmanager.com tags.srv.stackadapt.com *.join.com snippet.maze.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net blob: my.assets-library.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ t.elasticsuite.io *.cloudfront.net *.bynder.com my.assets-library.com scl-sandbox.dev.clover.com scl.clover.com *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at *.soprema.se *.soprema.dk *.soprema.no *.soprema.ie *.soprema.es *.georgboerner.de *.soprasolar.com *.nesta.fr *.soprema.ca *.soprema.ae *.soprema.com.mx *.soprema.us *.convoy-supply.com *.furbishco.com lotus.soprema.fr bat.bing.com app.sarooma.de *.sopremauvalue.com bam-cell.nr-data.net m.addthis.com bam.nr-data.net *.googletagmanager.com pagead2.googlesyndication.com *.leadinfo.net api.leadinfo.com *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.pardot.com *.linkedin.com *.facebook.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.clarity.ms *.teads.tv tags.srv.stackadapt.com join.com *.join.com *.soprema-cms.awstudio.website api.maze.co prompts.maze.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.zopim.com *.hotjar.com *.hotjar.io data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.hotjar.com *.issuu.com *.vimeo.com *.demdex.net *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.facebook.com *.zopim.io *.zopim.com *.doubleclick.net https://landofcoder.com *.googletagmanager.com *.googleusercontent.com *.google.com *.ggpht.com *.never8.com *.unitam.com eadn-wc04-10468518.nxedge.io ce2f80375c.nxcli.io *.postimg.cc *.openpay.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeocdn.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com * player.vimeo.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.hotjar.com *.zopim.com *.bootstrapcdn.com *.zdassets.com *.issuu.com *.googleapis.com *.googletagmanager.com vimeo.com *.magento.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.google.com *.magento.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com wss://*.zopim.com wss://*.hotjar.com *.zdassets.com *.hotjar.com *.hotjar.io *.demdex.net *.zopim.com *.omtrdc.net *.google-analytics.com *.doubleclick.net *.magento.com *.googleapis.com *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com landofcoder.com *.facebook.net *.redditstatic.com *.reddit.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-bYUNMwzZD68DPblEbtylnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-NGMyMzJiYzAtYWM4Yy00NTc2LTllZGUtNmNmZTMxNDE4NzU2' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klarnacdn.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src *.gerrygrossman.com *.wellness-institute.org *.taylorstudymethod.com *.academicreview.com *.aatbs.com 'self' blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.paypal.com *.paypalobjects.com applepay.cdn-apple.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com p.typekit.net 'self' *.wellness-institute.org *.wellnessinstitute.org *.fonts.googleapis.com *.use.typekit.net *.gerrygrossman.com *.fonts.gstatic.com *.static.klaviyo.com *.googleadservices.com *.google-analytics.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.linkedin.com *.googletagmanager.com *.facebook.net *.facebook.com *.livechatinc.com *.livechat.com *.vimeocdn.com *.vimeo.com *.youtube.com i.ytimg.com *.disqus.com *.avada.io *.adobe.com *.adobedtm.com *.google.com *.elfsight.com *.googleapis.com *.stripe.network *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net *.ftcdn.net validator.swagger.io validator.behance.net *.youtube-nocookie.com *.demdex.net *.omtrdc.net *.cardinalcommerce.com *.visualwebsiteoptimizer.com d3ec9nrakwwpz5.cloudfront.net *.taylorstudymethod.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com lootly.io *.sandbox.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.paypalobjects.com *.gerrygrossman.com *.googleadservices.com *.google-analytics.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.convertful.com *.linkedin.com *.googletagmanager.com *.facebook.net *.facebook.com *.livechatinc.com *.livechat.com *.vimeocdn.com *.vimeo.com i.ytimg.com *.disqus.com *.avada.io *.fontawesome.com *.gstatic.com *.adobedtm.com *.elfsight.com *.googleapis.com *.stripe.network *.stripecdn.com *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net *.ftcdn.net validator.swagger.io validator.behance.net *.demdex.net *.omtrdc.net *.cardinalcommerce.com *.visualwebsiteoptimizer.com d3ec9nrakwwpz5.cloudfront.net *.taylorstudymethod.com *.wellness-institute.org 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.sandbox.paypal.com https://redchamps.com www.academicreview.com static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com firebasestorage.googleapis.com redchamps.com www.google-analytics.com *.elfsightcdn.com assets.gerrygrossman.com trackcmp.net klaviyo.com *.stripe.com *.gerrygrossman.com *.googleadservices.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.bing.com *.linkedin.com *.googletagmanager.com *.facebook.net *.facebook.com *.livechat.com *.vimeo.com *.avada.io *.fontawesome.com *.adobedtm.com *.google.com *.elfsight.com *.googleapis.com *.stripe.network *.stripecdn.com *.link.com *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net validator.behance.net *.klarna.com *.klarnacdn.net *.klarnaevt.com *.youtube-nocookie.com *.demdex.net *.omtrdc.net *.cardinalcommerce.com *.visualwebsiteoptimizer.com *.google.co.in d3ec9nrakwwpz5.cloudfront.net *.taylorstudymethod.com *.wellness-institute.org *.cloudfront.net elfsightcdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.livechatinc.com *.livechat-static.com lootly.io *.disqus.com *.avada.io *.shopify.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.livechat.com elfsightcdn.com *.elfsightcdn.com trackcmp.net klaviyo.com paypal.com hotjar.com newrelic.com nr-data.net stripe.com facebook.com livechatinc.com *.js.stripe.com *.ppm.stripe.com *.static.klaviyo.com *.gerrygrossman.com *.googleadservices.com *.google-analytics.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.linkedin.com *.hotjar.com *.bing.com *.licdn.com *.google.co.in *.convertful.com *.visualwebsiteoptimizer.com *.facebook.net *.facebook.com *.vimeo.com i.ytimg.com *.fontawesome.com *.gstatic.com *.adobedtm.com *.elfsight.com *.googleapis.com *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net *.ftcdn.net validator.swagger.io validator.behance.net *.youtube-nocookie.com *.demdex.net *.omtrdc.net *.cardinalcommerce.com d3ec9nrakwwpz5.cloudfront.net dev.visualwebsiteoptimizer.com universe-static.elfsightcdn.com *.googletagmanager.com *.telemetrics.klaviyo.com *.a.klaviyo.com *.static-tracking.klaviyo.com *.fast.a.klaviyo.com *.static-forms.klaviyo.com *.d2jjzw81hqbuqv.cloudfront.net *.taylorstudymethod.com *.wellness-institute.org *.cluster.app-us1.com 'self' www.gstatic.com www.google.com static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com static-tracking.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.livechatinc.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com use.typekit.net p.typekit.net assets.gerrygrossman.com fonts.bunny.net fonts.gstatic.com *.paypalobjects.com *.stripe.com stripe.com *.static.klaviyo.com data: *.gerrygrossman.com *.googleadservices.com *.google-analytics.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.linkedin.com *.googletagmanager.com *.facebook.net *.facebook.com *.livechat.com *.vimeocdn.com *.vimeo.com *.youtube.com i.ytimg.com *.disqus.com *.avada.io *.gstatic.com *.paypal.com *.adobedtm.com *.google.com *.elfsight.com *.link.com *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net *.ftcdn.net validator.swagger.io validator.behance.net *.klarna.com *.klarnacdn.net *.klarnaevt.com *.youtube-nocookie.com *.demdex.net *.omtrdc.net *.cardinalcommerce.com *.visualwebsiteoptimizer.com d3ec9nrakwwpz5.cloudfront.net *.taylorstudymethod.com *.wellness-institute.org tagmanager.google.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com *.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.livechatinc.com *.text.com lootly.io https://get.geojs.io *.avada.io *.sandbox.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com api.lootly.io trackcmp.net klaviyo.com hotjar.com newrelic.com nr-data.net *.api.stripe.com *.ppm.stripe.com *.a.klaviyo.com *.gerrygrossman.com *.googleadservices.com *.trackcmp.net dmyn8jojtddc5.cloudfront.net *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.convertful.com *.linkedin.com *.googletagmanager.com *.facebook.net *.facebook.com *.livechat.com *.vimeocdn.com *.vimeo.com *.youtube.com i.ytimg.com *.disqus.com *.fontawesome.com *.gstatic.com *.adobe.com *.adobedtm.com bam.nr-data.net *.elfsight.com *.googleapis.com *.stripe.network *.stripecdn.com *.lootly.com *.lootly.io *.klaviyo.com *.weltpixel.com *.magentocommerce.com *.doubleclick.net *.ftcdn.net validator.swagger.io validator.behance.net *.youtube-nocookie.com *.demdex.net *.omtrdc.net *.cardinalcommerce.com *.visualwebsiteoptimizer.com d3ec9nrakwwpz5.cloudfront.net *.taylorstudymethod.com *.wellness-institute.org analytics.google.com 'self' 'unsafe-inline'; child-src *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-CFVBBFN-po2uByiHF0V9_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-E8oUulkVBCIQ8ubI4EgYJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.apptopay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.globalpay.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.apptopay.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.apptopay.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.apptopay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://player.vimeo.com https://www.youtube-nocookie.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleadservices.com *.apptopay.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.globalpay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.googleadservices.com *.apptopay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com player.vimeo.com x.klarnacdn.net *.klarnaservices.com https://player.vimeo.com https://www.youtube.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.apptopay.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://fonts.googleapis.com *.klarnacdn.net http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.google-analytics.com *.googleadservices.com *.googleapis.com *.apptopay.com 'self' 'unsafe-inline'; media-src *.adobe.com *.google-analytics.com *.googleadservices.com *.googleapis.com blob: 'self' 'unsafe-inline'; manifest-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleadservices.com *.apptopay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://google.com/pay x.klarnacdn.net *.klarnaservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src *.google-analytics.com *.googleadservices.com *.googleapis.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google-analytics.com *.googleadservices.com *.googleapis.com *.apptopay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3sPAfIRG431nofoNaLGb3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.lampornu.se data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.lampornu.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.lampornu.se 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
default-src https://app.thatch.com 'self'; style-src https://vercel.live *.wistia.com 'self' 'unsafe-inline' blob:; script-src https://vercel.live https://snap.licdn.com https://connect.facebook.net www.googletagmanager.com thatch.chilipiper.com ph.thatch.com *.posthog.com analytics.ahrefs.com *.wistia.com *.wistia.net src.litix.io *.sentry-cdn.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/1VN080HGQP6J/reb2b.js.gz https://www.redditstatic.com/ads/pixel.js bat.bing.com/bat.js https://bat.bing.com/p/action/187118839.js https://assets.apollo.io/micro/website-tracker/tracker.iife.js https://r2.leadsy.ai/tag.js https://osai-cdn.onescreen.ai/pscript/1.0.0.js https://www.clarity.ms/tag/uet/187118839 https://www.clarity.ms/tag/qiqp2ius59 scripts.clarity.ms https://app.factors.ai/assets/factors.js https://googleads.g.doubleclick.net 'self' 'sha256-PIWffdGzM66heRBliv6r8Z3n4xuS0tlmVLmbHNtXZbQ=' 'sha256-wJ/VhlfH39kSu+BUOiDUF8St0im8Yyu43jwgH3bfluo=' 'sha256-fVrJk5820gphjtu2OG1kC0pGiAuuOAK2oghX6PpsMyI=' 'sha256-4hQMq+57pHvvtFqx7i7nK0Yj/qrvGo31do+4MmRlUww=' 'sha256-LD5yWBHPH+mLhLmpE2nTh5jN7y4rhg0406jYv27vW3c=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-3ysDLISzfUIj58bDUZ3nH6ErxjderWtuqrQ/CX52TuU=' 'sha256-+D/CR2/CQ5n0dKPpamksUsyC4m5yV5aXru8p/RxJdo4=' 'sha256-YH6lXFd8SPXN/DjHgv87DGLf7njsA33a8u5cO+c4Hd8=' 'sha256-dvTQ39/ECXPYCCGmYqrXr4yg7tCKMncKnRjrhwlNNSo=' 'sha256-BVGUSjXrZL/I+KpDKk0pUWyNrkkcIaPwc688klYIz7Q=' 'sha256-6EYJpdI3md0VgPal7hThdhzRNUvA4+c6aiV6P4+emhk=' 'sha256-+68LmvqcfJwKjTwqzlGgsOkt6xw3crETeYBU0JtXjoU='; script-src-attr 'unsafe-hashes' 'sha256-DFFLwIcztss+sv3K4A7eR4/LomZ63ZtfLANbnojNCOc='; img-src https://vercel.live https://vercel.com https://snap.licdn.com https://www.linkedin.com https://www.facebook.com www.google.com www.googletagmanager.com *.wistia.com *.wistia.net alb.reddit.com trkn.us t.vibe.co px.ads.linkedin.com px4.ads.linkedin.com bat.bing.com c.clarity.ms c.bing.com 'self' blob: data:; connect-src https://app.thatch.com https://vercel.live wss://ws-us3.pusher.com api.mapbox.com https://px.ads.linkedin.com https://www.facebook.com www.googletagmanager.com www.google.com www.google-analytics.com thatch.chilipiper.com https://ph.thatch.com https://*.posthog.com sgmt-api.thatch.com sgmt-cdn.thatch.com analytics.ahrefs.com *.wistia.com *.wistia.net *.algolia.net *.litix.io https://pixel-config.reddit.com https://api.factors.ai/sdk/get_info https://mpc-prod-24-s6uit34pua-uw.a.run.app/events https://t.onescreen.ai/in/4747422467096576 https://aplo-evnt.com/api/v1/intent_pixel/ https://v.clarity.ms/collect https://api.factors.ai/sdk/ https://bat.bing.com/actionp/0 'self'; font-src https://vercel.live fast.wistia.com 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://vercel.live youtube.com www.youtube.com thatch.chilipiper.com fast.wistia.com fast.wistia.net www.googletagmanager.com 'self'; media-src *.wistia.com *.wistia.net 'self' blob: data:; worker-src 'self' blob: data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-2u50x9jDrsc0pQLoeLns3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'nonce-qqt-df1t8tdvyRFDe2Hq-A' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval'; style-src 'self' 'nonce-qqt-df1t8tdvyRFDe2Hq-A'; style-src-elem 'unsafe-inline' 'self' https: data:; style-src-attr 'unsafe-inline'; img-src 'self' data: https: cid:; font-src 'self' data: https:; connect-src 'self' https: wss: https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com; frame-src 'self' about: https://sst.heyrecruit.de https://www.google.com https://www.googletagmanager.com https://recaptcha.google.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://www.chatbase.co https://www.youtube.com https://meetings.hubspot.com https://app.hubspot.com https://*.hubspot.com https://js.stripe.com https://checkout.stripe.com https://hooks.stripe.com https://files.stripe.com https://*.stripe.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.siinergy.net themes.googleusercontent.com *.typekit.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tagmanager.google.com www.google.com linkedin.com px.ads.linkedin.com snap.licdn.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://js.hsforms.net; worker-src blob:; report-uri https://sii-group.com/fr-FR/report-uri/reportOnly 1
default-src 'none'; base-uri 'self'; frame-src 'self' www.google.com; frame-ancestors 'self'; connect-src 'self' *.cocouz.io *.meetingpackage.com *.pingdom.net maps.googleapis.com; img-src 'self' data: blob: *.meetingpackage.com meetingpackage.com dze39v18co59y.cloudfront.net dvw83pa2sdw6h.cloudfront.net assets-mp-stage.s3.eu-central-1.amazonaws.com maps.gstatic.com https://s3.eu-central-1.amazonaws.com/meetingpackage.com/ 1803444.fs1.hubspotusercontent-na1.net no-cache.hubspot.com perf-na1.hsforms.com; font-src 'self' data: *.meetingpackage.com meetingpackage.com 1803444.fs1.hubspotusercontent-na1.net https://maxcdn.bootstrapcdn.com/font-awesome/ https://s3.eu-central-1.amazonaws.com/meetingpackage.com/ fonts.googleapis.com fonts.gstatic.com; manifest-src 'self' dze39v18co59y.cloudfront.net; style-src 'self' 'nonce-4fa4ac70458ba497010d899b5bf1c25105983ec5276c1a1b95b734385f084156' *.meetingpackage.com meetingpackage.com dze39v18co59y.cloudfront.net 1803444.fs1.hubspotusercontent-na1.net fonts.googleapis.com www.gstatic.com static.hsappstatic.net https://maxcdn.bootstrapcdn.com/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-colorpicker/; script-src 'self' 'nonce-4fa4ac70458ba497010d899b5bf1c25105983ec5276c1a1b95b734385f084156' *.meetingpackage.com meetingpackage.com 1803444.fs1.hubspotusercontent-na1.net boards.eu.greenhouse.io www.googletagmanager.com maps.googleapis.com js.hubspot.com static.cloudflareinsights.com dze39v18co59y.cloudfront.net https://cdn.jsdelivr.net/npm/resize-observer-polyfill@1.5.1/dist/ResizeObserver.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-colorpicker/ https://code.jquery.com/jquery-3.6.0.min.js https://cdn.jsdelivr.net/places.js/1/placesAutocompleteDataset.min.js https://checkout.stripe.com/checkout.js; report-uri https://o4507072049643520.ingest.de.sentry.io/api/4509435354087505/security/?sentry_key=2069ada610a3059fe98ce311aa428dde 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.salesforceliveagent.com *.pendo.io; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.google.com *.google.nl *.pendo.io *.googletagmanager.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com 1
default-src 'self' *.bhh.dev.init *.init.de *.init-ag.de *.bundeshaushalt.de *.bundesfinanzministerium.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.bhh.dev.init *.init-ag.de *.bundeshaushalt.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundeshaushalt.de *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundeshaushalt.de *.bhh.dev.init *.init-ag.de *.streamfarm.net http://multimedia.gsb.bund.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.bhh.dev.init *.init-ag.de *.twitter.com *.twimg.com *.bundeshaushalt.de *.bundesfinanzministerium.de; frame-ancestors 'self'; connect-src 'self' *.bhh.dev.init *.init.de *.init-ag.de *.bundeshaushalt.de *.bundesfinanzministerium.de; report-uri /site/servlet/csp-report; 1
img-src https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ blob: https://d132x6oi8ychic.cloudfront.net 'self' https://aws.predictiveresponse.net https://aws.predictiveresponse.net https://px.ads.linkedin.com https://aws.predictiveresponse.net https://px.ads.linkedin.com https://cdn.userway.org https://aws.predictiveresponse.net https://px.ads.linkedin.com https://cdn.userway.org https://d3uf7shreuzboy.cloudfront.net/ https://cdnjs.cloudflare.com https://px4.ads.linkedin.com; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ 'self' https://cdnjs.cloudflare.com; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data: https://ka-f.fontawesome.com/ https://ka-f.fontawesome.com/ https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/ d214eakhb4e2xn.cloudfront.net https://d214eakhb4e2xn.cloudfront.net; media-src https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://higherlogicstream.s3.amazonaws.com/ILTANET/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ILTANET/ https://higherlogicdownload.s3.amazonaws.com/ILTANET/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ILTANET/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://ilta.legaltechnologyhub.com/ https://cdn.userway.org/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob: https://px.ads.linkedin.com/ https://aws.predictiveresponse.net/ https://ilta.legaltechnologyhub.com/ https://api.userway.org/; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; style-src-elem https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ sha256-Rab7AJLFualVC4CUBBV53un9yiys/tCLSbaVZsjd1vs= https://d2x5ku95bkycr3.cloudfront.net/ https://maxcdn.bootstrapcdn.com/ https://cdn.userway.org/ sha256-Rab7AJLFualVC4CUBBV53un9yiys/tCLSbaVZsjd1vs= sha256-2gCt3a4f6dxlUfEwTCIts7vls6yRLGu6Dc6LrwMwYhE=; 1
default-src 'self' https://*.wistia.com https://*.wistia.net;                                                                         img-src 'self' https://*.wistia.com https://*.wistia.net https: data:;                                                                         script-src 'self' https://*.speedcurve.com https://*.googlesyndication.com https://*.hotjar.com https://darkvisitors.com https://cdn.cookiepal.io https://www.googletagmanager.com https://*.sentry-cdn.com https://src.litix.io https://*.sentry-cdn.com https://insight.lotusgroup.co.uk https://tag.yieldoptimizer.com https://secure.adnxs.com https://acdn.adnxs.com https://www.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.responsetap.com https://*.twitter.com 'unsafe-inline' 'unsafe-eval';                                                                         style-src 'self' https://p.typekit.net https://use.typekit.net https://use.fontawesome.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net 'unsafe-inline';                                                                         font-src 'self' https://use.typekit.net https://use.fontawesome.com https://storify.com https://fonts.gstatic.com https://fast.wistia.com https://*.wistia.com data:;                                                                         child-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com;                                                                         frame-src https://www.googletagmanager.com/ https://*.yudu.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com;                                                                         connect-src 'self' https://*.speedcurve.com wss://ws.hotjar.com wss://ws.hotjar.io https://content.hotjar.io https://cdn.cookiepal.io https://*.googlesyndication.com https://www.googletagmanager.com https://api.lotusgroup.co.uk https://maps.googleapis.com https://pipedream.wistia.com https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://api.trustpilot.com https://*.google.com https://distillery.wistia.com https://insight.lotusgroup.co.uk https://fast.wistia.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net;                                                                         object-src 'none';                                                                         upgrade-insecure-requests https://*.hotjar.com https://*.googletagmanager.com;                                                                         media-src 'self' https://embed-cloudfront.wistia.com https://fast.wistia.com blob:;                                                                         worker-src 'self' https://*.yudu.com 1
report-uri https://web.bvl.bund.de/header-report/csp/ 1
object-src 'none';base-uri 'self';script-src 'nonce-S8tERkBXg_L_TKLykkgxTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com/ https://widgets.trustedshops.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.stripe.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com https://maps.google.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.clerk.io https://goomento.com https://www.facebook.com https://script.hotjar.com https://app.usercentrics.eu https://uct.service.usercentrics.eu cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com https://api.clerk.io https://cdn.clerk.io https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://cdnjs.cloudflare.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io https://static-tracking.klaviyo.com https://api.usercentrics.eu d.ratepay.com d.payla.io dr.payla.io https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://static.klaviyo.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://privacy-proxy.usercentrics.eu https://api.usercentrics.eu wss://ws.hotjar.com https://content.hotjar.io https://aggregator.service.usercentrics.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'nonce-sOd4RBvXbapp-Yu_yIu_FRZ5' 'strict-dynamic' http: https:; base-uri 'none'; 1
default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1
font-src *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.hotjar.com *.hotjar.io *.cloudflare.com *.gstatic.com *.peterprint.nl *.frontapp.com *.sentry-cdn.com *.facebook.com *.facebook.net *.doubleclick.net *.clarity.ms peterprint.wufoo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com https://www.googletagmanager.com/ *.klarna.com www.xtento.com *.multisafepay.com https://pay.google.com *.cloudflare.com *.google.com *.hotjar.com *.hotjar.io *.frontapp.com *.sentry-cdn.com *.peterprint.nl *.facebook.com *.facebook.net *.doubleclick.net peterprint.wufoo.com *.pinterest.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.sharethis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com *.multisafepay.com cdn-cookieyes.com *.placeholder.com *.peterprint.nl *.cloudflare.com *.google.nl *.bing.com *.googleapis.com *.gstatic.com *.sentry-cdn.com *.cookieyes.com *.facebook.com *.clarity.ms *.doubleclick.net *.frontapp.com *.visualwebsiteoptimizer.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.sharethis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com www.xtento.com cdn.xtento.com *.multisafepay.com https://pay.google.com cdn-cookieyes.com *.cookieyes.com *.google.com *.gstatic.com *.google-analytics.com *.hotjar.com *.hotjar.io *.fontawesome.com *.cloudflare.com *.mouseflow.com *.peterprint.nl *.bing.com *.doubleclick.net unpkg.com *.googleapis.com *.googleoptimize.com *.frontapp.com *.sentry-cdn.com *.facebook.com *.facebook.net *.clarity.ms peterprint.wufoo.com *.pinterest.com *.pinimg.com *.visualwebsiteoptimizer.com *.sendcloud.sc *.jsdelivr.net https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.multisafepay.com *.googleapis.com *.peterprint.nl *.sentry-cdn.com *.cookieyes.com *.facebook.com *.facebook.net *.doubleclick.net *.clarity.ms peterprint.wufoo.com *.frontapp.com *.cloudflare.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.sharethis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.multisafepay.com cdn-cookieyes.com *.cookieyes.com *.google.com *.gstatic.com *.google-analytics.com *.fontawesome.com *.hotjar.com *.hotjar.io *.cloudflare.com *.peterprint.nl *.googleapis.com https://chat-assets.frontapp.com/ *.sentry-cdn.com *.facebook.com *.facebook.net *.doubleclick.net *.clarity.ms peterprint.wufoo.com *.pinterest.com https://sessions.bugsnag.com wss://front-eu-realtime.ably.io *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https: web106.reachmee.com www.skuld.com bcvp0rtal.com players.brightcove.net; frame-ancestors 'self' https: www.skuld.com skuld.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-QQpkJvtXSOF-pr7XgEn0nQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com bid.g.doubleclick.net js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com www.hyva.io magefan.com cm.magefan.com https://www.magezon.com https://www.mollie.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://77656ea2-9f80-4a74-ba7d-9d4c3bc7b1bd.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com use.typekit.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com account.fetchify.com www.xtento.com *.google.com vars.hotjar.com *.qualaroo.com *.braintreegateway.com *.paypalobjects.com *.kaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.analytics.google.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net magefan.com cm.magefan.com p.typekit.net *.clarity.ms www.xtento.com cdn.xtento.com *.cookiebot.com www.google.co.uk *.usercentrics.eu img.youtube.com *.bing.com *.bing.net *.facebook.com *.amazonaws.com www.google.com.ua *.feefo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal localhost:8080 use.typekit.net www.dynamicnumbers.mediahawk.co.uk *.clarity.ms www.xtento.com cdn.xtento.com *.cookiebot.com www.google.com www.gstatic.com js-agent.newrelic.com *.bing.com *.bing.net *.qualaroo.com *.facebook.net *.helpscout.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.feefo.com ss.rubber4roofs.co.uk https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com fonts.googleapis.com cc-cdn.com *.stripe.network *.stripecdn.com *.amazon.com *.feefo.com https://www.rubber4roofs.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk localhost:8080 *.mediahawk.co.uk *.clarity.ms www.google.com www.google.co.uk stats.g.doubleclick.net *.bing.com *.bing.net *.cloudfront.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.feefo.com ss.rubber4roofs.co.uk https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://optagon.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'nonce-/TskPYWyqaZjNkxfC0FFpA==' 'self' cdn.orsted.com *.googletagmanager.com *.app.cookieinformation.com cdn.appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net;       style-src 'nonce-/TskPYWyqaZjNkxfC0FFpA==' 'self' cdn.orsted.com fonts.googleapis.com;       style-src-attr 'unsafe-inline' cdn.orsted.com;       img-src 'self' data: cdn.orsted.com *.azureedge.net *.youtube.com *.23video.com delivery.twentythree.com www.googletagmanager.com *.lfeeder.com *.linkedin.com *.doubleclick.net *.pardot.com;       media-src 'self' blob: cdn.orsted.com *.youtube.com *.23video.com delivery.twentythree.com;       font-src 'self' data: fonts.gstatic.com cdn.orsted.com;       frame-src *.app.cookieinformation.com *.youtube.com *.23video.com delivery.twentythree.com *.google.com *.google.nl *.googletagmanager.com *.doubleclick.net *.pardot.com;       connect-src *.app.cookieinformation.com *.euroland.com *.eum-appdynamics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.crazyegg.com *.linkedin.com orsted.piwik.pro *.pardot.com;       worker-src 'self'; 1
default-src 'self';            script-src 'report-sample' 'self' 'unsafe-inline' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://buttons-config.sharethis.com/js/68d16b7e6f09a63c8e6f1efb.js https://cdn.mouseflow.com/projects/d085fd17-28ad-4907-af37-b6a3b9b66963.js https://connect.facebook.net/en_US/fbevents.js https://consent.trustarc.com/v2/notice/5eaplw https://count-server.sharethis.com/v2.0/get_counts https://dl.episerver.net/13.5.7/epi-util/find.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/656808352/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/v2/5177788/banner.js https://js.hs-scripts.com/5177788.js https://js.hsadspixel.net/fb.js https://js.hsforms.net/forms/v2.js https://js.hsleadflows.net/leadflows.js https://platform-api.sharethis.com/js/sharethis.js https://pregiseu.mpeasylink.com/mpel/mpel.js https://s3.amazonaws.com/beacon.pmmimediagroup.com/prod/script.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.cloudflareinsights.com/beacon.min.js https://t.sharethis.com/1/d/t.dhj https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__en.js https://www.webtraxs.com/wt.php https://www.youtube.com/s/player/ https://www.googletagmanager.com/gtag/js https://secure.leadforensics.com/js/63143.js http://platform-api.sharethis.com/js/sharethis.js https://secure.leadforensics.com/js/63143.js http://pregiseu.mpeasylink.com/mpel/ https://connect.facebook.net/signals/ https://ssl.google-analytics.com/ga.js https://www.youtube.com/iframe_api http://www.pagespeed-mod.com/v1/ https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://tags.clickagy.com;            style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://pregiseu.mpeasylink.com https://use.fontawesome.com;            object-src 'none';            base-uri 'self';            connect-src 'self' https://analytics.google.com https://api.hubapi.com https://consent-reporting.trustarc.com https://consent.trustarc.com https://dc.services.visualstudio.com https://forms.hsforms.com https://forms.hubspot.com https://l.sharethis.com https://prospector.pmmimediagroup.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://cdn.linkedin.oribi.io/partner/ https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com;            font-src 'self' data: https://cdnjs.cloudflare.com https://consent.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com;            frame-src 'self' https://massinteract.com https://pregiseu.mpeasylink.com https://t.sharethis.com https://www.google.com https://www.youtube.com https://www.facebook.com https://hemsync.clickagy.com;            img-src 'self' data: https://analytics.convertlanguage.com https://consent-pref.trustarc.com https://consent.trustarc.com https://forms-na1.hsforms.com https://forms.hsforms.com https://l.sharethis.com https://platform-cdn.sharethis.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.webtraxs.com https://connect.facebook.net https://5177788.fs1.hubspotusercontent-na1.net/hubfs/5177788/;            manifest-src 'self';            media-src 'self';            worker-src 'none'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://use.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://use.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://origin.acuityplatform.com https://e.acuityplatform.com https://secure.adnxs.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://ums.acuityplatform.com https://connect.facebook.net https://tpc.googlesyndication.com https://tr.contextweb.com https://bh.contextweb.com https://epidiolex-medinfo-c.uat.v3.chat.conversationhealth.com https://epidiolex-medinfo-c.prod.v3.chat.conversationhealth.com https://trc.lhmos.com https://match.deepintent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://moderate.cleantalk.org https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://origin.acuityplatform.com https://e.acuityplatform.com https://secure.adnxs.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://ums.acuityplatform.com https://connect.facebook.net https://tpc.googlesyndication.com https://tr.contextweb.com https://bh.contextweb.com https://epidiolex-medinfo-c.uat.v3.chat.conversationhealth.com https://epidiolex-medinfo-c.prod.v3.chat.conversationhealth.com https://trc.lhmos.com https://match.deepintent.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://moderate.cleantalk.org https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net http://hello.myfonts.net https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net http://hello.myfonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
default-src 'self' https:; font-src 'self' use.typekit.net/af/ d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/ cdn.myalex.com/ localhost:* host.docker.internal:* data:; img-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ localhost:* host.docker.internal:* data:; object-src 'none'; script-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ chat.myalex.com/widget.js localhost:* host.docker.internal:* 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: localhost:* host.docker.internal:* p.typekit.net/p.css d2e0vf92j9kzr0.cloudfront.net/ data: d1p8b7m2zl7a4f.cloudfront.net use.typekit.net/nwy7lbs.css cdn.myalex.com/ 'unsafe-inline'; frame-src 'self' https: login.myalex.com localhost:* host.docker.internal:* chat.datatrough.com/; connect-src 'self' https: localhost:* host.docker.internal:* ingest-dev.jellydevs.com/ data: audio.myalex.com/ d2e0vf92j9kzr0.cloudfront.net d1p8b7m2zl7a4f.cloudfront.net; media-src 'self' https: d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/; report-uri https://picwell.sentry.io/projects/alex-api/?issuesType=all&project=4506039022583808 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.sirv.com *.boldr.dev d1azc1qln24ryf.cloudfront.net/40686/revsglobal-pr-mod/ d19ayerf5ehaab.cloudfront.net/css/product-widget/fonts/ *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.cotswoldcollections.com data: 'self' 'unsafe-inline'; form-action *.paypal.com www.facebook.com/tr/ connect.facebook.net graph.facebook.com business.facebook.com *.reviews.io *.reviews.co.uk www.cotswoldcollections.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com *.link.com *.amazon.com www.cotswoldcollections.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.googletagmanager.com/ *.reviews.io *.reviews.co.uk td.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.cotswoldcollections.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ services.postcodeanywhere.co.uk http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.cloudfront.net assets.reviews.io/img/ *.reviews.co.uk *.sirv.com m2-prod-cotswoldcollections-ie.cfstack.com m2-prod-cotswoldcollections-com.cfstack.com www.cotswoldcollections.com www.cotswoldcollections.ie https://dashboard.feedbucket.app stats.g.doubleclick.net www.google.co.uk maps.gstatic.com/mapfiles/ cdn.cotswoldcollections.com www.google.co.in www.gravatar.com/ data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io https://custom.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.reviews.io widget.reviews.co.uk/ *.sirv.com player.vimeo.com cdn.feedbucket.app *.klaviyo.com js.datadome.co https://unpkg.com *.getsitecontrol.com www.clarity.ms cdn-cookieyes.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.cotswoldcollections.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com api.addressy.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io widget.reviews.co.uk/ *.sirv.com https://cdn.feedbucket.app *.klaviyo.com *.typekit.net d19ayerf5ehaab.cloudfront.net/css/product-widget/ d1azc1qln24ryf.cloudfront.net/40686/revsglobal-pr-mod/ data: widget.reviews.co.uk/ *.stripe.network *.stripecdn.com *.amazon.com www.cotswoldcollections.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.sirv.com blob: www.cotswoldcollections.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.facebook.com/tr/ connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.sirv.com *.youtube.com blob: dashboard.feedbucket.app cdn.feedbucket.app *.klaviyo.com api-js.datadome.co *.google-analytics.com stats.g.doubleclick.net maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/ https://cdn.cotswoldcollections.com *.getsitecontrol.com *.clarity.ms widget.reviews.co.uk/ api-cache.reviews.co.uk/ api.reviews.co.uk/ api.reviews.io/ log.cookieyes.com/ cdn-cookieyes.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.cotswoldcollections.com 'self' 'unsafe-inline'; child-src www.cotswoldcollections.com http: https: blob: 'self' 'unsafe-inline'; default-src www.cotswoldcollections.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Bh00BI8IrTBu22wxuWeDSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com https://developer.adobe.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.worldpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleadservices.com *.ytimg.com *.bing.com *.google.com *.mastercard.com *.visa.com *.worldpay.com magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.gstatic.com *.fontawesome.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.worldpay.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://developer.adobe.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.nagich.co.il *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * gateway20.pelecard.biz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.google.com *.facebook.com *.googleapis.com  *.cloudfront.net paypal.com paypalobjects.com *.paypal.com s.ytimg.com  *.ssl-images-amazon.com  *.ssl-images-amazon.co.uk  *.ssl-images-amazon.jp  *.ssl-images-amazon.co.jp  *.ssl-images-amazon.it  *.ssl-images-amazon.fr  *.ssl-images-amazon.es  *.media-amazon.com  *.media-amazon.co.uk  *.media-amazon.co.jp  *.media-amazon.jp  *.media-amazon.it  *.media-amazon.fr  *.media-amazon.es *.nagich.co.il www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com gateway20.pelecard.biz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.googleapis.com  *.cloudfront.net paypal.com paypalobjects.com widgets.magentocommerce.com *.paypal.com fpdbs.sandbox.paypal.com  *.ssl-images-amazon.com  *.ssl-images-amazon.co.uk  *.ssl-images-amazon.jp  *.ssl-images-amazon.co.jp  *.ssl-images-amazon.it  *.ssl-images-amazon.fr  *.ssl-images-amazon.es  *.media-amazon.com  *.media-amazon.co.uk  *.media-amazon.co.jp  *.media-amazon.jp  *.media-amazon.it  *.media-amazon.fr  *.media-amazon.es *.gstatic.com jquery.sellxed.com *.vimeo.com video.google.com js.braintreegateway.com *.nagich.co.il *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.google.com 'unsafe-eval' data: connect.facebook.net *.doubleclick.net system.user-a.co.il assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com gateway20.pelecard.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com/ *.nagich.co.il *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://www.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://checkout.paystand.co https://checkout.paystand.com https://checkout.paystand.biz https://analytics.google.com https://vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://images.unsplash.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com www.google.com www.gstatic.com v2.zopim.com cdn.lupasearch.com static.zdassets.com songbirdstag.cardinalcommerce.com *.certcapture.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://checkout.paystand.co https://api.paystand.co https://checkout.paystand.com https://api.paystand.com https://checkout.paystand.biz https://api.paystand.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com www.gstatic.com cdn.lupasearch.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com https://checkout.paystand.co https://checkout.paystand.com https://checkout.paystand.biz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com api.lupasearch.com ekr.zdassets.com argco.zendesk.com wss://widget-mediator.zopim.com ebizcharge3ds-staging1.azurewebsites.net *.certcapture.com 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://checkout.paystand.co https://api.paystand.co https://checkout.paystand.com https://api.paystand.com https://checkout.paystand.biz https://api.paystand.biz 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://argco.com/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.photoslurp.com *.ternua.com *.loreakmendian.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.redsys.es www.facebook.com *.ternua.com *.loreakmendian.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com *.ternua.com *.loreakmendian.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.cookiebot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org mc.us8.list-manage.com www.facebook.com connect.facebook.net developers.google.com www.google.es maps.gstatic.com fonts.gstatic.com maps.googleapis.com fonts.googleapis.com *.photoslurp.com mcusercontent.com *.connectif.cloud *.ternua.com *.loreakmendian.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com sl.google-analytics.com cdn.cookielaw.org www.facebook.com connect.facebook.net www.google.com www.google.es developers.google.com *.gstatic.com *.googleapis.com *.photoslurp.com *.onetrust.com *.connectif.cloud *.ternua.com *.loreakmendian.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.cookiebot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.photoslurp.com *.mailchimp.com *.ternua.com *.loreakmendian.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com stats.g.doubleclick.net api.instagram.com developers.google.com www.google-analytics.com sl.google-analytics.com cdn.cookielaw.org downloads.mailchimp.com mc.us8.list-manage.com www.facebook.com connect.facebook.net www.google.com www.google.es *.gstatic.com *.googleapis.com *.photoslurp.com *.onetrust.com *.connectif.cloud *.ternua.com *.loreakmendian.com *.googlesyndication.com *.appspot.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.pickuppoint.co.il googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.flashyapp.com api.flashy.app *.flashy.dev *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.flashyapp.com api.flashy.app *.flashy.dev www.googletagmanager.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il *.hsforms.net *.hsforms.com 'self' data: *.pickuppoint.co.il maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.flashyapp.com api.flashy.app *.flashy.dev https://maps.googleapis.com https://player.vimeo.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.creditguard.co.il cguat2.creditguard.co.il cgmpiuat.creditguard.co.il ppsuat.creditguard.co.il pps.creditguard.co.il *.hsforms.net *.hsforms.com *.pickuppoint.co.il maps.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.googleapis.com *.pickuppoint.co.il maps.googleapis.com maps.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.pickuppoint.co.il maps.googleapis.com maps.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.flashyapp.com api.flashy.app *.flashy.dev https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.pickuppoint.co.il maps.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-Q1NQXzY5YjhhYzVhNDk1Njk2LjU4ODg0Nzgw' 'strict-dynamic' https: 'unsafe-inline'; object-src 'none'; base-uri 'none'; report-uri https://www.zenstore.it/csp/report.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.google.com https://orbitvu.co https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu https://images.sofort.com/de/su/320x120.png maps.gstatic.com https://gstatic.com *.ggpht *.googleapis.com https://www.google.com https://www.google.de https://www.sanivita.de https://sanivita.de http://russka.de https://black.bird.eu https://notification.amasty.com https://app.usercentrics.eu https://widgets.trustedshops.com https://www.googletagmanager.com https://ts-logo-hubspot.s3.eu-central-1.amazonaws.com/logo/TrustedShops.png https://legal-images.trustedshops.com/TrustedShops.png https://i.ytimg.com https://uct.service.usercentrics.eu https://pci.usd.de cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com https://widgets-qa.trustedshops.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://widget.usersnap.com https://cdn.usersnap.com https://resources.usersnap.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://maps.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com *.googlesyndication.com https://stats.g.doubleclick.net *.usercentrics.eu *.trustedshops.com *.etrusted.com https://widget.usersnap.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://integrations.etrusted.site api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.podium.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.certcapture.com *.chatra.io wisepops.net *.paypalobjects.com *.jotform.com *.googletagmanager.com *.doubleclick.net cdn.wisepops.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com *.podium.com whitelineperformance.com cdn.shopify.com imageapi.partsdb.com.au *.clarity.ms *.bing.com *.googleapis.com *.amazonaws.com *.google.com.au *.google.com.vn *.linkedin.com cdn.wisepops.com *.cloudinary.com *.google.co.uk *.disqus.com https://firebasestorage.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com *.chatra.io *.podium.com *.cloudflare.com *.cloudflareinsights.com wisepops.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com analytics.ahrefs.com *.zip.co *.googleapis.com *.clarity.ms *.google.com.au *.google.com.vn g10696554090.co *.jotform.com *.gstatic.com *.licdn.com *.noibu.com cdn.wisepops.com *.adobedtm.com *.disqus.com *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.podium.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.google.com *.podium.com *.google.com.au *.google.com.vn 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.certcapture.com *.analyticspodium.com mind-flayer.podium.com wisepops.net *.wisepops.com *.cloudfront.net *.cloudflare.com *.zipmoney.com.au *.googleapis.com *.clarity.ms *.gstatic.com *.google.com.au *.podium.com *.linkedin.com *.google.com.vn doubleclick.net stats.g.doubleclick.net *.tiktokw.us analytics.ahrefs.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-2SAKad9TAAUgEUZFGaNEmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.hubspot.com https://*.hsappstatic.net https://js.hsforms.net https://*.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://*.hubspotusercontent-na1.net https://connect.facebook.net https://platform.twitter.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://d.adroll.com https://s.adroll.com https://bat.bing.com https://geotargetly-api-2.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://protechtgroup.my.salesforce.com https://service.force.com https://*.salesforceliveagent.com https://community.protechtgroup.com https://b.static.lightning.force.com https://www.google.com https://www.gstatic.com https://tracking.g2crowd.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://*.hubspot.com https://*.hubapi.com https://js.hsforms.net https://*.hsforms.com https://*.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ka-p.fontawesome.com https://bat.bing.com https://vc.hotjar.io wss://ws.hotjar.com https://px.ads.linkedin.com https://tracking-api.g2.com https://protechtgroup.my.salesforce.com https://service.force.com https://*.salesforceliveagent.com https://community.protechtgroup.com https://b.static.lightning.force.com https://www.google.com/recaptcha/; img-src 'self' data: https://www.protechtgroup.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://no-cache.hubspot.com https://static.hsappstatic.net https://js.hscta.net https://js-eu1.hscta.net https://*.hsforms.com https://*.hsforms.net https://forms-na1.hsforms.com https://perf.hsforms.com https://perf-na1.hsforms.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://px.ads.linkedin.com https://connect.facebook.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://static.hsappstatic.net https://cdnjs.cloudflare.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://service.force.com https://community.protechtgroup.com; font-src 'self' data: https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://*.hubspotusercontent-na1.net; frame-src 'self' https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://service.force.com https://platform.twitter.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self' https://*.hubspot.com https://*.hsforms.com; worker-src 'self' blob:; manifest-src 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://*.in.applicationinsights.azure.com https://cdn-ukwest.onetrust.com https://*.googletagmanager.com https://*.google-analytics.com https://js.monitor.azure.com https://static.hotjar.com https://connect.facebook.net https://tracker.marinsm.com https://bat.bing.com https://tt.mbww.com https://www.tradedoubler.com https://secure.adnxs.com https://ade.googlesyndication.com https://jaishroff-org-help.freshchat.com https://script.hotjar.com https://googleads.g.doubleclick.net https://*.smct.io https://smct.co https://swrap.tradedoubler.com https://collect.bannercrowd.net https://*.bannercrowd.net https://*.marinsoftware.com https://*.tangoo.it https://*.tangooserver.com https://*.smct.co https://collinson-insurance-eu.my.connect.aws; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' https://fonts.googleapis.com https://jaishroff-org-help.freshchat.com https://cdn-ukwest.onetrust.com https://cdn.honey.io; object-src 'none'; base-uri 'self'; connect-src 'self' 'self' https://analytics.tiktok.com https://analytics.google.com https://bat.bing.net https://*.analytics.google.com https://*.in.applicationinsights.azure.com https://cdn-ukwest.onetrust.com https://*.googletagmanager.com https://*.google-analytics.com https://js.monitor.azure.com https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://tracker.marinsm.com https://bat.bing.com https://tt.mbww.com https://www.tradedoubler.com https://secure.adnxs.com https://www.facebook.com https://stats.g.doubleclick.net https://*.smct.io https://firehose.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://*.doubleclick.net https://*.google.com https://*.facebook.com https://analytics-ipv6.tiktokw.us wss://*.hotjar.com https://*.tiktokw.us https://api.bannercrowd.net https://*.googlesyndication.com https://*.google.it https://*.smct.co; font-src 'self' data: 'self' https://fonts.gstatic.com https://cdn-ukwest.onetrust.com; frame-src 'self' 'self' https://open.spotify.com https://analytics.tiktok.com https://*.googletagmanager.com https://jaishroff-org-help.freshchat.com https://connect.facebook.net https://*.doubleclick.net https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.tangooserver.com https://www.youtube.com/; img-src 'self' 'self' https://ade.googlesyndication.com https://analytics.tiktok.com https://uksouth-1.in.applicationinsights.azure.com https://cdn-ukwest.onetrust.com https://*.googletagmanager.com https://*.google-analytics.com https://static.hotjar.com https://bat.bing.com https://secure.adnxs.com https://*.google.com https://*.google.co.uk https://*.google.com.it https://ad.doubleclick.net https://bat.bing.net https://*.facebook.com https://cdn.smct.io https://*.smct.co data: https://*.google.com.et https://*.google.it; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-uri /csp-violation-report; 1
font-src *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.klarna.com *.cleverreach.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.etracker.com https://*.etracker.de https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net s3.eu-central-1.amazonaws.com *.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com/analytics.js *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.etracker.com https://*.etracker.de *.google.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.modehaus.de *.payengine.com *.facebook.com *.facebook.net *.elfsight.com *.googletagmanager.com *.signalize.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com cdn.klarna.com jsctool.com d.payla.io maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://*.etracker.de *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.elfsight.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; form-action *.cardinalcommerce.com *.paypal.com www.sandbox.paypal.com *.amazon.com *.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.googletagmanager.com *.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.paypal.com www.sandbox.paypal.com player.vimeo.com *.google.com *.braintreegateway.com google.com js.stripe.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.net www.commercepartnerhub.com assets.braintreegateway.com plumrocket.com *.authorize.net *.artifi.net www.googleadservices.com assets.pinterest.com ct.pinterest.com www.paypalobjects.com i.liadm.com *.securly.com gateway.zscalerthree.net ep2.adtrafficquality.google 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.newrelic.com *.nr-data.net *.authorize.net *.commerce-payment-services.com *.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klaviyo.com fast.a.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.shopify.com *.sandbox.braintreegateway.com *.popt.in *.cloudflare.com celebrosnlp.com *.celebros-analytics.com *.artifi.net maps.googleapis.com www.googletagservices.com cdn.gladly.qa cdn.gladly.com *.monetate.net *.visualwebsiteoptimizer.com *.cloudfront.net s.pinimg.com bat.bing.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.pinterest.com cdn.noibu.com *.hotjar.com b-code.liadm.com secure.merchantadvantage.com *.celebros.com ep2.adtrafficquality.google assets.finestationery.com finestat-ac.celebros.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.finestationery.com/pr-csp/report/add/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-WgmwrW1RZEi2eyvFSiUSYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https: https://*.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://*.paypalobjects.com https://*.squareup.com https://js.squareupsandbox.com https://*.cardinaltrusted.com https://*.cardinalcommerce.com https://snapwidget.com https://static.cloudflareinsights.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://f.vimeocdn.com https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' https: https://*.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://*.paypalobjects.com https://*.squareup.com https://js.squareupsandbox.com https://*.cardinaltrusted.com https://*.cardinalcommerce.com https://snapwidget.com https://static.cloudflareinsights.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://f.vimeocdn.com https://*.hotjar.com; connect-src 'self' https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://api2.amplitude.com https://checkout.paypal.com https://www.paypal.com https://*.google.com https://google.com https://*.cardinaltrusted.com https://*.cardinalcommerce.com https://player.vimeo.com https://*.ingest.us.sentry.io https://*.helios.co.uk wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://api.getaddress.io https://vimeo.com api.ideal-postcodes.co.uk; frame-src 'self' https: blob: https://*.cardinalcommerce.com https://*.cardinaltrusted.com https://*.braintreegateway.com https://*.paypal.com https://*.google.com https://player.vimeo.com https://*.hotjar.com; img-src 'self' data: https://*.braintreegateway.com https://*.paypal.com https://*.paypalobjects.com https://*.google.com https://fonts.gstatic.com *.vimeocdn.com https://images.helios.co.uk https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://*.gstatic.com https://snapwidget.com https://f.vimeocdn.com https://assets.braintreegateway.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; worker-src 'self' blob:; report-uri https://o153217.ingest.us.sentry.io/api/4509628060532736/security/?sentry_key=273423422b3367e453d9907cfbfc29e1; report-to csp-endpoint; child-src 'self' blob: 1
default-src 'none'; report-uri https://medicorg.report-uri.com/r/d/csp/wizard; form-action 'none'; frame-ancestors 'none' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.commercers-solutions.de *.commercers-services.de https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.commercers-solutions.de *.commercers-services.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.commercers-solutions.de *.commercers-services.de js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.commercers-solutions.de *.commercers-services.de https://info.dibs.se https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.googletagmanager.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.commercers-solutions.de *.commercers-services.de https://*.dibspayment.eu js.mollie.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.commercers-solutions.de *.commercers-services.de https://*.dibspayment.eu https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.commercers-solutions.de *.commercers-services.de https://*.dibspayment.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bf-shop.de/; report-to report-endpoint; 1
font-src https://plugin-magento-ui.glopalservice.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: https: 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.xtento.com 'self' 'unsafe-inline' *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk test.saferpay.com www.saferpay.com saferpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com mageside.com *.google.co.uk *.linksynergy.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io player.vimeo.com *.addthis.com *.adobedtm.com *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.chimpstatic.com *.clarity.ms *.cloudflare.com *.doubleclick.net *.fontawesome.com *.google-analytics.com *.google.com *.google.com/recaptcha/ *.google.comrecaptcha *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.gstatic.com/recaptcha/ *.gstatic.comrecaptcha *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klaviyo.com *.mailchimp.com *.paypal.com *.rakuten.com *.paypalobjects.com *.sandbox.braintreegateway.com *.sandbox.paypal.com *.tiktok.com *.vimeo.com *.xtento.com *.yotpo.com *.ytimg.com klarna.com landofcoder.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval' js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk test.saferpay.com www.saferpay.com saferpay.com *.stripe.com *.stripe.network *.stripecdn.com *.amazon.com *.link.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com https: data: 'self' 'unsafe-inline' unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.addressy.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline' *.doubleclick.net *.google-analytics.com analytics.tiktok.com api.webgains.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk test.saferpay.com www.saferpay.com saferpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com https://ajax.cloudflare.com https://twitter.com https://fonts.gstatic.com https://use.typekit.net https://twimg.com https://widgets.trustedshops.com https://fonts.googleapis.com https://devkrauterie.b-cdn.net https://golivekrauterie.b-cdn.net/ https://golive.krauterie.de https://dev.krauterie.de https://www.krauterie.de wp.krauterie.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com https://twitter.com https://www.facebook.com/tr/ wp.krauterie.de 'self' 'unsafe-inline'; frame-ancestors wp.krauterie.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube-nocookie.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com https://plumrocket.com *.iubenda.com js.mollie.com https://twitter.com https://player.vimeo.com https://secure.pay1.de https://www.jsctool.com/ratepay/ ct.pinterest.com https://www.googletagmanager.com/ https://td.doubleclick.net/ *.googletagmanager.com wp.krauterie.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://www.mollie.com https://ajax.cloudflare.com https://www.klarna.com https://googleadservices.com https://www.google.de/ads/ https://google-analytics.com https://www.paypal.com https://twitter.com https://pbs.twimg.com https://vimeocdn.com https://ytimg.com https://widgets.trustedshops.com https://lightemporium.com https://app.usercentrics.eu https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://delivery.consentmanager.net https://cloud.ccm19.de https://devkrauterie.b-cdn.net https://golivekrauterie.b-cdn.net/ https://golive.krauterie.de https://www.googletagmanager.com/ https://dev.krauterie.de https://www.krauterie.de https://www.google.de/pagead/ https://widgets-qa.trustedshops.com *.etrusted.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com wp.krauterie.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com static.addtoany.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com https://ajax.cloudflare.com https://twitter.com https://pbs.twimg.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://widgets.trustedshops.com https://app.usercentrics.eu https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fontawesome.com https://secure.pay1.de https://d.ratepay.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://cloud.ccm19.de https://devkrauterie.b-cdn.net https://golivekrauterie.b-cdn.net/ https://golive.krauterie.de https://www.googletagmanager.com/ https://dev.krauterie.de https://www.krauterie.de https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://s.pinimg.com/ https://ct.pinterest.com https://fast.smarketer.de https://fast-static.smarketer.de https://stats.g.doubleclick.net https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.googletagmanager.com tagmanager.google.com wp.krauterie.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://static.klaviyo.com https://ajax.cloudflare.com https://fonts.googleapis.com https://twitter.com https://fonts.gstatic.com https://use.typekit.net https://widgets.trustedshops.com https://app.usercentrics.eu https://cdn.consentmanager.mgr.consensu.org https://fontawesome.com https://cloud.ccm19.de https://devkrauterie.b-cdn.net https://golivekrauterie.b-cdn.net/ https://golive.krauterie.de https://www.googletagmanager.com/ https://dev.krauterie.de https://www.krauterie.de https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com wp.krauterie.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com wp.krauterie.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com stats.addtoany.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ajax.cloudflare.com https://twitter.com https://paypal.com https://www.paypalobjects.com https://twimg.com https://d.ratepay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://cloud.ccm19.de https://devkrauterie.b-cdn.net https://golivekrauterie.b-cdn.net/ https://golive.krauterie.de https://www.googletagmanager.com/ https://dev.krauterie.de https://www.krauterie.de https://region1.google-analytics.com https://ct.pinterest.com https://pagead2.googlesyndication.com/ https://www.google.com/ccm/ https://fast.smarketer.de https://fast-static.smarketer.de https://stats.g.doubleclick.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com wp.krauterie.de 'self' 'unsafe-inline'; child-src wp.krauterie.de http: https: blob: 'self' 'unsafe-inline'; default-src wp.krauterie.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.cmecorp.com *.olark.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com data: *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.authorize.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cmecorp.com *.olark.com *.google.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.googleapis.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com snap.licdn.com px.ads.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cmecorp.com *.olark.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com snap.licdn.com *.shopperapproved.com *.searchspring.net *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.hubspotusercontent.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net 'self' 'unsafe-inline'; object-src *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cmecorp.com *.olark.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.searchspring.io px.ads.linkedin.com *.authorize.net 'self' 'unsafe-inline'; child-src *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com *.hsforms.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cmecorp.com *.olark.com *.google.com *.youtube.com doubleclick.net *.doubleclick.net googletagmanager.com google-analytics.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.cmecorp.com 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-t0ARUGkKw7GL9h6k2giPkg==' 1
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 1
font-src https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com use.typekit.net https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://forms-eu1.hsforms.com https://c.clarity.ms https://c.bing.com https://track-eu1.hubspot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://www.clarity.ms https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hs-scripts.com https://www.google-analytics.com https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com https://p.typekit.net https://use.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com https://h.clarity.ms https://forms-eu1.hscollectedforms.net https://region1.google-analytics.com https://api-eu1.hubspot.com https://k.clarity.ms https://hits-i.iubenda.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.jsdelivr.net *.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com *.hotjar.com *.googletagmanager.com *.cookiebot.eu *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com imgsct.cookiebot.com *.multisafepay.com *.amazonaws.com *.pinterest.com *.google-analytics.com stoffsale.de staging.stoffsale.de stoffensale.nl staging.stoffensale.nl stoffensale.com staging.stoffensale.com stoffensale.dev stoffensalede.dev stoffensaleen.dev stoffenmarktm2.hypernode.io stoffdev.hypernode.io *.cloudflare.com *.cloudimage.io *.linkedin.com *.adsymptotic.com *.google.com *.google.nl *.trengo.eu *.bing.com *.visualwebsiteoptimizer.com *.etrusted.com *.feedbucket.app https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com consent.cookiebot.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.pinterest.com *.google-analytics.com *.googleoptimize.com *.wonderpush.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.googletagmanager.com *.chimpstatic.com *.adobetm.com polyfill.io *.doubleclick.net *.cookiebot.eu *.bing.com *.clarity.ms *.clarity.ms/collect *.pinimg.com *.trengo.eu *.brevo.com *.diffuse.tools sibautomation.com *.visualwebsiteoptimizer.com *.feedbucket.app https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com *.sendcloud.sc *.jsdelivr.net *.pinterest.com *.google-analytics.com *.bunny.net *.etrusted.com *.feedbucket.app https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.pinterest.com *.google-analytics.com *.cloudflare.com *.pingdom.net *.hotjar.com *.doubleclick.net *.usercentrics.eu *.bing.com *.trengo.eu *.clarity.ms *.clarity.ms/collect *.cookiebot.eu *.brevo.com *.diffuse.tools sibautomation.com *.visualwebsiteoptimizer.com *.googlesyndication.com *.feedbucket.app *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.pinterest.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://stoffdev.hypernode.io/; report-to report-endpoint; 1
default-src 'self' blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.matomo.cloud https://connect.facebook.net https://az416426.vo.msecnd.net https://www.googletagmanager.com https://static-resource.com https://cdn-javascript.net https://www.google.com https://tagmanager.google.com https://*.byggforsk.no https://matomojs.trackify.info https://www.youtube.com https://cdn.cookie-script.com https://www.youtube.com https://bat.bing.com https://cdn.cookie-script.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://*.byggforsk.no https://cdn.jsdelivr.net;img-src 'self' https: data: https://*.byggforsk.no https://www.facebook.com;frame-src https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;connect-src 'self' https://dc.services.visualstudio.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://www.google.com https://www.bing.com https://no.api4load.com https://data.brreg.no https://api.bring.com https://*.byggforsk.no https://sintef.matomo.cloud/matomo.php https://fonts.googleapis.com https://ewrkoyhc.api.sanity.io https://admin.kotobee.com https://consent.cookie-script.com https://bat.bing.com;report-uri https://byggforsk.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob; frame-ancestors none: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com static.lipscore.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com d3cfv1r84exbq1.cloudfront.net cdn.subscribers.com rum-static.pingdom.net static-tracking.klaviyo.com static-forms.klaviyo.com rum-collector-2.pingdom.net olivastu.com *.facebook.com www.google.co.in 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.weltpixel.com d3cfv1r84exbq1.cloudfront.net cdn.subscribers.com rum-static.pingdom.net static-tracking.klaviyo.com static-forms.klaviyo.com rum-collector-2.pingdom.net olivastu.com *.facebook.com www.google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com *.avada.io *.sharethis.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.referralcandy.com *.trustpilot.com *.cloudflare.com *.weltpixel.com d3cfv1r84exbq1.cloudfront.net cdn.subscribers.com rum-static.pingdom.net static-tracking.klaviyo.com static-forms.klaviyo.com rum-collector-2.pingdom.net olivastu.com *.facebook.com www.google.co.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com static.lipscore.com *.googleapis.com *.googletagmanager.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ wapi.lipscore.com users.lipscore.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.weltpixel.com d3cfv1r84exbq1.cloudfront.net cdn.subscribers.com rum-static.pingdom.net static-tracking.klaviyo.com static-forms.klaviyo.com rum-collector-2.pingdom.net olivastu.com *.facebook.com www.google.co.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BZFvHHv6kC7q6zu3wjioPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'nonce-xRHu3gaJu0HZpMqDBn57bA==' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.dopplepay.com *.finance-calculator.co.uk *.s3.eu-west-2.amazonaws.com *.dekopay.org *.deko-uat.com *.amazonaws.com *.cookiebot.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.salesfire.co.uk *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.dopplepay.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.facebook.com *.googlesyndication.com *.dopplepay.com *.clearpay.co.uk account.fetchify.com *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.deko-uat.com www.facebook.com platform.twitter.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.salesfire.co.uk *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.roeye.com *.dopplepay.com *.afterpay.com *.clearpay.co.uk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com s3.eu-west-1.amazonaws.com *.cookiebot.com https://firebasestorage.googleapis.com flagpedia.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.pbffinancecalculator.info cdn.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.dopplepay.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com cc-cdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.blackhorseflexpay.co.uk/ 'self' data: *.cookiebot.com www.google.co.uk *.avada.io *.shopify.com maps.googleapis.com connect.facebook.net twitter.com platform.twitter.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info *.paybyfinance.co.uk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.dopplepay.com *.afterpay.com/ *.squarecdn.com downloads.mailchimp.com cc-cdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.cookiebot.com *.typekit.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.salesfire.co.uk *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.dopplepay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk 'self' data: *.cookiebot.com *.googletagmanager.com *.typekit.net https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.staging-pbffinancecalculator.info *.pbffinancecalculator.info wss://*.staging-pbffinancecalculator.info wss://*.pbffinancecalculator.info *.paybyfinance.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.salesfire.co.uk *.smartmetrics.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-q5MBIbJJEpgldt6DogLpaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com pixel.adcrowd.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com dev.visualwebsiteoptimizer.com chatling.ai www.gstatic.com www.google.com js.braintreegateway.com assets.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com c.paypal.com pay.google.com pixel.adcrowd.com connect.facebook.net *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com *.fontawesome.com use.typekit.net *.typekit.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com chatling.ai pixel.adcrowd.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /report/csp-report.php?source=baumueller.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/   https://www.googletagmanager.com https://www.googletagmanager.com/ https://salesviewer.org https://*.leadlab.click/ https://*.google-analytics.com  https://www.google.com https://*.gstatic.com  https://*.googleapis.com  https://*.leadlab.click https://cdn.jsdelivr.net/ https://*.cookiefirst.com/ *.tawk.to cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://digital.baumueller.com/ https://pi.pardot.com/  https://www.googletagmanager.com/ https://www.google-analytics.com/ https://consent.cookiefirst.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cookiefirst.com/ https://salesviewer.org *.tawk.to fonts.googleapis.com cdn.jsdelivr.net; frame-src 'self' https://*.youtube.com https://www.google.com https://*.youtube-nocookie.com *.tawk.to https://www.googletagmanager.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.leadlab.click/ https://www.google-analytics.com https://translate.googleapis.com/ https://salesviewer.org/ https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com/pagead/ https://consent.cookiefirst.com/ https://edge.cookiefirst.com/ https://salesviewer.org  http://salesviewer.org *.tawk.to wss://*.tawk.to https://www.google.com/ccm/; img-src 'self' https://www.google.de/ads/*  https://www.google.de https://www.google.com https://www.baumueller.de/ https://*.ytimg.com  https://*.googleapis.com https://*.google-analytics.com https://*.leadlab.click  https://*.gstatic.com/ https://*.googleapis.com/ https://img.youtube.com *.tawk.to cdn.jsdelivr.net tawk.link; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.tawk.to fonts.gstatic.com; form-action *.tawk.to https://digital.baumueller.com/; frame-ancestors 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-N9tlm5E5ZMZSeT9Z84zkUBWtp' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.weltpixel.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.cloudfront.net imgsct.cookiebot.com guarantee-cdn.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com cdnjs.cloudflare.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com cash-f.squarecdn.com maxcdn.bootstrapcdn.com font.static.useinsider.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * www.facebook.com https://plumrocket.com *.amazon.co.uk *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * www.facebook.com www.youtube.com s7.addthis.com c.paypal.com assets.braintreegateway.com tst.kaptcha.com templespa.api.useinsider.com https://plumrocket.com *.paypalobjects.com *.criteo.com *.criteo.net td.doubleclick.net block.opendns.com e.issuu.com *.googletagmanager.com *.js.stripe.com hooks.stripe.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com * www.facebook.com *.templespa.com b.stats.paypal.com c.paypal.com dub.stats.paypal.com services.postcodeanywhere.co.uk stats.g.doubleclick.net bat.bing.com consent.linksynergy.com www.google.co.uk ut.ra.linksynergy.com nypi.dc-storm.com consent.nxtck.com consent.mediaforge.com consent.jrs5.com consent.dc-storm.com tcrnbekl.cdn.imgeng.in px.ads.linkedin.com ut.rd.linksynergy.com www.linkedin.com *.useinsider.com cx.atdmt.com https://images.unsplash.com *.disqus.com https://img.youtube.com cdn.cookielaw.org *.pubmatic.com *.doubleclick.net x.bidswitch.net ib.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com sync.1rx.io id5-sync.com *.360yield.com matching.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.adform.net *.unrulymedia.com *.media-amazon.com *.payments-amazon.com *.imgeng.in *.dmxleo.com *.google.ie *.google.co.in *.formstack.com *.google.com.au *.google.de *.google.com.tr track.linksynergy.com cdn.superpayments.com *.storyblok.com *.cdn.imgeng.in *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com connect.facebook.net *.auditiq.cloud s7.addthis.com js.braintreegateway.com c.paypal.com z.moatads.com v1.addthisedge.com m.addthis.com *.pcapredict.com assets.zendesk.com static.zdassets.com widget-mediator.zopim.com apps.elfsight.com services.postcodeanywhere.co.uk www.google.com www.gstatic.com js-agent.newrelic.com songbirdstag.cardinalcommerce.com bat.bing.com d2uor4thmqxhbf.cloudfront.net tag.rmp.rakuten.com bam.nr-data.net snap.licdn.com analytics.tiktok.com cdn.cookielaw.org geolocation.onetrust.com *.api.useinsider.com bam-cell.nr-data.net *.disqus.com paypal-eu-cdn.cloudiq.com *.criteo.com *.vimeo.com eval *.googletagmanager.com *.templespa.com *.yotpo.com *.formstack.com *.bc0a.com *.superpayments.com js.stripe.com *.stripecdn.com *.stripe.network cdn.superpayments.com cdnapisec.kaltura.com *.cdn.imgeng.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app maxcdn.bootstrapcdn.com cloud.typography.com services.postcodeanywhere.co.uk assets.api.useinsider.com *.templespa.com *.formstack.com *.adobedtm.com *.cdn.imgeng.in *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.auditiq.cloud static.zdassets.com/ ekr.zdassets.com templespa.zendesk.com wss://widget-mediator.zopim.com services.postcodeanywhere.co.uk stats.g.doubleclick.net cdn.cookielaw.org analytics.tiktok.com m.addthis.com bat.bing.com *.api.useinsider.com bam-cell.nr-data.net carrier.useinsider.com *.criteo.com px.ads.linkedin.com *.onetrust.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.amazon.com *.eu01.nr-data.net *.useinsider.com *.facebook.com measurement-api.criteo.com *.yotpo.com *.templespa.com *.bc0a.com *.superpayments.com *.analytics.google.com featureassets.org prodregistryv2.org *.seondnsresolve.com *.storyblok.com *.lambda-url.ap-south-1.on.aws web-sdk.smartlook.com cdn.segment.com api.stripe.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.izipay.pe *.doubleclick.net *.google.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://firebasestorage.googleapis.com *.perfumeriasunidas.com *.sentua.com sentua.com *.google.com *.google.es *.google.com.mx *.hubapi.com *.hubspot.com *.hsforms.com *.facebook.com *.google.com.pe data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://checkout.izipay.pe https://sandbox-checkout.izipay.pe *.avada.io *.shopify.com *.tiktok.com js.hubspot.com js.usemessages.com *.nr-data.net *.newrelic.com *.vnforapps.com *.facebook.com *.facebook.net *.luckyorange.com *.doubleclick.net *.hsleadflows.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.omappapi.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.paypalobjects.com *.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net *.braintreegateway.com *.cardinalcommerce.com *.unpkg.com plugins-media.makeupar.com *.hotjar.com cdn.jsdelivr.net *.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.omappapi.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.izipay.pe https://get.geojs.io *.avada.io *.tiktok.com forms.hscollectedforms.net *.doubleclick.net *.omappapi.com *.luckyorange.com *.hubapi.com *.hubspot.com *.nr-data.net *.newrelic.com *.useinsider.com *.facebook.com *.hotjar.com localhost api.perfumeriasunidas.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.facebook.com https://www.googletagmanager.com https://i.ytimg.com https://www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com https://www.gstatic.com https://js.nagich.co.il https://js-agent.newrelic.com https://bam.nr-data.net s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.nagich.co.il https://bam.nr-data.net ekr.zdassets.com/ https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://emdev1.greenboardnow.com/csp-report/CspLog/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com x.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardlink.gr *.alphaecommerce.gr *.eurocommerce.gr *.vivapayments.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com static.addtoany.com www.google.com widget-v5.boxnow.gr consentcdn.cookiebot.com www.googletagmanager.com *.contactpigeon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.gstatic.com *.googleapis.com *.google.com *.acscourier.net https://images.unsplash.com https://www.crocs.gr https://crocs.gr widget-v5.boxnow.gr tile.openstreetmap.org www.google.gr https://www.facebook.com https://connect.facebook.net https://imgsct.cookiebot.com *.contactpigeon.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com *.vivapayments.com static.addtoany.com www.google.com www.gstatic.com widget-v5.boxnow.gr cdnjs.cloudflare.com unpkg.com ajax.googleapis.com api.ipstack.com crocs.overguess.com js.klarna.com *.cookiebot.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com https://connect.facebook.net *.contactpigeon.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.gstatic.com widget-v5.boxnow.gr cdnjs.cloudflare.com unpkg.com crocs.overguess.com x.klarnacdn.net https://ping.contactpigeon.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com boxlockersloadfiles.blob.core.windows.net widgettranslations.blob.core.windows.net region1.analytics.google.com widget-v5.boxnow.gr crocs.overguess.com *.googlesyndication.com https://consentcdn.cookiebot.com *.contactpigeon.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src *.contactpigeon.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com https://applepay.cdn-apple.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://images.unsplash.com magefan.com cm.magefan.com cdn.doofinder.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://secure-magenta.dalenys.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com cdn.doofinder.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.googleapis.com *.googletagmanager.com assets.braintreegateway.com https://secure-magenta.dalenys.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.doofinder.com wss://*.doofinder.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-OThhODczYTQtM2Y5OS00MTQ4LWIwMmYtYTQ1ZGU5YzhiYzU2' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.smartsuppchat.com static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com calendar.livechatlite.com bootstrap.smartsuppchat.com blog.chatliveplus.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xfPhn-DEAr6M2j2fZvyOow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action *.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; img-src *.hubspot.com *.facebook.com *.bing.com *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com  google-analytics.com cdn-cookieyes.com *.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com https://devdocs.magento.com https://magento.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; connect-src  *.hubapi.com *.hubspot.com *.hscollectedforms.net *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com  google-analytics.com *.doubleclick.net *.cookieyes.com cdn-cookieyes.com google.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://devdocs.magento.com https://magento.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.net *.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; style-src *.zencdn.net *.adobe.com *.sharethis.com fonts.googleapis.com https://devdocs.magento.com https://magento.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.net *.facebook.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; font-src data: *.googleapis.com *.gstatic.com https://devdocs.magento.com https://magento.com *.google.com *.google.ca *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.net *.facebook.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; script-src *.facebook.net *.clickcease.com *.bing.com *.doubleclick.net  googletagmanager.com  *.googletagmanager.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hsleadflows.net *.hs-banner.com *.hs-scripts.com *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com  google-analytics.com cdn-cookieyes.com  *.hotjar.com  *.hubspot.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://devdocs.magento.com https://magento.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.com *.googleadservices.com *.adobedtm.com js.adsrvr.org *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.facebook.com *.fls.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com  google-analytics.com  youtube.com *.doubleclick.net fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com https://devdocs.magento.com https://magento.com *.bootstrapcdn.com *.postescanada-canadapost.ca *.tiktok.com *.facebook.net insight.adsrvr.org c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.klarnacdn.net *.charlesbentley.com *.bam.nr-data.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.trustpilot.com *.paypal.com *.xtento.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.reviews.io *.reviews.co.uk *.charlesbentley.com *.bam.nr-data.net *.webchat.dotdigital.com *.facebook.com *.trustpilot.com *.xtento.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.charlesbentley.com *.bam.nr-data.net *.adyen.com *.sandbox.paypal.com api.sandbox.braintreegateway.com *.klarna.com *.g.doubleclick.net/ *.amazon.com *.trustpilot.com *.addthis.com *.sharethis.com *.demdex.net *.facebook.com *.pinterest.com *.clarity.ms *.hotjar.com *.xtento.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.charlesbentley.com *.bam.nr-data.net *.quora.com *.bing.com *.reddit.com *.linkedin.com *.facebook.com t.co *.quantserve.com *.google.com *.google.co.in *.google.co.uk *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.sharethis.com *.cookiepro.com *.amazonaws.com *.pinterest.com *.trustpilot.com *.clarity.ms www.xtento.com *.pallex.com *.prfct.co *.adnxs.com *.rubiconproject.com *.openx.net *.doubleclick.net *.addthis.com *.yahoo.com *.omtrdc.net cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.instagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.charlesbentley.com *.bam.nr-data.net *.windows.net *.jquery.com *.klarnaservices.com *.klarnacdn.net *.sandbox.paypal.com *.postcodeanywhere.co.uk *.pcapredict.com *.sharethis.com *.cloudfront.net porjs.com *.chat.freshdesk.com *.trustpilot.com *.cookiepro.com xtento.com *.bing.com *.hotjar.com *.pinimg.com *.facebook.net *.perk0mean.com *.clarity.ms *.aptrinsic.com *.paypalobjects.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.cdn.salesfire.co.uk *.addtoany.com *.freshworks.com *.marketingautomation.services *.perfectaudience.com *.prfct.co *.pinterest.com *.tumblr.com *.facebook.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.typekit.net tagmanager.google.com *.charlesbentley.com *.bam.nr-data.net *.klarnacdn.net *.trustpilot.com *.yotpo.com *.twitter.com *.bootstrapcdn.com *.gstatic.com *.postcodeanywhere.co.uk *.pcapredict.com *.chat.freshdesk.com *.cookiepro.com *.paypal.com *.xtento.com *.widget.freshworks.com *.freshworks.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.smartmetrics.co.uk www.googleapis.com https://www.google-analytics.com *.charlesbentley.com *.bam.nr-data.net *.klarnaservices.com *.klarnaevt.com *.sandbox.paypal.com *.google-analytics.com *.g.doubleclick.net/ *.facebook.com *.postcodeanywhere.co.uk *.cookiepro.com *.sharethis.com *.chat.freshdesk.com *.trustpilot.com geolocation.onetrust.com *.pinterest.com *.clarity.ms *.hotjar.com *.aptrinsic.com *.xtento.com *.widget.freshworks.com *.freshworks.com *.googletagmanager.com *.googleadservices.com *.dpm.demdex.net *.live.smartmetrics.co.uk *.hit.salesfire.co.uk *.stbuttons.click *.gstatic.com *.addtoany.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-eNPZO1m_PGchtT2yds5yxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com *.hotjar.com;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com *.googletagmanager.com *.cloudfront.net *.hotjar.com; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://woonin.nl *.bugsnag.com *.hotjar.com; img-src 'self' data: *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com  umbracowebportalsprod.azureedge.net umbracowebportalsprod.blob.core.windows.net *.cookiebot.com *.tolkie.nl; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com  *.tolkie.nl cdnjs.cloudflare.com cdn.faceworks.nl ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com *.typography.com; frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'none'; report-uri /admin/csp-report.asp 1
font-src fonts.gstatic.com *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net fonts.cdnfonts.com use.typekit.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube-nocookie.com *.youtube.com *.braintreegateway.com player.vimeo.com pilot-payflowlink.paypal.com *.googletagmanager.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com https://www.google.com/recaptcha/ *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com stats.g.doubleclick.net www.google.com www.facebook.com www.googletagmanager.com *.adobe.com googleads.g.doubleclick.net analytics.google.com *.vimeocdn.com *.youtube.com maps.googleapis.com *.yandex.ru *.roma.rs assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com bid.g.doubleclick.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.yandex.com *.roma.rs assets.adobedtm.com *.adobe.com www.googleadservices.com *.vimeocdn.com *.clarity.ms *.youtube.com  www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net fonts.cdnfonts.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.avada.io dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://get.geojs.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/THEACA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/THEACA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/THEACA/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/THEACA/ https://higherlogicdownload.s3.amazonaws.com/THEACA/ https://higherlogiclongterm.s3.amazonaws.com/THEACA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/THEACA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/THEACA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/THEACA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/THEACA/ https://higherlogicdownload.s3.amazonaws.com/THEACA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/THEACA/ https://higherlogicstream.s3.amazonaws.com/THEACA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/THEACA/ https://higherlogicdownload.s3.amazonaws.com/THEACA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/THEACA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
base-uri 'self'; connect-src 'self' https://content.hotjar.io wss://ws.hotjar.com https://api.rollbar.com https://ninjafetch.com https://www.spaceflop.com https://www.commissionsoup.com wss://mpsnare.iesnare.com/star *.doubleclick.net https://www.paynearme.com https://www.google.com/pagead/1p-conversion https://vc.hotjar.io https://metrics.hotjar.io https://analytics.tiktok.com/api/v2 https://analytics.tiktok.com/api/v2/pixel https://analytics.google.com/g/collect https://www.google.com/ccm/collect https://www.google-analytics.com https://s.yimg.com/wi/config/10178813.json https://analytics.tiktok.com/api/v2/pixel/act bing.com *.bing.com; default-src 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://*.yodlee.com; frame-src 'self' https://widget.sophtron.com https://*.edgescore.com https://*.yodlee.com https://www.spaceflop.com https://www.commissionsoup.com https://www.paynearme.com https://www.googletagmanager.com https://td.doubleclick.net; img-src 'self' https://edge-public-assets.s3.us-east-2.amazonaws.com https://www.spaceflop.com https://www.commissionsoup.com https://um.simpli.fi https://googleads.g.doubleclick.net https://www.googleadservices.com https://cm.g.doubleclick.net/pixel https://images.totalcardinc.com https://bat.bing.com/action https://fonts.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sp.analytics.yahoo.com https://bat.bing.com/action/0 google.com *.google.com google.co.in *.google.co.in; object-src 'none'; script-src bing.com *.bing.com doubleclick.net *.doubleclick.net engagement.technology *.engagement.technology facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com ninjafetch.com *.ninjafetch.com paynearme.com *.paynearme.com revvi.com *.revvi.com sophtron.com *.sophtron.com simpli.fi *.simpli.fi yodlee.com *.yodlee.com yimg.com *.yimg.com unpkg.com *.unpkg.com tiktok.com *.tiktok.com google-analytics.com *.google-analytics.com 'unsafe-inline' 'self'; style-src 'self' https://ninjafetch.com https://www.paynearme.com https://unpkg.com/swiper@7/swiper-bundle.min.css https://www.googletagmanager.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'sha256-xWGOGGMGQQ+IV0Om4xzgbDHXUh/+L1c375p0Pb6vF9A=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng='; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=UyoaZkGCmZ_69kixq1yHnAqW2U.Zu.v46o.tiB19YpU-1773720850.592516-1.0.1.1-HxZmKrIU3Gnflem2sTAMFW67v6Xg2e1ADhPribGGLFxn_Mjy_iC612T96onK4TTmvNgrcNu7Xqk_fms35PfsReGXiJ2eaqErhiOLM14LIiJSwnX3IiycAc4oYUV8106SiT5fOEX9COqdsZIdig8JGcF28YU.716PV.fLtNiTi3zhaH0foEEbc6nJOR1Ute4f; report-to cf-enupbhwdizypbuge 1
style-src-elem https://*.mindbox.ru *.yclients.com *.googleapis.com 'unsafe-inline' 'self'; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.salonsecret.ru/ https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://*.salonsecret.ru/ https://*.matrix.ru https://matrix.ru 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.salonsecret.ru/ https://kerastaseru.push.world https://*.google.com https://*.doubleclick.net/ https://*.googletagmanager.com https://www.facebook.com/ *.doubleclick.net/ https://helpdeskeddy.loreal.com.ru https://loreal.helpdeskeddy.com https://beautyid.pro https://*.weborama.fr https://e-academie.ru https://vk.com https://ru.spotscan.com https://loreal-webconsultation.modiface.com  https://*.criteo.com https://*.criteo.net https://*.yclients.com https://*.yandex.ru/ https://*.yandex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.salonsecret.ru/ https://wf-ru-frontend.weborama-tech.ru https://wcm.weborama-tech.ru https://cstatic-ru-cv.weborama-tech.ru https://vk.com https://api-maps.yandex.ru https://www.google.com https://www.google.ru https://www.google.by https://cdn.retailrocket.net w1.yclients.com https://*.maps.yandex.net http://ad.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.mail.ru https://*.flocktory.com https://*.mindbox.ru https://*.leadplan.ru/ https://adservice.google.ru/ https://storage.cloud.croc.ru/ https://*.yandex.ru/ https://*.yandex.com *.doubleclick.net/ https://*.weborama.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com http://www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://*.salonsecret.ru/ https://cstatic.weborama-tech.ru https://cstatic.weborama.fr https://vk.com https://api-maps.yandex.ru https://yastatic.net http://cdn.retailrocket.ru https://www.google.com https://www.gstatic.com https://www.artfut.com https://cstatic-ru-cv.weborama-tech.ru http://*.yandex.ru https://*.facebook.net https://*.mindbox.ru https://loreal-luxe-services.directcrm.ru https://aprtx.com https://aprtn.com https://*.mail.ru https://*.lenmit.com https://top-fwz1.mail.ru http://*.lenmit.com https://*.flocktory.com https://kerastaseru.push.world https://cdn.leadplan.ru/ https://cdn.helpdeskeddy.com https://*.weborama.fr https://*.nr-data.net https://www.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.salonsecret.ru/ https://fonts.googleapis.com https://cdn.retailrocket.net https://w1.yclients.com https://*.mindbox.ru assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://analytics.google.com/ www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.salonsecret.ru/ https://mc.yandex.md https://tracking.retailrocket.net https://cdn.retailrocket.net https://api.retailrocket.net https://stats.g.doubleclick.net https://google-analytics.com https://geocode-maps.yandex.ru https://e-academie.ru https://mc.yandex.ru https://*.mindbox.ru https://*.mail.ru https://aprtx.com https://app.leadplan.ru/ https://www.google-analytics.com https://*.analytics.google.com/ https://*.nr-data.net https://suggestions.dadata.ru https://*.yandex.ru https://*.yandex.com *.doubleclick.net/ https://*.weborama.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.matrix.ru/csp/collect; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.xtento.com js.mollie.com *.weltpixel.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.googletagmanager.com js.stripe.com m.stripe.network www.facebook.com www.google.com tally.so 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.xtento.com cdn.xtento.com https://images.unsplash.com *.bird.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com www.burdastyle.fr www.facebook.com bat.bing.com *.burdastyle.fr *.burdastyle.com *.abo-online.fr *.burdastyle.es *.burdastyle.pt *.burdastyle.uk *.burdastyle.nl *.burdastyle.dk *.burdastyle.se *.burdastyle.pl *.faitmain-magazine.fr maps.googleapis.com www.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.xtento.com cdn.xtento.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com static.klaviyo.com connect.facebook.net *.googletagmanager.com bat.bing.com js.stripe.com m.stripe.network analytics.tiktok.com static.cloudflareinsights.com static-tracking.klaviyo.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.facebook.net *.a.klaviyo.com static-forms.klaviyo.com bat.bing.com m.stripe.com www.google.com www.google.fr region1.analytics.google.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.klarnacdn.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7ObJgaBuSkGQPDKQUcUnuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: ; script-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com ajax.googleapis.com translate.googleapis.com translate.google.com; style-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com fonts.googleapis.com translate.googleapis.com; img-src 'self' data: https://s.w.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com secure.gravatar.com www.gravatar.com translate.googleapis.com translate.google.com www.google.com www.gstatic.com i.ytimg.com; connect-src 'self' https://www.google.com translate.googleapis.com; font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com fonts.gstatic.com fonts.googleapis.com; media-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com; frame-src 'self' https://www.google.com www.youtube.com; child-src 'self' www.youtube.com; worker-src 'self' ; report-uri https://rxlogix.com?gdsih-csp-report; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com use.typekit.net https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * ls.smct.io d2d7do8qaecbru.cloudfront.net ad4m.at ban.2trk.info td.doubleclick.net my.lcmark.net *.klarna.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.cookiebot.com farmaciaospedale.com widget.feedaty.com www.facebook.com d3k81ch9hvuctc.cloudfront.net lantern.roeye.com as.ad4m.at track.adform.net cdn.iubenda.com www.google.it test.briconow.it *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.motive.co *.multisafepay.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com *.trovaprezzi.it *.cookiebot.com farmaciaospedale.com static.klaviyo.com cdn.doofinder.com widget.feedaty.com cdn.jsdelivr.net static-tracking.klaviyo.com www.dwin1.com cdn.iubenda.com connect.facebook.net lantern.roeyecdn.com cdn.preciso.net api.bounce-commerce.de assets.brandswap.com cdn.iintf.co widget.envolvetech.com smct.co www.upsellit.com assets.soreto.com awinscripts.tyviso.com js.smct.io cs.iubenda.com ad4m.at api.contester.net d16fk4ms6rqz1v.cloudfront.net api.recova.ai awin.etagdigital.com cdn.scalapay.com integrations.etrusted.com static.cloudflareinsights.com test.briconow.it code.jquery.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.motive.co *.multisafepay.com https://pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.sendcloud.sc *.jsdelivr.net tm.tradetracker.net tracking.trovaprezzi.it www.trovaprezzi.it www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.klaviyo.com farmaciaospedale.com cdn.jsdelivr.net widget.feedaty.com cdn.doofinder.com static.klaviyo.com cdn.iubenda.com p.typekit.net use.typekit.net *.feedaty.com https://fonts.googleapis.com https://static.klaviyo.com *.klarnacdn.net *.fontawesome.com *.multisafepay.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com *.cookiebot.com region1.analytics.google.com widget.feedaty.com fast.a.klaviyo.com static-forms.klaviyo.com routes.soreto.com eu1-layer.doofinder.com api.bounce-commerce.de tagapi.brandswap.com analytics.helpmechoose.services api.recova.ai cognito-identity.eu-west-1.amazonaws.com idb.iubenda.com envolve-chatbot-api-dot-envolvetech-001.nw.r.appspot.com firehose.eu-west-1.amazonaws.com bot-dot-envolvetech-001.appspot.com farmaciaospedale.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.motive.co *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src farmaciaospedale.com googleads.g.doubleclick.net ban.2trk.info www.wepowerconnections.com my.lcmark.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xMFzpTuSjSJArsygYWIdCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com tinyblessings.com tinyblessings.com/media https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.tinyblessings.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com maxcdn.bootstrapcdn.com tagmanager.google.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.zendesk.com *.zopim.com wss://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-HUHEtwkVC25MaaMgA7J3HA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_Q3UZp5LvrLw1BF6qBT6vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.beleuchtungdirekt.ch/de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.beleuchtungdirekt.ch/de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.beleuchtungdirekt.ch/de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-QrFwJ1F4DHQXxZFHg888HQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com youtube.com vimeo.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.creditguard.co.il vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.creditguard.co.il *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com youtube.com vimeo.com *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com youtube.com https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.iris.dias.com.gr *.test-iris.dias.com.gr *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://www.googletagmanager.com/ *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google-analytics.com *.googleadservices.com *.cookiebot.com mcusercontent.com *.lightemporium.com *.usercentrics.eu *.cloudflare.com *.twitter.com *.klarna.com *.ytimg.com *.twimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cookiebot.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com *.googletagmanager.com tagmanager.google.com *.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.googlesyndication.com *.cookiebot.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-c8K-TZaSy-ycn0xpJAS-fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.addthis.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.google.be www.google.fr www.google.de www.google.gr www.google.cz *.bing.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.bing.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.moatads.com *.pinterest.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com *.fontawesome.com *.multisafepay.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.bing.com *.addthis.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://aeab8f70-3b0f-403b-8efb-c839c9bad554.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.innoship.ro https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com *.weltpixel.com *.tawk.to https://b2d.springfarma.com/ https://consentcdn.cookiebot.eu/ *.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com 'self' data: www.google.ro/ads www.facebook.com/tr analytics.tiktok.com *.google-analytics.com *.analytics.google.com s.pinimg.com ct.pinterest.com www.google.com.ua *.tawk.to cdn.jsdelivr.net *.facebook.com *.omnitagjs.com *.google.ro https://b2d.springfarma.com *.adnxs.com *.mktr2.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com www.google.ro attr-2p.com cdnjs.cloudflare.com retargeting.newsmanapp.com analytics.tiktok.com https://connect.facebook.net s.pinimg.com ct.pinterest.com consent.cookiebot.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.cloudflareinsights.com *.clarity.ms *.newrelic.com *.cookiebot.eu *.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com t.themarketer.com cdn1.themarketer.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.mktr2.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com c1api.themarketer.com c2api.themarketer.com c3api.themarketer.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://connect.facebook.net analytics.tiktok.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to wss://*.tawk.to *.facebook.net https://www.google.com https://ams.creativecdn.com https://bam.eu01.nr-data.net *.nr-data.net *.cookiebot.eu *.clarity.ms *.googlesyndication.com *.tiktokw.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' escutaoveio.com *.escutaoveio.com wake-components.fbitsstatic.net escutaoveio.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.escutaoveio.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.googleadservices.com *.g.doubleclick.net *.tiktok.com *.google.com.br *.google.com *.googleapis.com *.googletagmanager.com *.co.ao *.google-analytics.com google.com google.pt connect.facebook.net google.com.br analytics.tiktok.com *.com.ph *.facebook.net *.smarthint.co *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br service.smarthint.co *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com gstatic.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io flipnet-assets.s3.sa-east-1.amazonaws.com *.flip.net.br wake-commerce-scripts.omni.chat *.fbitsstatic.net api-admin.widde.io cdn.widde.io videos.widde.io sdk.widde.io *.widde.io *.google.it *.visa.com *.escutaoveio.com.br *.wake.tech *.appmax.com.br *.tunagateway.com *.plataformasocial.com.br *.dito.com.br events.plataformasocial.com.br login.plataformasocial.com.br storage.googleapis.com js.dito.com.br *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.escutaoveio.com escutaoveio.com; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.cl www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page tagmanager.google.com https://www.googletagmanager.com *.retailrocket.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.impresee.com *.hotjar.com *.facebook.net *.clarity.ms *.clickcease.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com assets.braintreegateway.com cdn.impresee.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.clarity.ms *.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.google.com/ https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' data: 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://gum.criteo.com/ https://ct.pinterest.com/ https://server.souqstore.com.br *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://stats.g.doubleclick.net https://staticfiles.yviews.com.br https://service.yourviews.com.br https://api.pagar.me https://cdn.mundipagg.com https://img.youtube.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://c.clarity.ms https://newimgebit-a.akamaihd.net https://c.bing.com/ https://helpsouq.zendesk.com/ https://bat.bing.com/ https://oaz.sc.omtrdc.net/ https://www.souqstore.com.br/ https://server.souqstore.com.br cdn.mundipagg.com api.pagar.me data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com *.google.com/ http://viacep.com.br https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://www.googleoptimize.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net https://commerce.adobedtm.com https://js-agent.newrelic.com/ https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://www.clarity.ms/ https://imgs.ebit.com.br/ https://onsite.optimonk.com/ https://cdn-asset.optimonk.com/ https://gs-cdn.optimonk.com/ 'self' https://sslwidget.criteo.com/ https://pip.mimo.com.br/ https://ct.pinterest.com/ https://static.zdassets.com/ https://dynamic.criteo.com/ https://reviews.konfidency.com.br/ https://bat.bing.com/ https://s.pinimg.com/ https://www.dwin1.com/ https://flipnet-assets.s3.sa-east-1.amazonaws.com/ https://tag.goadopt.io/ 3ds2.pagar.me 3ds2-sdx.pagar.me https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.googleapis.com *.google.com tagmanager.google.com 'self' 'unsafe-inline'; object-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ widget.freshworks.com m2epro.freshdesk.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br https://newimgebit-a.akamaihd.net/ https://w.clarity.ms/ https://j.clarity.ms/ https://front.optimonk.com/ https://cdn-account.optimonk.com/ https://cdn-limit.optimonk.com/ https://jfapiprod.optimonk.com/ https://ekr.zdassets.com/ https://api.mimolivesales.com.br/ https://ct.pinterest.com/ https://helpsouq.zendesk.com/ https://idacomvoce.zendesk.com/ https://reviews-api.konfidency.com.br/ https://i.konduto.com/ https://oaz.tt.omtrdc.net/ https://server.souqstore.com.br api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' data: 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://td.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://facebook.com https://facebook.com.br https://facebook.net 'self' 'unsafe-inline' https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' *.xyplanningnetwork.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com googleapis.com *.cloudfront.net cloudfront.net *.cloudflare.com *.clarity.ms c.bing.com *.facebook.net *.facebook.com *.jsdelivr.net *.hubspot.com *.libsyn.com *.wistia.com browser.sentry-cdn.com *.doubleclick.net *.hsappstatic.net *.hubspotusercontent20.net *.hubspotusercontent-na1.net *.hscollectedforms.net *.usemessages.com *.hsleadflows.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hs-banner.net *.hsforms.net *.hsforms.com *.hubspotvideo.com *.hubspotfeedback.com *.hubapi.com *.unpkg.com *.whova.com https://whova.com *.google-analytics.com;   img-src 'self' data: *.xyplanningnetwork.com *.gstatic.com *.google-analytics.com *.s3.us-west-2.amazonaws.com *.wistia.com *.hsforms.net *.hubspotusercontent20.net *.googleapis.com *.googletagmanager.com *.rogerdooley.com *.bing.com *.clarity.ms *.hubspot.com *.hubspot.net *.googleusercontent.com *.hs-forms.com *.hsforms.com *.hubspotusercontent00.net *.hubspotusercontent-na1.net *.w3.org *.whova.com whova.com *.facebook.com *.clarity.ms c.bing.com www.google.com perf-na1.hsforms.com static.hsappstatic.net;   frame-src 'self' xyplanningnetwork.com player.vimeo.com *.xyplanningnetwork.com *.hs-sites.com *.facebook.com *.hsforms.com *.google.com *.doubleclick.net *.googletagmanager.com *.hubspot.com *.hubspotvideo.com *.hubspot.net *.youtube.com *.libsyn.com https://whova.com whova.com *.whova.com;   style-src 'self' 'unsafe-inline' *.xyplanningnetwork.com *.cloudflare.com *.fs1.hubspotusercontent-na1.net *.fontawesome.com *.hubspot.net *.googeapis.com *.googletagmanager.com *.hsappstatic.net *.gstatic.com fonts.googleapis.com;   connect-src 'self' *.zapier.com *.hsappstatic.net *.xyplanningnetwork.com *.cloudflare.com *.googleapis.com *.googlesyndication.com aeo-evaluator-production.up.railway.app aeo-optimizer-production.up.railway.app googleadservices.com *.googleadservices.com *.googletagmanager.com hubspot-forms-static-embed.s3.amazonaws.com *.facebook.com *.clarity.ms *.bing.com google.com *.google.com *.wistia.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubspot.net *.hubapi.com *.rippling.com *.hsforms.net *.hsforms.com *.hs-banner.com *.hsappstatic.net *.hscollectedforms.net; frame-ancestors 'self' https://*.xyplanningnetwork.com; block-all-mixed-content; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri /csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com *.facebook.com *.reddit.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.disqus.com https://cdn.jsdelivr.net *.googletagmanager.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com tagmanager.google.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doubleclick.net *.google-analytics.com maps.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.google.com/ ajax.googleapis.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.gstatic.com *.fontawesome.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.example.com https://media.example.org tile.openstreetmap.org mapa.orlenpaczka.pl ruch-osm.sysadvisors.pl static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com mapa.orlenpaczka.pl secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://sandbox-easy-geowidget-sdk.easypack24.net https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.example.com https://media.example.org https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com nominatim.openstreetmap.org secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.googletagmanager.com/ *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://use.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://a.klaviyo.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.fusionfirearms.com https://www.google-analytics.com https://stats.g.doubleclick.net cdn.doofinder.com https://files.zakeke.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://a.klaviyo.com https://static-tracking.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com media.sezzle.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.fusionfirearms.com https://www.googletagmanager.com https://stats.g.doubleclick.net *.cloudflare.com *.cloudflareinsights.com cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io *.shopify.com https://us1-config.doofinder.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fusionfirearms.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://use.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com fonts.cdnfonts.com fonts.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflareinsights.com *.cloudflare.com *.fusionfirearms.com https://www.google-analytics.com https://stats.g.doubleclick.net *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com https://get.geojs.io *.avada.io https://olegnax.com https://a.klaviyo.com https://static-tracking.klaviyo.com https://us1-config.doofinder.com https://api.instagram.com https://graph.instagram.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.automaticffl.com *.googleapis.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ZtSvx67TWKBa40YZrhSl1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
Content-Security-Policy:   default-src 'self';   script-src 'self' https://js.hs-scripts.com https://js.hsforms.net https://taggbox.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval';   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;   font-src 'self' https://fonts.gstatic.com;   img-src 'self' data: https://*.hubspotusercontent10.net https://taggbox.com https://*.google-analytics.com;   connect-src 'self' https://*.hubspot.com https://*.hsforms.com https://*.hubapi.com https://*.google-analytics.com;   object-src 'none';   base-uri 'self';   form-action 'self' https://*.hubspot.com https://*.hsforms.com;   frame-ancestors 'self';   upgrade-insecure-requests; 1
object-src 'none';base-uri 'self';script-src 'nonce-GWsLP2TQmpzjOmTtmiUURQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.hotjar.com *.typekit.net cdn.curator.io static.klaviyo.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com www.google.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com www.googletagmanager.com tm-plugin-test.azurewebsites.net demo.topmatsxxl.com plugin.topmatsxxl.com *.weltpixel.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com * scontent.fzty3-2.fna.fbcdn.net alb.reddit.com p.typekit.net www.facebook.com curator-assets.b-cdn.net magefan.com cm.magefan.com *.disqus.com https://www.mollie.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ use.typekit.net *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chimpstatic.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.list-manage.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com www.googletagmanager.com *.googleadservices.com consent.cookiefirst.com *.cookiefirst.com www.datadoghq-browser-agent.com bat.bing.com *.tidio.co *.tidiochat.com *.iubenda.com js-agent.newrelic.com cdn.curator.io sleeknotecustomerscripts.sleeknote.com www.redditstatic.com embed.sendcloud.sc cdn.jsdelivr.net www.gstatic.com *.disqus.com js.mollie.com www.google.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net *.googleapis.com 'unsafe-inline' data: *.curator.io *.cookiefirst.com fonts.googleapis.com maxcdn.bootstrapcdn.com pay.multisafepay.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src curatorio.s3.amazonaws.com curator-assets.b-cdn.net video-lga3-2.cdninstagram.com video-iad3-1.xx.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com gtm-mm85h6s-nzi2m.uc.r.appspot.com www.google-analytics.com www.google.com maps.googleapis.com *.livechatinc.com dev.visualwebsiteoptimizer.com www.googletagmanager.com pagead2.googlesyndication.com region1.analytics.google.com consent.cookiefirst.com www.redditstatic.com pixel-config.reddit.com edge.cookiefirst.com sendcloud-checkout-static-data.sendcloud.sc analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com k.clarity.ms analytics.sleeknote.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://static.cloudflareinsights.com/beacon.min.js cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform-api.sharethis.com https://unpkg.com https://ws.sharethis.com https://www.google.com mdbootstrap.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://static.cloudflareinsights.com/beacon.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform-api.sharethis.com https://unpkg.com https://ws.sharethis.com https://www.google.com mdbootstrap.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
script-src 'nonce-TDL1Jp8U6XHP7F2xrZp4bQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=pM1Ju_oOROuj5R9e8fBEmX3jzsIWSp5-6wJwPmGQDX6jZzd83T6EXgh8vYGycrIQGC64ieqky0rU&policy_id=2&user_id=&request_id=f49de365-08e4-40e4-8f8e-c84a8b4474fc; report-to csp-endpoint-pmjuooroujrefbemxjzsiwspwjwpmgqdxjzzdtexghvygycriqgcieqkyru; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' *.mercadolibre.cl:* *.mercadolibre.com:* *.mercadolibre.com.ve:* *.mercadolibre.com.ar:* *.mercadolivre.com.br:* *.mercadolibre.com.co:* *.mercadolibre.com.ec:* *.mercadolibre.com.mx:* *.mercadolibre.com.pe:* *.mercadolibre.com.uy:* *.mercadopago.cl:* *.mercadopago.com.ar:* *.mercadopago.com.br:* *.mercadopago.com.co:* *.mercadopago.com.mx:* *.mercadopago.com.pe:* *.mercadopago.com.uy:* *.mercadopago.com.ve:* *.mercadopago.com:* *.adminml.com:* *.mercadolibre.co.cr:* *.mercadolibre.com.pa:* *.mercadolibre.com.do:* *.mercadolibre.com.bo:* *.mercadolibre.com.py:* *.mercadolibre.com.gt:* *.mercadolibre.com.hn:* *.mercadolibre.com.ni:* *.mercadolibre.com.sv:* *.mercadopago.com.ec:* *.portalinmobiliario.com:* *.mercadolivre.com:*; require-trusted-types-for 'script' 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; media-src 'self' https:; worker-src 'self'; object-src 'none'; frame-src 'self' https:; frame-ancestors 'self' https://clientportal.medcor.com https://clientportalstaging.medcor.com; base-uri 'self'; form-action 'self' https: 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarnacdn.net static.lipscore.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.klarna.com js.mollie.com www.googletagmanager.com main-3462.trlution.com *.vipps.no 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com blob: img.youtube.com mageside.com https://www.mollie.com *.cloudflare.com *.vipps.no ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.klarnaservices.com *.klarnacdn.net x.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com js.mollie.com main-3462.trlution.com *.cloudflare.com *.twitter.com *.fontawesome.com graph.instagram.com *.vipps.no tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.klarnacdn.net https://static.klaviyo.com static.lipscore.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarnauserservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ wapi.lipscore.com users.lipscore.com *.cloudflare.com *.vipps.no 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://checkout.vipps.no/; report-to report-endpoint; 1
style-src-elem fonts.googleapis.com www.gstatic.com static.klaviyo.com static-tracking.klaviyo.com ssl.kaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem maps.googleapis.com translate.google.com translate-pa.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.google.com *.gstatic.com connect.facebook.net *.cloudflare.com *.jeanpaulfortin.com tst.kaptcha.com *.postescanada-canadapost.ca *.hotjar.com bat.bing.com *.trackedlink.net *.dotdigital-pages.com googleads.g.doubleclick.net *.googlesyndication.com ssl.kaptcha.com static-tracking.klaviyo.com static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.googletagmanager.com www.facebook.com *.doubleclick.net tst.kaptcha.com ssl.kaptcha.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.openstreetmap.org https://maps.googleapis.com www.facebook.com maps.googleapis.com maps.google.com www.gstatic.com fonts.gstatic.com maps.gstatic.com translate.google.com www.google.ca *.doubleclick.net *.googlesyndication.com bat.bing.com *.jeanpaulfortin.com *.postescanada-canadapost.ca connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net maps.googleapis.com www.facebook.com graph.facebook.com business.facebook.com *.avada.io *.hsforms.net *.hsforms.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com www.gstatic.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.openstreetmap.org https://maps.googleapis.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com maps.googleapis.com translate.googleapis.com www.google.com tst.kaptcha.com *.googlesyndication.com bat.bing.com *.postescanada-canadapost.ca ssl.kaptcha.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; 1
font-src *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.s3.eu-west-2.amazonaws.com *.dekopay.org *.deko-uat.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.typekit.net fonts.gstatic.com *.boldr.dev *.typekit.net www.attwoolls.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com www.attwoolls.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com www.attwoolls.co.uk 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.deko-uat.com https://www.googletagmanager.com/ https://*.doubleclick.net/ www.xtento.com www.attwoolls.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network https://*.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com s3.eu-west-1.amazonaws.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://firebasestorage.googleapis.com https://*.placeholder.com angus.finance-calculator.co.uk services.postcodeanywhere.co.uk www.google.nl www.google.co.uk/ads/ga-audiences www.google.nl/ads/ga-audiences www.google.co.uk/pagead/ https://cdn-cookieyes.com https://dashboard.feedbucket.app www.xtento.com cdn.xtento.com www.attwoolls.co.uk data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.blackhorseflexpay.co.uk/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com https://*.crazyegg.com/ https://*.jivosite.com/ https://*.youtube.com/ https://*.doubleclick.net/ services.postcodeanywhere.co.uk johna11120.pcapredict.com https://cdn-cookieyes.com cdn.feedbucket.app *.klaviyo.com js.datadome.co www.xtento.com cdn.xtento.com www.attwoolls.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.typekit.net https://*.jivosite.com/ angus.finance-calculator.co.uk services.postcodeanywhere.co.uk johna11120.pcapredict.com https://cdn.feedbucket.app *.klaviyo.com *.typekit.net www.attwoolls.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.jivosite.com/ blob: www.attwoolls.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io https://*.jivosite.com/ https://*.crazyegg.com/ services.postcodeanywhere.co.uk region1.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com dashboard.feedbucket.app cdn.feedbucket.app *.klaviyo.com api-js.datadome.co www.attwoolls.co.uk 'self' 'unsafe-inline'; child-src www.attwoolls.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.attwoolls.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https://cdnjs.cloudflare.com; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.flix360.io *.flixcar.com *.flixfacts.com *.hotjar.com live.icecat.biz i.icomoon.io fonts.gstatic.com *.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.createsend.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.youtube-nocookie.com *.doubleclick.net *.facebook.com *.flixcar.com *.flixfacts.com *.google.com *.loadbee.com koalendar.com vemcount.app www.googletagmanager.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.assetsadobe2.com *.doubleclick.net *.facebook.com *.facebook.net *.flix360.com *.flix360.io *.flixcar.com *.flixfacts.com *.google.com *.googleapis.com *.gstatic.com *.icecat.biz *.smeg.be *.tiktok.com assets-jpcust.jwpsrv.com cdn.jwplayer.com img.sct.eu1.usercentrics.eu www.google.be www.google.co.uk www.google.ro maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com imgsct.cookiebot.eu https://images.unsplash.com magefan.com cm.magefan.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.cookiebot.eu *.createsend1.com *.facebook.net *.flix360.io *.flixcar.com *.flixfacts.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.icecat.biz *.icecat.studio *.tiktok.com cdn.loadbee.com maps.googleapis.com consent.cookiebot.com consent.cookiebot.eu https://maps.googleapis.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.flixcar.com *.googletagmanager.com *.gstatic.com *.icecat.biz *.typography.com i.icomoon.io fonts.googleapis.com *.typekit.net *.multisafepay.com *.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flixcar.com *.icecat.biz 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.facebook.com *.flix360.com *.flixcar.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.icecat.biz *.loadbee.com *.tiktok.com createsend.com wss://ws.hotjar.com maps.googleapis.com stats.g.doubleclick.net consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d715b72e-f2fb-4c67-a2d8-311d494776bc.sansec.watch/; report-to report-endpoint; 1
base-uri 'self'; script-src 'report-sample' 'self' 'nonce-zJaIE1zXzORiwwEKUybvP1fKQ8RIRcIR9yZ7aKwT+Y0=' 'unsafe-eval' blob: https://*.codingame.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.usemessages.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://tracking.g2crowd.com https://apis.google.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.welcomekit.co https://www.youtube.com https://www.slideshare.net https://vimeo.com https://techiotest.disqus.com https://techio.disqus.com https://disqus.com https://c.disquscdn.com https://*.privacymanager.io https://query.yahooapis.com/v1/public/yql; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' https:; img-src blob: data: https:; connect-src blob: data: https: wss:; frame-src https://*.codingame.com https://*.codingame-app.com https://disqus.com https://www.facebook.com https://www.google.com https://www.youtube.com https://m.youtube.com https://player.vimeo.com; frame-ancestors 'self'; media-src https: data: blob:; object-src 'none'; form-action https://coderunner.codingame.com https://www.facebook.com/tr/ https://translate.google.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1990d17bff20213f8c92c64ac7b34136&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acommunity-webapp%2Cenv%3Aproduction 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.bootstrap.com 'self' data: *.googleapis.com *.iwdagency.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.yotpo.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.addthis.com https://s7.addthis.com/ *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://mas.astralweb.com.tw *.cloudflare.com *.google-analytics.com *.paypalobjects.com *.googleapis.com *.iwdagency.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.gstatic.com https://maps.googleapis.com https://www.addthis.com https://s7.addthis.com/ m.addthis.com *.addthisedge.com *.paypalobjects.com *.paypal.com z.moatads.com https://services.sheerid.com/jsapi/SheerID.js https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/sheerid.js *.attn.tv *.attentivemobile.com *.iwdagency.com *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.iwdagency.com *.yotpo.com *.googleapis.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.cardinalcommerce.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/sheerid.js https://www.addthis.com *.attn.tv *.attentivemobile.com *.iwdagency.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ybB5P_B9Z6wM84oqCDXlyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; media-src 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss:; form-action 'self' https:; manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://euc-widget.freshworks.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://a.storyblok.com https://*.blob.core.windows.net https://*.mcsnl.io https://images.cdn.europe-west1.gcp.commercetools.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com; font-src 'self' data: https://euc-widget.freshworks.com https://*.freshworks.com; connect-src 'self' https://api.storyblok.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://euc-widget.freshworks.com https://*.freshdesk.com https://*.freshworks.com; frame-src https://mcswebsitefunctions.azurewebsites.net https://www.youtube.com https://consent.cookiebot.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; report-uri /_csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://itch-production.web.app https://teamdev.download https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://region1.google-analytics.com https://ajax.googleapis.com https://www.googletagservices.com https://doubleclick.net https://googleadservices.com https://pagead2.googlesyndication.com https://connect.facebook.net https://www.facebook.com https://static.ads-twitter.com https://platform.twitter.com https://platform.linkedin.com https://www.linkedin.com https://www.woopra.com https://static.woopra.com https://static.hotjar.com https://script.hotjar.com https://vc.hotjar.io https://buttons.github.io https://unpkg.com https://code.jquery.com https://cdn.cookie-script.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; connect-src 'self' https://api.teamdev.com https://backend.stage.teamdev.com https://itch-fastapi-prod-145676959489.europe-west1.run.app https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://static.woopra.com https://www.woopra.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://cdn.cookie-script.com; img-src 'self' data: https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; report-uri https://api.teamdev.com/security/csp/report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.flashyapp.com api.flashy.app *.flashy.dev *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.flashyapp.com api.flashy.app *.flashy.dev *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * gateway21.pelecard.biz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.disqus.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com gateway21.pelecard.biz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.flashyapp.com api.flashy.app *.flashy.dev *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.disqus.com cdn.jsdelivr.net maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.clarity.ms gateway21.pelecard.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.flashyapp.com api.flashy.app *.flashy.dev *.cloudflare.com *.twitter.com *.twimg.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com *.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com *.groupeseb.com *.creativecdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com tracker.aqurate.ai https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com *.flix360.com *.flixcar.com *.flix360.io *.3lift.com *.doubleclick.net *.google.com *.nexx360.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com tracker.aqurate.ai *.sameday.ro unpkg.com/map-fanbox-points@0.0.5/umd/map-fanbox-points.js https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com *.gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com aqurate.ai *.flixcar.com *.flix360.io *.flixfacts.com popupsmart.com *.sharethis.com *.tiktok.com *.omniconvert.com *.2performant.com tagmanager.google.com *.creativecdn.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sameday.ro assets.braintreegateway.com *.googleapis.com *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com *.popupsmart.com popupsmart.com *.flixcar.com tagmanager.google.com 'self' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com tracker.aqurate.ai *.fancourier.ro https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.ro googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io *.google-analytics.com *.sharethis.com *.enzuzo.com *.flixcar.com *.tiktok.com *.omniconvert.com region1.google-analytics.com *.usehardal.com *.creativecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://ic-seo.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp https://s.w.org; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ic-seo.com https://region1.google-analytics.com; worker-src blob:; object-src 'none'; base-uri 'self'; form-action 'self'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; style-src https://www.googletagmanager.com/ *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; default-src https://www.epay.bg https://online.epay.bg *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src https://www.google.bg/ https://cdn1.mktr2.com/ https://chart.googleapis.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.tbicp.com t.themarketer.com cdn1.themarketer.com 'self' data: https://cdn.tbibank.support *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; connect-src https://ekr.zdassets.com/ https://dimitarstoichkov.zendesk.com/ wss://widget-mediator.zopim.com/ https://googleads.g.doubleclick.net/ https://c2api.themarketer.com/ https://stats.g.doubleclick.net/ https://www.google.bg/ https://chart.googleapis.com/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://beta.tbibank.support *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; script-src https://v2.zopim.com/ https://static.zdassets.com/ https://www.epay.bg https://online.epay.bg assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com *.tbicp.com *.avada.io t.themarketer.com cdn1.themarketer.com *.google.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.klevu.com *.ccbagroup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.whatsapp.net *.ccbagroup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://js-agent.newrelic.com https://apps.mypurecloud.ie *.ccbagroup.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com https://cdnjs.cloudflare.com *.ccbagroup.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://edge.adobedc.net https://bam.nr-data.net https://api-cdn.mypurecloud.ie *.ccbagroup.com https://adobedc.demdex.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.sportcerebral.com *.megastar.fr *.denksport.com *.tankesport.se *.tankesport.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu www.paypalobjects.com sportcerebral1.solution.weborama.fr td.doubleclick.net 3702a098-32b9-4861-a031-0c4bc8b7e7f0-webclient.conversed.biz widget.trustpilot.com notifications.wisepops.com wisepops.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.sportcerebral.com *.megastar.fr *.denksport.com *.tankesport.se *.tankesport.dk consentcdn.cookiebot.com imgsct.cookiebot.com consentcdn.cookiebot.eu imgsct.cookiebot.eu *.google.nl bat.bing.com secure.adnxs.com img.sct.eu1.usercentrics.eu cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net www.xtento.com cdn.xtento.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net consentcdn.cookiebot.com consent.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.eu static.axept.io static.cloudflareinsights.com js-agent.newrelic.com view.publitas.com bat.bing.com cstatic.weborama.fr cdn-4.convertexperiments.com embed.typeform.com 3702a098-32b9-4861-a031-0c4bc8b7e7f0-webclient.conversed.biz config.gorgias.chat scripts.makeinfluence.com widget.trustpilot.com cdn.wisepops.com loader.wisepops.com notifications.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net static.hotjar.com script.hotjar.com www.clarity.ms scripts.clarity.ms sleeknotecustomerscripts.sleeknote.com src.mastercard.com *.keesing.com www.xtento.com cdn.xtento.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.tagmanager.google.com *.googletagmanager.com *.sportcerebral.com *.megastar.fr *.denksport.com *.tankesport.se *.tankesport.dk fonts.gstatic.com embed.typeform.com *.keesing.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.sportcerebral.com *.megastar.fr *.denksport.com *.tankesport.se *.tankesport.dk pagead2.googlesyndication.com *.nr-data.net *.clarity.ms api.typeform.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net consentcdn.cookiebot.com consentcdn.cookiebot.eu client.axept.io api.axept.io *.hotjar.io o24547.ingest.sentry.io sentry.io app.getsentry.com bat.bing.com bat.bing.net www.google.com wss://ws.hotjar.com *.keesing.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.sportcerebral.com *.megastar.fr *.denksport.com *.tankesport.se *.tankesport.dk ws.hotjar.com metrics.hotjar.io *.keesing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.yotpo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.youtube.com *.yotpo.com *.creditguard.co.il *.vimeo.com *.googletagmanager.com *.google.com *.xtento.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.paypal.com *.typekit.net p.typekit.net s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.gstatic.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il https://www.google *.magentocommerce.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il *.vimeo.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.youtube.com *.xtento.com *.paypal.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il vimeo.com player.vimeo.com *.luckyorange.com *.googleapis.com wss://realtime.luckyorange.com wss://in.visitors.live/socket.io wss://in.visitors.live/socket.io/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com *.stape.io https://fonts.bunny.net *.cloudflare.com *.bootstrapcdn.com *.trustedshops.com https://geowidget.easypack24.net https://widgets.trustedshops.com themes.googleusercontent.com at.alicdn.com kadax.pl *.thulium.com *.clickonometrics.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com https://plumrocket.com kadax.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com kadax.pl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net cdn.dnky.co *.hotjar.com *.google.com/ *.facebook.com *.trustpilot.com *.criteo.com https://plumrocket.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ js-agent.newrelic.com swg-2-rog.gkpge.pl kadax.pl *.addthis.com plumrocket.com *.paypo.pl *.payu.com *.mainadv.com *.creativecdn.com https://td.doubleclick.net/ *.clickonometrics.pl *.tiktok.com paypo.pl 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://ssl.ceneo.pl *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net cdn.flbx.io *.cloudfront.net magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.google.com.ua *.google.co.uk *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.stape.io https://img.youtube.com https://firebasestorage.googleapis.com *.cloudflare.com https://cdn.klarna.com *.magentocommerce.com *.tpay.com *.payu.com https://s.ytimg.com *.usercentrics.eu static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.google.pl blob www.google.de www.google.at bam.eu01.nr-data.net www.google.com.ua www.google.sk www.google.ca www.google.se www.google.ch www.google.no www.google.com.pe www.google.cz www.google.co.uk www.google.fr files.mirasvit.com www.google.co.kr www.google.bg www.google.ie www.google.co.in log.pinterest.com www.google.is www.google.be www.google.com.au www.google.dk www.google.com.my consent.cookiefirst.com kadax.pl *.rzetelnyregulamin.pl static.paynow.pl *.bing.com *.clarity.ms https://lantern.roeye.com *.yieldmo.com e-planning.net *.e-planning.net *.mczbf.com *.emjcd.com cj.dotomi.com *.clickonometrics.pl *.sharethrough.com *.lijit.com *.omnitagjs.com *.ne.jp *.loopme.me *.onetag-sys.com *.mgid.com *.adtarget.com.tr *.rakuten.com *.visx.net *.opera.com *.bing.net *.fbcdn.net *.ggpht.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.addtoany.com/ https://maps.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://ssl.ceneo.pl *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com https://cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.getflowbox.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.stape.io *.avada.io *.shopify.com *.google.com/ *.cloudflare.com *.usercentrics.eu *.tpay.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com js-agent.newrelic.com consent.cookiefirst.com delivery.clickonometrics.pl kadax.pl *.gdpsystem.eu *.rzetelnyregulamin.pl *.furgonetka.pl https://z.moatads.com *.addthisedge.com *.addthis.com *.cloudfront.net *.bing.com *.payu.com *.tiktok.com *.thulium.com *.roeyecdn.com *.creativecdn.com *.prefixbox.com static.paynow.pl *.mczbf.com *.clickonometrics.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googletagmanager.com *.stape.io https://fonts.bunny.net *.cloudflare.com *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.usercentrics.eu https://geowidget.easypack24.net https://geowidget.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com consent.cookiefirst.com kadax.pl *.rzetelnyregulamin.pl *.gdpsystem.eu *.cloudfront.net *.clickonometrics.pl 'self' 'unsafe-inline'; object-src kadax.pl *.rzetelnyregulamin.pl *.clickonometrics.pl 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net kadax.pl *.rzetelnyregulamin.pl *.thulium.com *.clickonometrics.pl *.flbx.io 'self' 'unsafe-inline'; manifest-src kadax.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://stats.addtoany.com/menu https://maps.googleapis.com https://player.vimeo.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.getflowbox.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io *.cloudflare.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site www.google.pl www.google.sk www.google.com.pe properties www.google.nl www.google.com.ua www.google.de www.google.ie www.google.co.in www.google.ro www.google.by www.google.hu www.google.be ws.hotjar.com api.edrone.me content.hotjar.io kadax.pl *.gdpsystem.eu *.addthis.com *.edrone.me *.cloudfront.net *.ipify.org *.payu.com *.tiktok.com *.thulium.com wss://chat-proxy-service.thulium.com/netfox/panel.io/ wss://ws.hotjar.com/api/v2/client/ * data: *.clickonometrics.pl 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com kadax.pl http: https: blob: 'self' 'unsafe-inline'; default-src kadax.pl *.rzetelnyregulamin.pl *.clickonometrics.pl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri kadax.pl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com www.shreehari.co 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ccavenue.com *.yotpo.com www.shreehari.co 'self' 'unsafe-inline'; frame-ancestors www.shreehari.co 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ccavenue.com *.weltpixel.com *.yotpo.com www.shreehari.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ccavenue.com *.yotpo.com www.shreehari.co 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com www.shreehari.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com www.shreehari.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.shreehari.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com www.shreehari.co 'self' 'unsafe-inline'; child-src www.shreehari.co http: https: blob: 'self' 'unsafe-inline'; default-src www.shreehari.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://accounts.google.com https://www.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io content.holmbank.ee www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.com https://www.google.ee https://www.google-analytics.com https://www.facebook.com https://cookie-cdn.cookiepro.com https://*.cookiepro.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cookie-cdn.cookiepro.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://stats.g.doubleclick.net https://privacyportal.cookiepro.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vivapayments.com *.cardlink.gr *.eurocommerce.gr *.iris.dias.com.gr *.test-iris.dias.com.gr *.piraeusbank.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://widget-v5.boxnow.gr https://widget-v5.boxnow.cy 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.vivapayments.com *.disqus.com *.avada.io *.shopify.com https://cdnjs.cloudflare.com maps.googleapis.com *.piraeusbank.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors app.cux.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube-nocookie.com pay.google.com play.google.com *.autopay.eu https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * www.youtube.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com pixel.wp.pl trustmate.io facebook.com *.cookiebot.com www.google.pl www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.dwin1.com dc.cux.io connect.facebook.net *.livechatinc.com *.luigisbox.com pixel.wp.pl *.comfino.pl trustmate.io *.cookiebot.com *.hotjar.com *.adform.net unpkg.com static.clickonometrics.pl www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.autopay.eu *.googleapis.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com unpkg.com *.comfino.pl trustmate.io *.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.analytics.google.com *.track.cux.io pixel.wp.pl *.comfino.pl *.cookiebot.com *.hotjar.com *.adform.net stats.g.doubleclick.net ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-CTqOZKGsdAnx6atQF-HDxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src scontent-hel3-1.cdninstagram.com/ instagram.com/ *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ stats.g.doubleclick.net googleads.g.doubleclick.net/pagead/landing dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences wheelioapp.azureedge.net dealioappstorage.blob.core.windows.net static.klaviyo.com d3k81ch9hvuctc.cloudfront.net/ scontent-hel3-1.cdninstagram.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com wheelioapp.azureedge.net static-tracking.klaviyo.com *.adobe.com https://static.klaviyo.com *.fontawesome.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com static.klaviyo.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com static.klaviyo.com static.klaviyo.com/ cdnjs.cloudflare.com/ dashboard.wheelio-app.com/api/wheelioapp/ www.wheelioapp.azureedge.net/app/ www.wheeliofuncstats.azurewebsites.net/api/ www.wheeliofuncstats.azurewebsites.net www.wheeliofuncstats.azurewebsites.net/ wheelioapp.azureedge.net/app/ wheeliofuncstats.azurewebsites.net/api/ scontent-hel3-1.cdninstagram.com/ https://widget-cdn.boxnow.bg/map-widget/client/v4.js https://static.cloudflareinsights.com assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com www.facebook.com graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.easypack24.net *.gdpsystem.eu *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.dpd.com.pl *.easypack24.net *.inpost.pl *.openstreetmap.org *.gdpsystem.eu https://ssl.ceneo.pl pay.google.com apm.przelewy24.pl https://www.googletagmanager.com/ *.packeta.com secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.google.pl *.easypack24.net *.inpost.pl *.openstreetmap.org pieceofcase.pl *.gdpsystem.eu *.googleusercontent.com https://*.elfsightcdn.com https://ssl.ceneo.pl static.przelewy24.pl www.gstatic.com gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com static.payu.com *.hsforms.net *.hsforms.com https://*.bing.com https://us-ms.gr-cdn.com https://bat.bing.net https://*.googlesyndication.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.google.pl *.hotjar.com *.poczta-polska.pl unpkg.com *.mapbox.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.gdpsystem.eu https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://*.elfsight.com https://ssl.ceneo.pl sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl https://cdnjs.cloudflare.com cdnjs.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.packeta.com secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com https://an.gr-wcon.com https://bat.bing.com https://us-an.gr-cdn.com https://us-wbe.gr-cdn.com https://*.elfsightcdn.com https://app.responso.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.gdpsystem.eu https://cdnjs.cloudflare.com cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.easypack24.net pieceofcase.pl *.gdpsystem.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://googleads.g.doubleclick.net *.googlesyndication.com *.tiktok.com wss://ws.hotjar.com *.hotjar.io *.easypack24.net *.inpost.pl *.openstreetmap.org *.gdpsystem.eu https://*.g.doubleclick.net https://*.elfsight.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com https://*.getresponse.com https://ts.getresponse.pl https://bat.bing.net https://*.googlesyndication.com https://app.responso.com https://participant.connect.eu-west-2.amazonaws.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com bat.bing.com vwe.gr-wcon.com cdn.jsdelivr.net unpkg.com https://analytics-ipv6.tiktokw.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.prosto.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.clarity.ms *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com play.google.com *.autopay.eu secure.payu.com merch-prod.snd.payu.com *.prosto.com *.twitter.com *.pay.google.com *.cards-accept.bm.pl *.googletagmanager.com *.savecart.pl pixel.wp.pl *.hotjar.com *.facebook.net *.google.com *.clarity.ms *.pinterest.com *.packeta.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu static.payu.com *.prosto.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.googletagmanager.com *.savecart.pl pixel.wp.pl *.hotjar.com *.facebook.net *.facebook.com *.clarity.ms *.wp.pl  *.gdpsystem.eu   *.pinimg.com  *.tiktok.com  *.google.pl *.amazonaws.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com cards-accept.bm.pl google.com paypal.com secure.payu.com secure.snd.payu.com *.prosto.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.savecart.pl pixel.wp.pl *.hotjar.com *.facebook.net *.clarity.ms *.wp.pl  *.gdpsystem.eu   *.pinimg.com  *.tiktok.com  *.google.pl  *.inis360.com *.avada.io *.packeta.com *.google.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.autopay.eu *.googleapis.com *.prosto.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.wp.pl  *.gdpsystem.eu   *.pinimg.com  *.tiktok.com  *.google.pl maxcdn.bootstrapcdn.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.gstatic.com secure.payu.com merch-prod.snd.payu.com *.prosto.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.savecart.pl *.pinterest.com *.hotjar.com *.clarity.ms *.wp.pl  *.gdpsystem.eu   *.pinimg.com  *.tiktok.com  *.google.pl  *.google.com https://get.geojs.io *.avada.io *.packeta.com t.elasticsuite.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://prosto.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.feedbackcompany.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com consentcdn.cookiebot.com *.googletagmanager.com blob: landofcoder.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com imgsct.cookiebot.com www.facebook.com www.google.nl cdn.doofinder.com *.feedbackcompany.com 'self' data: magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.feedbackcompany.com static.elfsight.com consent.cookiebot.com eu1-config.doofinder.com connect.facebook.net consentcdn.cookiebot.com ct.beslist.nl cdn.doofinder.com *.feedbackcompany.com *.disqus.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com tm.tradetracker.net landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.doofinder.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com region1.google-analytics.com www.google-analytics.com www.feedbackcompany.com core.service.elfsight.com service-reviews-ultimate.elfsight.com pagead2.googlesyndication.com www.youtube.com www.facebook.com connect.facebook.net consentcdn.cookiebot.com ct.beslist.nl www.google.com region1.analytics.google.com stats.g.doubleclick.net *.doofinder.com wss://*.doofinder.com *.feedbackcompany.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com landofcoder.com *.pay.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://snarenshop.nl/paynl/csp/report; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://api.eu1.exponea.com https://admin.verbox.ru https://scripts.clarity.ms/ https://static.me-talk.ru https://widget.me-talk.ru https://connect.facebook.net https://www.clarity.ms https://mc.yandex.ru https://www.gstatic.com; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https:; connect-src 'self' https://api.country.is https://www.google-analytics.com https://stats.g.doubleclick.net https://api.eu1.exponea.com https://static.me-talk.ru https://www.facebook.com https://y.clarity.ms https://n.clarity.ms https://mc.yandex.ru https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://api.unamoliya.uz https://faro-uz.robocash.global; media-src 'self' blob:; worker-src 'self' blob:; frame-src 'self' https://www.googletagmanager.com https://www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors none; upgrade-insecure-requests; 1
default-src 'self'         https://www.google.com/ 		https://www.facebook.com/ ;    script-src 'self' 'unsafe-inline' 		http://platform.twitter.com/ 	    https://smarticon.geotrust.com/;     child-src 'self'         https://www.google.com/;     style-src 'self' 'unsafe-inline';     font-src 'self' ;     block-all-mixed-content; 	img-src * data:; 	object-src 'self' ;    1
default-src 'self' data:; connect-src 'self' app.termageddon.com my.vonagebusiness.com my.yoast.com www.google-analytics.com graph.facebook.com www.facebook.com analytics.google.com stats.g.doubleclick.net region1.google-analytics.com analytics.google.com/g/collect stats.g.doubleclick.net/g/collect www.googletagmanager.com/a; font-src 'self' data: fonts.gstatic.com www.local-marketing-reports.com/vendor/ss-standard/ss-standard.ttf www.local-marketing-reports.com/vendor/ss-standard/ss-standard.woff; frame-src 'self' brainstormforce.github.io fast.wistia.net js.stripe.com m.stripe.network m.stripe.com q.stripe.com maps.google.com platform.twitter.com www.facebook.com www.google.com www.linkedin.com www.youtube.com calendly.com www.local-marketing-reports.com; img-src 'self' blob: cdn.pressidium.com data: devel1 embedwistia-a.akamaihd.net i.ytimg.com media-exp1.licdn.com s3.amazonaws.com secure.gravatar.com static-exp1.licdn.com syndication.twitter.com terzettoalive.onpressidium.com www.facebook.com www.google-analytics.com www.googletagmanager.com assets.calendly.com ps.w.org analytics.google.com stats.g.doubleclick.net www.gstatic.com media-exp2.licdn.com static-exp2.licdn.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' app.termageddon.com apis.google.com assets.calendly.com badges.linkedin.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net data: developers.google.com js.stripe.com platform.linkedin.com platform.twitter.com s3.amazonaws.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ajax.cloudflare.com www.local-marketing-reports.com/m/assets-v2/lead-gen/js/external/widget-embeder.js www.local-marketing-reports.com/m/assets-v2/lead-gen/js/external/widget-builder.js; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.cloudflare.com connect.facebook.net www.google-analytics.com www.googletagmanager.com js.stripe.com apis.google.com s3.amazonaws.com www.youtube.com assets.calendly.com app.termageddon.com cdnjs.cloudflare.com www.gstatic.com www.google.com developers.google.com platform.linkedin.com badges.linkedin.com www.local-marketing-reports.com data:; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-inline'; form-action 'self' www.facebook.com/tr/; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; worker-src 'self' blob:; report-uri https://trivalleyinternet1techsupport.report-uri.com/r/d/csp/reportOnly 1
script-src https://touchpoints.app.cloud.gov 'unsafe-inline' https://dap.digitalgov.gov/ https://aws-volunteer-staticdata.s3.amazonaws.com 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.nps.gov https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://*.a.forceusercontent.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://doinps-vol.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dt0000000CmX4&networkId=0DMt0000000Cam6&type=communities 1
font-src 'self' https: data: http://*.hotjar.com https://*.hotjar.com *.typekit.net https://assets.yobbers.com https://staging-assets.yobbers.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; worker-src 'self' blob: https://cdnjs.cloudflare.com https://www.googletagmanager.com https://ytst.yobbers.com https://*.yobbers.com; media-src 'self' https: https://static.widget.trengo.eu; frame-src 'self' https: https://challenges.cloudflare.com https://*.cloudflare.com; child-src 'self' https: https://challenges.cloudflare.com https://*.cloudflare.com; connect-src 'self' https: https://challenges.cloudflare.com https://*.cloudflare.com; img-src 'self' data: https: https://challenges.cloudflare.com https://*.cloudflare.com https://*.imgix.net; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: https://*.typekit.net https://*.google-analytics.com https://api.avo.app https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.bizographics.com https://*.facebook.net https://*.instagram.com https://*.linkedin.com https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 https://cdnjs.cloudflare.com https://accounts.google.com https://www.googletagmanager.com https://ytst.yobbers.com https://*.yobbers.com https://challenges.cloudflare.com https://*.cloudflare.com; style-src 'self' https: 'unsafe-inline' https://*.typekit.net https://*.yobbers.com https://*.bootstrapcdn.com 1
object-src 'none';base-uri 'self';script-src 'nonce--BTIXP6x9w3zjAZs332jjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net *.cloudfront.net *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.google.com www.gstatic.com apis.google.com *.meetanshi.com *.addthis.com *.pinterest.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com meetanshi.com *.cloudfront.net bat.bing.com *.facebook.com analytics.twitter.com t.co *.adroll.com *.google.co.in *.bidswitch.net pixel.tapad.com idsync.rlcdn.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com us-u.openx.net ups.analytics.yahoo.com image2.pubmatic.com sync.taboola.com ib.adnxs.com eb2.3lift.com match.adsrvr.org segments.company-target.com zdbb.net secure.adnxs.com *.reson8.com ml314.com *.kargo.com *.scorecardresearch.com sync-tm.everesttech.net match.prod.bidr.io *.turn.com pm.w55c.net *.rfihub.com tile.openstreetmap.org *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com *.meetanshi.com *.cloudfront.net bat.bing.com connect.facebook.net static.hotjar.com static.zdassets.com v2.zopim.com platform.twitter.com static.ads-twitter.com *.adroll.com *.googleadservices.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com *.cloudflare.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.google.com *.gstatic.com https://fonts.bunny.net *.cloudfront.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com *.cloudfront.net bat.bing.com ekr.zdassets.com wss://widget-mediator.zopim.com *.adroll.com stats.g.doubleclick.net *.cloudflare.com *.addthis.com *.graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UjlYfxzs8vUGmY4IFojB0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.kiyoh.com https://kiyoh.com https://*.kiyoh.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com https://static.buckaroo.nl https://cdn.clerk.io at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.instagram.com *.cdninstagram.com *.cookiebot.com *.google.nl *.facebook.net *.bing.com *.linkedin.com *.pinterest.com *.keurmerk.info *.fbtest.io *.lalashops.nl *.hypernode.io https://www.kiyoh.com https://kiyoh.com https://*.kiyoh.com assets.myparcel.nl *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://api.clerk.io https://cdn.clerk.io *.cookiebot.com *.licdn.com *.bing.com *.facebook.net *.pinimg.com *.pinterest.com *.clerk.io https://www.kiyoh.com https://kiyoh.com https://*.kiyoh.com cdnjs.cloudflare.com cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://api.clerk.io https://cdn.clerk.io *.fontawesome.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.instagram.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.instagram.com *.cookiebot.com *.doubleclick.net *.linkedin.com *.pinterest.com api.myparcel.nl cdn.jsdelivr.net *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.webwinkelkeur.nl https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io github.blog https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.google.nl *.webwinkelkeur.nl *.usercentrics.eu img.sct.eu1.usercentrics.eu bat.bing.net bat.bing.com *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.demdex.net id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.1rx.io sync.targeting.unrulymedia.com https://www.mollie.com *.multisafepay.com v2assets.zopim.io static.zdassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.calendly.com *.beslist.nl *.pinimg.com *.criteo.com *.criteo.net *.cloudflareinsights.com *.pinterest.com js.mollie.com *.multisafepay.com https://pay.google.com static.zdassets.com ekr.zdassets.com baxrecreatieshop.zendesk.com *.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com widget.tagembed.com api.taggbox.com cdn.tagbox.com static.dhlecommerce.nl https://fonts.googleapis.com *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.pinterest.com *.criteo.com *.beslist.nl widget.tagembed.com api.taggbox.com cdn.tagbox.com *.multisafepay.com static.zdassets.com ekr.zdassets.com baxrecreatieshop.zendesk.com *.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src static.zdassets.com ekr.zdassets.com baxrecreatieshop.zendesk.com *.zopim.com 'unsafe-inline' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com *.fontawesome.com www.google.com *.iadvize.com halc.iadvize.com *.adobe.io commerce.adobe.io *.yotpo.com track.cbdatatracker.com *.quickspark.com *.facebook.net *.clarity.ms *.zopim.com *.searchspring.io https://fonts.bunny.net maxcdn.bootstrapcdn.com use.fontawesome.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.addtoany.com *.twitter.com *.zdassets.com *.leasestation.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.winkpayments.io *.winkapis.com *.winklogin.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com magefan.com cm.magefan.com www.google.co.in bat.bing.com *.amazonaws.com *.afterpay.com mcprod.tentandtable.net *.loggly.com *.iadvize.com halc.iadvize.com *.tentandtable.net commerce.adobe.io *.yotpo.com track.cbdatatracker.com *.quickspark.com *.facebook.net *.clarity.ms *.zopim.com *.searchspring.io *.approvepayments.com *.kaltura.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.io geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.google.com www.xtento.com cdn.xtento.com *.hotjar.com utt.impactcdn.com *.iadvize.com halc.iadvize.com *.zdassets.com *.searchspring.io *.bing.com *.callrail.com www.cbvisittracker.com *.cbdatatracker.com *.loggly.com stats.g.doubleclick.net *.iesnare.com *.twitter.com *.webeyez.com commerce.adobe.io *.yotpo.com track.cbdatatracker.com *.quickspark.com *.kaltura.com *.facebook.net *.clarity.ms *.zopim.com *.kwipped.com *.approvepayments.com landofcoder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.shopify.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.winkpayments.io *.winkpayment.js *.windows.net *.earlywarning.io *.winkapis.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.io *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app *.fontawesome.com www.google.com *.iadvize.com halc.iadvize.com commerce.adobe.io *.yotpo.com track.cbdatatracker.com *.quickspark.com *.facebook.net *.clarity.ms *.zopim.com *.searchspring.io *.twitter.com https://static.klaviyo.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com fonts.cdnfonts.com swellrewards.com *.swellrewards.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src *.facebook.net *.clarity.ms *.zopim.com *.searchspring.io landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.iesnare.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.google.com *.webeyez.com *.iadvize.com halc.iadvize.com *.googlesyndication.com *.zendesk.com *.callrail.com *.zopim.com *.clicklease.com *.cbvisittracker.com *.cbdatatracker.com *.loggly.com stats.g.doubleclick.net wss://mpsnare.iesnare.com/ wss://ws.hotjar.com/ *.fontawesome.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.yotpo.com track.cbdatatracker.com *.quickspark.com *.facebook.net *.clarity.ms *.searchspring.io content.hotjar.io storage.googleapis.com https://vpnapi.io *.kwipped.com *.approvepayments.com landofcoder.com *.wink.cloud https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com *.winkpayments.io swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://s.ytimg.com https://www.youtube.com https://e.issuu.com https://irs.tools.investis.com https://otp.tools.investis.com https://c.evidon.com https://www.googletagmanager.com https://t.contentsquare.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; img-src 'self' data: https: ; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://irs.tools.investis.com https://c.evidon.com https://l.evidon.com https://dgcollector.evidon.com https://optoutapi.evidon.com https://dgvendorhostapi.evidon.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; frame-src 'self' https://clydesdalebankplc.demdex.net https://secure.flife.de https://otp.tools.investis.com https://irs.tools.investis.com https://clydesdale-bank.production.investis.com https://www.youtube.com https://e.issuu.com https://player.vimeo.com https://embeds.audioboom.com; frame-ancestors 'self' *.virginmoney.com; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1
base-uri 'none'; style-src 'report-sample' 'self' 'unsafe-inline' ; object-src 'none'; img-src 'self' *.rainforest-rescue.org data: ; connect-src 'self' ; block-all-mixed-content; report-uri /csp-violation-report/4067974c-75 1
default-src 'self' litium.revolutionrace.dk fbcdn.revolutionrace.dk wss://fbcdn.revolutionrace.dk *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.klarnaevt.com *.kustom.co *.adyen.com www.paypal.com js.stripe.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com ajax.googleapis.com fonts.googleapis.com maps.googleapis.com *.apptus.cloud *.storyblok.com *.symplify.com cdn-sitegainer.com *.cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.criteo.net *.criteo.com *.doubleclick.net *.emarsys.net *.mention-me.com *.imedia.cz *.scarabresearch.com *.spinnaker-js.com bat.bing.com www.seznam.cz tags.creativecdn.com *.kindlycdn.com *.kindly.ai wss://sage.kindly.ai *.facebook.net *.tiktok.com *.snapchat.com *.pinterest.com *.bambuser.com *.facebook.com www.pinterest.se *.cloudflare.com *.digitaloceanspaces.com *.distancify.workers.dev cdn.jsdelivr.net maxcdn.bootstrapcdn.com player.vimeo.com pro.ip-api.com recommender.scarabresearch.com s.pinimg.com sc-static.net vimeo.com ws-eu.pusher.com wss://ws-eu.pusher.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://* 'self'; media-src https://*; frame-src analytics.revolutionrace.dk *.mention-me.com *.google.com *.adyen.com *.paypal.com *.sitegainer.com revolutionrace.customerfirst.ai; style-src 'self' 'unsafe-inline'; connect-src data: *; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.livechatinc.com *.trackedweb.net *.labelsonline.co.uk *.bootstrapcdn.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk *.clarity.ms *.trustpilot.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk landofcoder.com *.cardinalcommerce.com *.addthis.com *.trustpilot.com *.twitter.com www.xtento.com *.weltpixel.com maps.googleapis.com chart.googleapis.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.livechatinc.com *.trackedweb.net *.labelsonline.co.uk *.google.co.uk *.google.com *.doubleclick.net *.postcodeanywhere.co.uk ssl.gstatic.com www.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net www.xtento.com cdn.xtento.com *.trackedlink.net *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk landofcoder.com *.addthis.com *.addthisedge.com *.google-analytics.com *.trustpilot.com *.pcapredict.com chimpstatic.com *.moatads.com *.postcodeanywhere.co.uk *.newrelic.com *.nr-data.net tagmanager.google.com *.googletagmanager.com www.xtento.com cdn.xtento.com maps.googleapis.com chart.googleapis.com apis.google.com *.trackedlink.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.cloudflare.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk *.googleapis.com *.bootstrapcdn.com *.postcodeanywhere.co.uk tagmanager.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk *.clarity.ms *.trustpilot.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk landofcoder.com *.google-analytics.com *.doubleclick.net *.addthis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com chart.googleapis.com *.trackedlink.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com api.addressy.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.livechatinc.com *.trackedweb.net *.gstatic.com *.labelsonline.co.uk *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-a6RcBtLeQYnJBAvGbU2zvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-GgJv6xXYt2gxCiLqk2IpLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';  script-src   'self'   'unsafe-inline'   'unsafe-eval'   https://www.googletagmanager.com   https://www.google-analytics.com   https://www.googleadservices.com   https://static.hotjar.com   https://script.hotjar.com   https://js.hsforms.net   https://*.hs-scripts.com   https://*.hs-analytics.net   https://*.hsforms.net   https://*.hsforms.com   https://*.hs-banner.com   https://*.usemessages.com   https://*.hubspot.com   https://*.hubspot.net   https://*.hubspotusercontent.net   https://cdn2.hubspot.net;  connect-src   'self'   https://www.google-analytics.com   https://stats.g.doubleclick.net   https://www.googletagmanager.com   https://www.googleadservices.com   https://*.hubapi.com   https://*.hs-analytics.net   https://*.hotjar.com   https://*.hotjar.io   https://forms.hubspot.com   https://api.hsforms.com   https://forms.hsforms.com   https://perf-eu1.hsforms.com   https://*.hsforms.com   https://*.hsforms.net;  img-src   'self'   data:   https://www.google-analytics.com   https://www.googletagmanager.com   https://www.googleadservices.com   https://stats.g.doubleclick.net   https://*.hsforms.com   https://*.hsforms.net   https://*.hubspotusercontent.net   https://*.hotjar.com;  frame-src   https://www.googletagmanager.com   https://*.hsforms.com   https://*.hsforms.net   https://*.hubspot.com   https://*.usemessages.com   https://*.hotjar.com   https://forms.hubspot.com   https://forms.hsforms.com;  style-src   'self'   'unsafe-inline'   https://*.hubspot.com   https://*.hubspotusercontent.net   https://*.hsforms.com   https://*.hsforms.net;  font-src   'self'   data:   https://*.hubspotusercontent.net   https://*.hsforms.com   https://*.hsforms.net;  form-action   'self'   https://forms.hubspot.com   https://forms.hsforms.com   https://api.hsforms.com; 1
font-src *.gstatic.com data: 'self' data: *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.iubenda.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.iubenda.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.gstatic.com ws10b.cvetta.io *.iubenda.com s7.addthis.com *.avada.io *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.googleapis.com *.iubenda.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com https://www.google-analytics.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.fontawesome.com *.googleapis.com *.gstatic.com *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojanetlab.com.br *.lojanetlab.com.br wake-components.fbitsstatic.net lojanetlab.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com api.fbits.net *.fbits.net *.eficazmarketing.com *.fbits.store *.reclameaqui.com.br s3.amazonaws.com cdn.jsdelivr.net eficazmarketing.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.ucarecdn.com *.uploadcare.com *.yviews.com.br *.yourviews.com.br service2.yourviews.com.br *.lojaconfiavel.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br viacep.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br cdn02.jotfor.ms *.jotfor.ms clarity.ms *.clarity.ms tag.goadopt.io *.goadopt.io stats.g.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net disclaimer-api.goadopt.io td.doubleclick.net *.doubleclick.net *.google.be *.google.com.br *.googleadservices.com *.google.com *.fbitsstatic.net *.com.ar *.youtube.com *.googletagmanager.com *.pachane.com.br *.fpcs-monitor.com.br *.localhost:5500 *.grasow.com *.com.py *.chrome-extension *.com.ec *.co.uk *.google.ca *.googleapis.com adservice.google.com *.facebook.net google.co.jp *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br googletagmanager.com *.google-analytics.com securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.google.it *.google.pt *.instagram.com *.mylabor.com.br mylabor.com.br instagram.fvix1-1.fna.fbcdn.net *.fvix1-1.fna.fbcdn.net scontent.cdninstagram.com *.cdninstagram.com *.fldb1-1.fna.fbcdn.net *.cupom.social wake.koin.com.br bat.bing.com *.bing.com *.google.es paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com plugins.soclminer.com.br *.soclminer.com.br graph.instagram.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.lojanetlab.com lojanetlab.com *.3dsecure.io *.conectiva.io:1:0 *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojanetlab.com.br lojanetlab.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.feedaty.com *.zopim.com data: static.criteo.net *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com  *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.criteo.com *.criteo.net *.hotjar.com *.weltpixel.com  c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.clerk.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.google.com *.google.it *.zopim.com *.clerk.io *.advertising.com *.doubleclick.net *.openx.net *.rubiconproject.com *.yahoo.com *.smaato.net *.yieldmo.com *.tapad.com *.addthis.com *.outbrain.com *.criteo.com *.criteo.net *.adnxs.com *.adtpd.com *.tpmn.co.kr *.socdm.com *.adingo.jp *.revcontent.com *.kargo.com *.3lift.com *.media.net *.rlcdn.com *.turn.com *.smartadserver.com *.mediawallahscript.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.bidswitch.net *.dable.io *.sharethrough.com *.liadm.com *.postrelease.com *.mgid.com *.nate.com *.yandex.ru *.rambler.ru *.meba.kr *.admixer.co.kr id5-sync.com *.mail.ru *.adscale.de *.aralego.com *.tremorhub.com *.omnitagjs.com trusted.ro *.kvstore.it *.googletagmanager.com *.hotjar.com *.zdassets.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.google-analytics.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.clerk.io https://cdn.clerk.io *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.zoorate.com *.iubenda.com *.soisy.it *.criteo.com static.criteo.net *.doubleclick.net *.hotjar.com *.zopim.com *.zdassets.com *.clerk.io partner-events.favicdn.net *.gstatic.com cdnjs.cloudflare.com *.smooch.io *.avada.io *.shopify.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.feedaty.com cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com tagmanager.google.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.criteo.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.soisy.it *.google-analytics.com *.hotjar.com *.hotjar.io/ *.zdassets.com *.zopim.com *.iubenda.com *.doubleclick.net *.criteo.com *.criteo.net wss://*.zopim.com/ wss://*.hotjar.com/ partner-events.favicdn.net partner-events.favi.sk partner-events.favi.cz partner-events.favi.ro *.googlesyndication.com *.zendesk.com cdnjs.cloudflare.com *.smooch.io wss://api.eu-1.smooch.io https://get.geojs.io *.avada.io  api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to csp-endpoint;default-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.clarity.ms https://api.livechatinc.com https://cdn.livechatinc.com https://connect.facebook.com https://connect.facebook.net ; connect-src 'self' ws://localhost:12387 https://connect.facebook.net https://adservice.google.com https://adservice.google.com:443 https://*.google.com https://*.google.com:443 https://*.google.com.mt https://www.google.com.mt https://www.google.com www.google-analytics.com https://*.clarity.ms https://*.analytics.google.com https://api.livechatinc.com https://cdn.livechatinc.com https://stats.g.doubleclick.net https://www.facebook.com; img-src 'self' https://online.welbees.mt https://welbees.mt https://c.bing.com https://c.clarity.ms https://www.facebook.com https://www.googletagmanager.com  https://*.google https://*.google.com.mt https://*.doubleclick.net https://www.googletagmanager.com:443 https://googleads.g.doubleclick.net:443; style-src 'self' 'unsafe-inline';frame-src 'self' https://secure.livechatinc.com https://www.googletagmanager.com https://www.facebook.com https://psp.transactium.com https://* 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' data: v2.zopim.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.hotjar.com *.doubleclick.net https://e.issuu.com v2assets.zopim.io *.pinterest.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.storyblok.com *.hsforms.net *.hsforms.com 'self' data: *.monsoonconsulting.dev *.cloudwaysapps.com *.facebook.com api.feefo.com *.google.com *.google.ie *.google.pt *.google.fr *.google.com.br *.zopim.com *.zopim.io *.pinterest.com *.cookiepro.com *.getamigo.io *.goodgrowth.tech *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.autoaddress.ie *.storyblok.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.cloudwaysapps.com *.hotjar.com connect.facebook.net api.feefo.com register.feefo.com v2.zopim.com *.klaviyo.com widget-mediator.zopim.com browser-update.org static.zdassets.com *.doubleclick.net *.googletagmanager.com *.cookiepro.com *.pinimg.com *.pinterest.com *.getamigo.io *.goodgrowth.tech *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net *.storyblok.com *.googleapis.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.autoaddress.ie *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.feefo.com ekr.zdassets.com wss://widget-mediator.zopim.com/ *.doubleclick.net *.klaviyo.com *.cookiepro.com *.google.com *.getamigo.io *.cloudwaysapps.com *.hotjar.io *.facebook.com *.zopim.com *.paypal.com *.pinterest.com *.goodgrowth.tech https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://shopline.itau.com.br *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://www.magezon.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.pagar.me *.avada.io *.shopify.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.pagar.me https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com http://api.itaushopline.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.bootstrapcdn.com *.fontawesome.com *.mopinion.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.newrelic.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.trackedlink.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: bucket-ip-website.s3.eu-central-1.amazonaws.com *.mopinion.com *.sorgente.nl data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.gstatic.com *.hotjar.com *.marker.io *.mopinion.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.sharethis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.mopinion.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.hotjar.com *.hotjar.io *.marker.io *.mopinion.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c31c5428-fe2b-4918-8f94-417118f9c8fa.sansec.watch/; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Fbp-DkIq9nDoiq9f032L4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.multisafepay.com https://pay.google.com *.addthis.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.multisafepay.com *.gstatic.com https://www.magezon.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.google.com.ua self secure.adnxs.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com app.aiden.cx ar.configwise.io *.criteo.com *.criteo.net *.google-analytics.com *.googletagmanager.com static.widget.trengo.eu *.googleapis.com data.tuinmeubelland.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.multisafepay.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.google.com 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com self 'self' 'unsafe-inline'; manifest-src self 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.multisafepay.com https://www.google-analytics.com ekr.zdassets.com/ *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com ar.configwise.io *.googleapis.com api.widget.trengo.eu *.analytics.google.com *.googletagmanager.com data.tuinmeubelland.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com self 'self' 'unsafe-inline' 'unsafe-eval'; base-uri self 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' fctgl--uat.sandbox.my.site.com *.googlesyndication.com www.youtube.com player.vimeo.com assetscdn.stackla.com  www.google-analytics.com ad.doubleclick.net *.tiktok.com js.hsforms.net js.hsadspixel.net js.usemessages.com js.hs-banner.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hubspot.com cdnjs.cloudflare.com *.g.doubleclick.net vjs.zencdn.net platform.instagram.com *.neutral.ttwstatic.com *.adyen.com r.turn.com fctgl.my.salesforce-sites.com b.static.lightning.force.com *.grasshopperadventures.com *.backroadstouring.com *.blueroadstouring.com; script-src-elem 'self' 'unsafe-inline' static.cloudflareinsights.com cdn.cookielaw.org service.force.com cdn.jsdelivr.net d.la1-core1.sfdc-cehfhs.salesforceliveagent.com tags.affiliatefuture.com www.googletagmanager.com connect.facebook.net bat.bing.com  static.hotjar.com secure-ds.serving-sys.com script.hotjar.com *.clarity.ms fctgl.my.salesforce.com www.google-analytics.com js.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hubspot.com js.usemessages.com js.hs-banner.com js.hsadspixel.net googleads.g.doubleclick.net *.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com service.force.com assetscdn.stackla.com vjs.zencdn.net cdn.jsdelivr.ne *.adyen.com cdn.jsdelivr.net; img-src 'self' data: www.w3.org www.googletagmanager.com cdn.cookielaw.org bat.bing.net www.facebook.com img.youtube.com vumbnail.com bat.bing.com www.google.co.uk www.google.com.br www.google.com www.google.nl www.google.ca www.google.com.au www.google.gr *.hsforms.com *.clarity.ms c.bing.com *.hubspot.com static.hsappstatic.net connect.facebook.net i.ytimg.com cdn.jsdelivr.net *.adyen.com analytics.google.com *.analytics.google.com r.turn.com ad.doubleclick.net stats.g.doubleclick.net; media-src 'self'; frame-src 'self' back-blue-roads-server-side-tagging-5oerkrosbq-ew.a.run.app www.googletagmanager.com service.force.com www.youtube.com player.vimeo.com widget.stackla.com *.fls.doubleclick.net *.hubspot.com *.hs-sites.com www.facebook.com *.adyen.com scripts.affiliatefuture.com *.grasshopperadventures.com *.backroadstouring.com *.blueroadstouring.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com c1.sfdcstatic.com script.hotjar.com assetscdn.stackla.com vjs.zencdn.net *.adyen.com; connect-src 'self' www.google.com www.google.com.br www.google.com.au www.google.co.uk cdn.cookielaw.org geolocation.onetrust.com back-blue-roads-server-side-tagging-5oerkrosbq-ew.a.run.app connect.facebook.net www.facebook.com bat.bing.net bat.bing.com *.clarity.ms vimeo.com www.google-analytics.com vc.hotjar.io in.hotjar.com analytics-ipv6.tiktokw.us analytics.tiktok.com forms.hsforms.com api.hubspot.com forms.hscollectedforms.net cta-service-cms2.hubspot.com *.googlesyndication.com *.mapbox.com api.hubapi.com *.g.doubleclick.net analytics.google.com *.analytics.google.com ad.doubleclick.net fctgl.my.salesforce-sites.com *.adyen.com wss://ws.hotjar.com *.hotjar.io www.googleadservices.com *.grasshopperadventures.com *.backroadstouring.com *.blueroadstouring.com; report-uri /report-csp-violation 1
default-src 'self'; report-uri https://13fdb20b4d99daba15f18769204d48be.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://reports.tocco.ch/csp?app=nice&ns=ecap; report-to csp-reports 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://p35mk5st.uriports.com/reports/report; report-to default 1
default-src 'self'; 		script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.gstatic.com *.google.com assets.adobedtm.com cdn.cookielaw.org service.force.com www.datadoghq-browser-agent.com *.salesforceliveagent.com maps.googleapis.com static.cloud.coveo.com js.web-2-tel.com www.youtube.com e.issuu.com cdnjs.cloudflare.com cdn.userway.org gallery-prod8.sprinklr.com platform.twitter.com adobedc.demdex.net *.google.com player.vimeo.com  'unsafe-inline'; 		connect-src 'self' 'wasm-unsafe-eval' *.onetrust.io *.userway.org  browser-intake-datadoghq.com *.gstatic.com *.google.com *.coveo.com *.googleapis.com edge.adobedc.net js.web-2-tel.com cdn.cookielaw.org rum.browser-intake-datadoghq.com *.onetrust.com adobedc.demdex.net; 		img-src 'self' *.userway.org *.gstatic.com s7d9.scene7.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com adobedc.demdex.net 1.smilegeneration.com image.isu.pub thumb.sprinklr.com data: blob: 'unsafe-inline'; 		frame-src 'self' *.google.com e.issuu.com player.vimeo.com www.youtube.com; 		style-src 'self' e.issuu.com cdn.userway.org gallery-prod8.sprinklr.com static.cloud.coveo.com fonts.googleapis.com 'unsafe-inline'; 		font-src 'self' fonts.gstatic.com static.isu.pub platform.twitter.com storage.googleapis.com *.coveo.com data:; 		worker-src blob:; 		frame-ancestors 'none'; 1
style-src-elem https://*.googleapis.com https://*.gstatic.com https://*.feefo.com https://*.prommt.com https://product-locator.near.st https://*.salesfire.co.uk https://static.klaviyo.com cookiehub.net cdn.cookiehub.eu https://*.cookiebot.eu 'unsafe-inline' 'self'; script-src-elem https://connect.facebook.net https://*.facebook.com https://bat.bing.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.feefo.com https://*.algolia.net https://*.algolianet.com https://*.zdassets.com https://*.salesfire.co.uk https://*.klaviyo.com https://*.clarity.ms https://*.whizeo.com https://cdn.cookiehub.eu https://*.sweetanalytics.com https://secure.informationcreativeinnovative.com https://app.prommt.com https://product-locator.near.st https://*.cookiebot.eu 'unsafe-inline' 'unsafe-eval' 'self' *.cookiebot.com *.cookiebot.eu; font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com 'self' https://*.paypalobjects.com https://static.klaviyo.com https://script.hotjar.com *.fontawesome.com *.salesfire.co.uk *.typekit.net *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://safekeyacs.americanexpress.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk https://*.arcot.com https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://mycardsecure.com https://acs.touch.tech 'self' 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://safekeyacs.americanexpress.com https://acs.touch.tech https://mycardsecure.com https://*.doubleclick.net https://www.facebook.com https://tst.kaptcha.com https://*.google.com https://google.com https://www.googletagmanager.com https://www.gstatic.com/ https://*.youtube.com https://acs.revolut.com https://tpc.googlesyndication.com https://www.rsa3dsauth.co.uk https://*.arcot.com https://*.lloydsbankinggroup.com https://*.securesuite.co.uk https://*.ipg-online.com https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://register.feefo.com/ https://*.prommt.com https://product-locator.near.st https://*.starlingbank.com https://tourmkr.com *.cookiebot.com *.cookiebot.eu *.salesfire.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com *.gstatic.com maps.gstatic.com *.calcurates.com * 'self' https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com polyfill.io tagmanager.google.com https://www.googletagmanager.com *.googleapis.com https://connect.facebook.net https://*.facebook.com https://bat.bing.com https://maps.googleapis.com https://*.doubleclick.net https://*.feefo.com https://*.jquery.com https://*.google.com https://*.gstatic.com https://*.algolia.net https://*.algolianet.com https://*.googlesyndication.com https://*.google-analytics.com https://*.zdassets.com https://*.sweetanalytics.com https://*.hotjar.com https://*.klaviyo.com *.prommt.com https://*.clarity.ms https://cdn.jsdelivr.net https://product-locator.near.st https://*.inspiration-insight.com https://secure.informationcreativeinnovative.com https://*.amazonaws.com https://*.whizeo.com https://*.whizeoapi.com cookiehub.net cdn.cookiehub.eu 'unsafe-inline' 'self' *.cookiebot.com *.cookiebot.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.salesfire.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://*.googleapis.com https://*.feefo.com https://*.gstatic.com https://*.prommt.com https://product-locator.near.st https://*.klaviyo.com cookiehub.net cdn.cookiehub.eu https://app.prommt.com 'unsafe-inline' 'self' *.fontawesome.com https://static.klaviyo.com *.salesfire.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://*.feefo.com https://bat.bing.com https://www.paypal.com https://www.facebook.com https://*.google-analytics.com  https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://google.com https://www.googletagmanager.com https://*.zdassets.com https://*.zendesk.com wss://*.zopim.com https://*.sweetanalytics.com https://*.clarity.ms https://*.klaviyo.com https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://*.googlesyndication.com https://*.algolia.io https://*.hotjar.io wss://*.hotjar.com https://bat.bing.net https://product-locator.near.st ds.cookiehub.net consent.cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net cookiehub.net cdn.cookiehub.eu https://api.whizeo.com https://test-drive-20-1053047382554.us-central1.run.app 'self' *.cookiebot.com *.cookiebot.eu *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.salesfire.co.uk *.smartmetrics.co.uk 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qhC_NllDZv13Jf4D4_pOUg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dpdconnect.nl js.mollie.com *.google.nl *.doubleclick.net *.googlesyndication.com consentcdn.cookiebot.eu *.googletagmanager.com sst.epoxywinkel.nl bat.bing.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://www.mollie.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com 'self' data: *.google.com *.google.bg *.google.nl *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com img.sct.eu1.usercentrics.eu sst.epoxywinkel.nl bat.bing.com *.taggrs.io https://firebasestorage.googleapis.com *.amazonaws.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com https://*.dpdconnect.nl js.mollie.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.bg *.google.nl *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com consent.cookiebot.eu sst.epoxywinkel.nl bat.bing.com *.clarity.ms consentcdn.cookiebot.eu *.taggrs.io *.avada.io *.shopify.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.facebook.net *.google.nl *.doubleclick.net *.googlesyndication.com consentcdn.cookiebot.eu sst.epoxywinkel.nl bat.bing.com *.clarity.ms https://get.geojs.io *.avada.io *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=PwcxltBzTEGxTnCTE040IHzjGhc8xs6eMvguRepykFI-1773717109.736426-1.0.1.1-zw9n8EcqPnuCJSiFaaAo4amDrZQZpUMiWEDteVuTht88VNYmkU7q35hyCUVxyAp28r1MYx1A81R8C7LJw.YdxZCS47MMRXX63nJcsyFQalEYGc5FfI7AL.LjufBn1mKyAYCmyisjUsVWUxMFJmZ0yUZ8uK8OFvBd4k6J1EdOvKYXMrfPxGlmx3DYpwFof3OzqNjRbr_.2fLjivnt9sXPuQ; report-to cf-klqnqktbapuoeffc 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-C5A1jBT-avVTmo05R0hQDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://cdn2.hubspot.net https://js.hs-analytics.net https://js.hubspot.com https://js.hsadspixel.net https://js.hs-banner.com https://cdnjs.cloudflare.com https://js.zi-scripts.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://7052064.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://7052064.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: https://cdn2.hubspot.net https://www.google-analytics.com https://23990167.fs1.hubspotusercontent-na1.net https://forms.hsforms.com https://no-cache.hubspot.com https://perf-na1.hsforms.com https://track.hubspot.com https://cta-service-cms2.hubspot.com; connect-src 'self' https://forms.hubspot.com https://api.hubapi.com https://forms.hscollectedforms.net https://cta-service-cms2.hubspot.com https://js.hs-banner.com https://js.zi-scripts.com; frame-src https://*.hubspot.com https://*.hsforms.com https://23990167.hs-sites.com https://www.googletagmanager.com https://td.doubleclick.net; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
script-src 'strict-dynamic' 'nonce-81d22d6ee928e5b47138230c5aeea16c' 'unsafe-inline' 'unsafe-eval' https: ; frame-ancestors 'self' ; base-uri 'self'; object-src 'none'; report-uri https://csp.phenompeople.com/violations; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-IkcuhIKm7XQrYNQ3mJhIag' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.fontawesome.com *.gstatic.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.yotpo.com 'self' data: *.cloudfront.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.qiscus.com *.google.com *.facebook.com *.facebook.net *.twitter.com *.midtrans.com *.addtoany.com *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.png *.jpg *.jpeg *.gstatic.com *.googleapis.com *.cloudfront.net *.yotpo.com *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google.lk *.twitter.com *.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazonaws.com *.google.com *.gstatic.com *.authorize.net *.cardinalcommerce.com *.googleapis.com *.cloudfront.net *.facebook.net *.newrelic.com *.nr-data.net *.googletagmanager.com *.yotpo.com cdn.rawgit.com *.twitter.com *.midtrans.com *.addtoany.com *.pinterest.com *.tumblr.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.fontawesome.com *.amazonaws.com *.googleapis.com *.cloudfront.net *.yotpo.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.qiscus.com *.google-analytics.com *.cardinalcommerce.com *.amazonservices.com *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.nr-data.net *.instagram.com *.dotdigital.com *.comapi.com *.paypal.com *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.addtoany.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.fonts.bunny.net maxcdn.bootstrapcdn.com *.use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.googletagmanager.com *.googletagmanager.com connect.facebook.net *.connect.facebook.net www.facebook.com *.facebook.com *.doubleclick.net/ recostream.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.pl *.google.pl *.google-analytics.com *.analytics.google.com *.ekomiapps.de *.amazonaws.com www.facebook.com *.facebook.com imgsct.cookiebot.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com snrcdn.net *.snrbox.com *.ekomiapps.de *.snrcdn.net connect.facebook.net *.connect.facebook.net www.facebook.com *.facebook.com clarity.ms *.clarity.ms *.cookiebot.com *.openwidget.com web-integration.recombee.com *.web-integration.recombee.com cdn.jsdelivr.net *.metrics.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com recostream.com/ trustmate.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.snrcdn.net *.snrbox.com *.ekomiapps.de *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com snrcdn.net *.snrcdn.net *.snrbox.com *.ekomiapps.de *.google-analytics.com *.analytics.google.com connect.facebook.net *.connect.facebook.net www.facebook.com *.facebook.com doubleclick.net *.doubleclick.net tiktok.com *.tiktok.com clarity.ms *.clarity.ms *.googlesyndication.com *.cookiebot.com *.metrics.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com api01.carpeto.pl api01.mazovia.de ws: recostream.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sUNf9rKXGhH4buEvRBRzzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-/qmitDnXVk2gy5OQXCh5/ESCZ6I=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.google.com *.google.co.in *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zopim.com https://css.zohocdn.com https://fonts.cdnfonts.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.doubleclick.net https://www.google.com https://www.google.co.in https://www.facebook.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://sst.easyequipment.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.cloudflare.com *.google.com *.google.co.in *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com *.zopim.com *.clarity.ms *.bing.com *.textbuilder.ai https://eadn-wc01-3688995.nxedge.io https://css.zohocdn.com https://pagead2.googlesyndication.com https://vts.zohopublic.com https://www.google.fr https://sst.easyequipment.com http://media.nisbets.com *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.google.co.in *.googleadservices.com *.google-analytics.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.doubleclick.net https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.zopim.com https://static.zdassets.com sibautomation.com *.clarity.ms *.cloudflareinsights.com *.craftyclicks.co.uk *.zohopublic.com *.zohocdn.com https://scripts.clixtell.com *.jsdelivr.net https://pagead2.googlesyndication.com https://sst.easyequipment.com https://salesiq.zohopublic.eu *.sagepay.com *.opayo.eu.elavon.com s7.addthis.com *.googleapis.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.google.com *.google.co.in *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.sibautomation.com *.zohocdn.com https://fonts.cdnfonts.com https://www.easyequipment.com *.sagepay.com *.opayo.eu.elavon.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twimg.com *.google.co.in *.facebook.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://www.google-analytics.com *.zopim.com *.sibautomation.com *.zendesk.com *.clarity.ms https://salesiq.zohopublic.com *.zohopublic.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://salesiq.zohopublic.eu *.vts.zohopublic.eu wss://vts.zohopublic.eu http://media.nisbets.com https://ipapi.co *.sagepay.com *.opayo.eu.elavon.com ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.easyequipment.com/; report-to report-endpoint; 1
frame-src 'self'; report-uri https://www.seva.org/site/XFrameViolation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.calendly.com https://*.bugsnag.com tag.clearbitscripts.com connect.facebook.net https://*.segment.com https://*.segment.io s3-us-west-2.amazonaws.com *.hs-scripts.com app.linkscout.com *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net snap.licdn.com www.redditstatic.com www.clickcease.com *.clarity.ms scripts.clarity.ms scout-cdn.salesloft.com static.ads-twitter.com tracking-api.g2.com *.posthog.com vercel.live *.intercom.io *.intercomcdn.com *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.calendly.com https://*.bugsnag.com tag.clearbitscripts.com connect.facebook.net https://*.segment.com https://*.segment.io s3-us-west-2.amazonaws.com *.hs-scripts.com app.linkscout.com *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net snap.licdn.com www.redditstatic.com www.clickcease.com *.clarity.ms scripts.clarity.ms scout-cdn.salesloft.com static.ads-twitter.com tracking-api.g2.com *.posthog.com vercel.live *.intercom.io *.intercomcdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.calendly.com; font-src 'self' https://fonts.gstatic.com *.intercomcdn.com; img-src 'self' data: https:; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.bugsnag.com https://sessions.bugsnag.com app.linkscout.com www.google.com *.hscollectedforms.net *.hs-forms.com px.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com *.posthog.com *.segment.com *.segment.io tracking-api.g2.com k.clarity.ms *.intercom.io wss://*.intercom.io *.hubapi.com raw.githubusercontent.com pro.ip-api.com *.facebook.com *.clarity.ms; frame-src 'self' www.googletagmanager.com vercel.live *.intercom.io *.hs-forms.com *.apideck.com *.doubleclick.net; frame-ancestors 'none'; report-uri /api/csp-report; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com *.secureprivacy.ai *.bootstrapcdn.com *.podium.com *.fontawesome.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.chatbeacon.io *.yotpo.com *.cloudfront.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.secureprivacy.ai *.affirm.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.chatbeacon.io *.braintreegateway.com *.yotpo.com *.cloudfront.net *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.secureprivacy.ai www.pinterest.com googleads.g.doubleclick.net *.adsrvr.org *.hotjar.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.cardinalcommerce.com *.authorize.net *.googletagmanager.com *.vimeo.com *.yotpo.com *.chatbeacon.io *.cloudfront.net *.iconasys.com www.google.com.ua c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * www.xtento.com 'self' 'unsafe-inline'; img-src 'self' data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://files.zakeke.com *.secureprivacy.ai verify.authorize.net ct.pinterest.com c.clarity.ms *.symantec.com *.bootstrapcdn.com *.podium.com *.google.com www.google.com.ua *.bing.com *.adsrvr.org *.doubleclick.net *.hotjar.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.googleadservices.com *.paypalobjects.com *.amazonaws.com *.braintreegateway.com *.yotpo.com *.chatbeacon.io *.cloudfront.net *.schoolfix.com *.getfastr.com *.yotpoapi.com blob: *.bat.bing.com https://maps.gstatic.com https://maps.googleapis.com www.google-analytics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com apis.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.secureprivacy.ai www.clarity.ms f.clarity.ms d.clarity.ms *.clarity.ms *.groupbycloud.com *.symantec.com *.mouseflow.com *.chimpstatic.com *.affirm.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.cardinalcommerce.com *.podium.com *.bugsnag.com *.paypal.com *.bing.com connect.facebook.net *.adsrvr.org *.hotjar.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.paypalobjects.com *.authorize.net *.googleadservices.com *.vimeo.com *.yotpo.com *.chatbeacon.io *.cloudfront.net chimpstatic.com *.getfastr.com *.schoolfix.com *.inspectlet.com bat.js https://maps.googleapis.com/maps/api/ https://places.googleapis.com/ https://examplecdn.com https://maps.googleapis.com/maps-api-v3/ https://places.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com https://fonts.googleapis.com *.secureprivacy.ai *.cloudflare.com *.bootstrapcdn.com *.cardinalcommerce.com *.podium.com *.bugsnag.com *.paypal.com *.nr-data.net *.fontawesome.com *.hotjar.com *.clic2buy.com *.clic2drive.com *.yotpo.com  *.chatbeacon.io *.cloudfront.net assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://checkout.iwdagency.com *.secureprivacy.ai ct.pinterest.com hn.inspectlet.com *.inspectlet.com *.yotpoapi.com e.clarity.ms *.affirm.com *.groupbycloud.com *.cardinalcommerce.com *.podium.com *.bugsnag.com *.doubleclick.net *.hotjar.com ws12.hotjar.com *.clic2buy.com *.clic2drive.com *.click2buy.com *.chatbeacon.io *.demdex.net *.yotpo.com *.cloudfront.net *.getfastr.com *.bing.com *.schoolfix.com api.secureprivacy.ai *.bat.bing.com *.authorize.net https://places.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-Fn70aeb5YfQ0uhJCmqIZmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'strict-dynamic' 'nonce-f4QKOV6KHSHIC1R/ro074Q=='; style-src 'self' 'unsafe-inline' *.typekit.net; font-src 'self' *.typekit.net; frame-src 'self' *.cookiebot.com www.youtube.com; img-src 'self' data: www.facebook.com *.cookiebot.com www.google.co.nz www.googletagmanager.com stnzwinecrmprdaue.blob.core.windows.net; connect-src 'self' wss://ws.hotjar.com *.hotjar.io www.facebook.com *.cookiebot.com www.google-analytics.com analytics.google.com insights.sitesearch360.com stats.g.doubleclick.net region1.analytics.google.com global.sitesearch360.com www.google.co.nz; report-uri https://report-to-api.raygun.com/reports?apikey=KDhGCuKYSAjT8E5x2xHTA; report-to csp-endpoint; 1
script-src-elem 'self' browser-update.org cdn.celerantwebservices.com cdn.polyfill.io cdn.rawgit.com developer.livehelpnow.net edge1.certona.net f.monetate.net metopera.prospect2.com se.monetate.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.res-x.com ajax.googleapis.com cdnjs.cloudflare.com connect.facebook.net webservices.celerant.com me.kis.v2.scr.kaspersky-labs.com api.bdustatic.com blob: browseye-toolbar.appspot.com cdn.jsdelivr.net data: ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com get663.com infimv.com int-mmourya-1.monetate.org marketer.monetate.net sb.monetate.net ssl.google-analytics.com t7a.g4ui.com www.babylist.com www.googie-anaiytics.com www.googleadservices.com apis.google.com translate-pa.googleapis.com translate.google.com translate.googleapis.com 'unsafe-inline' cdn.leafletjs.com; script-src 'self' browser-update.org cdn.celerantwebservices.com cdn.jsdelivr.net cdn.polyfill.io cdn.rawgit.com developer.livehelpnow.net edge1.certona.net f.monetate.net metopera.prospect2.com se.monetate.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.res-x.com ajax.googleapis.com blob: browser.amobi.in cdnjs.cloudflare.com self wasm-eval www.googie-anaiytics.com data: ssl.google-analytics.com www.googleadservices.com sb.monetate.net 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' cdn.rawgit.com developer.livehelpnow.net fonts.bunny.net fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.celerantwebservices.com cdnjs.cloudflare.com browseye-toolbar.appspot.com cdn.honey.io cdn.jsdelivr.net data: ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com marketer.monetate.net me.kis.v2.scr.kaspersky-labs.com www.gstatic.com 'unsafe-inline' cdn.leafletjs.com; style-src 'self' cdn.jsdelivr.net cdn.rawgit.com developer.livehelpnow.net fonts.bunny.net fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.honey.io cdnjs.cloudflare.com self www.gstatic.com 'unsafe-inline'; worker-src blob:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://celerantwebservices.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.doubleclick.net *.facebook.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * customer-jo4fg3675hw5zuyf.cloudflarestream.com gum.criteo.com fledge.eu.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.feedaty.com cdn.flbx.io *.cloudfront.net *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com customer-jo4fg3675hw5zuyf.cloudflarestream.com www.gstatic.com a.omappapi.com matching.ivitrack.com x.bidswitch.net sync-t1.taboola.com sync.outbrain.com zendesk.com sgtm.jeannebaret.com campagnolo1715786198.zendesk.com www.google.it sync.1rx.io ib.adnxs.com rtb.csync.smartserver.com r.casalemedia.com gum.criteo.com id5-sync.com ad.360yield.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com *.dmxleo.com *.smartadserver.com *.omnitagjs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.feedaty.com *.getflowbox.com *.iubenda.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com static.zdassets.com cdn.clerk.io customer-jo4fg3675hw5zuyf.cloudflarestream.com cdn.iubenda.com api.clerk.io cs.iubenda.com js-agent.newrelic.com embed.cloudflarestream.com www.google.com www.gstatic.com dynamic.criteo.com a.omappapi.com static.hotjar.com sslwidget.criteo.com script.hotjar.com ecomm.sella.it sandbox.gestpay.net pod-29.zendesk.com sgtm.jeannebaret.com sgtm.cmpsport.com mn.cmpsport.com mn.melby.it connect.facebook.net https://cdn.iubenda.com https://static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.feedaty.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com www.gstatic.com a.omappapi.com cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.feedaty.com *.getflowbox.com *.iubenda.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com region1.google-analytics.com ekr.zdassets.com customer-jo4fg3675hw5zuyf.cloudflarestream.com api.openweathermap.org cmp.zendesk.com bam.nr-data.net idb.iubenda.com region1.analytics.google.com api.omappapi.com gum.criteo.com measurement-api.criteo.com wss://pod-29.zendesk.com sgtm.jeannebaret.com campagnolo1715786198.zendesk.com www.google.it connect.facebook.net *.doubleclick.net mn.cmpsport.com mn.melby.it 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.nr-data.net *.criteo.net *.cloudflarestream.com *.cloudflare.com *.clerk.io *.cmpsport.com *.melby.it *.zdassets.com *.chimpstatic.com *.iubenda.com *.zendesk.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com magento-cloudflare.jetrails.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.doubleclick.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f76f10d2-68e2-4789-9aaf-4449480ad26c.sansec.watch/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com https://fonts.bunny.net https://*.getroster.com https://*.gstatic.com https://*.klaviyo.com https://*.typekit.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.certcapture.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.getroster.com https://www.google.rs https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://*.cloudfront.net https://*.typekit.net data: 'self' 'unsafe-inline'; script-src https://*.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://*.getroster.com https://*.tiktok.com https://magento.com https://*.klaviyo.com https://www.googletagmanager.com https://*.typekit.net https://static.cloudflareinsights.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com assets.braintreegateway.com fonts.googleapis.com *.certcapture.com https://static.klaviyo.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.getroster.com https://*.gstatic.com https://*.klaviyo.com https://*.tiktok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.perfumist.net *.perfumist.fr *.ccm19.de *.barrierefreie-web.de parfuemerie.b-cdn.net https://widgets.trustedshops.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.cookiebot.com www.xtento.com https://www.googletagmanager.com/ *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.perfumist.net *.perfumist.fr https://consenttool.haendlerbund.de *.haendlerbund.de *.cookiebot.com *.ccm19.de *.vgz.fr *.barrierefreie-web.de flagcdn.com *.casalemedia.com *.bidswitch.net ad11.adfarm1.adition.com imagesrv.adition.com *.google.de ad.adnet.de parfuemerie.b-cdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.alothemes.com *.magepow.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.plugins.emarsys.net *.scarabresearch.com *.perfumist.net *.perfumist.fr https://consenttool.haendlerbund.de *.facebook.net *.cookiebot.com *.ccm19.de *.barrierefreie-web.de *.adcell.com pix.hyj.mobi tm.ad-srv.ne *.ad-srv.net ad4m.at *.bounce-commerce.de img.adnet.de *.pinterest.com sibautomation.com *.pinimg.com parfuemerie.b-cdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.sovendus.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://maps.googleapis.com/ *.alothemes.com *.magepow.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.perfumist.net *.perfumist.fr https://consenttool.haendlerbund.de *.cookiebot.com *.ccm19.de *.barrierefreie-web.de parfuemerie.b-cdn.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.scarabresearch.com *.eservice.emarsys.net *.perfumist.net *.perfumist.fr https://consenttool.haendlerbund.de *.cookiebot.com *.googleapis.com *.doubleclick.net *.ccm19.de *.barrierefreie-web.de *.adcell.com *.ad4m.at *.bounce-commerce.de *.pinterest.com *.brevo.com parfuemerie.b-cdn.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.sovendus.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://maps.googleapis.com/ *.alothemes.com *.magepow.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UTF-2b6WwL5cWuERwf1Ofw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-2gXkA-zqTWwl6QOE0tEV_A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stape.io *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.elmotalent.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io dpm.demdex.net *.addthis.com *.ewaypayments.com *.elmotalent.com.au c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io *.cloudflare.com *.googleapis.com *.clarity.ms *.bing.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.ewaypayments.com https://*.sandbox.ewaypayments.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.cloudflare.com *.twitter.com *.fontawesome.com dpm.demdex.net *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.elmotalent.com.au *.clarity.ms accesshardwareptyltd.snapforms.com.au www.gstatic.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com maps.googleapis.com cdn.ampproject.org connect.facebook.net payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.stape.io *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net www.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io *.cloudflare.com *.addthis.com *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com places.googleapis.com cdn.ampproject.org www.googleapis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src dpm.demdex.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: script.hotjar.com *.klarna.com *.playground.kl *.klarnaevt.com *.fontawesome.com *.klarnacdn.net d30lee2gy4gtgb.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.beerhawk.co.uk *.facebook.com *.klarna.com *.playground.klarna.com *.klarnaevt.com *.snapchat.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.pinterest.com www.pinterest.co.uk static.criteo.net ct.pinterest.com insight.adsrvr.org match.adsrvr.org *.apt.io *.beerhawk.co.uk gum.criteo.com *.facebook.com wchat.eu.freshchat.com *.gstatic.com *.hotjar.com *.klarna.com *.klarnaevt.com *.playground.klarna.com *.recurly.com *.snapchat.com *.twitter.com *.eu.webpush.freshchat.com www.youtube-nocookie.com *.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.paypalobjects.com newassets.hcaptcha.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net matching.ivitrack.com js-assets.perfectdraft.com cm.g.doubleclick.net ads.yahoo.com ups.analytics.yahoo.com pixel.rubiconproject.com cdn.stickyadstv.com pixel.tapad.com s.thebrighttag.com pixel.advertising.com x.bidswitch.net eb2.3lift.com dis.criteo.com sp.analytics.yahoo.com sync.outbrain.com sync-t1.taboola.com simage2.pubmatic.com visitor.omnitagjs.com sync.e-planning.net jadserve.postrelease.com exchange.mediavine.com secure.adnxs.com us-u.openx.net criteo-partners.tremorhub.com cm.mgid.com ad.yieldlab.net sync-criteo.ads.yieldmo.com s.ad.smaato.net i6.liadm.com i.liadm.com cw.addthis.com criteo-sync.teads.tv ad.as.amanad.adtdp.com r.casalemedia.com in.treasuredata.com rtb-csync.smartadserver.com trends.revcontent.com ad.360yield.com match.sharethrough.com gum.criteo.com d.turn.com c.clarity.ms public-prod-dspcookiematching.dmxleo.com partner.mediawallahscript.com id5-sync.com contextual.media.net idsync.rlcdn.com ads.stickyadstv.com crb.kargo.com ib.adnxs.com tags.bluekai.com cm.adform.net ih.adscale.de sync.aralego.com cotads.adscale.de a.twiago.com adgen.socdm.com tg.socdm.com adx.dable.io sync.ad-stir.com analytics.twitter.com alb.reddit.com e1.emxdgt.com match.adsrvr.org ads.avocet.io ads.avct.cloud *.awin1.com px.ads.linkedin.com *.beerhawk.co.uk beerbods.co.uk *.bing.com cx.atdmt.com trk.clinch.co *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.co.uk script.hotjar.com *.klarna.com *.klarnaevt.com *.playground.klarna.com beacon.krxd.net *.linkedin.com *.nosto.com *.cookielaw.org ct.pinterest.com *.postcodeanywhere.co.uk id.rlcdn.com *.snapchat.com *.tinifycdn.com t.co *.tvsquared.com *.zenaps.com *.afterpay.com *.clearpay.co.uk *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com d30lee2gy4gtgb.cloudfront.net c5.adalyser.com cdn-eu.dynamicyield.com cdn.dynamicyield.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googletagmanager.com *.facebook.net *.doubleclick.net c5.adalyser.com js-assets.perfectdraft.com s.adroll.com d.adroll.mgr.consensu.org static.ads-twitter.com *.bing.com *.cardinalcommerce.com a.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms l.clarity.ms n.clarity.ms www.clarity.ms *.cloudflare.com *.klarnacdn.net *.cloudflareinsights.com dynamic.criteo.com sslwidget.criteo.com *.criteo.net *.dwin1.com api.uk.exponea.com wchat.eu.freshchat.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.hotjar.com js.adsrvr.org *.klarna.com *.playground.klarna.com *.klarnaevt.com *.licdn.com *.lr-ingest.io *.measured.com *.nosto.com *.cookielaw.org *.paypal.com *.pcapredict.com s.pinimg.com *.postcodeanywhere.co.uk *.ratebeer.com www.redditstatic.com sc-static.net *.snapchat.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.treasuredata.com *.tvsquared.com analytics.twitter.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net x.klarnacdn.net *.klarnaservices.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com d30lee2gy4gtgb.cloudfront.net tag.aticdn.net cdn-eu.dynamicyield.com st-eu.dynamicyield.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.cloudflare.com *.cookielaw.org *.klarna.com *.klarnaevt.com *.playground.klarna.com *.postcodeanywhere.co.uk wchat.eu.freshchat.com *.fontawesome.com *.afterpay.com/ *.squarecdn.com *.klarnacdn.net assets.braintreegateway.com d30lee2gy4gtgb.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.google-analytics.com tr.snapchat.com a.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms n.clarity.ms www.clarity.ms api.uk.exponea.com beerbods.co.uk *.bing.com *.cardinalcommerce.com *.cloudflare.com *.cookielaw.org sslwidget.criteo.com https://dpm.demdex.net *.dwin1.com *.facebook.com *.facebook.net stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.playground.klarna.com *.ksearchnet.com *.lr-ingest.io *.nosto.com https://privacyportal-de.onetrust.com ct.pinterest.com *.postcodeanywhere.co.uk *.recurly.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com x.klarnacdn.net *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com hub.feefo.com d30lee2gy4gtgb.cloudfront.net rpnxgwj.pa-cd.com maps.googleapis.com pixel-config.reddit.com www.redditstatic.com async-px-eu.dynamicyield.com tr6.snapchat.com rcom-eu.dynamicyield.com st-eu.dynamicyield.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.klarna.com *.playground.klarna.com *.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.darkx.com *.xempire.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.darkx.com *.xempire.com join.gammasecure.com; script-src 'self' *.darkx.com *.xempire.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.darkx.com *.xempire.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
frame-ancestors 'self' zeelo.tech *.zeelo.tech zeelo.co zeelo.us zeelo.co.za zeelo.ie zeeride.co.uk zeeride.us *.zeelo.co *.zeelo.us *.zeelo.co.za *.zeelo.ie *.zeeride.co.uk *.zeeride.us *.influ2.com influ2.com; upgrade-insecure-requests ; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pube793bb4d6183c8b7236e0545dc151dff&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketing%2Cenv%3Aprod 1
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com optimize.google.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.adobedc.net *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.londonstone.co.uk *.googlesyndication.com *.google-analytics.com *.klevu.com api.exponea.com ct.pinterest.com *.abtasty.com *.adobedc.net *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com *.zendesk.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://maps.omnivasiunta.lt www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://unpkg.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io https://geocode.arcgis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de js.stripe.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.google.ee *.facebook.com public.montonio.com self: *.nosto.com *.nos.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.googletagmanaget.com *.google-analytics.com *.googleadservices.com *.adobedtm.com *.hotjar.com *.stripe.com *.facebook.net *.addthis.com d1cocw0250tpxv.cloudfront.net public.montonio.com js.stripe.com *.nosto.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanaget.com *.googleadservices.com *.adobedtm.com *.hotjar.com *.stripe.com *.facebook.net *.facebook.com metrics.hotjar.io api.sandbox-card-payments.montonio.com api.card-payments.montonio.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample' https://apis.google.com/js/client.js https://feeds.trac.jobs/js/v12/EmbeddedJobsBoard.js https://maps.googleapis.com/maps/api/js https://www.browsealoud.com/plus/scripts/3.1.0/ba.js https://www.cqc.org.uk/sites/all/modules/custom/cqc_widget/widget.js https://www.googletagmanager.com/gtm.js https://api.reciteme.com; style-src 'self' 'report-sample' https://cdnjs.cloudflare.com https://feeds.trac.jobs https://fonts.googleapis.com https://use.fontawesome.com https://www.cqc.org.uk https://api.reciteme.com; img-src 'self' data: https://feeds.trac.jobs https://maps.googleapis.com https://maps.gstatic.com https://static.trac.jobs https://www.cqc.org.uk https://api.reciteme.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; media-src 'self'; object-src 'none'; frame-src 'self' https://my.matterport.com https://player.vimeo.com https://www.youtube-nocookie.com; worker-src 'none'; manifest-src 'self'; base-uri 'self' 1
default-src 'self'; report-uri https://www.kcrent.jp/csp-report/; 1
base-uri 'self'; connect-src 'self' https://www.paynearme.com https://s.yimg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.gstatic.com https://bat.bing.com google.com.pr *.google.com.pr hotjar.io *.hotjar.io *.google.com wss://ws.hotjar.com www.googleadservices.com https://api.rollbar.com https://content.hotjar.io https://www.commissionsoup.com https://metrics.hotjar.io https://*.google.com ninjafetch.com *.ninjafetch.com neuro-id.com *.neuro-id.com neuroid.cloud *.neuroid.cloud; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://*.yodlee.com; frame-src 'self' https://www.paynearme.com https://td.doubleclick.net https://www.googletagmanager.com bat.bing.com https://widget.sophtron.com https://*.edgescore.com https://*.yodlee.com https://www.commissionsoup.com; img-src 'self' data: https://sp.analytics.yahoo.com https://static.ads-twitter.com https://t.co analytics.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com totalcardinc.com *.totalcardinc.com bing.com *.bing.com bat.bing.net www.google.com.mx www.google.com.ng www.googleadservices.com www.google.com.ph https://edge-public-assets.s3.us-east-2.amazonaws.com https://www.commissionsoup.com https://images.totalcardinc.com https://www.google.co.in www.google.com.pr https://bat.bing.com https://www.google.com.pr; object-src 'none'; script-src https://www.paynearme.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com 'self' static.ads-twitter.com *.static.ads-twitter.com yimg.com *.yimg.com bat.bing.com *.bat.bing.com hotjar.com *.hotjar.com engagement.technology *.engagement.technology g.doubleclick.net *.g.doubleclick.net googleadservices.com *.googleadservices.com ninjafetch.com *.ninjafetch.com yodlee.com *.yodlee.com neuro-id.com *.neuro-id.com 'unsafe-inline'; style-src 'self' https://www.paynearme.com https://unpkg.com/swiper@7/swiper-bundle.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://ninjafetch.com https://www.paynearme-sandbox.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=CnPjEx6rniU3cnjFFt097w2MINjf1rxhqRKtCZihzwI-1773717300.037842-1.0.1.1-oo6_R7FyBdaKSpUvFQpZP4px3WtgPdJpCWZj0EuRSKcFqXlxDq.29XpVOuAEFAlVDjSoJe3.z2AZjSQtACDRB3hpxU.0woJE9zUgjL.CzAlg6U6jQZqydlx_ktUWzSJ35aYqJ2CPDJbUeGt5c_a_UrYL9WC7mraNc90.86t8xwZ26mG5i6njtLZmuu1Axg5IdShIWYRKTUY9CvL7kUp_vQ; report-to cf-lzvvizoncjclsahb 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https:; frame-src 'self' https://www.google.com https://*.google.com; object-src 'none'; base-uri 'self'; form-action 'self' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com id.dokobit.com id-sandbox.dokobit.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://app.usercentrics.eu 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.dokobit.com *.google.lv *.openstreetmap.org https://maps.omnivasiunta.lt ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com https://app.usercentrics.eu *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.dokobit.com *.usercentrics.eu *.hotjar.com https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://www.googletagmanager.com https://polyfill.io https://api.usercentrics.eu https://id-sandbox.dokobit.com *.disqus.com *.avada.io *.shopify.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com id.dokobit.com id-sandbox.dokobit.com *.googleapis.com https://fonts.bunny.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.dokobit.com *.doubleclick.net https://geocode.arcgis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://api.usercentrics.eu https://id-sandbox.dokobit.com https://get.geojs.io *.avada.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; style-src https: 'self' 'unsafe-inline' *.googletagmanager.com *.tagmanager.google.com *.fonts.googleapis.com; script-src https: 'nonce-45zEnK6LtOQeztX9R6TS+t6z8LM=' 'strict-dynamic'; form-action 'self' ; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; frame-src 'self' view.ceros.com *.company-target.com *.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net; report-to csp-endpoint; report-uri https://axaxl.com/api/CSP; font-src 'self' fonts.gstatic.com data:; img-src 'self' * data:; connect-src 'self' browser-intake-datadoghq.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.co.uk www.google.com.sg *.google.com *.googlesyndication.com *.company-target.com *.linkedin.com *.licdn.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.demandbase.com *.boltdns.net *.akamaihd.net *.nr-data.net *.en25.com; manifest-src 'self'; media-src blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; default-src 'self' mailto: tel: www.google.com www.google.co.uk *.google.com *.googletagmanager.com www.googletagmanager.com *.company-target.com *.linkedin.com *.licdn.com *.eloqua.com *.brightcove.com *.brightcove.net *.rlcdn.com *.boltdns.net *.demandbase.com *.akamaihd.net *.axaxl.com *.doubleclick.net *.en25.com www.google.com.sg; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology *.fontawesome.com https://fonts.bunny.net *.google.com https://netdna.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.youtube.com/ *.google.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology https://firebasestorage.googleapis.com cdn.mundipagg.com api.pagar.me *.gstatic.com scontent.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.google.com *.maps.gstatic.com maps.googleapis.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology *.avada.io 3ds2.pagar.me 3ds2-sdx.pagar.me device.clearsale.com.br https://analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology https://fonts.bunny.net https://netdna.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com scontent.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.com *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com *.facebook.com *.facebook.net https://connect.facebook.net https://stats.g.doubleclick.net *.google.com.br *.sizebay.technology https://get.geojs.io *.avada.io api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br google.com pay.sandbox.google.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.brevo.com https://sibautomation.com https://www.youtube.com https://cdn.amcharts.com https://cdn.curator.io https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.brevo.com https://cdn.curator.io; img-src 'self' data: https: blob:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://archive.floorball.sport; connect-src 'self' https://www.googletagmanager.com https://www.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.brevo.com https://sibautomation.com https://in-automate.brevo.com https://www.youtube.com https://api.curator.io; frame-src 'self' https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://www.instagram.com https://www.linkedin.com https://x.com; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; worker-src 'self' blob:; 1
default-src 'self' infoblox.okta.com *.oktacdn.com; connect-src 'self' infoblox.okta.com infoblox-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com infoblox.kerberos.okta.com infoblox.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-1mt63wCabafWV7qJckyqow' 'unsafe-eval' 'self' 'report-sample' infoblox.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' infoblox.okta.com *.oktacdn.com; frame-src 'self' infoblox.okta.com infoblox-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator: api-76e5adb9.duosecurity.com; img-src 'self' infoblox.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' infoblox.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-xZR0q1e3qgBxCHEt8ipM4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.userway.org *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.userway.org https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.clarity.ms *.addtoany.com *.bootstrapcdn.com *.userway.org *.avada.io *.shopify.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.maxmind.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.userway.org *.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.userway.org https://get.geojs.io *.avada.io http://dpm.demdex.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.mmapiws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.googleapis.com *.vitalia-reformhaus.de data: https://widgets.trustedshops.com *.consentmanager.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com *.twitter.com *.vitalia-reformhaus.de www.facebook.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.vitalia-reformhaus.de *.sovendus-benefits.com/ *.sovendus-connect.com/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.tokenization.secure.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudfront.net *.cloudflare.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.facebook.com *.vitalia-reformhaus.de *.cloudflare.net *.google.com *.google.com.vn *.google.com.de *.trustedshops.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.consentmanager.net *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com jquery.sellxed.com *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.vitalia-reformhaus.de *.sovendus.com *.trustedshops.com *.googlesyndication.com *.doubleclick.net *.jsdelivr.at *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.tokenization.secure.payone.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.consentmanager.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.usercentrics.eu *.vitalia-reformhaus.de *.tagmanager.google.com *.googletagmanager.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io src.mastercard.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.consentmanager.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.twimg.com *.vitalia-reformhaus.de *.usercentrics.eu www.google.com googleads.g.doubleclick.net *.sovendus.com *.doubleclick.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tokenization.secure.payone.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.consentmanager.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' yoast.com betadevsecuritygovuk.matomo.cloud securitygovuk.matomo.cloud; script-src 'self' cdn.matomo.cloud 'unsafe-eval' 'unsafe-inline'; style-src 'self' p.typekit.net use.typekit.net fonts.googleapis.com 'unsafe-inline'; img-src 'self' s.w.org secure.gravatar.com data: syndication.twitter.com; font-src data: 'self' fonts.gstatic.com cdn.scite.ai use.typekit.net; worker-src data: blob: 'self'; frame-src 'self' www.youtube-nocookie.com platform.twitter.com syndication.twitter.com; report-uri https://csp1.ingest.service.security.gov.uk/report; report-to primary 1
default-src 'self'; script-src 'self' https://static.axept.io https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com 'unsafe-eval' https://dk0rzsp9wq5yj.cloudfront.net 'nonce-91453fd15c3a9b212250a4aee87a45c1'; script-src-elem 'self' 'unsafe-inline' https://static.axept.io https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com 'unsafe-eval' https://cdn-app.myli.io https://dk0rzsp9wq5yj.cloudfront.net; script-src-attr 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://dk0rzsp9wq5yj.cloudfront.net 'nonce-91453fd15c3a9b212250a4aee87a45c1'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn-app.myli.io https://dk0rzsp9wq5yj.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://dk0rzsp9wq5yj.cloudfront.net; img-src 'self' data: https://api.mapbox.com https://www.google.com https://www.gstatic.com https://eprel.ec.europa.eu https://dk0rzsp9wq5yj.cloudfront.net https://profilplus.s3.eu-west-1.amazonaws.com https://pagead2.googlesyndication.com https://cdn-app.myli.io; connect-src 'self' https://api.mapbox.com https://nominatim.openstreetmap.org https://www.google.com https://static.axept.io https://cdn-app.myli.io; frame-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://t.profilplus.fr; object-src 'none'; frame-ancestors 'self'; form-action 'self'; base-uri 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com business.facebook.com *.addthis.com *.vudoo.io *.doubleclick.net *.adroll.com *.recaptcha.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net * *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://prf.hn *.google.com *.unbxd.io *.unbxdapi.com *.adroll.com *.bing.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.adnxs.com *.3lift.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://prf.hn https://pzapi-nb.com https://pzapi-kg.com https://pzapi-ij.com/ *.unbxd.io *.unbxdapi.com *.hotjar.com *.adroll.com *.vudoo.io *.tiktok.com *.bing.com *.optimonk.com acsbapp.com *.acsbapp.com *.cloudfront.net *.lexer.io *.pdst.fm *.recaptcha.net *.zdassets.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cash.app *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com display.ugc.bazaarvoice.com https://static.klaviyo.com *.fontawesome.com *.unbxd.io *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com * *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com *.unbxd.io *.unbxdapi.com acsbapp.com *.acsbapp.com *.adroll.com *.spotify.com *.optimonk.com *.tiktok.com *.amazonaws.com *.zendesk.com places.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com swisse.com.au searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.hotjar.com *.zopim.com *.fontawesome.com *.cloudflare.com maxcdn.bootstrapcdn.com 'self' data: www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.addthis.com *.googleapis.com *.cookieyes.com *.addtoany.com *.resengo.com *.storescan.eu *.doubleclick.net *.joyfotografie.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: *.onesignal.com onesignal.com *.hsforms.net *.hsforms.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.cdninstagram.com *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.google.de data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.onesignal.com onesignal.com https://www.googletagmanager.com tagmanager.google.com unpkg.com s7.addthis.com *.avada.io *.hsforms.net *.hsforms.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.marker.io *.addthis.com *.cookieyes.com cdn-cookieyes.com *.addtoany.com *.resengo.com *.cloudflare.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://static.klaviyo.com *.cloudflare.com *.onesignal.com onesignal.com tagmanager.google.com maxcdn.bootstrapcdn.com *.gstatic.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.klaviyo.com *.cookieyes.com 'self' 'unsafe-inline'; object-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; media-src *.zopim.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; manifest-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.onesignal.com onesignal.com *.facebook.net ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.addthis.com ws.hotjar.com *.marker.io *.google.com *.stape.org *.instagram.com *.cookieyes.com cdn-cookieyes.com *.google.nl *.googlesyndication.com *.klaviyo.com 'self' 'unsafe-inline'; child-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
connect-src 'self' https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://www.google.com https://*.googletagmanager.com https://bat.bing.com https://bat.bing.net https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com https://px.ads.linkedin.com https://www.facebook.com/privacy_sandbox/topics/registration/ https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uk/ads/ga-audiences https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googleadservices.com https://www.google.com/recaptcha/ https://translate.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com/ https://go.arbuthnotlatham.co.uk/ https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://charts3.equitystory.com https://block.opendns.com https://drive.google.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://tagmanager.google.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://snap.licdn.com https://use.typekit.net https://p.typekit.net https://go.arbuthnotlatham.co.uk https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.google.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://ajax.googleapis.com https://apis.google.com https://pi.pardot.com/analytics cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self' https://alolb1.arbuthnotlatham.co.uk; frame-ancestors 'self'; report-uri https://www.arbuthnotlatham.co.uk/log-report-uri/reportOnly 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-2a571eaff852845fa89e05e53c7851db06dd1d49' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
report-to https://c27a0dbdb777b25e6be808015953fd29.report-uri.com/r/d/csp/wizard 1
font-src *.cloudflare.com *.gstatic.com *.trustedshops.com *.googleapis.com 'unsafe-inline' data: *.fontawesome.com *.cloudfront.com *.cloudfront.net *.klarnacdn.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.acimacredit.com *.addtoany.com *.google.com *.assets.adobedtm.com *.ws.sharethis.com *.w.sharethis.com *.l.sharethis.com *.t.sharethis.com *.cloudfront.net https://consentcdn.cookiebot.com https://data.sofa-dreams.com *.rebounce.ai *.ad-srv.net *.klarna.com https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.amazonaws.com *.klarnacdn.net *.cloudfront.net *.googleapis.com *.paypalobjects.com bianco-evento.com *.be-healthprotect.it *.lfeeder.com *.google.co.in *.facebook.com https://data.sofa-dreams.com https://cdn.sitecockpit.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com ratenkauf.easycredit.de maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.fontawesome.com *.addtoany.com *.facebook.com *.assets.adobedtm.com *.ws.sharethis.com *.w.sharethis.com *.l.sharethis.com *.t.sharethis.com *.cloudfront.net *.googleapis.com *.lfeeder.com *.clarity.ms *.facebook.net snid.snitcher.com https://t.adcell.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://manage.cookiebot.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com ratenkauf.easycredit.de maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.gstatic.com *.cloudfront.net *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.snitcher.com *.clarity.ms *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ratenkauf.easycredit.de www.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; media-src 'self' https://panel.sutty.nl; style-src 'self' 'unsafe-inline'; script-src https: 'self'; font-src data: 'self'; img-src https: data: 'self'; object-src 'none'; frame-src https: 'self'; connect-src 'self' https://*.sutty.nl; report-uri https://api.sutty.nl/v1/csp_reports.json 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.sirv.com *.olark.com *.contivio.com *.avalara.com sbx.certcapture.com app.certcapture.com https://img.en25.com/i/elqCfg.min.js https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/ https://x.adroll.com/ https://ipv4.d.adroll.com/ *.visualvisitor.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.sirv.com www.xtento.com cdn.xtento.com *.olark.com https://img.en25.com/i/elqCfg.min.js *.artifi.net *.monetate.net www.magecomp.com *.contivio.com *.avalara.com sbx.certcapture.com app.certcapture.com https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/ https://x.adroll.com/ https://ipv4.d.adroll.com/ *.visualvisitor.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com *.sirv.com player.vimeo.com www.xtento.com cdn.xtento.com *.olark.com *.monetate.net img03.en25.com *.coveo.com *.newrelic.com *.artifi.net https://img.en25.com/i/elqCfg.min.js *.contivio.com *.avalara.com sbx.certcapture.com app.certcapture.com https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/ https://x.adroll.com/ https://ipv4.d.adroll.com/ *.visualvisitor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com *.sirv.com *.olark.com *.contivio.com *.avalara.com sbx.certcapture.com app.certcapture.com https://img.en25.com/i/elqCfg.min.js https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/ https://x.adroll.com/ https://ipv4.d.adroll.com/ *.visualvisitor.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.sirv.com *.olark.com blob: *.avalara.com sbx.certcapture.com app.certcapture.com https://img.en25.com/i/elqCfg.min.js https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/consent/ https://x.adroll.com/attribution/trigger https://ipv4.d.adroll.com/ *.visualvisitor.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.sirv.com *.youtube.com blob: *.olark.com *.cloud.coveo.com bam.nr-data.net *.artifi.net *.contivio.com *.avalara.com sbx.certcapture.com app.certcapture.com https://img.en25.com/i/elqCfg.min.js https://trk.barcoproducts.com/ *.invocacdn.com *.crazyegg.com https://bat.bing.com/ https://s.adroll.com/ https://d.adroll.com/consent/ https://x.adroll.com/attribution/trigger https://ipv4.d.adroll.com/ *.visualvisitor.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-BCuqewBNw3_F4uCeoW9sPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-h-0k8xqpGcbKShNzVaqDPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mouseflow.com *.mouseflow.com unpkg.com github.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.google.com *.google.ch *.google.fr *.google.de google.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.facebook.net *.facebook.com www.facebook.com browser-update.org *.adnsxs.com *.adnxs.com *.doubleclick.net *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.linkedin.com *.licdn.com *.clearbitjs.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.onetrust.com cdn.ckeditor.com cdn.jsdelivr.net api.fouanalytics.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net unpkg.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: blob: groupe-e.ch *.groupe-e.ch *.linkedin.com *.licdn.com *.clearbitjs.com *.facebook.net *.facebook.com www.facebook.com *.adnsxs.com *.adnxs.com *.doubleclick.net *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.ch *.google.fr *.google.de google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.cookielaw.org *.onetrust.com *.google-analytics.com *.googletagmanager.com i.ytimg.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com cdn.jsdelivr.net *.mouseflow.com googleads.g.doubleclick.net stats.g.doubleclick.net; frame-src 'self' data: *.facebook.net *.facebook.com www.facebook.com *.doubleclick.net *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.ch *.google.fr *.google.de google.com *.youtube.com *.youtube-nocookie.com *.google-analytics.com *.googletagmanager.com groupe-e.ch *.groupe-e.ch gateway.zscloud.net *.cloudflare.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.mouseflow.com; connect-src 'self' groupe-e.ch *.groupe-e.ch *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.ch *.google.fr *.google.de google.com *.oribi.io *.cookielaw.org *.onetrust.com *.linkedin.com *.licdn.com cdn.mouseflow.com *.mouseflow.com *.facebook.net *.facebook.com www.facebook.com api.fouanalytics.com apix.b2c.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests 1
font-src *.kueskipay.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.opencontrol.mx *.kaptcha.com *.openpay.pe eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar supercolchones.gestionplay.com.ar *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.facebook.net cdn.connectif.cloud newrelic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com supercolchones.gestionplay.com.ar fonts.googleapis.com unsafe-inline *.paypal.com *.sandbox.paypal.com *.paypalobjects.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com supercolchones.gestionplay.com.ar 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.doubleclick.net https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com multicobros.banorte.com supercolchones.gestionplay.com.ar *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; worker-src blob: https://tobaccofreeflorida.com/; object-src 'none'; script-src  'unsafe-eval' 'self' https://www.googletagmanager.com/ https://connect.facebook.net/	https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://sc-static.net/ https://www.youtube.com/iframe_api https://www.google-analytics.com/ https://maps.googleapis.com/ https://play.google.com/ https://googleads.g.doubleclick.net/ https://tffl.wpengine.com/ https://www.youtube.com/ https://dashboard.chatfuel.com/ https://bat.bing.com/ https://action.media6degrees.com/ https://ajax.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://tags.srv.stackadapt.com/ https://siterecruit.comscore.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://tag.simpli.fi/ https://i.simpli.fi 1
default-src 'self' *.lopcloud.com; report-uri https://license.lopcloud.com/kcc/bo/csp-report; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-w029ykclTynZ17Ue-7wmKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://ey6ws543.uriports.com/reports/report; report-to default 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com  https://fonts.gstatic.com *.oct8ne.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google.com chart.googleapis.com *.addthis.com *.addthisedge.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu *.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net *.hsforms.com *.gumlet.io placehold.co *.google.it *.hubspot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl www.google.com www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com cdn.jsdelivr.net maps.google.com *.addthis.com *.addthisedge.com *.moatads.com unpkg.com cdn.iubenda.com *.hsforms.net *.hotjar.com *.pardot.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.usemessages.com/ *.legalblink.it *.fontawesome.com accessibility.tun2u.it *.hubspot.com *.clarity.ms https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com cdn.jsdelivr.net *.googleapis.com unpkg.com cdn.iubenda.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doofinder.com wss://*.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com chart.googleapis.com *.addthis.com *.hsforms.com *.google-analytics.com *.doubleclick.net *.hubspot.com *.legalblink.it *.hscollectedforms.net *.gumlet.io accessibility.tun2u.it *.clarity.ms *.fontawesome.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.die-samariter.org https://*.online-packen.org; script-src 'self' 'nonce-RX3qVwRFBHEDHHUypAjQuYyQJYwPuobWaj94j1yiD6N3f3ZyuMi6Wg' 'unsafe-eval' blob: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://code.etracker.com https://www.etracker.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://privacy-proxy-server.usercentrics.eu https://maps.gstatic.com https://maps.googleapis.com https://adfarm1.adition.com https://www.google.com https://www.google.de https://*.tile.openstreetmap.org; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://app.usercentrics.eu https://creatorapp.zohopublic.eu https://creatorl.zohopublic.eu https://www.googletagmanager.com; style-src 'self' https://*.die-samariter.org https://*.online-packen.org 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; font-src 'self' https://*.die-samariter.org https://*.online-packen.org data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.die-samariter.org https://*.online-packen.org https://api.usercentrics.eu https://graphql.usercentrics.eu https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://aggregator.service.usercentrics.eu https://maps.googleapis.com https://www.etracker.de https://*.analytics.google.com https://*.google-analytics.com https://www.google.de https://www.google.com https://stats.g.doubleclick.net; report-uri https://www.die-samariter.org/@http-reporting?csp=report&requestTime=1773715812510887&requestHash=a33868dca0a75eb79b4477c55add0def93aec5e0 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: use.fontawesome.com static-dev.srag.cahosting.de static-dev.srag.codel1.de tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.dev.srag.codel1.de cdn.staging.srag.cahosting.de srag.dev.saatec.local *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com seu2.cleverreach.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ piwik.sativa-biosaatgut.de www.google.com app-wallee.com td.doubleclick.net www.googletagmanager.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com https://www.magezon.com static-dev.srag.cahosting.de static-dev.srag.codel1.de widgets.trustedshops.com www.google.de piwik.sativa-biosaatgut.de tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.dev.srag.codel1.de cdn.staging.srag.cahosting.de files.mirasvit.com www.magecomp.com srag.dev.saatec.local www.sativa.bio *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.google.com/ *.contentsquare.net analytics.sativa.bio www.google.com www.gstatic.com use.fontawesome.com static-dev.srag.cahosting.de static-dev.srag.codel1.de tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.dev.srag.codel1.de cdn.staging.srag.cahosting.de static-staging.srag.cahosting.de widgets.trustedshops.com consent.cookiefirst.com browser-update.org piwik.sativa-biosaatgut.de app-wallee.com srag.dev.saatec.local connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com www.googletagmanager.com *.contentsquare.net use.fontawesome.com static-dev.srag.cahosting.de static-dev.srag.codel1.de cloud.typography.com consent.cookiefirst.com sativa.bio www.sativa.bio tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.dev.srag.codel1.de cdn.staging.srag.cahosting.de srag.dev.saatec.local *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.contentsquare.net analytics.sativa.bio static-dev.srag.cahosting.de static-dev.srag.codel1.de static.cookiefirst.com edge.cookiefirst.com consent.cookiefirst.com api.cookiefirst.com tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.dev.srag.codel1.de cdn.staging.srag.cahosting.de pagead2.googlesyndication.com www.google.de www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://api-lara.sativa.bio/api/csp/report/frontend; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.inkifi.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: magento-cloudflare.jetrails.com *.klarna.com https://designer.mediacliphub.com https://*.azureedge.net *.weltpixel.com https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.cloudflareinsights.com *.mediacliphub.com *.facebook.com *.laybuy.com *.azureedge.net zenaps.com *.zenaps.com *.pinterest.com *.pinterest.ca *.pinterest.co.uk 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.ytimg.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://render.mediacliphub.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com blob: *.adobedtm.com *.stripe.com dev.visualwebsiteoptimizer.com *.wistia.com *.cloudfront.net inkifi.com *.nxcli.net *.sweetanalytics.com *.google.ru *.google.co.uk *.zopim.com *.zopim.io *.mediacliphub.com awin1.com *.awin1.com zenaps.com *.zenaps.com *.googleadservices.com *.sciencebehindecommerce.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://static.mediacliphub.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.adobedtm.com *.gorgias.chat self *.hcaptcha.com unsafe-inline unsafe-eval unsafe-hashes *.visualwebsiteoptimizer.com *.googleoptimize.com player.vimeo.com *.wistia.com *.sweetanalytics.com *.mediacliphub.com *.dwin1.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.twimg.com *.gstatic.com *.authorize.net *.googleapis.com *.demdex.net *.amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.zdassets.com *.pinterest.co.uk *.pinterest.ca *.facebook.com *.apptrian.com *.zopim.com *.sciencebehindecommerce.com zenaps.com *.zenaps.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.klaviyo.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://api.mediacliphub.com https://dc.services.visualstudio.com maps.googleapis.com *.stripe.com klarna.com *.link.com *.amazon.com https://www.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com *.gorgias.chat *.googleapis.com *.datadome.co *.google.uk *.google.ru js.monitor.azure.com *.litix.io *.wistia.com *.nxcli.net *.sweetanalytics.com *.cloudflare.com *.demdex.net *.amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.paypalobjects.com *.zdassets.com *.pinterest.co.uk *.pinterest.ca *.facebook.com *.apptrian.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.mediacliphub.com *.services.visualstudio.com *.sciencebehindecommerce.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-url *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch; font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch 'self' data: *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.skypack.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch 'self' 'unsafe-inline'; manifest-src *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.doubleclick.net 'self' 'unsafe-inline'; child-src *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch http: https: blob: 'self' 'unsafe-inline'; default-src *.romapps.com *.gymnova.com *.gympassion.be *.gymnova.ch *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors https://www.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com *.paymentexpress.com *.windcave.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com https://www.facebook.com https://connect.facebook.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com accounts.google.com api.twitter.com www.linkedin.com api.instagram.com *.amazon.com *.twitch.tv login.microsoftonline.com https://pinterest.com https://www.pinterest.com appleid.apple.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.instagram.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apis.google.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com www.google-analytics.com  widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.mollie.com web.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-1DEDyre6-Pr_NV9ApIvacg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=0wI3YGl5VJP96hU3MKaS6V.gGK7UzSjMqoAwFNUhU1w-1773709697-1.0.1.1-5wMgbyD3oSwMIGOhA6lPvZjfTpQqNTGXUQOo2SfLovTFpASby3FBHWm5HzwBa0odO9oU_nZBAYxHz5SjB308f_fnht0ZdNifrX_Lo44bQ8958PjuyqtpDXWDgqtxFUKUKOkdUjs3MQ2hQhsj8KiQF4kKA4JQzyZgtvVoAMnXd.KctdulDWA5.aGd53jK8.9Z; report-to cf-csp-endpoint 1
font-src *.fontawesome.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com fonts.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com static.klaviyo.com https://cdnjs.cloudflare.com/ https://d362h7pxdteoyk.cloudfront.net/ https://cdn.popt.in/ https://s3.us-west-2.amazonaws.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com *.sendcloud.sc *.jsdelivr.net https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.ad-srv.net https://r.adserver01.de https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com *.amazonaws.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://www.geschenkefuerfreunde.de *.usercentrics.eu https://www.google.com https://www.google.com.ua https://integrations.etrusted.com https://app.popt.in/ https://d3lopmpcew67el.cloudfront.net/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net *.googletagmanager.com tagmanager.google.com *.adcell.com *.usercentrics.eu *.ad-srv.net *.online-metrix.net https://cdn.popt.in/pixel.js https://cdnjs.cloudflare.com/ https://cdn.brevo.com/ https://sibautomation.com/sa.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com https://fonts.googleapis.com https://integrations.etrusted.com https://fonts.popt.in https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/ https://cdn.popt.in/ https://cdnjs.cloudflare.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usercentrics.eu *.adcell.com https://stats.g.doubleclick.net *.googlesyndication.com wss://127.0.0.1 https://display.popt.in/ https://d3lopmpcew67el.cloudfront.net/ https://in-automate.brevo.com https://www.google.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.bootstrapcdn.com *.closet22.com closet22.com 'self' data: *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.qcb.gov.qa *.snapchat.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.modirum.com *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.infobip.com *.snapchat.com *.hotjar.com *.skroutz.gr *.twitter.com *.consensu.org *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.net *.facebook.com *.twitter.com t.co *.skroutz.gr *.bestprice.gr *.google.gr *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.facebook.net *.facebook.com *.infobip.com *.cloudflareinsights.com *.google.gr *.twitter.com *.ads-twitter.com sc-static.net *.doubleclick.net *.iconify.design *.hotjar.com *.skroutz.gr *.bestprice.gr *.smartlook.com *.chimpstatic.com chimpstatic.com *.linkwi.se *.heatmap.it *.adman.gr *.cloudflare.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.sharethis.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com *.infobip.com *.facebook.com *.facebook.net *.snapchat.com *.doubleclick.net *.hotjar.com *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
worker-src 'none'; font-src 'self' data: https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com 'self' https://js.stripe.com *.google.com *.weltpixel.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://images.unsplash.com *.adobedtm.com *.cloudflare.com *.googleadservices.com *.google-analytics.com maps.googleapis.com *.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.ratepay.com https://maps.googleapis.com https://player.vimeo.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com *.avada.io amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.commerce-payment-services.com *.cloudflare.com *.cloudflareinsights.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleapis.com *.googleadservices.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha https://www.google.com/recaptcha google.com *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com jscloud.net klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.magento-ds.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.typekit.net use.typekit.net *.smarketer.de https://connect.facebook.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com https://maps.googleapis.com https://player.vimeo.com 'self' *.cloudflare.com 'self' https://maps.googleapis.com *.facebook.com jscloud.net *.smarketer.de https://stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
base-uri 'self' ;connect-src https: * ;default-src 'self' ;font-src 'self' https: data: ;form-action 'self' https://*.mett.nl ;frame-ancestors 'self' ;frame-src https: * ;img-src https: data: blob: * ;object-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.mett.nl *.rijksoverheid.nl *.hcaptcha.com hcaptcha.com ;script-src-attr 'self' 'unsafe-inline' ;script-src-elem 'self' 'unsafe-inline' https: * ;style-src 'self' https: 'unsafe-inline' ;worker-src 'self' https: blob: ;report-uri https://www.vrijwilligerswerk.nl/api/csp/RecordReport; 1
font-src *.fontawesome.com static.guirca.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.guirca.com cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.guirca.com cdn.cookielaw.org https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com static.guirca.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com static.guirca.com cdn.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://extend.vimeocdn.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://snap.licdn.com https://player.vimeo.com https://*.pardot.com blob:; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://*.pardot.com; img-src 'self' https://www.googletagmanager.com https://i.vimeocdn.com https://*.google.com https://*.gstatic.com https://cdn.cookielaw.org https://*.ads.linkedin.com https://www.linkedin.com https://*.pardot.com data:; font-src 'self' https://cdn.cookielaw.org https://*.pardot.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://stats.g.doubleclick.net https://extend.vimeocdn.com https://cdn.cookielaw.org https://cdn.dreamdata.cloud https://*.ads.linkedin.com https://www.linkedin.com https://*.pardot.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://player.vimeo.com https://cdn.cookielaw.org https://go.genedata.com https://*.pardot.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://go.genedata.com https://*.pardot.com; upgrade-insecure-requests 1
font-src *.taggbox.com *.tagbox.com *.gstatic.com *.klarnacdn.net static.lipscore.com *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action *.facebook.com *.facebook.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.twitter.com *.taggbox.com *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net *.klarna.com *.paypalobjects.com *.feefo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.matterport.com *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.taggbox.com *.google.com *.google.com.ua *.google.co.uk *.timeandtidestores.co.uk *.omappapi.com *.klarnacdn.net *.tagbox.com craftyclicks.co.uk www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.twitter.com *.taggbox.com *.tagbox.com *.omappapi.com *.doubleclick.net *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.cloudflare.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cc-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klarnauserservices.com *.zdassets.com timeandtidestores.zendesk.com widget-mediator.zopim.com *.feefo.com *.matterport.com *.newrelic.com *.nr-data.net static.lipscore.com *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.taggbox.com *.tagbox.com *.omappapi.com *.googleapis.com downloads.mailchimp.com cc-cdn.com *.klarnacdn.net static.lipscore.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tagbox.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.taggbox.com *.omappapi.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.klarnaevt.com *.google.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klarnauserservices.com *.zdassets.com timeandtidestores.zendesk.com widget-mediator.zopim.com *.feefo.com wapi.lipscore.com users.lipscore.com *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-2yR19yXDrhzVbp8C_ik8vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi-me.com/api/csp-report; report-to csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com fonts.googleapis.com 'self' data: *.alkar.es *.alkar-autospiegel.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudfront.net www.google.es www.google-analytics.com stats.g.doubleclick.net *.onetrust.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.alkar.es *.alkar-autospiegel.de alkar.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.gstatic.com sl.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.alkar.es *.alkar-autospiegel.de https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com fonts.gstatic.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.alkar.es *.alkar-autospiegel.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net *.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.alkar.es *.alkar-autospiegel.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.alkar.es *.alkar-autospiegel.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://6caa61e4788c4099a36ed2f1ff44942f.js.ubembed.com https://assets.ubembed.com https://www.gstatic.com https://cdn-cookieyes.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://js.hsforms.net https://play.vidyard.com https://script.crazyegg.com https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://builder-assets.unbounce.com https://js.hubspot.com https://js-na1.hs-scripts.com https://connect.facebook.net https://fonts.ub-assets.com https://ajax.googleapis.com https://apis.google.com https://shieldshealthsolutions.com https://cdn-cookieyes.com/*; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://6caa61e4788c4099a36ed2f1ff44942f.js.ubembed.com https://assets.ubembed.com https://www.gstatic.com https://cdn-cookieyes.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://js.hsforms.net https://play.vidyard.com https://script.crazyegg.com https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://builder-assets.unbounce.com https://connect.facebook.net; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://builder-assets.unbounce.com https://fonts.ub-assets.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api.hubapi.com https://cdn-cookieyes.com https://forms.hubspot.com https://log.cookieyes.com https://px.ads.linkedin.com https://*.hsforms.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://adservice.google.com/pagead https://play.vidyard.com https://directory.cookieyes.com https://overbridgenet.com https://static.hsappstatic.net https://cdnjs.cloudflare.com https://bat.bing.com https://yoast.com https://www.googletagmanager.com/* https://www.google.com/* https://www.google.com/ccm/collect; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.ub-assets.com https://use.typekit.net https://www.globalization-partners.com; frame-src 'self' https://www.google.com https://app.hubspot.com https://play.vidyard.com https://www.googletagmanager.com https://td.doubleclick.net https://safe.menlosecurity.com https://go.shieldshealthsolutions.com https://cn186503-7rx10900.ibosscloud.com https://gateway.zscloud.net https://feedback-pa.clients6.google.com; img-src 'self' https://shieldshealthsolutions.com https://*.vidyard.com https://cdn-cookieyes.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://www.googletagmanager.com/* https://www.googletagmanager.com/td https://d9hhrg4mnvzow.cloudfront.net https://stats.g.doubleclick.net https://secure.gravatar.com https://cdn.honey.io https://s.w.org https://translate.google.com https://fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'self' https://shieldshealthsolutions.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-NpK0rv_xCTAt54XJma-CcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com https://plumrocket.com www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.google.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.avada.io searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com *.fontawesome.com https://fonts.googleapis.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com api.addressy.com https://get.geojs.io *.avada.io api.amplitude.com stats.g.doubleclick.net *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mackshop.com/pr-csp/report/add/; report-to report-endpoint; 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com *.tolkie.nl;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com matomoembraceklantportaal.azurewebsites.net  matomoembracewin.azurewebsites.net *.matomo.cloud *.cookiebot.com *.tolkie.nl cdnjs.cloudflare.com embed.email-provider cdn.cookie-script; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://lefier.nl matomoembraceklantportaal.azurewebsites.net  matomoembracewin.azurewebsites.net *.matomo.cloud consent.cookiebot.com *.tolkie.nl cdnjs.cloudflare.com embed.email-provider analytics.google.com; img-src 'self' data: *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com  umbracowebportalsprod.azureedge.net umbracowebportalsprod.blob.core.windows.net *.cookiebot.com *.tolkie.nl tileserver.embracecloud.nl; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com  *.tolkie.nl cdnjs.cloudflare.com cdn.faceworks.nl ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com *.readspeaker.com *.cloudflare.com *.tolkie.nl; frame-ancestors 'self' ; 1
default-src 'self' data: *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.digitales-deutsches-frauenarchiv.de *.meta-katalog.eu meta-katalog.eu 'nonce-pARKHWIXecQnisS5VXFx7/G67T7yOTeDFO8SJE0o7XU='; connect-src 'unsafe-inline' 'self' *.meta-katalog.eu meta-katalog.eu *.digitales-deutsches-frauenarchiv.de; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.meta-katalog.eu meta-katalog.eu *.digitales-deutsches-frauenarchiv.de; font-src 'self' data: *.gstatic.com *.googleapis.com; base-uri 'self'; media-src *.meta-katalog.eu meta-katalog.eu *.digitales-deutsches-frauenarchiv.de; report-uri https://csp.meta-katalog.eu; report-to https://csp.meta-katalog.eu; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com https://js.stripe.com https://cdn.segment.com https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' https://js.stripe.com; media-src 'self' https://static.zdassets.com; connect-src 'self' https://maps.googleapis.com https://api.segment.io https://z3nm41nt3nanc3m0d3.s3.us-east-2.amazonaws.com https://browser-intake-datadoghq.com https://ekr.zdassets.com https://zensurance.zendesk.com https://cdn.segment.com https://duckduckgo.com wss://widget-mediator.zopim.com https://analytics.tiktok.com https://zenstage.wpengine.com; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.tabooheat.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.tabooheat.com join.gammasecure.com; script-src 'self' *.tabooheat.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.tabooheat.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://*.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.doubleclick.net *.adobedtm.com *.adobe.com *.tawk.to *.sooqr.com *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cookiebot.com *.weltpixel.com js.mollie.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.google.com *.google.nl *.cookiebot.com *.spotlersearch.com https://www.mollie.com *.googleapis.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.sooqr.com www.magmodules.eu *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.doubleclick.net *.adobedtm.com *.tawk.to *.luckyorange.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.jsdelivr.net *.googletagmanager.com *.googleapis.com *.cookiebot.com *.addthis.com *.hotjar.com *.hotjar.io js.mollie.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tawk.to *.sooqr.com *.fontawesome.com *.tagmanager.google.com *.googleapis.com *.spotlersearch.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.doubleclick.net *.adobedtm.com *.adobe.com *.googleapis.com *.tawk.to *.luckyorange.com *.sooqr.com *.google-analytics.com wss://* *.cookiebot.com *.hotjar.com *.hotjar.io *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.spotlersearch.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-aqV3GFZK0BnjTpOYr6SMoQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample' https://bat.bing.com https://*.usercentrics.eu https://*.newsletter2go.com www.googletagmanager.com api.gutscheinconnection.de api.sovendus.com *.trustdetshops.com *.etrusted.com https://c.paypal.com 'unsafe-eval'; script-src-elem 'nonce-aqV3GFZK0BnjTpOYr6SMoQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample' https://bat.bing.com https://*.usercentrics.eu https://*.newsletter2go.com www.googletagmanager.com api.gutscheinconnection.de api.sovendus.com *.trustdetshops.com *.etrusted.com https://c.paypal.com 'unsafe-eval'; script-src-attr 'unsafe-hashes' 'sha256-qOBd84dGYZ1TXAj+NIqiwfe6+6cjjOJx8QNDBdoNQyM=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'report-sample'; img-src 'self' data: blob: https: https://c.paypal.com https://b.stats.paypal.com 'report-sample'; object-src 'none'; base-uri 'none'; report-uri /error.php; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.fontawesome.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.s3.magento.com s3.magento.com *.cloudfront.net cloudfront.net *.doubleclick.net doubleclick.net *.s3.amazonaws.com s3.amazonaws.com checkout.sandbox.dev.clover.com checkout.clover.com *.pixriot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com googletagmanager.com gstatic.com *.cloudfront.net cloudfront.net *.mailchimp.com mailchimp.com cdn-images.mailchimp.com *.list-manage.com list-manage.com checkout.sandbox.dev.clover.com checkout.clover.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com *.s3.magento.com s3.magento.com *.cloudfront.net cloudfront.net downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.s3.magento.com s3.magento.com *.cloudfront.net cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.luckyorange.net luckyorange.net *.visitors.live visitors.live auth.axiomaudio.com *.pixriot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'strict-dynamic' 'nonce-gWEywndBgKYqkEKhSQMgl5PlikgvsXVcZNqkE+SB+0I=' 'unsafe-inline' http: https:;object-src 'none';base-uri 'none';frame-ancestors 'self'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.webwinkelkeur.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.google.nl *.webwinkelkeur.nl *.usercentrics.eu img.sct.eu1.usercentrics.eu bat.bing.net bat.bing.com *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.demdex.net id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.1rx.io sync.targeting.unrulymedia.com https://www.mollie.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://maps.googleapis.com https://player.vimeo.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.calendly.com *.beslist.nl *.pinimg.com *.criteo.com *.criteo.net *.cloudflareinsights.com *.pinterest.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com widget.tagembed.com api.taggbox.com cdn.tagbox.com static.dhlecommerce.nl *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.pinterest.com *.criteo.com *.beslist.nl widget.tagembed.com api.taggbox.com cdn.tagbox.com *.multisafepay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://accounts.google.com/ *.googletagmanager.com *.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.mercadopago.com.br/ *.clarity.ms https://analytics.google.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ecommerce.live.gobots.com.br qa-plugin-stg.gobots.com.br qa.gobots.com.br https://analytics.tiktok.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.youtube.com/iframe_api https://accounts.google.com/ https://www.google.com/ https://www.google.com.br/ https://www.mercadopago.com.br/ https://mcprod.bfcasa.com.br/ https://*.newrelic.com/ https://stape.bfcasa.com.br/ *.clarity.ms *.google-analytics.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com qa.gobots.com.br https://viacep.com.br https://www.viacep.com.br https://analytics.tiktok.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://stape.bfcasa.com.br/ *.clarity.ms https://bam.nr-data.net *.googletagmanager.com *.google-analytics.com https://analytics.google.com *.analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com assets.braintreegateway.com *.googleapis.com *.gstatic.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src static.zdassets.com *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src https://ad.doubleclick.net/ https://www.google.bg/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://firebasestorage.googleapis.com t.themarketer.com cdn1.themarketer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; connect-src https://ekr.zdassets.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://brannik.zendesk.com/ wss://widget-mediator.zopim.com/ https://q.clarity.ms/ measurement-api.criteo.com google.bg vc.hotjar.io dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com c1api.themarketer.com c2api.themarketer.com c3api.themarketer.com c4api.themarketer.com c5api.themarketer.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; script-src https://v2.zopim.com/ https://static.hotjar.com/ https://www.clarity.ms/ https://static.zdassets.com/ https://script.hotjar.com/ dynamic.criteo.com sslwidget.criteo.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io t.themarketer.com cdn1.themarketer.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.cookiefirst.com d5yoctgpv4cpx.cloudfront.net *.deleukstetaartenshop.be *.deleukstetaartenshop.com *.deleukstetaartenshop.nl *.doubleclick.net *.facebook.com *.facebook.net *.feedbackcompany.com *.fontawesome.com *.freshchat.com *.fundelices.be *.fundelices.fr *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.at www.google.be www.google.ch www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.uk www.google.cz www.google.de www.google.dk www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.google.ru *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.klarnacdn.net *.klarna.com *.klarnaevt.com *.marker.io *.media-amazon.com *.multisafepay.com *.newrelic.com noembed.com *.nr-data.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.pinimg.com *.pinterest.com s3.amazonaws.com s3.eu-west-1.amazonaws.com squeezely.tech *.squeezely.tech vercel.live *.youtube.com *.ytimg.com api.marker.io ssr.marker.io s3.eu-west-1.amazonaws.com/marker.sessions.prod; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.bing.net *.clarity.ms *.cookiefirst.com d5yoctgpv4cpx.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googleapis.com www.google.be www.google.com.au www.google.com.tr www.google.cz www.google.de www.google.dk www.google.fr www.google.it www.google.nl google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.klarnacdn.net *.klarna.com *.klarnaevt.com noembed.com p2iqhncxyh.execute-api.eu-central-1.amazonaws.com *.pinimg.com *.pinterest.com squeezely.tech *.squeezely.tech *.youtube.com *.ytimg.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.doubleclick.net *.facebook.com *.freshchat.com *.google.com *.googletagmanager.com *.klarna.com *.klarnaservices.com *.pinterest.com vercel.live *.youtube.com app.marker.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.bing.net *.clarity.ms *.cookiefirst.com *.deleukstetaartenshop.be *.deleukstetaartenshop.com *.deleukstetaartenshop.nl *.doubleclick.net *.facebook.com *.facebook.net *.fundelices.be *.fundelices.fr *.googleadservices.com www.google.at www.google.be www.google.ch www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.uk www.google.cz www.google.de www.google.dk www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.google.ru google.com *.google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.klarnacdn.net *.klarna.com *.media-amazon.com *.pinterest.com s3.amazonaws.com *.squeezely.tech *.youtube.com *.ytimg.com blob: data: media.marker.io app.marker.io edge.marker.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.cookiefirst.com d5yoctgpv4cpx.cloudfront.net *.doubleclick.net *.facebook.net *.feedbackcompany.com *.freshchat.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarnacdn.net *.marker.io *.multisafepay.com *.newrelic.com *.pinimg.com *.pinterest.com squeezely.tech vercel.live *.youtube.com edge.marker.io app.marker.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiefirst.com *.deleukstetaartenshop.be *.deleukstetaartenshop.com *.fontawesome.com *.freshchat.com *.fundelices.be *.googleapis.com *.googletagmanager.com *.gstatic.com *.multisafepay.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.deleukstetaartenshop.be *.deleukstetaartenshop.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.preply.com s3.amazonaws.com *.typekit.net app.marker.io edge.marker.io; form-action 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com app.marker.io api.marker.io; child-src 'self' 'unsafe-inline' 'unsafe-eval'  app.marker.io; media-src 'self' 'unsafe-inline' 'unsafe-eval' media.marker.io app.marker.io edge.marker.io; report-uri https://fdaba162-4422-4f3a-a4f4-c7768ec87549.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.iubenda.com https://player.flipsnack.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.iubenda.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://scontent.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.iubenda.com *.avada.io *.shopify.com *.fontawesome.com https://kite.wildix.com https://siliconsrl.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://kite.wildix.com https://cdn.iubenda.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.iubenda.com https://get.geojs.io *.avada.io https://siliconsrl.matomo.cloud 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://12992298.fls.doubleclick.net https://t.sharethis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://acsbapp.com https://app-ab30.marketo.com https://app-sjqe.marketo.com https://assets.adobedtm.com https://assets.map.brightcove.com https://bat.bing.com https://cdn.cookielaw.org https://*.mouseflow.com https://cloud-dev.zimmerbiomet.com https://connect.facebook.net https://js.adsrvr.org https://js.driftt.com https://munchkin.marketo.net https://pagead2.googlesyndication.com https://personalizedknee.zimmerbiomet.com https://players.brightcove.net https://snap.licdn.com https://tags.srv.stackadapt.com https://vjs.zencdn.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.clarity.ms https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.sharethis.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://app-ab30.marketo.com https://tags.srv.stackadapt.com https://fonts.googleapis.com https://cdn.cookielaw.org; img-src 'self' data: https://*.scene7.com https://www.google.com.mx https://alb.reddit.com https://assets.adobedtm.com https://assets.map.brightcove.com https://cdn.cookielaw.org https://cf-images.us-east-1.prod.boltdns.net https://cm.everesttech.net https://connect.facebook.net https://dev.day.com https://dpm.demdex.net https://hostedseal.trustarc.com https://l.sharethis.com https://metrics.brightcove.com https://pagead2.googlesyndication.com https://personalizedknee.zimmerbiomet.com https://privacy-policy.truste.com https://snap.licdn.com https://sync.sharethis.com https://tags.srv.stackadapt.com https://www.facebook.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.zimmerbiomet.com https://zimzbdotcomprod.112.2o7.net https://googleads.g.doubleclick.net https://*.bing.com https://*.googleapis.com https://*.gstatic.com https://*.google.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' data: https://237-zhg-588.mktoresp.com https://api.ipdata.co https://assets.adobedtm.com https://assets.map.brightcove.com https://bcp.crwdcntrl.net https://cdn.acsbapp.com https://cdn.cookielaw.org https://dpm.demdex.net https://edge.api.brightcove.com https://geolocation.onetrust.com https://insight.adsrvr.org https://js.driftt.com https://l.sharethis.com https://manifest.prod.boltdns.net https://metrics.brightcove.com https://n2.mouseflow.com https://pagead2.googlesyndication.com https://personalizedknee.zimmerbiomet.com https://pixel-config.reddit.com https://snap.licdn.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://zimmerbiomet.tt.omtrdc.net https://zimmerbiometglobal.my.salesforce.com https://zimzbdotcomprod.112.2o7.net https://*.clarity.ms https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google.com; frame-src 'self' https://zimmer.demdex.net https://app-ab30.marketo.com https://12992298.fls.doubleclick.net https://t.sharethis.com https://www.googletagmanager.com https://connect.facebook.net https://js.driftt.com https://assets.map.brightcove.com https://*.google.com; media-src 'self' blob: https://*.scene7.com https://cloud-dev.zimmerbiomet.com https://assets.map.brightcove.com https://personalizedknee.zimmerbiomet.com data:; form-action 'self' 1
default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://translate-pa.googleapis.com https://translate.google.com https://*.googletagmanager.com *.diffuse.tools 'nonce-Gv7m0I108mp2/ZCXR6FXig=='; script-src-elem: 'self' 'unsafe-inline' https://translate.google.com https://*.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com *.diffuse.tools 'nonce-Gv7m0I108mp2/ZCXR6FXig=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.leergeld.nl https://plate.libpx.com https://prod1-plate-attachments.s3.amazonaws.com https://translate.googleapis.com https://www.gstatic.com https://www.google.com https://translate.google.com https://fonts.gstatic.com https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://translate.googleapis.com https://www.youtube.com https://*.google-analytics.com *.diffuse.tools https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xmGeEwvrrEUO-jbr0xszUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.elementor.com https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://*.learnn.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.elementor.com; img-src 'self' data: https:; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.learnn.com https://*.googleapis.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self' https://*.learnn.com 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-bd39a44b8d51406f29bb4220d5bc1188fc14fa6cd57583b5d839bfb5b556f93c' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://www.googletagmanager.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com flagpedia.net static.secure-afterpay.com.au www.facebook.com stats.g.doubleclick.net www.google.com.au a.klaviyo.com *.google.com *.google.com.vn *.googleusercontent.com *.clarity.ms https://c.bing.com images.sleepsolutions.com.au www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com api.addressfinder.io *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app tagmanager.google.com https://www.googletagmanager.com https://maps.googleapis.com www.google.com www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com maps.googleapis.com connect.facebook.net www.facebook.com api.instagram.com www.gstatic.com bam.nr-data.net static.klaviyo.com fast.a.klaviyo.com *.sentry-cdn.com cdnjs.cloudflare.com uwnrkcru.sleepsolutions.com.au *.clarity.ms https://c.bing.com static.client.cardinaltrusted.com cdn.instant.one www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com api.addressfinder.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com maxcdn.bootstrapcdn.com *.gstatic.com static.klaviyo.com use.typekit.net p.typekit.net cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.addressfinder.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://player.vimeo.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.gstatic.com maps.googleapis.com payments.braintree-api.com/graphql fast.a.klaviyo.com stats.g.doubleclick.net www.facebook.com *.clarity.ms *.cardinaltrusted.com api.instant.one *.api.instant.one 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.clarity.ms https://c.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https://www.googletagmanager.com/gtm.js 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://autodiag.anap.fr/ https://anap--c.vf.force.com/resource/1673539645000/Favicon https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://youtu.be https://kit.fontawesome.com/e4122e457f.js https://anap.matomo.cloud/ https://anap.fr https://app.fabric.microsoft.com https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://static.axept.io/sdk.js https://api.qrserver.com https://cdn.matomo.cloud/anap.matomo.cloud/container_idJebPZk.js https://pay.google.com https://api.ipify.org https://tagmanager.google.com https://it4v7.interactiv-doc.fr https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://teams.microsoft.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.matomo.cloud/anap.matomo.cloud/matomo.js blob: https://anap.fr/cms/delivery/media/MCZCCUKGVGPZEENGKT5DNFH3Y5TA https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://www.anap.fr/ https://airtable.com/embed/appfTkAvAEjoh https://js.stripe.com/ https://www.anap.fr/s/ https://client.axept.io https://youtube.com https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://anap.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D7Q000006HfIy&networkId=0DM7Q000000tJ68&type=communities 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'nonce-n9h2u4EoVLUelKDjiVWlhg' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval'; style-src 'self' 'nonce-n9h2u4EoVLUelKDjiVWlhg'; style-src-elem 'unsafe-inline' 'self' https: data:; style-src-attr 'unsafe-inline'; img-src 'self' data: https: cid:; font-src 'self' data: https:; connect-src 'self' https: wss: https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com; frame-src 'self' about: https://sst.heyrecruit.de https://www.google.com https://www.googletagmanager.com https://recaptcha.google.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://www.chatbase.co https://www.youtube.com https://meetings.hubspot.com https://app.hubspot.com https://*.hubspot.com https://js.stripe.com https://checkout.stripe.com https://hooks.stripe.com https://files.stripe.com https://*.stripe.com; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-OYD3GoQjE97YTLOkgjOdCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-V72TxegefIXm7ouWtcWQaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net www.google.com *.google.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com www.gstatic.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.klarna.com *.klarnacdn.net widget.freshworks.com m2epro.freshdesk.com *.klarnaservices.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io pay.google.com google.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.googleapis.com *.klarnaevt.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com google.com pay.google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https: wss://nexus-europe-websocket.intercom.io; frame-src 'self' https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-hGXSkQF8xgbFrkUxdXfsIw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com hdbrows.nbg.test data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com widget.trustpilot.com td.doubleclick.net https://plumrocket.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com hdbrows.nbg.test hdbrows.com hdbrows.ng.stg.nexusbrands.eu www.google.co.uk js.klevu.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.googleapis.com *.avada.io hdbrows.nbg.test www.google.com www.gstatic.com widget.trustpilot.com invitejs.trustpilot.com tag.rmp.rakuten.com https://crm.nouveaubeauty.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.google.com hdbrows.nbg.test js.klevu.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io hdbrows.nbg.test widget.trustpilot.com https://crm.nouveaubeauty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src hdbrows.nbg.test 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://nouveaulashes.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-oL-ZzUgKY8JADARjxz7Alw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com  *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com https://*.dpdconnect.nl *.demdex.net *.googletagmanager.com *.doubleclick.net/ *.weltpixel.com *.multisafepay.com https://pay.google.com *.pinterest.com *.cookiebot.com *.google.com *.adobe.com  *.paypal.com *.dpdconnect.nl *.cardinalcommerce.com  *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trustedshops.com *.clarity.ms *.roeye.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com *.bing.com www.google.be *.pinterest.com *.google-analytics.com *.googleadservices.com *.paypal.com *.google.com *.google.be *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://*.dpdconnect.nl *.cloudflare.com *.twitter.com *.fontawesome.com *.trustedshops.com chimpstatic.com *.google.com *.gstatic.com *.clarity.ms *.hotjar.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com tagmanager.google.com *.cookiebot.com www.dwin1.com *.pinimg.com *.facebook.net *.bing.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.paypal.com *.googleapis.com *.dpdconnect.nl  *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net 'unsafe-inline' data: *.googletagmanager.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.cloudflare.com *.demdex.net *.clarity.ms *.multisafepay.com *.trustedshops.com *.etrusted.com https://www.google-analytics.com www.google.com *.doubleclick.net *.pinterest.com *.bing.com *.tiktok.com *.cookiebot.com *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com fonts.gstatic.com *.fontawesome.com https://*.gstatic.com https://*.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com 'self' 'unsafe-inline'; frame-ancestors *.superpayments.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com *.zenaps.com *.trackedlink.net *.dycdn.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com cdn.ampproject.org raw.githubusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com segment.com *.segment.com *.segmentapis.com statsig.com *.statsig.com statsigapi.net *.statsigapi.net featuregates.org *.featuregates.org statsigcdn.com *.statsigcdn.com featureassets.org *.featureassets.org assetsconfigcdn.org *.assetsconfigcdn.org prodregistryv2.org *.prodregistryv2.org cdn.seondf.com *.trustpilot.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com fonts.googleapis.com *.fontawesome.com https://*.googleapis.com https://*.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com tagmanager.google.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dycdn.net am.freshrelevance.com wss://am.freshrelevance.com wss://am.dycdn.net dn1i8v75r669j.cloudfront.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.superpayments.com *.stripe.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com statsig.com *.statsig.com statsigapi.net *.statsigapi.net featuregates.org *.featuregates.org statsigcdn.com *.statsigcdn.com featureassets.org *.featureassets.org assetsconfigcdn.org *.assetsconfigcdn.org prodregistryv2.org *.prodregistryv2.org cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vsPvGps37o8gBq_g4quj1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors *.storyblok.com 'self'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com www.googletagmanager.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; object-src www.google.com www.gstatic.com 'self' 'unsafe-inline'; connect-src quirumed.azure-api.net https://public.quirumed.com https://public.quirumed.click www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com www.googletagmanager.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; form-action https://sis.redsys.es/ https://www.facebook.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; media-src widget-v2.smartsuppcdn.com c.clarity.ms *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; frame-src www.google.com vars.hotjar.com www.googletagmanager.com https://chatbot.catalogflow.ai https://www.facebook.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; script-src www.googletagmanager.com www.google.com www.gstatic.com www.smartsuppchat.com static.hotjar.com https://public.quirumed.com https://public.quirumed.click www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com cdn.datatables.net use.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io *.google-analytics.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hotjar.com/ *.region1.google-analytics.com/ *.cloudflare.com/ *.datatables.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com cdn.datatables.net use.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.hotjar.com/ *.region1.google-analytics.com/ *.google-analytics.com/ *.datatables.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com *.cloudflare.com *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.doubleclick.net *.doubleclick.com *.gstatic.com *.akamaihd.net *.ebayimg.com *.ebay.com.au *.ebay.de *.google.com *.facebook.com *.googleapis.com *.gstatic-cache.com *.fbanalytics.org *.pinterest.com *.amplitude.com *.criteo.com *.googlesyndication.com *.ucweb.com www.googletagmanager.com www.googleadservices.com wss://127.0.0.1:* *.google-analytics.com *.graphitevault.com *.bing.com www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data: *.alexa.com; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' 'unsafe-inline' https://* data: blob:; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/brwweb/brwweb_default?id=5376931874526678043&rid=t6awqpfgehmq%3C%3Dawqpfgehmq%2B05c%3E0a30%3F%60(rbpv707(epy1q-19cf9b3be4d-0x706#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-LtF1tsvVzrv236qcIetSmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.getbutton.io *.baidu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com *.paypal.com fonts.googleapis.com fonts.gstatic.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.getbutton.io *.baidu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.getbutton.io *.baidu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com *.twitter.com *.google.com maps.googleapis.com lightwidget.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.getbutton.io *.google.com *.baidu.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com maps.googleapis.com maps.gstatic.com https://maps.gstatic.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com maps.gstatic.com fonts.googleapis.com *.avada.io https://maps.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.facebook.net cdn.lightwidget.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com *.paypal.com fonts.googleapis.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net ipinfo.io *.islash.io *.facebook.com *.google.com.hk *.googletagmanager.com *.paypalobjects.com https://get.geojs.io *.avada.io https://maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com maps.googleapis.com facebook.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' hippieartesanatos.com *.hippieartesanatos.com wake-components.fbitsstatic.net hippieartesanatos.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.g.doubleclick.net *.hippieartesanatos.com.br *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.sizebay.technology *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com mailbiz.one *.mailbiz.one *.jsdelivr.net cdn.jsdelivr.net *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.clarity.ms *.visa.com *.smarthint.co *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br *.zoppy.com.br ct.pinterest.com *.pinterest.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.hippieartesanatos.com hippieartesanatos.com; report-uri https://pub-csp.fbits.net/6fcc6bba-90c9-48ec-bdcc-1500ec2e87f5; report-to https://pub-csp.fbits.net/6fcc6bba-90c9-48ec-bdcc-1500ec2e87f5; worker-src 'self' blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://chatecbstgstrgoutside.blob.core.windows.net http://ajax.googleapis.com fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.youtube.com https://www.facebook.com/ https://platform.twitter.com/ https://syndication.twitter.com https://www.google.com https://www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://stg.lightning-recommend.io https://ajax.googleapis.com https://connect.facebook.net https://platform.twitter.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com d.rcmd.jp https://www.google.com/recaptcha/ https://www.googletagmanager.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ajax.googleapis.com/ https://syndication.twitter.com http://gigaplus.makeshop.jp http://www.brain-music.com http://www.brain-shop.net https://www.brain-shop.net d.rcmd.jp http://ajax.googleapis.com www.googletagmanager.com https://d2jg6xka73f2z9.cloudfront.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stg.lightning-recommend.io https://www.google.com; frame-ancestors 'none'; media-src http://www.brain-music.com; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com  https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.xtento.com  https://plumrocket.com https://*.sameday.ro *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com https://redchamps.com *.hsforms.net *.hsforms.com maps.gstatic.com https://cdn.tbibank.support data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io www.xtento.com cdn.xtento.com https://*.sameday.ro *.hsforms.net *.hsforms.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net https://*.sameday.ro 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io  t.elasticsuite.io *.hsforms.net *.hsforms.com https://ro.tbibank.support 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com account.fetchify.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://s3bucketagri.s3.eu-west-2.amazonaws.com https://www.facebook.com https://hn.inspectlet.com https://www.google.co.uk magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io https://www.gstatic.com https://static.hotjar.com https://cdn.inspectlet.com https://wisepops.net https://script.hotjar.com https://js-agent.newrelic.com *.disqus.com *.avada.io *.shopify.com *.google.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.what3words.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk unpkg.com *.unpkg.com imagekit.io *.imagekit.io https://hn.inspectlet.com wss://ws.inspectlet.com https://wisepops.net https://activity.wisepops.com https://bam.nr-data.net https://www.google.co.uk https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.what3words.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://widget.trustpilot.com https://cdn.cookielaw.org https://ct.pinterest.com https://s.pinimg.com https://apps.mypurecloud.de https://resources.digital-cloud.medallia.eu https://www.youtube.com https://c.amazon-adsystem.com https://connect.facebook.net https://*.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.doubleclick.net https://*.google.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com; img-src 'self' data: * https://bnpppfalphacredit.sc.omtrdc.net https://www.facebook.com; media-src 'self' https://ssl.gstatic.com; frame-src 'self' https://*.doubleclick.net https://www.youtube.com https://widget.trustpilot.com https://ct.pinterest.com https://apps.mypurecloud.de https://resources.digital-cloud.medallia.eu https://www.googletagmanager.com https://*.amazon-adsystem.com https://bnpppfalphacredit.demdex.net https://www.facebook.com; font-src 'self' data: * fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://analytics-fe.digital-cloud.medallia.eu https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://ct.pinterest.com wss://ws.hotjar.com https://*.hotjar.io https://*.paa-reporting-advertising.amazon https://*.paa-reporting-advertising.amazon.com https://*.amazon-adsystem.com https://pagead2.googlesyndication.com https://*.mypurecloud.de wss://webmessaging.mypurecloud.de https://www.google.com https://www.google.com/ccm/collect https://*.google.com https://*.onetrust.com https://dpm.demdex.net ws://localhost:12387 https://bat.bing.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://cdn.userway.org https://cdnjs.cloudflare.com https://code.jquery.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://js.usemessages.com https://*.fontawesome.com https://www.googletagmanager.com https://www.solidcomponents.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.userway.org https://fonts.googleapis.com https://use.fontawesome.com https://www.solidcomponents.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com https://use.fontawesome.com; connect-src 'self' https://api.hubspot.com https://api.userway.org https://api.weglot.com https://cdn.userway.org https://cta-service-cms2.hubspot.com https://*.fontawesome.com https://*.google-analytics.com https://www.solidcomponents.com; frame-src 'self' https://www.solidcomponents.com https://www.youtube.com https://open.spotify.com; img-src 'self' data: https://kitocrosbyprd.wpenginepowered.com https://cdn.userway.org https://perf-na1.hsforms.com https://track.hubspot.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://69160880d5a1b641687cf3e5.endpoint.csper.io?v=2; 1
script-src https://www.iveycases.com/Images/UniversityofCalgary_WebLogo.png https://www.googletagmanager.com/gtm.js 'self' https://stats.g.doubleclick.net https://script.hotjar.com https://*.doubleclick.net https://checkoutshopper-test.adyen.com/ https://sjs.bizographics.com https://pal-test.adyen.com https://analytics.twitter.com/ https://analytics.twitter.com https://iveypubs--c.na160.visual.force.com https://dc.ads.linkedin.com https://www.gstatic.com https://cdn.linkedin.oribi.io https://d.la4-c1-ia4.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://d.la3-c1cs-ph2.salesforceliveagent.com https://static.ads-twitter.com https://www.youtube.com/iframe_api https://t.co https://pay.google.com https://analytics.google.com https://vc.hotjar.io https://www.iveycases.com https://iveypubs.my.site.com/helpcentre blob: https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com https://px4.ads.linkedin.com https://px.ads.linkedin.com/wa https://gw.linkedin.oribi.io https://www.linkedin.com/px https://d.la3-c1cs-ph2.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://static.doubleclick.net 'report-sample' https://p.adsymptotic.com https://service.force.com/embeddedservice/ 'unsafe-eval' 'unsafe-inline' https://payments.salesforce.com/ https://www.googleadservices.com https://instant.page/5.2.0 https://static.hotjar.com https://connect.iveypublishing.ca https://app.formassembly.com https://*.google.com https://checkoutshopper-live.adyen.com/ https://d.la1-core1.sfdc-58ktaz.salesforceliveagent.com https://www.gstatic.com/recaptcha/releases/mq0-U1BHZ5YTcoDC-CvsLPNc/recaptcha__en.js https://www.hotjar.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://*.cybersource.com https://connect.facebook.net https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://d.la3-c1cs-ph2.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://iep.ie.edu/ivey/ http://go.pardot.com https://td.doubleclick.net https://www.googletagmanager.com/gtag/js https://www.google.com.co https://www.facebook.com/tr/ https://www.google.com/recaptcha/ https://js.stripe.com/ https://d.la4-c1-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://*.google.ca https://px.ads.linkedin.com https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js https://d.la4-c1-ia5.salesforceliveagent.com https://d.la4-c1-ia4.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://iveypubs--c.vf.force.com; report-to sfdc-csp-ep; report-uri https://iveypubs.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DA0000000gEPQ&networkId=0DM5c000000sXtS&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-AzFBxOM935kzLJtF595IDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src 'self' *.b2clogin.com https://www.youtube.com https://www.google.com https://services.gastronovi.com www.recaptcha.net *.loadbee.com *.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com www.gastronavi.de www.googleadservices.com googleads.g.doubleclick.net blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.gastronavi.de www.googleadservices.com googleads.g.doubleclick.net www.google.com www.recaptcha.net content.syndigo.com js.monitor.azure.com *.dvinci-easy.com www.clarity.ms *.clarity.ms *.loadbee.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' ;  base-uri 'self' ;  style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com ;  font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com  ;  img-src 'self' data: https://www.imvrs.com https://data.pendo.io https://fonts.gstatic.com https://translate.google.com https://verify.authorize.net ;  frame-ancestors 'self' ;  frame-src 'self' https://www.googletagmanager.com https://static.novacredit.com https://app.verifast.com https://sandbox.verifast.com https://www.youtube.com https://data.pendo.cio https://*.storage.googleapis.com  ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rhris.com https://www.rhrtest.com https://www.googletagmanager.com https://seal.godaddy.com https://ajax.googleapis.com https://cdn.pendo.io https://static.novacredit.com https://verify.authorize.net https://*.storage.googleapis.com  ;  connect-src 'self' https://data.pendo.io https://*.storage.googleapis.com https://*.googleapis.com https://www.google-analytics.com ; report-uri https://www.rhrtest.com/test/csp-violation-report-endpoint.cfm ; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv5%3F.m%3Evo0-19cf968e212-0x603#pd 1
default-src 'self' media1.jpc.de lesen.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de lesen.de 'nonce-F3YZNREXYxTNrahTzJ/vP9OZ9M8MojZpjHgxq+vvRYEcOct78VKptieRR+CKf7xbvtuVmAI+42T6q3+qX8PMfQ==' 'report-sample'; style-src 'self' media1.jpc.de lesen.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de lesen.de; img-src 'self' media1.jpc.de lesen.de data:; connect-src 'self' media1.jpc.de lesen.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' *.handels.se *.ace.teliacompany.net handels.humany.net *.google-analytics.com *.cookiebot.com dc.services.visualstudio.com *.clarity.ms *.bing.com *.google.com *.rekai.se *.azure.com;default-src 'self';font-src 'self' www.handels.se handels.humany.net;form-action 'self' *.veranet.se *.grandid.com;frame-src 'self' app.kollektivavtalskollen.se player.vimeo.com wds.ace.teliacompany.com *.cookiebot.com *.doubleclick.net *.handels.se;img-src 'self' data: *.handels.se handels.humany.net humany.blob.core.windows.net *.cookiebot.com www.googletagmanager.com *.bing.com *.clarity.ms *.google.se *.google.com *.doubleclick.net;media-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' app.kollektivavtalskollen.se wds.ace.teliacompany.com handels.humany.net www.googletagmanager.com js.monitor.azure.com *.cookiebot.com dc.services.visualstudio.com www.google-analytics.com *.bing.com *.clarity.ms code.jquery.com *.rekai.se *.doubleclick.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' handels.humany.net wds.ace.teliacompany.com;upgrade-insecure-requests; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com * *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.zoho.com * *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com *.doubleclick.net * *.certcapture.com landofcoder.com *.facebook.com *.facebook.net accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.googleadservices.com *.google-analytics.com *.sitejabber.com *.resellerratings.com *.bbb.org * *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com *.disqus.com *.facebook.com *.facebook.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https:// *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.resellerratings.com *.googleadservices.com *.google-analytics.com *.google.com *.sitejabber.com *.bbb.org cdnjs.cloudflare.com *.avalara.com *.shipstation.com *.shipperhq.com *.zohopublic.com *.hotjar.com *.hotjar.io * *.aquascience.net *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com *.disqus.com *.facebook.net accounts.google.com *.fontawesome.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https:// https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.resellerratings.com *.sitejabber.com cdnjs.cloudflare.com * unsafe-inline *.certcapture.com downloads.mailchimp.com *.fontawesome.com accounts.google.com assets.braintreegateway.com https:// tagmanager.google.com secure.nmi.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.google.com *.doubleclick.net *.avalara.com *.shipstation.com *.shipperhq.com *.googlesyndication.com *.hotjar.io *.hotjar.com * *.certcapture.com landofcoder.com *.facebook.com *.facebook.net accounts.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com *.redditstatic.com *.reddit.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; img-src 'self' https: data:; worker-src 'self' https: blob:; report-uri https://charactercounts.org/report.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.addthis.com www.googletagmanager.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://static.buckaroo.nl https://meetanshi.com/media/logo.png https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com downloads.mailchimp.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.addthis.com *.alothemes.com *.magepow.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' https://js.stripe.com/v3 https://www.googletagmanager.com/ https://www.googleadservices.com https://apis.google.com https://googleads.g.doubleclick.net/ https://js.stripe.com/v3 https://static.cloudflareinsights.com https://connect.facebook.net https://www.youtube.com/iframe_api https://www.youtube.com/s/ https://www.google.com/pagead https://www.gstatic.com/_/mss/boq-identity/ blob:;  worker-src 'self' blob:;  object-src 'none';  report-uri /api/csp-report?source=kamimain&version=11; 1
object-src 'none';base-uri 'self';script-src 'nonce-AT8j4IdJnE6gSUJ8mCgsHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self' https://stats.arztkonsultation.de; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; child-src 'self'; connect-src 'self' https://stats.arztkonsultation.de https://*.consentmanager.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.io https://api.pirsch.io https://plausible.io https://api.videoask.com https://tagmanager.google.com; default-src 'none'; font-src 'self' https://stats.arztkonsultation.de https://*.consentmanager.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.io https://api.pirsch.io https://plausible.io https://api.videoask.com; frame-src 'self' https://*.arztkonsultation.de https://*.consentmanager.net https://*.youtube.com https://*.hotjar.com https://www.google.com/ https://www.videoask.com https://app.arzt-direkt.de/ https://www.googletagmanager.com/ https://www.etermin.net/; img-src 'self' data: https://stats.arztkonsultation.de https://*.consentmanager.net https://secure.gravatar.com https://ct.capterra.com/capterra_tracker.gif https://www.videoask.com https://tagmanager.google.com; media-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.arztkonsultation.de https://*.consentmanager.net https://*.mailjet.com https://*.hotjar.com https://*.hotjar.io https://www.google.com/recaptcha/api.js https://www.videoask.com https://tagmanager.google.com; script-src-elem 'unsafe-inline' https://arztkonsultation.de https://stats.arztkonsultation.de https://*.consentmanager.net https://*.hotjar.com https://*.hotjar.io https://api.pirsch.io https://plausible.io https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__de.js https://www.videoask.com https://static.videoask.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://*.arztkonsultation.de; worker-src 'self'; report-uri https://logs.arztkonsultation.de/csp-reports; report-to csp-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com *.alothemes.com *.magepow.com eu.mindtheg.com us.mindtheg.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.addtoany.com www.googletagmanager.com consentcdn.cookiebot.com app-eu1.hubspot.com ct.pinterest.com https://js.stripe.com https://pay.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to *.trustpilot.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com eu.mindtheg.com us.mindtheg.com mindtheg.com forms-eu1.hsforms.com www.google.ro bat.bing.com px.ads.linkedin.com imgsct.cookiebot.com track-eu1.hubspot.com 143839764.fs1.hubspotusercontent-eu1.net https://pay.google.com https://*.googleusercontent.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.tawk.to cdn.jsdelivr.net *.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com static.addtoany.com eu.mindtheg.com us.mindtheg.com cdn.jsdelivr.net mindtheg.com js-eu1.hs-scripts.com widget.trustpilot.com invitejs.trustpilot.com js-eu1.hsadspixel.net js-eu1.hs-banner.com js-eu1.hs-analytics.net js-eu1.usemessages.com consent.cookiebot.com bat.bing.com s.pinimg.com js-eu1.hscollectedforms.net snap.licdn.com consentcdn.cookiebot.com www.clarity.ms static.hsappstatic.net scripts.clarity.ms www.gstatic.com ct.pinterest.com https://js.stripe.com *.stripecdn.com *.cloudflare.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.stripe.com *.stripe.network klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.tawk.to *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com *.alothemes.com *.magepow.com eu.mindtheg.com us.mindtheg.com cdn.jsdelivr.net static.hsappstatic.net https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com *.tawk.to *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.hsappstatic.net eu.mindtheg.com us.mindtheg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com eu.mindtheg.com us.mindtheg.com api-eu1.hubspot.com api-eu1.hubapi.com consentcdn.cookiebot.com forms-eu1.hscollectedforms.net mindtheg.com ct.pinterest.com region1.analytics.google.com px.ads.linkedin.com exceptions-eu1.hubspot.com z.clarity.ms app-eu1.hubspot.com region1.google-analytics.com https://api.stripe.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com places.googleapis.com *.tawk.to wss://*.tawk.to *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src mindtheg.com eu.mindtheg.com us.mindtheg.com bat.bing.com metrics-fe-eu1.hubspot.com app-eu1.hubspot.com z.clarity.ms *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.twitter.com *.consensu.org *.sharethis.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.google.com *.sharethis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval'; script-src 'unsafe-eval' 'nonce-usnypMlnA7sSJRy-hTm4c0K1uXCc6DKS5BsyS8UnYp3uchLW4E17sg' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org; base-uri 'self'; frame-src https://display.contentfry.com; style-src-elem 'self' 'unsafe-inline' cdn.ckeditor.com 'report-sample'; connect-src 'self' data: https://*.openstreetmap.org; script-src-elem 'self' 'unsafe-inline' data: https://platform.contentfry.com https://cdn.ckeditor.com 'report-sample'; frame-ancestors 'self'; script-src-attr 'unsafe-inline' 'report-sample'; report-uri https://www.adlershof.de/@http-reporting?csp=report&requestTime=1773720570661023&requestHash=8e411944e94da2335a917c6a8264b66293ffa781 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.popt.in *.amazonaws.com *.on.aws *.cloudfront.net cdnjs.cloudflare.com cdn.popt.in fonts.salesfire.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com *.addthis.com *.google.com/ *.weltpixel.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://www.magezon.com cdn.doofinder.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.popt.in *.cloudfront.net https://redchamps.com https://maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com api.feefo.com services.postcodeanywhere.co.uk cdn-ukwest.onetrust.com analytics.twitter.com www.google.co.in bat.bing.com c.bing.com c.clarity.ms lantern.roeye.com admin.hedgesdirect.co.uk register.feefo.com www.admin.hedgesdirect.co.uk octave-7902-adswizz.attribution.adswizz.com pixel.tapad.com cdn.salesfire.co.uk dev.visualwebsiteoptimizer.com stats.g.doubleclick.net image.salesfire.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.google.com/ *.disqus.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.popt.in *.cloudflare.com *.jsdelivr.net *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net api.feefo.com ruler.nyltx.com willi11165.pcapredict.com register.feefo.com js-agent.newrelic.com code.jquery.com services.postcodeanywhere.co.uk hedge11123.pcapredict.com cdn-ukwest.onetrust.com cdn.popt.in eu1-config.doofinder.com analytics.nyltx.com cdnjs.cloudflare.com bat.bing.com static.ads-twitter.com www.clarity.ms cdn.requestmetrics.com cdn.mouseflow.com static.cloudflareinsights.com script.crazyegg.com s.pinimg.com cdn.salesfire.co.uk ct.pinterest.com www.best4hedging.co.uk dev.visualwebsiteoptimizer.com cdn.noibu.com app.answerai.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com https://cdn.jsdelivr.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.popt.in *.cloudflare.com *.jsdelivr.net *.on.aws *.amazonaws.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com register.feefo.com services.postcodeanywhere.co.uk fonts.popt.in cdn.popt.in cdnjs.cloudflare.com tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws fonts.salesfire.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.cloudflare.com *.popt.in www.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app bam.nr-data.net api.feefo.com collect.feefo.com services.postcodeanywhere.co.uk px.ads.linkedin.com analytics.nyltx.com cdn-ukwest.onetrust.com display.popt.in geolocation.onetrust.com n.clarity.ms w.clarity.ms in.requestmetrics.com l.clarity.ms ct.pinterest.com live.smartmetrics.co.uk hit.salesfire.co.uk dev.visualwebsiteoptimizer.com ss.hedgesdirect.co.uk input.noibu.com cdn.noibu.com ss.best4hedging.co.uk wss://input.noibu.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-hT3-ZzpVVdnDNYmxrB73_aBCg6D1Ca7dG_8ZJCAzNw2mwGOZWe7tnA' 'unsafe-eval' blob: https://*.youtube.com https://*.youtube-nocookie.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com https://*.spotify.com https://*.soundcloud.com https://fmadore.github.io; connect-src 'self' https://matomo.zmo.de; script-src-elem 'self' 'nonce-hT3-ZzpVVdnDNYmxrB73_aBCg6D1Ca7dG_8ZJCAzNw2mwGOZWe7tnA' https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com https://*.spotify.com https://*.soundcloud.com https://matomo.zmo.de 'report-sample'; style-src 'self' 'nonce-hT3-ZzpVVdnDNYmxrB73_aBCg6D1Ca7dG_8ZJCAzNw2mwGOZWe7tnA' 'report-sample'; report-uri https://www.zmo.de/@http-reporting?csp=report&requestTime=1773710833732809&requestHash=217af3433e068bc23f85ece1fa01cd8d92fad39c 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com https://cdn.jsdelivr.net *.gstatic.com https://static.payzen.eu/static/ *.fontawesome.com https://fonts.bunny.net https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.facebook.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://vars.hotjar.com https://www.facebook.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.google.com https://www.google.fr https://cl.avis-verifies.com https://axeptio.imgix.net https://www.lagrandeboutique.net https://*.lagrandeboutique.net https://lagrandeboutique.net https://www.instagram.com https://in.hotjar.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://adservice.google.com https://api.axeptio.io https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://firebasestorage.googleapis.com *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://unpkg.com https://static.axept.io https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://connect.facebook.net https://bat.bing.com https://adservice.google.com *.axeptio.io *.axept.io *.skeepers.io https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://unpkg.com https://in.hotjar.com https://connect.facebook.net https://bat.bing.com https://adservice.google.com https://api.axeptio.io *.boeki.fr https://static.payzen.eu/static/ *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.lagrandeboutique.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://client.axept.io https://in.hotjar.com https://vc.hotjar.io https://ws15.hotjar.com *.hotjar.com *.hotjar.io *.google-analytics.com wss://ws34.hotjar.com https://connect.facebook.net https://bat.bing.com https://adservice.google.com *.google.com https://api.axept.io https://cl-pbr.cxr.skeepers.io https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self' https://*.infotip-rts.com https://*.infotip-rts-dev.com https://*.infotip-rts-local.com https://*.infotip-rts.de https://infotip-login.auth.eu-central-1.amazoncognito.com/oauth2/authorize https://infotip-dev-login.auth.eu-central-1.amazoncognito.com/oauth2/authorize https://login.microsoftonline.com; frame-ancestors 'self'; frame-src 'self'; img-src 'self' images.philips.com data: blob:; media-src 'self'; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-to csp_endpoint;aux-data 'eyJVcmxQcmciOiJodHRwOlwvXC9pbmZvdGlwLXJ0cy5jb21cLyIsIlVybFBhZ2UiOiJIb21lLnhodG1sIiwiTG9naW5OYW1lIjoiOlJUUy1Qb3J0YWwiLCJVc2VyUm9sZSI6IjkwIiwiaW5BY3Rpb24iOiJIT01FIiwiaW5Qb3J0YWxJZCI6IjpSVFMtUG9ydGFsIiwiaW5PcmRlcklkIjoiIiwiU3lzdGVtIjoiTGl2ZSJ9' 1
script-src 'self' 'unsafe-eval' blob: https://prod-bk-web.pt.rbi.tools/en/static/js/vendor.da3dd18e.js https://prod-bk-web.pt.rbi.tools/en/static/js/main.dcae85df.js https://prod-bk-web.pt.rbi.tools/en/static/js/runtime.6ad5e2f8.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.pt.rbi.tools/en/static/js/vendor.b56e143a.js https://prod-bk-web.pt.rbi.tools/en/static/js/main.7673bca0.js https://prod-bk-web.pt.rbi.tools/en/static/js/runtime.c64782a9.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://cdnjs.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.google.com https://www.youtube.com https://form.typeform.com https://www.googletagmanager.com/ js.mollie.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.bird.eu https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudimg.io *.google.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com *.cloudimg.io *.scaleflex.it *.googletagmanager.com tagmanager.google.com *.smartsuppchat.com *.axept.io widget-v3.smartsuppcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com tagmanager.google.com fonts.google.com widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://accounts.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.smartsuppchat.com *.smartsuppcdn.com *.axept.io wss://websocket-visitors.smartsupp.com ws.colissimo.fr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' eletrorastro.com.br *.eletrorastro.com.br wake-components.fbitsstatic.net eletrorastro.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com criteo.com trustvox.com.br shopback.net shopconvert.com.br cloudflare.com criteo.net linximpulse.net shoptarget.com.br googleadservices.com retargeter.com.br doubleclick.net hertzen.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.googleadservices.com *.criteo.net *.linximpulse.net *.shoptarget.com.br *.retargeter.com.br *.criteo.com *.trustvox.com.br *.shopback.net *.shopconvert.com.br *.cloudflare.com *.hertzen.com *.doubleclick.net wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.chaordicsystems.com *.itau.com *.itau.com.br *.itaushopline.com *.itaushopline.com.br *.hotjar.com *.navdmp.com *.clearsale.com.br *.goadopt.io *.shoppush.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.google.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.rdstation.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.tiktok.com analytics.tiktok.com d335luupugsy2.cloudfront.net *.cloudfront.net *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io wake-commerce-scripts.omni.chat *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.eletrorastro.com.br eletrorastro.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' construmarques.com.br *.construmarques.com.br wake-components.fbitsstatic.net construmarques.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.egoi.site egoi.site *.e-goi.com *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.azurewebsites.net *.blob.core.windows.net *.boletoflex.com samuraiexpertsstorage.blob.core.windows.net boletoflexhom.azurewebsites.net boletoflex.azurewebsites.net *.bflx.com.br *.google.com analytics.google.com *.g.doubleclick.net *.googleadservices.com *.com.au service.smarthint.co *.google.com.br *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.facebook.net *.googleapis.com *.google.de *.googletagmanager.com *.google.pt *.google-analytics.com *.google.fr *.com.py *.co.jp *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br azurewebsites.net static.hotjar.com static.fbits.net koin-custom-conector-gateway.fbits.net payments.koin.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.mailbiz.one *.jsdelivr.net *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.pagseguro.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.construmarques.com.br construmarques.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com fonts.gstatic.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.avada.io *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com *.leadgenerationsoftware.it *.google.com *.googleapis.com *.tawk.to *.google.it www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com *.klaviyo.com *.hotjar.com *.leadgenerationsoftware.it *.googleapis.com *.google-analytics.com *.tawk.to *.iubenda.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://fonts.bunny.net *.gstatic.com *.klaviyo.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.googleapis.com *.klaviyo.com *.hotjar.io *.doubleclick.net *.tawk.to *.iubenda.com *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com https://h.online-metrix.net/ https://static-content.vnforapps.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com https://www.google.com https://maps.googleapis.com https://sibautomation.com/sa.js https://share.hsforms.com/1u5aYKB4eS7in1XkiXplEuAr2a3r https://script.crazyegg.com/pages/scripts/0019/6089.js https://static.hotjar.com/ https://h.online-metrix.net/fp/tags.js https://static-content.vnforapps.com/v2/js/checkout.js https://static-content.vnforapps.com/v2/js/prd_dfp.js https://rum.hlx.page/.rum/@adobe/ https://script.hotjar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.googletagmanager.com *.cookielaw.org *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org https://in-automate.brevo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * data: www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com https://*.gstatic.com *.certcapture.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com https://*.gstatic.com *.certcapture.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.youtube.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.googleapis.com *.google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.certcapture.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://samirandaly2025.e-motionagency.net https://www.googletagmanager.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.google.com https://qnbalahli.test.gateway.mastercard.com https://mtf.gateway.mastercard.com https://upgstaglightbox.egyptianbanks.com https://upgstagpayinterface.egyptianbanks.com https://banquemisr.gateway.mastercard.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.youtube.com/ https://scontent-ams4-1.cdninstagram.com https://www.googletagmanager.com/ https://qnbalahli.test.gateway.mastercard.com https://mtf.gateway.mastercard.com https://upgstaglightbox.egyptianbanks.com https://upgstagpayinterface.egyptianbanks.com https://banquemisr.gateway.mastercard.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://samir-and-aly-stationaries.fra1.cdn.digitaloceanspaces.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com https://platform-api.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://scontent-ams4-1.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.apptrian.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://buttons-config.sharethis.com/ https://connect.facebook.net https://platform-api.sharethis.com https://scontent-ams4-1.cdninstagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com https://qnbalahli.test.gateway.mastercard.com https://mtf.gateway.mastercard.com https://upgstaglightbox.egyptianbanks.com https://upgstagpayinterface.egyptianbanks.com https://banquemisr.gateway.mastercard.com *.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://samir-and-aly-stationaries.fra1.cdn.digitaloceanspaces.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com https://platform-api.sharethis.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com www.apptrian.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com https://scontent-ams4-1.cdninstagram.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.youtube.com 'self' 'unsafe-inline'; child-src *.youtube.com *.youtube-nocookie.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.jsdelivr.net connect.facebook.net graph.facebook.com business.facebook.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com *.analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com connect.facebook.net graph.facebook.com business.facebook.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.facebook.net *.facebook.com *.cloudflare.com *.gstatic.com *.crisp.chat *.tawk.to *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com *.twitter.com https://seo.mageplaza.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.bka.sh *.bkash.com *.facebook.net *.facebook.com *.addtoany.com optimize.google.com *.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bdtronics.com *.facebook.net *.facebook.com *.amazonaws.com *.cloudfront.net *.crisp.chat *.tawk.to tawk.link *.jsdelivr.net *.googletagmanager.com *.google.com.bd *.google.com *.inspectlet.com *.shofity.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bka.sh *.facebook.net *.facebook.com https://cdn.jsdelivr.net *.onebark.org *.addtoany.com *.smartlook.com *.inspectlet.com *.sentry-cdn.com *.googletagmanager.com *.datadome.co *.crisp.chat *.tawk.to *.doubleclick.net *.klaviyo.com *.openreplay.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.clare.ai cdnjs.cloudflare.com https://maps.googleapis.com https://player.vimeo.com unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.facebook.net *.facebook.com *.cloudflare.com *.googleapis.com *.crisp.chat *.tawk.to unpkg.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.facebook.net *.facebook.com *.googleapis.com *.google.com *.smartlook.cloud *.inspectlet.com wss://ws.inspectlet.com *.sentry.io *.datadome.co wss://client.relay.crisp.chat *.crisp.chat *.tawk.to wss://*.tawk.to *.diligent-infotech.com insights.algolia.io *.doubleclick.net https://maps.googleapis.com https://player.vimeo.com *.bdtronics.com:8108 *.bdtronics.com:2053 https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.tagmanager.google.com *.googletagmanager.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com services.postcodeanywhere.co.uk *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.klevu.com *.ksearchnet.com api.addressy.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://use.typekit.net *.bing.com *.bootstrapcdn.com *.bunny.net *.jsdelivr.net *.degrootstoffen.nl https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com www.gstatic.com apis.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net https://dashboard.webwinkelkeur.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com *.hsforms.net *.hsforms.com https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr https://ct.pinterest.com https://api.taggrs.io https://www.google.nl https://mcusercontent.com *.etrusted.com https://imgsct.cookiebot.com *.bing.com *.webshopapp.com https://cdn.webshopapp.com *.degrootstoffen.nl data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com https://player.vimeo.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc https://servicepoints.sendcloud.sc https://embed.sendcloud.sc *.hsforms.net *.hsforms.com https://consentcdn.cookiebot.com https://consent.cookiebot.com *.bing.com *.clickcease.com *.widget.trengo.eu *.trengo.eu https://s3.amazonaws.com https://www.clarity.ms https://scripts.clarity.ms *.degrootstoffen.nl https://dashboard.webwinkelkeur.nl/sidebar.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.doofinder.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.google.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.etrusted.com *.bunny.net *.degrootstoffen.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.doofinder.com wss://*.doofinder.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.hotjar.com *.hotjar.io *.bing.com https://consentcdn.cookiebot.com https://consent.cookiebot.com *.trengo.eu https://s3.amazonaws.com https://n.clarity.ms https://s.clarity.ms *.degrootstoffen.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://media.galponderopa.com https://static.galponderopa.com https://media.galponderopa-prod.menze.la https://static.galponderopa-prod.menze.la 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com https://media.galponderopa.com https://static.galponderopa.com https://media.galponderopa-prod.menze.la https://static.galponderopa-prod.menze.la *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com https://media.galponderopa.com https://static.galponderopa.com https://media.galponderopa-prod.menze.la https://static.galponderopa-prod.menze.la *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://live.decidir.com https://assets-cdn.woowup.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://media.galponderopa.com https://static.galponderopa.com https://media.galponderopa-prod.menze.la https://static.galponderopa-prod.menze.la *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io https://media.galponderopa.com https://static.galponderopa.com https://media.galponderopa-prod.menze.la https://static.galponderopa-prod.menze.la *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://developers.decidir.com https://developers-ventasonline.payway.com.ar https://live.decidir.com https://assets-cdn.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-fcxPqHJwQzKIsj_ioLKKI8dBMx23IusB'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.punchout2go.com https://*.qliro.com https://*.vipps.no https://*.trustly.com https://*.ideal.nl https://*.apple.com https://*.unzer.com https://*.heidelpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.punchout2go.com https://*.qliro.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.punchout2go.com https://*.qliro.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.punchout2go.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.transbank.cl https://webpay3gint.transbank.cl/webpayserver/initTransaction https://webpay3g.transbank.cl/webpayserver/initTransaction 'self' 'unsafe-inline'; frame-ancestors *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.weltpixel.com *.doubleclick.net *.basis.net https://webpay3gint.transbank.cl https://webpay3g.transbank.cl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.google.co.in *.basis.net *.hsforms.net *.hsforms.com 'self' data: *.transbank.cl https://webpay3gint.transbank.cl/webpayserver/initTransaction https://webpay3g.transbank.cl/webpayserver/initTransaction https://www.novasalud.cl/ https://www.facebook.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com ajax.googleapis.com *.googletagmanager.com *.googleapis.com *.bing.com *.facebook.net unsafe-inline *.hsforms.net *.hsforms.com *.gstatic.com *.transbank.cl https://webpay3gint.transbank.cl/webpayserver/initTransaction https://webpay3g.transbank.cl/webpayserver/initTransaction https://www.novasalud.cl/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.transbank.cl https://webpay3gint.transbank.cl/webpayserver/initTransaction https://webpay3g.transbank.cl/webpayserver/initTransaction unsafe-inline https://www.novasalud.cl/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.novasalud.cl/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.transbank.cl https://webpay3gint.transbank.cl/webpayserver/initTransaction https://webpay3g.transbank.cl/webpayserver/initTransaction https://www.novasalud.cl/ https://stats.g.doubleclick.net/ 'self' 'unsafe-inline'; child-src https://www.novasalud.cl/ http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://www.novasalud.cl/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.novasalud.cl/ 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-0QaWgankN_qZHKVAd-zZWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dd-ZJU4OKcfv9xRWzm-aLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src use.typekit.net *.typekit.net *.fontawesome.com fonts.bunny.net static.paradies-pool.de data: 'self' 'unsafe-inline' *.gstatic.com *.trustedshops.com *.googleapis.com; form-action *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de seo.mageplaza.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com *.amazon.com; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube-nocookie.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.jsctool.com *.weltpixel.com d.paradies-pool.de 'self' 'unsafe-inline' *.doubleclick.net *.youtube.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.google.com *.braintreegateway.com *.amazon.com *.payments-amazon.com *.consentmanager.net *.googletagmanager.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net www.paypalobjects.com p.typekit.net *.typekit.net validator.swagger.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de d.ratepay.com www.trustedshops.de www.google.com.ua www.magezon.com static.paradies-pool.de media.paradies-pool.de c.bing.com app.usercentrics.eu d.paradies-pool.de www.facebook.com bat.bing.com 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.googletagmanager.com *.paypal.com *.vimeocdn.com *.ytimg.com *.youtube.com *.gstatic.com *.cloudfront.net *.payments-amazon.com *.consentmanager.net *.google.de *.googleapis.com *.trustedshops.com *.etrusted.com *.clarity.ms; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net includestest.ccdc02.com *.commerce-payment-services.com www.paypalobjects.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net *.cdn-apple.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com d.ratepay.com www.jsctool.com *.avada.io *.shopify.com integrations.etrusted.site js-agent.newrelic.com bam.eu01.nr-data.net static.paradies-pool.de app.usercentrics.eu d.paradies-pool.de connect.facebook.net bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.google.com *.googletagmanager.com *.cardinalcommerce.com *.paypal.com *.ytimg.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.braintreegateway.com *.payments-amazon.com *.consentmanager.net *.trustedshops.com *.etrusted.com *.clarity.ms *.etracker.com; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com fonts.bunny.net static.paradies-pool.de 'self' 'unsafe-inline' *.googleapis.com *.trustedshops.com *.etrusted.com *.google.com; object-src 'self' 'unsafe-inline' *.consentmanager.net; media-src *.adobe.com 'self' 'unsafe-inline' *.consentmanager.net; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com *.newrelic.com *.nr-data.net www.paypalobjects.com *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com d.ratepay.com www.jsctool.com payments.amazon.de get.geojs.io *.avada.io integrations.etrusted.site bam.eu01.nr-data.net static.paradies-pool.de app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu bat.bing.com d.paradies-pool.de www.facebook.com graphql.usercentrics.eu 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.vimeo.com *.cardinalcommerce.com *.paypal.com *.braintreegateway.com *.amazon.com *.consentmanager.net *.trustedshops.com *.doubleclick.net *.etrusted.com *.clarity.ms; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.consentmanager.net; base-uri 'self' 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-sev5n-MfCHUlyZc0Ru0syw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com magefan.com cm.magefan.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.chimpstatic.com landofcoder.com maps.googleapis.com chart.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.ipinfo.io landofcoder.com maps.googleapis.com chart.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.gloryholesecrets.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.gloryholesecrets.com join.gammasecure.com; script-src 'self' *.gloryholesecrets.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.gloryholesecrets.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com www.moshtix.com.au; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.fontawesome.com *.googleapis.com *.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.fontawesome.com data: *.zip.co *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ blob: *.fmicassets.com *.facebook.com *.google.co.in *.zip.co zip.co *.bing.com *.google.com.pk moogento.com *.moogento.com *.zipmoney.com.au *.kxcdn.com *.prf.hn *.aaronknightdev.com https://redchamps.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://api.addressfinder.io *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.net *.hotjar.com *.jsdelivr.net *.clarity.ms *.bing.com *.cloudflareinsights.com l2.moogento.com *.zipmoney.com.au *.zip.co *.addthis.com *.studio19.com.au *.zdassets.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com *.typekit.net *.zip.co https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://api.addressfinder.io *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hotjar.io *.hotjar.com *.facebook.com *.doubleclick.net *.clarity.ms wss://ws.hotjar.com *.zipmoney.com.au *.zip.co *.zendesk.com *.zdassets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' wss://ws.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.googlesyndication.com *.basker.nl *.baskerinternational.nl *.bijdehandjes.info https://*.pinterest.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.facebook.net https://*.tiktok.com https://*.googleadservices.com https://*.doubleclick.net https://static.cloudflareinsights.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' *.nemborn.com nemborn.com https://*.googletagmanager.com *.basker.nl *.baskerinternational.nl *.bijdehandjes.info https://*.pinterest.com; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com *.tile.openstreetmap.org https://i.ytimg.com *.basker.nl *.baskerinternational.nl *.bijdehandjes.info https://*.pinterest.com https://*.pinimg.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://sdk.privacy-center.org *.basker.nl *.baskerinternational.nl *.bijdehandjes.info https://*.pinterest.com https://*.visualwebsiteoptimizer.com https://*.facebook.net https://*.pinimg.com https://*.tiktok.com https://*.doubleclick.net https://*.googleadservices.com https://static.cloudflareinsights.com *.hotjar.com https://calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-YzFhMjE2MzUtY2ZjMS00MDk0LWE4OWUtNDk1NTQxMjk3MTky' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
object-src  'none'; connect-src 'self' *.genderxfilms.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.genderxfilms.com join.gammasecure.com; script-src 'self' *.genderxfilms.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.genderxfilms.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-JikHL_ObpJ5hiPkczhSNOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.facebook.net js.mollie.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.doofinder.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com *.facebook.net https://firebasestorage.googleapis.com https://www.mollie.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.doofinder.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.avada.io *.shopify.com js.mollie.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-x1aTdOVlvT9n9gBQo4Pwfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.hsforms.com *.hotjar.com *.google-analytics.com *.google.com *.bing.com * *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.punchout2go.com *.tradecentric.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; frame-ancestors *.hsforms.com *.hotjar.com *.google-analytics.com *.google.com *.bing.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hsforms.com *.hotjar.com *.google-analytics.com *.bing.com * *.punchout2go.com *.tradecentric.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com maps.gstatic.com *.hsforms.com forms-na1.hsforms.com track.hubspot.com mcstaging.ebhorsman.com icon-phone.png spin.adhq.com *.hubspotusercontent-na1.net *.hotjar.com *.google.com *.bing.com * *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com maps.googleapis.com *.hsforms.com js.hsforms.net js-eu1.hsforms.net js-agent.newrelic.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net scripts.sirv.com script.hotjar.com static.hotjar.com *.google-analytics.com *.bing.com * *.punchout2go.com *.tradecentric.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.hsforms.com *.hotjar.com cdn.styles.com scripts.sirv.com *.google-analytics.com *.google.com *.bing.com js.usemessages.com * *.fontawesome.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.hsforms.com *.hotjar.com media.example.com *.google-analytics.com *.google.com *.bing.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com *.hsforms.com forms.hsforms.com bam.nr-data.net forms.hscollectedforms.net spin.adhq.com stats.sirv.com content.hotjar.io ws.hotjar.com *.hotjar.com *.bing.com api.hubspot.com forms-na1.hubspot.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com www.google.com www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.com.ar https://cdn.impel.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com maps.googleapis.com *.amazonaws.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://api.stage.bamboopayment.com https://testapi.siemprepago.com api.bamboopayment.com api.siemprepago.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com guarantee-cdn.com ajax.googleapis.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdnjs.cloudflare.com *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://cdnjs.cloudflare.com https://analytics-ipv6.tiktokw.us https://apiautodata.com.uy maps.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.force.com https://player.vimeo.com 'self' *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es *.adis.ws https://www.gstatic.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://www.google.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video *.youtube.fr https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com https://mdccs.file.force.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://*.c.forceusercontent.com/lightningmaps/ *.youtube.com.br *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net *.youtube.ca https://location.force.com *.vidyard.com https://usa9014.sfdc-pu91w7.salesforce.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://*.c.forceusercontent.com https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com *.wistia.net *.salesforce.com *.youtube.pl; report-to sfdc-csp-ep; report-uri https://mdccs.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D8z0000008aLS&networkId=0DM8z00000000TE&type=communities 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com *.mercadolibre.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.vnforapps.com *.online-metrix.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net *.vnforapps.com *.online-metrix.net *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com api.comapi.com bam.nr-data.net *.vnforapps.com *.online-metrix.net *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.holest.com d3hqo5epsodxzz.cloudfront.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.holest.com d3hqo5epsodxzz.cloudfront.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.cdninstagram.com *.fbcdn.net *.holest.com d3hqo5epsodxzz.cloudfront.net magefan.com cm.magefan.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com *.holest.com d3hqo5epsodxzz.cloudfront.net s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.googletagmanager.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.holest.com d3hqo5epsodxzz.cloudfront.net ekr.zdassets.com/ *.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' karcher-center-altex.com.br *.karcher-center-altex.com.br wake-components.fbitsstatic.net karchercenteraltex.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com doubleclick.net addthis.com hertzen.com cartstack.com moatads.com alphassl.com googleadservices.com online-metrix.net cloudflare.com cartstack.com.br ebit.com.br traycheckout.com.br *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.alphassl.com *.googleadservices.com *.online-metrix.net *.cloudflare.com *.addthis.com *.hertzen.com *.doubleclick.net *.cartstack.com *.moatads.com *.cartstack.com.br *.ebit.com.br *.traycheckout.com.br wss://signalr.fbits.net *.yapay.com.br *.clearsale.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.conectiva.io *.sunset.systems app.cartstack.com.br *.performa.ai *.cupom.social *.conectiva.app conectiva.io *.hotjar.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com samuraiexpertsstorage.blob.core.windows.net boletoflex.azurewebsites.net boletoflex.com *.boletoflex.com *.azurewebsites.net *.blob.core.windows.net signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store google.com.br *.google.com.br translate.googleapis.com *.googleapis.com *.google.com google.com *.adyen.com google.com.co *.com.co google.es *.google.es *.googletagmanager.com googletagmanager.com google.fr *.google.fr *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com plugins.crmback.io sdk.crmback.io crmback.io crmback.com cbstatus.net *.wake.tech *.appmax.com.br *.tunagateway.com webapp-middleware-wake-hero-seguros.azurewebsites.net static.cloudflareinsights.com *.cloudflareinsights.com clarity.ms *.clarity.ms youtube.com *.youtube.com onsite.crmback.io *.crmback.io x.cbstatus.net *.cbstatus.net *.pagoexpress.com.br wake-hero-api.heroseguros.com.br *.heroseguros.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.karcher-center-altex.com.br karcher-center-altex.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' livo.com.br *.livo.com.br wake-components.fbitsstatic.net livo.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.execute-api.us-east-2.amazonaws.com device.clearsale.com.br vto.partners.api.ditto.com bsdk.api.ditto.com *.ditto.com *.bsdk.api.ditto.com *.adyen.com apimocha.com *.fidelizarmais.com *.fidelizarmais.com.br cdn.fidelizarmais.com widget.fidelizarmais.com cdns.fidelizarmais.com *.clarity.ms *.pinimg.com *.pinterest.com *.googleadservices.com *.googlesyndication.com googleadservices.com googlesyndication.com *.auglio.com *.googleapis.com *.avis-verifies.com *.cloudflare.com *.virtooal.com *.g.doubleclick.net *.jsdelivr.net virtooal.com *.tiktok.com *.openstreetmap.org sdk.amazonaws.com unpkg.com *.youtube.com *.doubleclick.net *.hubspot.com *.fbits.store *.adyen.com google.com.co *.google.com.co *.pagar.me *.mundipagg.com payments.koin.com.br static.fbits.net koin-custom-conector-gateway.fbits.net koinprod.azurewebsites.net google.com.br *.google.com.br samuraiexpertsstorage.blob.core.windows.net static.hotjar.com *.azurewebsites.net signalr.fbits.net *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.hsforms.net *.hsforms.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net *.nager.at date.nager.at bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.ads.linkedin.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.crmbonus.com analytics.tiktok.com *.secureacs.com *.goldfoodservice.com.br checkout.goldfoodservice.com.br api.globalgetnet.com *.globalgetnet.com wake.crmbonus.com *.sandbox.3dsecure.io *.blip.ai *.3dsecure.io *.crmback.io *.crmback.dev *.crmback.com *.cbstatus.net api.fbits.net *.youtube-nocookie.com *.ttwstatic.com *.hsleadflows.net js.hsleadflows.net *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.msging.net *.0mn.io *.vo.msecnd.net dc.services.visualstudio.com *.dynatrace.com *.newlentes.com.br *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.livo.com.br livo.com.br; report-uri https://pub-csp.fbits.net/b3cc6c7e-4487-4b35-8127-e1021a191bca; report-to https://pub-csp.fbits.net/b3cc6c7e-4487-4b35-8127-e1021a191bca; worker-src 'self' blob:; 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net *.smartsuppcdn.com maxcdn.bootstrapcdn.com static.payu.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * apm.przelewy24.pl secure.payu.com merch-prod.snd.payu.com static.payu.com credit-widget-config.payu.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.smartsuppcdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com credit-widget-config.payu.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.smartsuppchat.com *.smartsuppcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl secure.payu.com secure.snd.payu.com static.payu.com credit-widget-config.payu.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net smartsuppcdn.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io wss://*.smartsupp.com *.smartsupp.com  *.smartsuppchat.com *.smartsuppcdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com secure.payu.com merch-prod.snd.payu.com static.payu.com credit-widget-config.payu.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.pantit.se https://pantit.se;script-src 'self' https://www.pantit.se https://pantit.se 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com kit.fontawesome.com ajax.googleapis.com www.googletagmanager.com https://*.googletagmanager.com widget.trustpilot.com consent.cookiebot.com connect.facebook.net client.crisp.chat googleads.g.doubleclick.net www.googleadservices.com consentcdn.cookiebot.com https://*.fullstory.com client.britepaymentgroup.com https://client.britepaymentgroup.com;script-src-elem 'self' https://www.pantit.se https://pantit.se 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com kit.fontawesome.com ajax.googleapis.com www.googletagmanager.com https://*.googletagmanager.com widget.trustpilot.com consent.cookiebot.com connect.facebook.net client.crisp.chat googleads.g.doubleclick.net www.googleadservices.com consentcdn.cookiebot.com https://*.fullstory.com client.britepaymentgroup.com https://client.britepaymentgroup.com;script-src-attr 'self' https://www.pantit.se https://pantit.se 'unsafe-inline';style-src 'self' https://www.pantit.se https://pantit.se 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ka-f.fontawesome.com client.crisp.chat *.gstatic.com;frame-src 'self' https://www.pantit.se https://pantit.se wss://client.relay.crisp.chat https://*.crisp.chat https://client.crisp.chat https://*.client.crisp.chat *.crisp.chat widget.trustpilot.com consentcdn.cookiebot.com www.googletagmanager.com v1.checkout.bambora.com checkout.test.trustly.com checkout.trustly.com http://localhost:4200 td.doubleclick.net www.facebook.com production.britepaymentgroup.com https://production.britepaymentgroup.com;media-src wss://client.relay.crisp.chat https://*.crisp.chat https://client.crisp.chat https://*.client.crisp.chat *.crisp.chat;font-src 'self' https://www.pantit.se https://pantit.se data: fonts.gstatic.com http://fonts.gstatic.com maxcdn.bootstrapcdn.com ka-f.fontawesome.com client.crisp.chat;img-src 'self' https://www.pantit.se https://pantit.se https://*.google.se https://google.se https://www.google.se *.google.se https://*.google.de https://google.de https://www.google.de *.google.de https://*.google.com https://google.com https://www.google.com *.google.com https://*.google.co.uk https://google.co.uk https://www.google.co.uk *.google.co.uk https://*.google.com.tr https://google.com.tr https://www.google.com.tr *.google.com.tr https://*.google.com.pk https://google.com.pk https://www.google.com.pk *.google.com.pk https://*.google.com.ua https://google.com.ua https://www.google.com.ua *.google.com.ua https://*.google.com.cy https://google.com.cy https://www.google.com.cy *.google.com.cy https://*.google.ch https://google.ch https://www.google.ch *.google.ch https://*.google.dk https://google.dk https://www.google.dk *.google.dk https://*.google.nl https://google.nl https://www.google.nl *.google.nl https://*.google.fr https://google.fr https://www.google.fr *.google.fr https://*.google.ie https://google.ie https://www.google.ie *.google.ie https://*.google.no https://google.no https://www.google.no *.google.no https://*.google.es https://google.es https://www.google.es *.google.es https://*.google.fi https://google.fi https://www.google.fi *.google.fi https://*.google.ge https://google.ge https://www.google.ge *.google.ge https://*.google.rs https://google.rs https://www.google.rs *.google.rs https://*.google.pt https://google.pt https://www.google.pt *.google.pt https://*.google.at https://google.at https://www.google.at *.google.at https://*.google.be https://google.be https://www.google.be *.google.be https://*.google.it https://google.it https://www.google.it *.google.it https://*.google.pl https://google.pl https://www.google.pl *.google.pl https://*.google.ru https://google.ru https://www.google.ru *.google.ru https://*.google.co.jp https://google.co.jp https://www.google.co.jp *.google.co.jp https://*.google.gr https://google.gr https://www.google.gr *.google.gr https://*.google.com.br https://google.com.br https://www.google.com.br *.google.com.br https://*.google.ca https://google.ca https://www.google.ca *.google.ca https://*.google.si https://google.si https://www.google.si *.google.si https://*.google.sk https://google.sk https://www.google.sk *.google.sk https://*.google.ro https://google.ro https://www.google.ro *.google.ro https://*.google.mt https://google.mt https://www.google.mt *.google.mt https://*.google.lu https://google.lu https://www.google.lu *.google.lu https://*.google.lt https://google.lt https://www.google.lt *.google.lt https://*.google.lv https://google.lv https://www.google.lv *.google.lv https://*.google.hu https://google.hu https://www.google.hu *.google.hu https://*.google.hr https://google.hr https://www.google.hr *.google.hr https://*.google.ee https://google.ee https://www.google.ee *.google.ee https://*.google.cz https://google.cz https://www.google.cz *.google.cz https://*.google.bg https://google.bg https://www.google.bg *.google.bg https: data: blob: pantit-images.s3.amazonaws.com pantit-images.s3.eu-west-1.amazonaws.com pantit-receipt.s3.amazonaws.com imgsct.cookiebot.com *.facebook.com *.facebook.net *.googletagmanager.com test-gateway.zignsec.com gateway.zignsec.com *.googleadservices.com consentcdn.cookiebot.com marknad.pantit.se *.crisp.chat *.gstatic.com *.doubleclick.net https://*.doubleclick.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.googlesyndication.com https://pagead2.googlesyndication.com;connect-src 'self' https://www.pantit.se https://pantit.se https: http: ws: wss: properties: data: https://*.google.se https://google.se https://www.google.se *.google.se https://*.google.de https://google.de https://www.google.de *.google.de https://*.google.com https://google.com https://www.google.com *.google.com https://*.google.co.uk https://google.co.uk https://www.google.co.uk *.google.co.uk https://*.google.com.tr https://google.com.tr https://www.google.com.tr *.google.com.tr https://*.google.com.pk https://google.com.pk https://www.google.com.pk *.google.com.pk https://*.google.com.ua https://google.com.ua https://www.google.com.ua *.google.com.ua https://*.google.com.cy https://google.com.cy https://www.google.com.cy *.google.com.cy https://*.google.ch https://google.ch https://www.google.ch *.google.ch https://*.google.dk https://google.dk https://www.google.dk *.google.dk https://*.google.nl https://google.nl https://www.google.nl *.google.nl https://*.google.fr https://google.fr https://www.google.fr *.google.fr https://*.google.ie https://google.ie https://www.google.ie *.google.ie https://*.google.no https://google.no https://www.google.no *.google.no https://*.google.es https://google.es https://www.google.es *.google.es https://*.google.fi https://google.fi https://www.google.fi *.google.fi https://*.google.ge https://google.ge https://www.google.ge *.google.ge https://*.google.rs https://google.rs https://www.google.rs *.google.rs https://*.google.pt https://google.pt https://www.google.pt *.google.pt https://*.google.at https://google.at https://www.google.at *.google.at https://*.google.be https://google.be https://www.google.be *.google.be https://*.google.it https://google.it https://www.google.it *.google.it https://*.google.pl https://google.pl https://www.google.pl *.google.pl https://*.google.ru https://google.ru https://www.google.ru *.google.ru https://*.google.co.jp https://google.co.jp https://www.google.co.jp *.google.co.jp https://*.google.gr https://google.gr https://www.google.gr *.google.gr https://*.google.com.br https://google.com.br https://www.google.com.br *.google.com.br https://*.google.ca https://google.ca https://www.google.ca *.google.ca https://*.google.si https://google.si https://www.google.si *.google.si https://*.google.sk https://google.sk https://www.google.sk *.google.sk https://*.google.ro https://google.ro https://www.google.ro *.google.ro https://*.google.mt https://google.mt https://www.google.mt *.google.mt https://*.google.lu https://google.lu https://www.google.lu *.google.lu https://*.google.lt https://google.lt https://www.google.lt *.google.lt https://*.google.lv https://google.lv https://www.google.lv *.google.lv https://*.google.hu https://google.hu https://www.google.hu *.google.hu https://*.google.hr https://google.hr https://www.google.hr *.google.hr https://*.google.ee https://google.ee https://www.google.ee *.google.ee https://*.google.cz https://google.cz https://www.google.cz *.google.cz https://*.google.bg https://google.bg https://www.google.bg *.google.bg wss://client.relay.crisp.chat https://*.crisp.chat https://client.crisp.chat https://*.client.crisp.chat *.crisp.chat https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.googlesyndication.com https://*.googlesyndication.com pagead2.googlesyndication.com https://*.googleadservices.com https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://*.facebook.com https://connect.facebook.net https://www.facebook.com client.britepaymentgroup.com https://client.britepaymentgroup.com;form-action 'self' https://www.pantit.se https://pantit.se www.facebook.com;worker-src 'self' https://www.pantit.se https://pantit.se blob:;base-uri 'self' https://www.pantit.se https://pantit.se;frame-ancestors 'self' https://www.pantit.se https://pantit.se;object-src 'none';upgrade-insecure-requests;report-uri /callbacks/csp-violation-report-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maps.googleapis.com https://fonts.googleapis.com https://www.posta.hu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://maps.googleapis.com https://www.posta.hu www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.openstreetmap.org blob: https://maps.googleapis.com https://maps.gstatic.com https://www.posta.hu www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.googletagmanager.com https://maps.googleapis.com https://www.posta.hu https://posta.hu www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://maps.googleapis.com https://fonts.googleapis.com https://maps.gstatic.com https://www.posta.hu assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.doubleclick.net *.google-analytics.com https://maps.googleapis.com https://www.posta.hu https://posta.hu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.poptin.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * *.sharethis.com *.addthis.com *.vidmizer.com script.tolk.ai cdn.lightwidget.com vars.hotjars.com *.kameleoon.eu *.kameleoon.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.sharethis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.gerlinea.fr *.gerlinea.be *.isostar.fr *.isostar.es *.isostar.nl *.isostar.be *.modifast.be *.modifast.nl *.wecare.eu *.bimanan.com *.nutritionetsante.com *.adoric-om.com *.adoric.com *.amazon-adsystem.com rum-metrics.quanta.io *.giphy.com *.googleapis.com *.google.fr *.google.com *.gstatic.com *.facebook.com *.kameleoon.eu *.kameleoon.com scatec.io *.imgix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://maps.googleapis.com/maps/api/mapsjs *.googletagmanager.com tagmanager.google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.gerlinea.fr *.gerlinea.be *.isostar.fr *.isostar.es *.isostar.nl *.isostar.be *.modifast.be *.modifast.nl *.wecare.eu *.bimanan.com *.nutritionetsante.com *.adoric-om.com *.adoric.com *.amazon-adsystem.com *.cloudfront.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.facebook.net *.axept.io *.doubleclick.net *.google.com *.gstatic.com *.bam-cell.nr-data.net *.hotjar.com script.tolk.ai *.lightwidget.com *.rum-metrics.quanta.io *.appstatic.quanta.io *.quanta.io *.s2.adform.net *.kameleoon.eu *.kameleoon.com *.imagino.com *.googleapis.com *.thechatbotfactory.com *.popt.in scatec.io creatie.mxsrv.nl *.123formbuilder.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com *.fontawesome.com tagmanager.google.com fonts.google.com fonts.googleapis.com *.adoric-om.com *.adoric.com *.popt.in https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://maps.googleapis.com/maps/api/mapsjs *.google-analytics.com *.analytics.google.com *.googletagmanager.com maps.googleapis.com *.addthis.com *.nutrishopping.it *.gerlinea.fr *.gerlinea.be *.isostar.fr *.isostar.es *.isostar.nl *.isostar.be *.modifast.be *.modifast.nl *.wecare.eu *.bimanan.com *.nutritionetsante.com *.adoric-om.com *.adoric.com *.instagram.com tag.imagino.com *.doubleclick.net *.facebook.com *.axept.io *.hotjar.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com api-legacy.tolk.ai *.cloudfront.net bam-cell.nr-data.net bam.nr-data.net rum-metrics.quanta.io *.paypal.com *.googleapis.com *.popt.in *.webmethods.io *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com 'self' data: *.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.abode.com *.scupio.com *.criteo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://logistics-stage.ecpay.com.tw/Express/map https://logistics.ecpay.com.tw/Express/map https://logistics-stage.ecpay.com.tw/helper/printTradeDocument https://logistics.ecpay.com.tw/helper/printTradeDocument 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.criteo.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.gstatic.com *.abode.com *.scupio.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.abode.com blob: *.azureedge.net *.magentosite.cloud data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://www.gstatic.com 'self' data: https://code.highcharts.com https://www.googletagmanager.com *.avada.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ unpkg.com/@dotlottie/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.2.0/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://cdnjs.cloudflare.com/ajax/libs/codemirror/4.13.0/ *.optimonk.com https://rum.hlx.page/ *.clarity.ms *.scupio.com *.criteo.com https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.2.7/purify.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com *.gstatic.com 'self' data: https://fonts.googleapis.com *.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://static.klaviyo.com *.abode.com *.scupio.com *.criteo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://fcm.googleapis.com 'self' data: https://get.geojs.io *.avada.io http://hotaigo-wss.yoxi.io:443/socket.io/ https://hotaigo-wss.yoxi.io:443/socket.io/ wss://hotaigo-wss.yoxi.io:443/socket.io/ http://chathotail.local:443/socket.io/ https://chathotail.local:443/socket.io/ wss://chathotail.local:443/socket.io/ https://chathotail.local/socket.io/ http://test-chat-app-hotai.vercel.app/socket.io/ https://test-chat-app-hotai.vercel.app:443/socket.io/ wss://test-chat-app-hotai.vercel.app:443/socket.io/ http://hotaichatapptest.branch8.com/socket.io/ https://hotaichatapptest.branch8.com:443/socket.io/ wss://hotaichatapptest.branch8.com:443/socket.io/ ws://hotaichatapptest.branch8.com:80/socket.io/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.abode.com *.optimonk.com hotaimember.com.tw/ *.clarity.ms *.scupio.com *.criteo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://api.systempay.fr/static/ *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ *.google.com/ https://player.vimeo.com https://www.youtube-nocookie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://www.magezon.com blueskytechmage.com mageblueskytech.com placehold.jp https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ magefan.com cm.magefan.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com matomo.lcanetwork.com landofcoder.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ s7.addthis.com *.google.com/ https://player.vimeo.com https://www.youtube.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://api.systempay.fr/static/ *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://matomo.lcanetwork.com landofcoder.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com assets.mxapis.com *.cloudfront.net www.gstatic.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.soundestlink.com www.gstatic.com assets.mxapis.com *.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.hotjar.com *.cloudflare.com *.doubleclick.net static.cloudflareinsights.com *.clarity.ms *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net *.googleapis.com;script-src-elem 'self' 'unsafe-inline' cdn.datatables.net static.cloudflareinsights.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.cloudflare.com *.doubleclick.net www.youtube.com pagead2.googlesyndication.com *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net;connect-src 'self' https://api.moonmart.lt *.nordcode.io *.google-analytics.com *.doubleclick.net *.google.com *.cookiebot.com *.bing.com *.googlesyndication.com *.clarity.ms *.facebook.com adservice.google.com graph.facebook.com www.googleadservices.com www.google.com www.google.lt www.google.lv googleadservices.com google.com google.lt google.lv pagead2.googlesyndication.com *.nosto.com *.sentry.io *.googleapis.com *.equalweb.com *.soundestlink.com *.dot.vu ams.creativecdn.com analytics.tiktok.com *.e-menessaptieka.lv *.moonmart.lt *.mxapis.com *.tiktokw.us;frame-src 'self' *.cookiebot.com *.doubleclick.net *.youtube.com accounts.google.com *.ladesk.com live.dot.vu ams.creativecdn.com cdn.mxapis.com;img-src 'self' data: https://api.moonmart.lt https://images.moonmart.lt *.klix.app *.cookiebot.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.google.com *.google.lt *.google.lv *.cloudflare.com *.tawk.to tawk.link *.hotjar.com *.soundestlink.com *.googleapis.com *.gstatic.com *.facebook.com *.youtube.com *.doubleclick.net *.dmxleo.com *.hotjar.com *.bing.com *.adform.net *.criteo.com *.clarity.ms *.demdex.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com googleads.g.doubleclick.net omnisnippet1.com csm.fr3.eu.criteo.net id5-sync.com ade.googlesyndication.com *.nosto.com *.appspot.com serve.mxapis.com *.e-menessaptieka.lv *.moonmart.lt www.googleadservices.com *.creativecdn.com static.salidzini.lv ema.ladesk.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.moonmart.lt https://images.moonmart.lt;report-uri https://api.moonmart.lt/csp/report 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.addthis.com *.google.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net s7.addthis.com *.google.com/ *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://maps.googleapis.com https://app.cobrowser.com data: 'self' 'unsafe-inline'; form-action *.paypal.com https://mcheckout.mstart.hr/iCheckOutX/v1/icheckout/confirm.xhtml https://mcheckouttest.mstart.hr:9443/iCheckOutX/v1/icheckout/confirm.xhtml https://form.wspay.biz/authorization.aspx https://formtest.wspay.biz/authorization.aspx googletagmanager.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://widget-cdn.boxnow.hr https://widget-v5.boxnow.hr *.weltpixel.com https://service.force.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://mstart.hr/theme/img/png/logo.png magefan.com cm.magefan.com maps.googleapis.com https://preprod-u1974--preprod.cs173.force.com https://u1974--preprod.my.salesforce.com https://u1974--preprod--c.visualforce.com https://zoocity.secure.force.com https://www.wspay.info/layout/logo.png https://www.wspay.info/payment-info/wsPayWebSecureLogo-118x50-transparent.png https://www.facebook.com https://app.cobrowser.com www.google.hr www.facebook.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.g.doubleclick.net *.google.com *.openstreetmap.org *.disqus.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://widget-cdn.boxnow.hr https://widget-v5.boxnow.hr https://dsp-media.eskimi.com/ maps.googleapis.com https://service.force.com https://*.salesforceliveagent.com https://u1974--preprod.my.salesforce.com https://d.la3-c1cs-cdg.salesforceliveagent.com https://zoocity.my.salesforce.com https://d.la3-c2-fra.salesforceliveagent.com https://static.lightning.force.com https://zoocity.secure.force.com https://d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com https://app.cobrowser.com https://connect.facebook.net *.googletagmanager.com tagmanager.google.com ssl.google-analytics.com dashboard.trustprofile.com https://www.googletagmanager.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org *.disqus.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://maps.googleapis.com https://service.force.com https://preprod-u1974--preprod.cs173.force.com https://zoocity.secure.force.com https://app.cobrowser.com googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://app.cobrowser.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://mcheckout.mstart.hr/iCheckOutX/v1/icheckout/confirm.xhtml https://mcheckouttest.mstart.hr:9443/iCheckOutX/v1/icheckout/confirm.xhtml maps.googleapis.com https://connect.facebook.net https://preprod-u1974--preprod.cs173.force.com https://zoocity.secure.force.com https://secure.wspay.biz/api/services/processpayment https://test.wspay.biz/api/services/processpayment https://app.cobrowser.com *.googletagmanager.com *.g.doubleclick.net https://www.google-analytics.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' OculosMeninaFlor.com.br *.OculosMeninaFlor.com.br wake-components.fbitsstatic.net lotusoculos.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com konduto.com googleadservices.com hotjar.io criteo.net online-metrix.net reduza.com.br criteo.com traycheckout.com.br hertzen.com k-analytix.com hotjar.com clearsale.com.br doubleclick.net yapay.com.br cloudflare.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.googleadservices.com *.konduto.com *.hotjar.io *.criteo.net *.online-metrix.net *.reduza.com.br *.criteo.com *.traycheckout.com.br *.hertzen.com *.k-analytix.com *.cloudflare.com *.clearsale.com.br *.doubleclick.net *.yapay.com.br *.hotjar.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.yourviews.com.br *.clearsale.com.br *.compreconfie.com.br *.voxus.com.br *.voxus.tv *.ipify.org *.loggly.com *.targeting.voxus.com.br dzpxyxks1bfmb.cloudfront.net *.getblue.io *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com gstatic.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io cdn.widde.io *.widde.io api-admin.widde.io storage.googleapis.com *.googleapis.com videos.widde.io recursos.oculosmeninaflor.com.br *.oculosmeninaflor.com.br lotusoculos.fbitsstatic.net *.fbitsstatic.net *.fbits.net static.fbits.net static.criteo.net *.visa.com player.vimeo.com *.vimeo.com o4509708062818304.ingest.us.sentry.io *.ingest.us.sentry.io *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.OculosMeninaFlor.com.br OculosMeninaFlor.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-PT-mJf9RRkuq6fVsFQFYf5r7KyV62YZM'; base-uri 'none'; report-uri https://data.sanitino.eu/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.mercadolibre.com *.cookiebot.com *.googletagmanager.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io https://docs.google.com https://www.googletagmanager.com/ challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.googleadservices.com *.google-analytics.com *.google.com.br *.mercadopago.com.br *.beltnutrition.com.br cdn.mundipagg.com api.pagar.me http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com http://www.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.mlstatic.com *.mercadopago.com https://www.googleoptimize.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ http://www.google-analytics.com/ http://www.googleadservices.com/ http://www.paypal.com/ http://www.facebook.com/ https://js-agent.newrelic.com/ https://vfr-v3-production.sizebay.technology/ https://maps.google.com/ https://www.google.com/ *.cloudfront.net *.facebook.net *.sdk.mercadopago.com *.googletagmanager.com https://viacep.com.br/ *.avada.io 3ds2.pagar.me 3ds2-sdx.pagar.me challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com assets.braintreegateway.com *.fontawesome.com *.jsdelivr.net/ *.cloudflare.com/ *.googleapis.com *.cloudfront.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.mercadopago.com *.mercadolibre.com https://www.google-analytics.com/ *.facebook.com https://viacep.com.br https://get.geojs.io *.avada.io api.mundipagg.com api.pagar.me *.gstatic.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cabralmotor.com.br *.cabralmotor.com.br wake-components.fbitsstatic.net cabralmotor.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br gstatic.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.googleapis.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com *.cabralmotor.com.br api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.google.com.br *.g.doubleclick.net *.clarity.ms *.leadster.com.br *.google-analytics.com *.fbits.net *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.cabralmotor.com.br cabralmotor.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.checkout-api.avarda.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.klarnacdn.net *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com *.klaviyo.com *.tawk.to/ *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com card-payment-frame.production.avarda.com *.stage.avarda.com pay.google.com *.freshchat.com *.twitter.com *.pinterest.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.avarda.com/ *.checkout-api.avarda.com checkout-api.avarda.com *.checkout-cdn.avarda.com checkout-cdn.avarda.com openbanking-logos.production.avarda.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.cloudfront.net/ *.criteo.net *.stamped.io *.freshchat.com/ *.cloudflare.com *.klarna.com *.ytimg.com *.cookiefirst.com *.goodahead.dev/ *.unifaun.com/ *.blob.core.windows.net/ *.azureedge.net/ *.tile.openstreetmap.org dreampetstore.com vipstore.fi *.vipstore.fi *.bing.com/ *.clarity.ms/ *.google.fi *.google.se *.google.no *.google.dk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.avarda.com/ *.checkout-cdn.avarda.com checkout-cdn.avarda.com *.stage.avarda.com pay.google.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.kk-resources.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ *.googleapis.com/ *.noibu.com/ *.pinimg.com/ *.bing.com/ *.tiktok.com/ *.pinterest.com/ *.intercom.io/ *.intercomcdn.com/ *.clarity.ms/ *.klarnaservices.com/ *.klarna.com/ polyfill-fastly.io/ *.custobar.com/ *.tawk.to/ *.jsdelivr.net/ unpkg.com/ landofcoder.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ *.klaviyo.com/ *.tawk.to/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com/ *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com/ *.doubleclick.net *.googlesyndication.com *.checkout-api.avarda.com checkout-api.avarda.com google.com www.google.com pay.google.com payment-widget.avarda.com *.payment-widget.avarda.com payment-widget.stage.avarda.com *.payment-widget.stage.avarda.com *.criteo.com *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.qanuk.app *.cookiefirst.com *.omappapi.com reviewsonmywebsite.com *.cloudflare.com *.pinterest.com *.tiktok.com/ *.clarity.ms/ *.noibu.com/ wss://input.noibu.com/ wss://nexus-websocket-a.intercom.io/ *.intercom.io/ *.bing.com/ *.algolia.io/ *.klarna.com/ *.custobar.com/ *.tawk.to/ wss://*.tawk.to/ *.googleapis.com/ *.avarda.com/ landofcoder.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://*.ipay88.com.ph https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.net *.facebook.com https://*.ipay88.com.ph https://plumrocket.com amc.demdex.net www.facebook.com web.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.gstatic.com *.facebook.net connect.facebook.net https://*.ipay88.com.ph www.google.com www.gstatic.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.ipay88.com.ph www.facebook.com maps.googleapis.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'nonce-T3KDRKJsB+AlCpmBCsJAUg==' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: blob: https://storage.mondospedizioni.com https://public.mondospedizioni.com https://upload.wikimedia.org https://*.google-analytics.com https://cdn.iubenda.com https://google.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://*.doubleclick.net https://*.facebook.com https://*.clarity.ms https://googletagmanager.com https://*.googletagmanager.com https://*.bing.com https://*.googleadservices.com https://www.google.it https://pagead2.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.mondospedizioni.com https://*.statsig.com https://*.sentry.io https://*.trustpilot.com https://*.google-analytics.com https://*.iubenda.com https://google.com https://*.google.com https://*.doubleclick.net https://*.facebook.com https://connect.facebook.net https://*.clarity.ms https://*.bing.com https://*.ahrefs.com https://*.googletagmanager.com https://vercel.live https://*.googleadservices.com https://www.google.it https://pagead2.googlesyndication.com; frame-src 'self' https://widget.trustpilot.com https://*.iubenda.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google.com https://vercel.live https://*.googleadservices.com https://facebook.com https://*.facebook.com https://connect.facebook.net; frame-ancestors 'none'; worker-src 'self' blob: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl https://www.googletagmanager.com/ https://x.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com https://x.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://cdn.perchandparrow.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sagepay.com *.opayo.eu.elavon.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.alothemes.com *.magepow.com https://x.klarnacdn.net *.klarna.com *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sagepay.com *.opayo.eu.elavon.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com https://x.klarnacdn.net *.klarna.com *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://beacon.searchspring.io/beacon 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://app.glitchtip.com/api/11198/security/?glitchtip_key=b34a99a6982a4417972cb679fa8b8bfd;base-uri 'self';connect-src 'self' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://visualsponline.azurewebsites.net https://translate.googleapis.com https://snap.licdn.com https://listgrowth.ctctcdn.com/v1/a8de2ead6fc0f5433ab4177c50a3190f.json https://stats.g.doubleclick.net https://visitor2.constantcontact.com https://givebutter.com https://www.google.com/recaptcha/api.js https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://js.stripe.com https://r.stripe.com https://api.bloomerang.co https://*.bloomerang.co;default-src 'self';form-action 'self';img-src 'self' data: https: https://jbs-foods.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com android-webview-video-poster: https://px.ads.linkedin.com;media-src 'self' https: data:;object-src 'none';script-src 'self' 'nonce-a56eQtEDlSaI10YimmMbdl4X6lh4tr7j' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://ssl.google-analytics.com/ga.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://visitor2.constantcontact.com https://givebutter.com https://www.google.com/recaptcha/api.js 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-19tTl2QL1fqBlIdD6/tWY1mjgpye79zseuzVrrybcDc=' https://*.googletagmanager.com https://crm.bloomerang.co https://ajax.aspnetcdn.com https://js.stripe.com https://r.stripe.com https://api.bloomerang.co https://*.bloomerang.co 'unsafe-eval' www.google.com;style-src 'self' https://cdn.plyr.io/3.5.2/plyr.css https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css 'unsafe-inline';font-src 'self' https://fonts.gstatic.com chrome-extension: data:;frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://givebutter.com https://js.stripe.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net static.lipscore.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com www.xtento.com *.wesupply.xyz https://wesupplylabs.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com static.lipscore.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.cloudflare.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klarnacdn.net static.lipscore.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com wapi.lipscore.com users.lipscore.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.googleapis.com api.lipscore.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: blob: *; connect-src 'self' * wss:; font-src * data:; object-src *; media-src *; frame-src 'self' blob: *;  report-uri https://www.parashop.com/modules/hhcspheaders/header-csp-report.php 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-2fce5ca85f0b6bdb2088d7683e9ae3da1a99017acea3f7b17579c84654248648' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
script-src 'self' blob: https://prod-bk-web.nz.rbi.tools/en/static/js/vendor.e8f012d3.js https://prod-bk-web.nz.rbi.tools/en/static/js/main.82203cb2.js https://prod-bk-web.nz.rbi.tools/en/static/js/runtime.71a8e609.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.nz.rbi.tools/en/static/js/vendor.ea03c9f6.js https://prod-bk-web.nz.rbi.tools/en/static/js/main.4c68952b.js https://prod-bk-web.nz.rbi.tools/en/static/js/runtime.9000262e.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
frame-ancestors www.gstatic.com https://devmi1.alb.com.co https://dev.alb.com.co *.paypal.com *.movilpt.co; font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://app.alb.com.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://www.googletagmanager.com https://api.retargetly.com https://*.hotjar.com https://*.doubleclick.net https://www.facebook.com https://resources-rt.idx.lat/ *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://*.bing.com https://www.facebook.com https://www.google.com https://www.google.com.mx https://*.clarity.ms https://www.google.com.co https://analytics.twitter.com https://app.alb.com.co https://dev.placetopay.com https://t.co https://checkout-co.placetopay.dev *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com https://widget.manychat.com https://www.google.com https://api.retargetly.com https://*.clarity.ms https://connect.facebook.net https://bat.bing.com https://analytics.tiktok.com https://d12zyq17vm1xwx.cloudfront.net https://*.hotjar.com https://static.ads-twitter.com https://script.crazyegg.com https://resources-rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com https://app.alb.com.co *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; object-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; manifest-src *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com https://www.google-analytics.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://track-icommkt.com https://analytics.tiktok.com https://*.clarity.ms https://analytics.google.com https://script.crazyegg.com https://rt.idx.lat *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org http: https: blob: 'self' 'unsafe-inline'; default-src https://*.api.comapi.com https://wom-co.convertia.com *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.amazonaws.com *.addi.com *.yieldmo.com *.casalemedia.com *.newrelic.com *.newrelic.co *.nr-data.net *.aralego.net *.aralego.com *.mediavine.com *.stickyadstv.com *.adgrx.com *.bluekai.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.liadm.com *.bidswitch.net *.emxdgt.com *.crcom.gov.co *.omappapi.com *.googlesyndication.com *.getblue.io *.pangle-ads.com *.yahoo.net *.movilpt.co https://devmi1.alb.com.co *.criteo.com *.clmbtech.com *.decidata.tv *.gfl85trk.com *.pingdom.net *.tremorhub.com *.smaato.net *.sharethrough.com *.360yield.com *.omnitagjs.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.adnxs.com *.paypal.com *.doubleclick.net *.192.168.232.4:7105 *.avantel.co *.openstreetmap.org 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.computop-paygate.com https://www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: https://www.googletagmanager.com https://www.google-analytics.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.sandbox.paypal.com t.paypal.com jquery.sellxed.com *.plugins.emarsys.net *.scarabresearch.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.scarabresearch.com *.eservice.emarsys.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.computop-paygate.com payments-eu.amazon.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Fk3xqd0NbvlwVAme6PNvLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://adservice.google.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googletagservices.com https://ajax.googleapis.com https://widget.trustpilot.com https://www.googletagmanager.com challenges.cloudflare.com 'unsafe-eval' static.cloudflareinsights.com; script-src-elem 'self' static.cloudflareinsights.com 'unsafe-inline' pagead2.googlesyndication.com fundingchoicesmessages.google.com cdnjs.cloudflare.com www.googletagmanager.com ep2.adtrafficquality.google www.google.com www.gstatic.com widget.trustpilot.com cdn.ampproject.org www.paypalobjects.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-elem 'self' www.gstatic.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com images.mediago.io www.gstatic.com;  img-src 'self' https://cdnjs.cloudflare.com https://*.googleusercontent.com https://*.gstatic.com https://*.ggpht.com https://*.google.com data: ep1.adtrafficquality.google pagead2.googlesyndication.com api.mapbox.com www.googletagmanager.com osclasspoint.com blob: trace-eu.mediago.io i.ytimg.com osclasspoint.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data: maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://api.trustpilot.com region1.google-analytics.com ep1.adtrafficquality.google fundingchoicesmessages.google.com pagead2.googlesyndication.com csi.gstatic.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net widget.trustpilot.com ep2.adtrafficquality.google www.google.com pagead2.googlesyndication.com challenges.cloudflare.com *.safeframe.googlesyndication.com; worker-src 'self' blob:; object-src 'none';  base-uri 'self';  form-action 'self' www.paypal.com; report-uri https://kxh4fxuw.uriports.com/reports/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-ffLsIAuQYm2mxnZDTlNRPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_2GXARsC-PyFtdfcMOAtMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xty_LM25I8UqT8sn8TRAIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src sdk.privacy-center.org spir.hit.gemius.pl cnc.daktela.com widget.packeta.com *.google.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com static.hotjar.com script.hotjar.com *.googletagmanager.com a.opmnstr.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net connect.facebook.net *.ads-twitter.com 2.adform.net s2.adform.net track.adform.net im9.cz *.im9.cz c.imedia.cz ssl.heureka.cz www.heureka.cz www.zbozi.cz c.seznam.cz 1gr.cz sgtm.signals.cz cdn.cpex.cz *.cxense.com *.mapy.cz *.piano.io gjstatic.blob.core.windows.net me.ikiosek.cz *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval';script-src-elem sdk.privacy-center.org spir.hit.gemius.pl cnc.daktela.com widget.packeta.com *.google.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com static.hotjar.com script.hotjar.com *.googletagmanager.com a.opmnstr.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net connect.facebook.net *.ads-twitter.com 2.adform.net s2.adform.net track.adform.net im9.cz *.im9.cz c.imedia.cz ssl.heureka.cz www.heureka.cz www.zbozi.cz c.seznam.cz 1gr.cz sgtm.signals.cz cdn.cpex.cz *.cxense.com *.mapy.cz *.piano.io gjstatic.blob.core.windows.net me.ikiosek.cz *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval';style-src tagmanager.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.smartsuppcdn.com translate.googleapis.com fonts.googleapis.com api.mapy.cz 'self' 'unsafe-inline';style-src-elem tagmanager.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.smartsuppcdn.com translate.googleapis.com fonts.googleapis.com api.mapy.cz 'self' 'unsafe-inline';report-uri /csp 1
object-src 'none';base-uri 'self';script-src 'nonce-4_HBZXPWhCPf_dXVvAzGLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-NTUyYzkwZmUtM2NhMi00Y2Y4LTk3ZGEtNGQyNjIzYzgxZGJh' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com mysticlabsd8.com maxcdn.bootstrapcdn.com data https://cdnjs.cloudflare.com *.cloudflare.com *.popt.in *.amazonaws.com *.on.aws *.cloudfront.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net https://plumrocket.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com whitepages.site x.adroll.com ad.ipredictive.com tags.crwdcntrl.net www.google.com www.facebook.com *.authorize.net https://plumrocket.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.sharethis.com mysticlabsd8.com alb.reddit.com www.facebook.com d.adroll.com image2.pubmatic.com pixel.rubiconproject.com x.bidswitch.net eb2.3lift.com dsum-sec.casalemedia.com ml314.com pixel.tapad.com us-u.openx.net x.adroll.com sync.taboola.com sync.outbrain.com ib.adnxs.com pixel.sitescout.com segment.prod.bidr.io idsync.reson8.com p.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.popt.in *.cloudfront.net www.sourceknowledge.com upx.provenpixel.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.sharethis.com unsafe-inline unsafe-eval mysticlabsd8.com static.klaviyo.com static-tracking.klaviyo.com cdn.popt.in s.adroll.com amplify.outbrain.com ruler.nyltx.com assets.mantisadnetwork.com edge.fullstory.com sc-static.net www.redditstatic.com unpkg.com cdnjs.cloudflare.com acsbapp.com www.clarity.ms wave.outbrain.com aggle.net analytics.nyltx.com d.adroll.com js.ipredictive.com connect.facebook.net rs.fullstory.com cdn.aggle.net tags.crwdcntrl.net upx.provenpixel.com www.google.com www.gstatic.com cdn-widgetsrepository.yotpo.com js.authorize.net jstest.authorize.net static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com telemetrics.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ code.jquery.com *.authorize.net *.popt.in *.cloudflare.com *.jsdelivr.net sandbox-assets.secure.checkout.visa.com www.sourceknowledge.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com unsafe-inline mysticlabsd8.com maxcdn.bootstrapcdn.com static.klaviyo.com https://static.klaviyo.com cdnjs.cloudflare.com *.popt.in *.cloudflare.com *.jsdelivr.net *.on.aws *.amazonaws.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com amplify.outbrain.com edge.fullstory.com pixel-config.reddit.com www.redditstatic.com mysticlabsd8.com paid.outbrain.com cdn.acsbapp.com rs.fullstory.com analytics.mantis.marketing d.adroll.com display.popt.in i.clarity.ms x.adroll.com herb.aggle.net bcp.crwdcntrl.net js.authorize.net jstest.authorize.net telemetrics.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.cloudfront.net *.cloudflare.com *.popt.in yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src analytics.nyltx.com mysticlabsd8.com i.clarity.ms rs.fullstory.com tr6.snapchat.com commerce.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com cash-f.squarecdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com * https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.bing.com *.doubleclick.net *.facebook.com *.usercentrics.eu *.lamparadirecta.es data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com polyfill.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.wwlholding.com *.bing.com *.clarity.ms *.facebook.net *.googleapis.com *.hotjar.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.videoly.co *.beslist.nl *.lamparadirecta.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cash.app https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com assets.braintreegateway.com tagmanager.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.wwlholding.com *.bing.com *.doubleclick.net *.googlesyndication.com *.leadinfo.com *.leadinfo.net *.mopinion.com *.usercentrics.eu *.googleapis.com *.addressy.com *.beslist.nl *.hotjar.com *.hotjar.io *.lamparadirecta.es 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b428c232-f415-4fb2-b456-fef23ba335ec.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-BZLROp-VxGElhWHDLJNZoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-4b1f7fac4481f82f4c9deff0c97a9de3af834098805fb21b89f5caa988a6a01e' assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.disqus.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' *.livechatinc.com *.cookiebot.com *.hotjar.com *.bing.com 'sha256-W5akSSK6LD5BjIlNICMcXaUObQSRAaj6bs7JHADURBA=' 'sha256-3qVqeAdyxxTdPkkRzqapjGkAUYLahxSrB7Mdup+GPQ0=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-p8MCfMHqrovsjRYU9z0bU17dd0z81k/fVbGrtBBiM9g=' 'sha256-0pk2s4oXwBELlC6IBVb3nNaM2PjfjwI2N6OGIX5lx8Y=' 'sha256-nkEZknO0IxNxY/CkTMBhjNhwPvglpYumjx31B4fjkY8='; style-src *.adobe.com fonts.googleapis.com *.autopay.eu *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.autopay.eu blob: *.disqus.com https://img.youtube.com *.hsforms.net *.hsforms.com 'self' data: 'self' *.cookiebot.com *.sm-cdn.eu; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' *.cookiebot.com *.googlesyndication.com; media-src *.adobe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com pay.google.com play.google.com *.autopay.eu 'self' *.livechatinc.com *.cookiebot.com *.googletagmanager.com *.doubleclick.net *.sensevr.pl; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' data: 'self'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self'; 1
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.every-pay.com/ https://*.every-pay.eu/ https://*.lhv.ee/ https://pay.google.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.every-pay.com/ https://*.every-pay.eu/ https://*.lhv.ee/ https://payment.ecommerce.sebgroup.com *.clarity.ms https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.every-pay.com/ https://*.every-pay.eu/ https://*.lhv.ee/ https://pay.google.com/ *.clarity.ms *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.clarity.ms https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.clarity.ms *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-quthTsY9qlkfLDjx9Rm1tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wmpv2v-OF5tWiHATMt8xHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.monetico-services.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.monetico-services.com https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://www.gstatic.com *.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.monetico-services.com *.doofinder.com wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com/ data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://api.tiles.mapbox.com/ https://fonts.googleapis.com/ https://wchat.eu.freshchat.com/ https://app.getbeamer.com/ 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'sha256-cjeHmUT8tPYJL6GbVRyK0g+jkI57j4xwcA0JNZvyH7s=' blob: https://*.usercentrics.eu; script-src-elem 'self' 'unsafe-inline' blob: https://app.usercentrics.eu https://maps.googleapis.com https://images.sabscorp.com https://*.usercentrics.eu https://unpkg.com https://api.tiles.mapbox.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com/ https://app.getbeamer.com/ https://wchat.eu.freshchat.com https://*.eu.pendo.io/ ; img-src 'self' data: https://template.rdg-bat-vt-acc.cloud.sqills.com https://*.sabre.com https://images.sabscorp.com https://media.iceportal.com https://secure.holidayextras.co.uk https://d1xcii4rs5n6co.cloudfront.net https://i.travelapi.com https://*.usercentrics.eu https://hotelbookerssl.sabre.com https://ssl.conferma.com https://static4.holidayextras.com https://scoutfroneasset.blob.core.windows.net https://app.getbeamer.com/ https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://*.eu.pendo.io/ https://*.groundspan.com https://maps.gstatic.com https://maps.googleapis.com https://upamedia.atpco.net ; connect-src 'self' data: https://d1xcii4rs5n6co.cloudfront.net https://secure.holidayextras.co.uk https://*.sabre.com https://unpkg.com/@googlemaps/ https://images.sabscorp.com https://logserver01.sabstt.com/ https://maps.gstatic.com/ https://fonts.googleapis.com https://app.getbeamer.com https://maps.googleapis.com https://scout-eu-nlu-dev.azurewebsites.net  https://scout-advertisement-server.azurewebsites.net https://scout-global-app.azurewebsites.net https://approve-test.ctmportal.co.uk https://*.auth0.com https://www.google-analytics.com/ https://backend.getbeamer.com/ https://stats.g.doubleclick.net https://*.usercentrics.eu https://hotelbookerssl.sabre.com https://ssl.conferma.com https://media.iceportal.com https://i.travelapi.com https://investor.travelctm.com.au https://fonts.gstatic.com https://*.eu.pendo.io/  ; frame-src 'self' https://*.usercentrics.eu https://*.auth0.com  https://wchat.eu.freshchat.com/ https://*.eu.webpush.freshchat.com https://app.getbeamer.com/ ; media-src https://scoutfroneasset.blob.core.windows.net;  report-uri https://logserver01.sabstt.com/report_uri/csp-report; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.mouseflow.com/projects/b968dc9f-fc4a-4aa0-aec8-bf2835f272da.js https://js.hs-analytics.net/analytics/1679396400000/9103575.js https://js.hs-banner.com/9103575.js https://js.hs-scripts.com/9103575.js https://player.vimeo.com/api/player.js https://sc.lfeeder.com/lftracker_v1_DzLR5a5o6x67BoQ2.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://cms.viktor.ai https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de; font-src 'self'; frame-src 'self' https://player.vimeo.com; img-src 'self' data: https://cms.viktor.ai https://i.vimeocdn.com https://px.ads.linkedin.com https://tr-rc.lfeeder.com https://track.hubspot.com https://www.google.de; manifest-src 'self'; media-src 'self' https://player.vimeo.com https://vod-progressive.akamaized.net; worker-src 'none'; report-uri https://errors.viktor.ai/api/28/security/?sentry_key=e0a4ff4328bc4f8d988f8711f9e814d4; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net www.awardmedals.com data: 'self' 'unsafe-inline'; form-action *.ipg-online.com www.awardmedals.com *.facebook.com hallofnames.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors www.gstatic.com www.awardmedals.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.awardmedals.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.awardmedals.com *.bing.com *.bing.net cdn-cookieyes.com *.doubleclick.net *.elfsightcdn.com *.facebook.com *.facebook.net www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.cl www.google.cm www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gl www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.so www.google.st www.google.td www.google.tn www.google.tt google.com *.google.com *.googletagmanager.com *.googleusercontent.com houseofnames.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.jsdelivr.net *.avada.io *.shopify.com www.awardmedals.com *.addthis.com *.bing.com cdn-cookieyes.com chimpstatic.com *.doubleclick.net *.elfsightcdn.com *.elfsight.com *.facebook.net *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com hallofnames.com *.omappapi.com *.optmnstr.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net www.awardmedals.com *.googleapis.com *.googletagmanager.com *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.awardmedals.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.awardmedals.com *.bing.com *.bing.net cdn-cookieyes.com *.doubleclick.net *.elfsight.com *.facebook.com *.google-analytics.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.ca www.google.cd www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gl www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.ml www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.sk www.google.so www.google.st google.com *.google.com hallofnames.com *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src www.awardmedals.com http: https: blob: 'self' 'unsafe-inline'; default-src www.awardmedals.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c1747441-744a-4795-a738-1e451acf02a3.sansec.watch/; report-to report-endpoint; 1
script-src 'nonce-0MGfC8fqVNzVBZnX9nrXPg==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=wmOkt_FqCTxjy0XOEF9hB0gT666HWD4Zxjn--FUotO-_vki_-q_AZjppa8VtNaTi_jAwa-Gu0g==&policy_id=30057&user_id=&request_id=3263b523-08d8-4a6b-a59a-4c260b0216e8; report-to csp-endpoint-wmoktfqctxjyxoefhbgthwdzxjnfuotovkiqazjppavtnatijawagug; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:*; require-trusted-types-for 'script' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.p.jwpcdn.com *.fontawesome.com *.googleapis.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.braintreegateway.com *.paypal.com google.com *.google.com assets.braintreegateway.com c.paypal.com tst.kaptcha.com js.braintreegateway.com checkout.paypal.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com hnd.stats.paypal.com b.stats.paypal.com assets.braintreegateway.com www.sandbox.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com player.vimeo.com *.graph.facebook.com js.braintreegateway.com c.paypal.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.fontawesome.com *.googleapis.com *.gstatic.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com gfaudio.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com api.sandbox.braintreegateway.com api.braintreegateway.com client-analytics.braintreegateway.com *.sandbox.paypal.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com http://dpm.demdex.net www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.consensu.org *.sharethis.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io http://themes.magesolution.com https://moosendimages.imgix.net https://cdn.designer-images.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com *.designer-images.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://devdocs.magento.com https://unpkg.com https://static.addtoany.com https://graph.facebook.com https://widgets.pinterest.com https://api.tumblr.com *.stat-track.com https://polyfill.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com/ *.sharethis.com *.avada.io *.shopify.com polyfill.io *.moosend.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net *.moosend.com *.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://forms.m-pages.com https://form.m-pages.com https://t.stat-track.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src-attr https://cdn.evgnet.com https://*.googleapis.com https://tag.rmp.rakuten.com/ https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://s.pinimg.com/ https://tags.creativecdn.com/ https://analytics.tiktok.com/ https://www.clarity.ms/ https://connect.facebook.net/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline'; script-src-elem https://cdn.evgnet.com https://*.googleapis.com https://tag.rmp.rakuten.com/ https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://s.pinimg.com/ https://tags.creativecdn.com/ https://analytics.tiktok.com/ https://www.clarity.ms/ https://connect.facebook.net/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.squarecdn.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://stackpath.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com *.cash.app www.google.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app *.googleapis.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.tagalys.com https://sdk.giftflick.com.au/ https://cdn.giftflick.com.au/ https://gf-cdn.s3-ap-southeast-2.amazonaws.com/ *.clarity.ms *.google.com https://c.bing.com/ *.facebook.com https://www.google.com.au/ https://ad.doubleclick.net/ https://*.rubiconproject.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://api.addressfinder.io https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.convertexperiments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.disqus.com *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://cdnjs.cloudflare.com https://d3htxdwqp62ai4.cloudfront.net http://d2r9py2hfy5mgp.cloudfront.net http://d3fzz8zsf83ont.cloudfront.net https://storage.googleapis.com https://player.vimeo.com/ https://www.giftflick.com.au/ https://sdk.giftflick.com.au/ *.creativecdn.com https://s.pinimg.com/ *.pinterest.com *.clarity.ms https://dusk-455267821617990643-help.freshchat.com/ https://analytics.tiktok.com/ https://connect.facebook.net/ *.wisernotify.com t.cfjump.com *.dusk.com.au *.attn.tv https://cdn.jsdelivr.net/npm/@growthbook/ https://tag.rmp.rakuten.com/ https://cdn.evgnet.com https://*.googleapis.com https://js.squarecdn.com/ https://unpkg.com/ https://livesearch-metrics.magento-ds.com/ https://*.addressfinder.io https://cdn.jsdelivr.net/ https://*.newrelic.com https://*.freshchat.com https://commerce.adobedtm.com/ https://*.braintreegateway.com https://*.stripe.com https://www.google.com/ https://www.googletagmanager.com/ https://*.trackedlink.net https://*.trackedweb.net https://t.cfjump.com/ https://tags.creativecdn.com/ https://www.clarity.ms/ https://www.gstatic.com/ https://pt.wisernotify.com/ https://ct.pinterest.com/ https://*.paypal.com https://*.google.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.cash.app assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com https://cdnjs.cloudflare.com https://tagalys-assets.s3-ap-southeast-1.amazonaws.com https://d3htxdwqp62ai4.cloudfront.net https://stackpath.bootstrapcdn.com https://sdk.giftflick.com.au/ https://dusk-455267821617990643-help.freshchat.com/ *.wisernotify.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://player.vimeo.com/ https://cdn.giftflick.com.au/ https://videos-demo.giftflick.com.au/ https://download-video.akamaized.net/ https://*.vimeocdn.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.convertexperiments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://api-r1.tagalys.com https://api-r2.tagalys.com https://api-r3.tagalys.com https://api-r4.tagalys.com https://staging-api-r2.tagalys.com http://tagalys-api.docker:3000 https://www.giftflick.com.au/ https://api-demo.giftflick.com.au/ https://api.giftflick.com.au/ *.creativecdn.com *.pinterest.com *.clarity.ms https://analytics.tiktok.com/ *.wisermapp.com *.azurewebsites.net *.doubleclick.net *.attn.tv https://cdn.growthbook.io/ https://*.evergage.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; frame-ancestors 'self' 1
script-elem-src addwish.com *.hotjar.com; font-src *.cloudflare.com *.bootstrapcdn.com *.flixfacts.com *.flixcar.com *.bricks.plus *.vimeo.com core.helloretail.com *.addwish.com cloud.misterbricks.nl *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.mollie.com *.flixcar.com *.bricks.plus *.vimeo.com *.cloudfront.net *.google.com core.helloretail.com *.hotjar.com www.facebook.com cloud.misterbricks.nl *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.mollie.com *.cloudflare.com *.cloudfront.net *.flixcar.com *.flixfacts.com *.flix360.com *.bricks.plus *.vimeo.com *.google.com *.google.nl core.helloretail.com *.addwish.com www.facebook.com *.facebook.net *.hipex.cloud cloud.misterbricks.nl connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.mollie.com *.cloudflare.com *.twitter.com *.fontawesome.com *.flixfacts.com *.flixcar.com *.flix360.com *.flix360.io *.bricks.plus *.googletagmanager.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.addwish.com addwish.com *.cloudfront.net core.helloretail.com *.doubleclick.net *.hotjar.com *.hotjar.io www.facebook.com *.facebook.net cloud.misterbricks.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.bootstrapcdn.com *.flixcar.com *.bricks.plus *.vimeo.com core.helloretail.com *.addwish.com addwish.com cloud.misterbricks.nl cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bricks.plus *.vimeo.com *.akamaized.net core.helloretail.com *.addwish.com cloud.misterbricks.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.cloudflare.com *.cloudfront.net *.amazonaws.com *.google.com *.plyr.io *.analytics.google.com *.google-analytics.com *.doubleclick.net *.nr-data.net *.addwish.com core.helloretail.com *.hotjar.com *.flix360.io *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.misterbricks.nl/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com *.fontawesome.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com www.apptrian.com http://dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io cdn.doofinder.com https://images.unsplash.com magefan.com cm.magefan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.doofinder.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com maxcdn.bootstrapcdn.com https://static.klaviyo.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff2 https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://aheadworks.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com *.clarity.ms *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.cloudfront.net *.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com http://www.w3.org/2000/svg https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.sharethis.com *.googleapis.com https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.cdn.datatables.net *.authorize.net *.clarity.ms js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.net *.doubleclick.net *.linkedin.com *.bayengage.com *.targetbay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net assets.braintreegateway.com *.klaviyo.com https://static.klaviyo.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io https://static.zdassets.com/ https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.certcapture.com https://www.facebook.com www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.doubleclick.net *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.authorize.net *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.bayengage.com *.targetbay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.fantasymassage.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.fantasymassage.com join.gammasecure.com; script-src 'self' *.fantasymassage.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.fantasymassage.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
script-src 'self' https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com/gtag/js https://region1.google-analytics.com/g/collect https://cdn.cookielaw.org/scripttemplates/ 'unsafe-inline' 'nonce-uF0ltmK2FkpYyuUoFCGS+w=='; report-uri /nelmio/csp/report 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com https://fonts.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.fastly.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.fastly.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ imgsct.cookiebot.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com maps.gstatic.com *.fastly.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com consent.cookiebot.com https://player.vimeo.com https://www.youtube.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com maps.googleapis.com *.fastly.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.fastly.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-t4j15NZvjLnxuBr6mAQJAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yS7jAX4cousOmewuInqSmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src * https://cdn-cookieyes.com; style-src *; img-src *; connect-src *; font-src *; media-src *; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; prefetch-src *; base-uri * 1
font-src *.typekit.net *.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com *.googleapis.com 'unsafe-inline' data: *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com magento.buildify.shop oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.hana.ondemand.com 'self'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com s3.amazonaws.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://firebasestorage.googleapis.com https://widgets.payflex.co.za oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; style-src cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.bunny.net oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src widget-v4.tidiochat.com *.zdassets.com 'self' 'unsafe-inline'; connect-src wss://socket.tidio.co telemetrics.klaviyo.com magento.buildify.shop www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net *.what3words.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src magento.buildify.shop bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com platform.twitter.com www.google.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; script-src www.instagram.com code.tidio.co widget-v4.tidiochat.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.shopify.com https://widgets.payflex.co.za https://partpayassets.blob.core.windows.net *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.medline.eu *.cookiebot.com *.vo.msecnd.net *.google-analytics.com *.linkedin.oribi.io *.algolia.net *.algolianet.com *.mouseflow.com *.gstatic.com *.g.doubleclick.net *.google.com *.ads.linkedin.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.medline.eu polyfill.io *.licdn.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.youtube.com *.algolia.net *.mouseflow.com *.cloudflareinsights.com *.clickdimensions.com *.cloudflare.com *.blob.core.windows.net/webtracking/WebTracking/WebTracking.bundle.js; style-src 'self' 'unsafe-inline' *.medline.eu *.googletagmanager.com *.googleapis.com; img-src 'self' *.medline.eu *.assets.medline.eu *.ads.linkedin.com *.linkedin.com *.cookiebot.com *.googletagmanager.com *.gstatic.com *.google.com *.google.co.in *.google-analytics.com *.ytimg.com data:; frame-src 'self' *.cookiebot.com *.youtube.com *.clickdimensions.com *.vimeo.com *.blob.core.windows.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.fastpixel.io https://api.fastpixel.io https://www.google.com https://www.gstatic.com https://plausible.netzwerkfaehig.de https://chat.netzwerkfaehig.de; style-src 'self' 'unsafe-inline' https://cdn.fastpixel.io https://fonts.googleapis.com; font-src 'self' https://cdn.fastpixel.io https://fonts.gstatic.com data:; img-src 'self' data: https:; connect-src 'self' https://api.fastpixel.io https://plausible.netzwerkfaehig.de https://chat.netzwerkfaehig.de https://www.google.com; frame-src 'self' https://www.google.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; 1
report-to https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubc9543ec1b1c491d9dca1eb02c4cfd428&dd-evp-origin=content-security-policy&ddsource=csp-report; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubc9543ec1b1c491d9dca1eb02c4cfd428&dd-evp-origin=content-security-policy&ddsource=csp-report; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.googleapis.com *.googleoptimize.com *.google-analytics.com *.googletagmanager.com *.datadoghq.com www.datadoghq-browser-agent.com *.gstatic.com maps.googleapis.com ajax.googleapis.com edge.fullstory.com fullstory.com cdn.optimizely.com lptag.liveperson.net *.lpsnmedia.net *.liveperson.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: blob: *.google-analytics.com *.googletagmanager.com *.datadoghq.com maps.googleapis.com *.gstatic.com fullstory.com *.inventoryrsc.com media.chromedata.com http://*.cudlautosmart.com https://*.cudlautosmart.com http://*.carbook.com https://*.carbook.com https://s3.amazonaws.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com maps.googleapis.com *.gstatic.com *.fullstory.com rs.fullstory.com *.cudl.com *.cudlautosmart.com *.cudirect.com *.azconfig.io accdn.lpsnmedia.net; frame-src 'self' *.kbb.com *.kelleybluebook.com maps.googleapis.com www.google.com www.carfax.com *.lpsnmedia.net www.blackbookportals.com www.jdpowervalues.com www.nadaguidesstore.com www.jdpowerwindowlink.com brandfolder.com; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; form-action 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com ls.smct.io *.cloudfront.net ad4m.at ban.2trk.info td.doubleclick.net my.lcmark.net *.awin1.com *.zenaps.com *.fls.doubleclick.net www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com widget.feedaty.com *.facebook.com *.facebook.net *.cloudfront.net lantern.roeye.com as.ad4m.at track.adform.net cdn.iubenda.com *.google.it *.google.com tvspix.com *.baronionline.it *.awin1.com *.zenaps.com *.wepowerconnections.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.motive.co www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.gstatic.com *.trovaprezzi.it static.klaviyo.com cdn.doofinder.com widget.feedaty.com cdn.jsdelivr.net static-tracking.klaviyo.com www.dwin1.com cdn.iubenda.com connect.facebook.net lantern.roeyecdn.com cdn.preciso.net api.bounce-commerce.de assets.brandswap.com cdn.iintf.co widget.envolvetech.com smct.co www.upsellit.com assets.soreto.com awinscripts.tyviso.com js.smct.io cs.iubenda.com ad4m.at api.contester.net d16fk4ms6rqz1v.cloudfront.net api.recova.ai awin.etagdigital.com cdn.scalapay.com *.nunami.ai *.salecycle.com *.appspot.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.motive.co *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com tracking.trovaprezzi.it www.trovaprezzi.it *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net widget.feedaty.com cdn.doofinder.com static.klaviyo.com cdn.iubenda.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.trustpilot.com *.awinblackfriday.com region1.analytics.google.com widget.feedaty.com fast.a.klaviyo.com static-forms.klaviyo.com *.soreto.com eu1-layer.doofinder.com api.bounce-commerce.de tagapi.brandswap.com analytics.helpmechoose.services api.recova.ai cognito-identity.eu-west-1.amazonaws.com idb.iubenda.com envolve-chatbot-api-dot-envolvetech-001.nw.r.appspot.com firehose.eu-west-1.amazonaws.com bot-dot-envolvetech-001.appspot.com www.slowfarma.com *.nunami.ai *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.motive.co *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src www.slowfarma.com googleads.g.doubleclick.net ban.2trk.info www.wepowerconnections.com my.lcmark.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-wNoUvpV3vsWPmP8r4ia9cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' https://matomo.live.lineup.ninja https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com 'unsafe-inline' 'unsafe-eval'; frame-src app.hubspot.com www.youtube.com; font-src 'self' http://fonts.gstatic.com; connect-src 'self' undefined https://app.getsentry.com https://*.sentry.io; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self'; manifest-src 'self'; form-action 'self'; frame-ancestors https://*.lineup.ninja; report-uri; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.co.in https://widget.paazl.com https://integrations.etrusted.com https://maps.googleapis.com https://www.sbsupply.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com https://maps.googleapis.com https://static.addtoany.com/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.crwdcntrl.net *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com https://widget-acc.paazl.com https://api-acc.paazl.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com http://maps.googleapis.com https://api.paazl.com https://widgets.trustedshops.com http://widgets.trustedshops.com https://www.googleadservices.com/ https://bootstrap.smartsuppchat.com https://www.smartsuppchat.com https://consent.studio https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ assets.braintreegateway.com https://integrations.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com https://maps.googleapis.com https://player.vimeo.com https://stats.addtoany.com/menu maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com *.crwdcntrl.net https://get.geojs.io *.avada.io *.multisafepay.com https://widget-acc.paazl.com https://api-acc.paazl.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://pagead2.googlesyndication.com https://api.paazl.com https://widgets.trustedshops.com https://bootstrap.smartsuppchat.com https://consent.studio https://widget.paazl.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.doubleclick.net *.facebook.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.doubleclick.net *.facebook.com *.googlesyndication.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io cdn.doofinder.com https://images.unsplash.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com https://firebasestorage.googleapis.com 'self' data: *.google.com *.google.it *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.feedaty.com *.googlesyndication.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com maps.gstatic.com https://www.cavallimusica.com *.trustedshops.com *.etrusted.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com cdn.doofinder.com https://maps.googleapis.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.avada.io *.shopify.com *.google.bg *.google.it *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.feedaty.com *.googleadservices.com *.adform.net *.iubenda.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com maps.googleapis.com *.trustedshops.com *.etrusted.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.feedaty.com *.iubenda.com assets.braintreegateway.com *.trustedshops.com *.etrusted.com *.tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://player.vimeo.com int-ecommerce.nexi.it coll-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com https://get.geojs.io *.avada.io *.facebook.com *.facebook.net *.feedaty.com *.googlesyndication.com *.doubleclick.net *.iubenda.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ioteams.com https://hm.baidu.com https://assets.growingio.com https://res.wx.qq.com; report-uri https://m.sre.videoteams.cn:8043/monitor/csp-report.htm 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' data: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://ekr.zdassets.com https://googleads.g.doubleclick.net https://connect.facebook.net https://kit.fontawesome.com https://maps.googleapis.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://secure.gravatar.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com;style-src 'self' 'report-sample' 'unsafe-inline' secure.gravatar.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com;object-src 'none';frame-src 'self' data: atlassian-companion: https://www.youtube.com https://www.google.com https://player.vimeo.com https://www.facebook.com https://td.doubleclick.net;child-src 'self';img-src 'self' data: https://www.googletagmanager.com https://i.vimeocdn.com https://www.linkedin.com https://maps.googleapis.com https://www.googletagmanager.com/a *.gravatar.com https://www.google-analytics.com https://maps.gstatic.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.au https://px4.ads.linkedin.com;font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com;connect-src 'self' https://px.ads.linkedin.com https://borderexpress.zendesk.com https://ekr.zdassets.com https://www.google.com.au https://analytics.google.com *.gravatar.com https://yoast.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-p.fontawesome.com https://maps.googleapis.com https://www.google-analytics.com https://kit.fontawesome.com https://pagead2.googlesyndication.com https://vc.hotjar.io https://www.facebook.com;manifest-src 'self';base-uri 'self';form-action 'self' https://www.facebook.com ;media-src 'self';worker-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.cloudfront.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com blob: *.cloudfront.net magefan.com cm.magefan.com assets.myparcel.nl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.cloudfront.net https://fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.cloudfront.net https://region1.google-analytics.com https://www.google-analytics.com https://bat.bing.net https://www.bing.net https://stats.g.doubleclick.net https://www.doubleclick.net https://pagead2.googlesyndication.com api.myparcel.nl cdn.jsdelivr.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.tweakwise.com *.tweakwisenavigator.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.net *.cloudfront.net https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://www.termsfeed.com https://bat.bing.com https://www.googletagmanager.com tagmanager.google.com https://www.googleadservices.com cdnjs.cloudflare.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tweakwise.com *.tweakwisenavigator.net 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blueskytechmage.com mageblueskytech.com placehold.jp www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com connect.facebook.net twitter.com platform.twitter.com https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ *.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ *.google.com *.gstatic.com *.google-analytics.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com https://premier.trustcommerce.com;script-src 'nonce-a5fe520b7e244dc9864f9a1eaa32e93b' https://www.ccmychart.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp: https://us-api.experian.com/decisionanalytics/crosscore/npc3zwbc5v26/services/v0/applications/3;style-src https://www.ccmychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
font-src data.serverschrank24.de *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action data.serverschrank24.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors data.serverschrank24.de *.multisafepay.com https://pay.google.com 'self'; frame-src data.serverschrank24.de bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com *.apps.ladesk.com *.hubspot.com *.pinterest.com speelplezier.ladesk.com *.bing.net *.bing.com 'self' 'unsafe-inline'; img-src data.serverschrank24.de widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.multisafepay.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.bing.com *.bing.net *.cloudimg.io *.contentsquare.net *.etrusted.com *.google-analytics.com *.googlesyndication.com *.googleusercontent.com *.hsforms.com *.hubspot.com *.imgix.net *.linkedin.com *.premiere.page *.trustedshops.com www.google.be www.google.de www.google.nl flagpedia.net data: 'self' 'unsafe-inline'; script-src data.serverschrank24.de googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.multisafepay.com https://pay.google.com *.hs-analytics.net *.usemessages.com *.hs-scripts.com *.bing.net *.beslist.nl *.bing.com *.cloudflare.com *.contentsquare.net *.etrusted.com *.getqonfi.com *.google-analytics.com *.googlesyndication.com *.hotjar.com *.hs-banner.com *.hscollectedforms.net *.licdn.com *.pinimg.com *.pinterest.com *.premiere.page *.tiktok.com *.trustedshops.com *.webwinkelkeur.nl *.ladesk.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src data.serverschrank24.de *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.multisafepay.com *.etrusted.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src data.serverschrank24.de 'self' 'unsafe-inline'; media-src data.serverschrank24.de 'self' 'unsafe-inline'; manifest-src data.serverschrank24.de 'self' 'unsafe-inline'; connect-src data.serverschrank24.de www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com *.beslist.nl *.bing.com *.bing.net *.contentsquare.net *.doubleclick.net *.etrusted.com *.getqonfi.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hubspot.com *.linkedin.com *.pinterest.com *.premiere.page *.tiktok.com *.trustedshops.com www.google.be www.google.nl https://*.ingest.sentry.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src data.serverschrank24.de http: https: blob: 'self' 'unsafe-inline'; default-src data.serverschrank24.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri data.serverschrank24.de 'self' 'unsafe-inline'; report-uri https://394bd828-e8ee-4169-91b3-7b587c6eb99c.sansec.watch/; report-to report-endpoint; 1
script-src 'nonce-baYa+5hte2CifVBdIy85chI9/OKNGsLc' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.onesignal.com https://cdnjs.cloudflare.com https://unpkg.com https://vjs.zencdn.net https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://vjs.zencdn.net unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io axeptio.imgix.net https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com *.facebook.com https://meetanshi.com/media/logo.png https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.axept.io *.google.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com *.googletagmanager.com *.facebook.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com www.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.axept.io client.axept.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://translate.googleapis.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-inline' 'strict-dynamic' http: https: 'nonce-gr8p0p4rd1n1'; style-src 'self' 'unsafe-inline' http: https: data:; img-src 'self' 'unsafe-inline' http: https: data:; connect-src *; font-src 'self' 'unsafe-inline' http: https: data:; media-src *; report-uri *; child-src *; form-action *; frame-ancestors 'self'; object-src 'none'; frame-src *; worker-src *; manifest-src *; prefetch-src *; base-uri 'self' 'strict-dynamic' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.jaggaer.com data: 'self' 'unsafe-inline'; form-action *.paypal.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com https://*.facebook.com t.svtrd.com *.navitor.com *.emjcd.com *.coupahost.com *.fa.ocs.oraclecloud.com *.unimarket.com *.appl.kp.org *.jaggaer.com 'self' 'unsafe-inline'; frame-ancestors statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.google.com *.jaggaer.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.us.confirmit.com cm.everesttech.net *.adobedtm.com https://*.doubleclick.net *.kaltura.com *.pinterest.com insight.adsrvr.org match.adsrvr.org *.linkedin.com *.linkedin.oribi.io https://*.facebook.com *.licdn.com p.adsymptotic.com sjs.bizographics.com s.pinimg.com t.svtrd.com *.powerapps.com https://www.google.com https://*.googlesyndication.com https://tpc.googlesyndication.com googleads.g.doubleclick.net *.jaggaer.com https://*.usercentrics.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.dotomi.com *.us.confirmit.com *.eum-appdynamics.com *.googleapis.com cm.everesttech.net *.adobedtm.com https://*.doubleclick.net *.kaltura.com px.ads.linkedin.com t.co *.pinterest.com bam.nr-data.net *.googleadservices.com *.google.com https://*.twitter.com *.linkedin.com https://*.facebook.com *.instagram.com *.thetradedesk.com *.upsellit.com *.magentocommerce.com maps.gstatic.com *.ggpht.com *.google.co.in t.svtrd.com *.emjcd.com idsync.rlcdn.com https://www.google.com https://*.printful.com https://*.googlesyndication.com *.jaggaer.com https://*.companybox.com https://alb.reddit.com https://*.usercentrics.eu https://cdn.bfldr.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://cdn.appdynamics.com https://www.fedex.com https://www.kaltura.com https://digitalfeedback.us.confirmit.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.us.confirmit.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com cm.everesttech.net *.kaltura.com *.pinterest.com * bam.nr-data.net *.newrelic.com/nr-spa-1210.min.js *.authorize.net *.googleadservices.com *.google-analytics.com js.braintreegateway.com includestest.ccdc02.com cdn.dnky.co insight.adsrvr.org match.adsrvr.org js.adsrvr.org https://*.twitter.com static.ads-twitter.com *.linkedin.com *.linkedin.oribi.io https://*.facebook.com *.instagram.com *.thetradedesk.com *.licdn.com p.adsymptotic.com sjs.bizographics.com s.pinimg.com *.upsellit.com *.emjcd.com https://www.google.com *.coupahost.com *.fa.ocs.oraclecloud.com *.unimarket.com *.appl.kp.org https://*.googlesyndication.com *.jaggaer.com https://*.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.googleapis.com *.jaggaer.com 'self' 'unsafe-inline'; object-src statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.emjcd.com *.jaggaer.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.jaggaer.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.emjcd.com *.jaggaer.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.us.confirmit.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com *.eum-appdynamics.com *.googleapis.com *.qualtrics.com *.omtrdc.net cm.everesttech.net *.adobedtm.com *.tt.omtrdc.net https://*.doubleclick.net cdn.linkedin.oribi.io *.kaltura.com px.ads.linkedin.com t.co smetrics.fedex.com *.pinterest.com *.google-analytics.com insight.adsrvr.org https://*.twitter.com *.linkedin.com https://*.facebook.com *.demdex.net analytics.tiktok.com *.emjcd.com https://www.google.com https://*.printful.com https://*.googlesyndication.com googleads.g.doubleclick.net *.jaggaer.com https://*.companybox.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://test-drive-10-s6uit34pua-uc.a.run.app https://analytics-ipv6.tiktokw.us https://*.usercentrics.eu https://mpc-prod-18-s6uit34pua-uc.a.run.app https://mpc2-prod-28-is5qnl632q-ue.a.run.app 'self' 'unsafe-inline'; child-src statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.jaggaer.com https://*.usercentrics.eu http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.us.confirmit.com *.emjcd.com *.jaggaer.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri statefarm.com statefarm-local.com *.statefarm-local.com:59443 *.sciquest.com *.tulsacc.edu *.mckesson.com *.suntrust.com *.bbt.com *.deloitte.com *.ncsu.edu *.ariba.com *.kaiser.com *.aquiire.net *.vanderbilt.edu *.wayne.edu *.contentsquare.net *.fedex.com *.appdynamics.com *.newrelic.com *.canva.com *.mczbf.com *.afcyhf.com *.anrdoezrs.net *.apmebf.com *.awltovhc.com *.dotomi.com *.dpbolvw.net *.ftjcfx.com *.jdoqocy.com *.kqzyfj.com *.lduhtrp.net *.mjbpab.com *.qksrv.net *.qksz.net *.tkqlhce.com *.tqlkg.com *.awxibrm.com *.cj.com *.cj.mplxtms.com *.commission-junction.com *.sjwoe.com *.cualbr.com *.kdukvh.com *.pkracv.com *.rnsfpw.net *.vofzpwh.com *.yceml.net *.www.cj.conversant.mgr.consensu.org *.www.p.zjptg.com *.emjcd.com *.jaggaer.com 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.oct8ne.com https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://cl.avis-verifies.com https://media.flixfacts.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com https://cl.avis-verifies.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://firebasestorage.googleapis.com *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com https://www.google.es https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://integrations.etrusted.com https://imgsct.cookiebot.com https://cl.avis-verifies.com https://media.flixcar.com https://media.flixfacts.com *.connectif.cloud *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net https://www.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.avada.io *.shopify.com *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cl.avis-verifies.com *.connectif.cloud *.hotjar.com *.freshdesk.com *.cloudfront.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://integrations.etrusted.com https://cl.avis-verifies.com https://media.flixcar.com *.freshdesk.com *.cloudfront.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com live.cdn.sequra.svea.com next-live.sequra.svea.com live.sequra.svea.com sandbox.cdn.sequra.svea.com next-sandbox.sequra.svea.com sandbox.sequra.svea.com https://consentcdn.cookiebot.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://availability.loadbee.com https://frontal-eu.oct8ne.com https://media.flixcar.com https://vc-service.saleago.com https://cl.avis-verifies.com *.connectif.cloud *.freshdesk.com *.hotjar.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.respond.io/* https://*.analytics.google.com https://static.zdassets.com https://*.cloudfront.net https://services.cognitoforms.com https://static.cognitoforms.com https://v2.zopim.com https://skroutza.skroutz.gr https://test.cleverpoint.gr https://cleverpoint.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com  https://static.addtoany.com *.pinterest.com https://analytics.skroutz.gr https://360.bestprice.gr https://*.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app  https://collection.e-satisfaction.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://collection.e-satisfaction.com https://optimize.google.com;        object-src 'self';        img-src 'self' data: https://www.playcity.gr https://*.ytimg.com https://playcity.test.devlh.com https://playcity.staginglh.com https://img.youtube.com https://scontent-sof1-2.cdninstagram.com https://www.glami.gr  https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr https://collection.e-satisfaction.com *.pinterest.com https://www.gstatic.com;        font-src 'self' data: https://fonts.gstatic.com;        connect-src 'self' https://ekr.zdassets.com https://www.youtube.com https://www.bestprice.gr https://static.addtoany.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app https://cdn.e-satisfaction.com https://collection.e-satisfaction.com  https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net;        frame-src *;        media-src 'self' 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-src 'self' https:; connect-src 'self' https: wss:; media-src 'self' https:; object-src 'self'; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr https://www.gstatic.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://www.youtube.com https://form.typeform.com platform.twitter.com syndication.twitter.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr www.google.fr *.google.fr syndication.twitter.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill-fastly.io https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com colissimo.fr *.colissimo.fr cloudflare.com *.cloudflare.com data.maisonfl.fr *.jajuma.de platform.twitter.com https://euc-widget.freshworks.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com https://euc-widget.freshworks.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.stripe.network *.stripecdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com ctifl.test ctifl.fr *.ctifl.fr https://euc-widget.freshworks.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://nominatim.openstreetmap.org colissimo.fr *.colissimo.fr maps.googleapis.com *.google-analytics.com *.doubleclick.net data.maisonfl.fr *.jajuma.de https://euc-widget.freshworks.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://data.maisonfl.fr 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; 1
object-src 'none';base-uri 'self';script-src 'nonce-jkbxyuHcB8dadtHQNGjghg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7GwkXxTa3Qpk0WGK-DVcDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net js.braintreegateway.com *.paypal.com *.google.com *.googletagmanager.com  *.google-analytics.com *.cdn-apple.com *.addthis.com *.azureedge.net *.doubleclick.net; img-src 'self' 'unsafe-inline' data: *.typekit.net *.google.com *.paypalobjects.com *.google-analytics.com *.gstatic.com *.googletagmanager.com; frame-src 'self' *.braintreegateway.com *.paypal.com *.google.com *.doubleclick.net *.googletagmanager.com *.addthis.com; connect-src 'self' *.braintree-api.com *.paypal.com *.google.com google.com *.google-analytics.com *.braintreegateway.com; report-uri /report-csp-violation 1
default-src 'self' data: m.frankia.com *.googleapis.com *.gstatic.com; script-src 'self' 'nonce-ICYHYPCNIGeCa6rmVAlaHums6e_SbswJx1IBQVzP1bTzcttt64-U_Q' data: m.frankia.com *.googleapis.com unpkg.com www.youtube-nocookie.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com m.frankia.com *.googleapis.com *.gstatic.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com data: m.frankia.com *.googleapis.com *.issuu.com www.youtube-nocookie.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com 'report-sample'; object-src 'self' *.usercentrics.eu; script-src-elem 'self' 'nonce-ICYHYPCNIGeCa6rmVAlaHums6e_SbswJx1IBQVzP1bTzcttt64-U_Q' 'unsafe-inline' m.frankia.com *.googleapis.com unpkg.com *.usercentrics.eu 'report-sample'; connect-src 'self' data: m.frankia.com *.googleapis.com; style-src 'self' data: m.frankia.com *.googleapis.com 'report-sample'; report-uri https://www.frankia.com/@http-reporting?csp=report&requestTime=1773711886678679&requestHash=2d89335cd3806e2def7955c9a6982fbcd1cda74f 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.tiktok.com *.cleverreach.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.iwv-plugins.de js.mollie.com *.trustpilot.com *.hotjar.com *.twitter.com 'self' 'unsafe-inline'; img-src 'self' data: *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.cloudfront.net magefan.com cm.magefan.com https://www.mollie.com https://api.mapbox.com www.gartenwelt.de *.cloudflare.com *.linkedin.com *.adsymptotic.com *.google.nl https://widgets.trustedshops.com https://integrations.etrusted.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com js.mollie.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com https://widgets.trustedshops.com https://integrations.etrusted.com *.twimg.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com autocomplete2.postdirekt.de *.cloudflare.com *.pingdom.net *.hotjar.com *.usercentrics.eu *.demdex.net *.trustedshops.com *.etrusted.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://analytics.google.com https://*.usercentrics.eu https://vimeo.com https://*.vimeocdn.com https://*.youtube.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com js.mollie.com https://app.storyblok.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://*.googleapis.com *.cloudfront.net https://app.usercentrics.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com https://*.vimeocdn.com https://www.mollie.com https://api.mapbox.com *.storyblok.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com https://googleads.g.doubleclick.net https://analytics.google.com https://*.usercentrics.eu https://*.youtube.com https://vimeo.com https://*.googleapis.com *.googletagmanager.com tagmanager.google.com https://*.storyblok.com js.mollie.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.storyblok.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://*.googleapis.com https://*.usercentrics.eu https://www.googleadservices.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com autocomplete2.postdirekt.de *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-U7d3me7pjMGynLIsCjcf_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lHsRh_V9aoDevUmzA5K7ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com bam.nr-data.net; font-src 'self' fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ *.ak.facebook.com www.facebook.com https://web.facebook.com staticxx.facebook.com https://*.twitter.com https://googleads.g.doubleclick.net/ disqus.com https://sportdeutschland.tv/ https://player.sportdeutschland.tv/ https://www.youtube-nocookie.com/; img-src 'self' data: https://ssl.gstatic.com csi.gstatic.com maps.gstatic.com maps.googleapis.com googleapis.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com https://syndication.twitter.com https://*.twimg.com platform.twitter.com https://www.facebook.com https://web.facebook.com referrer.disqus.com *.disquscdn.com; object-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com connect.facebook.net platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-agent.newrelic.com *.nr-data.net *.googlesyndication.com maps.googleapis.com googleapis.com ish-deutschland-dev.disqus.com ish-deutschland.disqus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com fonts.googleapis.com *.disquscdn.com; report-uri /csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://cdnjs.cloudflare.com     https://cdn.jsdelivr.net     https://cdn.cookielaw.org     https://fonts.googleapis.com     https://www.googletagmanager.com     https://www.google-analytics.com     https://js.hs-scripts.com     https://js.hs-analytics.net     https://js.hs-banner.com     https://js.hscollectedforms.net     https://js.hubspot.com     https://js.hsforms.net     https://forms.hsforms.com     https://static.cloudflareinsights.com     https://www.youtube.com     https://fs8.formsite.com     https://www.onlinebanktours.com; style-src 'self' 'unsafe-inline'     https://cdnjs.cloudflare.com     https://cdn.jsdelivr.net     https://fonts.googleapis.com     https://www.onlinebanktours.com; img-src 'self' data: https:; font-src 'self' data:     https://cdnjs.cloudflare.com     https://fonts.gstatic.com; connect-src 'self'     https://cdnjs.cloudflare.com     https://cdn.jsdelivr.net     https://cdn.cookielaw.org     https://fonts.googleapis.com     https://www.google-analytics.com     https://analytics.google.com     https://www.googletagmanager.com     https://js.hs-scripts.com     https://js.hs-analytics.net     https://js.hs-banner.com     https://js.hscollectedforms.net     https://js.hubspot.com     https://js.hsforms.net     https://forms.hsforms.com     https://cta-service-cms2.hubspot.com     https://geolocation.onetrust.com     https://privacyportal-eu.onetrust.com     https://static.cloudflareinsights.com     https://locationapi.wave2.io     https://feed-proxy.craftcms.com     https://www.youtube.com     https://fs8.formsite.com     https://www.onlinebanktours.com; frame-src 'self'     https://boards.greenhouse.io     https://www.youtube.com     https://fs8.formsite.com     https://beneficiallocator.wave2.io     https://forms.hsforms.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'     https://online.beneficialstatebank.com; report-uri /csp-report.php 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net cash-f.squarecdn.com https://client.crisp.chat https://plugin-magento-ui.glopalservice.com https://applepay.cdn-apple.com *.fontawesome.com https://fonts.bunny.net *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com applepay.cdn-apple.com www.promessedefleurs.ie data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com p.monetico-services.com www.promessedefleurs.ie 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.ie 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ * ct.pinterest.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com api-qa.payplug.com secure-qa.payplug.com www.promessedefleurs.ie 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io * https://images.unsplash.com https://image.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost cl.avis-verifies.com ct.pinterest.com bat.bing.com www.google.com.vn https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat cl.avis-verifies.com bat.bing.com s.pinimg.com https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com cdn-renderer.glopalstore.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com https://cdn.payplug.com https://cdn-qa.payplug.com https://unpkg.com/pwacompat *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.promessedefleurs.ie 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://client.crisp.chat https://cdn-redirector.glopal.com https://plugin-magento-ui.glopalservice.com https://secure-magenta.dalenys.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com www.promessedefleurs.ie 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.ie 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io * https://maps.googleapis.com https://player.vimeo.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.jardindupicvert.com.localhost *.promessedefleurs.com *.promessedefleurs.com.localhost ct.pinterest.com https://api-plugin-facade.glopalservice.com https://cognito-idp.eu-west-1.amazonaws.com api.glopaltranslator.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org *.arcgis.com *.doubleclick.net www.promessedefleurs.ie 'self' 'unsafe-inline'; child-src www.promessedefleurs.ie http: https: blob: 'self' 'unsafe-inline'; default-src cl.avis-verifies.com www.promessedefleurs.ie 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.achterafbetalen.abnamro.nl *.sandbox.achterafbetalen.abnamro.nl *.demo.achterafbetalen.abnamro.nl *.staging.achterafbetalen.abnamro.nl *.release.achterafbetalen.abnamro.nl *.experimental.achterafbetalen.abnamro.nl *.perf.achterafbetalen.abnamro.nl *.cyber.achterafbetalen.abnamro.nl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.curopayments.net assets.myparcel.nl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.chatwize.ai *.doubleclick.net *.google.ca *.run.app *.bestel-verf.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com cdnjs.cloudflare.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.chatwize.ai *.gpt-trainer.com *.convertexperiments.com *.bestel-verf.nl *.hotjar.com *.facebook.net *.leadinfo.net *.app-us1.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.achterafbetalen.abnamro.nl *.sandbox.achterafbetalen.abnamro.nl *.demo.achterafbetalen.abnamro.nl *.staging.achterafbetalen.abnamro.nl *.release.achterafbetalen.abnamro.nl *.experimental.achterafbetalen.abnamro.nl *.perf.achterafbetalen.abnamro.nl *.cyber.achterafbetalen.abnamro.nl api.myparcel.nl cdn.jsdelivr.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com *.gpt-trainer.com *.chatwize.ai 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.achterafbetalen.abnamro.nl *.sandbox.achterafbetalen.abnamro.nl *.demo.achterafbetalen.abnamro.nl *.staging.achterafbetalen.abnamro.nl *.release.achterafbetalen.abnamro.nl *.experimental.achterafbetalen.abnamro.nl *.perf.achterafbetalen.abnamro.nl *.cyber.achterafbetalen.abnamro.nl 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.ca ; font-src 'self' https: data: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://maps.googleapis.com https://maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://www.google.nl https://imgsct.cookiebot.com *.adobedtm.com https://www.glasdiscount.nl *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.dhlecommerce.nl https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com player.vimeo.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://use.fontawesome.com *.adobedtm.com https://assets.adobedtm.com https://www.googleadservices.com https://www.google-analytics.com https://dashboard.webwinkelkeur.nl https://*.webwinkelkeur.nl *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com downloads.mailchimp.com https://use.fontawesome.com https://www.glasdiscount.nl https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.multisafepay.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com *.tiktok.com https://www.sandbox.paypal.com https://www.paypal.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl https://maps.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://www.postcode-checkout.nl https://consent.cookiebot.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.asgmax.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.asgmax.com join.gammasecure.com; script-src 'self' *.asgmax.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.asgmax.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
object-src 'none';base-uri 'self';script-src 'nonce-yZzbGqem6n3vrpcqRvJkiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-NWMwOGNjMGQtNmQwNy00MmJjLWE0YTMtYWI0MWY5NGZhODcx' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IYe4OeDUsvzwBJTfxv4W3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://telegram.org https://js-de.sentry-cdn.com https://browser.sentry-cdn.com https://js.hcaptcha.com; object-src 'none'; form-action 'self'; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YCl5BJpVf1TLyy0jT1i3vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.google.com/ js.mollie.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.ad-srv.net www.usemaxserver.de *.redintelligence.net www.pinterest.com www.pinterest.de www.facebook.com *.googletagmanager.com ad4m.at *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com flagpedia.net https://www.mollie.com bat.bing.com bat.bing.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com maps.gstatic.com *.gstatic.com *.cdninstagram.com *.fbcdn.net www.google.de *.facebook.com *.pinterest.com www.usemaxserver.de *.awin1.com *.googleadservices.com *.doubleclick.net widgets.trustedshops.com as.ad4m.at ad11.adfarm1.adition.com imagesrv.adition.com adservice.google.com lantern.roeye.com ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com a.twiago.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.shopify.com *.google.com/ *.gstatic.com maps.googleapis.com js.mollie.com bat.bing.com ajax.googleapis.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://freegeoip.app https://www.googletagmanager.com tagmanager.google.com *.instagram.com analytics.gourvita.com www.gstatic.com *.ratepay.com www.dwin1.com www.usemaxserver.de *.ad-srv.net *.doubleclick.net connect.facebook.net *.pinimg.com widgets.trustedshops.com *.googletagmanager.com lantern.roeyecdn.com ad4m.at 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com bat.bing.com bat.bing.net payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://freegeoip.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com analytics.gourvita.com *.ratepay.com *.pinterest.com *.google.com *.merchant-center-analytics.goog *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Hx6b_eumFq0xtih7m4x_0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; connect-src 'self' blob: https://www.z24.de https://analytics.z24.de https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://*.clarity.ms; frame-src https://www.youtube-nocookie.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://td.doubleclick.net; frame-ancestors 'none'; font-src 'self'; form-action 'none'; img-src 'self' data: https:; manifest-src 'self'; script-src 'report-sample' 'strict-dynamic' 'nonce-0e1e22b0-f1ea-41e9-98a0-48e673e820f6'; script-src-elem 'report-sample' 'strict-dynamic' 'nonce-0e1e22b0-f1ea-41e9-98a0-48e673e820f6'; script-src-attr 'report-sample' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; report-uri /security-report; report-to default 1
font-src cash-f.squarecdn.com https://cdn.riverty.design/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * uc8.tv *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * uc8.tv https://documents.riverty.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.addthis.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.klarnaservices.com *.hotjar.com *.googlesyndication.com *.doubleclick.net *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://cdn.clerk.io imgsct.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com *.facebook.com https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.cloudflare.com *.clerk.io *.slimminglabs.com *.klarnaservices.com *.bralex.nl *.doubleclick.net *.bing.com *.hotjar.com *.google.com *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.co.uk *.google.ie *.google.it *.google.nl *.google.no *.google.pl *.google.pt *.google.se *.google.ad *.google.cz *.google.gr *.google.hr *.google.sk *.google.com.tr *.google.be *.google.com.co *.google.hu *.google.lu *.google.at *.google.si *.google.ro *.cookiebot.com *.billink.nl *.gyazo.com whm.asip.cloud paywithmybank.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ https://maps.googleapis.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.clerk.io https://cdn.clerk.io consent.cookiebot.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.googletagmanager.com *.facebook.net js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com *.clerk.io *.bralex.nl *.doubleclick.net *.bing.com *.googleoptimize.com *.hotjar.com *.fontawesome.com *.newrelic.com *.cookiebot.com *.mida.so whm.asip.cloud *.profitmetrics.io *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com https://static.klaviyo.com *.klarnacdn.net https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.klarnauserservices.com *.doubleclick.net *.hotjar.io *.hotjar.com wss://*.hotjar.com *.bing.com *.bing.net *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.co.uk *.google.ie *.google.it *.google.nl *.google.no *.google.pl *.google.pt *.google.se *.google.ad *.google.cz *.google.gr *.google.hr *.google.sk *.google.com.tr *.google.be *.google.com.co *.google.hu *.google.lu *.google.at *.google.si *.google.ro *.googlesyndication.com *.nr-data.net *.mida.so *.cookiebot.com whm.asip.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.slimminglabs.com/; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com *.typekit.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com https://cdn.clerk.io *.ducksuite.com *.cdninstagram.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.sizebay.technology cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com https://api.clerk.io https://cdn.clerk.io *.ducksuite.com *.jsdelivr.net polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com applepay.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com https://api.clerk.io https://cdn.clerk.io *.ducksuite.com *.typekit.net downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com applepay.cdn-apple.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.ducksuite.com *.cdninstagram.com *.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com cdn.remainbirgerchristensen.com cdn.rotatebirgerchristensen.com *.ducksuite.com *.keen.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: blob: https://*.plaid.com https://*.withpersona.com; img-src 'self' data: https://wisetack-hub-public.s3-us-west-2.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.co.il https://*.userflow.com https://storage.googleapis.com/studio1-prod-blob https://*.amplitude.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.plaid.com https://*.withpersona.com https://scripts.neuro-id.com https://*.iovation.com https://mozilla.github.io/pdf.js https://cdnjs.cloudflare.com https://www.google-analytics.com https://connect.facebook.net/ https://*.cybersource.com https://*.userflow.com https://cdn.amplitude.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.userflow.com https://*.amplitude.com/; font-src 'self' data: moz-extension: https://fonts.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://api.wisetack.us/ https://*.amplitude.com https://*.plaid.com https://*.withpersona.com https://www.google-analytics.com https://stats.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.api.smartystreets.com/ https://*.amazonaws.com https://*.amazoncognito.com/ https://receiver.neuroid.cloud/ https://logs.neuro-id.com/ https://*.browser-intake-datadoghq.com/ https://*.userflow.com wss://e.userflow.com; frame-src 'self' https://*.plaid.com https://*.withpersona.com https://*.cybersource.com; object-src 'self' https://*.iovation.com; manifest-src 'self'; media-src 'self' data: blob: https://*.userflow.com https://storage.googleapis.com/studio1-prod-blob https://*.amplitude.com/; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-nn3wfo5UqyEEhE7E5IILjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rFJ8XOId5r0vJLENecdTBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com *.reamaze.com yotpo-stool.s3.amazonaws.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com vault.subscribepro.com *.rfihub.com *.facebook.com live.rezync.com hallsandbox-reservations.vintegrate.com hall-reservations.vintegrate.com kazzit.com player.cnbc.com player.ooyala.com *.paperturn-view.com amc.demdex.net *.eventbee.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.dycdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.waltwines.com *.hallwines.com *.bacawines.com *.michelfochwines.com cdn.reamaze.com reamaze-prod.s3.amazonaws.com i1.wp.com data.coremetrics.com tools.luckyorange.com *.pages05.net *.bing.com *.bing.net t.co analytics.twitter.com *.clarity.ms *.facebook.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org shareasale-analytics.com shareasale.com secure.gravatar.com *.cloudfront.net *.monetate.net px.adentifi.com *.ads.linkedin.com *.linkedin.com linkedin.com forms.hsforms.com track.hubspot.com *.hubspotusercontent-na1.net *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://rum.hlx.page https://cdn.commerce7.com https://cdn.commerce7.com/v2/manifest.d29b1967fa6a16696049.js.gz https://cdn.commerce7.com/v2/vendor.84cd85564b7f2f406b66.js.gz https://cdn.commerce7.com/v2/bundle.8cf96308b65ac6590a85.js.gz *.dycdn.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net d81mfvml8p5ml.cloudfront.net *.freshrelevance.com *.dotdigital.com *.subscribepro.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.elfsight.com *.elfsightcdn.com hall-wines.s3.us-west-1.amazonaws.com tools.luckyorange.com *.pages05.net *.yottaa.com/ *.nagich.com *.reamaze.com *.rfihub.net *.serving-sys.com *.cloudfront.net *.cloudflare.com bat.bing.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.clarity.ms commercelibs.ibm.com *.brilliantcollector.com static.ads-twitter.com *.googleapis.com hall-reservations-frame.vintegrate.com *.steelhousemedia.com *.paperturn-view.com player.ooyala.com embed.typeform.com bam.nr-data.net *.monetate.net *.dwin1.com *.eventbee.com js.hsadspixel.net snap.licdn.com shareasale-analytics.com js.hubspot.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net *.useinsider.com *.commerce7.com player.vimeo.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.clickcease.com tags.srv.stackadapt.com qvdt3feo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com *.hsforms.net *.hsforms.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.dycdn.net *.subscribepro.com cloud.typography.com tools.luckyorange.com hello.myfonts.net *.nagich.com *.typekit.net cdn.reamaze.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com embed.typeform.com tags.srv.stackadapt.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.reamaze.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://api.commerce7.com https://portal.claritysystemsinc.com *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com wss://*.dycdn.net dn1i8v75r669j.cloudfront.net *.dotdigital.com *.subscribepro.com www.facebook.com facebook.com graph.facebook.com business.facebook.com cta-service-cms2.hubspot.com *.elfsight.com *.luckyorange.com wss://*.luckyorange.com *.nagich.com *.yottaa.net cdn.reamaze.com *.reamaze.io wss://ws.reamaze.com hallwines.reamaze.io *.serving-sys.com am.freshrelevance.com/ wss://am.freshrelevance.com/ wss://in.visitors.live in.visitors.live *.brilliantcollector.com *.clarity.ms *.bing.com *.bing.net analytics.google.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.cloudfront.net *.doubleclick.net bam.nr-data.net cdn.linkedin.oribi.io *.facebook.com forms.hubspot.com forms.hscollectedforms.net *.useinsider.com *.commerce7.com api.hubapi.com px.ads.linkedin.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.claritysystemsinc.com tags.srv.stackadapt.com *.waltwines.com *.hallwines.com *.bacawines.com *.michelfochwines.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src cdn.cookie-script.com 'self'; script-src cdn.cookie-script.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com *.twitter.com *.twimg.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'unsafe-eval' 'self' 'unsafe-inline'; style-src cdnjs.cloudflare.com fonts.googleapis.com 'self' 'unsafe-inline' ; font-src data: cdnjs.cloudflare.com fonts.gstatic.com 'self'; frame-src www.youtube.com *.twitter.com *.googletagmanager.com 'self'; img-src data: *.twimg.com *.twitter.com *.google-analytics.com *.googletagmanager.com www.gstatic.com *.hsforms.com *.hubspot.com 'self'; style-src-elem cdnjs.cloudflare.com hello.myfonts.net *.twitter.com *.twimg.com 'self' 'unsafe-inline'; connect-src https://*.algolia.net https://*.algolianet.com https://*.algolia.io consent.cookie-script.com *.google-analytics.com *.hubspot.com *.hubapi.com *.hscollectedforms.net 'self'; script-src-elem cdn.cookie-script.com *.googletagmanager.com cdnjs.cloudflare.com *.google-analytics.com *.twimg.com *.twitter.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'self' 'unsafe-inline'; report-uri https://dcvc.report-uri.com/r/d/csp/reportOnly 1
frame-src *.force.com https://player.vimeo.com 'self' https://stats.g.doubleclick.net https://use.typekit.net *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://p.typekit.net https://checkoutshopper-test.adyen.com/ https://www.facebook.com https://pal-test.adyen.com *.cybersource.com *.youtube.es https://www.iubenda.com https://tagassistant.google.com *.adis.ws https://www.gstatic.com https://online.flippingbook.com https://fotlinc.file.force.com https://cdn.linkedin.oribi.io *.youtube.ie https://www.youtube.com https://hits-i.iubenda.com *.cloudinary.com https://www.google.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video *.clarity.ms https://usa748.sfdc-8tgtt5.salesforce.com *.youtube.fr https://*.a.forceusercontent.com https://player.cloudinary.com fotlinc.my.site.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com https://ssl.gstatic.com https://cdn.iubenda.com *.iubenda.com *.youtube.nl https://consent.iubenda.com https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com https://cdn.fruitactivewear.com *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com *.youtube.com.br *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net *.youtube.ca https://location.force.com *.vidyard.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://cdn.fruitoftheloom.eu https://px.ads.linkedin.com https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://issuu.com *.youtube.pl https://ftlstaticweb.blob.core.windows.net; report-to sfdc-csp-ep; report-uri https://fotlinc.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DC00000016kTb&networkId=0DM3b000000XaQa&type=communities 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.vivapayments.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ https://www.youtube.com js.mollie.com *.trustpilot.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com s.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com magefan.com cm.magefan.com https://www.magezon.com flagpedia.net https://www.mollie.com https://redchamps.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.sandbox.paypal.com t.paypal.com *.vivapayments.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com aia.gomage.com s7.addthis.com *.avada.com *.google.com/ *.gstatic.com maps.googleapis.com js.mollie.com *.trustpilot.com *.cardinalcommerce.com *.paypal.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com *.cloud-brains.net *.analytics-manager.com *.doubleclick.net *.cdninstagram.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital.com *.addthis.com yotpo.com chimpstatic.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com aia.gomage.com ekr.zdassets.com/ https://get.geojs.io *.avada.com www.gstatic.com maps.googleapis.com *.trustpilot.com https://widget.trustpilot.com https://graph.instagram.com assets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com *.cardinalcommerce.com includestest.ccdc02.com *.paypal.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com *.cloud-brains.net *.analytics-manager.com *.doubleclick.net *.cdninstagram.com *.instagram.com vimeo.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.vivapayments.com *.dotdigital.com cdn.dnky.co *.addthis.com yotpo.com chimpstatic.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Vifi7fSUGAa2urw3vlEasQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; ... 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.saschina.org *.fontawesome.com  *.googleapis.com *.googletagmanager.com *.plyr.io unpkg.com fonts.gstatic.com youtube.com *.google-analytics.com *.cloudflare.com www.youtube.com snap.licdn.com static.ads-twitter.com px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com noembed.com *.saschina.org data: *.jsdelivr.net *.facebook.net *.saschina.org *.polyv.net flbook.com.cn live-hls.snsports.cn *.cloudvdn.com pili-live-rtmp.banmabang.cn *.videocc.net; img-src data: blob: 'self' *.saschina.org *.docksal.site *.jsdelivr.net *.tugboatqa.com i.ytimg.com www.facebook.com player.polyv.net *.videocc.net; frame-src 'self' www.saschina.org *.saschina.org flbook.com.cn blob: *.saschina.org; child-src 'self' www.saschina.org *.saschina.org flbook.com.cn blob: *.saschina.org; report-uri /report-csp-violation 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.klarna.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com.ua https://www.googleadservices.com https://bat.bing.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cc-cdn.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widget.reviews.co.uk https://porjs.com https://cdn-cookieyes.com https://log.cookieyes.com https://www.google.com.ua newrelic.com nr-data.net https://bat.bing.com https://www.clarity.ms https://static.addtoany.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com www.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://k.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com *.amazon.com *.google-analytics.com *.doubleclick.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.klarnacdn.net https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.klarna.com *.google.com/ js.mollie.com *.googletagmanager.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://api.mapbox.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com *.google.de *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.doofinder.com *.chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.google.com/ js.mollie.com *.magento.com *.shoplytics.de *.dagmarfischermode.de *.googleadservices.com *.googletagmanager.com *.adobedtm.com *.pinimg.com *.clarity.ms *.pinterest.com https://freegeoip.app ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.fontawesome.com *.klarnacdn.net https://static.klaviyo.com https://fonts.bunny.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doofinder.com wss://*.doofinder.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.developer.adobe.com *.google.com *.doubleclick.net *.pinterest.com *.dagmarfischermode.de *.clarity.ms autocomplete2.postdirekt.de https://freegeoip.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/publicpolicy_google 1
font-src maxcdn.bootstrapcdn.com magazin.lalalo.de 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.lalalo.de magazin.lalalo.de 'self' 'unsafe-inline'; frame-ancestors magazin.lalalo.de 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.doubleclick.net *.lalalo.de *.cookiebot.com js.mollie.com *.weltpixel.com magazin.lalalo.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.klarna.com *.mollie.com *.google.de *.paypal.com *.usercentrics.eu *.facebook.com *.googletagmanager.com *.lalalo.de *.bing.com *.clarity.ms *.adroll.com *.cookiebot.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.analytics.yahoo.com *.3lift.com *.adnxs.com *.taboola.com https://www.mollie.com https://api.mapbox.com maps.gstatic.com *.google.com *.google.fr *.google.ie magazin.lalalo.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google-analytics.com *.usercentrics.eu *.lalalo.de *.clarity.ms *.bing.com *.cookiebot.com *.adroll.com js.mollie.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net magazin.lalalo.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.usercentrics.eu *.lalalo.de www.gstatic.com maxcdn.bootstrapcdn.com magazin.lalalo.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com magazin.lalalo.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.paypal.com *.googleapis.com *.google.com google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.amazon.com *.lalalo.de *.clarity.ms *.cookiebot.com *.adroll.com cdn.ampproject.org magazin.lalalo.de 'self' 'unsafe-inline'; child-src magazin.lalalo.de http: https: blob: 'self' 'unsafe-inline'; default-src magazin.lalalo.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.fontawesome.com *.acsbapp.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.acsbapp.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qDl4fQ56-_19FxKXa24Q1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LkPqEXHyGA_Oy33DM6ZTLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x2kvXlzSPAVxtxI2g1tcLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-len3DCSk1VriNGzRiw8GzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://static.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.facebook.com/tr/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://asistenciawebv2.grupokonecta.co https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://asistenciawebv2.grupokonecta.co https://bucket-poa-images-prod.s3.amazonaws.com https://static.hotjar.com https://alpina.com https://mcprod.alpina.com https://patleeman.github.io http://patricklee.nyc https://www.google.com.co https://www.pages02.net https://poa-images.cognitivegrupokonectacloud.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://developer.adobe.com https://magento.com https://asistenciawebv2.grupokonecta.co https://poa.cognitivegrupokonectacloud.com:7072/assets/Bridge.js https://code.jquery.com/ https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbChatAlpina/js/iframe-poa.js https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbClickToCallAlpina/js/iframe-poa.js https://static.hotjar.com https://js-agent.newrelic.com https://www.sc.pages02.net https://asistenciawebv2.grupokonecta.co:8443/EbChatAlpina/js/iframe-poa.min.js https://connect.facebook.net https://static.ads-twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.hotjar.com https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbChatAlpina/css/iframe-poa.css https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbClickToCallAlpina/css/iframe-poa.css https://asistenciawebv2.grupokonecta.co https://asistenciawebv2.grupokonecta.co:8443/EbChatAlpina/css/iframe-poa.min.css https://asistenciawebv2.grupokonecta.co:8443/EbClickToCallAlpina/css/iframe-poa.min.css assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://developer.adobe.com http://stats.g.doubleclick.net http://www.google-analytics.com/ https://poa.cognitivegrupokonectacloud.com:7072 https://json.geoiplookup.io https://static.hotjar.com https://api.ipify.org https://bam.nr-data.net https://edge.adobedc.net https://pdp-service.retargetly.com https://analytics.google.com wss://ws.hotjar.com https://analytics.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://static.hotjar.com https://static.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-eval'; report-uri https://rycor.report-uri.com/r/t/csp/wizard; connect-src 'self' www.google.com translate.googleapis.com; form-action 'self'; img-src 'self' fonts.gstatic.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' use.fontawesome.com www.gstatic.com code.jquery.com; frame-src pay.rycor.net www.google.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' www.google.com translate-pa.googleapis.com translate.google.com translate.googleapis.com www.gstatic.com 'self'; style-src-attr 'unsafe-inline'; font-src fonts.gstatic.com use.fontawesome.com 1
object-src 'none';base-uri 'self';script-src 'nonce-vOKpbsJxSos5F_elgoFSSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://plausible.io https://*.googletagmanager.com https://cdn.segment.com https://js-eu1.hs-scripts.com https://challenges.cloudflare.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.hsadspixel.net https://js-eu1.hs-banner.com https://*.hotjar.com https://*.clarity.ms https://static.reo.dev https://t.reo.dev https://app.cal.com https://js.storylane.io https://buttons.github.io https://s3-us-west-2.amazonaws.com https://assets.apollo.io https://cdn.ap3c.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://assets.zenml.io https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.clarity.ms https://*.hsforms.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://plausible.io https://*.google-analytics.com https://*.analytics.google.com https://cdn.segment.com https://api.segment.io https://*.hotjar.com https://*.hotjar.io https://*.clarity.ms https://js-eu1.hs-analytics.net https://t.reo.dev https://api.github.com https://capture-api-eu.ortto.app https://63e37fdf.sibforms.com; frame-src https://app.cal.com https://js.storylane.io https://zenml.storylane.io https://challenges.cloudflare.com; worker-src 'self' blob:; report-uri /api/csp-report 1
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com maps.googleapis.com dev.visualwebsiteoptimizer.com www.google.nl pagead2.googlesyndication.com *.tawk.to vc.hotjar.io freeipapi.com api.gostellar.app wss://*.tawk.to www.google.com.bd www.google.be www.google.es www.google.com.pk www.google.hr www.google.pl metrics.hotjar.io stats.g.doubleclick.net www.google.ch www.google.pt www.google.fr www.bedrukken.nl www.logomokken.nl www.stravers.nl www.logomutsen.nl www.logonotitieboekjes.nl www.shirtsbedrukken.nl usb.bedrukken.nl usb.stravers.nl 'self' 'unsafe-inline'; report-uri https://www.bedrukken.nl/csp_report_watch; child-src www.bedrukken.nl www.logomokken.nl www.stravers.nl www.logomutsen.nl www.logonotitieboekjes.nl www.shirtsbedrukken.nl usb.bedrukken.nl usb.stravers.nl http: https: blob: 'self' 'unsafe-inline'; base-uri www.bedrukken.nl www.logomokken.nl www.stravers.nl www.logomutsen.nl www.logonotitieboekjes.nl www.shirtsbedrukken.nl usb.bedrukken.nl usb.stravers.nl 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://agropur.ddev.site https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://js.zi-scripts.com https://dokumfe7mps0i.cloudfront.net https://builder.lift.acquia.com https://players.brightcove.net https://vjs.zencdn.net https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://acsbapp.com https://snap.licdn.com https://www.clarity.ms https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' https://agropur.ddev.site blob:; frame-ancestors 'self' 1
font-src https://v2.zopim.com https://sslzone-brianstoys.netdna-ssl.com data: http://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://sslzone-brianstoys.netdna-ssl.com https://v2assets.zopim.io https://static.zdassets.com https://v2.zopim.com https://stats.g.doubleclick.net https://www.google.com https://bat.bing.com https://quote.brianstoys.com https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://v2.zopim.com https://static.zdassets.com https://bat.bing.com https://connect.facebook.net https://quote.brianstoys.com https://www.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com http://fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://ekr.zdassets.com wss://*.zopim.com https://brianstoys.zendesk.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.recaptcha.net https://www.google.com/ *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.affirm.com *.affirm.ca 'self' https://allergypreventionteam.wufoo.com/ https://www.youtube-nocookie.com/ *.recaptcha.net https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com *.googletagmanager.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca https://bat.bing.com/ https://www.google.co.in/ http://seal-atlanta.bbb.org/logo/sehzbus/national-allergy-3000836.png https://medals.bizrate.com/medals/dynamic/71068_medal.gif https://medals.bizrate.com/medals/summary/71068_medal_summary.gif https://verify.authorize.net/anetseal/images/secure90x72.gif https://d3k81ch9hvuctc.cloudfront.net/ https://secure.adnxs.com/ https://match.adsrvr.org/ https://b1img.com/ https://insight.adsrvr.org/ https://load77.exelator.com/pixel.gif https://pixel.tapad.com/ https://loadm.exelator.com/ https://dmp.truoptik.com/ https://su.addthis.com/ https://dsum-sec.casalemedia.com/ https://secure.insightexpressai.com/ https://idpix.media6degrees.com/ https://x.bidswitch.net/ https://ads.scorecardresearch.com/ https://tags.rd.linksynergy.com/ https://i.liadm.com/ https://odr.mookie1.com/ https://mid.rkdms.com/ https://usermatch.krxd.net/ https://simage2.pubmatic.com/ https://match.sync.ad.cpe.dotomi.com/ https://ml314.com/ https://eb2.3lift.com/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://uipglob.semasio.net/ https://track2.securedvisit.com/ https://www.natlallergy.com https://www.allergyguarddirect.com/ https://www.google.co.in/ads https://*.online-metrix.net https://srv.stackadapt.com/ https://cw.addthis.com/ https://aa.agkn.com/ https://i6.liadm.com/ https://io.narrative.io/ validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com guarantee-cdn.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca https://seal.geotrust.com/ https://widget.trustpilot.com/ https://bat.bing.com/ https://sealserver.trustkeeper.net/compliance/seal_js.php https://h64.online-metrix.net/ https://medals.bizrate.com/medals/js/71068_medal.js https://www.wufoo.com/scripts/embed/form.js https://static.wufoo.com/scripts/embed/form.js https://js.b1js.com/tagcontainer.js https://tags.b1js.com/tags/1980582b3edf42e49663fce67ee51785.js https://b1img.com/ https://static.cloudflareinsights.com/ https://static-tracking.klaviyo.com https://www.natlallergy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com guarantee-cdn.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://www.natlallergy.com/ https://static-tracking.klaviyo.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.tagmanager.google.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src https://www.youtube.com/ 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com *.affirm.com *.affirm.ca https://bat.bing.com/ https://stats.g.doubleclick.net https://www.natlallergy.com https://www.googleadservices.com/ http://localhost:12387/ https://analytics.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.fr https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://info.dibs.se https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://*.dibspayment.eu *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://*.dibspayment.eu *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://*.dibspayment.eu https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9TQz8MshSvyO5fsn7S8r2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.legiscomex.com www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net  *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net https://cdn.dxpr.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline'  https://www.legiscomex.com use.fontawesome.com lablegis.azurewebsites.net legislab.legis.com.co www.googletagmanager.com www.google.com code.jquery.com  static.addtoany.com  pautas.legis.com.co prepautas.legis.com.co  js-agent.newrelic.com lablegis.azurewebsites.net js-agent.newrelic.com  use.fontawesome.com www.gstatic.com www.google-analytics.com static.hotjar.com cdn.mouseflow.com snap.licdn.com js.hs-scripts.com connect.facebook.net legislab.legis.com.co www.googleadservices.com crested-timer-310514-default-rtdb.firebaseio.com script.hotjar.com js.hsleadflows.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com platform.twitter.com stackpath.bootstrapcdn.com td.doubleclick.net legislab.azurewebsites.net *.youtube.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.googleapis.com https://cdn.dxpr.com; img-src 'self' blob:  https://www.legiscomex.com cdn2.iconfinder.com is1-ssl.mzstatic.com lh3.googleusercontent.com cdn3.iconfinder.com lablegis.azurewebsites.net px.ads.linkedin.com www.facebook.com googleads.g.doubleclick.net www.linkedin.com track.hubspot.com forms.hsforms.com www.google.com.co data: www.google.com www.google-analytics.com pautas.legis.com.co www.googletagmanager.com prepautas.legis.com.co legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://www.legiscomex.com https://cdn.dxpr.com https://teachlikeachampion.com https://teachlikeachampion.org; media-src 'self' https://www.legiscomex.com https://teachlikeachampion.org; frame-src 'self' https://www.legiscomex.com static.addtoany.com widget.spreaker.com www.googletagmanager.com platform.twitter.com *.youtube.com es.surveymonkey.com https://www.facebook.com/ td.doubleclick.net legislab.azurewebsites.net lablegis.azurewebsites.net www.datos.gov.co cdn.jsdelivr.net https://formulariocontactenos.legis.com.co https://web.facebook.com https://chatlegis.legis.com.co https://chatlegis.legis.com.co:81; frame-ancestors 'self'; child-src 'self'; font-src 'self' https://www.legiscomex.com use.fontawesome.com lablegis.azurewebsites.net stackpath.bootstrapcdn.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' https://www.legiscomex.com lablegis.azurewebsites.net pautas.legis.com.co bam.nr-data.net www.google.com analytics.google.com www.google-analytics.com px.ads.linkedin.com forms.hscollectedforms.net www.google.com forms.hubspot.com prepautas.legis.com.co legislab.legis.com.co www.google.com stats.g.doubleclick.net www.facebook.com legislab.azurewebsites.net lablegis.azurewebsites.net data: www.datos.gov.co cdn.jsdelivr.net vc.hotjar.io wss: https://www.legiscomex.com https://cdn.dxpr.com https://api.segment.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src *; frame-src *; object-src 'none'; base-uri 'self'; form-action 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com cdn.doofinder.com https://www.mollie.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com cdn.doofinder.com js.mollie.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com www.gstatic.com www.google.com https://maps.googleapis.com/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doofinder.com *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.doofinder.com wss://*.doofinder.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://osozre.kamsoft.local https://unpkg.com https://ad.osoz.pl; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://osozre.kamsoft.local https://ad.osoz.pl https://unpkg.com https://osozre.kamsoft.local https://ajax.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'unsafe-inline' 'self'  https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://fonts.googleapis.com https://unpkg.com https://osozre.kamsoft.local https://ad.osoz.pl; style-src-elem 'unsafe-inline' 'self'  https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://fonts.googleapis.com https://unpkg.com https://osozre.kamsoft.local https://ad.osoz.pl https://re.osoz.pl; font-src 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://fonts.gstatic.com; img-src 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://re.osoz.pl https://api.kamsoft.pl https://ad.osoz.pl http://ws4.pharmindex.pl https://ws3.pharmindex.pl https://pljasien.pl blob: data:; child-src 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl; object-src https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl blob: data:; connect-src 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://fonts.gstatic.com https://dc.services.visualstudio.com https://ad.osoz.pl https://osozre.kamsoft.local; frame-src 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl https://repoedm-dev.azure-api.net https://edm-suite.kamsoft.pl https://api.kamsoft.pl https://api.pharmindex.pl blob: data:; frame-ancestors 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl; media-src 'unsafe-eval' 'unsafe-inline' 'self' https://static.serum.com.pl https://serum.com.pl https://s1.serum.com.pl data: blob:; report-uri https://dev.serum.com.pl/cspreps1; report-to csp-endpoint 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com public.montonio.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com chat.petcity.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com public.montonio.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com chat.petcity.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com chat.petcity.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://stats.g.doubleclick.net chat.petcity.ee http: https: wss: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Jr3_1mKQBRlrl02ClVqF5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'self'; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.seeclickfix.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com https://answers-script.frase.io/bot.js * 'self' about: 'unsafe-inline' 'unsafe-eval' data:; worker-src * 'self' data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src * 'self'; media-src 'self' blob: *; font-src * 'self' data:; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self';report-uri /contentsecuritypolicy/report 1
object-src 'none';base-uri 'self';script-src 'nonce-6HTu-3UANsGdtZoHpQHG5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-YwUjxMXWY5wABUHnS-ACig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.googletagmanager.com consentcdn.cookiebot.com td.doubleclick.net www.google.com *.addthis.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com imgsct.cookiebot.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com *.google.nl *.googleapis.com px.ads.linkedin.com api.taggrs.io analytics.portofoonweb.nl www.google.com.ua cart2quote.zendesk.com region1.google-analytics.com assets.myparcel.nl *.openstreetmap.fr *.openstreetmap.org bat.bing.com www.google.nl www.gstatic.com region1.analytics.google.com www.google.com.ly cookies.travyk.nl portal.cookiebanners.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.jsdelivr.net *.tiktok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com consent.cookiebot.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io snap.licdn.com *.hotjar.com *.bing.com static.klaviyo.com static-tracking.klaviyo.com translate.googleapis.com translate-pa.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com www.gstatic.com bat.bing.com www.google.com dpm.demdex.net *.cookiebot.com *.cloudflareinsights.com cookies.travyk.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com *.avada.io *.shopify.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com assets.braintreegateway.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.jsdelivr.net www.gstatic.com https://static.klaviyo.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com analytics.google.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com https://www.sandbox.paypal.com *.hotjar.com px.ads.linkedin.com *.klaviyo.com analytics.portofoonweb.nl api.taggrs.io imgsct.cookiebot.com www.google.com.ua translate.googleapis.com translate-pa.googleapis.com region1.google-analytics.com api.myparcel.nl cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com a.klaviyo.com bat.bing.com cookies.travyk.nl https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com https://consentcdn.cookiebot.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com https://www.mollie.com https://bat.bing.com https://imgsct.cookiebot.com widgets.trustedshops.com https://region1.analytics.google.com https://www.google.nl/ads https://www.google.nl/pagead/ https://stats.g.doubleclick.net https://load.ozuu.hedgy-heckenpflanzen.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com js.mollie.com app.aiden.cx integrations.etrusted.com widgets.trustedshops.com https://static.hotjar.com https://consent.cookiebot.com https://load.ozuu.hedgy-heckenpflanzen.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.paypalobjects.com *.multisafepay.com app.aiden.cx *.hedgy-heckenpflanzen.ch *.hedgy-heckenpflanzen.de *.hedgy-heckenpflanzen.at https://load.ozuu.hedgy-heckenpflanzen.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://monitor.bigbridgedev.nl/csp; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com ssl.google-analytics.com use.typekit.net use.typekit.com player.vimeo.com vimeo.com i.vimeocdn.com s3.tradingview.com tradingview.com cdn.tradingview.com widget.tradingview.com fxpricing.com cdn.fxpricing.com cashbackforex.com; style-src 'self' 'unsafe-inline' use.typekit.net use.typekit.com player.vimeo.com vimeo.com i.vimeocdn.com s3.tradingview.com cdn.tradingview.com tradingview.com fxpricing.com cdn.fxpricing.com; font-src 'self' use.typekit.net use.typekit.com data: cdn.tradingview.com cdn.fxpricing.com i.vimeocdn.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com player.vimeo.com vimeo.com i.vimeocdn.com s3.tradingview.com cdn.tradingview.com tradingview.com fxpricing.com cdn.fxpricing.com cashbackforex.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com player.vimeo.com vimeo.com s3.tradingview.com cdn.tradingview.com widget.tradingview.com fxpricing.com cdn.fxpricing.com cashbackforex.com; frame-src 'self' player.vimeo.com vimeo.com s3.tradingview.com tradingview.com fxpricing.com cashbackforex.com; object-src 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self' https://*.uestra.de https://cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://img.youtube.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://cloud.ccm19.de https://elma.gvh.de https://www.facebook.com; base-uri 'self' https://*.uestra.de; frame-src 'self' blob: https://*.youtube.com/ https://gvh.demo.hafas.cloud https://gvh.hafas.de https://abo.gvh.de https://cloud.ccm19.de https://deutschlandticket.gvh.de https://transport.novafind.eu/; media-src 'self' blob:; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cloud.ccm19.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://stats.uestra.de 'report-sample'; font-src 'self' data: https://fonts.gstatic.com https://gvh.demo.hafas.cloud https://gvh.hafas.de https://stats.uestra.de https://elma.gvh.de; connect-src 'self' https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://stats.uestra.de https://elma.gvh.de https://www.facebook.com; object-src 'self' blob: https://*.uestra.de; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cloud.ccm19.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://*.uestra.de https://relaunch.uestra.de https://*.webit.de https://*.hafas.cloud https://*.hafas.de https://elma.gvh.de https://connect.facebook.net 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://www.uestra.de https://relaunch.uestra.de https://stats.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de https://cloud.ccm19.de https://elma.gvh.de 'report-sample'; frame-ancestors 'self' https://*.uestra.de https://gvh.demo.hafas.cloud https://gvh.hafas.de; form-action 'self'; report-uri https://www.uestra.de/@http-reporting?csp=report&requestTime=1773716028076579&requestHash=ed6be589dfc63eb0bd94f873a45e7043e9b7e036 1
default-src 'self'; script-src 'self' 'nonce-BCtsUOW1KfrAPVUZFj8TbAO_s4JDOi4l7E_cg_kwKnOg3pPGEk7eCw' data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://*.google.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; connect-src 'self' data: https://*.openstreetmap.org https://www.piwik.bayern.de/; font-src 'self' data:; object-src 'none'; script-src-elem 'self' 'nonce-BCtsUOW1KfrAPVUZFj8TbAO_s4JDOi4l7E_cg_kwKnOg3pPGEk7eCw' 'strict-dynamic' 'report-sample'; style-src-elem 'self' 'nonce-BCtsUOW1KfrAPVUZFj8TbAO_s4JDOi4l7E_cg_kwKnOg3pPGEk7eCw' https://www.google.com/ 'report-sample'; worker-src 'self' 'nonce-BCtsUOW1KfrAPVUZFj8TbAO_s4JDOi4l7E_cg_kwKnOg3pPGEk7eCw' data: https://*.openstreetmap.org blob: 'report-sample'; report-uri https://www.hdbg.de/@http-reporting?csp=report&requestTime=1773717230087900&requestHash=63844dca486462fdcdfbea345a4afa632d0c9202 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://cdn.loadbee.com/ https://petertysonelectricals.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * js.mollie.com https://www.googletagmanager.com/ *.addthis.com *.googleapis.com https://service.loadbee.com/ http://www.paypal.com http://www.sandbox.paypal.com *.trustpilot.com petertysonelectricals.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.mollie.com *.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ magefan.com cm.magefan.com *.disqus.com *.finance-calculator.co.uk *.dekopay.com 'self' data: https://img.youtube.com maps.gstatic.com *.bing.com *.opentracker.net *.clarity.ms *.adtrafficquality.google *.flix360.com *.google.co.uk *.sweetanalytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.mollie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.finance-calculator.co.uk *.dekopay.com *.googleapis.com https://cdn.loadbee.com/js/loadbee_integration.js *.trustpilot.com *.smartsuppchat.com *.facebook.net *.hotjar.com *.bing.com *.clickguardian.app *.opentracker.net *.googlesyndication.com *.cloudfront.net *.cloudflare.com *.smartsuppcdn.com *.dwin1.com *.pinimg.com *.kk-resources.com *.clarity.ms *.pinterest.com *.adtrafficquality.google *.flixfacts.com *.flixcar.com *.sweetanalytics.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com assets.braintreegateway.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://cdn.jsdelivr.net *.trustpilot.com *.smartsuppcdn.com *.klaviyo.com *.finance-calculator.co.uk *.flixcar.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.addressy.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.finance-calculator.co.uk *.dekopay.com *.googleapis.com https://availability.loadbee.com *.smartsuppchat.com *.hotjar.com *.hotjar.io *.smartsuppcdn.com *.amazonaws.com *.clickguardian.app *.adtrafficquality.google *.smartsupp.com *.googlesyndication.com *.google-analytics.com *.pinterest.com *.clarity.ms wss: *.flixcar.com *.gstatic.com *.google.co.uk *.sweetanalytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://polyfill.io https://www.youtube.com https://vimeo.com https://player.vimeo.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://snap.licdn.com/ https://www.gstatic.com/; img-src data: 'self' https://www.flickr.com/ https:; connect-src 'self' https:; frame-src 'self' https://www.google.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://www.flickr.com/ https://www.podbean.com/ https://e.issuu.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; font-src 'self' https: data: 1
font-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.fontawesome.com *.gstatic.com fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.bugherd.com *.prismic.io *.netmailer.ch *.google.com *.wufoo.com *.doubleclick.net *.googletagmanager.com *.weltpixel.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://images.unsplash.com *.prism.app-us1.com *.prismic.io *.gstatic.com *.magentocommerce.com *.bing.com *.google.rs *.google.ch *.trackjs.com *.profity.ch *.clarity.ms test.saferpay.com www.saferpay.com saferpay.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.googletagmanager.com *.doubleclick.net *.google.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com bx-cdn.com/static/bav2.min.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js bx-cdn.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io *.google.com *.hs-scripts.com *.bugherd.com *.convertful.com *.facebook.net *.hs-analytics.com *.hscollectedforms.com *.headspixel.com *.hs-banner.com *.hotjar.com *.googleapis.com *.licdn.com *.googleadservices.com *.g.doubleclick.net *.newrelic.net *.trackjs.com *.cdn.prismic.io *.bing.com *.clarity.ms *.profity.ch *.wufoo.com test.saferpay.com www.saferpay.com saferpay.com cdnjs.cloudflare.com payment *.googletagmanager.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com unpkg.com *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.googleapis.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src storage.googleapis.com/rtux-rtux-data-integration-rti/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com track.bx-cloud.com main.bx-cloud.com track-gw1.bx-cloud.com bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ *.prism.app-us1.com *.prismic.io *.google.com *.clarity.ms *.bing.com *.trackjs.com test.saferpay.com www.saferpay.com saferpay.com intent://payment *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.apsclicktopay.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.apsclicktopay.com *.certcapture.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.mollie.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.apsclicktopay.com *.certcapture.com *.fontawesome.com unsafe-inline assets.braintreegateway.com downloads.mailchimp.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self'; connect-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' blob:;; img-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' blob: data:;; media-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' blob: data:;; script-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' 'unsafe-eval' 'unsafe-inline' blob:;; script-src-elem www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' 'unsafe-eval' 'unsafe-inline' blob:;; worker-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com 'self' blob:;; style-src www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com https://static-production.lovebird.com 'self' 'unsafe-inline';; style-src-elem www.lovebird.com ws://www.lovebird.com static-production.lovebird.com ws://static-production.lovebird.com https://admin.lovebird.com https://*.recurly.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://static-staging-v0.lovebird.com https://static-production-v0.lovebird.com https://static-staging.lovebird.com https://static-production.lovebird.com https://*.bing.com https://*.doubleclick.net https://*.dwin1.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.mxpnl.com http://*.mxpnl.com https://*.mixpanel.com https://*.pinimg.com https://*.pinterest.com https://*.reddit.com https://*.redditstatic.com https://*.tiktok.com https://*.tiktokw.com https://*.tiktokw.us https://*.mgid.com https://*.viralsweep.com https://static-production.lovebird.com 'self' 'unsafe-inline';; report-uri ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.mollie.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widgets.trustedshops.com winemate.net *.winemate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.mollie.com www.googletagmanager.com https://plumrocket.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.cloudfront.net *.etrusted.com fonts.googleapis.com *.google.de *.google.com *.google-analytics.com *.sleeknote.com *.mollie.com 'self' data: *.googleadservices.com *.googletagmanager.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com winemate.net *.winemate.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.cookiefirst.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.trustedshops.com *.etrusted.com *.etrusted.site *.sleeknote.com *.paypalobjects.com *.googleadservices.com *.mollie.com cdn.jsdelivr.net connect.facebook.net widget.freshworks.com m2epro.freshdesk.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com winemate.net *.winemate.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.etrusted.com *.cookiefirst.com *.mollie.com 'self' data: maxcdn.bootstrapcdn.com cdn.jsdelivr.net widget.freshworks.com m2epro.freshdesk.com assets.braintreegateway.com https://fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com winemate.net *.winemate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.cookiefirst.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.trustedshops.com *.etrusted.com *.etrusted.site *.youtube.com *.sleeknote.com *.paypalobjects.com *.googleadservices.com *.mollie.com fonts.googleapis.com *.analytics.google.com stats.g.doubleclick.net widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://integrations.etrusted.site winemate.net *.winemate.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com v2.zopim.com *.tawk.to *.adobe.com *.zopim.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.hotjar.com https://e.issuu.com v2assets.zopim.io *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://cdn.flbx.io https://firebasestorage.googleapis.com *.storyblok.com *.mullanlighting.com api.feefo.com *.ytimg.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.zopim.com *.zopim.io *.cloudfront.net blob: *.rudderlabs.com *.rudderstack.com cdn-cookieyes.com cookieyes.com *.jsdelivr.net *.tawk.to tawk.link www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.avada.io *.storyblok.com *.hotjar.com api.feefo.com register.feefo.com v2.zopim.com widget-mediator.zopim.com browser-update.org static.zdassets.com *.jsdelivr.net *.tawk.to *.rudderlabs.com *.rudderstack.com cdn-cookieyes.com *.cookieyes.com *.googlesyndication.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net *.storyblok.com maxcdn.bootstrapcdn.com *.jsdelivr.net *.tawk.to unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com https://get.geojs.io *.avada.io *.feefo.com ekr.zdassets.com wss://widget-mediator.zopim.com/ *.doubleclick.net *.getflowbox.com *.zendesk.com *.google.es *.tawk.to *.rudderlabs.com *.rudderstack.com cdn-cookieyes.com *.cookieyes.com *.googlesyndication.com *.hotjar.com *.zopim.com *.facebook.com wss://*.tawk.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com www.google-analytics.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: i.ytimg.com www.googletagmanager.com cdn-cookieyes.com www.google-analytics.com www.facebook.com; connect-src 'self' cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com www.google-analytics.com consentlog.cookieyes.com; font-src 'self'; media-src 'self'; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame-src 'self' data: www.google.com www.youtube.com; worker-src 'self'; manifest-src 'self'; navigate-to 'self'; base-uri 'self' 1
font-src blog.247garden.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net blog.247garden.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net blog.247garden.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ js.mollie.com *.authorize.net challenges.cloudflare.com blog.247garden.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com blog.247garden.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://maps.googleapis.com https://player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com *.authorize.net challenges.cloudflare.com blog.247garden.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com blog.247garden.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blog.247garden.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net blog.247garden.com 'self' 'unsafe-inline'; child-src blog.247garden.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.247garden.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://*.bbdental.com.br https://cdnjs.cloudflare.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.klarnacdn.net 'self' data: *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.cloudflare.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: *.bigcommerce.com *.doubleclick.net *.esellerpro.com *.facebook.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.st www.google.tg www.google.tm www.google.tn www.google.tt www.google.ws *.googlesyndication.com *.googletagmanager.com *.i-sells.co.uk *.trustpilot.com *.wiska.com *.wiska.co.uk *.ytimg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.link.com *.trustpilot.com *.buttonizer.io *.doubleclick.net *.facebook.net *.formilla.com *.googlesyndication.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.gstatic.com *.stripe.network *.stripecdn.com *.trustpilot.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com klarna.com *.link.com *.buttonizer.io *.doubleclick.net *.facebook.com *.formilla.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.so www.google.tn www.google.tt *.googlesyndication.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://fe01bf3e-e83e-4500-af8b-4766d0d3c786.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com acs.3ds-pit.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com account.fetchify.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com acs.3ds-pit.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarna.com *.klarnaevt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com acs.3ds-pit.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com acs.3ds-pit.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kZTtEdBMUGEotFkxZ36dMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';object-src 'none'; base-uri 'none'; connect-src 'self' *.zorgdoc.nl; report-uri https://sentry.zorgdoc.nl/api/11/security/?sentry_key=710eec7163c34959bcfe36be5404c07a 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ accounts.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com accounts.google.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com accounts.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.mensura.be; frame-ancestors https://app.storyblok.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://sgtm.mensura.be; connect-src 'self' https://app-pweb-backend-mns-pro.azurewebsites.net https://*.google-analytics.com https://www.googletagmanager.com https://sgtm.mensura.be https://api-eu1.cludo.com https://*.googleapis.com https://www.google.com; img-src 'self' https://*.storyblok.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.be data:; font-src 'self' https://use.typekit.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net/; script-src 'self' 'unsafe-inline' https://app.storyblok.com https://customer.cludo.com https://www.googletagmanager.com https://sgtm.mensura.be https://*.googleapis.com https://*.gstatic.com https://*.google.com https://cdn.cookielaw.org https://*.youtube.com; worker-src 'self' blob:; 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com *.tradecentric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.usg.edu * 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.punchout2go.com *.tradecentric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com magefan.com cm.magefan.com *.klevu.com *.ksearchnet.com *.disqus.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.clarity.ms *.punchout2go.com *.tradecentric.com *.klevu.com *.ksearchnet.com *.disqus.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.doofinder.com *.fontawesome.com *.punchout2go.com *.tradecentric.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com https://www.pocketnurse.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.clarity.ms *.klevu.com *.ksearchnet.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=mzxaM.yoLpRdBhfezIZQC1Ta10NEAB3hStjpl6rKGJc-1773717565-1.0.1.1-Of8RlEbwMlUY2U1PM51CWtJofFJ40dJ9pie6VcB0IopmyzzKHIVDSfBp_LpMgcnXfh_op.v1DUfx412TarkMDi2Zl3JRfP2zRuk6OfXRTM2PdntQImtJHbV.px4hvW7ct1EkOVNJ8CLTZOMXFVO0mDySkPXdDkOcxTXITMAA0Pgylj8hI6f03GEUK8ywI6iE; report-to cf-csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-YQOj3y5Noi6i785NNZ81UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-potwjkfksBxI5c_2fyXVbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src  'self' https:; style-src   'self' https:       'unsafe-inline'; font-src    'self' https: data: 'unsafe-inline'; img-src     'self' https: data:; connect-src 'self' https:; frame-src   'self' https://*.vipleiloes.com.br https://*.provedor.space https://streaming01.vplpar.com:5443; media-src   'self' https:; form-action 'self' https:; base-uri    'self'; frame-ancestors 'self' https://*.vipleiloes.com.br https://streaming01.vplpar.com:5443; object-src  'none'; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' optimize.google.com www.googletagmanager.com fonts.googleapis.com *.typekit.net *.yotpo.com *.myfonts.net *.cloudfront.net; font-src 'self' data: optimize.google.com fonts.gstatic.com *.abtasty.com *.dwin1.com *.typekit.net *.livechatinc.com snap.licdn.com *.tiktok.com static.ads-twitter.com ct.pinterest.com *.yotpo.com *.addthis.com *.moatads.com *.curalate.com *.cloudflare.com *.cloudfront.net; img-src 'self' data: *; base-uri 'self' ;  form-action *; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com optimize.google.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googleadservices.com maps.googleapis.com polyfill.io player.vimeo.com connect.facebook.net *.klevu.com api.exponea.com s.pinimg.com intljs.rmtag.com assistjs.skimresources.com googleads.g.doubleclick.net bat.bing.com t.contentsquare.net track.sweetanalytics.com *.yotpo.com snap.licdn.com static.ads-twitter.com *.tiktok.com *.abtasty.com *.adobedc.net *.dwin1.com *.livechatinc.com *.voyado.com *.ksearchnet.com *.hotjar.com *.veinteractive.com *.mouseflow.com *.sleeknote.com *.stripe.com *.zdassets.com *.trustpilot.com *.clarity.ms *.addthis.com *.addthisedge.com *.moatads.com *.clearpay.co.uk *.amplitude.com *.sagepay.com snapppt.com *.snapppt.com; connect-src 'self' mage.timeproducts.co.uk *.googlesyndication.com *.google-analytics.com *.klevu.com api.exponea.com ct.pinterest.com *.abtasty.com *.adobedc.net *.tiktok.com *.yotpo.com maps.googleapis.com vimeo.com *.addthis.com *.moatads.com *.dwin1.com *.54proxy.com *.ksearchnet.com *.hotjar.com *.hotjar.io *.zdassets.com *.clarity.ms *.amplitude.com *.sweetanalytics.com snapppt.com *.snapppt.com *.zendesk.com; frame-src 'self' player.vimeo.com *.fls.doubleclick.net ct.pinterest.com vimeo.com secure.livechatinc.com *.addthis.com *.curalate.com *.54proxy.com *.hotjar.com *.stripe.com *.trustpilot.com *.paypal.com *.zendesk.com *.zdassets.com; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://www.mollie.com https://maps.googleapis.com https://maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com js.mollie.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.gr/api/csp-report; report-to csp-endpoint 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.feedbackcompany.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.feedbackcompany.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.nosto.com *.nos.to *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.getqonfi.com agryghsjho.cloudimg.io imgsct.cookiebot.com *.feedbackcompany.com magefan.com cm.magefan.com *.nosto.com *.nos.to https://www.unifaunonline.se https://*.tile.openstreetmap.org/ flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn2.hubspot.net resources.paytrail.com https://shareasale.com/sale.cfm https://track.linksynergy.com https://www.bizrate.com https://www.awin1.com https://track.webgains.com https://prf.hn https://track.flexlinks.com https://scripts.affiliatefuture.com https://t.powerreviews.com https://match.sharethrough.com https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://jadserve.postrelease.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://ps.eyeota.net https://public-prod-dspcookiematching.dmxleo.com *.amazonaws.com www.google.com.ua https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.getqonfi.com consent.cookiebot.com *.feedbackcompany.com *.nosto.com *.nos.to s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io https://api.unifaun.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com services.paytrail.com https://www.dwin1.com https://intljs.rmtag.com https://cdn.avmws.com https://images.bizrate.com https://www.awin1.com https://swrap.tradedoubler.com https://analytics.optimalpeople.fr https://www.linkconnector.com https://d3v27wwd40f0xu.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://*.affiliatefuture.com https://static.powerreviews.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://gloeilampgoedkoop.nl https://load.kt1pq.gloeilampgoedkoop.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.getqonfi.com *.feedbackcompany.com *.nosto.com *.nos.to ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.paytrail.com https://shareasale.com/sale.cfm https://analytics.optimalpeople.fr https://measurement-api.criteo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://load.kt1pq.gloeilampgoedkoop.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com/ 'self' 'unsafe-inline'; form-action *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.intercomcdn.com *.bootstrapcdn.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.mobilpay.ro *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com dacia-ro.os.tc *.facebook.com *.doubleclick.net *.cookiebot.com *.pinterest.com *.dotdigital-pages.com *.dotdigital.com *.addthis.com *.twitter.com *.creativecdn.com webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.ro *.googleapis.com *.googletagmanager.com *.ibb.co contactrenaultgroup.secure.force.com *.salesforceliveagent.com *.intercomcdn.com *.facebook.com trusted.ro *.analytics.yahoo.com *.pinterest.com *.kafune.ro *.trackedlink.net *.ddlnk.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.addthisedge.com *.twitter.com lafantana.ro *.lafantana.ro *.smartsuppcdn.com *.linkedin.com *.docomo.ne.jp *.e-planning.net *.media.net *.smaato.net *.rakuten.com *.gumgum.com *.opera.com *.cookiebot.com *.disqus.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleoptimize.com *.googletagmanager.com onesignal.com *.onesignal.com *.intercom.io *.intercomcdn.com *.salesforceliveagent.com *.googleapis.com *.gstatic.com *.facebook.net *.yimg.com *.retargeting.biz *.retargeting.app *.cookiebot.com *.mczbf.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com *.creativecdn.com *.pinterest.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.avada.io *.shopify.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.smartlook.com *.licdn.com webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.smartsuppcdn.com webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://ah-pusher.gd.ro *.webrci.ro *.yimg.com cdn.cookielaw.org *.retargeting.app *.smartsuppchat.com *.pinterest.com *.googleapis.com *.smartsuppcdn.com *.smartsupp.com wss://websocket-visitors.smartsupp.com *.creativecdn.com *.sjwoe.com *.mczbf.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://get.geojs.io *.avada.io *.google.ro *.smartlook.cloud *.cookiebot.com *.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.kueskipay.com data: http://img-longchamp.grupoultra.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.kueskipay.com data: https://www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.kueskipay.com data: https://players.brightcove.net https://bid.g.doubleclick.net https://insight.adsrvr.org https://static.rolex.com https://td.doubleclick.net plausible.io *.wesupply.xyz https://wesupplylabs.com www.youtube.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.kueskipay.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.kreiconceptstore.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com https://www.google.com https://www.google.com.mx https://googleads.g.doubleclick.net https://img-longchamp.grupoultra.com https://bat.bing.com https://www.kreiconceptstore.com https://insight.adsrvr.org https://www.tiktok.com https://ultrafemme.com https://us4-files.zohopublic.com https://smetrics.rolex.com https://maps.googleapis.com https://firebasestorage.googleapis.com https://meetanshi.com/media/logo.png www.google.com.ua *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: https://a.klaviyo.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com https://static-tracking.klaviyo.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com http://bat.bing.com https://j01l4h3n.com https://secure.adnxs.com https://5mcl.fr http://5mcl.fr http://secure.adnxs.com https://js-cdn.dynatrace.com https://js.adsrvr.org https://www.clarity.ms https://assets.adobedtm.com https://static.cloudflareinsights.com *.api.useinsider.com *.cloudfront.net https://www.googleoptimize.com https://maps.googleapis.com *.avada.io *.shopify.com plausible.io *.cloudflare.com www.youtube.com ajax.googleapis.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ assets.braintreegateway.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com https://static.klaviyo.com data: https://static-tracking.klaviyo.com *.typekit.net *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.typeform.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: https://img.kreiconceptstore.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.kueskipay.com *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: https://a.klaviyo.com https://www.paypalobjects.com https://www.google-analytics.com  https://www.sandbox.paypal.com  https://www.facebook.com https://stats.g.doubleclick.net https://script.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://bam.nr-data.net https://analytics.google.com https://j.clarity.ms https://bf52126kbt.bf.dynatrace.com https://salesiq.zohopublic.com wss://vts.zohopublic.com https://z.clarity.ms https://maps.googleapis.com https://get.geojs.io *.avada.io plausible.io cdn.plyr.io noembed.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.run.app *.typeform.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.shopee.com *.shopeepay.com *.monee.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.co.il https://www.myheritage.co.il  'unsafe-eval' 'nonce-450541fc085924144829d268c8ec428f' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com *.cloudfront.net https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.hsforms.net *.hsforms.com www.google.com *.gstatic.com maps.googleapis.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.cloudflare.com getfirebug.com *.yotpo.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.google.com *.googleadservices.com *.googletagmanager.com * www.magmodules.eu *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com * *.datatrics.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://p.typekit.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.googletagmanager.com stats.g.doubleclick.net * *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.weltpixel.com https://www.googletagmanager.com/ business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net http://cdnjs.cloudflare.com/ajax/libs/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.ccavenue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net blob: *.ccavenue.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com */walletsystem/index/applypaymentamount www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.ccavenue.com s7.addthis.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com http://cdnjs.cloudflare.com/ajax/libs/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.ccavenue.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src custom.intucdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.doofinder.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.com.co c.bing.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.doubleclick.net analytics.google.com cdn.connectif.cloud *.hotjar.com *.clarity.ms connect.facebook.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com.co analytics.google.com *.clarity.ms stats.g.doubleclick.net am1-api.connectif.cloud content.hotjar.io *.hotjar.com *.facebook.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.designmanager.com *.gstatic.com *.mustcheck.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com *.weltpixel.com designfiles.co *.doubleclick.net *.fliphtml5.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com *.facebook.com *.doubleclick.net exchjsdata.com *.googleapis.com www.google.ae www.google.am www.google.at www.google.bg www.google.bs www.google.ca www.google.cl www.google.cm www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.co www.google.com.do www.google.com.eg www.google.com.hk www.google.com.kw www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.es www.google.fr www.google.gr www.google.hr www.google.ie www.google.it www.google.mk www.google.nl www.google.pl www.google.ps www.google.rs www.google.ru www.google.se www.google.sk data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://ajax.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://chimpstatic.com designfiles.co *.googleapis.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com downloads.mailchimp.com tagmanager.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.net *.doubleclick.net get663.com *.googleapis.com www.google.be www.google.bs www.google.by www.google.ca www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.do www.google.com.eg www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.vn www.google.co.th www.google.co.uk www.google.de www.google.fr www.google.gr www.google.hr www.google.nl www.google.ru *.google.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5a06d6ec-c9e3-4020-8ae7-730a01080da3.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src *.google-analytics.com *.paypal.com *.googleadservices.com *.youtube.com *.vimeocdn.com *.cloudfront.net www.facebook.com www.google.rs *.facebook.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com p.typekit.net *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src *.google-analytics.com *.googletagmanager.com  *.paypal.com *.klaviyo.com *.vimeocdn.com *.youtube.com *.newrelic.com *.nr-data.net connect.facebook.net assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src static-tracking.klaviyo.com *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net *.facebook.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://data.expivi.net https://admin.expivi.net *.fontawesome.com https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net https://dashboard.webwinkelkeur.nl *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com imgsct.cookiebot.com imgsct.cookiebot.eu cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://expivi.net https://data.expivi.net https://assets.expivi.net https://cache.expivi.net https://admin.expivi.net https://www.gstatic.com magefan.com cm.magefan.com *.multisafepay.com *.amazonaws.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com consent.cookiebot.com consent.cookiebot.eu cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://expivi.net https://data.expivi.net https://assets.expivi.net https://cache.expivi.net https://admin.expivi.net *.multisafepay.com https://pay.google.com https://www.postcode-checkout.nl/api/v2/ https://dashboard.postcode-checkout.nl/api/v2/ *.sendcloud.sc *.jsdelivr.net https://dashboard.webwinkelkeur.nl/sidebar.js https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doofinder.com downloads.mailchimp.com *.fontawesome.com *.multisafepay.com *.sendcloud.sc *.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu *.doofinder.com wss://*.doofinder.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://expivi.net https://data.expivi.net https://assets.expivi.net https://cache.expivi.net https://admin.expivi.net https://www.gstatic.com *.multisafepay.com https://www.postcode-checkout.nl/api/v2/ https://dashboard.postcode-checkout.nl/api/v2/ *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.clarity.ms c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.co *.google.com *.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://*.clarity.ms *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net widgets.pau.zone www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.rum-static.pingdom.net https://www.google-analytics.com/ *.google.com *.googletagmanager.com *.googleadservices.com *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net *.amazonaws.com https://maps.googleapis.com https://www.googletagmanager.com www.clarity.ms https://www.clarity.ms https://*.clarity.ms *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ *.pingdom.net widgets.pau.zone js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com https://fonts.googleapis.com https://*.clarity.ms unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.rum-static.pingdom.net *.google-analytics.com *.google.com *.static.klaviyo.com *.stats.g.doubleclick.net *.connect.facebook.net *.rum-collector-2.pingdom.net https://www.googletagmanager.com www.clarity.ms https://*.clarity.ms *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net *.smallshi.com:1442/ *.smallshi.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src https://*.clarity.ms assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.rum-static.pingdom.net *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.clarity.ms 'self' 'unsafe-inline'; 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; frame-src 'self' googletagmanager.com doubleclick.net google-analytics.com; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-to https://costa.report-uri.com/r/t/csp/reportOnly 1
secure-frame-src *.idtheftscanner.f-secure.com; font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.idtheftscanner.f-secure.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cloudfront.net https://electric-house.com https://static.addtoany.com https://www.google-analytics.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.idtheftscanner.f-secure.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.idtheftscanner.f-secure.com landofcoder.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cookiefirst.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.idtheftscanner.f-secure.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.idtheftscanner.f-secure.com *.cookiefirst.com landofcoder.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://interfaces.zapier.com https://*.zapier.app https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.trackedlink.net *.ddlnk.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://interfaces.zapier.com https://dapi.videoly.co https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.eckeroline.ee 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://pay.digitalfemsa.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.conekta.io conektaapi.s3.amazonaws.com pay.digitalfemsa.io https://devinfra24.devg4a.net/ *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.conekta.io api.digitalfemsa.io *.paypal.com *.sandbox.paypal.com *.paypalobjects.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reachout.global pos-kowzef.reachout.global 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.addtoany.com/ *.doubleclick.net/ *.addthis.com *.doubleclick.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.adobedtm.com *.afip.gob.ar *.cloudfront.net https://player.vimeo.com *.clarity.ms *.google.com.co *.bing.com *.kosiuko.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.cloudfront.net *.doubleclick.net *.vimeo.com https://f.vimeocdn.com https://player.vimeo.com *.clarity.ms *.tiktok.com *.aptrinsic.com *.facebook.net *.facebook.com *.googleapis.com *.googletagmanager.com track-icommkt.com *.icommarketing.com *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.vimeo.com https://vimeo.com *.vimeocdn.com https://f.vimeocdn.com *.clarity.ms *.google.com *.tiktok.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.notifications-icommkt.com https://notifications-icommkt.com pos-kowzef.reachout.global *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com 'self' data: *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://secure.networkmerchants.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.yotpo.com *.openwidget.com *.chatbot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com 'self' data: *.iubenda.com *.facebook.net *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.yotpo.com *.openwidget.com *.chatbot.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://secure.networkmerchants.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com *.iubenda.com *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.yotpo.com *.openwidget.com *.chatbot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://secure.networkmerchants.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.googleapis.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.yotpo.com *.openwidget.com *.chatbot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com *.yotpo.com *.openwidget.com *.chatbot.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://secure.networkmerchants.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com *.doubleclick.net *.run.app *.typeform.com *.googlesyndication.com *.iubenda.com *.tidio.co wss://socket.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.yotpo.com *.openwidget.com *.chatbot.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: https://www.googletagmanager.com *.cloudflare.com *.clarity.ms *.bing.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro https://stage-checkout.leanpay.si *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.googleapis.com *.newsmanapp.com *.clarity.ms *.bing.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.doubleclick.net www.googletagmanager.com googletagmanager.com *.clarity.ms *.bing.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com *.cloudflare.com s.ytimg.com *.img2run.com *.mailchimp.com *.mcusercontent.com *.google.ro trusted.ro *.whiteimage.biz *.cookiebot.com *.clarity.ms *.bing.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.tbicp.com *.cloudflare.com *.fontawesome.com *.facebook.net *.attr-2p.com *.2performant.com *.newsmanapp.com attr-2p.com *.mailchimp.com *.list-manage.com *.chimpstatic.com googletagmanager.com *.whiteimage.biz *.cookiebot.com *.criteo.com *.clarity.ms *.bing.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.mailchimp.com *.clarity.ms *.bing.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.clarity.ms *.bing.com https://scripts.luigisbox.tech https://cdn.luigisbox.tech https://live.luigisbox.tech https://api.luigisbox.tech https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.google.com https://www.gstatic.com https://*.gstatic.com https://connect.facebook.net https://static.cloudflareinsights.com https://challenges.cloudflare.com https://*.challenges.cloudflare.com https://www.youtube.com https://*.youtube.com https://*.gateway.mastercard.com https://*.ipg.com https://*.ipay.lk https://*.boc.lk blob:; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.google.com https://www.gstatic.com https://*.gstatic.com https://connect.facebook.net https://static.cloudflareinsights.com https://challenges.cloudflare.com https://*.challenges.cloudflare.com https://www.youtube.com https://*.youtube.com https://*.gateway.mastercard.com https://*.ipg.com https://*.ipay.lk https://*.boc.lk blob:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https: blob: https://scopecinemas-v2.s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://*.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://*.gstatic.com; media-src 'self' blob: data: https://scopecinemas-v2.s3.amazonaws.com https://*.s3.amazonaws.com; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://translate.googleapis.com https://*.googleapis.com https://www.facebook.com https://*.facebook.com https://connect.facebook.net https://cloudflareinsights.com https://*.cloudflareinsights.com https://www.youtube.com https://*.youtube.com https://*.gateway.mastercard.com https://*.ipg.com https://*.ipay.lk https://*.boc.lk; frame-src 'self' https://www.facebook.com https://*.facebook.com https://www.google.com https://*.google.com https://www.gstatic.com https://*.gstatic.com https://www.youtube.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gateway.mastercard.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.facebook.com; upgrade-insecure-requests; report-uri https://www.scopecinemas.com/api/csp-report 1
font-src *.googleapis.com *.gstatic.com fonts.gstatic.com https://cdn.jsdelivr.net components-bnpl-pe-bbva-production.moprestamo.com sole.com.pe mcstaging.sole.com.pe https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://sole.qualtrics.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.payment.pagoefectivo.pe td.doubleclick.net https://h.online-metrix.net https://static-content-qas.vnforapps.com https://m.vnforapps.com https://sole.qualtrics.com https://www.facebook.com *.moprestamo.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.maps.googleapis.com mldp.mercadopago.com www.mercadolibre.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com mcstaging.sole.com.pe https://mcprod.sole.com.pe www.facebook.com www.google.cl www.google.com.ar www.google.com.pe www.sole.com.pe sole.com.pe *.apurata.com sandbox.pulsedive.com *.vnforapps.com *.clarity.ms *.bing.com static.apurata.com https://www.google.com.co https://app.apurata.com https://static-content.vnforapps.com https://m.vnforapps.com https://*.online-metrix.net https://siteintercept.qualtrics.com *.moprestamo.com https://firebasestorage.googleapis.com mageside.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br imgmp.mlstatic.com a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com admin.revenuehunt.com connect.facebook.net components-bnpl-pe-bbva-production.moprestamo.com widgets-static.embluemail.com *.clarity.ms cdnjs.cloudflare.com zn3fnfkjfbzjxoun4-sole.siteintercept.qualtrics.com siteintercept.qualtrics.com *.vnforapps.com *.newrelic.com *.moprestamo.com https://*.inferencelabs9.com mcstaging.sole.com.pe sole.com.pe components-bnpl-pe-bbva-green.moprestamo.com www.clarity.ms js-agent.newrelic.com static-content-qas.vnforapps.com www.google.com www.gstatic.com https://m.vnforapps.com https://*.online-metrix.net *.avada.io *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.maps.googleapis.com http2.mlstatic.com secure.mlstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net components-bnpl-pe-bbva-production.moprestamo.com sole.com.pe mcstaging.sole.com.pe *.moprestamo.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com maf.pagosonline.net devicefingerprinting.fraudvault.com siteintercept.qualtrics.com apurata.com *.powerpay.pe *.clarity.ms *.nr-data.net *.moprestamo.com https://*.inferencelabs9.com https://www.google.com sole.com.pe mcstaging.sole.com.pe bam.nr-data.net a.clarity.ms https://stats.g.doubleclick.net https://mo-services-bbva-bnpl-pe-green.moprestamo.com https://maps.googleapis.com https://apurata.com https://h.online-metrix.net https://m.vnforapps.com https://www.google.com.co https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.maps.googleapis.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com bam.nr-data.net mcstaging.sole.com.pe a.clarity.ms www.google.com.co sole.com.pe *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.googleapis.com/ *.greenpay.me/ https://d1wxcpi03uiovj.cloudfront.net *.fontawesome.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com c.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://d1wxcpi03uiovj.cloudfront.net https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.googleapis.com/ *.greenpay.me/ *.appspot.com https://centinelapi.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkoutv2.greenpay.me https://checkoutv2.greenpaysbx.me c.paypal.com *.greenpay.me centinel.cardinalcommerce.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://www.google.co.cr/ *.googleapis.com/ *.greenpay.me/ https://d1wxcpi03uiovj.cloudfront.net maps.gstatic.com static.greenpay.me *.greenpay.me *.paypalobjects.com https://static.legitscript.com *.facebook.com https://maps.gstatic.com https://maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.greenpaysbx.me *.kaptcha.com connect.facebook.net https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://code.jquery.com/jquery-3.6.0.min.js https://code.jquery.com/ui/1.13.2/jquery-ui.min data: *.googleapis.com/ *.greenpay.me/ https://d1wxcpi03uiovj.cloudfront.net maps.googleapis.com maps.gstatic.com https://centinelapi.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com api.sandbox.paypal.com api.paypal.com checkoutv2.greenpay.me checkoutv2.greenpaysbx.me static.greenpay.me centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com *.googletagmanager.com *.facebook.net https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.googleapis.com/ *.greenpay.me/ https://d1wxcpi03uiovj.cloudfront.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.kaptcha.com https://data-collector.greenpay.me https://d1wxcpi03uiovj.cloudfront.net https://connect.facebook.net/ https://script.crazyegg.com/ *.hotjar.net/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://gtm-mpv8c69c-mze5m.uc.r.appspot.com *.doubleclick.net/ data: *.googleapis.com/ *.greenpay.me/ maps.googleapis.com www.google-analytics.com https://centinelapi.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkoutv2.greenpay.me https://checkoutv2.greenpaysbx.me api.paypal.com api.sandbox.paypal.com checkoutv2.greenpay.me checkoutv2.greenpaysbx.me 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://d1wxcpi03uiovj.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.tufano.store *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.tufano.store *.icecat.biz *.xrex.it www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.tufano.store *.jsdelivr.net www.google.com www.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.tufano.store *.jsdelivr.net *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.tufano.store *.google-analytics.com *.googletagmanager.com *.xrex.it www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-YTkxOGMwYWMtM2Y3Mi00ZmUxLWFiMmUtNTE4YTg2NzdjY2I2' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
script-src 'unsafe-inline' 1
font-src www.paypalobjects.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.boldcommerce.com api.staging.boldcommerce.com *.paypal.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.stripe.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static.boldcommerce.com *.paypal.com www.gstatic.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.paypal.com *.paypalobjects.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com *.stripe.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src api.boldcommerce.com api.staging.boldcommerce.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.sandbox.braintree-api.com *.braintree-api.com *.paypal.com *.braintreegateway.com eps.secure.boldcommerce.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src api.boldcommerce.com api.staging.boldcommerce.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Qdrbwc7ogD_fwWNRBiR-9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-A8S-p_HMf6SMYpNa1upGHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/i/jot https://cdn.syndication.twimg.com/ https://*.clarity.ms https://c.bing.com ;  connect-src 'self' https://www.google-analytics.com/ https://api.payu.in/ https://secure.payu.in/ ; img-src 'self' data: https://*.twimg.com https://platform.twitter.com/ https://img.youtube.com/ https://i.ytimg.com/;  style-src 'self' https://platform.twitter.com 'unsafe-inline';  font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com/;  base-uri 'self'; form-action 'self' https://api.payu.in/  https://secure.payu.in/  https://platform.twitter.com/ https://syndication.twitter.com/i/jot/;  frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://open.spotify.com/; script-src-elem 'self' https://www.youtube.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://canvasjs.com/assets/script/ https://canvasjs.com/assets/script/ https://cdnjs.cloudflare.com/ajax/libs/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://*.clarity.ms https://c.bing.com 'unsafe-inline'; style-src-elem 'self' https://code.jquery.com/ 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ ; script-src-attr 'self' 'unsafe-inline'   ; navigate-to 'self' https://api.payu.in/  https://secure.payu.in/ ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com consent.cookiefirst.com userlike-cdn-umm.b-cdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.facebook.com tpc.googlesyndication.com ad.ad-srv.net td.doubleclick.net translate.google.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com app.usercentrics.eu uct.service.usercentrics.eu consent.cookiefirst.com versandhandel.dimdi.de/ www.eye-able-cdn.com cdn.eye-able.com userlike-cdn-operators.userlike.com https://firebasestorage.googleapis.com maps.googleapis.com bat.bing.com c.bing.com www.facebook.com www.google.com www.google.de googleads.g.doubleclick.net www.googletagmanager.com y.clarity.ms pubads.g.doubleclick.net ad.doubleclick.net adservice.google.com translate.google.com translate.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com app.usercentrics.eu consent.cookiefirst.com www.eye-able-cdn.com userlike-cdn-umm.b-cdn.net cdn.brevo.com sibautomation.com *.avada.io *.shopify.com www.googletagmanager.com connect.facebook.net bat.bing.com googleads.g.doubleclick.net tpc.googlesyndication.com cdn.matomo.cloud www.clarity.ms pagead2.googlesyndication.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com translate.google.com translate.googleapis.com translate-pa.google.com translate-pa.googleapis.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com consent.cookiefirst.com www.eye-able-cdn.com cdn.eye-able.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.bunny.net www.gstatic.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.usercentrics.eu graphql.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com sibautomation.com in-automate.brevo.com https://get.geojs.io *.avada.io region1.google-analytics.com pagead2.googlesyndication.com cdn.matomo.cloud y.clarity.ms q.clarity.ms www.google.com googleads.g.doubleclick.net translate.googleapis.com translate-pa.googleapis.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com;script-src 'nonce-deeea5ccadd34609877ea93bedc7709b' https://mychart-p.well-net.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mychart-p.well-net.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-_OfD-ie2zo_W4nQB8db1gQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; report-to *.googletagmanager.com; report-uri *.googletagmanager.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.feedbackcompany.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.feedbackcompany.com https://*.tawk.to https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ https://*.tawk.to https://*.doubleclick.net https://www.facebook.com https://assets.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://stellar.vanhelden.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.feedbackcompany.com 'self' data: https://*.sirv.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.tawk.to https://bat.bing.com https://c.bing.com https://cdn.jsdelivr.net https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://googleads.g.doubleclick.net https://tawk.link https://www.google.nl https://www.facebook.com https://i.pinimg.com https://log.pinterest.com https://imgsct.cookiebot.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://ade.googlesyndication.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d2a6mddvzruxpc.cloudfront.net https://stellar.vanhelden.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com https://*.sirv.com https://portal.zakeke.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.convertexperiments.com https://*.googletagmanager.com https://*.hotjar.com https://*.tawk.to https://bat.bing.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://snap.licdn.com https://script.adcalls.nl https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://assets.pinterest.com https://widgets.pinterest.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://s.pinimg.com https://ct.beslist.nl https://cdn.optimizely.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://stellar.vanhelden.nl https://components.vanhelden.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.sirv.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.tawk.to https://v.pinimg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net https://*.sirv.com https://api.zakeke.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://api.adcalls.nl https://bat.bing.com https://cdn.linkedin.oribi.io https://fonts.gstatic.com https://www.facebook.com wss://*.hotjar.com wss://*.tawk.to https://consentcdn.cookiebot.com https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://ct.pinterest.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.metrics.convertexperiments.com https://logs.convertexperiments.com https://*.convertexperiments.com https://ct.beslist.nl https://ad.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://stellar.vanhelden.nl https://components.vanhelden.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.klaviyo.com *.hubspot.com *.logrocket.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/ https://cdn.logrocket.io *.hubspot.com *.hsforms.net c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com *.hubspot.com https://*.instantsearchplus.com *.logrocket.com *.lr-in-prod.com *.hsforms.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com 'unsafe-inline' 'unsafe-eval' *.klaviyo.com https://*.instantsearchplus.com https://*.fastsimon.com https://fastsimon-grid.akamaized.net https://*.akamaized.net https://js.usemessages.com *.logrocket.com *.lr-in-prod.com *.lr-ingest.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.braintree-api.com *.axept.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.klaviyo.com *.fastsimon.com fonts.bunny.net *.logrocket.com *.hubspot.com *.hsforms.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.klaviyo.com *.fastsimon.com https://fastsimon.akamaized.net https://*.akamaized.net *.logrocket.com *.lr-in-prod.com *.lr-ingest.com *.hsforms.net *.hsforms.com *.hs-analytics.net *.hsappstatic.net *.google-analytics.com *.googletagmanager.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.websenso.com;     script-src  'self' 'unsafe-inline' https://*.websenso.com https://*.msem.tech https://*.vercel.app data:;     style-src   'self' 'unsafe-inline' https://*.websenso.com https://*.msem.tech https://*.vercel.app;     img-src     'self' data: https://*.websenso.com https://*.msem.tech https://*.vercel.app https://storage.googleapis.com https://82.127.30.208 https://images.weserv.nl https://wsrv.nl https://*.tile.openstreetmap.org https://tile.openstreetmap.org;     font-src    'self' data:;     frame-src   blob: https://vision-environnement.com https://*.vision-environnement.com https://widget.meteofrance.io https://*.digisnow.app https://www.openstreetmap.org https://www.youtube.com/ https://www.youtube-nocookie.com;     media-src   'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://youtu.be;     connect-src 'self' https://*.websenso.com https://www.outils.date https://*.msem.tech https://*.vercel.app;     report-uri  https://csp-report.appsenso.eu/report.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-9P-kM8xWdvwt_oZv-Lj0yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.awin1.com *.zenaps.com *.wepowerconnections.com *.trackedlink.net *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0c5a6b9b-11e6-49ac-992d-110c7fe8fa86.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-DGQJ3_BXJC0NUl8GoA_uUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-RTR2VdnzYojUq7eFgE3n95M7mwUBR6ml2Q5DJOcRA6k=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
script-src 'self' blob: https://prod-bk-web.nl.rbi.tools/en/static/js/vendor.3c0cad3f.js https://prod-bk-web.nl.rbi.tools/en/static/js/main.bfdcde5c.js https://prod-bk-web.nl.rbi.tools/en/static/js/runtime.030e083a.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.nl.rbi.tools/en/static/js/vendor.9f39e581.js https://prod-bk-web.nl.rbi.tools/en/static/js/main.4b8e044a.js https://prod-bk-web.nl.rbi.tools/en/static/js/runtime.2f8755e5.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.googletagmanager.com/ *.google.com/ *.hotjar.com *.cookiebot.com *.google.ie *.google.de *.webgains.io *.usercentrics.eu *.haendlerbund.de *.ccm19.de 'self' 'unsafe-inline'; img-src 'self' data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com *.google.ie *.google.de *.webgains.io *.cloudfront.net *.usercentrics.eu *.facebook.com *.haendlerbund.de *.ccm19.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ *.instagram.com *.cookiebot.com *.google.ie *.google.de *.webgains.io *.googletagmanager.com *.facebook.com *.facebook.net *.trustedshops.com *.hotjar.com *.cloudfront.net *.amazon.de *.usercentrics.eu *.haendlerbund.de *.ccm19.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com *.haendlerbund.de *.ccm19.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.amazon.de *.facebook.com *.usercentrics.eu *.ccm19.de *.instagram.com *.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'sha256-3+tyz2DpthoovA+zu3/5PDItKWV3orgGp9CQaOyMbWw=' 'nonce-I7dERKzPGamjo3v6MyOOD4mK10iTGIz8tCLTV93deLGPxjsTYbcgk3c9GUvD-n-8' 'strict-dynamic' 1
object-src 'none';base-uri 'self';script-src 'nonce-08OthfsPdzOvS8d5wkOtPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com landofcoder.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com landofcoder.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com landofcoder.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-avFwqxtNFDX-Q-eIkkWtkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.online.fliphtml5.com online.fliphtml5.com www.googletagmanager.com *.google.co.nz c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com images.salsify.com *.cloudflare.com *.google.com *.zip.co https://firebasestorage.googleapis.com https://www.magezon.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.omappapi.com cdnjs.cloudflare.com *.google.co.nz www.gstatic.com www.google.com *.facebook.com *.instagram.com *.addthis.com api.addressfinder.io *.hotjar.com *.zip.co *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cdnjs.cloudflare.com *.omappapi.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.omappapi.com cdnjs.cloudflare.com *.google.co.nz www.gstatic.com www.google.com *.facebook.com *.instagram.com *.addthis.com api.addressfinder.io *.hotjar.com *.zip.co *.cloudfront.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8XbEanD2OmyiXNqDmrZjTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.innoship.ro *.googletagmanager.com *.google.ro *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.tile.openstreetmap.org *.openstreetmap.org magefan.com cm.magefan.com t.themarketer.com cdn1.themarketer.com *.google.ro *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://api.goaffpro.com https://static.goaffpro.com s7.addthis.com *.avada.io t.themarketer.com cdn1.themarketer.com *.google.ro ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com t.themarketer.com cdn1.themarketer.com *.google.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://api.goaffpro.com https://static.goaffpro.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com *.googletagmanager.com *.google.ro https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--UGcHIK4rNbhIlJoZlicqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'strict-dynamic' 'nonce-w+LkBgycpu18JrYzMfG22w==' 'sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=' 'sha384-RuyvpeZCxMJCqVUGFI0Do1mQrods/hhxYlcVfGPOfQtPJh0JCw12tUAZ/Mv10S7D' 'sha384-I7E8VVD/ismYTF4hNIPjVp/Zjvgyol6VFvRkX/vR+Vc4jQkC+hVqc2pM8ODewa9r' 'sha256-AlTido85uXPlSyyaZNsjJXeCs07eSv3r43kyCVc8ChI=' 'sha256-5kTP1GtVzERrwf+MJaNPcX7idt6AAoXDzcgeL9RbcGQ=' https: http:; style-src 'self' https://fonts.googleapis.com https://ajax.googleapis.com 'nonce-w+LkBgycpu18JrYzMfG22w==' https://ka-p.fontawesome.com https://kit.fontawesome.com; style-src-elem 'self' https://p.typekit.net https://use.typekit.net https://ajax.googleapis.com https://fonts.googleapis.com 'nonce-w+LkBgycpu18JrYzMfG22w==' 'sha256-5kTP1GtVzERrwf+MJaNPcX7idt6AAoXDzcgeL9RbcGQ=' https://kit.fontawesome.com https://ka-p.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://ka-p.fontawesome.com https://kit.fontawesome.com/39ef521402.css; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://ka-p.fontawesome.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; require-trusted-types-for 'script'; 1
script-src 'self' https://*.soundcloud.com 'nonce-gwTyp3de8s4onftp5D0H2A=='; default-src 'none' https://vimeo.com; frame-src https://*.soundcloud.com https://player.vimeo.com https://www.youtube.com; font-src 'self'; style-src 'self'; img-src 'self' data: 'unsafe-eval' https://*.staticflickr.com https://*.soundcloud.com https://i.vimeocdn.com 1
font-src api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magenative.com magenative.cedcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SsirO3PYn5MAxh0ZpZEGJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2NyF1uRb_o0ouh8QUUBe0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src-elem maps.gstatic.com maps.googleapis.com fonts.googleapis.com *.gstatic.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com fonts.googleapis.com https://fonts.gstatic.com *.gstatic.com data: https://fonts.bunny.net https://www.google.com https://www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com 'self' *.doubleclick.net *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mitec.com.mx www.google.com *.examedi.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.facebook.com *.sharethis.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://firebasestorage.googleapis.com *.mitec.com.mx *.bird.eu *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.googleapis.com maps.google.com *.gstatic.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.avada.io *.mitec.com.mx www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.jscrambler.com *.examedi.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com maps.gstatic.com maps.googleapis.com *.gstatic.com 'unsafe-inline' 'self' mcstaging.chopo.com.mx www.chopo.com.mx *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://fonts.bunny.net *.googleapis.com *.addtoany.com *.mitec.com.mx *.google.com https://accesosalud.com.mx 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.mercadopago.com.mx https://mercadopago.com.mx https://grupoproa.qualtrics.com *.googleapis.com maps.google.com *.gstatic.com *.sharethis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.mitec.com.mx https://www.google.com https://www.gstatic.com *.jscrambler.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline' https://analytics.aefe.fr/; script-src-attr 'self'; script-src-elem 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; form-action https:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.aerogligli.fr; script-src-elem 'self' 'unsafe-inline' https://www.aerogligli.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.aerogligli.fr; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.aerogligli.fr; img-src 'self' data: blob: https:; font-src 'self' https://fonts.gstatic.com https://www.aerogligli.fr data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' data:; media-src 'self' data: blob:; upgrade-insecure-requests; report-uri /csp-violation-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-7nlU4IvPqpf_2abRTuRrjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://firebasestorage.googleapis.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com https://cdn.jsdelivr.net *.avada.io *.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com unpkg.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src custom.intucdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-AxBnCxZMVj5k9FAQl_kP3g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; script-src 'self' 'nonce-osfMCsgSMmAS4Tm+JFoy3w==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
object-src 'none'; script-src 'nonce-4Q_ChKa7rVUuEcAR1xXoMg4D' 'strict-dynamic' http: https:; base-uri 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.tiendaforastero.cl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com mageside.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' anjuss.com.br *.anjuss.com.br wake-components.fbitsstatic.net anjuss.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.ytimg.com *.anjuss.com.br *.hotjar.io *.hotjar.com *.shoptarget.com.br *.g.doubleclick.net *.google.com *.google.com.br *.lomadee.com *.pagar.me *.mundipagg.com *.yourviews.com.br *.getnet.com.br *.braintree-api.com *.braintreegateway.com checkout.anjuss.com.br *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.g2afse.com *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.azurewebsites.net static.hotjar.com static.fbits.net koin-custom-conector-gateway.fbits.net payments.koin.com.br *.fbits.net *.koin.com.br *.bithome-brasil.com.br plac.bithome-brasil.com.br wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com gstatic.com *.cardinalcommerce.com *.secureacs.com *.cloudfront.net *.s3.amazonaws.com *.cybba.solutions *.rtb123.com *.cybba.us *.amazon-adsystem.com *.adnxs.com *.stackadapt.com *.adsrvr.org *.facebook.net *.licdn.com *.cloudfront.ne *.ads.linkedin.com *.cybbaview.com *.googletagmanager.com *.smct.io *.pinimg.com *.amazonaws.com *.pinterest.com *.dsspn.com *.doubleclick.net *.reclameaqui.com.br d2rp1k1dldbai6.cloudfront.net cybba-bucket.s3.amazonaws.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.anjuss.com.br anjuss.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src https://app-pay.jp https://api.veritrans.co.jp https://api3.veritrans.co.jp https://o983003.ingest.sentry.io https://cognito-idp.ap-northeast-1.amazonaws.com https://cognito-identity.ap-northeast-1.amazonaws.com https://analytics.google.com 'unsafe-inline'; connect-src https://app-pay.jp https://analytics.google.com https://api.veritrans.co.jp https://api3.veritrans.co.jp https://o983003.ingest.sentry.io https://cognito-idp.ap-northeast-1.amazonaws.com https://cognito-identity.ap-northeast-1.amazonaws.com https://stats.g.doubleclick.net https://55altsx9ie.execute-api.ap-northeast-1.amazonaws.com; img-src https:; font-src https:; script-src https://app-pay.jp https://api.veritrans.co.jp https://api3.veritrans.co.jp https://o983003.ingest.sentry.io 'unsafe-inline' https://www.googletagmanager.com; report-uri https://55altsx9ie.execute-api.ap-northeast-1.amazonaws.com/dev/securityReport; report-to https://55altsx9ie.execute-api.ap-northeast-1.amazonaws.com/dev/securityReport 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.pagseguro.com.br *.pagseguro.com *.avada.io *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.pagseguro.com.br *.pagseguro.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' www.google-analytics.com region1.google-analytics.com;default-src 'none';form-action 'self' https://sis.redsys.es/sis/realizarPago https://sis.redsys.es/sis/rest/trataPeticionREST;img-src 'self' https://gestor.artesiete.es/storage/;media-src 'self';object-src 'none';script-src 'self' 'nonce-Rjq8A5vzUeZlPNPqh5iEhUO9WwSDfv7H' 'unsafe-eval' https://unpkg.com/swiper/swiper-bundle.min.js http://unpkg.com/swiper@11.2.6/swiper-bundle.min.js https://www.googletagmanager.com/gtag/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://artesiete.es/js/app.js www.googletagmanager.com/gtag/js;style-src 'self' 'nonce-Rjq8A5vzUeZlPNPqh5iEhUO9WwSDfv7H' 'unsafe-inline' https://unpkg.com/swiper/swiper-bundle.min.css;font-src 'self' data: 1
object-src 'none';base-uri 'self';script-src 'nonce-IZZ9IolFqWu9MZxJd2ZKZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://clients2.google.com/gr/gr_full_2.0.6.js https://clients2.google.com/gr/gr_sync.js https://payments.google.com/payments/v4/js/integrator.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.hi.nIVBKFISBTw.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 1
font-src *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://www.magezon.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.google-analytics.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.termsfeed.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr downloads.mailchimp.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.paypal.com ekr.zdassets.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://staging.atcb2b.gr/; report-to report-endpoint; 1
script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-e93f7e53a27e090a' https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://embed.tawk.to https://cdn.jsdelivr.net https://cdn.lrkt-in.com; script-src-attr 'none' 'report-sample'; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://notify.oasgo.com/csp-report; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.co.kr/api/csp-report; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com https://use.fontawesome.com *.bootstrapcdn.com *.googleapis.com https://fonts.gstatic.com *.twitter.com *.facebook.com nitropack.io *.nitrocdn.com fonts.googleapis.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.addthis.com *.trustpilot.com *.twitter.com *.facebook.com *.vimeo.com *.doubleclick.net nitropack.io https://mkt.avetsetonline.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com https://www.google.es *.google-analytics.com *.twitter.com *.facebook.com *.contentsquare.net nitropack.io *.nitrocdn.com mkt.avetsetonline.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.addthis.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.google-analytics.com googletagmanager.com *.facebook.net graph.facebook.com *.gstatic.com *.moatads.com *.trustpilot.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net cdn.tailwindcss.com cdn.jsdelivr.net https://mkt.avetsetonline.com https://unpkg.com https://*.hotjar.com s7.addthis.com *.avada.io *.shopify.com https://player.vimeo.com https://www.youtube.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com *.gstatic.com *.twitter.com cdn.tailwindcss.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com cdn.jsdelivr.net https://mkt.avetsetonline.com https://fonts.bunny.net http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.contentsquare.net *.google-analytics.com *.nitrocdn.com nitropack.io https://mkt.avetsetonline.com https://unpkg.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://ideo.containers.piwik.pro https://connect.facebook.net https://js-agent.newrelic.com https://cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' https://unpkg.com https://fonts.googleapis.com https://www.gstatic.com;font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com;frame-src 'self' https://*.scorecastbusiness.com https://scorecastbusiness.com https://*.amazonaws.com https://*.playable.com https://playable-agency.leadfamly.com https://player.vimeo.com https://smartsystems.ain.az https://ain.az;frame-ancestors 'self' https://*.scorecastbusiness.com https://scorecastbusiness.com;img-src 'self' 'unsafe-inline' data: blob: https://dev.visualwebsiteoptimizer.com https://cdn.amcharts.com https://translate.google.com https://fonts.gstatic.com https://www.google.bg https://www.googletagmanager.com https://katalog.motivationdirect.pl https://www.google.nl https://stats.g.doubleclick.net https://www.google.no https://www.google.de https://www.google.be https://www.google.ci https://www.google.hr https://www.google.at https://www.google.ba https://www.google.fi https://www.google.it;worker-src 'self' blob:;report-uri https://bat2you.com/PublicApi/ContentSecurityPolicy/Report 1
object-src 'none';base-uri 'self';script-src 'nonce-lA1uBlTXYBELJAHgIbhPvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data:; connect-src 'self' https: https://*.browser-intake-datadoghq.com https://apc.mdlogix.com https://*.appcues.com https://*.appcues.net wss://apc.mdlogix.com wss://*.appcues.net wss://*.appcues.com https://forms.bhworks.io; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https://*.statuspage.io https://apc.mdlogix.com https://*.appcues.com; img-src 'self' https: data: https://apc.mdlogix.com https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net; object-src 'none'; script-src 'self' 'unsafe-inline' api-standard.opentok.com https://*.statuspage.io https://*.freshworks.com www.datadoghq-browser-agent.com https://apc.mdlogix.com https://*.appcues.com https://*.appcues.net https://forms.bhworks.io 'nonce-lErr0TYqmV4l42uL0IFVUA=='; style-src 'self' https: 'unsafe-inline' https://apc.mdlogix.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com https://forms.bhworks.io unsafe-inline; worker-src blob: 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdn.onesignal.com https://onesignal.com https://*.onesignal.com https://connect.facebook.net https://www.clarity.ms https://static.clarity.ms https://*.clarity.ms https://www.tiktok.com https://analytics.tiktok.com https://*.tiktok.com https://www.google.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googleoptimize.com https://*.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://tpc.googlesyndication.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googleadservicesasia.com https://*.adtrafficquality.google https://ep2.adtrafficquality.google; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://onesignal.com https://cdn.onesignal.com https://*.onesignal.com; img-src 'self' data: https: http:; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://*.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://tpc.googlesyndication.com https://*.googlesyndication.com https://*.googleadservices.com https://ep2.adtrafficquality.google https://*.adtrafficquality.google https://www.googletagmanager.com https://*.googletagmanager.com https://www.facebook.com https://*.facebook.com; frame-ancestors 'self'; connect-src 'self' https://prod.biogrenci.com https://sandbox.biogrenci.com https://biogrenci.com https://state.biogrenci.com https://api.netgsm.com.tr https://cdn.onesignal.com https://onesignal.com https://*.onesignal.com https://connect.facebook.net https://www.clarity.ms https://static.clarity.ms https://*.clarity.ms https://q.clarity.ms https://www.tiktok.com https://analytics.tiktok.com https://*.tiktok.com https://region1.google-analytics.com https://ep2.adtrafficquality.google https://www.google.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googleoptimize.com https://*.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://tpc.googlesyndication.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googleadservicesasia.com https://*.adtrafficquality.google ws://127.0.0.1:* 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: blob:; object-src 'none'; base-uri 'self'; manifest-src 'self' https:; media-src 'self'; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://www.biohof.at/ajaxgateway/csp/; 1
default-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
base-uri 'self'; child-src 'self' lakedistrictgivaways.co.uk *.websiteni.com blob:; connect-src 'self' lottie.host *.googleapis.com *.facebook.net *.pay.com api.staging.pay.com api.pay.com metacapi.blaagiveaways.com *.google-analytics.com blaagiveaways.com *.cloudflare.com *.jsdelivr.net *.typekit.net matomo.mckinneycompetitions.com unpkg.com; default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.jsdelivr.net *.cloudflare.com data: *.typekit.net *.cdn-apple.com; form-action 'self' www.facebook.com; frame-ancestors 'self'; frame-src 'self' *.trustpilot.com *.pay.com universal.staging.pay.com universal.pay.com *.cardinalcommerce.com *.youtube.com; img-src 'self' imagedelivery.net maps.gstatic.com maps.googleapis.com data: *.google.com *.facebook.com *.facebook.net blaagiveaways.com *.googletagmanager.com; media-src 'self'; object-src 'self'; script-src 'self' unpkg.com widget.trustpilot.com lottie.host fonts.googleapis.com maps.googleapis.com *.jquery.com *.cloudflare.com *.jsdelivr.net 'unsafe-inline' *.datatables.net 'unsafe-eval' *.facebook.net *.pay.com js.staging.pay.com www.googletagmanager.com *.cdn-apple.com *.checkout.com matomo.mckinneycompetitions.com; style-src 'self' *.cloudflare.com *.jsdelivr.net fonts.googleapis.com widget.trustpilot.com lottie.host 'unsafe-inline' *.datatables.net maps.googleapis.com *.typekit.net unpkg.com; manifest-src 'self'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com webpay3g.transbank.cl webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io mageside.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.finance-calculator.co.uk *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com account.fetchify.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org www.xtento.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com *.finance-calculator.co.uk *.dekopay.com www.xtento.com cdn.xtento.com https://maps.gstatic.com *.sooqr.com *.spotlersearch.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.finance-calculator.co.uk *.dekopay.com *.avada.io www.xtento.com cdn.xtento.com https://maps.googleapis.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com cc-cdn.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.finance-calculator.co.uk *.dekopay.com https://get.geojs.io *.avada.io https://maps.googleapis.com *.sooqr.com *.spotlersearch.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' boutiquedassi.com.br *.boutiquedassi.com.br wake-components.fbitsstatic.net boutiquedassi.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.mercadopago.com api.mercadopago.com secure.mlstatic.com *.mlstatic.com *.mercadolibre.com gstatic.com *.gstatic.com *.boutiquedassi.com.br *.google.com googleads.g.doubleclick.net *.googleadservices.com *.fbits.net *.moip.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.amazonaws.com *.g.doubleclick.net signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.facebook.net *.facebook.com connect.facebook.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.egoi.site cdn-te.e-goi.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.mailbiz.one *.jsdelivr.net *.cloudfront.net d3eq1zq78ux3cv.cloudfront.net *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.google.com.br *.googleapis.com google.com.py google.it google.co.uk google.cl *.google.pt *.com.mx *.co.jp *.bonifiq.com.br widget.bonifiq.com.br wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.pagaleve.io *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.conectiva.io *.sunset.systems *.cartstack.com.br *.cartstack.com *.performa.ai *.cupom.social *.conectiva.app conectiva.io app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai cartstack.com.br app.cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.boutiquedassi.com.br boutiquedassi.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
script-src 'self' https: *.brokerapp.com.br *.google.com *.cloudflare.com *.mapbox.com *.googleapis.com *.cloudflare.com *.jqueryscript.net *.iporto.com.br *.brokercrm.com.br *.googlesyndication.com *.googletagmanager.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src 'self' https: *.googlesyndication.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data:; worker-src data: 'unsafe-eval' 'unsafe-inline' blob: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.icomoon.io i.icomoon.io fonts.googleapis.com *.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors self *.worldpay.com https://www.google.com https://www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com self consentcdn.cookiebot.com *.worldpay.com *.livechatinc.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.google.com/ *.reviews.io *.reviews.co.uk *.weltpixel.com try.access.worldpay.com access.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io mageside.com self maps.googleapis.com *.clarity.ms *.google.com *.google.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.mageside.com https://www.magezon.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com self *.googleapis.com cdn.icomoon.io consent.cookiebot.com *.cardinalcommerce.com youtube.com jquery.sellxed.com *.trackedlink.net ddlnk.net dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com *.gstatic.com *.trustpilot.com cdn.jsdelivr.net *.bugherd.com *.hotjar.com *.livechatinc.com *.myriadpayments.com *.clarity.ms *.klaviyo.com *.worldpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.avada.io *.google.com/ *.reviews.io *.reviews.co.uk https://www.googletagmanager.com tagmanager.google.com try.access.worldpay.com access.worldpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com self cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cdn.icomoon.io i.icomoon.io use.typekit.net p.typekit.net *.cloudfront.net *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.reviews.io *.reviews.co.uk tagmanager.google.com data: *.myriadpayments.com *.klaviyo.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com www.google.co.uk region1.google-analytics.com *.clarity.ms *.klaviyo.com *.livechatinc.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src self cdn.icomoon.io unpkg.com fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com ByramBaby.pxf.io https://www.ojrq.net https://logs-01.loggly.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.certcapture.com https://utt.impactcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com ByramBaby.pxf.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://unpkg.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.hsforms.net *.hsforms.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; object-src 'none'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.multisafepay.com https://pay.google.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blueskytechmage.com mageblueskytech.com placehold.jp *.multisafepay.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.multisafepay.com https://pay.google.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.multisafepay.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ *.multisafepay.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.googleapis.com/ https://fonts.gstatic.com/ *.livechatinc.com/ fonts.googleapis.com *.fontawesome.com https://applepay.cdn-apple.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors *.trustpilot.com/ 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com *.avis-verifies.com/ *.google.com *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.livechatinc.com/ https://secure-magenta.dalenys.com *.trustpilot.com/ www.xtento.com *.payplug.com *.dalenys.com https://applepay.cdn-apple.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://images.unsplash.com https://bat.bing.net/ *.avis-verifies.com/ *.google.com/ *.google.fr/ *.googleapis.com/ *.ggpht.com/ *.gstatic.com/ https://securelinkdigitalks.fr/ a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com www.xtento.com cdn.xtento.com https://secure-magenta.dalenys.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com https://player.vimeo.com *.app-us1.com/ https://bat.bing.com/ https://www.clickcease.com/ https://www.dwin1.com/ *.google.com *.googleapis.com/ *.gstatic.com/ *.livechatinc.com/ https://cdn.payplug.com/ https://lantern.roeyecdn.com/ https://trackcmp.net/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.axept.io/ *.skeepers.io/ *.trustpilot.com/ www.xtento.com cdn.xtento.com https://secure-magenta.dalenys.com https://applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.google.com/ *.googleapis.com/ *.gstatic.com/ *.fontawesome.com cdn.jsdelivr.net https://secure-magenta.dalenys.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com *.monetico-services.com https://bat.bing.net/ *.colissimo.fr/ *.doubleclick.net/ *.google.com/ *.googleapis.com/ *.googlesyndication.com/ *.gstatic.com/ *.livechatinc.com/ *.mapbox.com/ *.onyourmap.com/ maps.googleapis.com *.axept.io/ *.skeepers.io/ *.trustpilot.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.pageuppeople.com *.ckeditor.com *.jsdelivr.net *.cloudflare.com *.createsend1.com *.casey.vic.gov.au *.googleapis.com *.fastly.io *.google.com *.mypurecloud.com.au *.hotjar.com *.gtranslate.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hotjar.io *.snapsendsolve.com www.youtube.com *.openstreetmap.org unpkg.com *powerbi.com *.typekit.net;; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.pageuppeople.com *.ckeditor.com *.jsdelivr.net *.cloudflare.com *.createsend1.com *.casey.vic.gov.au *.googleapis.com *.fastly.io *.google.com *.mypurecloud.com.au *.hotjar.com *.gtranslate.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.snapsendsolve.com connect.facebook.net *.openstreetmap.org unpkg.com *powerbi.com *.typekit.net;; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.pageuppeople.com *.ckeditor.com *.jsdelivr.net *.cloudflare.com *.createsend1.com *.casey.vic.gov.au *.googleapis.com *.fastly.io *.google.com *.mypurecloud.com.au *.hotjar.com *.gtranslate.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.snapsendsolve.com *.openstreetmap.org unpkg.com *powerbi.com *.typekit.net;; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.pageuppeople.com *.ckeditor.com *.jsdelivr.net *.cloudflare.com *.createsend1.com *.casey.vic.gov.au *.googleapis.com *.fastly.io *.google.com *.mypurecloud.com.au *.hotjar.com *.gtranslate.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.au *.openstreetmap.org unpkg.com *powerbi.com data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.pageuppeople.com *.ckeditor.com *.jsdelivr.net *.cloudflare.com *.createsend1.com *.casey.vic.gov.au *.googleapis.com *.fastly.io *.google.com *.mypurecloud.com.au *.hotjar.com *.gtranslate.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hotjar.io wss://ws.hotjar.com *.doubleclick.net *.openstreetmap.org unpkg.com *powerbi.com *.typekit.net;; report-uri /report-csp-violation 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com *.tolkie.nl;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com centrada.ucsnet.nl; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://centrada.nl matomoembraceklantportaal.azurewebsites.net  matomoembracewin.azurewebsites.net *.matomo.cloud consent.cookiebot.com *.tolkie.nl cdnjs.cloudflare.com embed.email-provider analytics.google.com; img-src 'self' data: *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com  umbracowebportalsprod.azureedge.net umbracowebportalsprod.blob.core.windows.net *.cookiebot.com *.tolkie.nl tileserver.embracecloud.nl; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com  *.tolkie.nl cdnjs.cloudflare.com cdn.faceworks.nl ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com *.readspeaker.com *.cloudflare.com *.tolkie.nl; frame-ancestors 'self' ; 1
report-uri https://chaletmanager.report-uri.com/r/d/csp/reportOnly; 1
font-src www.paypalobjects.com *.unpkg.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.packeta.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.unpkg.com https://firebasestorage.googleapis.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.unpkg.com *.avada.io *.shopify.com *.packeta.com *.mailchimp.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.unpkg.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.unpkg.com https://get.geojs.io *.avada.io *.packeta.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-3b6KP6wnCnvVXH3y14m1rs+GtUJPJ9Pa' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline';         script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-1746633616965' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.clarity.ms https://www.youtube.com https://www.googleadservices.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://lett.2buycdn.com;         script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.clarity.ms https://www.youtube.com https://www.googleadservices.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://lett.2buycdn.com;         style-src 'self' 'unsafe-inline' 'nonce-1746633616965' https://use.typekit.net https://p.typekit.net;         style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net;         style-src-attr 'unsafe-inline';         font-src 'self' https://use.typekit.net https://p.typekit.net;         img-src 'self' data: blob: https://www.google-analytics.com https://www.facebook.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.com.br https://*.clarity.ms;         connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.google.com.br https://ad.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://*.clarity.ms;         frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google.com https://6689030.fls.doubleclick.net https://td.doubleclick.net;         frame-ancestors 'self';         object-src 'none';         base-uri 'self';         form-action 'self';         upgrade-insecure-requests;         report-uri https://www.claybom.com.br/server/csp-report.php 1
font-src *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.iubenda.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.iubenda.com *.alothemes.com *.magepow.com https://www.mollie.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.iubenda.com s7.addthis.com *.alothemes.com *.magepow.com js.mollie.com *.googleapis.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com https://*.ttwstatic.com https://*.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://*.ttwstatic.com https://*.tiktok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.iubenda.com ekr.zdassets.com/ *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://*.ttwstatic.com https://*.tiktok.com https://mssdk-i18n.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-7c880ab1b139406cbfdff9603f8e6993'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-7c880ab1b139406cbfdff9603f8e6993'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=146-8037948-6528502:rid=1CC630D5663B4A888394:sn=www.amazongamestudios.com 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://fonts.gstatic.com https://use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com ipinfo.io https://vars.hotjar.com https://4914179.fls.doubleclick.net https://pixel.mathtag.com www.facebook.com https://bid.g.doubleclick.net ssl.widgets.webengage.com https://zc2ab3220.webengage.co https://z2024bb90.webengage.co googletagmanager.com td.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.com https://www.google.co.in https://ds0rwwup944qj.cloudfront.net https://www.googletagmanager.com https://www.facebook.com https://script.hotjar.com https://images.notifications-icommkt.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.e-compreahora.com https://connect.facebook.net https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://dgn3cmgewqdgl.cloudfront.net https://afiles.webengage.com https://maps.gstatic.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page landofcoder.com ipinfo.io https://d12zyq17vm1xwx.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://storage.cdn.braindw.com https://s.braindw.com https://www.paypal.com https://www.sandbox.paypal.com https://externalassets.icommarketing.com https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://c.webengage.com https://static.zdassets.com https://bam.nr-data.net https://use.fontawesome.com https://maps.googleapis.com cdn.widgets.webengage.com rum.hlx.page 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com landofcoder.com ipinfo.io https://s.braindw.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://in.hotjar.com wss://ws14.hotjar.com https://script.crazyegg.com https://www.facebook.com https://bam-cell.nr-data.net https://www.google-analytics.com https://unileverbrazil.demdex.net https://surveystats.hotjar.io https://u.braindw.com https://track-icommkt.com https://gstatic.com https://vc.hotjar.io wss://ws12.hotjar.com wss://ws2.hotjar.com https://ws12.hotjar.com https://ws2.hotjar.com https://www.paypal.com https://www.sandbox.paypal.com https://p.braindw.com https://connect.facebook.net https://cdn.cookielaw.org https://c.webengage.com https://ekr.zdassets.com https://martech2364.zendesk.com https://bam.nr-data.net https://maps.googleapis.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/request/v1/consentreceipts 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data:; connect-src 'self' https://plausible.io *.webanalytics.italia.it *.sentry.io *.sentry-cdn.com *.opencontent.io *.opencontent.it *.opencityitalia.it *.stanzadelcittadino.it wss://stregatto.opencityitalia.it https://nominatim.openstreetmap.org https://servizi.comune.trento.it; font-src 'self' data: *.opencontent.io *.opencontent.it *.opencityitalia.it; frame-src 'self' *.youtube.com *.vimeo.com; img-src 'self' data: blob: https://flyimg.opencityitalia.it https://flyimg-qa.opencityitalia.it *.openstreetmap.org *.ytimg.com https://s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://www.googletagmanager.com *.sentry-cdn.com *.webanalytics.italia.it *.opencontent.io *.opencontent.it *.opencityitalia.it https://servizi.comune.trento.it; style-src 'self' 'unsafe-inline' https:; report-uri https://csp-collector.opencontent.it/csp?env=production&app=cms; worker-src 'self' blob: 1
default-src 'self' data:; connect-src 'self' https://plausible.io *.webanalytics.italia.it *.sentry.io *.sentry-cdn.com *.opencontent.io *.opencontent.it *.opencityitalia.it *.stanzadelcittadino.it wss://stregatto.opencityitalia.it https://nominatim.openstreetmap.org https://servizi.comune.vicenza.it; font-src 'self' data: *.opencontent.io *.opencontent.it *.opencityitalia.it; frame-src 'self' *.youtube.com *.vimeo.com; img-src 'self' data: blob: https://flyimg.opencityitalia.it https://flyimg-qa.opencityitalia.it *.openstreetmap.org *.ytimg.com https://s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io https://www.googletagmanager.com *.sentry-cdn.com *.webanalytics.italia.it *.opencontent.io *.opencontent.it *.opencityitalia.it https://servizi.comune.vicenza.it; style-src 'self' 'unsafe-inline' https:; report-uri https://csp-collector.opencontent.it/csp?env=production&app=cms; worker-src 'self' blob: 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com *.magento-ds.com www.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://apisandbox.cieloecommerce.cielo.com.br/ https://apiquerysandbox.cieloecommerce.cielo.com.br/ https://api.cieloecommerce.cielo.com.br/ https://apiquery.cieloecommerce.cielo.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://developer.adobe.com https://magento.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com https://developer.adobe.com https://*.adobe.com https://fonts.googleapis.com https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com https://developer.adobe.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';   script-src 'self' *.catalyst-analytics.nz 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googleadservices.com https://www.youtube.com https://screenpal.com https://go.screenpal.com https://www.cotronline.ca https://www.opinionstage.com https://api.ca.kaltura.com https://screencast-o-matic.com https://admin.video.ubc.ca https://e.infogram.com https://code.jquery.com/jquery-3.6.0.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js;   style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.honey.io https://api.ca.kaltura.com https://www.google.com https://www.cotronline.ca https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css;   object-src 'self' https://www.cotronline.ca;   base-uri 'self';   img-src 'self' data: blob: https://www.google-analytics.com https://www.googletagmanager.com https://img.youtube.com https://vodcdn.ca.kaltura.com https://books.google.ca https://h5p.org https:;   font-src 'self' https://fonts.gstatic.com https://www.cotronline.ca https://cdn.jsdelivr.net https://api.ca.kaltura.com https://cdn.jsdelivr.net https://account.affilitizer.com https://cdn.scite.ai https://use.typekit.net data: moz-extension: about:;   connect-src 'self' data: blob: https://api.smartblocker.org https://api.fbanalytics.org https://www.google-analytics.com https://api.amcreativemedia.com https://vodcdn.ca.kaltura.com https://kaltura.cotr.bc.ca https://kaltura.com https://api.adblocking247.com https://api.highdataanalytics.com https://www.opinionstage.com https://api.ca.kaltura.com https://region1.google-analytics.com https://api.global-data-lab.com https://api.earthyandenergy.com;   form-action 'self' https://www.cotronline.ca https://lmslink.bfwpub.com https://kaltura.cotr.bc.ca;   frame-ancestors 'self' https://www.cotronline.ca https://linkedin.com https://wileyplus.com https://macmillan.com https://vodcdn.ca.kaltura.com https://kaltura.cotr.bc.ca https://www.youtube.com https://login.microsoftonline.com;   frame-src 'self' https: https://linkedin.com https://wileyplus.com https://macmillan.com https://www.youtube.com https://vodcdn.ca.kaltura.com https://kaltura.cotr.bc.ca https://cotr.libguides.com https://www.cotronline.ca https://cotrbc.sharepoint.com https://lti.education.wiley.com https://login.microsoftonline.com https://support.office.com https://webshell.suite.office.com;   media-src 'self' data: https://vodcdn.ca.kaltura.com https://kaltura.cotr.bc.ca https://www.grammarunderground.com https://stream.virtuallabschool.org https://21903.mc.tritondigital.com https://ssl.gstatic.com https://www.cotronline.ca blob:;   child-src 'self' https://vodcdn.ca.kaltura.com https://kaltura.cotr.bc.ca; worker-src 'self' blob:; report-uri https://www.cotronline.ca/local/csp/collector.php?uid=0&cid=1 1
font-src https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://static.hotjar.com https://v2.zopim.com https://static.zdassets.com https://configusa.veinteractive.com *.disqus.com *.googletagmanager.com *.facebook.net www.termsfeed.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://static.hotjar.com https://*.zendesk.com https://*.zdassets.com wss://widget-mediator.zopim.com *.google-analytics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' csx.okta.com logon.csx.com *.oktacdn.com; connect-src 'self' csx.okta.com csx-admin.okta.com logon.csx.com *.oktacdn.com *.mixpanel.com *.mapbox.com csx.kerberos.okta.com csx.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: logon.shipcsx.com *.ingest.sentry.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/sm/; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' csx.okta.com logon.csx.com *.oktacdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/gh/altcha-org/altcha/dist/altcha.min.js; style-src 'unsafe-inline' 'self' 'report-sample' csx.okta.com logon.csx.com *.oktacdn.com; frame-src 'self' csx.okta.com csx-admin.okta.com logon.csx.com login.okta.com *.vidyard.com com-okta-authenticator: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ api-7d96e6a9.duosecurity.com; img-src 'self' csx.okta.com logon.csx.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' csx.okta.com logon.csx.com data: *.oktacdn.com fonts.gstatic.com; worker-src 'self' blob:; frame-ancestors 'self' https://csxcrewlife.com https://sts1.csx.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' daju.com.br *.daju.com.br wake-components.fbitsstatic.net daju.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.reclameaqui.com.br *.googleadservices.com *.pagar.me *.mundipagg.com static.hotjar.com script.hotjar.com imgs.ebit.com.br stats.g.doubleclick.net googleads.g.doubleclick.net vc.hotjar.io daju.fbitsstatic.net *.ebit.com.br *.getnet.com.br google.com.uy google.it translate.googleapis.com google.com.br *.googletagmanager.com googletagmanager.com *.fbitsstatic.net *.facebook.net *.hotjar.io *.google.com.br googleadservices.com connect.facebook.net wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com ct.pinterest.com *.pinterest.com wake.koin.com.br s.pinimg.com *.pinimg.com paypal-wake.s3.us-east-1.amazonaws.com *.g.doubleclick.net *.googleapis.com google.com.tr *.com.tr *.co.id google.co.id google.de *.google.de google.se *.google.pt google.pt google.co.uk *.google.cl google.cl translate-pa.googleapis.com google.co.in *.co.in *.google.nl google.nl google.ca *.google.ae google.ae google.com.ar *.com.ar *.google.ca *.co.uk accounts.google.com *.google.com *.com.uy google.com *.google.es google.es google.ie *.google.ie *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io facebook.com *.facebook.com facebook.com.x.b6b226c70cf6c04a3c0b1370600a461e86eb.9270ee44.id.opendns.com *.com.x.b6b226c70cf6c04a3c0b1370600a461e86eb.9270ee44.id.opendns.com *.com.x.218224e50829d0495009ec90c8ea5c9dabf5.9270ee44.id.opendns.com facebook.com.x.218224e50829d0495009ec90c8ea5c9dabf5.9270ee44.id.opendns.com g.clarity.ms *.clarity.ms b.clarity.ms clarity.ms *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com wake-commerce-scripts.omni.chat *.pagoexpress.com.br *.amazonaws.com *.unpkg.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.daju.com.br daju.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-tRqqal5RVX98ILecj3zztA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net player.vimeo.com *.youtube.com js.mollie.com *.cookiebot.com *.kiyoh.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://www.mollie.com *.zendesk.com *.zdassets.com *.cookiebot.com *.facebook.com *.google.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.mollie.com *.zendesk.com *.zdassets.com *.cookiebot.com *.dwin1.com *.hotjar.com *.facebook.net *.roeyecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.zendesk.com *.zdassets.com *.cookiebot.com *.doubleclick.net *.analytics.google.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shop.dejongmarinelife.nl/; report-to report-endpoint; 1
report-uri /csp/report/;base-uri 'self';default-src 'self';script-src 'self' 'unsafe-inline' https: 'nonce-ge4zY-uXRrhSmg' 'strict-dynamic';frame-src 'self' https://subscription-management.paddle.com https://buy.paddle.com;style-src 'self' 'unsafe-inline' https://cdn.paddle.com/;img-src 'self' https://cdn.paddle.com/ blob: data:;object-src 'none';connect-src 'self' https://plausible.io/ wss://deva.guru ws://deva.guru; 1
object-src 'none';base-uri 'self';script-src 'nonce-7jLd_dRyNwX2QxvpEECYdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' lib.hmcms.nl *.digiplein.com www.googletagmanager.com *.googleapis.com *.google-analytics.com www.gstatic.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.livechatinc.com; frame-src 'self' *.digiplein.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.livechatinc.com; object-src 'self' *.digiplein.com *.livechatinc.com; report-uri https://lib.hmcms.nl/api/csp-report-only.json?host=www.digiplein.com 1
default-src 'self'; script-src 'self' 'nonce-H9Fp9vJv2xvpQUPhDCSsJA==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.disonsdemain.be *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.disonsdemain.be; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
script-src-elem *.googleapis.com assets.adobedtm.com *.cardinalcommerce.com local.dochorse.nl *.hypernode.io; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com data: *.fontawesome.com *.cloudflare.com fonts.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cookiebot.com *.hotjar.com *.criteo.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.sendcloud.sc *.jsdelivr.net js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.placeholder.com *.linkedin.com *.cookiebot.com *.hypernode.io *.google.com *.google.cn *.cloudfront.net https://images.unsplash.com 'self' data: *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazonaws.com flagpedia.net https://www.mollie.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.newrelic.com bam-cell.nr-data.net bam.nr-data.net *.cookiebot.com *.googleapis.com widget.thuiswinkel.org *.hotjar.com *.criteo.net *.criteo.com api.widget.trengo.eu static.widget.trengo.eu *.trustpilot.com vanerkel.zendesk.com static.zdassets.com chimpstatic.com *.cardinalcommerce.com *.authorize.net *.bing.com *.doubleclick.net *.hypernode.io https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sendcloud.sc maps.googleapis.com js.mollie.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.thuiswinkel-cdn.org *.googleapis.com *.hypernode.io *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.klaviyo.com *.sendcloud.sc *.jsdelivr.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com bam-cell.nr-data.net *.cookiebot.com api.widget.trengo.eu *.thuiswinkel-cdn.org *.hotjar.com wss://ws17.hotjar.com *.google-analytics.com vanerkel.zendesk.com *.zdassets.com *.doubleclick.net *.zopim.com wss://widget-mediator.zopim.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.googlesyndication.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com www.gstatic.com maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-hRSgL9NhkaUSrGxf9PjQOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://event.lib.visumo.io https://tagdelivery.visumo.io https://www.visumo.jp https://video.visumo.jp https://ajax.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'static.mul-pay.jp' 'p01.mul-pay.jp'; img-src 'self' http://donavi.ne.jp https://image.visumo.io https://video.visumo.io https://video.visumo.jp https://media.visumo.io data: https://www.visumo.jp https://s3-ap-northeast-1.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data:; connect-src 'self' https://video.visumo.io https://video.visumo.jp https://media.visumo.io https://contents.visumo.io https://track.api.visumo.io https://dc.services.visualstudio.com https://dpolc4ci3j.execute-api.ap-northeast1.amazonaws.com https://www.visumo.jp https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.visumo.jp; media-src 'self' https://video.visumo.io https://video.visumo.jp https://media.visumo.io blob:; worker-src 'self' blob:; frame-src www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; report-to csp-endpoint; 1
report-uri https://www.dovetailhome.com/api/reporting/;  report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com static.klaviyo.com uicaz.dreams.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com network-eu-a.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.jsdelivr.net consent.cookiebot.com widget.trustpilot.com apps.bazaarvoice.com bazaarvoice.com network-eu-a.bazaarvoice.com connect.facebook.net static.hotjar.com www.google.co.uk static.klaviyo.com js.stripe.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src app.moonlightcrm.com d3v2ir16k1una.cloudfront.net use.typekit.net cdn.jsdelivr.net consent.cookiebot.com widget.trustpilot.com apps.bazaarvoice.com bazaarvoice.com network-eu-a.bazaarvoice.com connect.facebook.net static.hotjar.com www.google.co.uk static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net;                                     img-src 'self' https://chatbot.ecbeing.io https://static.xx.fbcdn.net https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://ajax.googleapis.com https://analytics.twitter.com https://api3.veritrans.co.jp https://bat.bing.com https://masvc-prod02-function-outside-accesslog.azurewebsites.net https://px.ladsp.jp https://qr-official.line.me https://t.co https://www.facebook.com https://www.google.co.jp https://www.google.com https://ygd-ard-ixa6o8tp.landinghub.site data:;                                     font-src 'self' https://maxcdn.bootstrapcdn.com data:;                                     connect-src https://chatbot.ecbeing.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://act.hera.d2c.ne.jp https://airport.landinghub.cloud https://analytics.google.com https://analytics.tiktok.com https://bat.bing.com https://demo-1.conversionsapigateway.com https://drinco.jp https://stats.g.doubleclick.net https://tr.outbrain.com https://trace.popin.cc https://trc-events.taboola.com https://www.google.co.jp https://www.google.com;                                     script-src 'self' 'unsafe-inline' https://chatbot.ecbeing.io https://connect.facebook.net https://static.xx.fbcdn.net https://*.googletagmanager.com https://www.googletagmanager.com https://airport.landinghub.cloud https://ajax.googleapis.com https://api.kaiu-marketing.com https://app2.blob.core.windows.net https://dmp.im-apps.net https://googleads.g.doubleclick.net https://masvcuploadprod02storage.blob.core.windows.net https://px.ladsp.com https://sslwidget.criteo.com https://static.criteo.net https://tag.eisa.mercari.com https://www.google-analytics.com;                                     frame-src https://www.facebook.com https://www.googletagmanager.com https://9192700.fls.doubleclick.net https://9897441.fls.doubleclick.net https://acs-jcn.dnp-cdms.jp https://api3.veritrans.co.jp https://app.botchan.chat https://dig3ds.cafis-paynet.jp https://dig-acs2.cafis-paynet.jp https://gum.criteo.com https://methodurl.vcas.visa.com;                                     style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://chatbot.ecbeing.io https://app2.blob.core.windows.net https://maxcdn.bootstrapcdn.com;                                     media-src https://chatbot.ecbeing.io https://ygd-ard-ixa6o8tp.landinghub.site;                                     report-to                                         csp-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-oy2w-HDg16ejiCAn1iC5_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://static.zdassets.com https://ekr.zdassets.com https://*.cloudflare.com https://stackpath.bootstrapcdn.com https://*.sectigo.com https://secure.trust-provider.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://secure.trust-provider.com https://www.sectigo.com https://v2assets.zopim.io; font-src 'self' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net; connect-src 'self' https://*.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://*.sectigo.com https://secure.trust-provider.com https://region1.google-analytics.com https://e-tutungerie.zendesk.com wss://widget-mediator.zopim.com; media-src 'self' https://static.zdassets.com; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-aWKhGxGS7QwBlf-BUOrQKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'sha256-8xLuOsMDZxJH+r9geHmiRzHgDq3FFPCCB10H1UKehtY=' https://www.googletagmanager.com https://gso.kommo.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com; script-src-elem 'self' 'sha256-8xLuOsMDZxJH+r9geHmiRzHgDq3FFPCCB10H1UKehtY=' https://www.googletagmanager.com https://gso.kommo.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://gso.kommo.com; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://gso.kommo.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: https:; frame-src https://www.googletagmanager.com https://challenges.cloudflare.com https://gso.kommo.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://gso.kommo.com https://form.ecuafact.com https://challenges.cloudflare.com; form-action 'self' https://form.ecuafact.com; report-uri /csp-report; report-to csp-endpoint; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com fonts.googleapis.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com diorassets.blob.core.windows.net player.freecaster.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com *.koin.com.br *.googletagmanager.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.koin.com.br *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.weltpixel.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.adobedtm.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com *.gocuotas.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com res.sugaway.io parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com c.clarity.ms www.google.com.ar www.mercadopago.com.ar c.bing.com diorassets.blob.core.windows.net player.freecaster.com maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.koin.com.br *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.gocuotas.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com js-agent.newrelic.com www.clarity.ms maps.google.com live.decidir.com fpcdn.io assets-cdn.woowup.com diorassets.blob.core.windows.net player.freecaster.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com cdn.jsdelivr.net diorassets.blob.core.windows.net player.freecaster.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com diorassets.blob.core.windows.net player.freecaster.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.despegar.com *.googletagmanager.com maps.googleapis.com chart.googleapis.com *.gocuotas.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com google.com i.clarity.ms n.clarity.ms z.clarity.ms parfumerie.zendesk.com pod-20.zendesk.com bam.nr-data.net api.fpjs.io rum-collector-2.pingdom.net diorassets.blob.core.windows.net player.freecaster.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none' ; frame-ancestors 'self' ; script-src 'unsafe-hashes' 'sha256-jnrezKwUlgVdFquH9KYL6xv4oL0YN6t+2/D+I4xbaVo=' 'sha256-Twng0R1ewAeCS1n9EQ583mH+lDwxQFqQUMDiyzv2cYA=' cariai.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.hubspotusercontent00.net ; connect-src cariai.com google.com *.arus.com.co *.suaporte.com.co *.doubleclick.net *.google.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com enlace.com.co px.ads.linkedin.com *.clarity.ms analytics.google.com *.hsforms.net cdn.jsdelivr.net static.hsappstatic.net ; img-src cariai.com *.doubleclick.net *.linkedin.com static.hsappstatic.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net *.hubspotusercontent00.net cdn2.hubspot.net *.hsforms.net *.hsforms.com enlace.com.co *.suaporte.com.co img.youtube.com *.hubspotusercontent-na1.net *.facebook.com px.ads.linkedin.com tracker.metricool.com *.clarity.ms www.google.com www.google.com.co c.bing.com ; object-src 'none' ; font-src data: blob: https: ; style-src cariai.com *.hubspotusercontent-na1.net 'sha256-9PFMqzWknAKc58OdAtySyqp4qPWGGIsGgxS7K90Ln0g=' 'sha256-48BWQDJGYn73RS8kKOtzoMHNYXHuNFheO8gpJZWD/v0=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Rilei2X8YIvp5aIpDmT37tsxcdGrjZEFgUGyS7TE4t0=' 'sha256-vdjS6QwAuiCcShI+nQUTWSOjdgwH00uHV5GKej2SUQQ=' 'sha256-j/qKNHw99Ja677za8zncaV6EdO/3XiyepUbbirmXOJw=' cdn.jsdelivr.net *.hubspot.net fonts.googleapis.com enlace.com.co 'sha256-nMxMqdZhkHxz5vAuW/PAoLvECzzsmeAxD/BNwG15HuA=' 'sha256-iXK0fBvnFJNCfTqqQLcgHlSA5xzynrWuDvNB3TvzPMc=' 'sha256-4k7ctMEOr0TFHgEsUvTVaR3fsvmZ3jMWlvYe1fVV73k=' 'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk=' 'sha256-p4cncjf0hAIeTSS5tXecf7qTUanDC27KdlKhT9eOsZU=' 'sha256-j0bVhc2Wj58RJgvcJPevapx5zlVLw6ns6eYzK/hcA04=' 'sha256-GwbbsqSjVWhofrzn0IMdRMQKBz6MBZLaL/U9uOGqy9E=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-6AWW230wp6thfBFyWxXvhDEsaZ3YtS5sBDvT5qV7Ytw=' 'sha256-+YWRMZ88jMyO7jVlBA52tZADiPobPIUA8LAWee68Fvs=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-VGvuv7G+fUt6nak80rZ33Ptnb3TpMxUkDVLNELqCjs0=' 'sha256-i9ltWAvqhjqPS4RP2VlA/tCB06IcsWttI6JleyxY14g=' 'sha256-jvNkbGuyqiY0QKh7yErsWdmD2+kcmtgy2g0GKhD1/eM=' 'sha256-HKEG7RQBtnAA0hZRF/C4T99R9QOL9DzBPRQbn5VNuzQ=' 'sha256-8tNMJVNiLE9XUFY2jvu8FTiGiqillxC68FtHMyzhlLI=' 'sha256-NugfhhJHFN8ab5ins9DoUFIX7i7OhkkvaH+nh6H6Y3M=' 'sha256-n1f1YLx5sgprVAQpNRr/7oSjgjqnwhbKarzDwfe0hTQ=' 'sha256-VlK2zmliASjNOVYVF6wWb/+55Dkbtmgaat3KRkNE6uI=' 'sha256-2j+NsrE/qRlmhkADxLdqK0AALIC4Gcc77SVRgwXmYCc=' 'sha256-9aOomYnrHktS9iYzWLTEB569s+jQvb7BKUoa+34qBNU=' 'sha256-T9BxZ3tMjJiIHzH93B+3OTFXqIz6NFP05qGdUinvNdQ=' 'unsafe-hashes' ; style-src-elem static.hsappstatic.net fonts.googleapis.com enlace.com.co 'unsafe-inline' cdn2.hubspot.net cdn.jsdelivr.net *.hubspotusercontent-na1.net ; frame-src *.hsforms.com cariai.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.youtube.com *.twitter.com *.google.com *.hs-sites.com ; base-uri 'self'; form-action 'self' https://forms.hsforms.com; 1
frame-src https://celesio.file.force.com *.force.com https://player.vimeo.com https://content.instrumentation.getconga.com https://*.aah.co.uk https://www.linkedin.com 'self' https://stats.g.doubleclick.net *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://celesio.my.site.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es https://*.googleapis.com https://gbr122.sfdc-5pakla.salesforce.com *.adis.ws https://www.gstatic.com https://celesio--c.um3.content.force.com https://composer.congamerge.com https://*.onetrust.com https://*.youtube.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://www.google.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video https://region1.google-analytics.com *.youtube.fr https://cdn-ukwest.onetrust.com https://*.salesforce.com https://region1.analytics.google.com https://*.a.forceusercontent.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com https://data.instrumentation.getconga.com *.brightcove.net *.youtube.com https://ssl.gstatic.com https://*.supplier-point.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com https://*.cookielaw.org *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://youtu.be *.youtube.com.br *.salesforce-experience.com https://*.aah-point.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://celesio.my.salesforce-scrt.com https://celesio--4cdevflu--livepreview.cs110.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net https://*.force.com *.youtube.ca https://location.force.com *.vidyard.com https://*.linkedin.com https://*.trustarc.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://*.medecator.co.uk https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://try.abtasty.com https://px.ads.linkedin.com https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://www.google.co.uk *.youtube.pl; report-to sfdc-csp-ep; report-uri https://celesio.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D24000000aWJn&networkId=0DM4H0000005Qv9&type=communities 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' esportelegal.com.br *.esportelegal.com.br wake-components.fbitsstatic.net esportelegal.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com online-metrix.net googlesyndication.com googleadservices.com traycheckout.com.br yapay.com.br clearsale.com.br doubleclick.net ebit.com.br hertzen.com cloudflare.com k-analytix.com hotjar.io cloudfront.net hotjar.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.googlesyndication.com *.online-metrix.net *.googleadservices.com *.traycheckout.com.br *.yapay.com.br *.cloudflare.com *.k-analytix.com *.ebit.com.br *.hertzen.com *.clearsale.com.br *.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.googletagmanager.com *.rdstation.com.br pageview-notify.rdstation.com.br pages.rdstation.com.br googletagmanager.com hits-banner-cloud-function.azurewebsites.net *.azurewebsites.net *.google.com.br *.clearsale.com.br *.g.doubleclick.net *.google-analytics.com google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net google.com.br *.criteo.com *.criteo.net bat.bing.com *.directtalk.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com d3bo67muzbfgtl.cloudfront.net api.edrone.me signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.smarthint.co gstatic.com *.fbits.store *.adyen.com d3vhsxl1pwzf0p.cloudfront.net api-s.edrone.me dgk28ckagqims.cloudfront.net d2vfa2a1j2oldr.cloudfront.net *.edrone.me wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com checkout.esportelegal.com. connect.facebook.net *.facebook.net *.sandbox.3dsecure.io maps.googleapis.com *.googleapis.com saltcdn2.googleapis.com translate.googleapis.com translate-pa.googleapis.com cdn.lightwidget.com *.lightwidget.com *.esportelegal.com.br esportelegal.com.br fbitsstatic.net *.fbitsstatic.net .googletagmanager.com vindi.com.br *.vindi.com.br *.facebook.com facebook.com fbits.net *.fbits.net youtube.com *.youtube.com *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.esportelegal.com.br esportelegal.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cdn.userway.org; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.userway.org data: sppagebuilder.com; connect-src 'self' cdn77.api.userway.org api.userway.org; script-src 'self' cdn.userway.org ajax.googleapis.com maxcdn.bootstrapcdn.com 'sha256-N/4d8ewez3Wzx5WmnOwGLZfRBddPWJMlVZKikRqRiQo=' 'sha256-fjHH/hDGedQwWCxjrFtTeJTwaWHkUA4R2FtSczrt+nE=' 'sha256-lysybRP1rtnmYhULZgz5WbX8hVhH60eBe6B+Wf6Kfio=' 'sha256-wZIG9cCx5f/yTZaMx2nTU3dg4bIInmA2Y4RaB3cwgbM=' 'sha256-200wrhX/wS06hTi8A0Zb9eqnXkmPo5X3Z/gq2KpwoDI=' https://www.youtube.com; frame-src 'self' http://www.youtube.com; 1
default-src 'none'; child-src 'self' https://*.stockholm.se; connect-src 'self' data: *.rekai.se https://*.mediaflow.com https://*.mediaflowpro.com https://*.stockholm.se https://consent.app.cookieinformation.com https://esp-eu.aptrinsic.com https://familjebostader.containers.piwik.pro https://familjebostader.piwik.pro https://infragrid.v.network https://mfstatic.com https://predict.rek.ai https://predict.rekai.se https://translate-pa.googleapis.com https://view.rekai.se https://www.familjebostader.com https://www.google.com https://www.google-analytics.com policy.app.cookieinformation.com; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://*.stockholm.se https://at.alicdn.com https://cdn.scite.ai https://fonts.gstatic.com https://mfstatic.com; form-action 'self' https://*.stockholm.se; frame-src 'self' https://*.mediaflow.com https://*.mediaflowpro.com https://*.stockholm.se https://aptusportalen.familjebostader.com https://export.objektvision.se https://stockholmsstad.varbi.com https://via.tt.se https://www.google.com https://www.youtube.com policy.app.cookieinformation.com; img-src 'self' blob: data: https://*.familjebostader.com https://*.mediaflow.com https://*.mediaflowpro.com https://*.stockholm.se https://cdn.honey.io https://familjebostader.piwik.pro https://fonts.gstatic.com https://jonypractic.net https://maps.googleapis.com https://mfstatic.com https://translate.google.com; media-src 'self' blob: data: https://*.mediaflow.com https://*.mediaflowpro.com https://*.stockholm.se; script-src-attr 'self' 'unsafe-inline' https://*.stockholm.se; script-src-elem 'self' 'unsafe-inline' blob: *.rekai.se https://*.stockholm.se https://cdnjs.cloudflare.com https://connect.facebook.net https://familjebostader.containers.piwik.pro https://gc.kis.v2.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://mfstatic.com https://policy.app.cookieinformation.com https://secured-pixel.com https://static.rekai.se https://via.tt.se https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.gstatic.com policy.app.cookieinformation.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.stockholm.se https://connect.facebook.net https://familjebostader.containers.piwik.pro https://policy.app.cookieinformation.com https://static.rekai.se; style-src-elem 'self' 'unsafe-inline' http://www.familjebostader.com https://*.familjebostader.com https://*.stockholm.se https://fonts.googleapis.com https://gc.kis.v2.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://mfstatic.com https://web-sdk-eu.aptrinsic.com https://www.familjebostader.com https://www.gstatic.com; style-src-attr 'unsafe-inline' https://*.stockholm.se; style-src 'unsafe-eval' 'unsafe-inline' http://www.familjebostader.com https://*.stockholm.se https://www.familjebostader.com; worker-src blob: https://*.stockholm.se; frame-ancestors https://*.stockholm.se https://www.familjebostader.com; base-uri https://*.stockholm.se; manifest-src https://*.stockholm.se; object-src https://*.stockholm.se; report-to stott-security-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com landofcoder.com maps.googleapis.com chart.googleapis.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com maps.googleapis.com chart.googleapis.com *.avada.io *.shopify.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.fontawesome.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-yL_QvEQXTz9z4swlAfuh3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S5cLBAhj38tW164pJZGlUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Mdw_3aXI8TtzFg-MpdbjBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'nonce-9ccEtwEGciEV5wkd36+K+A==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
object-src 'none';base-uri 'self';script-src 'nonce-HT0ntcmFKjJJdvYEcimvZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rVh4L2n-bAL-U8ULPgmd6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://fol.focalscope.com https://ajax.googleapis.com https://policy.app.cookieinformation.com https://cdn.matomo.cloud https://www.clarity.ms https://scripts.clarity.ms https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com;object-src 'none';style-src 'self' 'unsafe-inline' https://fol.focalscope.com;img-src 'self' https://www.github.com https://our.umbraco.com https://www.google.com https://www.bing.com https://www.google.dk https://fol.focalscope.com https://www.facebook.com https://www.googletagmanager.com https://connect.facebook.net https://www.gravatar.com https://dashboard.umbraco.com https://*.clarity.ms https://c.bing.com https://*.tile.openstreetmap.org https://github.com https://www.googleadservices.com data:;media-src data:;frame-src 'self' https://policy.app.cookieinformation.com https://fol.focalscope.com https://www.googletagmanager.com https://marketplace.umbraco.com https://app.heyloyalty.com https://www.facebook.com;font-src 'self' data:;connect-src 'self' https://api.folkeferie.dk https://policy.app.cookieinformation.com https://www.facebook.com https://*.clarity.ms https://region1.analytics.google.com https://folkeferie.matomo.cloud https://stats.g.doubleclick.net https://consent.app.cookieinformation.com https://region1.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.google.dk https://www.googletagmanager.com;report-uri /umbraco/ahyw7k26dyh29 1
default-src 'self' https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.facebook.net https://*.amazonaws.com https://*.adtrafficquality.google https://www.gstatic.com/ https://checkout.pay.jp https://*.akamaized.net https://*.speee-ad.jp; img-src 'self' https://*.cloudfront.net https://*.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.co.jp https://*.trafficgate.net https://*.googlesyndication.com https://*.google.com https://checkout.pay.jp https://*.adtrafficquality.google https://*.accesstrade.net https://*.speee-ad.jp https://*.akamaized.net data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://checkout.pay.jp; frame-src https://*.youtube.com/ https://*.facebook.com/ https://*.doubleclick.net/ https://checkout.pay.jp https://*.google.com/ https://*.adtrafficquality.google/; object-src 'none'; connect-src 'self' https://*.adtrafficquality.google https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://*.googlesyndication.com https://*.google.com https://*.doubleclick.net https://*.speee-ad.jp; frame-ancestors 'self' https://*.google.com; font-src https://fonts.gstatic.com/ 1
font-src fonts.gstatic.com use.typekit.net https://use.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com https://* data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.disqus.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://use.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io https://olegnax.com https://api.instagram.com https://graph.instagram.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lcxnLmGPAIydmnW5MKgrNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.typography.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com www.googletagmanager.com secure.livechatinc.com ct.pinterest.com metrics.gardssallskapet.se forms.helpdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.elfsightcdn.com *.gardssallskapet.se bat.bing.com www.google.se https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.cookie-script.com www.gstatic.com www.google.com tagmanager.google.com *.stripe.com *.klarna.com *.elfsight.com *.elfsightcdn.com universe-static.elfsightcdn.com edge.eu1.fullstory.com rs.eu1.fullstory.com bat.bing.com www.clarity.ms cdn.livechatinc.com api.livechatinc.com ct.pinterest.com s.pinimg.com stapecdn.com *.stapecdn.com klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.typography.com cdnjs.cloudflare.com fonts.googleapis.com *.gardssallskapet.se connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.dotdigital-pages.com *.trackedlink.net *.trackedweb.net *.newrelic.com *.nr-data.net *.vimeo.com dpm.demdex.net amcglobal.sc.omtrdc.net https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com region1.google-analytics.com region1.analytics.google.com *.klarna.com *.stripe.com www.google.com google.com edge.eu1.fullstory.com rs.eu1.fullstory.com bat.bing.com https://get.geojs.io core.service.elfsight.com *.elfsight.com stats.g.doubleclick.net https://stats.g.doubleclick.net ct.pinterest.com *.pinterest.com s.pinimg.com https://metrics.gardssallskapet.se metrics.gardssallskapet.se *.gardssallskapet.se *.googleadservices.com klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk *.twitter.com sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com https: 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk *.twitter.com * data: blob: sandbox.api.payme.hsbc.com.hk qr.payme.hsbc.com.hk payme-cashout-secure.hsbc.com.hk *.google.com/ www.googletagmanager.com td.doubleclick.net *.adsrvr.org applepay.cdn-apple.com pay.google.com gateway-japa.americanexpress.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.appspot.com *.appier.net *.yahoo.com *.clarity.ms *.bing.com *.yimg.com *.analytics.yahoo.com *.facebook.com *.facebook.net *.google.com.hk *.gstatic.com https://firebasestorage.googleapis.com https://www.magezon.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com https://tags.srv.stackadapt.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com/ *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.authorize.net *.cardinalcommerce.com *.appspot.com *.appier.net *.yahoo.com *.bing.com *.yimg.com *.googleapis.com *.facebook.com *.facebook.net *.clarity.ms sandbox.api.payme.hsbc.com.hk qr.payme.hsbc.com.hk payme-cashout-secure.hsbc.com.hk *.avada.io *.taboola.com *.adsrvr.org applepay.cdn-apple.com pay.google.com gateway-japa.americanexpress.com *.qgr.ph *.qgraph.io *.aiqua.io *.rollbar.com *.quantumgraph.com *.gocm.c.appier.net https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com/ https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.appspot.com *.appier.net *.yahoo.com https://fonts.bunny.net https://tags.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.demdex.net *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.google.com google.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.authorize.net *.clarity.ms *.yimg.com *.googleapis.com *.appier.net https://get.geojs.io *.avada.io pagead2.googlesyndication.com *.taboola.com https://tags.srv.stackadapt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://dis.genki.com:8700/; report-to report-endpoint; 1
script-src 'strict-dynamic' https://www.googletagmanager.com 'nonce-97eE3hLtCNRryrQYjcoQcg=='; object-src 'none'; base-uri 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.cloudfront.net *.hotjar.com gerduva.lt https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.hotjar.com gerduva.lt 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.cloudfront.net *.hotjar.com gerduva.lt https://*.every-pay.com/ https://pay.google.com/ www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://omnisnippet1.com https://wt.soundestlink.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://*.cloudfront.net/ *.paysera.com https://*.paysera.com/ https://*.youtube.com/ *.hotjar.com gerduva.lt https://www.terminalmappingjs.com https://osm.venipak.com http://mano.venipak.lt https://*.every-pay.com/ *.facebook.com https://firebasestorage.googleapis.com *.googleapis.com https://maps.omnivasiunta.lt *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://omnisnippet1.com https://forms.soundestlink.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.cloudfront.net *.hotjar.com *.paysera.com gerduva.lt https://unpkg.com https://*.every-pay.com/ https://pay.google.com/ s7.addthis.com *.facebook.net *.avada.io *.shopify.com *.googleapis.com www.youtube.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.cloudfront.net *.hotjar.com gerduva.lt https://unpkg.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.amazonaws.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.hotjar.com *.paysera.com gerduva.lt https://www.terminalmappingjs.com https://geocode.arcgis.com ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io *.googleapis.com *.gstatic.com cdn.plyr.io noembed.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1:8080/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-T_Lmhr-bE3hroTqzS_nOLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.fallodick78-87.sbs/common www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com static.whatsapp.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com static.whatsapp.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com gratia.com.ar cdn.gratia.com.ar gratia.66ecommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.alothemes.com *.magepow.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube-nocookie.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io camo.githubusercontent.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.alothemes.com *.magepow.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src * 'unsafe-eval' rum-static.pingdom.net; script-src-elem 'self' 'unsafe-inline' rum-static.pingdom.net; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://97b8198850694a23d54859b4d7c65ebc.report-uri.com/r/d/csp/wizard 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://*.mercadolibre.com https://td.doubleclick.net https://*.adobe.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.google.com.ar https://www.afip.gob.ar secure.trust-provider.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://live.decidir.com secure.comodo.com 'unsafe-inline' https://googleads.g.doubleclick.net https://analytics.google.com https://*.mercadopago.com sha256-JjB9AR5B8LsPf/TKvAnbJPZo0gV8TDK3FD5ufwBVVT8= *.avada.io *.mlstatic.com *.mercadopago.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://developers.decidir.com/ https://live.decidir.com https://*.google.com https://*.google.com.ar https://www.afip.gob.ar secure.trust-provider.com www.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lERC9L7mdfdTCYzjLENpnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-G6p9IxgofW7KVYwkwhUF7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; frame-ancestors 'self' https://motosmart.app https://www.motosmart.app https://motosmart.info https://www.motosmart.info; report-to https://motosmart.app; report-uri https://motosmart.app; 1
default-src 'self'; script-src 'self' 'nonce-whZ7geha3Z6hZ5YU+QkREQ==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self'; script-src 'self' 'nonce-c4GG4gsC50hto9MCjRLM2g==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
font-src www.paypalobjects.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com https://js.stripe.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.esto.ee https://api.esto.lv https://api.estopay.lt https://www.hotlips.ee https://www.google.fi https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://krediidiraportid.ee https://cdn.kevin.eu https://firebasestorage.googleapis.com public.montonio.com https://public.montonio.com cdn2.hubspot.net resources.paytrail.com cdn.modena.ee cms.modena.ee self: https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://analytics.tiktok.com https://tiktok.com https://js.stripe.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.avada.io *.shopify.com public.montonio.com services.paytrail.com resources.paytrail.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com *.google.com *.gstatic.com https://fonts.bunny.net https://fonts.googleapis.com self: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://doubleclick.net https://www.doubleclick.net https://google.com https://www.google.com http://dpm.demdex.net https://www.gstatic.com https://get.geojs.io *.avada.io *.paytrail.com https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://widget-v5.boxnow.gr https://www.googletagmanager.com https://www.facebook.com https://td.doubleclick.net https://youtu.be https://skroutza.skroutz.gr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.disqus.com cdn1.themarketer.com https://claires.gr https://stage.claires.gr https://cdn1.mktr2.com https://www.facebook.com https://www.google.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adscale.com ascl.pro chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.disqus.com cdn1.themarketer.com https://t.themarketer.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://www.gstatic.com https://skroutza.skroutz.gr https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com cdn1.themarketer.com https://ascl.pro https://fonts.cdnfonts.com https://use.typekit.net https://p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adscale.com ascl.pro form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://boxlockersloadfiles.blob.core.windows.net https://widgettranslations.blob.core.windows.net cdn1.themarketer.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://www.google.gr https://www.facebook.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://plumrocket.com https://www.youtube.com https://form.typeform.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.googletagmanager.com 'self' matomo.thewetailers.fr analytics.ecpad.fr https://matomo.thewetailers.fr https://analytics.ecpad.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com https://matomo.thewetailers.fr https://analytics.ecpad.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-j7XOXnGSGZynFUc0x30zwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8TifyMdlC1EFg4JPg9N6HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://janeplan.admo.tv/ https://fast.a.klaviyo.com/ https://static-forms.klaviyo.com/ https://www.paypal.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com/ https://widget-mediator.zopim.com/ https://edi5on.com/ https://pagead2.googlesyndication.com https://static.klaviyo.com/ https://widget.trustpilot.com/ https://www.paypal.com/ https://janeplan.script.admo.tv/ https://static-tracking.klaviyo.com/ https://try.abtasty.com/ https://www.googletagmanager.com/ https://static.zdassets.com/ https://consent.cookiebot.com/ https://t.contentsquare.net/ https://tag.rmp.rakuten.com/ https://connect.facebook.net/ https://cdn.taboola.com/ https://googleads.g.doubleclick.net/ https://assets.braintreegateway.com/ https://www.googleadservices.com/ https://trc.taboola.com/ https://consentcdn.cookiebot.com/ songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com static.client.cardinaltrusted.com https://www.paypalobjects.com/ https://bat.bing.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.typekit.net/ https://static.klaviyo.com/; font-src 'self' https://fonts.gstatic.com/ https://static.klaviyo.com/ https://use.typekit.net/; img-src 'self' data: blob: https://*.blob.core.windows.net https://bat.bing.net https://www.google.co.uk/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://c.az.contentsquare.net https://imgsct.cookiebot.com https://*.cloudfront.net/ https://assets-manager.abtasty.com/ https://t.paypal.com/; frame-src 'self' *.cardinalcommerce.com https://player.vimeo.com/ https://www.googletagmanager.com/ https://widget.trustpilot.com/ https://td.doubleclick.net/ https://consentcdn.cookiebot.com/ https://www.paypal.com/ https://checkout.paypal.com/ https://assets.braintreegateway.com/ https://www.sandbox.paypal.com/ https://www.paypalobjects.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://pa.taboola.com/; connect-src 'self' *.cardinaltrusted.com *.cardinalcommerce.com *.braintree-api.com https://a.klaviyo.com/ https://bat.bing.net https://edi5on.com/ https://www.google.com/ https://*.googlesyndication.com https://*.abtasty.com/ https://bat.bing.com/ https://www.paypal.com/ https://janeplan.admo.tv/ https://fast.a.klaviyo.com/ https://static-forms.klaviyo.com/ https://*.analytics.google.com/ https://*.google-analytics.com https://c.az.contentsquare.net https://ekr.zdassets.com/ https://janeplan.zendesk.com/ https://payments.sandbox.braintree-api.com/ https://payments.braintree-api.com/ wss://widget-mediator.zopim.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://*.g.doubleclick.net https://*.taboola.com/ https://www.sandbox.paypal.com/ https://trc.taboola.com/ https://centinelapistag.cardinalcommerce.com/ https://*.execute-api.us-east-1.amazonaws.com/ https://client-analytics.braintreegateway.com/ https://api.sandbox.braintreegateway.com/ https://api.braintreegateway.com/ https://api.sandbox.braintreegateway.com/merchants/ https://api.braintreegateway.com/merchants/; media-src 'self' https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3; child-src 'self' assets.braintreegateway.com; worker-src 'self' blob:; 1
script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-8df0a01ba5cba28e' https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://embed.tawk.to https://cdn.jsdelivr.net https://cdn.lrkt-in.com; script-src-attr 'none' 'report-sample'; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://notify.oasgo.com/csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-PZ4Z2ayDk31p_wyaRnWyZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
prefetch-src 'self' https://chat.justschool.me; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; connect-src https://*.creatio.com http://*.creatio.com ws://justschool-creatio.com.ua https://*.bpmonline.com wss://*.bpmonline.com:* wss://justschool-creatio.com.ua http://*.bpmonline.com 'self' https://*.facebook.com https://nominatim.openstreetmap.org https://www.googletagmanager.com https://www.facebook.com https://*.google-analytics.com ; font-src https://fonts.gstatic.com data: 'self' ; manifest-src 'self' ; worker-src 'self' blob: ; frame-src http://*.bpmonline.com 'self' http://*.creatio.com https://*.creatio.com https://*.bpmonline.com https://*.facebook.com https://www.facebook.com chat.justschool.me https://chat.justschool.me; frame-ancestors 'self' ; media-src 'self' ; object-src 'none' ; script-src-elem https://nominatim.openstreetmap.org https://connect.facebook.net https://*.google-analytics.com https://www.googletagmanager.com 'self' 'unsafe-inline' ; style-src-elem https://fonts.googleapis.com 'unsafe-inline' 'self' ; form-action 'self' ; style-src-attr 'self' 'unsafe-inline' ; script-src-attr 'unsafe-inline' 'self' ; img-src * data: ; report-uri https://justschool-creatio.com.ua/0/ServiceModel/CspViolationService.svc/SaveCspViolationData; 1
font-src cash-f.squarecdn.com fonts.googleapis.com fonts.gstatic.com zenloop-assets.s3.eu-west-1.amazonaws.com assets.zenloop.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.zenaps.com *.fls.doubleclick.net amc.demdex.net *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net *.cleverpush.com *.justspices.de *.justspices.es *.justspices.co.uk *.sovendus.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com maps.gstatic.com *.googletagmanager.com *.trustedshops.com *.facebook.com *.justspices.de *.justspices.es *.justspices.co.uk *.justspices.com *.criteo.com a.twiago.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net ads.stickyadstv.com cdn.stickyadstv.com cm.adform.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv exchange.mediavine.com i.liadm.com ih.adscale.de cotads.adscale.de match.sharethrough.com matching.ivitrack.com pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com s.ad.smaato.net secure.adnxs.com ib.adnxs.com visitor.omnitagjs.com x.bidswitch.net *.analytics.yahoo.com ads.yahoo.com *.doubleclick.net eb2.3lift.com r.casalemedia.com rtb-csync.smartadserver.com simage2.pubmatic.com sync.outbrain.com *.bing.com *.clarity.ms i.geistm.com *.taboola.com *.google.com *.google.de d3k81ch9hvuctc.cloudfront.net www.awin1.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com www.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com s7.addthis.com *.google.com cdnjs.cloudflare.com	 *.googletagmanager.com *.googleadservices.com *.hotjar.com *.trustedshops.com *.facebook.net *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.criteo.net *.criteo.com *.datatables.net *.shopgate.com *.bing.com cdn.cookielaw.org *.onetrust.com *.pinterest.com s.pinimg.com analytics.tiktok.com *.clarity.ms static.cleverpush.com *.taboola.com www.dwin1.com ssl.geoplugin.net sleeknotecustomerscripts.sleeknote.com static.spott.ai *.sovendus.com the.sciencebehindecommerce.com zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com *.fullstory.com *.justspices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.googleapis.com *.trustpilot.com cdn.jsdelivr.net *.klaviyo.com *.adyen.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.facebook.com *.justspices.de *.justspices.es *.justspices.co.uk *.justspices.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ maps.googleapis.com maps.gstatic.com *.hotjar.com *.hotjar.io *.zendesk.com *.clarity.ms bat.bing.com cdn.cookielaw.org *.noibu.com wss://input.noibu.com justspices-privacy.my.onetrust.com *.onetrust.com *.criteo.com stats.g.doubleclick.net *.taboola.com *.facebook.com static-forms.klaviyo.com *.cleverpush.com *.sovendus.com *.trustpilot.com *.trustedshops.com *.zenloop.com zenloop-website-overlay-production.s3.amazonaws.com *.sciencebehindecommerce.com trustbadge.api.etrusted.com	 *.fullstory.com *.justspices.de *.google-analytics.com *.pinterest.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';     script-src  'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com https://s.yimg.jp *.smart-bdash.com                 *.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com                 *.googleadservices.com *.google.com https://googleads.g.doubleclick.net *.twitter.com                 *.facebook.net *.paygent.co.jp https://cdnjs.cloudflare.com https://std3f-s.snva.jp;     style-src   'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com *.googleapis.com;     img-src     'self' *.onetrust.com https://googletagmanager.com *.googletagmanager.com *.google-analytics.com                 *.gstatic.com *.google.com https://google.com https://googleads.g.doubleclick.net                 *.facebook.com https://dyc7a1957gj3w.cloudfront.net data:;     font-src    'self' *.gstatic.com data:;     connect-src 'self' *.onetrust.com *.smart-bdash.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com                 *.facebook.com *.paygent.co.jp *.google.com;     frame-src   'self' *.twitter.com *.googletagmanager.com;     frame-ancestors   'self';   1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; 1
script-src 'self' http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://tiles.apache.org/tags-tiles 'unsafe-inline' 'wasm-unsafe-eval' 1
default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self' https://getodk.github.io/central/news.html; img-src *; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; style-src-attr 'unsafe-inline'; report-uri /csp-report 1
script-src 'self' 'nonce-9d8e40f41a994eb0bd2feab41595958f' 'strict-dynamic'; require-trusted-types-for 'script'; trusted-types default nextjs#bundler goog#html 'allow-duplicates' 1
default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' data: https: fonts.gstatic.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-G2wTP78V4JDbQvnlSK8yzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-noQrJP5xzPwDnZTdhrwf7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-caAbctVmeibBDCuFNJK2EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com https://superkoch.com.br https://mcstaging.superkoch.com.br 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com https://superkoch.com.br https://mcstaging.superkoch.com.br https://targeting.voxus.tv/ *.paypal.com *.klarna.com *.trustedshops.com *.usercentrics.eu https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://www.googletagmanager.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: https://h.online-metrix.net *.d.aa.online-metrix.net https://superkoch.com.br http://mcstaging.superkoch.com.br https://www.superkoch.com.br/media/wysiwyg/logo-hibrido.svg *.cloudflare.com *.gstatic.com *.google.com *.google.com.br *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.googletagmanager.com *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.amazonaws.com https://standout.com.br https://www.standout.com.br https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com *.croapp.net https://bat.bing.com/bat.js https://cdn.targeting.voxus.com.br https://targeting.voxus.com.br https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.mouseflow.com *.cartstack.com.br https://conectiva.io *.getbutton.io *.goadopt.io *.amazonaws.com *.smartlook.com https://standout.com.br https://www.standout.com.br https://targeting.voxus.tv https://api.ipify.org https://api.voxus.tv https://loggly.com http://secure.adnxs.com *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://cdn.cs.1worldsync.com/jsc/h1ws.js https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.mundipagg.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com https://www.paypal.com *.klarna.com https://pay.google.com *.trustedshops.com *.usercentrics.eu https://standout.com.br https://www.standout.com.br https://api.ipify.org https://api.voxus.tv https://loggly.com http://secure.adnxs.com *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com t.elasticsuite.io *.google-analytics.com https://viacep.com.br *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.bunny.net http://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.es https://widgets.sociablekit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.doofinder.com https://eu1-search.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://widgets.sociablekit.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com http://fonts.googleapis.com https://widgets.sociablekit.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://eu1-search.doofinder.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-U1ra4EZ/kLU=' 'strict-dynamic'  https://static.91app.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://www.google.com https://www.google-analytics.com https://client-chat.easychat.co https://chat.botbonnie.com; object-src 'none'; frame-ancestors 'none'; report-uri https://csp-report-log-548351815651.asia-northeast1.run.app/csp/log 1
font-src fonts.gstatic.com use.typekit.net cdn.jsdelivr.net cdn.almapay.com *.googleapis.com https://www.gstatic.com data: fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.getalma.eu *.almapay.com/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ *.google.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.openstreetmap.org maps.googleapis.com maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com cdn.jsdelivr.net *.almapay.com *.googleapis.com https://*.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://polyfill-fastly.io https://browser.sentry-cdn.com sentry.bird.eu *.google.com/ https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.almapay.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.google.com https://*.google.com payments-eu.amazon.com *.paypal.com *.getalma.eu *.almapay.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.ingest.sentry.io sentry.bird.eu https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.portaldoseller.com.br https://portaldoseller.com.br https://*.google.com https://*.google.com.br https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com https://pagead2.googlesyndication.com https://*.adopt.com.br https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://*.usebeon.io https://*.konfidency.com.br https://*.hablla.com https://imgs.ebit.com.br https://*.cloudfront.net http://*.cloudfront.net https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://cdnjs.cloudflare.com https://*.reclameaqui.com.br https://cdn.jsdelivr.net https://device.clearsale.com.br https://*.clearsale.com.br https://awscdn.portaldoseller.com.br https://*.www.lojaoriodopeixe.com.br https://www.lojaoriodopeixe.com.br;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://*.portaldoseller.com.br https://portaldoseller.com.br https://s3.amazonaws.com https://*.s3.amazonaws.com https://s3.us-east-1.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://imgur.com https://*.imgur.com https://*.cloudfront.net http://*.cloudfront.net https://*.usebeon.io https://*.konfidency.com.br https://*.hablla.com https://*.googleapis.com https://*.gstatic.com https://fonts.googleapis.com https://*.adopt.com.br https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.clearsale.com.br https://awscdn.portaldoseller.com.br https://*.www.lojaoriodopeixe.com.br https://www.lojaoriodopeixe.com.br;img-src 'self' data: blob: https://*.portaldoseller.com.br https://portaldoseller.com.br https://s3.amazonaws.com https://*.s3.amazonaws.com https://s3.us-east-1.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://imgur.com https://*.imgur.com https://img.youtube.com https://*.ytimg.com https://newimgebit-a.akamaihd.net https://connect.facebook.net https://*.google.com https://*.google.com.br https://*.googleusercontent.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.adopt.com.br https://www.facebook.com https://*.fbcdn.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.usebeon.io https://*.konfidency.com.br https://*.hablla.com https://*.hablla.io https://imgs.ebit.com.br https://pdl-sandbox.s3.us-east-1.amazonaws.com https://*.cloudfront.net https://upload.wikimedia.org https://i.ibb.co https://*.ibb.co https://*.clearsale.com.br https://awscdn.portaldoseller.com.br https://*.www.lojaoriodopeixe.com.br https://www.lojaoriodopeixe.com.br;connect-src 'self' https://*.portaldoseller.com.br https://portaldoseller.com.br https://api.edrone.me https://api.intercom.io https://api.usebeon.io https://api.konfidency.com.br https://api.habla.com https://*.hablla.com https://*.intercom.com https://*.intercom.io https://*.edrone.me https://*.usebeon.io https://*.konfidency.com.br https://newimgebit-a.akamaihd.net https://*.google.com https://*.google.com.br https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.adopt.com.br wss://*.adopt.com.br https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://region1.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io wss://*.hablla.com https://api.reclameaqui.com.br https://*.reclameaqui.com.br https://*.cloudfront.net https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.ebit.com.br https://imgs.ebit.com.br https://*.modernamobilia.com.br https://www.modernamobilia.com.br https://modernamobilia.com.br https://doc-0s-5g-sheets.googleusercontent.com https://viacep.com.br https://*.clearsale.com.br https://awscdn.portaldoseller.com.br https://*.www.lojaoriodopeixe.com.br https://www.lojaoriodopeixe.com.br;font-src 'self' data: https://*.portaldoseller.com.br https://portaldoseller.com.br https://*.gstatic.com https://fonts.gstatic.com https://*.adopt.com.br https://cdnjs.cloudflare.com https://c.usebeon.io https://awscdn.portaldoseller.com.br https://*.clearsale.com.br;frame-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube-nocookie.com https://*.youtube-nocookie.com https://*.google.com https://*.google.com.br https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.adopt.com.br https://www.googletagmanager.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net https://*.usebeon.io https://*.konfidency.com.br https://*.hablla.com https://www.facebook.com https://connect.facebook.net https://*.clearsale.com.br https://*.www.lojaoriodopeixe.com.br https://www.lojaoriodopeixe.com.br;frame-ancestors 'self' https://*.portaldoseller.com.br https://portaldoseller.com.br;worker-src 'self' blob:;manifest-src 'self';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojaprolab.com.br *.lojaprolab.com.br wake-components.fbitsstatic.net prolab.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br *.googleadservices.com *.g.doubleclick.net dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com sendermail.lojaprolab.com.br *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojaprolab.com.br lojaprolab.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojaslivia.com.br *.lojaslivia.com.br wake-components.fbitsstatic.net lojaslivia.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com hotjar.com cloudflare.com zopim.com googleadservices.com hertzen.com smarthint.co doubleclick.net zdassets.com googleapis.com hotjar.io *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.googleapis.com *.hotjar.io *.hotjar.com *.cloudflare.com *.googleadservices.com *.hertzen.com *.smarthint.co *.doubleclick.net *.zopim.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.ebit.com.br *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.traycheckout.com.br *.yapay.com.br *.clearsale.com.br wss://widget-mediator.zopim.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.mailbiz.one cdn.jsdelivr.net *.jsdelivr.net *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.facebook.net *.facebook.com *.pinterest.com google.com.br *.google.com.br *.gstatic.com blog.lojaslivia.com.br lojaslivia.com.br d3bo67muzbfgtl.cloudfront.net api.edrone.me *.visa.com lojaslivia-br.mais.social *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojaslivia.com.br lojaslivia.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-GGgq_gD1cmMTl7-hhr8zKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-C2z0m9JgwgwXgrlfWdRp6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' loto6.jp;         script-src 'self' loto6.jp 'unsafe-inline' 'unsafe-hashes' www.googletagmanager.com pagead2.googlesyndication.com *.g.doubleclick.net *.google.com *.adtrafficquality.google *.twitter.com www.facebook.com connect.facebook.net b.st-hatena.com b.hatena.ne.jp;         style-src 'self' 'unsafe-inline';         connect-src 'self' loto6.jp *.google.com *.google-analytics.com *.gstatic.com *.adtrafficquality.google pagead2.googlesyndication.com *.g.doubleclick.net;         frame-ancestors 'self' *.google.com;         frame-src 'self' data: *.google.com *.adtrafficquality.google *.g.doubleclick.net pagead2.googlesyndication.com *.twitter.com www.facebook.com b.hatena.ne.jp ;         fenced-frame-src 'self' data: *.google.com *.adtrafficquality.google *.g.doubleclick.net pagead2.googlesyndication.com *.twitter.com www.facebook.com b.hatena.ne.jp ;         img-src 'self' *.google.co.jp www.googletagmanager.com pagead2.googlesyndication.com *.adtrafficquality.google *.twitter.com b.st-hatena.com; 1
default-src 'self' https:;img-src 'self' https:;style-src 'unsafe-inline' https:;script-src 'unsafe-inline' 'unsafe-eval' http:;media-src *;frame-ancestors 'self' https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-4E3Un55d-9eAPWWKCIdgZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' data: https://www.maestral.co.rs  https://www.google.rs  https://www.googletagmanager.com  https://www.google.ba  https://stats.g.doubleclick.net  https://translate.google.com  https://fonts.gstatic.com  https://www.google-analytics.com  https://www.google.me  https://www.google.al  https://www.google.mk  https://www.google.com.ua  https://www.google.com.tr  https://lh3.googleusercontent.com  blob:  https://www.google.com.vn  https://www.google.ru  https://maps.googleapis.com  https://www.google.tn  https://www.google.com.eg  https://yoa.st  https://i.ytimg.com  https://embed-ssl.wistia.com  https://www.google.com.qa  https://www.google.md  https://www.google.ca  https://www.google.com.pr  https://www.google.com.pk  https://www.google.com.au  https://www.google.co.nz  https://www.google.ae  https://www.google.co.in  https://www.google.com.lb  https://www.google.co.jp  https://www.google.co.uz  https://www.google.com.kw  https://www.google.com.hk  https://www.google.sc  https://www.google.ge  https://www.google.cf  https://www.google.com.do  https://www.google.com.ar  https://www.google.com.sg  https://www.google.sm  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://www.google.com.br  https://d201kpdrh73vuz.cloudfront.net  https://fast.wistia.com  https://code.jquery.com  https://l.facebook.com  https://www.google.it  https://www.google.nl  https://www.google.fr  https://really-simple-ssl.com  https://www.google.hr  https://www.google.at  https://www.google.ch  https://www.google.de  https://www.google.co.uk  https://www.google.com.ph  https://www.google.com.mm  https://www.google.co.id  https://www.elegantthemes.com  https://yastatic.net  https://www.google.com.bd  https://www.google.com.np  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com  https://www.google-analytics.com  data:  https://use.fontawesome.com  https://www.gstatic.com  https://connect.facebook.net  https://subagent.planatours.rs  https://travel.netwave.app  https://fast.wistia.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://yoast.com  https://maps.googleapis.com  https://beacon-v2.helpscout.net  https://infird.com  blob:  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdn.mxpnl.com  https://cdn.alsgp0.fds.api.mi-img.com  https://cp.ni.rs  https://gc.kes.v2.scr.kaspersky-labs.com  https://zerop.3bank.rs  https://3001.scriptcdn.net  https://ff.kes.v2.scr.kaspersky-labs.com  https://s3.amazonaws.com  https://stargate2.slglasnik.com  https://mixpanel-tracking-proxy-prod.public-default.live2-k8s-cph3.ingress.k8s.g1i.one  https://accounts.google.com  https://googleads.g.doubleclick.net  https://mainf.global-cache.online  https://cpportal.bgdel.local  https://zerophishing.iaas.checkpoint.com  https://platform.twitter.com  'unsafe-eval' https://www.google.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com  https://www.google-analytics.com  data:  https://use.fontawesome.com  https://connect.facebook.net  https://subagent.planatours.rs  https://travel.netwave.app  https://fast.wistia.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://yoast.com  https://maps.googleapis.com  https://beacon-v2.helpscout.net  https://infird.com  blob:  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdn.mxpnl.com  https://cdn.alsgp0.fds.api.mi-img.com  https://cp.ni.rs  https://gc.kes.v2.scr.kaspersky-labs.com  https://zerop.3bank.rs  https://3001.scriptcdn.net  https://ff.kes.v2.scr.kaspersky-labs.com  https://s3.amazonaws.com  https://stargate2.slglasnik.com  https://mixpanel-tracking-proxy-prod.public-default.live2-k8s-cph3.ingress.k8s.g1i.one  https://accounts.google.com  https://googleads.g.doubleclick.net  https://mainf.global-cache.online  https://cpportal.bgdel.local  https://zerophishing.iaas.checkpoint.com  https://platform.twitter.com  https://google.com https://www.google.com https://gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  https://www.gstatic.com  https://fonts.bunny.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://pwm-image.trendmicro.com  https://accounts.google.com  https://code.jquery.com  data:  https://me.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  https://www.gstatic.com  https://fonts.bunny.net  https://ff.kis.v2.scr.kaspersky-labs.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://pwm-image.trendmicro.com  https://accounts.google.com  https://code.jquery.com  data:  https://me.kis.v2.scr.kaspersky-labs.com ; font-src 'self' https://fonts.gstatic.com  https://use.fontawesome.com  https://fonts.bunny.net  https://fast.wistia.com  https://r2cdn.perplexity.ai  https://cdn.megabonus.com  data:; frame-src 'self' https://maps.google.com  https://subagent.ponte.rs  https://subagent.planatours.rs  https://api.wp-rocket.me  https://www.elegantthemes.com  https://subagent.1atravel.rs  https://div.show  https://www.donatellorome.com  https://myaccount.google.com  https://travel.netwave.app  https://gateway.zscalertwo.net  https://pwm-image.trendmicro.com  https://www.ciuvo.com  https://www.hotel-meksiko.si  https://gateway.zscaler.net  https://www.googletagmanager.com  https://wp-themes.com  https://www.facebook.com  https://subagent.planatravel.rs  blob: https://google.com https://www.google.com https://gstatic.com https://www.gstatic.com; connect-src 'self' https://analytics.google.com  https://stats.g.doubleclick.net  https://www.google-analytics.com  https://www.google.rs  https://region1.google-analytics.com  https://www.google.me  https://www.google.al  https://www.google.ba  https://www.googletagmanager.com  https://metrics-dre.dt.dbankcloud.cn  https://translate-pa.googleapis.com  https://translate.googleapis.com  https://fast.wistia.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.google.mk  https://maps.googleapis.com  https://my.yoast.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://overbridgenet.com  https://api-js.mixpanel.com  https://ai.elegantthemes.com  data:  https://infragrid.v.network  https://www.google.com.tr  https://gc.kes.v2.scr.kaspersky-labs.com  wss://gc.kis.v2.scr.kaspersky-labs.com  https://yoast.com  https://www.google.ru  https://www.google.com.ua  https://www.google.com.pk  https://www.google.co.in  https://www.google.ca  https://www.google.tn  https://www.google.com.eg  https://www.google.com.kw  https://localhost  https://local.adblock360.com  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://d3hb14vkzrxvla.cloudfront.net  https://fonts.googleapis.com  https://www.gstatic.com  https://use.fontawesome.com  https://pipedream.wistia.com  https://distillery.wistia.com  https://beaconapi.helpscout.net  https://code.jquery.com  https://fg8vvsvnieiv3ej16jby.litix.io  https://accounts.google.com  https://region1.analytics.google.com  https://cloud.elegantthemes.com  https://et-prod-cloud-items-content.nyc3.cdn.digitaloceanspaces.com  http://localhost  https://tl.ytlogs.ru  https://mixpanel-tracking-proxy-prod.public-default.live2-k8s-cph3.ingress.k8s.g1i.one;  media-src 'self' data:  blob:;  worker-src 'self' blob:; 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' bunny-cms-files-cdn-assets.mafelo.com mafelo-com-website-assets.mafelo.com;object-src 'none';script-src 'self' 'unsafe-inline' mafelo-com-website-assets.mafelo.com;script-src-attr 'none';style-src 'self' 'unsafe-inline' mafelo-com-website-assets.mafelo.com;upgrade-insecure-requests;connect-src 'self' mafelo-com-website-assets.mafelo.com *.sentry.io;worker-src blob:;report-uri https://o4507073493401600.ingest.de.sentry.io/api/4508100407394384/security/?sentry_key=5613a41abc2ce3b424a6abff0873bcf3 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.iris.dias.com.gr *.test-iris.dias.com.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.addthis.com *.intuit.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.google.gr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.addthis.com *.addthisedge.com *.moatads.com s3.amazonaws.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.addthis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://translate.googleapis.com *.googleapis.com *.googleadservices.com *.googletagmanager.com  *.sandbox.paypal.com *.paypalobjects.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-7733cf0665a21ce9a51dfd2b164df2c6ef6a979fd052fb88b1a7d0c615edb6e5' 'strict-dynamic' 'report-sample' 'sha256-uDlt9ZdSbqVygheSRezUUp1M3TutA6TKZ7TpveFjaw0='; frame-src 'self' *.google.com https://www.youtube.com/ https://www.facebook.com/ https://weatherwidget.io/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://*.fontawesome.com https://cdn.ckeditor.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://use.typekit.net https://vlibras.gov.br https://cdn.jsdelivr.net; connect-src 'self' data: blob: https://www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.fontawesome.com https://cke4.ckeditor.com https://api.iconify.design https://yoast.com https://api.unisvg.com https://acessos.vlibras.gov.br https://dicionario2.vlibras.gov.br https://vlibras.gov.br https://cdn.jsdelivr.net https://traducao2.vlibras.gov.br; img-src 'self' data: https://vlibras.gov.br https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.tile.osm.org https://cdn.ckeditor.com https://secure.gravatar.com https://api.iconify.design https://api.simplesvg.com https://api.unisvg.com; object-src 'none'; base-uri 'self'; worker-src blob:; frame-ancestors 'none'; report-to default; report-uri /_csp; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com *.avada.io connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'nonce-0b797fbbae3f9d2b98c01157d5f06600' fonts.gstatic.com www.google.com blob: data:; script-src 'self' 'nonce-0b797fbbae3f9d2b98c01157d5f06600' unpkg.com www.googletagmanager.com www.gstatic.com cdnjs.cloudflare.com app.usercentrics.eu cdn.jsdelivr.net unpkg.com cdn.mxpnl.com www.google.com blob:; connect-src 'self' *.usercentrics.eu consent-api.service.consent.usercentrics.eu stats.g.doubleclick.net api-js.mixpanel.com; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' *.mcdonaldssa-rewards.co.za *.usercentrics.eu data:; style-src 'self' 'nonce-0b797fbbae3f9d2b98c01157d5f06600' cdn.jsdelivr.net fonts.googleapis.com *.usercentrics.eu; base-uri 'self'; form-action 'self' 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-f7a762abcd254a03a0708fef44791553' https://MeinLUKS.ch 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://MeinLUKS.ch 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.klap.cl *.multicaja.cl *.mcdesaqa.cl *.online-metrix.net https://pay.google.com https://google.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com td.doubleclick.net *.fls.doubleclick.net apollo-public.loyal.ink 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net assets.fintoc.com https://assets.fintoc.com *.multicaja.cl *.mcdesaqa.cl *.online-metrix.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ade.googlesyndication.com *.gstatic.com *.hotjar.com *.facebook.net *.google.cl c.clarity.ms c.bing.com www.google.com.ar tracker.metricool.com *.google.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com www.klap.cl klap.cl *.multicaja.cl *.mcdesaqa.cl *.online-metrix.net https://songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google.com *.gstatic.com https://maps.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.googleadservices.com *.google.com *.facebook.net *.clarity.ms tracker.metricool.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com www.klap.cl *.multicaja.cl *.mcdesaqa.cl *.moprestamo.com *.visa.com bc.earlywarning.com *.aexp-static.com *.assets.mastercard.com *.discover.com *.discover-src.com *.discovercard.com *.googleapis.com cdn.dnky.co *.fontawesome.com *.googletagmanager.com *.cookielaw.org *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.gstatic.com *.tagmanager.google.com *.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.multicaja.cl *.mcdesaqa.cl pagos-pasarela-sandbox.mcdesaqa.cl *.cybersource.com *.online-metrix.net https://api.ipify.org https://pay.google.com https://google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.cookielaw.org *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.hotjar.com *.hotjar.io e.clarity.ms b.clarity.ms google.com l.clarity.ms v.clarity.ms s.clarity.ms/collect www.facebook.com connect.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.miammiam.lu https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.miammiam.lu https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' data: blob: https: https://cdn.miammiam.lu https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' data: https://cdn.miammiam.lu https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https: https://maps.googleapis.com https://maps.gstatic.com; frame-src 'self' blob: https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; report-uri https://www.miammiam.lu/csp-report.php 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com tagmanager.google.com https://www.googletagmanager.com *.avada.io *.google.com/ *.freshworks.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com *.freshworks.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://www.google-analytics.com https://get.geojs.io *.avada.io *.freshworks.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-c2837cd1946343aaa2ae2b46bc2d2df6' https://mijnolvg.nl 'self';img-src 'self' blob: https://www.mijnolvg.nl https://www.olvg.nl;connect-src 'self' epichttp:;style-src 'nonce-c2837cd1946343aaa2ae2b46bc2d2df6' https://mijnolvg.nl 'self';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mimeria.com.br *.mimeria.com.br wake-components.fbitsstatic.net mimeria.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com *.googleadservices.com *.g.doubleclick.net *.googleads.com *.google.com *.ebit.com.br *.googlesyndication.com *.clearsale.com.br stats.g.doubleclick.net imgs.ebit.com.br hits-banner-cloud-function.azurewebsites.net *.googleads.g.doubleclick.net *.tpc.googlesyndication.com signalrcore.fbits.net wss://signalrcore.fbits.net *.smarthint.co *.cloudfront.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com conectiva.io sunset.systems cartstack.com.br *.conectiva.io *.sunset.systems *.cartstack.com.br *app.cartstack.com *.performa.ai *.cupom.social *.conectiva.app app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai app.cartstack.com.br api.cartstack.com.br api.sunset.systems cupom.social app.cupom.social cdn.performa.ai *.facebook.net connect.facebook.net facebook.com *.facebook.com google.com.br *.google.com.br *.doubleclick.net td.doubleclick.net translate.googleapis.com *.googleapis.com *.com.py google.com.py google.com google-analytics.com *.google-analytics.com accounts.google.com *.fbits.store *.adyen.com analytics.tiktok.com *.tiktok.com *.posclick.dinamize.com receiver.posclick.dinamize.com *.pagar.me *.mundipagg.com *.emkt.dinamize.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.stapecdn.com *.mimeria.com.br *.hotjar.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.trustvox.com.br trustvox.com.br *.lightwidget.com *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.crmbonus.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.mimeria.com.br mimeria.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.lt *.google.com *.google.co.in *.mastercard.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com https://maps.omnivasiunta.lt 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.google.lt r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google.com https://get.geojs.io *.avada.io https://geocode.arcgis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'none'; report-uri https://o225139.ingest.us.sentry.io/api/4508413968973824/security/?sentry_key=d470f887ca7cad3517dfc80c0b6dd0cc&sentry_environment=PRODUCTION; script-src 'unsafe-eval' 'strict-dynamic' 'report-sample' 'unsafe-hashes' 'sha256-lo7ZdP6kFds+wf1WMWvn7MhcFVFJV44kAXODRevzRZ8=' 'sha256-rRMdkshZyJlCmDX27XnL7g3zXaxv7ei6Sg+yt4R3svU=' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'nonce-rmte9EKRtjWYowL2skhL8Q==' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; frame-ancestors 'self'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com p01.mul-pay.jp pt01.mul-pay.jp *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.xtento.com https://www.googletagmanager.com/ *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ p01.mul-pay.jp pt01.mul-pay.jp static.mul-pay.jp stg.static.mul-pay.jp www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.rimax.com.co *.salesmanago.pl *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.salesmanago.pl https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.salesmanago.pl 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src        'self'        'unsafe-inline'        https://www.google-analytics.com        https://www.googletagmanager.com        https://connect.facebook.net;       img-src        'self'        data:;       font-src        'self'        data:;       report-to        csp-endpoint; 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=15379&v=v1.0&payload=LsqRCwGhVLNr-SHL__TULgYbG_wtaFqSHTX9bzX5GjfjV_45G-Srt5bDJNzKAJMxeU3-YFRjc3fuHEw5bWlk04qWi3Fe6gUiXsOBLfgciaYym3HlrXkGa1uGrZ2ZAgTpq7RO-3ufd4JvNpNgw-bJuWzjep6lRYCWNMiaoAXXMnyWq6Lk9IDVAim4k_9-2mCppDzYmwbPQgLMNnhSGjphiw==; 1
connect-src 'self' data: https://www.motonet.se https://graphql.datocms.com https://*.doubleclick.net https://www.instagram.com https://*.broman.group https://*.litix.io https://vimeo.com https://*.klarna.com https://*.klarnaevt.com/v1/ https://*.adyen.com/checkoutanalytics/ https://*.adyen.com/checkoutshopper/ https://api.postmarkapp.com https://www.youtube.com https://api.videoly.co https://js.testfreaks.com https://api.testfreaks.com https://reviews.testfreaks.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://api.custobar.com/js/v1/custobar.js https://*.google-analytics.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://*.googlesyndication.com https://*.adform.net https://*.creativecdn.com https://connect.facebook.net https://browser-intake-datadoghq.eu https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.se https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com/ https://src.freshmarketer.eu/mas; img-src 'self' data: https://www.datocms-assets.com https://i.ytimg.com https://image.mux.com https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.se; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://js.playground.kustom.co https://osm.klarnaservices.com/ https://*.adyen.com/ https://*.vimeo.com https://app.ecoonline.com https://www.maston.fi https://websds.volvo.com https://policy.app.cookieinformation.com/ https://*.criteo.com https://*.adform.net https://*.creativecdn.com https://www.facebook.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.broman.group https://maps.googleapis.com https://js.playground.kustom.co https://js.klarna.com https://js.klarna.com/web-sdk/ https://api.videoly.co/1/quchbox/0/5257/quch.js https://www.paypal.com/sdk/js https://dapi.videoly.co https://www.youtube.com https://*.vimeo.com https://policy.app.cookieinformation.com https://api.custobar.com/js/v1/custobar.js https://*.criteo.net https://*.criteo.com https://*.adform.net https://connect.facebook.net https://tags.creativecdn.com https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com https://eu.fw-cdn.com https://*.freshchat.com; object-src data:; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' msam.com.br *.msam.com.br wake-components.fbitsstatic.net msam.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gstatic.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.elfsightcdn.com *.service.elfsight.com *.elf.site service-reviews-ultimate.elfsight.com static.elfsight.com core.service.elfsight.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.msam.com.br msam.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
base-uri 'none'; default-src 'none'; object-src 'none'; script-src 'self' https://*.js.stripe.com https://js.stripe.com consent.cookiefirst.com https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'nonce-03nsyBNYn6QRvMEAxIYYCA=='; connect-src 'self' https://s3-eu-west-1.amazonaws.com/assets.my.tvha.co.uk/font.css consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.stripe.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: https://mtvh-formio-stage.s3.eu-west-2.amazonaws.com https://mtvh-formio-prod.s3.eu-west-2.amazonaws.com https://*.stripe.com consent.cookiefirst.com www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; style-src 'self' consent.cookiefirst.com 'sha256-/TH2J4ADy16MMQkBGTgUHngbsfb+cbhg46NDE9IAUKw=' https://static.hotjar.com https://script.hotjar.com 'nonce-03nsyBNYn6QRvMEAxIYYCA=='; font-src 'self' https://*.hotjar.com; frame-ancestors 'self'; frame-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com; form-action 'self'; report-uri https://appsignal-endpoint.net/logs?api_key=ls-22a1f705-5e15-439f-a9bc-a6a53a13198e&group=mtvh-online 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net *.disqus.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.google.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.mercadolibre.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com cdn.mundipagg.com api.pagar.me *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.croapp.net https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.mlstatic.com *.mercadopago.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.google.com https://onsite-plugin-xp.wake.tech/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.smarthint.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.mercadopago.com *.mercadolibre.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: youtube.com, google.com, s.ytimg.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: i.ytimg.com; connect-src 'self' https: youtube.com, google.com; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; object-src 'none' youtube.com; frame-src 'self' https: hubspot.com; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com *.morningstar.com https://www.google.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.polyfill.io; connect-src 'self' *.morningstar.com; img-src 'self' data: *.morningstar.com *.davy.ie https://www.google.com https://www.google.ie https://d6tizftlrpuof.cloudfront.net; font-src 'self' data: https://fast.fonts.net https://fonts.gstatic.com *.morningstar.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net; base-uri 'self' https://d6tizftlrpuof.cloudfront.net https://d6tizftlrpuof.cloudfront.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net https://fast.fonts.net *.morningstar.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net *.googleapis.com; form-action 'self'; frame-src https://*.hcaptcha.com; manifest-src 'self'; report-uri /api/csp/violationReport; 1
font-src www.mygossip.in data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' data: *.payu.in https://plumrocket.com www.mygossip.in 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com www.mygossip.in 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com https://plumrocket.com api.razorpay.com *.weltpixel.com www.mygossip.in 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com www.mygossip.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mgt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.payu.in checkout.razorpay.com www.mygossip.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline www.mygossip.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.mygossip.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.mgt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.payu.in lumberjack.razorpay.com lumberjack-metrics.razorpay.com www.mygossip.in 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.mygossip.in http: https: blob: 'self' 'unsafe-inline'; default-src www.mygossip.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.at https://www.myheritage.de  'unsafe-eval' 'nonce-357124bc5951c6651d45a37bf2bbf344' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.at;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.ch https://www.myheritage.de  'unsafe-eval' 'nonce-604ed8cd28a9fd96fedf0f1802a9f04d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.ch;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.gr https://www.myheritage.gr  'unsafe-eval' 'nonce-5fe9322a8ce47033a3e2279751a7db34' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.gr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.lt https://www.myheritage.lt  'unsafe-eval' 'nonce-60788461aba6c29d6c05981046f948fd' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.lt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.lv https://www.myheritage.lv  'unsafe-eval' 'nonce-c658be8c3f3babb9cd3db01d4d7fc94f' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.lv;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.sk https://www.myheritage.sk  'unsafe-eval' 'nonce-6ba0cec31206aef89253a172ef984257' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.sk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' https: wss:; frame-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.com https://cdn.jsdelivr.net https://cdn.datatables.net https://cdn.jsdelivr.net/npm/chart.js; style-src 'self' 'unsafe-inline' https://cdnjs.com https://cdn.datatables.net https://cdn.jsdelivr.net; img-src 'self' https: data: blob: data:image/svg+xml; font-src 'self' data: https://cdnjs.com https://cdn.jsdelivr.net; connect-src 'self' https:; media-src 'self' data: blob:; object-src 'none'; child-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.gstatic.com *.amasty.com www.clarity.ms scripts.clarity.ms cdn.brevo.com sibautomation.com s3.amazonaws.com static.cloudflareinsights.com *.wonderpush.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com s3.amazonaws.com; img-src 'self' data: https:; font-src 'self' fonts.gstatic.com data: res-1.cdn.office.net; connect-src 'self' *.google-analytics.com www.clarity.ms n.clarity.ms *.amasty.com api.reclameaqui.com.br analytics.google.com in-automate.brevo.com *.wonderpush.com measurements-api.wonderpush.com; object-src 'none'; worker-src 'self'; frame-src 'self' www.facebook.com *.wonderpush.com; manifest-src 'self' *.wonderpush.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-7MDHVcDPq0bLXQmtSqLLrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4z4ZikR4iPy7qESmvRuBqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline'  *.googletagmanager.com *.paypal.com *.redsys.es https://sis-t.redsys.es:25443 sibautomation.com *.facebook.net  *.ads-twitter.com *.twitter.com; font-src 'self' *.typekit.net data:; connect-src 'self' *.google-analytics.com analytics.google.com stats.g.doubleclick.net *.paypal.com in-automate.sendinblue.com  *.facebook.com; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' *.typekit.net; frame-src *.vimeo.com *.paypal.com sibautomation.com *.facebook.com vimeo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' norterefrigeracao.com.br *.norterefrigeracao.com.br wake-components.fbitsstatic.net norterefrigeracao.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com gstatic.com *.pagar.me *.mundipagg.com *.getnet.com.br *.trustvox.com.br checkout.norterefrigeracao.com.br translate.googleapis.com h.online-metrix.net device.clearsale.com.br *.clearsale.com.br *.braintree-api.com *.braintreegateway.com *.benova.com.br *.pagseguro.com.br trustvox.com.br *.pagbank.com *.smarthint.co *.vindi.com.br googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.g.doubleclick.net google.com.br *.google.com.br *.google.com adservice.google.com *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net service.smarthint.co bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br *.sino3d.app sino3d.app norterefrigeracao.fbitsstatic.net *.fbitsstatic.net paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io wake-commerce-scripts.omni.chat static.hotjar.com *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.norterefrigeracao.com.br norterefrigeracao.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarna.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com nostebarn-hyva-cdn.tinyelephant.no nostebarn-cdn.tinyelephant.no nostebarn.no *.tryggehandel.no *.cookiebot.com * *.bing.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com https://www.magezon.com *.hsforms.net *.hsforms.com https://nostebarn-hyva.tinyelephant.no data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.google.bg *.googletagmanager.com gtm.adt313.net *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.cookiebot.com *.tryggehandel.no *.bing.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.hsforms.net *.hsforms.com *.bat.bing.com https://bat.bing.com dpm.demdex.net *.dpm.demdex.net *.amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.typekit.net *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.cookiebot.com *.adtraction.fail *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.bat.bing.com https://bat.bing.com/ *.dpm.demdex.net *.amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' cdnjs.cloudflare.com code.jquery.com stackpath.bootstrapcdn.com 'sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k' 'sha256-G2wcWRZFJkU9YEGwuS5WVaPbIDi6EBIVoI2RBEb8Zlk=' 'sha256-FF2KmSf4S0SBnhc+IEpGUwrgbQK2j+rIzh6xZ6sjGu0=' 'sha256-nDn6eXVs8SiM5DU7FV1vfFN86UwMBehIv+h07ieZVx0=' 'sha256-bnbtrZ4cazUbL1X+bzbRe4K2TQygoH2g0D4jUVk+yaE=' 'sha256-OInyOMNpNOcMEnp2/n2S4EZcjHKAD/n3VIWvMNssUnE=' 'sha256-+IvNMDRv3XJr0fQAQ1szE3jhzuwVRAh4smzLajfips8=' 'sha256-MYMPledxny3i/K/re+MIEWixz0FgSvPpMf5S0nky0NA=' 'sha256-GE9buHZ1S1XrvNgZQjB+N2FnvrnJOpiYUzJ3m2jLt0I=' 'sha256-KXfjqICkYl14KKc9TWpSH99pMT1yzhyI87IdCEe77TU=' 'sha256-eZUNP71XfjPJ2xrMTV4fkroBqqvzi0nJ5QKJ1/dXwDc=' 'sha256-9568Z8anh92FJCBMsm20LdS4wK8+mybF9LIcISd3z3M=' 'sha256-KBuE6Z9/epl6XvoY7z8I8fNkHOIQrgST1NXsQNUUvkM=' 'sha256-Uf/TuaAHNfyjlg9yu+JwJvNex0J4F8P5y1EX/7d3HBo=' 'sha256-5pAz9LA5Kd0fNdNKabc8sUsQFjj2KKKzr+xpJoTFDro=' 'sha256-bDHwVb2yNGozQOrAgp32/QHHYAjioxDHCQBhf76qURc=' 'sha256-AJq9exT3Ll9m7nESioK6xi4D/UXYMYMBYl4DpRzkudU=' 'sha256-q5FMu3Ek0J1QwGPsjKDMhofYgND4NsJILaBNCjGj/PI=' 'sha256-CpgJgaRhsQ4zt1yJ1tqgt4RF0b27pkICFQjkowqxSls=' 'sha256-HnsvHqh/VFF1QGAXcQQRX7/EweU+ZpSh5d9CTzvuV24=' 'sha256-zRVBfGIwY5faywO8HVAx5yhjiLnjnQJAjZKMC0a6yCU=' 'sha256-lSJQ7yppv53iUCDEVAVX0hHoEFtf7UbLORmzBoT0+Zk=' 'sha256-JrPbDkpkxMkvx5ouqdpVRHrYJ/8kbxNfCAqeI/sBoxI=' 'sha256-CF514nuASQaAc862LA/IBUPtvb0DR7NqBmJN3bIjfSc=' 'sha256-XfvPhY1wZt+By3OE6H2CVfPlCUUf8gqXTkGIYEDcwh0=' 'sha256-jrQ27qF1Um8eiFRU2sv/0YpeMKlp1Rymcml/01WAbqc=' 'sha256-jsHbxi8kmIZQd3zphfCahFskjploYZ1C1gmnAclUank=' 'sha256-ZCaJdZOe3/6LsoBr8EdirJykG5RhPsTa162AuPUK8bo=' 'sha256-4uO+HALotsc/Iet+4QuzYrf7K9VYqL0g6/dWrU2XrgU=' 'sha256-5k46gkNpa/S7LFnvJSpNyUCxWSk4nSlK0CzzbJGFa1w=' 'sha256-vuaPYM+yZoYpio6ok8OcH/zFmuMy9lwlcxPB8RqYcrg=' 'sha256-cHWUFwuc4KAtHFg5uh51/dAh0qPptfsqq2kW3xH2IF0=' 'sha256-umHKqK9cGaTsJ31/uxwJfTxHkzSMC4HLjp/OZ1cRzbc=' 'sha256-kxju1wKqgLhQOBfTjTdOeRoRX7LXeWKNHu/g7Otw/ac=' 'sha256-Db8cCDf75wzl87NF5lwjs3tNmMTzIJqlmvoqVZAUupk=' 'sha256-jAwwP2EuqRx2RiMz3dG9KCIjylVgSPcSQtwirActsQI='; style-src 'self' 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com;script-src-attr 'self' 'unsafe-inline'; object-src 'none';img-src 'self' https://envoylive.medacs.com data: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com data: s7.addthis.com v1.addthisedge.com z.moatads.com m.addthis.com graph.facebook.com api-public.addthis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com ext.easyshipping.gr 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ext.easyshipping.gr stackpath.bootstrapcdn.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com api-public.addthis.com www.skroutz.gr analytics.skroutz.gr c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com v1.addthisedge.com z.moatads.com m.addthis.com stats.g.doubleclick.net stackpath.bootstrapcdn.com api-public.addthis.com www.google.gr *.cdninstagram.com analytics.skroutz.gr *.utils.elfsightcdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com player.vimeo.com ajax.cloudflare.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net analytics.skroutz.gr www.google.com www.gstatic.com s7.addthis.com v1.addthisedge.com m.addthis.com z.moatads.com api-public.addthis.com apps.elfsight.com static.elfsight.com chimpstatic.com 360.bestprice.gr scripts.bestprice.gr pagead2.googlesyndication.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net s7.addthis.com v1.addthisedge.com z.moatads.com m.addthis.com graph.facebook.com api-public.addthis.com fonts.gstatic.com www.googletagmanager.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com stackpath.bootstrapcdn.com s7.addthis.com v1.addthisedge.com m.addthis.com z.moatads.com api-public.addthis.com *.elfsight.com api.instacloud.io stats.g.doubleclick.net www.bestprice.gr pagead2.googlesyndication.com region1.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-9CFBTr4jJkRJYJKAW82R7A==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.ourtime.es *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.ourtime.es; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
default-src 'self'; script-src 'self' 'nonce-EhejaJT7LdnyV7uoBDaeQA==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.ourtime.nl *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.ourtime.nl; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube-nocookie.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.storyblok.com *.klarna.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com *.prismic.io *.cdn.prismic.io *.cookiebot.com imgsct.cookiebot.com *.documentforce.com hummuk--c.documentforce.com *.force.com hummuk.file.force.com *.google.com *.google.com.vn bat.bing.com *.linkedin.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com adobedtm.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com static.cdn.prismic.io *.prismic.io cdn.jsdelivr.net *.jsdelivr.net *.cookiebot.com consent.cookiebot.com config.gorgias.chat *.gorgias.chat data: self unsafe-inline *.lr-intake.com bat.bing.com snap.licdn.com s.pinimg.com *.googleoptimize.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com services.postcodeanywhere.co.uk *.klaviyo.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com https://player.vimeo.com *.doubleclick.net *.fontawesome.com *.youtube.com *.cardinalcommerce.com *.facebook.com config.gorgias.chat *.googlesyndication.com pagead2.googlesyndication.com *.cookiebot.com consent.cookiebot.com *.prismic.io *.algolia.io *.lr-intake.com api.addressy.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.link.com *.amazon.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a1444c0b-988b-46bf-8bde-a8332665a15c.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com data: *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io *.mercadolibre.com https://mobbex.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com flagpedia.net *.mobbex.com *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.shopify.com *.mlstatic.com *.mercadopago.com maps.googleapis.com *.mobbex.com https://accounts.google.com www.gstatic.com *.google.ie *.googleadservices.com www.xtento.com cdn.xtento.com https://ipinfo.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com https://accounts.google.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com www.gstatic.com maps.googleapis.com *.mobbex.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qFNQ4fLabwrCbjQS5Y8zgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com *.twitter.com cdn.pagesense.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://h.online-metrix.net *.d.aa.online-metrix.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.ytimg.com pagesense-proxy.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.newrelic.com *.nr-data.net cdn.pagesense.io pagesense-proxy.com static.zohocdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br *.cloudflare.com *.twitter.com *.paypal.com *.newrelic.com *.nr-data.net pagesense-proxy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: *; font-src 'self' https: data: *; img-src 'self' https: data: *; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' blob: *; style-src 'self' https: 'unsafe-inline' *; connect-src 'self' https: * ws://* wss://*; frame-src 'self' https: data: 'unsafe-inline' *; worker-src 'self' blob: https: * 1
object-src 'none';base-uri 'self';script-src 'nonce-HoaoFuD4EmMTfg_ycbdnqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads 1
object-src 'none';base-uri 'self';script-src 'nonce-WGkXVYBhygwla3Mr6ShNRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri https://logger.us-east-1.logging.brightspace.com/log/csp/DNCmCicBJG7XPqdSFkgiAgAAAZz5IJku 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.bunny.net 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.zen.com *.zen-test.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com pay.google.com apm.przelewy24.pl *.zen.com *.zen-test.com *.online-metrix.net *.addthis.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com static.przelewy24.pl www.gstatic.com gstatic.com *.zen.com *.zen-test.com *.online-metrix.net *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com static.payu.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.zen.com *.zen-test.com *.online-metrix.net s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl *.zen.com *.zen-test.com *.online-metrix.net *.seondnsresolve.com ekr.zdassets.com/ *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com https://staging.dre.pellet.mhost.eu https://production.dre.pellet.mhost.eu t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://id-sandbox.dokobit.com/ https://id.dokobit.com/; img-src 'self' blob: https://*.amazonaws.com https://id-sandbox.dokobit.com/ https://id.dokobit.com/ data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://id-sandbox.dokobit.com/ https://id.dokobit.com/; media-src 'self' https://*.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://id-sandbox.dokobit.com/ https://id.dokobit.com/; style-src-elem 'self' 'unsafe-inline' https://id-sandbox.dokobit.com/ https://id.dokobit.com/ fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://id-sandbox.dokobit.com/ https://id.dokobit.com/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.googletagmanager.com blob:; connect-src 'self' https://www.certific.co/ https://ekr.zdassets.com/ https://certific.zendesk.com/ https://widget-mediator.zopim.com/ wss://widget-mediator.zopim.com/ https://region1.google-analytics.com https://www.google-analytics.com/ wss://*.twilio.com https://id-sandbox.dokobit.com/ https://id.dokobit.com/; report-uri /api/log/csp-report; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com *.granado.com.br *.phebo.com.br *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com * *.adyen.com www.google.com *.granado.com.br *.phebo.com.br *.criteo.com *.criteo.net *.run.app *.doubleclick.net *.getblue.io *.groovinads.com *.googleapis.com *.twitter.com *.pagaleve.io *.pagaleve.com.br *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com *.googleapis.com *.granado.com.br *.phebo.com.br *.clarity.ms *.bing.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.casalemedia.com *.dmxleo.com *.criteo.com *.stickyadstv.com *.360yield.com *.liadm.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.tremorhub.com *.clmbtech.com *.3lift.com *.1rx.io *.agkn.com *.unrulymedia.com *.fwmrm.net *.adsrvr.org *.yahoo.com *.bidr.io *.adform.net *.sitescout.com *.crwdcntrl.net *.springserve.com *.stackadapt.com *.ipredictive.com *.openx.net *.mdhv.io *.w55c.net *.simpli.fi *.turn.com *.sundaysky.com *.contextweb.com *.everesttech.net *.adgrx.com *.a-mo.net *.google.com.br *.dotomi.com *.groovinads.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.alothemes.com *.magepow.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.ytimg.com *.pagaleve.com.br *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.net *.klaviyo.com *.googletagmanager.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.granado.com.br *.phebo.com.br *.clarity.ms *.criteo.com *.getblue.io *.dwin1.com *.tiktok.com *.pmweb.com.br *.grow.up.st *.groovinads.com *.goab.io *.roeyecdn.com *.sciencebehindecommerce.com *.awin1.com *.evgnet.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.pagaleve.com.br *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.ads-twitter.com *.bing.com *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://fonts.googleapis.com/ *.granado.com.br *.phebo.com.br *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.granado.com.br *.phebo.com.br *.clarity.ms *.criteo.com *.algolia.io *.run.app *.exct.net *.grow.up.st *.tiktok.com *.pmweb.com.br https://viacep.com.br *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.granado.com.br *.phebo.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: www.googletagmanager.com www.google-analytics.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'report-sample' https: www.googletagmanager.com www.google-analytics.com; form-action 'self' https://*.planetrentalcars.com; object-src 'none'; media-src 'none'; report-uri /csp/report; worker-src 'self' blob:; 1
default-src 'self'; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: blob: data:; frame-ancestors 'self'; frame-src 'self' https:; worker-src blob:; object-src 'self'; media-src https: blob: data:; report-uri https://www.plateforme-apis.fr/local/csp/collector.php?uid=0&cid=1 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com self data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * self 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.swagger.io *.ftcdn.net *.behance.net *.scene7.com static.klaviyo.com mcstaging.polarenlinea.com mcprod.polarenlinea.com *.facebook.com *.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.braintreegateway.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com self data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.marketo.net 233-mju-939.mktoresp.com smetrics.polarenlinea.com *.facebook.com *.facebook.net *.connect.facebook.net *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.bolt.com *.commerce-quick-checkout.com *.googleapis.com *.gstatic.com *.online-metrix.net *.cybersource.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com self unsafe-inline 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com static.klaviyo.com assets.braintreegateway.com self unsafe-inline 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com self 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com smetrics.polarenlinea.com *.demdex.net 233-mju-939.mktoresp.com *.cardinalcommerce.com *.snplow.net *.facebook.com *.pingdom.net *.woorank.com *.adobedc.net *.youtube.com *.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com *.bolt.com *.magento-ds.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com self 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' blob: https://prod-plk-web.es.rbi.tools/en/static/js/vendor.47959984.js https://prod-plk-web.es.rbi.tools/en/static/js/main.fd163006.js https://prod-plk-web.es.rbi.tools/en/static/js/runtime.198fc3e1.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-plk-web.es.rbi.tools/en/static/js/vendor.4de64160.js https://prod-plk-web.es.rbi.tools/en/static/js/main.01b1ab60.js https://prod-plk-web.es.rbi.tools/en/static/js/runtime.c2766de8.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
font-src 'self' data: *.cloudfront.net *.gstatic.com; img-src 'self' data: blob: *.meupositivo.com.br *.positivoempresas.com.br *.google.com  *.google.com.br *.google-analytics.com *.facebook.com *.facebook.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.youtube.com *.google.com *.googletagmanager.com *.hotjar.com tags.cmp.tail.digital *.google-analytics.com *.positivoempresas.com.br code.jquery.com *.gstatic.com *.facebook.net *.cloudfront.net googleads.g.doubleclick.net; frame-ancestors 'self' data: *.positivoempresas.com.br *.positivotecnologia.com.br; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.positivoempresas.com.br 1
font-src *.klarnacdn.net *.typekit.net *.fonts.smct.io *.akamaihd.net *.gstatic.com *.google.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.liveperson.net *.pinterest.com *.vimeo.com *.lpsnmedia.net *.formstack.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com ct.pinterest.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com *.silentnightbrands-gb.attn.tv *.bazaarvoice.com *.collector-20390.tvsquared.com *.bat.bing.com *.onetrust.com *.google.com *.cdn.smct.io *.cdn.smct.co *.ctfassets.net *.placeholder.com *.photorank.me *.quantserve.com *.ometria.com *.data-8.co.uk *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.pinterest.com s.pinimg.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com *.smct.co *.js.smct.io *.bat.bing.com *.rules.quantcount.com *.script.hotjar.com *.lantern.roeyecdn.com *.attn.tv *.cdn.sub2tech.com *.collector-20390.tvsquared.com *.static.hotjar.com *.dwin1.com *.google.com *.sharethis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.bazaarvoice.com *.onetrust.com *.trustpilot.com *.ometria.com *.liveperson.net *.quantserve.com *.doubleclick.net *.lpsnmedia.net *.akamaihd.net *.data-8.co.uk *.pinterest.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.klarnacdn.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.fonts.smct.io *.akamaihd.net *.data-8.co.uk *.gstatic.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com ct.pinterest.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com connect.facebook.net graph.facebook.com *.ws.hotjar.com *.data-8.co.uk *.content.hotjar.io *.ipl.smct.io *.firehose.eu-west-1.amazonaws.com *.silentnightbrands-gb.attn.tv *.googleads.g.doubleclick.net *.events.attentivemobile.com *.onetrust.com *.akamaihd.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.accelasearch.io *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.accelasearch.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.accelasearch.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.iubenda.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.accelasearch.io *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.accelasearch.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.iubenda.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.paypalobjects.com/;connect-src https://combined-demo.apm.eu-west-1.aws.cloud.es.io/;frame-src 'self' https://www.youtube.com/; report-uri https://reports.webperf.tools/qrexplore; report-to default 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-jNKPFg7oQC9U1Cgua1FUPw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
child-src blob:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://translate.googleapis.com https://rabbitsign-beta-docs.s3.amazonaws.com https://rabbitsign-docs.s3.amazonaws.com https://rabbitsign-beta-templates.s3.amazonaws.com https://rabbitsign-templates.s3.amazonaws.com https://rabbitsign-beta-signing-options.s3.amazonaws.com https://rabbitsign-signing-options.s3.amazonaws.com https://rabbitsign-beta-user-assets.s3.amazonaws.com https://rabbitsign-user-assets.s3.amazonaws.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src https:; img-src 'self' blob: data: https://translate.google.com https://rabbitsign-beta-signing-options.s3.amazonaws.com https://rabbitsign-signing-options.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://*.googletagmanager.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; worker-src blob:; base-uri 'none'; frame-ancestors 'none'; report-uri https://webhook.site/2ff2c0c3-0cac-47a8-a21f-e3394b3de561 1
object-src 'none';base-uri 'self';script-src 'nonce-Lg0_zDFG2tuTYSJHbtZEoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ljz_AhOfQ6Ao6X5fYzDo4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://redebanmulticolor.com.co https://www.pasarelapagosaval.com https://www.pagaenlinearbm.com; script-src 'self' https://pagaenlinearbm.com https://web.certicamara.com https://seal.websecurity.norton.com 'unsafe-eval' 'unsafe-hashes'; object-src 'none'; img-src 'self' data: https:; style-src 'unsafe-inline' 'self';script-src-elem 'self' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline' https:;style-src-elem 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https:;frame-ancestors 'self' https://redebanmulticolor.com.co https://www.pasarelapagosaval.com https://www.pagaenlinearbm.com; 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=E8dG6QUBD8ASruQ4PUPlJMbuLfHWJttTww98I0CM1qs-1773715463-1.0.1.1-Svo0uFZTC.SCAGv0b.IFuh91AUp_D6R9dWKdqEPTuf_RcLBvhtFpJAtUT_w.NUeXBDilZG3ezKDaBPQZ73b8qXp.03RVXRYfMga2nb.FZ80rDhAdmRLmlaTnJ9JIwlVG6nTpR951lAg.0DDCADlTdfqNNxcBJEOwMgQLYFK8zQ93nqgbB33zVQ7Lw75hJsy.; report-to cf-csp-endpoint 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-F0E06Sok5NmOLFuLQdOliw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.bunny.net *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * challenges.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.disqus.com *.avada.io *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com challenges.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.bunny.net *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.youtube.com *.vimeo.com *.vimeocdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.sentry.io; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://resraku-image-files-production.s3.ap-northeast-1.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://cdn.jsdelivr.net 'nonce-'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; script-src-attr 'none'; report-uri /csp/report 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.netreviews.eu 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.netreviews.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.avis-verifies.com *.netreviews.eu 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ https://cdnjs.cloudflare.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.avis-verifies.com *.netreviews.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.avis-verifies.com *.netreviews.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.netreviews.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://magento2.fr/; report-to report-endpoint; 1
font-src *.fontawesome.com https://fonts.gstatic.com/ fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com https://maps.googleapis.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.gstatic.com *.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KoKLiwDt8IfF8joH1ndbCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; frame-ancestors 'self'; base-uri 'self'; 1
font-src *.boxnow.gr *.boxnow.cy fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.boxnow.gr *.boxnow.cy https://widget-v5.boxnow.gr https://www.googletagmanager.com https://www.facebook.com https://td.doubleclick.net https://youtu.be 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.boxnow.gr *.boxnow.cy magefan.com cm.magefan.com *.disqus.com *.designer-images.net https://www.facebook.com https://www.google.gr https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.boxnow.gr *.boxnow.cy *.disqus.com *.stat-track.com polyfill.io *.moosend.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://www.gstatic.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.moosend.com *.bootstrapcdn.com https://use.typekit.net https://p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.boxnow.gr *.boxnow.cy *.stat-track.com *.m-pages.com *.m-operations.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://www.google.gr https://www.facebook.com https://pagead2.googlesyndication.com https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' sbb.com.br *.sbb.com.br wake-components.fbitsstatic.net sbb.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.sbb.com.br sbb.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.eewosecure.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.demdex.net *.authorize.net *.paypal.com *.google.com *.facebook.com *.facebook.net *.vimeo.com *.youtube-nocookie.com *.braintreegateway.com *.kaptcha.com *.yotpo.com *.eewosecure.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.paypal.com *.google.com *.youtube.com https://s.ytimg.com *.instagram.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.addthisedge.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.gstatic.com *.moatads.com *.paypal.com *.paypalobjects.com *.trustedshops.com *.usercentrics.eu *.instagram.com *.vimeo.com *.yotpo.com youtube.com *.facebook.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.cloudflare.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.vimeo.com *.youtube.com *.google.com *.moatads.com *.paypal.com *.braintreegateway.com *.addthis.com *.cardinalcommerce.com *.paypalobjects.com *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.amazonservices.de *.google-analytics.com *.googleapis.com *.gstatic.com *.yotpo.com *.instagram.com *.cdninstagram.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'nonce-B0A2N2q7G9eowl5KluRk1/eTto1ss+U5Dz6VV8pgJ6U=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
script-src 'self' 'nonce-dtWxXv1+WjWr5N5ACT0QUyDIFiN+9Lx2HgcYzsRGUFE=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
default-src 'self';           object-src 'none';           base-uri 'self';           frame-ancestors 'self';           frame-src 'self' https://consentcdn.cookiebot.com https://www.googletagmanager.com https://googleads.g.doubleclick.net;           img-src 'self' data: https: blob:;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;           script-src-elem 'self' https://www.googletagmanager.com https://widgets.trustedshops.com https://consent.cookiebot.com https://consentcdn.cookiebot.com;           script-src-attr 'self' 'unsafe-inline';           style-src 'self' 'unsafe-inline' https:;           font-src 'self' data: https:;           connect-src 'self' https:;           report-uri /csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-FpFbksZh7VZshaXp3T-Log' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; media-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YT9fPU5mrTz5ECMoE2KGLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ep-7jvpxFgWTJGihtxioaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-J1kZhsuU40hyqGm9CqjUyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action *.payway.com.hr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.polyfill.io *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.google-analytics.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-j0K7QjMH0PLQdzQcKFzIgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1rW4EdxmjnutOeJy3NnydA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WonjzOddUkboPbPQiiTCwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GM19QfLs3sm8GvlQPNJ8Qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-sFqpo1WRL5vz1I-9f7njDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' replacements.okta.com signin.replacements.com *.oktacdn.com *.replacements.com; connect-src 'self' replacements.okta.com replacements-admin.okta.com signin.replacements.com *.oktacdn.com *.mixpanel.com *.mapbox.com replacements.kerberos.okta.com replacements.mtls.okta.com https://oinmanager.okta.com data: *.replacements.com *.ingest.sentry.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' replacements.okta.com signin.replacements.com *.oktacdn.com *.replacements.com; style-src 'unsafe-inline' 'self' 'report-sample' replacements.okta.com signin.replacements.com *.oktacdn.com *.replacements.com; frame-src 'self' replacements.okta.com replacements-admin.okta.com signin.replacements.com login.okta.com *.vidyard.com *.replacements.com; img-src 'self' replacements.okta.com signin.replacements.com *.oktacdn.com https://ok12static.oktacdn.com/fs/bcg/4/gfs9dry6mb9NvbOxK5d7 *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: *.replacements.com blob:; font-src 'self' replacements.okta.com signin.replacements.com data: *.oktacdn.com fonts.gstatic.com *.replacements.com; frame-ancestors 'self' https://www.starsupplier.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' SugoiBigFish.com.br *.SugoiBigFish.com.br wake-components.fbitsstatic.net sugoibigfish.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com cloudflare.com hertzen.com doubleclick.net *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.cloudflare.com *.hertzen.com wss://signalr.fbits.net *.gstatic.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.SugoiBigFish.com.br SugoiBigFish.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-GOGQvujRh2fGdHDOuzjA1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src sundberguat-m2-cdn.azureedge.net sundbergprd-m2-cdn.azureedge.net *.gstatic.com *.fonts.gstatic.com *.hawksearch.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com batchgeo.com https://spins0.arqspin.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.trackedlink.net *.ddlnk.net sundberguat-m2-cdn.azureedge.net sundbergprd-m2-cdn.azureedge.net *.repairclinic.com *.www.stageimages.repairclinic.com https://spins0.arqspin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com sundberguat-m2-cdn.azureedge.net sundbergprd-m2-cdn.azureedge.net *.googleapis.com *.ajax.googleapis.com *.hawksearch.net https://www.sundbergamerica.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com webchat.dotdigital.com webchat.staging.dotdigital.com sundberguat-m2-cdn.azureedge.net sundbergprd-m2-cdn.azureedge.net manage.hawksearch.com *.googleapis.com *.fonts.googleapis.com *.hawksearch.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-b4QkNayHBTJfU-486RHWfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; media-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; upgrade-insecure-requests; report-to csp; report-uri /csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.authorize.net td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com https://aheadworks.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ lb.data-dynamic.net www.google.co.in d3k81ch9hvuctc.cloudfront.net maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.mouseflow.com cloudfront.barilliance.com static.cloudflareinsights.com ajax.cloudflare.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://static.klaviyo.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.crwdcntrl.net *.amazonaws.com *.stbuttons.click www.barilliance.net stats.g.doubleclick.net *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.checkout.com *.cdn-apple.com cdn.livechat.connexease.com api.connexease.com *.g.doubleclick.net *.smooch.io cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.com google.ae *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com fonts.gstatic.com https://cdn-sandbox.tamara.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com self pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com pay.sandbox.realexpayments.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.checkout.com *.klarna.com self *.paypal.com *.tamara.co *.vimeo.com *.braintreegateway.com td.doubleclick.net *.googletagmanager.com livechat.connexease.com cdn.allinone.connexease.com cdnjs.cloudflare.com tr.snapchat.com *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net www.googletagservices.com google.com *.twitter.com *.youtube.com/ checkout.tabby.ai www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.fls.doubleclick.net *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.checkout.com 'self' 'unsafe-inline' 'self' data: *.g.doubleclick.net *.google-analytics.com *.paypal.com *.cloudflare.com *.klarna.com *.tamara.co *.facebook.com *.twitter.com *.snapchat.com preprod.calvinklein.ae *.ytimg.com cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.smooch.io cdnjs.cloudflare.com tr.snapchat.com cdn.connexease.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.com *.google.ae *.google.com.af *.google.com.bh *.google.com.eg *.google.iq *.google.com.jo *.google.com.kw *.google.com.lb *.google.com.om *.google.ps *.google.com.qa *.google.com.sa *.google.com.tr *.google.com.ye *.twimg.com *.lightemporium.com *.usercentrics.eu https://firebasestorage.googleapis.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://ad.doubleclick.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.checkout.com *.klarnacdn.net *.cdn-apple.com 'self' 'unsafe-inline' 'unsafe-eval' www.paypal.com connect.facebook.net cdn.segment.com *.cloudflare.com js.braintreegateway.com *.tamara.co *.adobedtm.com tr.snapchat.com analytics.tiktok.com preprod.calvinklein.ae api.segment.io sc-static.net livechat.connexease.com cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.smooch.io td.doubleclick.net cdnjs.cloudflare.com cdn.connexease.com *.googlesyndication.com *.googletagservices.com *.google.com *.google.ae *.google.com.af *.google.com.bh *.google.com.eg *.google.iq *.google.com.jo *.google.com.kw *.google.com.lb *.google.com.om *.google.ps *.google.com.qa *.google.com.sa *.google.com.tr *.google.com.ye *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.avada.io checkout.tabby.ai widgets.tabby.ai www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.commerce-payment-services.com *.typekit.net google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.checkout.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.hotjar.com *.contentsquare.net wss://*.hotjar.com *.hotjar.io *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.checkout.com 'self' 'unsafe-inline' fonts.googleapis.com *.fontawesome.com livechat.connexease.com preprod.calvinklein.ae cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.g.doubleclick.net *.smooch.io cdnjs.cloudflare.com tr.snapchat.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.com *.google.ae *.google.com.eg *.google.com.lb *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://fonts.bunny.net maxcdn.bootstrapcdn.com *.tamara.co https://unpkg.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co d2cbsaprdtfsuaensto00.blob.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.checkout.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.browser-intake-datadoghq.com 'self' cdn.segment.com *.braintreegateway.com *.paypal.com *.tamara.co *.facebook.net *.cloudflare.com tr.snapchat.com get.geojs.io tr6.snapchat.com analytics.tiktok.com cdn.sift.com api.braintreegateway.com livechat.connexease.com api.connexease.com cdn.livechat.connexease.com *.g.doubleclick.net *.smooch.io cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.com *.google.ae *.google.com.eg *.google.com.lb *.twitter.com *.twimg.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io checkout.tabby.ai widgets.tabby.ai api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://browser-intake-datadoghq.eu google.com/pay *.hotjar.com wss://*.hotjar.com *.hotjar.io *.contentsquare.net https://analytics-ipv6.tiktokw.us https://*.us-central1.run.app https://*.conversionsapigateway.com https://ad.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-V9ll7WmZgXWxbyY2NISLmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; connect-src 'self' https:; font-src 'self' https: data:; frame-ancestors 'self' 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com *.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com secure-gateway.hipay-tpp.com *.hipay.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com https://www.googletagmanager.com/ *.oct8ne.com *.trustpilot.com *.weltpixel.com https://td.doubleclick.net https://*.doubleclick.net https://*.iubenda.com https://www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.cdn.klarna.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.sharethis.com *.pinterest.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.oct8ne.com https://www.google.it https://*.googleadservices.com *.s.ytimg.com https://pagead2.googlesyndication.com https://www.facebook.com https://*.facebook.com https://connect.facebook.net widget.feedaty.com idb.iubenda.com https://api.clerk.io *.fontawesome.com *.tessilhotel.com https://c.clarity.ms https://*.clarity.ms https://c.bing.com https://*.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.facebook.net *.pinterest.com *.instagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.oct8ne.com *.trustpilot.com https://pagead2.googlesyndication.com widget.feedaty.com idb.iubenda.com cdn.iubenda.com cs.iubenda.com custom.clerk.io *.tessilhotel.com www.clarity.ms static.zdassets.com code.upscope.io js.upscope.io https://cdn.iubenda.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.hipay.com *.googleapis.com *.fontawesome.com *.trustpilot.com widget.feedaty.com idb.iubenda.com *.tessilhotel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com *.hipay.com wss://mpsnare.iesnare.com https://*.ingest.sentry.io *.cloudflare.com *.paypal.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.oct8ne.com *.google.com widget.feedaty.com idb.iubenda.com ekr.zdassets.com data--eu-central.upscope.io wss://data--eu-central.upscope.io tessilhotel.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com https://b.clarity.ms https://*.clarity.ms https://pagead2.googlesyndication.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://cpl.iubenda.com https://*.iubenda.com https://c.bing.com https://www.facebook.com https://*.facebook.com https://secure-gateway.hipay-tpp.com https://*.hipay-tpp.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io *.paymenthighway.io *.mobilepay.fi 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.cookiebot.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://firebasestorage.googleapis.com https://www.magezon.com *.shipit.ax cdn2.hubspot.net resources.paytrail.com www.shipit.fi cdn.valuesportal.com *.cookiebot.com *.googleapis.com https://api.shipit.ax/images/carrier-logos/home-full-logo-medium.png https://api.shipit.ax/images/carrier-logos/1.1%20Posti%20logo%20Posti%20Orange%20rgb.png https://api.shipit.ax/images/carrier-logos/Matkahuolto_logo_round_DarkBlue_RGB.png https://api.shipit.ax/images/carrier-logos/Logo_DB_Schenker.svg.png https://api.shipit.ax/images/carrier-logos/postnord-logotype-rgb.jpg https://media.856m4.upcloudobjects.com/production/vendor-logos/ https://api.shipit.ax/images/carrier-logos/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.avada.io *.shopify.com services.paytrail.com cdn.adt393.com static.hotjar.com maps.googleapis.com valuesportal.com *.hotjar.com *.cookiebot.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io *.paytrail.com maps.googleapis.com *.adtraction.net vc.hotjar.io *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'unsafe-inline' https://www.google.com/; style-src 'unsafe-inline' https://www.google.com/; img-src *; font-src *; media-src *; frame-src 'none'; frame-ancestors 'none'; form-action 'none'; report-uri https://thespidershop.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' thugnine.com.br *.thugnine.com.br wake-components.fbitsstatic.net thugnine.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.yourviews.com.br *.criteo.com *.yviews.com.br *.criteo.net *.clearsale.com.br *.pinimg.com *.pinterest.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net d3bo67muzbfgtl.cloudfront.net api.edrone.me *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gstatic.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.edrone.me *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com *.pagaleve.com.br wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.thugnine.com.br thugnine.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.azureedge.net https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://*.sequrapi.com https://*.sequracdn.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.datatables.net https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://cartstack.com https://*.cartstack.com https://metricool.com https://*.metricool.com https://hotjar.com https://*.hotjar.com https://*.googlesyndication.com https://*.google-analytics.com https://clippingmagic.com https://*.clippingmagic.com https://intercom.io https://*.intercom.io https://*.intercomcdn.com https://bing.com https://*.bing.com https://cdn.cookielaw.org https://hertzen.com https://*.hertzen.com https://infird.com https://*.infird.com https://prestashop3.com https://*.prestashop3.com https://*.secured-pixel.com https://*.extensionscontrol.com https://js.chargebee.com https://connect.facebook.net https://*.connect.facebook.net; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.gstatic.com https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googletagmanager.com https://*.mxpnl.com https://*.oct8ne.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://sequracdn.com https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.datatables.net https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://fontawesome.com https://*.fontawesome.com https://honey.io https://*.honey.io https://ray.st https://*.ray.st; img-src 'self' data: blob: https:; font-src 'self' data: https://*.gstatic.com https://*.cdn.office.net https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.mxpnl.com https://*.oct8ne.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://sequracdn.com https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://fontawesome.com https://*.fontawesome.com https://*.perplexity.ai https://*.pixiebrix.com https://*.scite.ai; connect-src 'self' data: https://wsg127.com https://*.wsg127.com https://*.googlesyndication.com https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.datatables.net https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com http://tiendamalagacf.com http://*.tiendamalagacf.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://*.sequrapi.com https://*.sequracdn.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://*.highcharts.com https://code.highcharts.com https://cdn.tailwindcss.com https://unpkg.com https://code.jquery.com https://*.mkt.dynamics.com https://*.azureedge.net wss://*.oct8ne.com https://*.google-analytics.com https://*.region1.google-analytics.com https://*.region1.analytics.google.com https://*.googleadservices.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://empathy.co https://*.empathy.co https://intercom.io https://*.intercom.io wss://*.intercom.io https://*.google.kz https://*.google.be https://*.google.com.ar https://*.google.com.co https://*.google.pt https://*.google.cl https://*.google.co.uk https://bing.com https://*.bing.com https://*.onetrust.com https://*.overbridgenet.com https://*.segment.com https://*.segment.io https://*.psessentials.net https://*.safesearchinc.com https://*.growthbook.io https://api.video-adblock.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.geolocation.onetrust.com; frame-src 'self' blob: https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://prestashop.com https://*.prestashop.com; media-src 'self' data: https://*.azurewebsites.net https://*.clarity.ms https://*.connectif.cloud https://*.doubleclick.net https://*.ggpht.com https://*.google.es https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.mxpnl.com https://*.oct8ne.com https://tiendamalagacf.com https://*.tiendamalagacf.com https://*.redsys.es https://*.sentry.io https://*.sequracdn.com https://*.sequrapi.com https://*.tiktok.com https://*.tiktokw.us https://*.trevenque.es https://*.typography.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.jsdelivr.net https://*.cloudflare.com https://*.paypal.com https://*.paypalobjects.com https://*.bootstrapcdn.com https://unpkg.com https://code.jquery.com https://*.googlevideo.com; worker-src 'self' blob:; child-src 'self' blob: https://*.oct8ne.com; base-uri 'self'; form-action 'self' https://*.redsys.es https://*.paypal.com https://*.facebook.com https://*.google.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://cspreports.desarrollotrevenque.com/api/csp-report/8d21d112-1648-4ac6-844d-d8d25818a1e7; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.fontawesome.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GwhPpnjZrldAYzJkktsPJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com tile.openstreetmap.org docs.maptiler.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;         style-src 'self' 'unsafe-inline' https:;         img-src 'self' data: https: blob:;         font-src 'self' data: https:;         connect-src 'self' https:;         frame-src 'self' https:      1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.ewaypayments.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.trackedlink.net *.ddlnk.net *.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com js-agent.newrelic.com bam.nr-data.net *.ewaypayments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://www.uhp.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com www.vismasignforms.com uittokalusto.shard.fi policy.app.cookieinformation.com dapi.videoly.co *.yotpo.com online.avarda.org stage.avarda.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com *.cloudfront.net www.google.fi pagead2.googlesyndication.com cdn2.hubspot.net static.paytrail.com resources.paytrail.com p.yotpo.com yotpo-editor-production.s3.amazonaws.com v2assets.zopim.io dapi.videoly.co *.yotpo.com online.avarda.org stage.avarda.org https://cdn.flbx.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com widget-mediator.zopim.com code.tidio.co policy.app.cookieinformation.com t.myvisitors.se static.zdassets.com connect.getflowbox.com staticw2.yotpo.com api.custobar.com script.custobar.com dapi.videoly.co s2.adform.net api.videoly.co *.yotpo.com online.avarda.org stage.avarda.org https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com staticw2.yotpo.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ cdn.flbx.io static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com www.google.fi www.google.com pagead2.googlesyndication.com zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com scone-pa.clients6.google.com policy.app.cookieinformation.com region1.analytics.google.com ekr.zdassets.com uittokalustohelp.zendesk.com staticw2.yotpo.com gateway.getflowbox.com a.getflowbox.com api.custobar.com *.yotpo.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com consent.app.cookieinformation.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d2wzl9lnvjz3bh.cloudfront.net d2oarllo6tn86.cloudfront.net inpref.com *.inpref.com fi1.frosmo.com *.fi1.frosmo.com widget-mediator.zopim.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es secure.payu.com merch-prod.snd.payu.com https://store.plumrocket.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io secure.payu.com secure.snd.payu.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es secure.payu.com merch-prod.snd.payu.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com https://widgets.trustedshops.com applepay.cdn-apple.com *.gstatic.com 'self' data: client.crisp.chat data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com js.mollie.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ js.mollie.com *.payplug.com *.dalenys.com *.googleapis.com game.crisp.chat 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com https://secure-magenta.dalenys.com *.hsforms.net *.hsforms.com *.googleapis.com *.gstatic.com *.google.com https://www.mollie.com 'self' data: *.crisp.chat integrations.etrusted.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com js.mollie.com https://browser.sentry-cdn.com *.disqus.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com api.payplug.com cdn.payplug.com *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com smartarget.online client.crisp.chat widgets.trustedshops.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com https://secure-magenta.dalenys.com *.googleapis.com *.gstatic.com client.crisp.chat integrations.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com client.crisp.chat 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.almapay.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com js.mollie.com api-adresse.data.gouv.fr https://*.ingest.sentry.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site t.elasticsuite.io *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.google-analytics.com api.smartarget.online *.crisp.chat *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-Bd5wV2ubY9/NuZ4dNpk1Cw==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self'; script-src 'self' 'nonce-l7F6vZL1pKhkNL+W9oNJRA==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ValordoConhecimento.com.br *.ValordoConhecimento.com.br wake-components.fbitsstatic.net valordoconhecimento.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.valordoconhecimento.com.br *.ecommercegateway.com.br *.opolen.com.br *.addthis.com *.yapay.com.br k-analytix.com *.k-analytix.com i.konduto.com *.traycheckout.com.br *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.ValordoConhecimento.com.br ValordoConhecimento.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net www.fontawesome.com www.googleapis.com www.gstatic.com *.zdassets.com https://static.micuentaweb.pe/static/ *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ https://seo.mageplaza.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.addthis.com www.doubleclick.net www.google.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://secure.micuentaweb.pe/vads-payment/ https://static.micuentaweb.pe/static/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.uber.com *.ubereats.com www.facebook.com www.facebook.net *.metricool.com www.google.com.ar *.zdassets.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://secure.micuentaweb.pe/static/latest/images/type-carte/ https://static.micuentaweb.pe/static/ https://secure.micuentaweb.pe/vads-payment/ *.gstatic.com *.facebook.com *.reddit.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.aptrinsic.com *.metricool.com *.clarity.ms www.facebook.com api.yotpo.com www.facebook.net js-agent.newrelic.com recostream.com *.zdassets.com www.varsovienne.cl unpkg.com *.zendesk.com www.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.googleapis.com www.mailchimp.com *.zdassets.com https://static.micuentaweb.pe/static/ *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.zendesk.com *.zdassets.com k.clarity.ms api.yotpo.com www.google.com www.facebook.net connect.facebook.net www.googleapis.com unpkg.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.aptrinsic.com www.newrelic.com www.demdex.net commerce.adobedc.net www.varsovienne.cl bam.nr-data.net www.google.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdnjs.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: *.magebig.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com http://cdnjs.cloudflare.com *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout.razorpay.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.googleapis.com https://ipinfo.io *.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ magefan.com cm.magefan.com mageside.com www.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://*.customily.com https://*.amazonaws.com https://*.mapbox.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ s7.addthis.com *.mgt.com www.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com connect.facebook.net graph.facebook.com business.facebook.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.mapbox.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.fontawesome.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com *.tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://*.customily.com https://*.amazonaws.com https://*.mapbox.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ ekr.zdassets.com/ https://get.geojs.io *.mgt.com *.adobe.com www.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com *.vimeo.com *.vimeocdn.com connect.facebook.net graph.facebook.com business.facebook.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.inpost.pl *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' cdnjs.cloudflare.com https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com *.inpost.pl *.addthis.com js.mollie.com pay.google.com apm.przelewy24.pl https://plumrocket.com 'self' https://pudofinder.dpd.com.pl/ *.dpd.com.pl *.user.com www.googletagmanager.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.cdninstagram.com magefan.com cm.magefan.com *.inpost.pl https://firebasestorage.googleapis.com https://www.mollie.com static.przelewy24.pl www.gstatic.com 'self' *.sysadvisors.pl https://cdn-cookieyes.com trustmate.io bat.bing.com media.user.com www.facebook.com *.google.pl *.google-analytics.com *.googletagmanager.com *.doubleclick.net images.unsplash.com www.mollie.com *.easypack24.net *.satisfly.co victoriavynn.com *.victoriavynn.com http://victoriavynn.com http://www.victoriavynn.com *.googlesyndication.com https://geowidget.easypack24.net *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: ssl.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.instagram.com *.inpost.pl s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com js.mollie.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.googletagmanager.com *.snrcdn.net *.snrbox.com *.ekomiapps.de unsafe-inline *.adobedtm.com *.googleadservices.com *.google-analytics.com www.google.com *.easypack24.net *.sysadvisors.pl *.openstreetmap.org *.hsforms.net *.hsforms.com *.gstatic.com *.ruch-osm.sysadvisors.pl cdnjs.cloudflare.com https://cdn-cookieyes.com *.user.com *.allekurier.pl *.facebook.net trustmate.io bat.bing.com www.facebook.com *.tiktok.com https://polyfill-fastly.io https://browser.sentry-cdn.com https://geowidget.easypack24.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.inpost.pl https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' *.sysadvisors.pl *.ruch-osm.sysadvisors.pl cdnjs.cloudflare.com trustmate.io https://geowidget.easypack24.net https://geowidget.inpost.pl *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.inpost.pl https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.inpost.pl ekr.zdassets.com/ https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://ws.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com 'self' *.sysadvisors.pl *.user.com wss://vynngroup.user.com https://cdn-cookieyes.com *.cookieyes.com *.tiktok.com bat.bing.com *.google-analytics.com *.analytics.google.com trustmate.io trustmate.pro *.googlesyndication.com https://*.ingest.sentry.io *.easypack24.net *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-np-5naElRvPRXcA_mND3Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.modo.com.ar data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com *.doubleclick.net mercadopago.com.ar 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net www.google.ae www.google.al www.google.be www.google.by www.google.ca www.google.ch www.google.cl www.google.co.bw www.google.co.cr www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.py www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.uk www.google.co.ve www.google.de www.google.dk www.google.dz www.google.es www.google.fi www.google.gr www.google.hn www.google.hu www.google.it www.google.lk www.google.me www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se *.modo.com.ar *.playdigital.com.ar *.vitamin-way.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.clarity.ms *.cloudflareinsights.com *.doubleclick.net *.facebook.net *.freshworks.com *.modo.com.ar 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.doubleclick.net https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ *.amplitude.com *.clarity.ms *.facebook.com *.freshworks.com www.google.be www.google.ca www.google.ch www.google.cl www.google.co.bw www.google.co.cr www.google.co.in www.google.co.jp www.google.co.kr www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.py www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.uy www.google.com.vn www.google.co.uk www.google.co.ve www.google.de www.google.dk www.google.es www.google.fr www.google.hn www.google.hu www.google.is www.google.it www.google.lu www.google.nl www.google.pl www.google.pt www.google.ro www.google.ru *.playdigital.com.ar 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://fb1042e5-5a1a-4870-abf9-dbe8a3decb09.sansec.watch/; report-to report-endpoint; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-4149c77fe492b810757a75b20d3bc58d1ecc9d47' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-FRekOAxX7JCfMaCa5tAMcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-8CbeXu7AXbF8sxHCvwoAqA' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'none' 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-f102322c1ca34aa1b00223fbee92157e'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-f102322c1ca34aa1b00223fbee92157e'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.twitch.tv https://*.amazongamestudios.com https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=141-3045184-7272611:rid=22920BBCEB5A46D79616:sn=www.amazongamestudios.com 1
font-src *.googleapis.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://*.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no account.fetchify.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com js.stripe.com hooks.stripe.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net *.stripe.com *.stripe.network https://*.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net flagpedia.net store.paradoxlabs.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://www.google.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com maps.googleapis.com js.stripe.com *.trustpilot.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.network *.stripecdn.com *.amazon.com https://*.googleapis.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://*.typekit.net maxcdn.bootstrapcdn.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net www.gstatic.com maps.googleapis.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://fonts.gstatic.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://static.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.certcapture.com www.facebook.com platform.twitter.com https://static.olark.com https://www.google.com https://bid.g.doubleclick.net https://www.equipmentleasing.org https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.certcapture.com *.hsforms.com *.hubspot.com *.searchspring.io *.searchspring.net d3cgm8py10hi0z.cloudfront.net magefan.com cm.magefan.com https://redchamps.com https://firebasestorage.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://log.olark.com https://www.google.com https://marketing.labdepotinc.com https://www.google.com.ph https://www.googletagmanager.com https://www.gstatic.com https://stats.g.doubleclick.net https://bat.bing.com *.inspectlet.com https://analytics.sleeknote.com *.nextopia.net *.securitymetrics.com *.bing.com *.clarity.ms *.labdepotinc.com maps.gstatic.com *.facebook.com https://www.labdepotinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.bugherd.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hs-scripts.com *.hubspot.com https://static.olark.com https://cdn.searchspring.net/intellisuggest/is.min.js s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.google-analytics.com *.bootstrapcdn.com *.nextopia.net https://ac.nextopiasoftware.com https://connect.facebook.net https://nrpc.olark.com https://www.googletagmanager.com https://marketing.labdepotinc.com https://googleads.g.doubleclick.net https://www.google.com https://pay.google.com https://static.cloudflareinsights.com https://api.olark.com https://bat.bing.com https://apis.google.com https://assets.olark.com *.inspectlet.com https://labdepotinc-com.ecomm-nav.com *.clarity.ms js.hs-scripts.com *.newrelic.com *.pardot.com *.pinimg.com *.searchspring.io maps.googleapis.com cdn.ampproject.org www.gstatic.com tagmanager.google.com *.facebook.net unpkg.com https://d.clarity.ms https://www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.certcapture.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com https://cdn.nextopia.net https://static.olark.com https://a.omappapi.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.certcapture.com *.hscollectedforms.net *.hubapi.com *.hubspot.com *.hs-scripts.com *.searchspring.io *.bugherd.com a.omappapi.com https://beacon.searchspring.io/beacon ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.bootstrapcdn.com https://nrpc.olark.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://stats.g.doubleclick.net *.inspectlet.com wss://ws.inspectlet.com https://bat.bing.com *.braintreegateway.com *.clarity.ms bam.nr-data.net *.facebook.com *.pinimg.com *.pinterest.com maps.googleapis.com cdn.ampproject.org *.google-analytics.com *.facebook.net https://a.omappapi.com https://api.omappapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cadencedev.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://static.addtoany.com https://unpkg.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/CBAA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CBAA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CBAA/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CBAA/ https://higherlogicdownload.s3.amazonaws.com/CBAA/ https://higherlogiclongterm.s3.amazonaws.com/CBAA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/CBAA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CBAA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CBAA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/CBAA/ https://higherlogicdownload.s3.amazonaws.com/CBAA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CBAA/ https://higherlogicstream.s3.amazonaws.com/CBAA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CBAA/ https://higherlogicdownload.s3.amazonaws.com/CBAA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CBAA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.bird.eu *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdnjs.cloudflare.com static.klarna.com static-tracking.klaviyo.com cc.cdn.civiccomputing.com static-cdn.civiccomputing.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.typekit.net p.typekit.net *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com stats.g.doubleclick.net cdn.civiccomputing.com apikeys.civiccomputing.com api.klarna.com sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Nzml994AAvlFbiQ6DDMB7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.opayo.eu.elavon.com fonts.googleapis.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.google.com *.google.co.in *.googleapis.com *.bootstrapcdn.com *.tradedoubler.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.opayo.eu.elavon.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com *.google.com *.addthis.com *.pinterest.com https://www.google.com https://www.google.co.in http://onmarshtompor.com *.tradedoubler.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com http://amcglobal.sc.omtrdc.net http://perf.cdnads.com http://e2ertt.com *tradedoubler.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.tradedoubler.com http://iclickcdn.com http://velocecdn.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.bootstrapcdn.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.opayo.eu.elavon.com *.googleapis.com *.cloudflare.com *.google.com *.google.co.in *.gstatic.com *.tradedoubler.com *.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.opayo.eu.elavon.com https://get.geojs.io *.avada.io *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google.com *.google.co.in http://onclickgenius.com https://bedrapiona.com *.tradedoubler.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://liberation-x.com/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: maxcdn.bootstrapcdn.com *.accelasearch.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iubenda.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.accelasearch.io *.iubenda.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.accelasearch.io *.accelasearch.net *.iubenda.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.accelasearch.io *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.accelasearch.io *.iubenda.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://sentry.stg.bik.punkt.hosting/api/4/security/?sentry_key=664625153c07436787dfec6fc6453b08&sentry_environment=Production; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser.sentry-cdn.com matomo.bikar.com pagead2.googlesyndication.com polyfill.io www.google.com sentry.stg.bik.punkt.hosting *.friendlycaptcha.eu *.friendlycaptcha.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.usercentrics.eu *.youtube.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.googletagmanager.com; img-src 'self' googleads.g.doubleclick.net ssl.gstatic.com www.google.com www.google.de www.googletagmanager.com my.bikar.com *.friendlycaptcha.com *.friendlycaptcha.eu *.google-analytics.com *.gstatic.com *.usercentrics.eu *.ytimg.com data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; connect-src 'self' adservice.google.com matomo.bikar.com www.google.com sentry.stg.bik.punkt.hosting my.bikar.com *.friendlycaptcha.com *.friendlycaptcha.eu *.g.doubleclick.net *.google-analytics.com *.usercentrics.eu www.googletagmanager.com; frame-src td.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com; worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-5SGsV4Oak2-JBgyUchMOWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-APy6Fg0EI0hWmBL_f0tT-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rcuXmYf7Gym-4tDzLqzZoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline'; img-src data: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * magento-cloudflare.jetrails.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ytimg.com 'self' data: *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com maps.googleapis.com *.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.google.com *.gstatic.com *.trustpilot.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; form-action 'self' https://request.qlar.com; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://ad.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.es https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.ads.linkedin.com https://t.visitorqueue.com; frame-src 'self' https://request.qlar.com https://td.doubleclick.net https://*.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; script-src 'strict-dynamic' 'nonce-Hw2X054g9RuZQqj8UFsf6s99dHnrjFyeCfqkFI6f' 'self' https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://snap.licdn.com https://t.visitorqueue.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://request.qlar.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://googleads.g.doubleclick.net  https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.es https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.ads.linkedin.com https://t.visitorqueue.com; report-uri https://www.qlar.com/api/report/csp; report-to csp-endpoint; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'none'; 1
font-src *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com cdn.checkout.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.demdex.net *.consensu.org *.hotjar.com *.facebook.com *.eurolandir.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.b0e8.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.google.co.in *.google.nl *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.cdninstagram.com *.facebook.net *.facebook.com *.demdex.net *.omtrdc.net *.everesttech.net *.adroll.com *.rubiconproject.com *.yahoo.com *.3lift.com *.bidswitch.net *.adnxs.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.taboola.com *.wynnstay.co.uk *.casalemedia.com *.rlcdn.com *.reson8.com *.pippio.com *.omnithrottle.com *.mathtag.com *.adsrvr.org *.adsystem.com *.w55c.net *.apxlv.com *.cogocast.net *.adadvisor.net *.agkn.com *.crwdcntrl.net *.sitescout.com *.target.com *.tapad.com *.mxptint.net *.survata.com *.adentifi.com *.stackadapt.com *.bing.com *.bidr.io *.linksynergy.com *.addthis.com *.tidaltv.com *.cardlytics.com *.entitytag.co.uk *.avocet.io *.avct.cloud *.360yield.com *.owneriq.net *.krxd.net *.bluekai.com *.criteo.com *.exelator.com *.scorecardresearch.com *.turn.com *.amgdgt.com *.walmart.com *.simpli.fi *.ipredictive.com *.bttrack.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.sharethis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.b0e8.com *.bc0a.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com *.checkout.com chimpstatic.com *.facebook.net *.facebook.com *.adroll.com *.dotdigital-pages.com *.civiccomputing.com *.consensu.org *.newrelic.com *.nr-data.net *.disqus.com *.trackedweb.net *.hotjar.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.adroll.com https://static.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.googleapis.com *.demdex.net *.civiccomputing.com *.nr-data.net *.adroll.com *.doubleclick.net *.hotjar.com *.alphavantage.co https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.fontawesome.com https://fonts.bunny.net *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com s.ytimg.com validator.swagger.io * https://firebasestorage.googleapis.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net 'unsafe-inline' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.youtube.com video.google.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.avada.io *.shopify.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com getfirebug.com *.cash.app *.fontawesome.com https://fonts.bunny.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com c.statcounter.com googleads.g.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com www.statcounter.com embed.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com embed.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org www.googleapis.com www.statcounter.com c.statcounter.com embed.tawk.to www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.credova.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.credova.com * *.authorize.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.credova.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.shopify.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://static.klaviyo.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.credova.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-dCK1z3WoTldY_VG7XFtjrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.simpli.fi googleads.g.doubleclick.net www.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net *.fontawesome.com kit.fontawesome.com use.fontawesome.com *.blackfire.io *.rlets.com player.vimeo.com s3-us-west-1.amazonaws.com connect.facebook.net bat.bing.com tag.simpli.fi i.simpli.fi cdn.rlets.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net cdn.honey.io *.fontawesome.com; img-src 'self' data: *.simpli.fi *.google.com bat.bing.com pubads.g.doubleclick.net *.googletagmanager.com api.mapbox.com *.googleadservices.com www.google.ie cm.g.doubleclick.net *.rlets.com rtb-csync.smartadserver.com us-u.openx.net bat.bing.com *.fontawesome.com sync.targeting.unrulymedia.com ps.eyeota.net pixel.tapad.com simplifi.partners.tremorhub.com pixel.rubiconproject.com idsync.rlcdn.com bcp.crwdcntrl.net ib.adnxs.com *.googleadservices.com ce.lijit.com fei.pro-market.net sync.intentiq.com s.ad.smaato.net aa.agkn.com eb2.3lift.com sync.bfmio.com loadm.exelator.com ads.stickyadstv.com image2.pubmatic.com sync.1rx.io ups.analytics.yahoo.com loadm.exelator.com idsync.rlcdn.com fei.pro-market.net https: um.simpli.fi; media-src 'self' ; frame-src 'self' *.rlets.com player.vimeo.com *.googletagmanager.com td.doubleclick.net vimeo.com www.youtube.com useast-www.securly.com gateway.zscalerthree.net; frame-ancestors 'self' ; child-src 'self' ; font-src 'self' data: ms-browser-extension *.fontawesome.com; connect-src 'self' *.fontawesome.com *.blackfire.io *.google-analytics.com *.google.com *.localiq.com bat.bing.com *.rlets.com capture-api.reachlocalservices.com *.googletagmanager.com stats.g.doubleclick.net  googleads.g.doubleclick.net *.googleadservices.com google.com api.clockwisemd.com www.google.de www.google.com.sg www.google.co.in 127.0.0.1; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-SgCUYxLrRSHptveReCHluA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.royalmail.com *.google-analytics.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.facebook.com *.royalmail.com *.google-analytics.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.youtube.com *.royalmail.com *.google-analytics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.royalmail.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn.powersuite-tools.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.royalmail.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.royalmail.com *.google-analytics.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com powersuite-tools.com *.google.com *.google.co.in *.facebook.com *.royalmail.com *.google-analytics.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.puresativaworldwide.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com https://*.gstatic.com data: *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com scontent.* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ display.ugc.bazaarvoice.com *.fontawesome.com assets.braintreegateway.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9ca91a39-e0b9-4d19-844a-182a33f11f35.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self'; style-src 'self' 1
default-src 'none'; report-uri /api/sec-csp/110000136/report 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io https://www.magezon.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com widget.freshworks.com m2epro.freshdesk.com *.avada.io https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dxt2I4l7EpxhclAN1n4MJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-r6hkdDbCts-f47o4YvA1wQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-R37Suboyjc0Ykt1FqcfFGQ=='; report-uri / 1
worker-src 'self' 'self' https://*.oppwa.com; font-src cash-f.squarecdn.com https://*.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://*.typekit.net https://prilla.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://*.klaviyo.com/ https://www.nshiftportal.com https://chat.digitalgenius.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.adyen.com 'self' https://www.facebook.com https://*.techlab-cdn.com https://*.qliro.com https://*.vipps.no https://*.trustly.com https://*.ideal.nl https://*.apple.com https://*.unzer.com https://*.heidelpay.com *.yotpo.com https://*.epayment.nets.eu 'self' 'unsafe-inline'; frame-ancestors 'self' 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ * *.adyen.com *.klarna.com 'self' *.google.com https://*.gstatic.com https://*.g.doubleclick.net https://www.facebook.com https://policy.app.cookieinformation.com https://*.online-metrix.net https://*.paypal.com https://*.paypalobjects.com https://applepay.cdn-apple.com https://pay.google.com https://*.techlab-cdn.com https://*.qliro.com www.xtento.com www.facebook.com platform.twitter.com *.addthis.com *.pinterest.com *.trustpilot.com *.yotpo.com https://*.kustom.co/ https://*.stripe.com/ https://www.nshiftportal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io * https://*.gstatic.com *.adyen.com cembrapay.ch https://info.dibs.se https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.agechecked.com https://firebasestorage.googleapis.com 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com *.paypal.com https://*.paypalobjects.com https://*.trustpilot.com https://*.facebook.com https://*.nr-data.net https://*.hotjar.io https://*.adform.net https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.pubmatic.com https://*.openx.net https://*.adroll.com https://*.outbrain.com https://*.taboola.com https://*.usercentrics.eu https://policy.app.cookieinformation.com https://*.typekit.net https://*.bootstrapcdn.com https://*.fontawesome.com https://*.kargo.com https://*.zeotap.com https://*.rfihub.com https://*.imgstatics.com https://*.techlab-cdn.com www.xtento.com cdn.xtento.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudflare.com https://cdn.klarna.com *.vimeocdn.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://www.nshiftportal.com data: 'self' 'unsafe-inline'; script-src https://*.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com https://*.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://*.dibspayment.eu https://maps.googleapis.com *.disqus.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.agechecked.com https://cdn.jsdelivr.net *.avada.io *.shopify.com 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.magento.com https://*.nr-data.net https://*.newrelic.com https://policy.app.cookieinformation.com https://connect.facebook.net *.trustpilot.com https://www.snapengage.com https://*.qliro.com www.xtento.com cdn.xtento.com connect.facebook.net twitter.com platform.twitter.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://applepay.cdn-apple.com https://consent.cookiebot.com https://*.techlab-cdn.com https://chat.digitalgenius.com https://capi-automation.s3.us-east-2.amazonaws.com/ https://*.klaviyo.com/ https://madhat.customerfirst.ai https://*.bidtheatre.com/ https://*.adnxs.com/ https://*.clarity.ms/ https://*.creative-serving.com/ https://*.creative-serving.org/ https://*.pingdom.net/ https://cdn.jsdelivr.net/ https://*.kustom.co/ https://*.stripe.com/ https://www.nshiftportal.com https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app https://fonts.googleapis.com/ https://*.dibspayment.eu *.klarnacdn.net https://static.klaviyo.com *.agechecked.com https://*.fontawesome.com https://cdn.jsdelivr.net https://fonts.bunny.net 'self' https://*.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.typekit.net maxcdn.bootstrapcdn.com *.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.trustpilot.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://*.kustom.co/ https://www.nshiftportal.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' https://*.snapengage.com https://*.inkclub.com:9000 https://www.nshiftportal.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.adyen.com https://*.dibspayment.eu https://maps.googleapis.com https://player.vimeo.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' https://*.google.com *.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.adobedtm.com https://*.adobe.com https://*.magento.com https://*.demdex.net https://*.nr-data.net https://*.clarity.ms https://*.pingdom.net https://*.hotjar.com https://*.hotjar.io https://*.usercentrics.eu https://policy.app.cookieinformation.com https://id5-sync.com https://*.adform.net https://*.online-metrix.net https://*.rfihub.com https://*.zeotap.com https://*.gstatic.com https://*.imgstatics.com https://*.techlab-cdn.com *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://www.nshiftportal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.snushof.ch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'nonce-3GSQ5_abodjVdF_FD192GYY-BDvxpiYlc6r4X4O937haDhlKTdf7dg' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.d21y75miwcfqoq.cloudfront.net *.mapsresources-pa.googleapis.com *.pagead2.googlesyndication.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.www.googletagmanager.com; style-src-elem 'self' 'nonce-3GSQ5_abodjVdF_FD192GYY-BDvxpiYlc6r4X4O937haDhlKTdf7dg' https://fonts.gstatic.com https://fonts.googleapis.com 'report-sample'; script-src-elem 'self' 'nonce-3GSQ5_abodjVdF_FD192GYY-BDvxpiYlc6r4X4O937haDhlKTdf7dg' 'strict-dynamic' https: 'unsafe-eval' blob: https://www.googletagmanager.com 'report-sample'; connect-src 'self' *.google.com https://*.googleapis.com https://*.gstatic.com blob: data: *.mapsresources-pa.googleapis.com *.pagead2.googlesyndication.com *.mirabaud.matomo.cloud *.cdn.cookielaw.org; font-src 'self' https://fonts.gstatic.com; worker-src 'self' 'nonce-3GSQ5_abodjVdF_FD192GYY-BDvxpiYlc6r4X4O937haDhlKTdf7dg' blob:; report-uri https://www.mirabaud.com/en/@http-reporting?csp=report&requestTime=1773712904757857&requestHash=4ff7d7976d88041eae494650303fe9b8208c660c 1
object-src 'none';base-uri 'self';script-src 'nonce-b7BsvRv0ZY9mLp2LsFOFJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://cookiebot.com;  1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net maxcdn.bootstrapcdn.com *.cookiebot.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cookiebot.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cookiebot.com *.yotpo.com https://chimpstatic.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cookiebot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.vimeo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypal.com *.youtube.com *.vimeo.com *.vimeocdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com *.vimeo.com *.vimeocdn.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.typekit.net *.adabra.com *.adbr.io *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com lightwidget.com *.adabra.com *.adbr.io *.addthis.com *.hotjar.com *.cookiebot.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.adabra.com *.adbr.io *.google.it fonts.gstatic.com *.zemanta.com *.clarity.ms *.bing.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.lightwidget.com code.jquery.com lightwidget.com *.adabra.com *.adbr.io cdn.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.fullstory.com fullstory.com *.clarity.ms *.cookiebot.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.typekit.net *.adabra.com *.adbr.io *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.adabra.com *.adbr.io *.addthis.com *.g.doubleclick.net *.clarity.ms *.hotjar.com *.cookiebot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn-cookieyes.com https://files.ascent360.com https://googleads.g.doubleclick.net https://hcaptcha.com https://newassets.hcaptcha.com https://maps.googleapis.com https://maps.gstatic.com https://es.pinkbike.org https://manage.hdrelay.com https://cdn.hdrelay.com https://imasdk.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn-cookieyes.com https://files.ascent360.com https://googleads.g.doubleclick.net https://hcaptcha.com https://newassets.hcaptcha.com https://maps.googleapis.com https://maps.gstatic.com https://es.pinkbike.org https://manage.hdrelay.com https://cdn.hdrelay.com https://imasdk.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://www.powderhorn.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ca https://www.facebook.com https://blizzard.opensnow.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://*.hdrelay.com; frame-src https://www.googletagmanager.com https://ad.doubleclick.net https://*.fls.doubleclick.net https://*.hdrelay.com https://www.cameraftp.com https://forms.ascent360.com https://www.youtube.com https://www.youtube-nocookie.com https://hcaptcha.com https://www.trailforks.com https://newassets.hcaptcha.com; media-src 'self' https://*.hdrelay.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://log.cookieyes.com https://directory.cookieyes.com https://cdn-cookieyes.com https://files.ascent360.com https://datalake.ascent360.com https://capig.powderhorn.com https://www.facebook.com https://hcaptcha.com https://maps.googleapis.com https://manage.hdrelay.com https://api.hdrelay.com 1
object-src 'none';base-uri 'self';script-src 'nonce--pHeJCmxtMv-Two4n87GOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-WfOBldjuRdn-JTzklbHMTw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com payment-webinit.mercanet.bnpparibas.net payment-webinit.simu.mercanet.bnpparibas.net payment-webinit-mercanet.test.sips-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.monetico-services.com payment-webinit.mercanet.bnpparibas.net payment-webinit.simu.mercanet.bnpparibas.net payment-webinit-mercanet.test.sips-services.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ts.infoprodata.com https://firebasestorage.googleapis.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ts.infoprodata.com sdk.privacy-center.org js-agent.newrelic.com tag.aticdn.net *.avada.io https://cdnjs.cloudflare.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com bam.eu01.nr-data.net api.privacy-center.org jhsqkdx.pa-cd.com payment-webinit.mercanet.bnpparibas.net payment-webinit.simu.mercanet.bnpparibas.net payment-webinit-mercanet.test.sips-services.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.cloudflare.com *.trustedshops.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com vimeo.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io assets.myparcel.nl *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu magefan.com cm.magefan.com *.disqus.com *.sooqr.com https://www.mollie.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.rikkoert.nl cdn.riverty.design www.google.nl www.facebook.com static.mailplus.nl content.mailplus.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdnjs.cloudflare.com cdn.jsdelivr.net *.cloudflare.com www.google.com www.gstatic.com *.trustedshops.com *.usercentrics.eu *.disqus.com *.sooqr.com js.mollie.com *.googletagmanager.com tagmanager.google.com app.varify.io varify.io restapi.mailplus.nl widget.trustpilot.com www.clarity.ms s.pinimg.com connect.facebook.net js-agent.newrelic.com ct.pinterest.com tagging.rikkoert.nl tagging.zilverkraamcadeau.nl static.hotjar.com *.optimonk.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sooqr.com tagmanager.google.com fonts.google.com marcvanwilligen.nl cdn-asset.optimonk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.myparcel.nl cdn.jsdelivr.net *.cloudflare.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com app.varify.io varify.io stats.g.doubleclick.net cognito-identity.eu-central-1.amazonaws.com ct.pinterest.com bam.eu01.nr-data.net *.optimonk.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net cdn.almapay.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.lcl.fr *.google-analytics.com *.magecomp.com *.youtube.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.twitter.com *.facebook.com *.lcl.fr *.openstreetmap.org *.google-analytics.com *.magecomp.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.lcl.fr *.openstreetmap.org *.google-analytics.com *.magecomp.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.avis-verifies.com *.lcl.fr *.openstreetmap.org *.magecomp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.avis-verifies.com *.lcl.fr *.openstreetmap.org *.magecomp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.avis-verifies.com *.lcl.fr *.openstreetmap.org *.google-analytics.com *.magecomp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.lcl.fr *.openstreetmap.org *.google-analytics.com *.magecomp.com *.youtube.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri *.leaderfilm.fr/; report-to report-endpoint; 1
worker-src 'self' blob:; script-src-elem 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookiefirst.com *.hotjar.com *.chimpstatic.com chimpstatic.com *.googletagmanager.com *.trustpilot.com *.stripe.com *.vimeo.com *.clerk.io *.facebook.net *.facebook.com *.cloudflareinsights.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.googleapis.com vimeo.com *.jquery.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' blob: *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cookiefirst.com *.adobe.com *.clerk.io downloads.mailchimp.com cc-cdn.com assets.braintreegateway.com *.trustpilot.com tagmanager.google.com *.vimeo.com *.jquery.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com 'self' data: blob: *.bootstrapcdn.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.stripe.com stripe.com 'self' 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' blob: *.vimeo.com *.clerk.io *.facebook.com *.facebook.net *.cloudflareinsights.com *.trustpilot.com widget.trustpilot.com *.doubleclick.net js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com images.unsplash.com 'self' blob: *.cloudflare.com *.googleadservices.com *.google-analytics.com i.vimeocdn.com *.cdninstagram.com *.facebook.com *.clerk.io *.demdex.net *.sc.omtrdc.net *.everesttech.net *.google.com *.doubleclick.net *.paypalobjects.com *.ytimg.com *.mailchimp.com track.sweetanalytics.com www.mollie.com https://redchamps.com *.hsforms.net *.hsforms.com *.cookiefirst.com consent.cookiefirst.com www.google.co.uk *.google.co.uk *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api.clerk.io https://cdn.clerk.io *.chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.braintreegateway.com *.cloudflare.com static.cloudflareinsights.com pay.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.instagram.com *.paypal.com *.paypalobjects.com *.link.com player.vimeo.com vimeo.com *.cookiefirst.com consent.cookiefirst.com *.hotjar.com static.hotjar.com script.hotjar.com chimpstatic.com *.trustpilot.com widget.trustpilot.com invitejs.trustpilot.com *.clerk.io api.clerk.io custom.clerk.io connect.facebook.net track.sweetanalytics.com blob: js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com cc-cdn.com *.fontawesome.com 'report-sample' 'self' 'unsafe-inline' blob: *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.cookiefirst.com consent.cookiefirst.com *.clerk.io assets.braintreegateway.com *.trustpilot.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com 'self' blob: 'unsafe-inline' *.cdninstagram.com *.instagram.com *.facebook.com *.vimeo.com *.vimeocdn.com vod-adaptive-ak.vimeocdn.com https://vod-adaptive-ak.vimeocdn.com *.youtube.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://maps.googleapis.com https://player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' *.cloudflare.com maps.googleapis.com *.craftyclicks.co.uk region1.analytics.google.com *.cookiefirst.com consent.cookiefirst.com edge.cookiefirst.com *.trustpilot.com widget.trustpilot.com *.google-analytics.com *.doubleclick.net *.facebook.com *.facebook.net https://*.facebook.com/* *.instagram.com graph.instagram.com *.vimeocdn.com vod-adaptive-ak.vimeocdn.com https://vod-adaptive-ak.vimeocdn.com blob: *.clerk.io *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.googleapis.com *.cloudflareinsights.com track.sweetanalytics.com *.braintree-api.com t.elasticsuite.io *.hsforms.net *.hsforms.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: arclight.vimeo.com lensflare.vimeo.com vod-adaptive-ak.vimeocdn.com https://vod-adaptive-ak.vimeocdn.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SA5ErnaEpHW0qFjZp3sDAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ moogento.com *.moogento.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ l2.moogento.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.ampproject.org www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://44pro.report-uri.com/r/d/csp/reportOnly;default-src 'none';connect-src 'self' assets4.lottiefiles.com/packages/lf20_30iie6.json www.googletagmanager.com analytics.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com www.google.com stats.g.doubleclick.net api.reviews.io 44pro-us.attn.tv 44pro.attn.tv events.attentivemobile.com abvfq.44pro.com api.stripe.com maps.googleapis.com bat.bing.com 44pro.pxf.io www.facebook.com ekr.zdassets.com *.zendesk.com us.i.posthog.com mm-uxrv.com a.aisiteanalytics.com *.sentry.io;font-src 'self' fonts.gstatic.com data: assets.reviews.io d19ayerf5ehaab.cloudfront.net;img-src 'self' d3g4izbc04p8sj.cloudfront.net www.batdigest.com data: blob: maps.gstatic.com www.googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com google.com www.google.ca media.reviews.co.uk assets.reviews.io 44.imgix.net i.ytimg.com bat.bing.com www.facebook.com;manifest-src 'self';script-src 'self' 'strict-dynamic' 'nonce-LT3gv4KwNXSTcjpXYuUJf9HDTuSZlS2O' maps.googleapis.com *.googletagmanager.com www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net widget.reviews.io cdn.attn.tv abvfq.44pro.com *.js.stripe.com js.stripe.com bat.bing.com utt.impactcdn.com connect.facebook.net us.i.posthog.com mm-uxrv.com;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' data: fonts.googleapis.com assets.reviews.io widget.reviews.io d19ayerf5ehaab.cloudfront.net cdn-images.mailchimp.com;base-uri 'none';upgrade-insecure-requests;frame-src www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net creatives.attn.tv *.js.stripe.com js.stripe.com hooks.stripe.com www.youtube-nocookie.com youtube.com www.youtube.com www.facebook.com;media-src 44.imgix.net 1
connect-src 'self' https://matomo.cossacklabs.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' 'nonce-80eedae66fcdc36dbf337baeeebe6f49' https://www.google.com; img-src 'self' data:; script-src 'self' 'nonce-80eedae66fcdc36dbf337baeeebe6f49'; script-src-elem 'unsafe-inline' 'self' 'nonce-80eedae66fcdc36dbf337baeeebe6f49' https://matomo.cossacklabs.com https://www.google.com https://www.gstatic.com; style-src 'unsafe-inline' 'self' 'nonce-80eedae66fcdc36dbf337baeeebe6f49' https://fonts.googleapis.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.trackedlink.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.facebook.com t.zip.co static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net static.zip.co zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-5U8hxXx2_xdweUvDVQkg5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-y8ChNflBa_JVHT4Zr5X5qQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cash-f.squarecdn.com *.klarnacdn.net *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fittinglabs-development.firebaseapp.com https://fittinglabs-staging.firebaseapp.com https://fittinglabs-production.firebaseapp.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com www.youtube.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.trackedlink.net https://shop-demo.fittinglabs.it https://shop-dev.fittinglabs.it https://magento.test *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com *.openstreetmap.org https://maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.facebook.com bam.nr-data.net epictv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://apis.google.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io cdnjs.cloudflare.com unsafe-inline js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.googletagmanager.com connect.facebook.net api.videoly.co js-agent.newrelic.com bam.nr-data.net dapi.videoly.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.fittinglabs.it https://api-demo.fittinglabs.it https://api-dev.fittinglabs.it https://identitytoolkit.googleapis.com https://securetoken.googleapis.com http://127.0.0.1:5000 http://localhost:5000 *.lottiefiles.com *.eu-central-1.linodeobjects.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.openstreetmap.org https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eu-central-1.linodeobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-omHLGcreNytoPFhjI59spA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self' https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://use.fontawesome.com https://docs.google.com https://player.vimeo.com https://cdn.cookielaw.org 'sha256-EvDxpS6q8fx+mHxbCIS9KccnLVdrr/eLSOXZuxfjiHs=' 'sha256-dBTeJJRCuGIPZx+hUD0fkS6GWs8YtEyyujkD4ZasWkk=' 'sha256-x2rVQUM6l45jlJIStmWUWKl/rqleDYudloDYe6zeG/g=' 'sha256-kLSCL1VzEa/hegonQvu1+zpYmXHfDwxaF9ImJfvcdmo=' 'sha256-yUXrkvbo8KKgAjKQsgseJ6Fchh4UlWKfAZn/rSjxB4k=' 'sha256-TK/rbqFw7TePPz+m1JfgH44iDiCpinJnEtk9FGqeIDA=' 'sha256-oCGfgaZcXOEKtMVK1iM63DaF94PtHd0hGJnJR825NP0=' 'sha256-r/F6I3CGI5HTmvK0r0lHuwpR4bbXcUI0NumfChxEx7o=' 'sha256-A/117BO+Z0zybSOf4lfpNiIiA00pHrNOr8glPupBcxE=' 'sha256-OIBv30UhT322O/PHenkHRKwgffWc8EbmLHaU9BcvpkA=' 'sha256-sHXKh32czGIGyzMm0vEmLwW0+cIjg70z0rhG2ulVUHA=' 'sha256-/w2M4CbFJnH8BR4xAQPeYgpG4j1DXGmifFALNhhyFdY=' 'sha256-fNPsPXq72ESQv/usaT+oMlRvnPBRLtLYI+0qVmSmVm4=' 'sha256-ipbBoKixwqjquK36IWNLfyxCJva8UyLfGrfvxPHxr38=' 'sha256-hLNw7XF2Q/WfS0B0QukvrNZv8mSBODgfQ1J8axCT5iI=' 'sha256-rCMyM+e8r4BgQbJDV4+rCB3O2KBF2agnVkENqeojgqE=' 'sha256-PcR9GxSc7PEIa3AFYjBmlqc/NSUe3jFHLYjEFcslTDA=' 'nonce-0f2559c955';style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://www.googleapis.com https://www.google-analytics.com https://www.fontawesome.com 'sha256-LbZ1Unz/mECrqrf+3CWtpnBrwBH/o0xkJib5D3aXOi0=' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-h4K3squ9pciWWgumahdcs5MLh2+olNLNFgPvZI1KPWI=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-8mpks22BfpbeSAxurqM+4YfqX5+SDZ/wIoU2ILeX2Nc=' 'sha256-QRtVm1c2wPGTerReFrmmYsF1uKpbQ37C4S8R9Jaw17U=' 'sha256-LbZ1Unz/mECrqrf+3CWtpnBrwBH/o0xkJib5D3aXOi0=' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-h4K3squ9pciWWgumahdcs5MLh2+olNLNFgPvZI1KPWI=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-8mpks22BfpbeSAxurqM+4YfqX5+SDZ/wIoU2ILeX2Nc=' 'sha256-QRtVm1c2wPGTerReFrmmYsF1uKpbQ37C4S8R9Jaw17U=' 'sha256-hDpvALZKzxNd2YViRa7cIjjP8g7ZUpR2veo/ibqq1pQ=' 'sha256-VyHDlO3hVkhFldFuJRk+k8Peh8NGvD0Sg9yPWevJiiE=';font-src 'self' data: https://www.googleapis.com https://www.gstatic.com https://fonts.gstatic.com;child-src 'self' https://*.youtube.com https://*.vimeo.com https://youtu.be;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://privacyportal.onetrust.com;form-action 'self';frame-src https://www.google.com https://www.youtube.com https://youtube.com https://youtu.be https://player.vimeo.com https://www.scribd.com;img-src 'self' https://*.gravatar.com https://*.google-analytics.com https://*.vimeocdn.com https://cdn.cookielaw.org;style-src-elem 'self' https://fonts.googleapis.com 'sha256-LbZ1Unz/mECrqrf+3CWtpnBrwBH/o0xkJib5D3aXOi0=' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-h4K3squ9pciWWgumahdcs5MLh2+olNLNFgPvZI1KPWI=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-8mpks22BfpbeSAxurqM+4YfqX5+SDZ/wIoU2ILeX2Nc=' 'sha256-QRtVm1c2wPGTerReFrmmYsF1uKpbQ37C4S8R9Jaw17U=' 'sha256-Sk3BSlaw3Md0zjc8aqjiep6a+P5u+7u3WH4u3uBb5xY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-QVPYhFew7P3p46DxC68MMy/iAdzPaXWHAFcS3O2A0tI=';worker-src 'self' data:;report-uri https://centrusenergy.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' http://proxyman.debug:3000 http://localhost:3000 https://accounts.google.com https://cdn.cookielaw.org https://*.onetrust.com https://sentry.io https://*.ingest.us.sentry.io https://unpkg.com https://wallpapers.com https://s3.amazonaws.com https://api.mirego.com; default-src 'none'; font-src 'self' fonts.mirego.com fonts.gstatic.com *.typekit.net www.mirego.com; form-action 'self'; frame-src https://mirego-website.scout.mirego.com https://accounts.google.com https://js.stripe.com https://www.youtube.com; img-src 'self' blob: data: https://*.googleusercontent.com https://cdn.cookielaw.org https://wallpapers.com https://s3.amazonaws.com d3gude8cge9lnv.cloudfront.net d72zxqwaon87r.cloudfront.net mirego-website-webapp-qa.dev.mirego.com https://images.mirego.com www.mirego.com; media-src 'self' mirego-website-webapp-qa.dev.mirego.com d3gude8cge9lnv.cloudfront.net d72zxqwaon87r.cloudfront.net https://s3.amazonaws.com www.mirego.com https://images.mirego.com; script-src 'sha256-ZX+ZjgijHT9u5/zwXFM2FqnD4sZoAg4KQ5f2iovVvCo=' 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://accounts.google.com https://cdn.cookielaw.org https://js.stripe.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.youtube.com https://unpkg.com ; script-src-attr 'sha256-ZX+ZjgijHT9u5/zwXFM2FqnD4sZoAg4KQ5f2iovVvCo=' 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://accounts.google.com https://cdn.cookielaw.org https://js.stripe.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.youtube.com https://unpkg.com ; script-src-elem 'sha256-ZX+ZjgijHT9u5/zwXFM2FqnD4sZoAg4KQ5f2iovVvCo=' 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://accounts.google.com https://cdn.cookielaw.org https://js.stripe.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.youtube.com https://unpkg.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com accounts.google.com www.mirego.com; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.youtube.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.com *.doubleclick.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.google.com *.cookiebot.com https://mfstatic.com https://im11.inviewer.se *.disqus.com https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.lightwidget.com *.cookiebot.com https://mfstatic.com https://im11.inviewer.se *.mastercard.com *.visa.com *.staticv.me *.disqus.com *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.gstatic.com https://mfstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.mediaflow.com https://mfstatic.com https://im11.inviewer.se https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://s3.eu-central-1.amazonaws.com https://jobs.d-fine.com/; script-src 'self' 'nonce-fiYe_rev7RxVtptlhXuyWXqBXjMb4b770-jnogslQnxJNFGCK_z-5g' https://jobs.d-fine.com/ https://static.dvinci-easy.com/ 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.typo3.org https://*.kununu.com/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' https://assets.kununu.com https://static.dvinci-easy.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://s3.eu-central-1.amazonaws.com https://jobs.d-fine.com/ https://static.dvinci-easy.com/; script-src-elem 'self' 'unsafe-inline' https://jobs.d-fine.com/ https://static.dvinci-easy.com/ 'report-sample'; worker-src 'self' 'nonce-fiYe_rev7RxVtptlhXuyWXqBXjMb4b770-jnogslQnxJNFGCK_z-5g' https://jobs.d-fine.com/ https://static.dvinci-easy.com/ blob:; style-src 'self' https://s3.eu-central-1.amazonaws.com https://jobs.d-fine.com/ https://assets.kununu.com https://static.dvinci-easy.com 'nonce-fiYe_rev7RxVtptlhXuyWXqBXjMb4b770-jnogslQnxJNFGCK_z-5g' 'report-sample'; font-src 'self' https://s3.eu-central-1.amazonaws.com https://jobs.d-fine.com/ data: blob: https://r2cdn.perplexity.ai/ https://cdn.scite.ai/; report-uri https://www.d-fine.com/@http-reporting?csp=report&requestTime=1773719937522873&requestHash=291df469fd87d4268ac8e0ec97e7478add20cf11 1
default-src 'self'; script-src https://mc.yandex.ru 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdn.gpeople.online https://www.google.com/ https://www.gstatic.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.gpeople.online; object-src 'none'; connect-src https://mc.yandex.ru 'self' https://cdn.gpeople.online https://okr.sbdv.ru wss://vps.gpeople.online https://web-telemetry.gpeople.online https://sentry-api.gpeople.online; font-src 'self' data: https://cdn.gpeople.online; frame-src https://mc.yandex.ru 'self' blob: https://www.google.com/; img-src https://mc.yandex.ru 'self' data: https://cdn.gpeople.online https://s-dt2.cloud.edgecore.ru; manifest-src 'self' https://cdn.gpeople.online; media-src 'self'; frame-ancestors http://*.webvisor.com http://webvisor.com https://*.webvisor.com https://webvisor.com https://metrika.yandex.ru 'self' https://www.speechpro.ru; worker-src 'none'; child-src https://mc.yandex.ru 'self' blob:; base-uri 'self'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.braintreegateway.com *.paypal.com google.com *.google.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com *.ftcdn.net *.behance.net data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com test.saferpay.com www.saferpay.com saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Ux_wxgRfsWmQZRJTYbIIGQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
img-src data: https://images.sociablekit.com/ https://imgsct.cookiebot.com/ https://secure.adnxs.com/ https://www.facebook.com/ https://www.google.com https://www.google.nl https://www.googletagmanager.com/ 'self';script-src-elem https://api.ajaxlife.nl/ https://connect.facebook.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.sporcle.com/ 'self';frame-src https://consentcdn.cookiebot.com/ https://www.google.com https://www.googletagmanager.com/ https://www.sporcle.com/ https://www.youtube.com/;script-src https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ 'self';style-src-elem https://p.typekit.net/ https://use.typekit.net/ https://www.google.com 'self' 1
default-src * 'unsafe-hashes' 'unsafe-inline' data: 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.webwinkelkeur.nl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.google.nl *.webwinkelkeur.nl *.usercentrics.eu img.sct.eu1.usercentrics.eu bat.bing.net bat.bing.com *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.omnitagjs.com *.casalemedia.com *.criteo.com *.demdex.net id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.1rx.io sync.targeting.unrulymedia.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.dhlecommerce.nl *.cookiebot.eu *.cookiebot.com *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.webwinkelkeur.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.calendly.com *.beslist.nl *.pinimg.com *.criteo.com *.criteo.net *.cloudflareinsights.com *.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com widget.tagembed.com api.taggbox.com cdn.tagbox.com static.dhlecommerce.nl https://static.klaviyo.com *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.cookiebot.com *.cookiebot.eu *.consentcdn.cookiebot.com *.consentcdn.cookiebot.eu *.google.nl *.usercentrics.eu bat.bing.net bat.bing.com *.clarity.ms *.pinterest.com *.criteo.com *.beslist.nl widget.tagembed.com api.taggbox.com cdn.tagbox.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-l7OdzxVcahM6DjUryiLWbA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=MIf8wE-ts1SJdslaJ8o2qDonYJMOmMf_NPZvA4YTuVZ-DzUmaTeBrwhGMISUEsyb3wDehwlY6Q==&policy_id=71&user_id=&request_id=01c65f56-a028-4c8d-b5e7-2311df8bcbb1; report-to csp-endpoint-mifwetssjdslajoqdonyjmommfnpzvaytuvzdzumatebrwhgmisuesybwdehwlyq; frame-ancestors 'none' 1
base-uri 'self'; default-src data: *.youtube.com *.youtu.be *.vimeo.com *.vimeocdn.com cdn.alireviews.io cdn.jsdelivr.net cdn.rawgit.com *.alicdn.com google.com *.google.com *.google.se *.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.weaverse.workers.dev *.weaverse.io *.shopify.com *.myshopify.com app.kiwisizing.com *.lipscore.com *.willdesk.com stackpath.bootstrapcdn.com 'self' 'nonce-02a3e12b468c087e4423b5a5b576aa69' https://cdn.shopify.com https://shopify.com; frame-ancestors google.com *.google.com *.google.se *.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com; style-src fonts.gstatic.com *.weaverse.workers.dev *.weaverse.io *.shopify.com *.myshopify.com app.kiwisizing.com *.lipscore.com *.willdesk.com stackpath.bootstrapcdn.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src vimeo.com geolocation-db.com cdn.jsdelivr.net google.com *.google.com *.google.se *.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.weaverse.workers.dev *.weaverse.io *.shopify.com *.myshopify.com app.kiwisizing.com *.lipscore.com *.willdesk.com stackpath.bootstrapcdn.com 'self' https://cdn.shopify.com/ https://monorail-edge.shopifysvc.com https://checkout.baltzar.com https://baltzar.myshopify.com; script-src data: *.youtube.com *.youtu.be *.vimeo.com cdn.alireviews.io cdn.jsdelivr.net *.alicdn.com google.com *.google.com *.google.se *.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.weaverse.workers.dev *.weaverse.io *.shopify.com *.myshopify.com app.kiwisizing.com *.lipscore.com *.willdesk.com stackpath.bootstrapcdn.com 'nonce-02a3e12b468c087e4423b5a5b576aa69'; font-src data: fonts.gstatic.com *.weaverse.workers.dev *.weaverse.io *.shopify.com *.myshopify.com app.kiwisizing.com *.lipscore.com *.willdesk.com stackpath.bootstrapcdn.com 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.shirtplatform.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.shirtplatform.com www.facebook.com gw.sandbox.gopay.com gate.gopay.cz gate.gopay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.bandyshirt.de www.shirttuning.de www.shirttuning.at 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adcell.com https://www.googletagmanager.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * td.doubleclick.net www.google.com *.shirtplatform.com *.cookiebot.com tpc.googlesyndication.com *.weltpixel.com www.facebook.com *.pay1.de www.youtube-nocookie.com *.freshchat.com widget.trustpilot.com widget.packeta.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.bandyshirt.de *.adcell.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.brainindustries.eu *.shirtplatform.com *.cookiebot.com *.doubleclick.net *.googlesyndication.com *.cloudfront.net *.clarity.ms *.etrusted.com *.google.com www.google.sk www.google.cz www.google.de www.google.at *.google.nl www.google.be www.google.it www.google.es www.google.fr www.google.gr www.google.se www.google.pl www.google.pt www.google.hr www.google.dk www.google.rs www.google.si www.google.ch www.google.no www.google.lu im9.cz www.facebook.com connect.facebook.net *.trackjs.com cdn.shirttuning.de cdn.isotoxin.com *.bing.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adcell.com https://maps.googleapis.com https://player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.shirtplatform.com *.cookiebot.com *.googlesyndication.com analytics.ahrefs.com cdn.isotoxin.com cdn.trackjs.com *.clarity.ms *.cloudfront.net connect.facebook.net *.freshdesk.com ssl.heureka.sk *.pay1.de *.ratepay.com *.trustpilot.com *.bing.com *.dognet.sk wchat.freshchat.com www.google.com www.google.sk www.google.cz *.etrusted.com widgets.trustedshops.com www.shirttuning.de www.shirttuning.at www.shirttuning.sk www.shirttuning.cz www.shirttuning.nl www.shirttuning.be www.shirttuning.it www.bandyshirt.de profiling.veoxa.com sv.ciblelink.com widget.packeta.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cookiebot.com *.cloudfront.net cdnjs.cloudflare.com *.etrusted.com wchat.freshchat.com www.googletagmanager.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adcell.com https://maps.googleapis.com https://player.vimeo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.shirtplatform.com *.cookiebot.com googleads.g.doubleclick.net adservice.google.com *.googlesyndication.com *.facebook.com analytics.ahrefs.com *.awinblackfriday.com bat.bing.com *.etrusted.com *.freshdesk.com *.ratepay.com *.trackjs.com wchat.freshchat.com *.clarity.ms www.google.at www.google.cz www.google.de www.google.no www.google.nl www.google.it www.google.be www.google.ch www.google.sk www.google.lu www.google.es *.trustpilot.com widget.packeta.com *.trustedshops.com https://integrations.etrusted.site *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bandyshirt.de/shirtplatform_design/csp/reportUri; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://awo-freiwillich.de https://cdn.eye-able.com https://connect.facebook.net https://googletagmanager.com https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://*.googletagmanager.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src data: blob: 'self' https://*.openstreetmap.org https://*.typo3.org https://cdn.eye-able.com https://connect.facebook.net https://facebook.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pagead2.googlesyndication.com https://translate.google.com https://www.facebook.com https://www.facebook.com/ https://www.google.ae https://www.google.am https://www.google.ar https://www.google.at https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bj https://www.google.br https://www.google.ch https://www.google.ca https://www.google.cm https://www.google.ci https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.za https://www.google.co.zm https://www.google.com.au https://www.google.com.bd https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pagead https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.ua https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.de/ads https://www.google.de/ads/ga-audiences https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fr https://www.google.fi https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lv https://www.google.mg https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.sn https://www.google.tm https://www.google.tn https://www.googletagmanager.com; base-uri 'self'; frame-src 'self' https://antrag.awo-zmav.de https://awo-ol.de https://freiwillig24.de https://my.matterport.com https://sodys.freiwillig24.de https://td.doubleclick.net https://www.awo-ol.de https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com; style-src-elem 'self' 'unsafe-inline' https://awo-freiwillich.de https://cdn.eye-able.com https://www.gstatic.com https://awo-ol.feinrot.dev 'report-sample'; connect-src 'self' https://analytics.google.com https://api.awo-freiwillich.de https://cdn.eye-able.com https://graph.facebook.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://translate.googleapis.com https://www.awo-ol.de https://www.facebook.com https://www.facebook.com/privacy_sandbox https://www.facebook.com/privacy_sandbox/topics/registration/ https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bj https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cm https://www.google.co.id https://www.google.co.in https://www.google.co.ke https://www.google.co.ma https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com.bd https://www.google.com.br https://www.google.com.co https://www.google.com.eg https://www.google.com.mx https://www.google.com.ng https://www.google.com.om https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.ua https://www.google.com.vn https://www.google.com.zw https://www.google.cz https://www.google.de https://www.google.de/ads/ga-audiences https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.it https://www.google.iq https://www.google.kg https://www.google.lk https://www.google.lv https://www.google.md https://www.google.mg https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.rw https://www.google.se https://www.google.sn https://www.google.tn https://www.googletagmanager.com; font-src data: 'self'; form-action 'self'; frame-ancestors 'self' https://awo-ol.de https://www.awo-ol.de https://*.awo-ol.de; media-src 'self' data:; object-src 'none'; script-src-elem 'self' 'unsafe-inline' https://awo-freiwillich.de https://cdn.eye-able.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com 'report-sample'; style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://awo-freiwillich.de https://cdn.eye-able.com https://googletagmanager.com https://tagmanager.google.com https://www.gstatic.com 'report-sample'; worker-src blob:; report-uri https://awo-ol.de/@http-reporting?csp=report&requestTime=1773714992668553&requestHash=2c6d344009e55cfdf397e63517b99f2c2fd6bb3c 1
worker-src blob:; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.kxcdn.com *.fontawesome.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com https://gtm-n98z5x44-mmqzy.uc.r.appspot.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.facebook.com *.twitter.com connect.facebook.net graph.facebook.com business.facebook.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.tiktok.com https://www.googleadservices.com https://www.google.com.br https://viacep.com.br https://*.viacep.com.br *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net *.addthisedge.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.mundipagg.com api.pagar.me *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com https://www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.tiktok.com https://d335luupugsy2.cloudfront.net https://analytics.tiktok.com https://www.googletagmanager.com https://analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://assets.zendesk.com https://js-agent.newrelic.com https://*.nr-data.net https://static.zdassets.com https://ekr.zdassets.com tagmanager.google.com https://viacep.com.br https://*.viacep.com.br *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.facebook.net *.twitter.com *.avada.io www.facebook.com graph.facebook.com business.facebook.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com https://viacep.com.br https://*.viacep.com.br *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.tiktok.com https://gtm-n98z5x44-mmqzy.uc.r.appspot.com https://www.googletagmanager.com https://analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.tiktok.com https://js-agent.newrelic.com https://*.nr-data.net https://popups.rdstation.com.br https://viacep.com.br https://*.viacep.com.br https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://viacep.com.br https://*.viacep.com.br https://apisandbox.cieloecommerce.cielo.com.br/ https://apiquerysandbox.cieloecommerce.cielo.com.br/ https://api.cieloecommerce.cielo.com.br/ https://apiquery.cieloecommerce.cielo.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
upgrade-insecure-requests 1
child-src js.stripe.com; connect-src 'self' geoip-js.com api.stripe.com maps.googleapis.com www.paypal.com www.facebook.com; font-src use.typekit.net; form-action 'self' www.facebook.com; frame-src js.stripe.com hooks.stripe.com www.facebook.com www.paypal.com www.youtube.com; img-src 'self' cdn.buyoly.com data: dg6xfr3y1xvv2.cloudfront.net p.typekit.net t.paypal.com www.facebook.com; script-src-elem 'unsafe-inline' cdn.buyoly.com connect.facebook.net js.stripe.com use.typekit.net www.paypal.com geoip-js.com www.paypalobjects.com; script-src 'unsafe-inline' cdn.buyoly.com connect.facebook.net js.stripe.com maps.googleapis.com use.typekit.net; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn.buyoly.com code.jquery.com; style-src cdn.buyoly.com code.jquery.com; report-uri https://buyolympia.report-uri.com/r/d/csp/wizard 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sooqr.com *.spotlersearch.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.bing.net *.google.nl *.facebook.com *.popupsmart.com *.usercentrics.eu *.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.bing.com *.cookiebot.eu *.facebook.com *.facebook.net *.popupsmart.com *.hotjar.com *.etrusted.com *.reaktion.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://static.klaviyo.com *.sooqr.com *.spotlersearch.com assets.braintreegateway.com *.googleapis.com *.etrusted.com *.popupsmart.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sooqr.com *.spotlersearch.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.gstatic.com *.googleapis.com *.bing.com *.bing.net *.cookiebot.eu *.doubleclick.net *.googlesyndication.com *.popupsmart.com *.hotjar.io *.reaktion.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://v2.zopim.com https://cdn.travel-insides.com https://www.googletagmanager.com https://www.google-analytics.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://cdn.travel-insides.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.travel-insides.com https://www.google-analytics.com https://d3plhpfg3500fc.cloudfront.net; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://ekr.zdassets.com https://stream.travel-dev.com https://www.google-analytics.com https://hop2travel.zendesk.com wss://widget-mediator.zopim.com; report-uri /csp-report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-_JFBokj18ZrANh9USHZsqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WwR-w8unQg9Ky-dVeEFnyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https:; style-src   'self' 'unsafe-inline' https:; img-src     'self' data: https:; font-src    'self' data: https:; connect-src 'self' https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
connect-src 'self' secure.adnxs.com ws.zoominfo.com www.google-analytics.com px.ads.linkedin.com; script-src-elem 'self' 'unsafe-inline' blob: data: j.6sc.co js.zi-scripts.com static.hotjar.com www.google-analytics.com www.googletagmanager.com connect.facebook.net script.hotjar.com snap.licdn.com; img-src data:; default-src 'self'; font-src data:; script-src 'self' wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' p.typekit.net; report-uri  https://668e090e2c406e55c4610b0dad7ab731.report-uri.com/r/t/csp/reportOnly 1
font-src *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://storage.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.google.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.magezon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action 'self' https://*.hubspot.com https://*.facebook.com; report-uri https://www.atlashxm.com/csp-reports; report-to csp-endpoint; 1
img-src https://higherlogicdownload.s3.amazonaws.com/APGA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/APGA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/APGA/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/APGA/ https://higherlogicdownload.s3.amazonaws.com/APGA/ https://higherlogiclongterm.s3.amazonaws.com/APGA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/APGA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/APGA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/APGA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/APGA/ https://higherlogicdownload.s3.amazonaws.com/APGA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/APGA/ https://higherlogicstream.s3.amazonaws.com/APGA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/APGA/ https://higherlogicdownload.s3.amazonaws.com/APGA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/APGA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src  'none'; connect-src 'self' *.openlife.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.openlife.com join.gammasecure.com; script-src 'self' *.openlife.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.openlife.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://firebasestorage.googleapis.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io https://api.unifaun.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors https://datastudio.google.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com https://www.youtube-nocookie.com/ https://datastudio.google.com/ https://rest.cleverreach.com/ https://3dswissmedia.com/ https://old.3dswissmedia.com/ https://cdn7.3dswissmedia.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudfront.net https://images.unsplash.com blob: https://img.youtube.com/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.google.ch/ads/ https://www.google.li/ads/ https://www.google.be/ads/ https://www.google.sk/ads/ https://www.facebook.com/ https://widgets.trustedshops.com/ https://chart.googleapis.com/ https://bat.bing.com/ https://*.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://www.hajk.ch/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com/ www.googletagmanager.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googleapis.com *.gstatic.com jquery.sellxed.com https://www.youtube.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://matomo.cs2.ch/ https://matomo.jajuma.de/ https://instant.page/ https://connect.facebook.net/ https://widgets.trustedshops.com/ https://bat.bing.com/ https://bat.bing-int.com/ https://script.crazyegg.com/ https://*.usercentrics.eu/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://*.elfsight.com/ https://universe-static.elfsightcdn.com/ http://www.googletagmanager.com/ *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://pagead2.googlesyndication.com/ https://www.google.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://matomo.cs2.ch/ https://matomo.jajuma.de/ https://www.facebook.com/ https://api.trustedshops.com/ https://shops-si.trustedshops.com/ https://trustbadge.api.etrusted.com/ https://logging.trustbadge.com/ https://api.trustbadge.etrusted.com/ https://script.crazyegg.com/ https://bat.bing.com/ https://bat.bing-int.com/ https://*.usercentrics.eu/ https://analytics.tiktok.com/ https://www.googletagmanager.com/ https://*.elfsight.com/ https://universe-static.elfsightcdn.com/ http://stats.g.doubleclick.net/ http://www.google-analytics.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.hajk.ch/csp.php; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com www.ppl.cz https://api.mapy.cz data: 'self' 'unsafe-inline'; form-action *.facebook.com *.googlesyndication.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com pay.google.com *.addthis.com *.adulto.cz https://api.m2a.cz/ https://api.dpd.cz/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com https://flagcdn.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com static.przelewy24.pl www.gstatic.com gstatic.com https://img.youtube.com https://maps.gstatic.com *.hsforms.net *.hsforms.com www.ppl.cz https://api.mapy.cz data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com s7.addthis.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://maps.googleapis.com *.hsforms.net *.hsforms.com *.adulto.cz https://api.js.m2a.cz www.ppl.cz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com fonts.googleapis.com https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com www.ppl.cz https://api.mapy.cz 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ekr.zdassets.com/ sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com www.ppl.cz https://api.mapy.cz https://api.dhl.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://canonplus.com https://admin.treefortsystems.com; report-uri https://o1003299.ingest.sentry.io/api/5966172/security/?sentry_key=2a13400a30ad4037a8f0cf127af14bff; 1
default-src https://*.deutschlandsim.de; object-src 'none'; script-src 'self' data: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.deutschlandsim.de https://visitor-service.tealiumiq.com/drillisch/main/ https://visitor-service-eu-central-1.tealiumiq.com/drillisch/main/ https://tags.tiqcdn.com/utag/drillisch/deutschlandsim.de/prod/ https://tags.tiqcdn.com/utag/tiqapp/ https://cdn2.spatialbuzz.com/cust/D7FF6FE4/ https://cdn2.spatialbuzz.com/cust/DCCB7552/; style-src 'self' data: 'report-sample' 'unsafe-inline' https://*.deutschlandsim.de; img-src https: data:; font-src https: data:; connect-src 'self' https://*.deutschlandsim.de wss://*.deutschlandsim.de https://dpm.demdex.net https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com/drillisch/main/ https://visitor-service.tealiumiq.com/drillisch/main/ https://visitor-service-eu-central-1.tealiumiq.com/drillisch/main/ https://cdn.spatialbuzz.com https://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com/api/maintenance_mode; frame-src 'self' https://*.deutschlandsim.de https://cdn2.spatialbuzz.com https://1and1internetag.demdex.net https://netmap.vodafone.de/cokart-client/index.html; child-src 'self' https://cdn2.spatialbuzz.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.drillisch-online.de/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-Od6w5xB3XrvOq0mUFHTHNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ;          base-uri 'self' ;          object-src 'none' ;          script-src 'self' 'unsafe-eval' 'nonce-bFm04G8T+zAFMoCTuS8SWQ==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.cdn.pagesense.io *.youtube.com *.seatsio.net;          connect-src 'self' *.googleapis.com *.google-analytics.com *.nimbuspop.com ws: data: ;          font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data:  ;          style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com;          frame-src 'self' * ;          img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: blob: *.nimbuspop.com *.zohopublic.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klevu.com *.ksearchnet.com cdn1.stamped.io stamped.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn1.stamped.io stamped.io *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn1.stamped.io stamped.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline cdn1.stamped.io stamped.io tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com cdn1.stamped.io stamped.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cash-f.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sharethis.com www.xtento.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.sharethis.com https://cdn.clerk.io *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net *.facebook.com www.google.it *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io cdnjs.cloudflare.com *.clerk.io *.clarity.ms connect.facebook.net *.cloudfront.net *.bing.com www.xtento.com cdn.xtento.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com network.oliunid.fr https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.openstreetmap.org https://maps.googleapis.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com network.oliunid.fr https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv5%3F.vb%60kv-19cf9f96142-0x805#pd 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.almapay.com *.bglobale.com *.global-e.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com 'self' data: *.onestock-retail.io *.sensefuel.live *.cdnfonts.com *.perplexity.ai *.isge49.com *.bocage.fr *.googleusercontent.com *.kameleoon.com *.abtasty.com s3-eu-west-1.amazonaws.com *.iadvize.com globale-prod.s3-eu-west-1.amazonaws.com ncspublicasset.s3.eu-west-3.amazonaws.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.getalma.eu *.almapay.com/ *.stripe.com/ *.checkout.com/ *.adyen.com/ *.bglobale.com *.global-e.com *.google.com/ *.onestock-retail.com/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.effiliation.com *.doubleclick.net *.bing.com *.pinterest.com *.facebook.com *.criteo.com *.bocage.eu *.googletagmanager.com *.snapchat.com vimeo.com *.abtasty.com *.criteo.net *.googlesyndication.com *.vimeo.com *.goodays.co *.cookiebot.com *.cloudflare.com *.iadvize.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.bglobale.com *.global-e.com *.googleapis.com https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: www.google.gg www.google.gl www.google.com.pg www.google.com.np www.google.com.pe www.google.co.il www.google.jo www.google.it www.google.co.zm *.facebook.net www.google.hu *.google.com www.google.com.pr *.eram.eu www.google.li www.google.am *.adform.net *.pinterest.com www.google.is www.google.bi *.batch.com *.criteo.com www.google.mn *.smartadserver.com www.google.com.ec www.google.me www.google.com.kh www.google.co.th www.google.com.vn www.google.ps www.google.com.hk *.advalo.com www.google.com.cy www.google.cv www.google.ge *.bing.net www.google.ro www.google.cd www.google.co.ve *.teads.tv www.google.com.bn www.google.ru *.abtasty.com www.google.sm www.google.com.cu *.kameleoon.eu www.google.com.vc www.google.com.ni *.mellowyellow.com *.adnxs.com www.google.com.eg www.google.com.gt www.google.com.jm *.contentsquare.net www.google.je us-central1-shopmyinfluens.cloudfunctions.net *.iadvize.com www.google.so www.google.com.af *.mmtro.com www.google.com.sl *.taboola.com www.google.gr *.bocage.fr www.google.tn www.google.co.in *.ggpht.com www.google.ad www.google.at www.google.al www.google.vu *.lgw.io www.google.cm www.google.mw www.google.ae www.google.pl www.google.pt www.google.be www.google.ee www.google.com.py www.google.iq www.google.ca www.google.sr www.google.de www.google.lt www.google.co.zw www.google.co.ug www.google.com.ph www.google.ga mmtro.com www.google.tg www.google.lv *.doubleclick.net *.sensefuel.live www.google.dj www.google.ci *.onestock-retail.io *.affilae.com www.google.com.ua www.google.com.gh *.bing.com www.google.com.my www.google.com.om www.google.nl www.google.ws www.google.com.sv www.google.com.tr www.google.se www.google.co.ao www.google.sn www.google.cl www.google.sc bucket-ip-website.s3.eu-central-1.amazonaws.com www.google.co.nz www.google.com.bz www.google.co.uk www.google.com.bd www.google.tm *.googleadservices.com www.google.cf www.google.co.ck www.google.mk www.google.st *.isge49.com www.google.bf www.google.co.kr www.google.co.bw *.bocage.eu www.google.co.id www.google.com.qa www.google.com.bh www.google.com.co *.facebook.com www.google.lk www.google.by www.google.hr *.vimeo.com *.mellowyellow.eu www.google.ch www.google.com.et www.google.md www.google.im www.google.es www.google.td www.google.com.bo www.google.lu www.google.co.ma www.google.dm www.google.co.ls www.google.ba joko-mobile-app-media.s3.eu-west-1.amazonaws.com *.twiago.com www.google.rw *.kameleoon.com www.google.tt www.google.com.lb www.google.no www.google.dk www.google.mg www.google.hn *.ebuyclub.com www.google.ne www.google.ml d1oco4z2z1fhwp.cloudfront.net www.google.la www.google.com.br www.google.com.mt www.google.kg www.google.cn www.google.mv mellowyellow.com www.google.co.mz www.google.bg www.google.com.pk *.googletagmanager.com www.google.com.tw www.google.com.sg d3e54v103j8qbb.cloudfront.net www.google.rs www.google.ie www.google.co.ke www.google.com.pa google.com www.google.com.fj www.google.com.kw www.google.com.mx www.google.mu *.outbrain.com *.criteo.net www.google.co.cr www.google.gy www.google.co.jp www.google.com.do www.google.fi www.google.sk www.google.co.tz www.google.si www.google.com.sa www.google.bj *.eram.fr www.google.dz www.google.com.ar www.google.co.uz www.google.fr s3-eu-west-1.amazonaws.com www.google.com.ng *.xiti.com *.snapchat.com *.googleusercontent.com www.google.com.uy *.openx.net www.google.com.na www.google.com.mm *.cookiebot.com *.googlesyndication.com *.tiktok.com www.google.co.za www.google.gm www.google.cg www.google.ht www.google.kz www.google.com.au www.google.bs www.google.cz www.google.az www.google.com.ly www.google.com.gi data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page cdn.jsdelivr.net *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://www.bocage.eu *.criteo.com *.snapchat.com *.jquery.com *.iadvize.com critizr.com *.kameleoon.eu *.cloudflare.com *.taboola.com *.sensefuel.com *.contentsquare.com *.adform.net *.googlesyndication.com *.hotjar.com *.mmtro.com *.pinimg.com *.tiktok.com *.pinterest.com *.vimeo.com *.cookiebot.com *.googletagmanager.com *.batch.com *.bocage.fr translate.google.com.hk *.lgw.io *.sensefuel.live *.eram.fr dqfw2hlp4tfww.cloudfront.net *.facebook.net *.abtasty.com *.contentsquare.net *.kameleoon.com *.onestock-retail.io *.goodays.co *.doubleclick.net *.bing.com *.googleadservices.com mmtro.com *.aticdn.net *.criteo.net *.kameleoon.io *.affilae.com sc-static.net d3e54v103j8qbb.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.bglobale.com *.global-e.com *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.abtasty.com *.iadvize.com *.typekit.net semji.github.io *.onestock-retail.io *.sensefuel.com *.goodays.co *.kameleoon.com *.bocage.fr *.sensefuel.live *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeocdn.com *.fbcdn.net *.bing.com *.mellowyellow.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.getalma.eu *.almapay.com maps.googleapis.com https://nominatim.openstreetmap.org https://maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.kameleoon.eu *.deebr.co *.openx.net *.kameleoon.com *.contentsquare.net *.abtasty.com *.doubleclick.net *.iadvize.com *.onestock-retail.io *.merchant-center-analytics.goog *.hotjar.io www.google.ru *.sensefuel.biz *.typekit.net www.google.it *.pinterest.com *.googleapis.com *.facebook.com www.google.mu *.aticdn.net *.sensefuel.live *.tiktok.com www.google.co.id *.instagram.com *.jquery.com www.google.ge *.bing.net www.google.fr *.bocage.fr www.google.ca *.snapchat.com *.adnxs.com *.advalo.com *.taboola.com www.google.cn *.cookiebot.com *.affilae.com *.cloudflare.com *.teads.tv *.hotjar.com *.goodays.co *.gstatic.com *.contentsquare.com *.batch.com *.criteo.com www.google.es www.google.be *.googlesyndication.com www.google.ch *.googleadservices.com *.facebook.net *.bing.com *.eram.fr *.kameleoon.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ab48b69d-84be-485e-b94f-4ed50b3a5780.sansec.watch/; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.usercentrics.eu 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.usercentrics.eu 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.usercentrics.eu *.usercentrics.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.usercentrics.eu *.usercentrics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.amazonaws.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cenpos.net *.cenpos.com *.gstatic.com *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cenpos.net *.cenpos.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page chimpstatic.com downloads.mailchimp.com *.list-manage.com https://app.zinrelo.com app.zinrelo.com https://cdn.zinrelo.com/js/all.js *.cenpos.com *.cenpos.net *.gstatic.com *.cardinalcommerce.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.amazonaws.com *.googleapis.com *.hsforms.net *.hsforms.com maps.googleapis.com https://cdn.zinrelo.com/ https://app.zinrelo.com/ https://d395yjvh5spyzw.cloudfront.net/ https://js-agent.newrelic.com/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com downloads.mailchimp.com https://fonts.bunny.net assets.braintreegateway.com *.amazonaws.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.amazonaws.com *.googleapis.com *.kodaris.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://cdn.zinrelo.com/ https://app.zinrelo.com/ https://d395yjvh5spyzw.cloudfront.net/ https://js-agent.newrelic.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data:; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.feedbackcompany.com maxcdn.bootstrapcdn.com *.tawk.to *.crisp.chat *.bootstrapcdn.com https://fonts.bunny.net *.jsdelivr.net *.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.feedbackcompany.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.facebook.com *.decta.com js.mollie.com *.trustpilot.com *.hotjar.com *.googletagmanager.com *.cookiebot.eu *.pinterest.com *.weltpixel.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com *.feedbackcompany.com 'self' data: *.facebook.com *.facebook.net *.googletagmanager.com *.google.com *.google.lv blob: *.crisp.chat https://firebasestorage.googleapis.com https://www.mollie.com 123magazijninrichting.nl 123magazijn.stimmt.dev 123magazijninrichting.dev *.cloudflare.com *.cloudimage.io *.linkedin.com *.adsymptotic.com *.google.nl *.trengo.eu *.bing.com *.visualwebsiteoptimizer.com *.etrusted.com *.feedbucket.app *.reddit.com *.google-analytics.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.feedbackcompany.com *.googletagmanager.com *.facebook.com *.facebook.net infimv.com *.stripe.com *.decta.com *.crisp.chat *.avada.io *.shopify.com js.mollie.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.trustpilot.com *.hotjar.com *.licdn.com *.chimpstatic.com *.adobetm.com polyfill.io *.doubleclick.net *.cookiebot.eu *.bing.com *.clarity.ms *.clarity.ms/collect *.pinimg.com *.pinterest.com *.trengo.eu *.brevo.com *.diffuse.tools sibautomation.com *.visualwebsiteoptimizer.com *.feedbucket.app *.getqonfi.com *.app-us1.com *.cloudfront.net *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com *.tawk.to *.crisp.chat *.fontawesome.com https://fonts.bunny.net *.bunny.net *.etrusted.com *.feedbucket.app *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.feedbackcompany.com *.google-analytics.com *.facebook.com *.doubleclick.net wss://*.crisp.chat/ https://get.geojs.io *.avada.io *.cloudflare.com *.pingdom.net *.hotjar.com *.usercentrics.eu *.pinterest.com *.bing.com *.trengo.eu *.clarity.ms *.clarity.ms/collect *.cookiebot.eu *.brevo.com *.diffuse.tools sibautomation.com *.visualwebsiteoptimizer.com *.googlesyndication.com *.feedbucket.app *.cloudfront.net *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://123magazijninrichting.nl/; report-to report-endpoint; 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-fd0a73da52a78594c937397d8e0c9c567427969a422e1befcff2a86909725a4a' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 1
object-src 'none';base-uri 'self';script-src 'nonce-975nvBM-sENFH3gvAvAtVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'none'; block-all-mixed-content; script-src 'self' 'strict-dynamic' 'nonce-ZDQ5NmExODYtMThlNy00MzI0LWEzY2ItY2Y3NWFlYTg0Yzhj' https://cdn.cookie-script.com/ https://connect.facebook.net https://*.g.doubleclick.net https://*.googletagmanager.com https://www.googletagmanager.com https://static.hotjar.com/ https://scripts.hotjar.com/ https://cdn.leadinfo.net https://*.ldnfrpl.com https://www.linkedin.com https://platform.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com/ https://api.linkedin.com https://*.mouseflow.com http://*.mouseflow.com https://widget.trustpilot.com/bootstrap/v5/ *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' https://places.geo.eu-west-1.amazonaws.com/ https://cms.energreen.com/graphql https://cms.energreen.com https://cdn.prod.website-files.com https://*.facebook.com wss://develop.api.io-comms.com/v2health https://*.google.be https://*.google.nl https://*.google.fr https://*.google.lu https://google.com/ https://*.google.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com www.googletagmanager.com https://*.hotjar.io/ wss://ws.hotjar.com/ https://api.leadinfo.com https://*.leadinfo.net https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://www.linkedin.com https://platform.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com/ https://api.linkedin.com https://*.mouseflow.com http://*.mouseflow.com https://hascoinvest.recruitee.com/api/ *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' blob: data: https://*.basemaps.cartocdn.com https://d4uvk9fin58ln.cloudfront.net https://cdn.prod.website-files.com https://*.fbcdn.net https://*.facebook.com https://*.google.be https://*.google.nl https://*.google.fr https://*.google.lu https://google.com/ https://*.google.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com www.googletagmanager.com https://collector.leadinfo.net https://cdn.leadinfo.net https://www.linkedin.com https://platform.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com/ https://api.linkedin.com https://*.mouseflow.com http://*.mouseflow.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; style-src 'self' 'unsafe-inline' https://cdn.leadinfo.net https://www.linkedin.com https://platform.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com/ https://api.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: https://cdn.prod.website-files.com https://cdn.leadinfo.net https://*.mouseflow.com http://*.mouseflow.com https://fonts.gstatic.com/ https://assets.merci-app.com/fonts/ chrome-extension; frame-src 'self' https://www.googletagmanager.com https://*.mouseflow.com http://*.mouseflow.com https://widget.trustpilot.com/trustboxes/ *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; report-to csp-endpoint; media-src https://d4uvk9fin58ln.cloudfront.net; child-src https://*.mouseflow.com http://*.mouseflow.com; worker-src 'self' blob:; report-uri https://www.energreen.com/api/content-security-policy; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; frame-ancestors 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.twitter.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests ; 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-+TF0kv9mpttiria6qD2ppWN6'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.coinpayments.net/index.php https://420growus.emailsp.com https://eu-prod.oppwa.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://eu-prod.oppwa.com account.fetchify.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com https://bsscommerce.com https://www.coinpayments.net https://eu-prod.oppwa.com magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com https://eu-prod.oppwa.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://eu-prod.oppwa.com cc-cdn.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-5CHpC-4tti2s4wqVNN5zhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://forms.hsforms.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://forms.hsforms.com; frame-ancestors 'none'; frame-src https://iframe.videodelivery.net https://youtube.com https://www.youtube.com https://forms.hsforms.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.hsforms.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com https://www.youtube.com http://www.youtube.com www.youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://oss.sheetjs.com http://oss.sheetjs.com oss.sheetjs.com https://js.hsforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline' 1
default-src 'self' http://code.ionicframework.com https://cdn.fontawesome.com/; script-src 'self' 'unsafe-eval'  ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: image/svg+xml;base64; connect-src 'self'; font-src 'self'; object-src 'none'; media-src 'self'; form-action 'self'; report-to default; 1
script-src 'nonce-66zCmImwDPu6H4DwuVetHg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample' https://bat.bing.com https://*.usercentrics.eu https://*.newsletter2go.com www.googletagmanager.com api.gutscheinconnection.de api.sovendus.com *.trustdetshops.com *.etrusted.com https://c.paypal.com 'unsafe-eval'; script-src-elem 'nonce-66zCmImwDPu6H4DwuVetHg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample' https://bat.bing.com https://*.usercentrics.eu https://*.newsletter2go.com www.googletagmanager.com api.gutscheinconnection.de api.sovendus.com *.trustdetshops.com *.etrusted.com https://c.paypal.com 'unsafe-eval'; script-src-attr 'unsafe-hashes' 'sha256-qOBd84dGYZ1TXAj+NIqiwfe6+6cjjOJx8QNDBdoNQyM=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'report-sample'; img-src 'self' data: blob: https: https://c.paypal.com https://b.stats.paypal.com 'report-sample'; object-src 'none'; base-uri 'none'; report-uri /error.php; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.google.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net udraw-app.racadtech.com udraw-app.b-cdn.net www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.idcband.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.searchserverapi.com *.hsforms.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.searchanise.com *.searchserverapi1.com *.twitter.com www.idcband.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.google.com self www.google.com *.stripe.com stripe.com *.link.com *.amazon.com www.idcband.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.google.com *.braintreegateway.com *.paypal.com google.com www.googletagmanager.com *.certcapture.com https://*.hubspot.com https://*.usemessages.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ www.google.com www.gstatic.com apis.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * udraw-app.racadtech.com *.gosendex.com udraw-app.b-cdn.net mailto: tel: www.searchanise.com *.searchserverapi.com *.searchserverapi1.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com *.weltpixel.com www.idcband.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.analytics.google.com *.bing.net blob: *.facebook.com *.google.co.uk *.google-analystics.com *.hsforms.com *.hubspot.com *.ads.linkedin.com https://*.hubspotusercontent.net https://*.hubspot.com *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com udraw-app.racadtech.com udraw-app.b-cdn.net *.wikimedia.org *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com s3.amazonaws.com maps.googleapis.com *.amazonaws.com www.idcband.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.googletagmanager.com *.certcapture.com *.air360tracker.net *.bing.com *.callrail.com googleads.g.doubleclick.net *.enzuzo.com *.facebook.net *.hellobar.com *.hotjar.com *.hsadspixel.net *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hubspot.com *.licdn.com *.osano.com *.usemessages.com *.zoominfo.com https://js.hs-scripts.com https://js.usemessages.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com udraw-app.racadtech.com *.gosendex.com cdnjs.cloudflare.com udraw-app.b-cdn.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com *.trustpilot.com www.idcband.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.google.com *.fontawesome.com webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.googleapis.com *.gstatic.com https://fonts.bunny.net assets.braintreegateway.com udraw-app.racadtech.com *.vultrcdn.com udraw-app.b-cdn.net www.searchanise.com *.searchserverapi.com searchserverapi.com *.searchserverapi1.com searchserverapi1.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com www.idcband.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.idcband.com 'self' 'unsafe-inline'; manifest-src *.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com *.air360tracker.net *.air360.io *.bing.net *.enzuzo.com *.googlesyndication.com region1.google-analytics.com *.hsforms.com *.hscollectedforms.net *.hubapi.com *.hubspot.com *.idcband.com *.idcgo.es *.idcgo.fr *.ads.linkedin.com *.osano.com *.merchant-center-analytics.goog *.searchserverapi1.com *.ip-api.com *.trustpilot.com *.zoominfo.com https://api.usemessages.com https://*.hubspot.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com udraw-app.racadtech.com pricematrix.racadtech.com udraw-app.b-cdn.net api.amplitude.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com places.googleapis.com www.idcband.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com www.idcband.com http: https: blob: 'self' 'unsafe-inline'; default-src udraw-app.racadtech.com udraw-app.b-cdn.net www.idcband.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' wss: *.google-analytics.com *.googletagmanager.com https://region1.analytics.google.com https://stats.g.doubleclick.net *.hs-analytics.net *.hotjar.com *.cloudflareinsights.com *.hubspot.com *.cookiebot.com collector.leadinfo.net api.leadinfo.com collector4.leadinfo.net https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-src https://www.google.com/recaptcha/ *.youtube.com *.vimeo.com *.cookiebot.com; img-src 'self' data: blob: https://ifra-943946991.imgix.net https://imgsct.cookiebot.com; media-src 'self' player.vimeo.com download-video.akamaized.net *.vimeocdn.com https://d3t14p1xronwr0.cloudfront.net; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' https://www.recaptcha.net *.googletagmanager.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com *.hsadspixels.net *.hsadspixel.net *.hotjar.com *.googleadservices.com *.facebook.net trackcmp.net *.licdn.com *.googlesyndication.com *.hsforms.net *.cloudflareinsights.com *.hsforms.com *.s3.amazonaws.com *.hubspot.com *.google.com *.gstatic.com *.atlassian.net *.hs-sites.com *.cookie-script.com googleads.g.doubleclick.net cdn.leadinfo.net *.cookiebot.com https://unpkg.com https://*.ldnfrpl.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com https://unpkg.com https://cdn.leadinfo.net; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://*.gstatic.com https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://*.googleusercontent.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com test.transafe.com post.live.transafe.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-eaUi1vc7tHh7RyGbTpC3qQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EwTndSBIchOw7ajlGlSiqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com googleapis.com 'self' data: secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; frame-ancestors secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com vimeo.com *.hotjar.com http://insight.adsrvr.org/ *.googletagmanager.com https://d1eoo1tco6rr5e.cloudfront.net/ https://adservices.brandcdn.com/ *.sandbox.paypal.com *.repay.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net *.dotdigital-pages.com *.dotdigital.com newassets.hcaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com blob: *.googleadservices.com *.googleapis.com *.paypalobjects.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com *.facebook.com https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://pixel.rubiconproject.com/ https://hb.yahoo.net/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://loadm.exelator.com/ https://mid.rkdms.com/ https://load77.exelator.com/ https://uipglob.semasio.net/ https://eb2.3lift.com/ https://ads.scorecardresearch.com/ https://i.liadm.com/ https://i6.liadm.com/ https://tags.rd.linksynergy.com/ https://match.sharethrough.com/ https://idpix.media6degrees.com/ https://dsum-sec.casalemedia.com/ https://x.bidswitch.net/ https://dmp.truoptik.com/ https://secure.insightexpressai.com/ https://simage2.pubmatic.com/ https://bidagent.xad.com/ *.google.co.in/ https://match.sync.ad.cpe.dotomi.com/ https://onetag-sys.com/ https://avd.innity.com/ *.repay.com addevent.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net *.trackedlink.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.sharethis.com https://connect.facebook.net https://*.hotjar.com 'unsafe-inline' *.googleadservices.com googleapis.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.paypalobjects.com *.googleapis.com *.gstatic.com https://p.typekit.net/ https://use.typekit.net https://*.hotjar.com http://adservices.brandcdn.com/ http://tag.brandcdn.com/ https://kadromm.atlassian.net/ addevent.com https://cdn.addevent.com/ http://localhost:8082 https://*.addevent.com/ https://duplin-winery.disqus.com/ *.repay.com dx.mountain.com *.mountain.com 'self' data: maps.googleapis.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://*.hotjar.com https://p.typekit.net/ https://use.typekit.net/ *.repay.com getfirebug.com googleapis.com addevent.com *.gstatic.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; object-src secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; media-src *.adobe.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; manifest-src secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://stats.g.doubleclick.net/ *.repay.com *.mountain.com dx.mountain.com maps.googleapis.com/ secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com 'self' 'unsafe-inline'; child-src secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri secure.apspaymentgateway.com portal.apsclicktopay.com testportal.apsclicktopay.com aps-clicktopay.uat.repay.net aps-clicktopay.repay.net 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://quadmedepiciframe-pp-prtl.spectrumretailnet.com;script-src 'nonce-ce294af0a68f40b1a7f0891b09f376c0' https://mychart.myquadmedical.com 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mychart.myquadmedical.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:;report-uri https://google.com; 1
font-src maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * app-wallee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com app-wallee.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com app-wallee.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://support.personanutrition.com https://js.cnnx.link https://*.facebook.net https://accept.authorize.net https://test.authorize.net https://*.cdnwidget.com https://*.cdnbasket.net 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.cnnx.link *.ondigitalocean.app *.mysubscriptionaddiction.com *.adsrvr.org *.redditstatic.com *.pinterest.com *.googletagmanager.com *.attn.tv www.redditstatic.com https://static.ads-twitter.com *.bing.com *.pinimg.com *.pbbl.co *.aipredict.us *.google.com *.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.yimg.com *.tiktok.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://ut.rd.linksynergy.com *.facebook.net *.trustpilot.com *.rmtag.com *.fbot.me *.zdassets.com https://applepay.cdn-apple.com *.byspotify.com https://pixels.spotify.com; style-src 'self' 'unsafe-inline' *.gstatic.com; font-src *.typekit.net *.gstatic.com; img-src * https://applepay.cdn-apple.com; connect-src *.pinterest.com https://stats.g.doubleclick.net *.reddit.com *.personanutrition.com *.mixpanel.com https://www.redditstatic.com;frame-ancestors 'self' https://rxreleaf.net; 1
frame-ancestors https://www.yamahabicycles.com/ https://www.yamahamotorsports.com/ ; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' ; connect-src 'self' ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://b3d773270785b0680eb4a1152b5cb1a2.report-uri.io/r/default/csp/reportOnly; 1
font-src *.googleapis.com https://*.gstatic.com data: https://*.zopim.com https://*.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com account.fetchify.com *.trustpilot.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://v2assets.zopim.io https://*.clarity.ms https://*.bing.com https://*.adnxs.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com cc-cdn.com *.trustpilot.com https://*.zopim.com https://*.zdassets.com https://*.clarity.ms https://*.crazyegg.com https://*.adnxs.com https://angus.finance-calculator.co.uk https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com cc-cdn.com *.trustpilot.com https://*.googleapis.com https://*.typekit.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com wss://*.zopim.com https://ekr.zdassets.com https://script.crazyegg.com https://*.clarity.ms  https://gilliesltd.zendesk.com https://angus.finance-calculator.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'self' statistiek.rijksoverheid.nl 'report-sample' 'sha256-GCAGLI4US16FcGs+p6+XISNdqk3jJehdbND5mCng/k4=' 'sha256-CaN42Zi+a+oATitdYvGRVlyS6mCZIxrLFXhTbgp6HCI=' 'sha256-kbxdHCgUdrZK4ETPFEMbYVmfSWsi5P6bF1xkaFpzWwA=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-Wuuo8pjCq8p1DupaB6iKVd7xGXUV2cZ6FNKupyZkqtA=' 'sha256-rWd9UEdKeFeLqC7IaJz1wxlZctnoLlCVLl196dQ3XcM='; object-src 'none'; style-src 'self' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-v2NsGDfcQvA9v36g3/fcwag7FTBO0gpJRZm0Gb6dgFM=' 'sha256-QLxpG/SkrAsFt4RhNXuW4sYL8ehWaXmFGHShqQQgGB8=' 'sha256-FUjt+ObqUSCpuQLS5dcXCrlb/K5x8I6Wf0hntswuz3I=' 'sha256-/Mold7LpOLiXPL6ZUD2g4HukqtVSqqMSxhvqj7FM1JY=' 'sha256-9s7lC2GzUUKlE3XPBaOsDS7hvg4xAsX3zuyUojlamtE=' 'sha256-/okNWXmWq6ACIbPo1CyYip0qDxBnjxUmSWJ1hdca+wA=' 'sha256-4LBEjchlwRrvc/o5PWkzP4zfj5119cLhWaJyMtiKRVc=' 'sha256-s46feognZeNCnOfZUhDw6qOijuTDw8bsnIAsrYpEo5g=' 'sha256-2EA12+9d+s6rrc0rkdIjfmjbh6p2o0ZSXs4wbZuk/tA=' 'sha256-6TD9T2GLgemUtWDfGS6xuvb8pwqOKV665C5itzceI+Q=' 'sha256-/HzB0oUXCjF1X3ePcn6F5vBOf787Yd6ZPQbCx9DsV/0=' 'sha256-2eHsQCvJfybN+irzSq7oVlagXMAt9fVsKshHduPgdcc=' 'sha256-T6lV/jeKAUbvL7n/+FIctusAcR4zRM21HSThFcWp7fs=' 'sha256-FVIAwJdK81osoqCJ/Ej4mM+eHVpzv1d/mUxo+clpIdQ=' 'sha256-BQa5UjYUb+kyX2iReXhKiXy8sbD2dSdEcV1L/MN9i14=' 'sha256-MRLe1N0WuHicxwci5Jh0nPT7gQcK4wsGaha2oj5c/oM=' 'sha256-8AYlWL9cvG8jYJjPkXBl5js3sILXmVeOgdXVUnWB1iY=' 'sha256-VjdZlb043MCysjACBWpz+4F2wAY7JkdJWcjKtHbxwcc=' 'sha256-wXb6aQPNH8seDdM4tzL5B7ACoAYT4aPgYngEzI3brj0=' 'sha256-RxiWBZYLCS3QKI4PLXxu0Blyj8vmxeuK9J7TB1/jWuY=' 'sha256-9SHn29V4zLOHjVJq92HpFpp1NN7aoRyhW8L48YW6rRY=' 'sha256-BQdguyxnSnBKZQqP4a8dr/d+ZotDyvgdk19eea71qgw=' 'sha256-MySsC+u+VdmjXf6r8ZYJaD17sc/hitJOwXXfqTYAA8E=' 'sha256-nmm8ItERQyzkJcpOSodAIXnlyHnEY7fX+S3bSgnqBcs=' 'sha256-ZbhuK+BYd9QEPexswy/DVf9gK/UeP4KQoZPLCAcyDRQ=' 'sha256-4qwQIuCrY4GtcFeYztbNvhYhJpcmSrdQgJbESRDX0Ag=' 'sha256-rbBgGFyfGzPErYaJk67UdWYnprmSUOmsthHiSjzbZTc=' 'sha256-FMds87GwC25yjwsohWzNpO0kdDsPMEJ+Rago/VZOpk0=' 'sha256-C2ehWAGr1mFuGpLoXTNZTAdtYCmIbLEVIbG/lq+GguU=' 'sha256-uXkXw2JB1V+Gwgcdunz8SSzasmzjE/o8TAq+11+k4fM=' 'sha256-a6W7OLx3X/uxUoMEpBZlDgXu5dzMwMtMqxbrsSOrrhc=' 'sha256-lCwzlRxX6jViMRn9wKezsu/yA3nx7mIdEewYWJxL+qA=' 'sha256-V/NGbBjYFAfWeViND1ooOGubTksV07jWBEfuMqymIr8=' 'sha256-kevEEbJVKNwABPtBxv0gHn+y4oZY3FRiFqxZbfMaDK8=' 'sha256-l6JwEbyxJN9Q+R7PlW5jNpX4gK6seSxOmbf834205Gg=' 'sha256-rLl3HLTo4EBxJ+7FOPulmhv6F8mgunYmTqjV4tD6eKA=' 'sha256-3HGmtJloH0zk89NpySpSfZlc/h9uk/4KzPVch8SHNVI=' 'sha256-TPiAMuKNLItlFYo+Nyqc6kE/E1beDIPD18i6B3jd17M=' 'sha256-4PlTIlzoyWEpNDMbkFgs3WSrUDkWaqMtX6WNJMfT6Ao=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JbTfnCr1DRVbrZ3DMnsUk39OagRVx/76lvbADaThn+8=' 'sha256-C/Su3y1Xu/KZJEXeXDgBJGhwRayU9C+udWS7yVIeUG4=' 'sha256-ZPaEQsUYrDi3KreWQD/+VO33FtKQrKi/3wS/dth16BE=' 'sha256-BzkH6T4d78MjHgouHaye8UOUkaq5vPjWURGKD5dFuUw=' 'sha256-HtQ+Yd1C4dHgIprcZ11TcScY54YLEy+wJHeCuUnrrkQ=' 'sha256-A/3QjCo43fwYhwC0LaO5DeV9VHFYy9nGNlfvgX3f4Vw=' 'sha256-Vvs7jGkUfGXQ3Hj8mxsviqJZsgsGltqaPQPwp0O4MjE=' 'sha256-40w6WzeaPA2X4UO5rM+9V0c0oo4xdZz0Tqj13Tn9SwQ=' 'sha256-T/iXRETAXrriZ4uxOL1Y/J344tXGfFq7+5ISPx9GovQ=' 'sha256-x/vL45Wz2KepGlHd8gpwvqQ6ZXSFYe+2l5MDhJ+yMNE=' 'sha256-tog1r3OcgvqxVQtxGbyWUqeOLqqFKyy7Umm97ioUfd0=' 'sha256-KqCzJ5EyNcJc+3SsRnq6mC5zEHkH5jhkFRnqu+G8DoY=' 'sha256-L+T2ZId3tFnZUiYn6D6FvsUwMQgLF/MJbp+6chYoT7A=' 'sha256-83jnIycIXSkpiipPVejcIpwStPphlmSqmBs3wkaqnUs=' 'sha256-xxDN6q9UnHtxc0SFVSICFL5cmp4svZB4pToHDLj/IeM=' 'sha256-K9syITcxwuBN4IM1utpENVyUVBk5osc1/foT36+f4Yg=' 'sha256-0uk2c/hlm5oSZnJAbWwJ2KJJcZMioSWQxzMz3Oo3VzI=' 'sha256-jnf07cWLqAcfo7BbRZxdTAjgcyCWxkjvt1OC/JIbZts=' 'sha256-M0m7vB/M3n3/8sQ23h7EeyyTDBVn4q9CjsawgbsXS2g=' 'sha256-zDgvCAZF73JEdU+deOsx/TP7qpOpEOHK2d3J1VII/L4=' 'sha256-MhOJTlsF4IHo2IoFGgzIvh86cupAr/iFAmR3XsTBDBI=' 'sha256-EpnMayRaQCXpc7EgwpM+JpOK3QiScYWYwGJ/iV1gJtA='; img-src statistiek.rijksoverheid.nl *.rovid.nl 'self' data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self'; font-src 'self'; report-uri https://sentry.dtnr.nl/api/38/security/?sentry_key=134f37c86e0b4680a5c10e8ca8d646eb&sentry_environment=production 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.clerk.io https://www.magezon.com *.multisafepay.com assets.myparcel.nl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.googleapis.com *.gstatic.com *.google.com/ *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com cdn.jsdelivr.net *.multisafepay.com assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.multisafepay.com api.myparcel.nl cdn.jsdelivr.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-jxPYYEYK-rUCi5nd1i_c0A' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
img-src https://higherlogicdownload.s3.amazonaws.com/AEDWEB/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEDWEB/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AEDWEB/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEDWEB/ https://higherlogicdownload.s3.amazonaws.com/AEDWEB/ https://higherlogiclongterm.s3.amazonaws.com/AEDWEB/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AEDWEB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEDWEB/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AEDWEB/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/AEDWEB/ https://higherlogicdownload.s3.amazonaws.com/AEDWEB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEDWEB/ https://higherlogicstream.s3.amazonaws.com/AEDWEB/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AEDWEB/ https://higherlogicdownload.s3.amazonaws.com/AEDWEB/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEDWEB/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3QQ2pJ75OyXDUXRMyX2ObA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; report-uri /csp-report 1
default-src 'self' https: data:; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https:; form-action 'self' https:; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss:; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-IC8KQ4EVo8LwXGXxSYFnzCUYb' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-kpIdjVttYDf4zETdt6GIeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.xpayments.com *.xpayments.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-b1p1xLwm7Y-fsDgIHv0CEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.google.com *.google.ch *.doubleclick.net *.googletagmanager.com *.cloudflareinsights.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.ch eadn-wc03-3229097.nxedge.io *.luxury-shops.com *.doubleclick.net *.googletagmanager.com *.cloudflareinsights.com *.gstatic.com *.facebook.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.google.com *.google.ch eadn-wc03-3229097.nxedge.io www.gstatic.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.cloudflareinsights.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.instagram.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com eadn-wc03-3229097.nxedge.io fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.ch *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.googletagmanager.com *.cloudflareinsights.com analytics.google.com *.facebook.net *.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0e4E_UjHmE11MHvihlgRzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.googleapis.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.affirm.com *.affirm.ca facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.affirm.com *.affirm.ca *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net blob: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com https://static.klaviyo.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'report-sample' 'self' https://app.hubspot.com/content/editor/prefetcher.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://connect.facebook.net/en_GB/sdk.js https://j.6sc.co/6si.min.js https://js.hs-analytics.net/analytics/1728579000000/8089267.js https://js.hs-banner.com/8089267.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hscta.net/cta/current.js https://js.hsleadflows.net/leadflows.js https://js.hubspot.com/web-interactives-embed.js https://js.zi-scripts.com/zi-tag.js https://platform.linkedin.com/in.js https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2164719.js https://static.hsappstatic.net/content-cwv-embed/static-1.1293/embed.js https://tag.clearbitscripts.com/v1/pk_28b4f192479bc58362240e30a96a0e05/tags.js https://tools.luckyorange.com/core/core.js https://trk.techtarget.com/tracking.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://7052064.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://static.hsappstatic.net https://tags.srv.stackadapt.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api.hubapi.com https://app.hubspot.com https://cp.hubspot.com https://cta-service-cms2.hubspot.com https://forms-na1.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://forms.hubspot.com https://ibc-flow.techtarget.com https://in.visitors.live https://ipv6.6sc.co https://js.hs-banner.com https://js.zi-scripts.com https://px.ads.linkedin.com https://tags.srv.stackadapt.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com wss://in.visitors.live wss://realtime.luckyorange.com; font-src 'self' https://cdnjs.cloudflare.com; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://td.doubleclick.net; img-src 'self' data: https://298890.fs1.hubspotusercontent-na1.net https://b.6sc.co https://forms-na1.hsforms.com https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://secure.adnxs.com https://static.hsappstatic.net https://track.hubspot.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://670805d10ec8e242e29afa7d.endpoint.csper.io/?v=0; worker-src 'self'; 1
script-src-elem assets.adobedtm.com *.cardinalcommerce.com local.behangwebshopm2.nl; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.bootstrapcdn.com data: *.fontawesome.com *.cloudflare.com fonts.googleapis.com *.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.hotjar.com *.criteo.com https://consentcsn.cookiebot.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.behangwebshop.nl *.cloudfront.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.bing.com *.clarity.ms *.cookiebot.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tn *.googlesyndication.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com widget.thuiswinkel.org *.hotjar.com *.criteo.net *.criteo.com api.widget.trengo.eu static.widget.trengo.eu *.trustpilot.com bam-cell.nr-data.net vanerkel.zendesk.com static.zdassets.com chimpstatic.com *.cardinalcommerce.com *.authorize.net *.bing.com *.doubleclick.net https://*.cookiebot.eu *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.clarity.ms *.cloudflareinsights.com *.cookiebot.com *.googlesyndication.com *.zopim.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.thuiswinkel-cdn.org *.googleapis.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.widget.trengo.eu *.thuiswinkel-cdn.org *.hotjar.com bam-cell.nr-data.net wss://ws17.hotjar.com *.google-analytics.com vanerkel.zendesk.com *.zdassets.com *.doubleclick.net *.zopim.com wss://widget-mediator.zopim.com https://*.cookiebot.eu https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.bing.com *.clarity.ms *.cookiebot.com www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mn www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sr *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://70340d24-235b-4990-9e78-f23006e4ffdf.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-3Ej1zs1VBK0HqNgxflyy2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' data: http://solutio.de  https://www.solutio.de  http://sol4fivtemp.de  https://dr-flex.de  https://www.googletagmanager.com  https://px.ads.linkedin.com  https://i.ytimg.com  https://www.google-analytics.com  blob:  https://fonts.gstatic.com  https://www.google.de  https://googleads.g.doubleclick.net  https://www.google.com.bd  https://www.google.nl  https://www.google.gr  https://web.archive.org  https://translate.google.com  https://stats.g.doubleclick.net  https://www.google.com.vn  https://maps.googleapis.com  https://www.google.co.za  https://www.google.pt  https://www.google.lu  https://www.google.com.au  https://www.google.be  https://www.google.com.om  https://really-simple-ssl.com  https://www.google.co.uk  https://www.google.es  https://www.google.it  https://www.google.at  https://www.google.hu  https://www.google.co.in  https://assets.devowl.io  https://rcb.devowl.io  https://adservice.google.com  https://www.google.co.id  https://www.google.com.ph  https://www.google.pl  https://www.google.ch  https://www.google.fr  https://www.google.ae  https://items.templately.com  https://www.google.hr  https://www.google.ie  https://storage.googleapis.com  https://plugins.svn.wordpress.org  https://code.jquery.com  https://www.google.ru  https://www.google.com.ua  https://premiumaddons.com  https://license.devowl.io  https://assets.elementor.com  https://www.google.tn  https://www.google.co.th  https://cdn.honey.io  https://assets.templately.com  https://www.google.co.il  https://www.google.dk  https://www.google.com.tr  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com  https://code.jquery.com  https://cdn.datatables.net  https://maps.googleapis.com  https://cdnjs.cloudflare.com  https://www.tiktok.com  https://xeldurap.peazheut.com  https://editor-static-bucket.elementor.com  https://data1.barbuna.com  https://dr-flex.de  https://sf16-website-login.neutral.ttwstatic.com  https://connect.facebook.net  https://slsnlytcs.com  https://www.googletagmanager.com  https://www.google-analytics.com  https://c.leadlab.click  https://pagead2.googlesyndication.com  https://me.kis.v2.scr.kaspersky-labs.com  https://sc-static.net  https://googleads.g.doubleclick.net  https://www.google.com  https://www.googleadservices.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://t.leadlab.click  https://www.solutio.de  https://code.jquery  https://translate.google.com  blob:  data:  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com  https://code.jquery.com  https://cdn.datatables.net  https://maps.googleapis.com  https://cdnjs.cloudflare.com  https://www.tiktok.com  https://xeldurap.peazheut.com  https://editor-static-bucket.elementor.com  https://data1.barbuna.com  https://dr-flex.de  https://sf16-website-login.neutral.ttwstatic.com  https://connect.facebook.net  https://slsnlytcs.com  https://www.googletagmanager.com  https://www.google-analytics.com  https://c.leadlab.click  https://pagead2.googlesyndication.com  https://me.kis.v2.scr.kaspersky-labs.com  https://sc-static.net  https://googleads.g.doubleclick.net  https://www.google.com  https://www.googleadservices.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://t.leadlab.click  https://www.solutio.de  https://code.jquery  https://translate.google.com  blob:  data: ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net  https://fonts.googleapis.com  https://sf16-website-login.neutral.ttwstatic.com  https://dr-flex.de  https://code.jquery.com  https://www.gstatic.com  https://www.googletagmanager.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.solutio.de  https://gc.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net  https://fonts.googleapis.com  https://sf16-website-login.neutral.ttwstatic.com  https://dr-flex.de  https://code.jquery.com  https://www.gstatic.com  https://www.googletagmanager.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://www.solutio.de  https://gc.kis.v2.scr.kaspersky-labs.com ; font-src 'self' https://sol4fivtemp.de  https://www.solutio.de  https://fonts.gstatic.com  https://ncspublicasset.s3.eu-west-3.amazonaws.com  https://static.hsappstatic.net  https://migaku-public-data.migaku.com  https://solutio.de  chrome-extension  data:; frame-src 'self' https://www.youtube.com  https://leap13.github.io  https://etermio.com  https://editor-static-bucket.elementor.com  https://embed.funnelcockpit.com  https://www.googletagmanager.com  https://td.doubleclick.net  https://support.google.com  https://www.youtube-nocookie.com  https://www.etermin.net  blob:; connect-src 'self' https://yoast.com  https://maps.googleapis.com  https://slsnlytcs.com  https://region1.google-analytics.com  https://pagead2.googlesyndication.com  https://dr-flex.de  https://www.google-analytics.com  https://region1.analytics.google.com  https://analytics.google.com  https://adservice.google.com  https://stats.g.doubleclick.net  https://www.google.de  https://www.google.com.bd  https://web.archive.org  https://www.google.nl  https://www.google.co.in  https://api.solaranalyticscorp.com  https://www.google.pl  https://www.google.gr  https://www.google.fr  https://www.google.sk  https://www.google.pt  https://www.google.hu  https://www.google.co.uk  http://sol4fivtemp.de  https://www.google.ca  https://o622089.ingest.us.sentry.io  https://www.solutio.de  https://translate-pa.googleapis.com  https://www.google.at  https://translate.googleapis.com  https://adtonus.com  https://www.google.ie  https://www.google.co.za  data:  https://www.google.hr  https://www.google.com.ph  https://www.google.ch  https://www.google.com.ua  https://api.range-offer.com  https://metrics-dre.dt.dbankcloud.cn  https://overbridgenet.com  https://www.google.es  https://www.google.ci  https://www.google.ru;  media-src 'self' data:  https://assets.devowl.io;  worker-src 'self' blob:;  report-uri https://www.solutio.de/wp-json/rsssl/v1/csp?rsssl_apitoken=897504722; 1
font-src *.gstatic.com https://fonts.gstatic.com *.fontawesome.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com vimeo.com widget.freshworks.com connect.facebook.net spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk *.feefo.com *.amazonaws.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com embed.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com verify.monzo.com vimeo.com widget.freshworks.com spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com vimeo.com widget.freshworks.com spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.finance-calculator.co.uk *.dekopay.com 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com widget.freshworks.com spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk *.amazonaws.com *.flix360.com vsa67.tawk.to vsa66.tawk.to embed.tawk.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.finance-calculator.co.uk *.dekopay.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com widget.freshworks.com spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk unpkg.com *.isitetv.com *.feefo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com embed.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com vimeo.com widget.freshworks.com connect.facebook.net spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk *.finance-calculator.co.uk *.trustpilot.com embed.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.finance-calculator.co.uk *.dekopay.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com verify.monzo.com vimeo.com widget.freshworks.com spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk *.tawk.to wss://*.tawk.to ws://*.tawk.to *.isitetv.com *.loadbee.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com va.tawk.to vsa87.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com vimeo.com widget.freshworks.com connect.facebook.net spark11189.pcapredict.com cdn.cs.1worldsync.com platform-api.sharethis.com media.flixfacts.com *.sharethis.com ws.cs.1worldsync.com prod.flixgvid.flix360.io *.flixcar.com widgets.reevoo.com cdn.lightwidget.com cdn.loadbee.com sparkworld-euronics.disqus.com sparkworld.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://matomo.arcantel.ch:443 https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://s7.addthis.com https://api.flickr.com https://cdn.userway.org https://api.userway.org 1
default-src 'self'; script-src 'report-sample' 'self' https://cdn.leadinfo.net/ping.js https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.js https://d10zminp1cyta8.cloudfront.net/widget.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/716925886/ https://koi-3r7iktsm1g.marketingautomation.services/koi https://snap.licdn.com/li.lms-analytics/insight.min.js https://tagging.cape.nl/user-data-minified.js; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.leadinfo.com https://collector.leadinfo.net https://collector4.leadinfo.net https://px.ads.linkedin.com https://tagging.cape.nl https://www.google.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://app-3r7iktsm1g.marketingautomation.services https://tagging.cape.nl; img-src 'self' data: https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://region1.google-analytics.com https://scontent-fra3-1.cdninstagram.com https://scontent-fra5-1.cdninstagram.com https://scontent-fra5-2.cdninstagram.com https://www.google.com https://www.google.nl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js assets.pinterest.com/js/pinit.js assets.pinterest.com/js/pinit_main.js eu.libraryh3lp.com/js/libraryh3lp.js  eu.libraryh3lp.com/presence/jid/regionaal.archief.tilburgs-queue/chat.eu.libraryh3lp.com/js images.memorix.nl/topviewer/1.0/src/topviewer.compressed.js https://static.hotjar.com/c/hotjar-2934884.js webservices.memorix.nl *.google-analytics.com https://*.googletagmanager.com connect.facebook.net/en_US/all.js https://www.youtube.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/ng-dialog/0.3.0/css/ngDialog.min.css cdnjs.cloudflare.com/ajax/libs/ng-dialog/0.3.0/css/ngDialog-theme-plain.min.css fonts.googleapis.com webservices.memorix.nl webservices.memorix.nl https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' eu.libraryh3lp.com images.memorix.nl testing-images.memorix.nl www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com webservices.memorix.nl webservices.memorix.nl stats.g.doubleclick.net https://www.facebook.com/x/oauth/status https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com webservices.memorix.nl https://*.hotjar.com; frame-src 'self' https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://app.springcast.fm/; img-src 'self' blob: data: images.memorix.nl testing-images.memorix.nl https://log.pinterest.com assets.pinterest.com/images/pidgets/pinit_fg_en_rect_gray_20.png webservices.memorix.nl www.google.nl https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com data: fonts.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://service.xesto.io https://staging-xesto-service.xesto.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com maps.googleapis.com maps.gstatic.com https://service.xesto.io https://staging-xesto-service.xesto.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com https://service.xesto.io https://staging-xesto-service.xesto.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://service.xesto.io https://staging-xesto-service.xesto.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src 'none'; style-src 'unsafe-inline' *; frame-ancestors 'none'; base-uri 'none'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-D3E1E3v5z91r8s9SuqllHQ=='; media-src *; img-src blob: data: *; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io; object-src 'none'; default-src 'none' 1
base-uri 'none'; font-src 'self' https: data:; form-action https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://www.facebook.com; frame-ancestors 'self'; img-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://mautic.netcup.news https://px.ads.linkedin.com 'self' blob: data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://measure.netcup.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://widget.trustpilot.com https://cdn.brevo.com/js/sdk-loader.js 'self' 'wasm-unsafe-eval' 'nonce-mrBYriG7R3BpHxd0wm9OPakM'; connect-src https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://www.google.com https://in-automate.brevo.com https://measure.netcup.com https://google.com https://px.ads.linkedin.com https://*.clarity.ms/ 'self' https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://eu-api.friendlycaptcha.eu https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.cookielaw.org https://adservice.google.com https://pagead2.googlesyndication.com https://www.redditstatic.com https://pixel-config.reddit.com https://analytics.tiktok.com https://ads.tiktok.com https://bat.bing.com https://widget.trustpilot.com; worker-src blob:; child-src blob: https://td.doubleclick.net; script-src-elem https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com https://cdn.brevo.com/js/sdk-loader.js https://sibautomation.com/sa.js https://sibforms.com/ https://www.googleadservices.com https://www.redditstatic.com 'self' 'unsafe-inline' https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://*.clarity.ms https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://analytics.tiktok.com https://ads.tiktok.com https://measure.netcup.com https://www.youtube.com https://pagead2.googlesyndication.com https://widget.trustpilot.com; frame-src https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://measure.netcup.com https://www.youtube-nocookie.com/ https://widget.trustpilot.com https://green.netcup.com https://red.netcup.com https://blue.netcup.com https://www.netcup.com; report-to csp-endpoint; 1
connect-src 'self' *.typekit.net *.onetrust.com cdn.cookielaw.org fonts.gstatic.com fonts.googleapis.com www.google.com www.googletagmanager.com; default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com privacyportal-cdn.onetrust.com use.typekit.net unpkg.com; frame-src 'self' www.google.com www.googletagmanager.com; img-src 'self' data: *.typekit.net cdn.cookielaw.org fonts.gstatic.com unpkg.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://unpkg.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' *.typekit.net fonts.googleapis.com privacyportal-cdn.onetrust.com tagmanager.google.com unpkg.com www.googletagmanager.com; 1
default-src 'self' www.station-one.com station-one.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://analytics.ahrefs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://mssb-media.xcms.io https://static01.mediaselangor.com https://mediaselangor.com https://mediaselangor.github.io; connect-src 'self' https://feeds.mediaselangor.com https://www.googletagmanager.com; frame-src 'self' https://www.youtube.com https://static01.mediaselangor.com https://selangor-player.glueapi.io; media-src 'self' https://mediaselangor.com https://static01.mediaselangor.com; frame-ancestors * 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' http://www.musicimpressions.de; img-src *; report-uri /csp_log.php 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.realexpayments.com/ *.paypal.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.lpsnmedia.net/ *.googletagmanager.com/ consentcdn.cookiebot.com consentcdn.cookiebot.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.google.com/ https://www.google.pl/ *.google.pl *.lpsnmedia.net/ https://www.chrisanne-clover.com// imgsct.cookiebot.com imgsct.cookiebot.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://cdn.weglot.com/ https://magento.com https://www.google.com/ https://www.google.pl/ https://www.gstatic.com/ *.liveperson.net/ *.lpsnmedia.net/ *.gopay.com/ *.googlesyndication.com/ *.cookiebot.com/ consent.cookiebot.com consent.cookiebot.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://cdn.weglot.com/ downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://cdn.weglot.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://cdn-api-weglot.com/ *.lpsnmedia.net/ *.googlesyndication.com/ consentcdn.cookiebot.com consentcdn.cookiebot.eu https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src *.chromalox.com *.onetrust.com *.onetrust.io *.google-analytics.com *.hotjar.com *.hotjar.io *.qualtrics.com wss://*.hotjar.com maps.googleapis.com 'self' *.clarity.ms maps.googleapis.com *.cookieyes.com vimeo.com px.ads.linkedin.com front.optimonk.com cdn-account.optimonk.com jfapiprod.optimonk.com cdn-renderer.optimonk.com pagead2.googlesyndication.com cdn-cookieyes.com googleads.g.doubleclick.net places.googleapis.com analytics.google.com region1.analytics.google.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com ad.doubleclick.net stats.g.doubleclick.net 680-ryi-639.mktoresp.com forms.hubspot.com forms.hsforms.com cdn.linkedin.oribi.io adservice.google.com www.google.com www.google.co.uk www.google.ae www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bs www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.hu www.google.co.id www.google.co.il www.google.co.im www.google.co.in www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.uz www.google.com.vc www.google.com.vn www.google.cn www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.gg www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.ms www.google.mu www.google.mw www.google.net www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.tm www.google.tn www.google.to www.google.tp www.google.tt www.google.tv www.google.uz www.google.vg www.google.vu www.google.ws www.google.co.zw www.google.dz/ads/ga-audiences www.google.al/ads/ga-audiences www.google.bf/ads/ga-audiences ttps://www.google.by/ads/ga-audiences www.google.cm/ads/ga-audiences www.google.co.ao/ads/ga-audiences ttps://www.google.co.mz/ads/ga-audiences www.google.co.tz/ads/ga-audiences www.google.com.bn/ads/ga-audiences ttps://www.google.com.gh/ads/ga-audiences www.google.com.kh/ads/ga-audiences www.google.com.lb/ads/ga-audiences ttps://www.google.com.mm/ads/ga-audiences www.google.com.ng/ads/ga-audiences www.google.com.pg/ads/ga-audiences ttps://www.google.dz/ads/ga-audiences www.google.ge/ads/ga-audiences www.google.iq/ads/ga-audiences www.google.sr/ads/ga-audiences 680-ryi-639.mktoutil.com wss://lo.msg.liveperson.net bat.bing.com; font-src *.onetrust.com 'self' fonts.gstatic.com use.typekit.net data:; img-src *.qualtrics.com optimize.google.com www.google-analytics.com www.googletagmanager.com 'self' data: *; manifest-src 'self'; script-src *.onetrust.com *.scr.kaspersky-labs.com *.qualtrics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com 'self' 'nonce-ZjA3MWZhZTgtNTNhMi00ZDEyLWJlMmYtMTYyNTgxOGY0MmQ3' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-NiPpcuG5iPK1KPR3YIEEEz98KT0W7243V6u7FeP7hdE=' 'sha256-gRuNVLzs+xy+3p6+I1CnZb8pDmnXUWSlO9ejbnSR/lQ=' 'sha256-ibqfaR/CmFL3wQZAxIuZ0V4RMm9txqHSln46Z5WyeVA=' 'sha256-30EB3olZggJZ3OT2ahL22VzuYSIEPTzmMb+L3StxKgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-bkXrlHTrWu78qnQooXw+JqlG1rZijbuVZIkNBzTfagM=' 'sha256-vbs/XR7vkC12NXdDH8FEaUASiJdg/16cqF/0T3ze1ks=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-/Fu0G2rh4wmpTYIDt4lb/x5WJp6zusqpavun8dZ8Yns=' 'sha256-yqVa7ver8F3o3KAsmdt2r10wQlIPCHuaBhkxEMbFQKE=' 'sha256-pZ/qdkaCfUhJbPDW6dxGk6IT/oRRR/mlpXeonIs9iew=' 'sha256-tYXM2mIrtKnuv7Rvj326AzVweHLHgtfBqDHsiYM5xg8=' 'sha256-kcSZExtSK6wGWjH32NFqA7z0v/0DUB7/EuCavQ6V0Nc=' 'sha256-/amMNPylJzZhxuDqWJaOB1tblrNn/VTGmyo1F6Jydsc=' 'sha256-nMZuForFzEBU+4yE21DCTnFwd73xR2dj4cDRSkbEfhA=' 'sha256-s3czzyz3eEMkekPOnj13dd1TYxC0uLYtFJPalu7jVtg=' 'sha256-FL2ompMo2e6GBcy6brKSOH0L/JUlb+gXWURUoorBwLI=' ssl.google-analytics.com connect.facebook.net www.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com www.youtube.com platform.twitter.com cdn.syndication.twimg.com www.google.com accdn.lpsnmedia.net googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsforms.net js.hsleadflows.net lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net munchkin.marketo.net script.hotjar.com snap.licdn.com static.hotjar.com www.googleadservices.com www.clarity.ms ajax.googleapis.com platform.linkedin.com; style-src-elem *.onetrust.com 'self' fonts.googleapis.com p.typekit.net use.typekit.net platform.twitter.com ton.twimg.com optimize.google.com www.googletagmanager.com 'unsafe-inline'; frame-src *.chromalox.com *svc.dynamics.com *.doubleclick.net *.qualtrics.com optimize.google.com vars.hotjar.com www.youtube.com lpcdn.lpsnmedia.net *.liveperson.net sseacademy.csod.com www.googletagmanager.com www.facebook.com www.google.com www.youtube.com m.youtube.com share.hsforms.com platform.twitter.com syndication.twitter.com player.vimeo.com calendly.com www.linkedin.com; media-src 'self' *.chromalox.com *.gestra.com *.spiraxsarco.com lpcdn.lpsnmedia.net www.facebook.com; form-action 'self'; style-src-attr 'unsafe-inline'; object-src 'none'; base-uri 'self'; style-src optimize.google.com fonts.googleapis.com 'unsafe-inline'; report-uri https://steam.report-uri.com/r/d/csp/enforce 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ https://code.jquery.com/ https://cookie-cdn.cookiepro.com/ https://matomo.rexx-systems.com https://polyfill.io https://cdn.jsdelivr.net https://maps.googleapis.com https://c.flx1.com https://go.flx1.com https://unpkg.com https://connect.facebook.net; connect-src 'self' https://go.flx1.com/ https://cookie-cdn.cookiepro.com/ https://www.google-analytics.com https://privacyportal.cookiepro.com; img-src 'self' data: https://www.google-analytics.com/ https://www.gstatic.com https://cdnjs.cloudflare.com/ https://matomo.rexx-systems.com https://maps.gstatic.com https://maps.googleapis.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://www.facebook.com https://ib.adnxs.com https://cm.g.doubleclick.net https://go.flx1.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com http://fast.fonts.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/; media-src 'self' https://cookie-cdn.cookiepro.com/; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-76UcaawCS3yfjz3b7ZksgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' https://search.yieldgiving.com https://cdn.usefathom.com; default-src 'self'; form-action 'self'; img-src 'self' https://cdn.usefathom.com data: https:; media-src 'self'; object-src 'self'; script-src 'self' 'sha256-OMh3Ykndq7805Lhx6z77ubKOQ4nrztlTFzDkljjSmvU=' 'sha256-4tC2rhASw1F93uExSWYFrXV57pUM4Z56o07VqGXuXB4=' 'sha256-PEZXPk6kGFBHiqR3QxjwQ/34ybKyazG8967/ZkjIgks=' 'sha256-42RKS4wuARLi310BKqe6P+aej6Rnc9Bjp9iYc6o8sAU=' 'sha256-/6wU5WORTQOOQ0pvGRjqJiyg6v0sVj4xmD+Zdri3S8s=' 'sha256-HE2AVZSba4+Z99iWdZVF6efM3Cpx0epqBq3GyipWa5Y=' 'sha256-QCGmXP9pPIvAzrB5VyrPjs6sZul1yKOe1ZyXKo++Lxs=' https://cdn.usefathom.com/script.js https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' 'unsafe-hashes'; frame-src 'self'; frame-ancestors 'self'; report-uri https://yieldg.report-uri.com/r/d/csp/reportOnly; 1
font-src *.oney.io *.staging.oney.io *.bootstrapcdn.com *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io accastillage-diffusion.com accastillage-diffusion.es accastillage-diffusion.it accastillage-diffusion.co.uk d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.oney.io *.staging.oney.io *.atinternet-solutions.com *.atinternet.io *.aticdn.net *.xiti.com *.ati-host.net *.atinternet.com *.piano.io *.axept.io *.target2sell.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.hipay.com *.googleapis.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io *.atinternet-solutions.com *.atinternet.io *.aticdn.net *.xiti.com *.ati-host.net *.atinternet.com *.piano.io *.axept.io *.target2sell.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.noonpayments.com www.noonpayments.com *.noonpayments.io https://c.go-mpulse.net www.noonpayments.com https://www.noonpayments.com smtpjs.com maxcdn.bootstrapcdn.com; img-src 'self' backend.chatbase.co https://cdnjs.cloudflare.com data:; style-src-elem *;media-src 'self'; frame-src 'self' *.noonpayments.com www.chatbase.co *.statuspage.io https://www.google.com; base-uri 'self'; script-src 'self' *.google-analytics.com www.chatbase.co smtpjs.com https://s.go-mpulse.net www.googletagmanager.com https://www.gstatic.com https://c.go-mpulse.net https://www.google.com/recaptcha/api.js www.googletagmanager.com *.googletagmanager.com *.noonpayments.com *.statuspage.io; style-src-attr *; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; style-src 'self' https://www.noonpayments.com *.noonpayments.com *.noonpayments.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; connect-src 'self' *.akstat.io *.google-analytics.com www.chatbase.co https://crm.zoho.com/crm/WebToLeadForm https://c.go-mpulse.net *.akamaihd.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com; worker-src 'self' blob:; report-uri https://noonpayments.report-uri.com/r/d/csp/reportOnly; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.packeta.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com quickchart.io img.youtube.com heureka.cz *.im9.cz im9.cz *.heureka.cz *.seznam.cz glamipixel.com glami.cz *.glami.cz google.cz *.google.cz google.com *.google.com *.shopen.cz emjcd.com *.emjcd.com shopalike.cz *.shopalike.cz *.shopalike.sk *.dotomi.com bagalio.cz *.bagalio.cz bagalio.sk bagalio.ro *.glami.sk *.glami.ro *.glami.at *.glami.hu *.glami.bg *.glami.hr *.glami.gr *.glami.si *.glami.it *.glami.pl *.glami.lv *.glami.ee *.glami.eco *.kdukvh.com zbozi.cz *.zbozi.cz *.bing.com bing.com *.facebook.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://unpkg.com *.avada.io *.packeta.com *.im9.cz im9.cz *.gopay.cz *.mczbf.com *.jsdelivr.net *.seznam.cz glamipixel.com *.cloudflareinsights.com chimpstatic.com *.gopay.com zbozi.cz *.zbozi.cz *.googlesyndication.com *.facebook.net shopalike.cz *.shopalike.cz *.shopalike.sk *.criteo.com *.bing.com bing.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleapis.com https://fonts.googleapis.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://get.geojs.io *.avada.io *.packeta.com *.googlesyndication.com *.jsdelivr.net *.google-analytics.com *.mczbf.com *.doubleclick.net bagalio.sk bagalio.ro bing.com *.bing.com *.pixriot.com *.storeimaging.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://demo.docusign.net https://demo-d.docusign.net https://apps.docusign.com https://apps-d.docusign.com https://account-d.docusign.com https://account.docusign.com https://docusign.net https://staging.clarifycapital.com https://clarifycapital.com https://www.clarifycapital.com https://data.clarifycapital.com; frame-src 'self' https://api.frac.tl https://public.flourish.studio https://www.facebook.com https://www.googletagmanager.com https://apps.docusign.com https://apps-d.docusign.com https://widget.trustpilot.com https://td.doubleclick.net *.frac.tl *.flourish.studio *.facebook.com *.googletagmanager.com *.docusign.com *.trustpilot.com *.doubleclick.net *.cloudflareinsights.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.bizconnectads.com *.docusign.net *.idocusign.net *.clarifycapital.com *.stape.biz; script-src 'self' https://js.docusign.com https://js-d.docusign.com https://docucdn-a.akamaihd.net https://www.googletagmanager.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://td.doubleclick.net ws://localhost:12387 https://www.googleadservices.com https://www.google.com https://www.google.com/ads https://plausible.clickolo.com https://cdn.plot.ly https://connect.facebook.net https://widget.trustpilot.com info.clarifycapital.com https://static.cloudflareinsights.com https://snap.licdn.com *.clarifycapital.com *.pardot.com *.frac.tl *.flourish.studio *.facebook.com *.googletagmanager.com *.docusign.com *.trustpilot.com *.doubleclick.net *.cloudflareinsights.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.bizconnectads.com *.docusign.net *.idocusign.net *.clarifycapital.com *.stape.biz https://cdn.jsdelivr.net/npm/posthog-js@1.207.9/+esm blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com data: https: 'unsafe-inline'; connect-src 'self' *.clarifycapital.com https://demo.docusign.net https://demo-d.docusign.net https://apps.docusign.com https://apps-d.docusign.com https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://plausible.clickolo.com https://api.frac.tl https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://capi.bizconnectads.com https://capig.stape.biz *.pardot.com *.frac.tl *.flourish.studio *.facebook.com *.googletagmanager.com *.docusign.com *.trustpilot.com *.doubleclick.net *.cloudflareinsights.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.bizconnectads.com *.docusign.net *.idocusign.net *.clarifycapital.com *.stape.biz blob:; style-src 'self' 'unsafe-inline' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com 'self' data: *.tidio.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com code.tidio.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net maps.googleapis.com maps.gstatic.com *.googleadservices.com *.google-analytics.com cdn.ckeditor.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com cdn.ckeditor.com/ *.avada.io https://gateway.moneris.com https://gatewayt.moneris.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com connect.facebook.net static.mailerlite.com *.tidio.co code.tidio.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com fonts.googleapis.com/ cdn.ckeditor.com/ https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.tidio.co code.tidio.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com ekr.zdassets.com/ *.google-analytics.com maps.googleapis.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.tidio.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com *.flixcar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://lapp.leanpay.hr https://app.leanpay.hr https://lapp.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://app.leanpay.ro *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io tbicp.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com *.flix360.com *.flixcar.com *.flix360.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com tbicp.com *.sameday.ro unpkg.com/map-fanbox-points@0.0.5/umd/map-fanbox-points.js https://maps.googleapis.com https://player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com *.gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com aqurate.ai *.flixcar.com *.flix360.io *.flixfacts.com popupsmart.com *.sharethis.com *.tiktok.com *.omniconvert.com *.2performant.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.sameday.ro assets.braintreegateway.com *.googleapis.com *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com *.popupsmart.com popupsmart.com *.flixcar.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.fancourier.ro https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.ro googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io *.google-analytics.com *.sharethis.com *.enzuzo.com *.flixcar.com *.tiktok.com *.omniconvert.com region1.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
script-src https://pay.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev 'unsafe-inline' https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ 'self' https://payments.salesforce.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://checkoutshopper-live.adyen.com/ import: https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval'; report-to sfdc-csp-ep; report-uri https://acrowebsite2023.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D8d00000AWYBx&networkId=0DMNz00000001iU&type=communities 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.facebook.com https://firebasestorage.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://api.goaffpro.com https://static.goaffpro.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net *.avada.io *.shopify.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://api.goaffpro.com https://static.goaffpro.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://get.geojs.io *.avada.io payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.google.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com *.affirm.com *.klaviyo.com *.inspectlet.com *.braintree-api.com *.bobcat.com *.okta.com *.facebook.com *.mouseflow.com *.dmctools.com *.mcstaging.dmctools.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com *.olark.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.inspectlet.com *.braintree-api.com *.kaptcha.com *.mouseflow.com *.iwdagency.com *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.certcapture.com *.magentocommerce.com *.ytimg.com data: *.google.com *.bootstrapcdn.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.google-analytics.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.google.com *.google.co.in *.google.nl *.inspectlet.com *.yotpo.com *.mouseflow.com *.reddit.com *.linkedin.com *.hsforms.net *.hsforms.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.google.com.ua *.google-analytics.com *.affirm.com *.doubleclick.net *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.instagram.com *.klaviyo.com *.inspectlet.com *.braintree-api.com *.mouseflow.com *.cloudflare.com *.igodigital.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.amazonaws.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com *.hsforms.net *.hsforms.com *.sdiapi.com *.licdn.com rum.hlx.page *.adobe.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.bootstrapcdn.com *.googleapis.com *.google.com.ua *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.klaviyo.com *.cloudflare.com *.googletagmanager.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com https://static.klaviyo.com assets.braintreegateway.com *.tagmanager.google.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.bobcat.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.certcapture.com *.cardinalcommerce.com *.google-analytics.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.google.co.in *.google.com.ua *.klaviyo.com inspectlet.com *.inspectlet.com *.yotpo.com *.mouseflow.com *.iwdagency.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com *.hsforms.net *.hsforms.com *.sdiapi.com *.linkedin.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.usercentrics.eu *.etrusted.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googleapis.com *.gstatic.com js.mollie.com *.hsforms.net *.hsforms.com *.google.com www.xtento.com cdn.xtento.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com *.etrusted.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://afaff3ee-014e-4f63-be75-19ad72ddda80.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-VXyowfoNkoVto4I58kBUNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.google.co.in static.klaviyo.com adaruniforms.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.disqus.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com static.hotjar.com script.hotjar.com static.klaviyo.com static-tracking.klaviyo.com js-agent.newrelic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static-forms.klaviyo.com fast.a.klaviyo.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io bam.nr-data.net www.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-gJ51TBm3noraqQ9tCB9_kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.tawk.to *.gstatic.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.doubleclick.net *.sunset.systems *.lightwidget.com *.performa.ai *.pinterest.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.io *.pagaleve.com.br *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.google.com *.google.com.br *.googletagmanager.com *.amazonaws.com *.pinterest.com *.conectiva.io conectiva.io *.performa.ai *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.com.br cdn.mundipagg.com api.pagar.me *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.google.com.br *.googletagmanager.com *.twimg.com *.gstatic.com *.doubleclick.net *.fontawesome.com *.tawk.to *.jsdelivr.net *.conectiva.io conectiva.io *.openpix.com.br *.cartstack.com *.cartstack.com.br *.pinimg.com *.lightwidget.com *.amazonaws.com *.reclameaqui.com.br *.popconvert.com.br *.performa.ai *.facebook.net *.smartlook.com *.usebeon.io s7.addthis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagaleve.com.br 3ds2.pagar.me 3ds2-sdx.pagar.me js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.tawk.to *.amazonaws.com *.reclameaqui.com.br *.googleapis.com *.usebeon.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.e-flips.com.br galeradonarguile.com.br *.galeradonarguile.com.br *.doubleclick.net *.tawk.to *.conectiva.io conectiva.io *.reclameaqui.com.br *.pinterest.com *.popconvert.com.br *.performa.ai *.appspot.com *.usebeon.io *.smartlook.com *.cartstack.com.br ekr.zdassets.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: blob:; object-src 'none'; base-uri 'self'; manifest-src 'self' https:; media-src 'self' data:; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://lets-doit.at/ajaxgateway/csp/; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://cdn.caps.nl https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ https://tweakers.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com maps.googleapis.com maps.gstatic.com https://www.magezon.com https://firebasestorage.googleapis.com *.koongo.com https://cdn.caps.nl https://www.google.com https://www.google.es https://www.google.nl https://www.google-analytics.com *.tweakwisenavigator.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com maps.googleapis.com *.avada.io *.shopify.com https://www.google.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js *.tweakwisenavigator.net https://cdn.caps.nl https://chimpstatic.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css https://cdn-images.mailchimp.com https://cdn.caps.nl https://fonts.googleapis.com *.tweakwisenavigator.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com maps.googleapis.com https://get.geojs.io *.avada.io *.koongo.com *.tweakwise.com *.tweakwisenavigator.net https://cdn.caps.nl https://cognito-identity.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.postcode-checkout.nl https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://www.googleadservices.com https://analytics.google.com https://vimeo.com https://*.avada.io https://*.koongo.com https://*.facebook.net *.pay.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://localhost/paynl/csp/report; report-to report-endpoint; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: 'unsafe-inline' 'unsafe-eval' data: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://emaptest.7-11.com.tw https://emap.pcsc.com.tw 'self' 'unsafe-inline'; frame-ancestors *.tappaysdk.com google.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.tappaysdk.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://mas.astralweb.com.tw www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.tappaysdk.com *.plugins.emarsys.net *.scarabresearch.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tappaysdk.com google.com *.google.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.tappaysdk.com google.com *.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://emaptest.7-11.com.tw https://emap.pcsc.com.tw *.tappaysdk.com *.scarabresearch.com *.eservice.emarsys.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.bootstrapcdn.com acsbapp.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca *.stripe.com acsbapp.com *.accessibe.com *.cdn-btsg.com checkout.iglobalstores.com td.doubleclick.net *.googletagmanager.com *.clover.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.affirm.com *.affirm.ca checkout.sandbox.dev.clover.com checkout.clover.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.godaddy.com *.authorize.net *.magentocommerce.com *.google.com *.google.ru *.google.nl *.google.be *.google.kg *.google.de *.google.co.th *.bing.com *.acsbapp.com *.clarity.ms *.cdn-btsg.com *.google.com.eg *.zonos.com *.clover.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.affirm.com *.affirm.ca checkout.sandbox.dev.clover.com checkout.clover.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.googletagmanager.com *.authorize.net *.godaddy.com *.melenlab.com *.stripe.com *.bing.com acsbapp.com *.signifyd.com:* *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com *.ytimg.com js.braintreegateway.comm *.klaviyo.com *.clarity.ms *.cloudflareinsights.com *.smartsites.com *.cdn-btsg.com *.zonos.com *.online-metrix.net analytics.ahrefs.com *.clover.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net https://hello.zonos.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net *.googleapis.com *.bootstrapcdn.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googleadservices.com *.google.analytics.com *.doubleclick.net *.melenlab.com *.google.ru *.google.com.eg *.google.nl *.google.be *.google.kg *.google.co.th *.klaviyo.com *.acsbapp.com *.signifyd.com:* *.signifyd.com *.clarity.ms *.smartsites.com *.cdn-btsg.com *.zonos.com analytics.ahrefs.com acsbapp.com *.bing.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://multisearch.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://multisearch.io *.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://api.multisearch.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src live-agrinet-m2.vaimo.net *.zdassets.com 'self' 'unsafe-inline'; font-src live-agrinet-m2.vaimo.net https://static.klaviyo.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src live-agrinet-m2.vaimo.net fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; connect-src static-forms.klaviyo.com live-agrinet-m2.vaimo.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; form-action live-agrinet-m2.vaimo.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src live-agrinet-m2.vaimo.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src live-agrinet-m2.vaimo.net widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src www.youtube.com live-agrinet-m2.vaimo.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com https://www.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.elavon.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.clearpay.co.uk secure.livechatinc.com *.addthis.com *.elavon.com js.mollie.com *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.afterpay.com *.clearpay.co.uk cdn.doofinder.com www.google.co.uk bat.bing.com c.clarity.ms c.bing.com bat.bing.net https://meetanshi.com/media/logo.png https://www.mollie.com *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net cdn.doofinder.com cdn.livechatinc.com api.livechatinc.com static.getclicky.com in.getclicky.com cdn.cookie-script.com www.facebook.com widget.trustpilot.com bat.bing.com www.clarity.ms scripts.clarity.ms widgets.tree-nation.com portal.clearpay.co.uk *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.elavon.com js.mollie.com *.trustpilot.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com *.doofinder.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.doofinder.com wss://*.doofinder.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.facebook.com consent.cookie-script.com stats.g.doubleclick.net api.livechatinc.com cdn.livechatinc.com q.clarity.ms o.clarity.ms v.clarity.ms in.getclicky.com bat.bing.net bat.bing.com www.google.co.uk www.google.com portal.clearpay.co.uk cdn.jsdelivr.net *.addthis.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/AHRAONLINE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHRAONLINE/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AHRAONLINE/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHRAONLINE/ https://higherlogicdownload.s3.amazonaws.com/AHRAONLINE/ https://higherlogiclongterm.s3.amazonaws.com/AHRAONLINE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AHRAONLINE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHRAONLINE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AHRAONLINE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://pym.nprapps.org/pym.v1.min.js 'self'; media-src https://higherlogiclongterm.s3.amazonaws.com/AHRAONLINE/ https://higherlogicdownload.s3.amazonaws.com/AHRAONLINE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHRAONLINE/ https://higherlogicstream.s3.amazonaws.com/AHRAONLINE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AHRAONLINE/ https://higherlogicdownload.s3.amazonaws.com/AHRAONLINE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHRAONLINE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self' https://pym.nprapps.org/pym.v1.min.js 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://ahra2024.eventscribe.net/ 'self'; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self' https://ahra2024.eventscribe.net/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn-cookieyes.com https://cdn.weglot.com https://script.hotjar.com https://static.hotjar.com https://a3.mylivechat.com https://mylivechat.com https://ws.zoominfo.com https://tags.clickagy.com https://cm.g.doubleclick.net https://td.doubleclick.net https://d-code.liadm.com https://rp.liadm.com https://idx.liadm.com https://i.liadm.com https://hemsync.clickagy.com https://dpm.demdex.net https://idsync.rlcdn.com https://js.zi-scripts.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://www.google.com https://www.gstatic.com https://code.tidio.co https://api.livechatinc.com https://cdn.livechatinc.com https://wordpress.livechat.com https://analytics.ahrefs.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://code.tidio.co https://openit.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://browser.pipe.aria.microsoft.com https://www.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://vc.hotjar.io https://metrics.hotjar.io https://www.facebook.com https://js.zi-scripts.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://idx.liadm.com https://rp.liadm.com https://log.cookieyes.com https://cdn-cookieyes.com https://analytics.ahrefs.com wss://socket.tidio.co; img-src 'self' data: blob: https://openit.com https://www.openit.com https://www.google-analytics.com https://px.ads.linkedin.com https://i.liadm.com https://www.google.com https://www.google.com.ph https://cdn.weglot.com https://www.facebook.com https://bat.bing.com https://cdnjs.cloudflare.com https://staging.analyzer4a.com https://www.googletagmanager.com https://cdn-cookieyes.com https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://pixel-sync.sitescout.com https://aa.agkn.com; frame-src 'self' https://talentit.openit.com https://www.youtube.com https://www.facebook.com https://td.doubleclick.net https://www.googletagmanager.com https://i.liadm.com https://www.google.com; media-src 'self' https://code.tidio.co; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://va.vercel-scripts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://bat.bing.com https://scripts.clarity.ms https://www.clarity.ms https://snap.licdn.com https://px.ads.linkedin.com https://cdn-cookieyes.com https://js.zi-scripts.com https://j.6sc.co https://b.6sc.co https://plausible.io https://js.hsforms.net https://tags.clickagy.com https://www.gstatic.com https://www.ziprecruiter.com https://sc.lfeeder.com; connect-src 'self' https://5ujtwa6a.api.sanity.io https://api.github.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://bat.bing.com https://bat.bing.net https://a.clarity.ms https://v.clarity.ms https://e.clarity.ms https://l.clarity.ms https://o.clarity.ms https://q.clarity.ms https://y.clarity.ms https://js.zi-scripts.com https://ws.zoominfo.com https://px.ads.linkedin.com https://epsilon.6sense.com https://c.6sc.co https://ipv6.6sc.co https://plausible.io https://forms.hsforms.com https://5ujtwa6a.apicdn.sanity.io https://secure.adnxs.com https://cdn-cookieyes.com https://log.cookieyes.com https://directory.cookieyes.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://hemsync.clickagy.com https://aorta.clickagy.com https://www.ziprecruiter.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.ziprecruiter.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://bat.bing.com https://scripts.clarity.ms https://www.clarity.ms https://snap.licdn.com https://cdn-cookieyes.com https://js.zi-scripts.com https://j.6sc.co https://plausible.io https://sc.lfeeder.com; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https: blob:; media-src 'self' https:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://www.google.com;report-uri /api/csp-report 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://cdn.riverty.design/ 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.klaviyo.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com uc8.tv * *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com uc8.tv https://documents.riverty.com/ www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.multisafepay.com https://pay.google.com www.google.nl www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com flagpedia.net *.multisafepay.com *.cloudflare.com www.google.nl cdn.myafterpay.com *.bing.com *.bing.net *.clarity.ms https://api.fashion.cloud data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com www.gstatic.com maps.googleapis.com *.multisafepay.com https://pay.google.com *.cloudflare.com *.twitter.com *.fontawesome.com chimpstatic.com www.google.com bat.bing.com *.clarity.ms *.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.multisafepay.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.multisafepay.com *.cloudflare.com *.clarity.ms *.bing.net bat.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-aXRDKwRv06Ibu_zudP1RyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-W45Ma1CMrFR6X1u/etvJXlC9AlpLSa/7' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';  1
default-src 'self';script-src 'report-sample' 'self' https://sdk.privacy-center.org https://www.googletagmanager.com 'sha256-STLlfaE2pnEdIY/1IeVqhqcYI5B31lhxm36X1asMDKg=' 'sha256-XVWrmkvtmy2OmKr+8M0aMGjpyqEVx+UerYfv2/KSrqE=' 'sha256-/+4ooxjqfN11YDbTVKqcGVRRnTs4BkVZOe1AKyBpRS0=' 'sha256-OD3mFsC9xwFZjjxi3/mWANOX1Elnk0fMb18QEANFhjI=';style-src 'report-sample' 'self' 'unsafe-inline';object-src 'none';base-uri 'self';connect-src 'self' https://analytics.google.com https://d274lseyn0elhp.cloudfront.net https://stats.g.doubleclick.net https://www.google-analytics.com;font-src 'self';frame-src 'self' https://forms.lucasmuseum.org;img-src 'self' data: https:;manifest-src 'self';media-src 'self';worker-src 'none';report-uri https://app.glitchtip.com/api/19415/security/?glitchtip_key=ba5be081b4004a87bfa8f9846b4e9d1d; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.ftcdn.net *.behance.net cdn.doofinder.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com cdn-cookieyes.com www.facebook.com www.google.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.google.com/ s7.addthis.com cdn-cookieyes.com connect.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.klarnacdn.net assets.braintreegateway.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.cookieyes.com cdn-cookieyes.com g.doubleclick.net server-side-tagging-47bwte2uaa-uc.a.run.app *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content ; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-aDRpMjluMzRmbW55bXZzeWxxaXkzZDJ4NHZqOGk4cmI='; object-src 'none'; base-uri 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io imgsct.cookiebot.com *.trackedlink.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com *.multisafepay.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net consent.cookiebot.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.cloudflare.com *.twitter.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.tawk.to 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.twitter.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.quotes.stockinthechannel.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.tawk.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com media.stockinthechannel.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.cloudflare.com *.twitter.com *.google-analytics.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.tawk.to *.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.tawk.to assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com objects.icecat.biz 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.cloudflare.com *.twitter.com *.tawk.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com use.fontawesome.com/releases/v5.6.0/webfonts 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.imseuro.co.uk www.imseuro.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu www.xtento.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com imgsct.cookiebot.com imgsct.cookiebot.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu g10696554090.co chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com cc-cdn.com use.fontawesome.com/releases/v5.6.0/css *.googleapis.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.ddlnk.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com t.zip.co static.zip.co data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ewaypayments.com https://*.sandbox.ewaypayments.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zip.co zip.co https://v2.zopim.com/ https://t.cfjump.com/tag/ https://t.cfjump.com/* https://*.adobedtm.com https://geostag.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://geoapi.cardinalcommerce.com https://1eafapi.cardinalcommerce.com https://email.camerapro.com.au/ https://email.camerapro.com.au/* https://static.zdassets.com/ekr/ https://static.zdassets.com/ https://acds-events.adobe.io/v7/ds.min.js https://bat.bing.com/ https://connect.facebook.net/en_US/ https://js-agent.newrelic.com https://*.adobedc.net https://www.camerapro.com.au 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://static.zdassets.com *.zdassets.com/ https://www.google.co.in/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4JZVEZJP13&cid=1671745678.1771466585&gtm=45je62h1v9178194697z877949406za20gzb77949406zd77949406&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=103116026~103200004~104527907~104528500~104573694~104684208~104684211~115938466~115938468~117455676~117455678&z=763624293 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://a.clarity.ms/collect https://*.clarity.ms/collect wss://widget-mediator.zopim.com/ https://bam.nr-data.net https://*.adobedc.net https://commerce.adobedc.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.megaparts.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com https://www.megaparts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://fonts.bunny.net fonts.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.punchout2go.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.certcapture.com *.google.com *.addthis.com *.pinterest.com https://plumrocket.com *.doubleclick.net *.googletagmanager.com *.bing.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.punchout2go.com *.reviews.io *.reviews.co.uk www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bing.com *.bing.net *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.keepsupply.com s3-eu-west-1.amazonaws.com cdn.files-text.com *.facebook.com *.linkedin.com *.reviews.io images.squarespace-cdn.com www.google.ca www.google.com.mx www.google.com.ec www.google.com.pe www.google.com.pa www.google.co.kr www.google.com.do www.google.com.ph www.google.com.au www.google.com.gt www.google.co.nz www.google.com.br www.google.com.sa www.google.co.uk www.google.hn www.google.as www.google.com.my www.google.com.jm www.google.com.vn www.google.de www.google.it www.google.com.bn www.google.cl https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.klaviyo.com *.clarity.ms *.cloudfront.net *.reviews.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com www.facebook.com *.pinterest.com https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bing.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.cloudflareinsights.com *.recapture.io *.livechatinc.com *.clickcease.com *.facebook.net *.hotjar.com *.licdn.com *.reviews.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com *.punchout2go.com https://cdn.recapture.io *.reviews.co.uk www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.certcapture.com *.googleapis.com https://static.klaviyo.com *.googletagmanager.com cdnjs.cloudflare.com *.reviews.io https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com fonts.googleapis.com *.punchout2go.com *.cloudfront.net *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.certcapture.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net *.google.com *.gstatic.com *.bing.com *.bing.net *.googleadservices.com *.cloudflareinsights.com cloudflareinsights.com *.livechatinc.com *.clickcease.com *.hotjar.com *.hotjar.io *.linkedin.com www.google.ca www.google.com.mx www.google.com.ec www.google.com.pe www.google.com.pa www.google.co.kr www.google.com.do www.google.com.ph www.google.com.au www.google.com.gt www.google.co.nz www.google.com.br www.google.com.sa www.google.co.uk www.google.hn www.google.as www.google.com.my www.google.com.jm www.google.com.vn www.google.de www.google.it www.google.com.bn www.google.cl https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.klaviyo.com *.clarity.ms *.run.app https://app.recapture.io *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://61d8d208-8c43-4c47-853a-6d43e75e1c85.sansec.watch/; report-to report-endpoint; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com fonts.googleapis.com https://cdnjs.cloudflare.com *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.google.com www.gstatic.com s7.addthis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.gstatic.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.pinterest.com *.pinterdev.com commerce-app.pintergration.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net *.openstreetmap.org maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.tiktok.com *.ttcdn-row.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com jquery.sellxed.com dpm.demdex.net s7.addthis.com m.addthis.com z.moatads.com widget.freshworks.com m2epro.freshdesk.com *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com *.pinterdev.com *.pinimg.com commerce-app.pintergration.com *.tiktok.com *.ttcdn-row.com *.bytedance.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.tiktok.com *.ttcdn-row.com 'self' 'unsafe-inline'; object-src *.tiktok.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.google-analytics.com stats.g.doubleclick.net s7.addthis.com m.addthis.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.pinterest.com *.pinterdev.com commerce-app.pintergration.com analytics.tiktok.com business-api.tiktok.com *.ttcdn-row.com *.bytedance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-E_KyOA59ofmz34o-f4cE7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-src 'self' https:; media-src 'self' https: blob: data:; object-src 'none'; worker-src 'self' blob:; report-uri /csp2.php; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://accounts.google.com https://www.facebook.com https://login.live.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.disqus.com https://firebasestorage.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.disqus.com *.avada.io *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagseguro.com.br *.pagseguro.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.pagseguro.com.br *.pagseguro.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com designer.printlane.com *.sendcloud.sc *.jsdelivr.net js.mollie.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com *.amazonaws.com magefan.com cm.magefan.com *.disqus.com *.taggrs.io https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com *.multisafepay.com *.koongo.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com https://static.dhlecommerce.nl designer.printlane.com *.sendcloud.sc *.jsdelivr.net *.disqus.com *.taggrs.io https://cdn.jsdelivr.net *.avada.io *.gstatic.com maps.googleapis.com js.mollie.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js https://cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.sendcloud.sc *.jsdelivr.net https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.multisafepay.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css https://cdnjs.cloudflare.com tagmanager.google.com fonts.google.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.multisafepay.com *.koongo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl *.facebook.com *.facebook.net 'self' business.facebook.com 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com apm.przelewy24.pl *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de business.facebook.com www.commercepartnerhub.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://files.zakeke.com magefan.com cm.magefan.com *.neopay.lt static.przelewy24.pl www.gstatic.com gstatic.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com business.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl s7.addthis.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com business.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com ekr.zdassets.com/ *.facebook.com *.facebook.net *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io business.facebook.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.feedbackcompany.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.fonts.googleapis.com data: *.cloudflare.com https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.doubleclick.net *.googlesyndication.com https://www.paypal.com https://www.sandbox.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://*.dpdconnect.nl *.addthis.com *.pinterest.com *.cookiebot.com *.googletagmanager.com *.webwinkelkeur.nl https://dashboard.webwinkelkeur.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://portal.payconiq.com https://static.buckaroo.nl https://www.buckaroo.nl https://www.paypalobjects.com imgsct.cookiebot.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.feedbackcompany.com https://firebasestorage.googleapis.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com *.google.co.in *.cookiebot.com *.bing.com mcusercontent.com *.google.nl *.bing.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://www.sandbox.paypal.com https://applepay.cdn-apple.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io consent.cookiebot.com https://*.dpdconnect.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.feedbackcompany.com *.avada.io *.shopify.com player.vimeo.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.cookiebot.com *.varify.io *.bing.com unpkg.com *.bing.net https://www.googletagmanager.com https://www.google-analytics.com *.cookie-script.com *.pinimg.com analytics.ahrefs.com https://dashboard.webwinkelkeur.nl/sidebar.js https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.doubleclick.net *.googlesyndication.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.sandbox.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.feedbackcompany.com https://get.geojs.io *.avada.io *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.cookiebot.com *.bing.com *.varify.io *.bing.net *.pinterest.com *.cookie-script.com *.pinimg.com analytics.ahrefs.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.sagepay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es maps.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.avada.io maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.sagepay.com https://get.geojs.io *.avada.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: fonts.gstatic.com *.kxcdn.com https://fonts.gstatic.com/ *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://maps.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.cdninstagram.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com/ s7.addthis.com *.googletagmanager.com *.facebook.net www.termsfeed.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ekr.zdassets.com/ *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.cookiebot.com consentcdn.cookiebot.com *.hubspot.com *.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com code.jquery.com *.hsappstatic.net *.hubspotusercontent-eu1.net *.licdn.com *.sumo.com *.facebook.net *.trustpilot.com *.doubleclick.net *.sumome.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com; style-src 'self' 'unsafe-inline' *.cookiebot.com *.hubspot.com fonts.googleapis.com cdnjs.cloudflare.com code.jquery.com *.hsappstatic.net *.hubspotusercontent-eu1.net cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; img-src 'self' data: *.google-analytics.com *.google.com *.google.nl *.gstatic.com *.cookiebot.com *.hubspot.com *.hs-analytics.net *.facebook.com *.ads.linkedin.com *.googletagmanager.com ade.googlesyndication.com perf-eu1.hsforms.com static.hsappstatic.net unpkg.com *.unpkg.com *.hsforms.com *.hubspotusercontent-eu1.net no-cache.hubspot.com js.hscta.net js-eu1.hscta.net *.hubspot.net cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hubspot.com *.hsappstatic.net *.hubspotusercontent-eu1.net; connect-src 'self' *.google-analytics.com lottie.host *.lottie.host *.cookiebot.com *.hubspot.com api.hubapi.com *.hsforms.net *.hsforms.com forms-eu1.hscollectedforms.net pagead2.googlesyndication.com wss://*.hubspot.com js.hscta.net js-eu1.hscta.net *.hs-banner.com *.hscollectedforms.net; frame-src 'self' *.cookiebot.com *.hubspot.com *.hsforms.net *.hsforms.com *.google.com https://www.google.com www.googletagmanager.com *.doubleclick.net *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.hsforms.net *.hsforms.com; object-src 'none'; 1
font-src *.newrelic.com *.youtube.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net *.bing.com *.google.com.ua *.google.com.se *.google.com.de *.google.com.nl *.google.com.fr *.google.com.no *.google.com.uk *.google.com *.googleadservices.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.newrelic.com *.youtube.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net https://*.svea.com https://*.vipps.no https://*.trustly.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.newrelic.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.svea.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.newrelic.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net *.bing.com *.google.com.ua *.google.com.se *.google.com.de *.google.com.nl *.google.com.fr *.google.com.no *.google.com.uk *.google.com *.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com *.disqus.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net *.bing.com *.google.com.ua *.google.com.se *.google.com.de *.google.com.nl *.google.com.fr *.google.com.no *.google.com.uk *.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.disqus.com https://*.svea.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.newrelic.com *.youtube.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net *.bing.com *.google.com.ua *.google.com.se *.google.com.de *.google.com.nl *.google.com.fr *.google.com.no *.google.com.uk *.google.com *.googleadservices.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.youtube.com *.googletagmanager.com policy.app.cookieinformation.com *.app.cookieinformation.com *.cookieinformation.com *.typekit.net *.bing.com *.google.com.ua *.google.com.se *.google.com.de *.google.com.nl *.google.com.fr *.google.com.no *.google.com.uk *.google.com *.googleadservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com www.militarytour.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com www.militarytour.com 'self' 'unsafe-inline'; frame-ancestors www.militarytour.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.militarytour.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.paypalobjects.com *.ctctcdn.com www.militarytour.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.ctctcdn.com cdnjs.cloudflare.com www.militarytour.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com *.ctctcdn.com www.militarytour.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.militarytour.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.ctctcdn.com www.militarytour.com 'self' 'unsafe-inline'; child-src www.militarytour.com http: https: blob: 'self' 'unsafe-inline'; default-src www.militarytour.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https://api.oneworldvirtual.org https://acars.oneworldvirtual.org https://tiles.vasystem.org https://flight-analyses.vasystem.org; font-src 'self'; img-src 'self' https://www.gravatar.com https://images.vasystem.org blob: data:; manifest-src 'self'; script-src 'self'; style-src 'self' https://storage.oneworldvirtual.org 'nonce-/sO+FgHcbMaMeoDe9a7yZJ5jfgc'; style-src-attr 'unsafe-inline'; report-uri https://oneworldvirtual.org/csp/report 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://maxcdn.bootstrapcdn.com https://dskz7wuac5max.cloudfront.net https://cdn.miromi.com.br *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.google.com data: 'self' 'unsafe-inline'; form-action www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.adobedtm.com *.cloudflare.com *.googleadservices.com *.google-analytics.com https://dskz7wuac5max.cloudfront.net https://cdn.miromi.com.br https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com flagpedia.net cdn.mundipagg.com api.pagar.me data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://dskz7wuac5max.cloudfront.net http://cdnjs.cloudflare.com 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com *.avada.io amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.commerce-payment-services.com *.cloudflare.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com https://www.gstatic.com/recaptcha https://www.google.com/recaptcha google.com *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js includestest.ccdc02.com *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.paypalobjects.com *.paypalobjects.com t.paypal.com c.paypal.com *.paypal.com www.sandbox.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.typekit.net use.typekit.net https://cdn.miromi.com.br *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maps.googleapis.com 3ds2.pagar.me 3ds2-sdx.pagar.me 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.gstatic.com https://dskz7wuac5max.cloudfront.net https://cdn.miromi.com.br https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://viacep.com.br https://dskz7wuac5max.cloudfront.net https://cdn.miromi.com.br https://cep.widenet.host https://proxier.now.sh https://apps.correios.com.br https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.gstatic.com maps.googleapis.com api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br *.google.com google.com pay.sandbox.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'nonce-QVJDVUxVUw==' 'strict-dynamic' 'self' https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.levelaccess.net https://*.bigcommerce.com https://connect.facebook.net https://*.hotjar.com https://*.klaviyo.com https://*.yotpo.com https://*.typekit.net https://*.licdn.com https://snap.licdn.com https://player.vimeo.com https://analytics.tiktok.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://app.fintelconnect.com https://ml314.com https://utt.impactcdn.com https://s.yimg.com https://www.getarculus.com; style-src 'self' https://*.bigcommerce.com https://fonts.googleapis.com https://*.typekit.net; img-src 'self' https://*.bigcommerce.com https://*.google.com https://*.google.com.ar https://*.googleads.g.doubleclick.net https://*.doubleclick.net https://*.adnxs.com https://px.ads.linkedin.com https://*.bidr.io https://t.co https://trkn.us https://analytics.twitter.com https://www.getarculus.com; font-src 'self' https://*.bigcommerce.com https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://*.bigcommerce.com https://*.klaviyo.com https://*.yotpo.com https://*.google.com https://analytics.google.com https://*.doubleclick.net https://stats.g.doubleclick.net https://px.ads.linkedin.com https://route.elements.zonos.com https://measure.getarculus.com https://www.getarculus.com; frame-src 'self' https://*.doubleclick.net https://*.amazon-adsystem.com https://measure.getarculus.com https://www.googletagmanager.com https://www.getarculus.com; form-action 'self'; media-src 'self' https://*.cloudflarestream.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://report.centralcsp.com/691cd4c0dce21fa55fa5bb9a; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net https://static.klaviyo.com *.watson.appdomain.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com *.googletagmanager.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.bing.com *.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookielaw.org *.bing.com *.facebook.net *.pinimg.com *.hotjar.com *.pinterest.com cdn.jsdelivr.net *.watson.appdomain.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net https://static.klaviyo.com https://static-tracking.klaviyo.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookielaw.org *.pinterest.com *.googlesyndication.com *.bing.com *.google-analytics.com *.hotjar.com *.hotjar.io *.watson.appdomain.cloud 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.force.com https://player.vimeo.com https://vars.hotjar.com 'self' https://stats.g.doubleclick.net https://script.hotjar.com *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es youtu.be *.adis.ws *.youtube.ie https://www.youtube.com *.cloudinary.com https://software.soundoffsignal.com https://pay.google.com *.vimeo.com https://vc.hotjar.io *.youtube.jp https://forms.soundoffsignal.com bcove.video https://csmetrics.hotjar.com *.youtube.fr https://*.salesforce.com https://*.a.forceusercontent.com https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws https://*.hotjar.com *.forceusercontent.com *.brightcove.net *.youtube.com gallery.soundoffsignal.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com https://content.hotjar.io *.arkoselabs.com https://soundoffsignal.file.force.com *.youtube-nocookie.com https://www.paypal.com https://metadoc.soundoffsignal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com *.youtube.com.br https://eos.soundoffsignal.com *.salesforce-experience.com *.salesforceliveagent.com https://metrics.hotjar.io https://scormanywhere.secure.force.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net https://maps.a.forceusercontent.com https://*.force.com *.youtube.ca https://location.force.com *.vidyard.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://cdn.embedly.com https://usa578.sfdc-lywfpd.salesforce.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://in.hotjar.com https://*.a.forceusercontent.com/lightningmaps/ wss://ws.hotjar.com https://www.googletagmanager.com *.wistia.net https://www.google-analytics.com *.salesforce.com https://soundoffsignal.my.salesforce.com *.youtube.pl; report-to sfdc-csp-ep; report-uri https://soundoffsignal.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D5f0000092yzC&networkId=0DM5f000000Absb&type=communities 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-W2H3SZxkYxZDdHZ5SzJ8Hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vars.hotjar.com/ https://www.form.jotform.com; frame-ancestors 'self' https://cms.kiwaregister.nl; style-src 'self' https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' https://www.kiwa.com https://www.google-analytics.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com; form-action 'self'; base-uri 'self'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.google.co.in https://firebasestorage.googleapis.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.cloudflare.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-3OytrJQgPfk_VvIeM73Giw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://www.s-rminform.com https://static.hsappstatic.net https://*.hsadspixel.net https://js.hscta.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com http://*.hubspotfeedback.com https://feedback.hubapi.com 'strict-dynamic' 'nonce-iElC+4Z1+ATXyyyu5SsGxQ=='; img-src 'self' data: https://*.hsforms.com https://*.hubspot.com https://www.s-rminform.com https://static.hsappstatic.net https://js.hscta.net https://no-cache.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://5869920.fs1.hubspotusercontent-na1.net https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net; connect-src https://*.hubspot.com https://*.hubapi.com https://www.s-rminform.com https://forms.hscollectedforms.net https://js.hscta.net https://*.hs-banner.com https://*.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://www.google.com https://google.com https://*.analytics.google.com; frame-src https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://td.doubleclick.net https://platform.twitter.com https://share.zencast.fm; child-src https://*.hsforms.com; object-src 'none' 1
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub774fbd4bd44873e5007931530f7abcf6&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aui-switch%2Cenv%3Aprod;report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub774fbd4bd44873e5007931530f7abcf6&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aui-switch%2Cenv%3Aprod;default-src 'self';connect-src 'self' *.ovoenergyau-uat.com *.ovoenergy.com.au *.facebook.com *.logs.datadoghq.com *.zendesk.com *.zdassets.com *.sleeknote.com *.hotjar.com *.hotjar.io *.browser-intake-datadoghq.com *.split.io ovoenergyau-uat.zendesk.com/ *.zopim.com fonts.googleapis.com www.google-analytics.com translate.googleapis.com *.google.com.au *.google.com *.google.co.in *.doubleclick.net;img-src 'self' data: blob: *.facebook.com *.sleeknote.com *.zopim.io static.zdassets.com script.hotjar.com img.nicereply.com *.google-analytics.com *.google.com *.google.com.au googleads.g.doubleclick.net www.googletagmanager.com www.google.co.in *.doubleclick.net;script-src 'self' *.facebook.net *.sleeknote.com *.zdassets.com *.hotjar.com *.ovoenergyau.zendesk.com *.zopim.com *.elfsight.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com;script-src-elem 'self' 'unsafe-inline' *.facebook.net *.zdassets.com *.sleeknote.com *.hotjar.com *.elfsight.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com;media-src 'self' *.zdassets.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com *.googleapis.com;object-src 'none';frame-src www.facebook.com *.doubleclick.net www.googletagmanager.com vars.hotjar.com www.zenaps.com; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com compucram.us11.list-manage.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.addthis.com *.talkable.com *.compucram.com *.doubleclick.net nytrng.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.compucram.com *.purechat.com *.visualwebsiteoptimizer.com *.quantserve.com bat.bing.com www.facebook.com secure.gravatar.com i0.wp.com *.shop.pe cdn.cookielaw.org *.hsforms.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.omappapi.com *.purechat.com *.purechatcdn.com *.crazyegg.com *.cloudfront.net *.hotjar.com s3.amazonaws.com *.visualwebsiteoptimizer.com *.quantserve.com *.quantcount.com bat.bing.com connect.facebook.net shop.pe *.shop.pe *.bam.nr-data.net cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com js-agent.newrelic.com matomo.colibrilearning.xyz cdn.optimizely.com js.hsforms.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.omappapi.com cdn.cookielaw.org unsafe-inline assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.omappapi.com *.purechat.com *.crazyegg.com *.doubleclick.net www.facebook.com *.shop.pe cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com bam.nr-data.net logx.optimizely.com forms.hsforms.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com https://*.gstatic.com https://*.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * vars.hotjar.com www.gstatic.com staging.busdepot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://*.cloudfront.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.hotjar.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com https://*.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://*.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.twimg.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com in.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' our.umbraco.com marketplace.umbraco.com; script-src 'self' 'nonce-lJ4ukrUwB+mhaqmikEAU6Q==' 'unsafe-hashes' 'unsafe-eval'  https://consent.cookiebot.com https://consentcdn.cookiebot.com  https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://recruit.hr-on.com/ https://snap.licdn.com https://connect.facebook.net https://unpkg.com 'sha256-F2BMq7urW+gFIAagVMJDT4bJ912vzMeBvWPoU0cQlAo='  'sha256-n6quQAEuKS6M3ZyRvsCErs2OJyg9OJwbF/6g9npMGic='  'sha256-3bzWVxQE32IZQKH9eh8KzyHuhXOlMrboDVVBRd0fWTU='  'sha256-qb+Jz0utxhXsm49dmO1INBkI7WNTSIJJLoaJs1a3URk='; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data: our.umbraco.com dashboard.umbraco.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.dk https://img.youtube.com/ https://recruit.hr-on.com/; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://assetmangemantapi.cbre-ts.dk/api/ https://consentcdn.cookiebot.com https://px.ads.linkedin.com https://www.facebook.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://www.recaptcha.net https://www.googletagmanager.com https://recruit.hr-on.com/; object-src 'none'; base-uri 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uDEnUibSToRsIEDj23kSKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bugherd.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn account.fetchify.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sweetanalytics.com *.brooktaverner.us *.ometria.com *.visualwebsiteoptimizer.com *.bing.com *.clarity.ms *.google.co.uk *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.glopal.com *.sweetanalytics.com *.ometria.com *.ads-twitter.com *.twitter.com *.googletagmanager.com *.visualwebsiteoptimizer.com *.zdassets.com *.bing.com *.clarity.ms *.adroll.com *.bugherd.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://maps.googleapis.com *.mention-me.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.glopal.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.ometria.com *.sweetanalytics.com *.zopim.com *.clarity.ms *.google-analytics.com brooktaverner.zendesk.com *.zdassets.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.mention-me.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.stape.io maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paymentexpress.com *.windcave.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.paymentexpress.com *.windcave.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://www.magezon.com https://edge.marker.io *.marker.io *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com www.google.co.nz sp.analytics.yahoo.com *.reddit.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://edge.marker.io *.marker.io *.marketo.net *.mktoresp.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com/ static.cloudflareinsights.com *.clarity.ms *.yimg.com *.adsrvr.org *.redditstatic.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google.com *.stape.io maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://edge.marker.io *.marker.io *.marketo.net *.mktoresp.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google.com stats.g.doubleclick.net *.clarity.ms *.yimg.com *.adsrvr.org *.google.co.nz *.reddit.com ekr.zdassets.com/ *.doubleclick.net *.googlesyndication.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com www.libertysport.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com www.libertysport.com 'self' 'unsafe-inline'; frame-ancestors www.libertysport.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com www.libertysport.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.libertysport.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.libertysport.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.yotpo.com *.googleapis.com www.libertysport.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.libertysport.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.libertysport.com 'self' 'unsafe-inline'; child-src www.libertysport.com http: https: blob: 'self' 'unsafe-inline'; default-src www.libertysport.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com *.iubenda.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.iubenda.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com https://www.magezon.com intpaye.netsgroup.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net img.riskified.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.iubenda.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com www.gstatic.com beacon.riskified.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.iubenda.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.google.com www.gstatic.com pay.google.com google.com/pay ecomms2s.sella.it sandbox.gestpay.net c.riskified.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' data: https://www.motonet.ee https://graphql.datocms.com https://*.doubleclick.net https://www.instagram.com https://*.broman.group https://*.litix.io https://vimeo.com https://*.klarna.com https://*.klarnaevt.com/v1/ https://*.adyen.com/checkoutanalytics/ https://*.adyen.com/checkoutshopper/ https://api.postmarkapp.com https://www.youtube.com https://api.videoly.co https://js.testfreaks.com https://api.testfreaks.com https://reviews.testfreaks.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com/api/consent https://api.custobar.com/js/v1/custobar.js https://*.google-analytics.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://*.googlesyndication.com https://*.adform.net https://*.creativecdn.com https://connect.facebook.net https://browser-intake-datadoghq.eu https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.ee https://*.googletagmanager.com; img-src 'self' data: https://www.datocms-assets.com https://i.ytimg.com https://image.mux.com https://*.broman.group https://js.playground.kustom.co https://eu.klarnaevt.com https://*.cdn.adyen.com/checkoutshopper/ https://i.ytimg.com https://www.datocms-assets.com https://stagingaksapimanagementbroman.azure-api.net https://testapimanagementbroman.azure-api.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com https://*.mux.com https://*.vimeocdn.com https://dapi.videoly.co https://*.facebook.com https://*.seadform.net https://*.adform.net https://*.criteo.net https://*.criteo.com https://www.googletagmanager.com/ https://ib.adnxs.com/setuid https://ib.adnxs.com/getuid https://cm.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://qr.motonet.ee; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://js.playground.kustom.co https://osm.klarnaservices.com/ https://*.adyen.com/ https://*.vimeo.com https://app.ecoonline.com https://www.maston.fi https://websds.volvo.com https://policy.app.cookieinformation.com/ https://*.criteo.com https://*.adform.net https://*.creativecdn.com https://www.facebook.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.broman.group https://maps.googleapis.com https://js.playground.kustom.co https://js.klarna.com https://js.klarna.com/web-sdk/ https://api.videoly.co/1/quchbox/0/5256/quch.js https://www.paypal.com/sdk/js https://dapi.videoly.co https://www.youtube.com https://*.vimeo.com https://policy.app.cookieinformation.com https://api.custobar.com/js/v1/custobar.js https://*.criteo.net https://*.criteo.com https://*.adform.net https://connect.facebook.net https://tags.creativecdn.com https://dev.visualwebsiteoptimizer.com https://*.googletagmanager.com; object-src 'none'; worker-src 'self' blob:; 1
font-src *.gstatic.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.versapay.com *.paynup.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cld.bz *.versapay.com *.twitter.com *.paynup.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com pages.cld.bz d1lx47257n5xt.cloudfront.net *.versapay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.paynup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cld.bz *.versapay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paynup.com *.datadoghq.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.versapay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.paynup.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/magento_os/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.certcapture.com https://plumrocket.com *.authorize.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.certcapture.com store.paradoxlabs.com https://firebasestorage.googleapis.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.avada.io *.authorize.net *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.certcapture.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.certcapture.com https://get.geojs.io *.avada.io *.authorize.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://d1pna5l3xsntoj.cloudfront.net www.apptrian.com x.klarnacdn.net cdn.klarna.com/1.0/shared/image www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net www.apptrian.com *.googleapis.com *.google.com *.gstatic.com bankauswahl.giropay.de www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com bankauswahl.giropay.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://core.helloretail.com www.apptrian.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com bankauswahl.giropay.de bankauswahl.girocheckout.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io acsbapp.com *.acsbapp.com *.crazyegg.com *.rolex.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.affirm.com *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.rolex.com acsbapp.com *.acsbapp.com *.crazyegg.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.affirm.com *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.rolex.com acsbapp.com *.acsbapp.com *.crazyegg.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.doubleclick.net https://googleads.g.doubleclick.net https://www.google.co.in *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.acsbapp.com *.crazyegg.com *.rolex.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com acsbapp.com *.crazyegg.com *.rolex.com *.doubleclick.net *.intercomcdn.com *.intercom.io *.intercomassets.com *.mouseflow.com *.tagecorner.com *.gembuilder.com *.cloudflareinsights.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com *.googleadservices.com *.googletagmanager.com *.cardinalcommerce.com *.paypal.com *.paypalobjects.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com ajax.googleapis.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.rolex.com *.acsbapp.com *.crazyegg.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.affirm.com *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com https://static.klaviyo.com https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io acsbapp.com *.acsbapp.com *.crazyegg.com *.rolex.com *.intercomcdn.com *.intercom.io *.nr-data.net *.intercomassets.com *.affirm.com *.mouseflow.com *.gembuilder.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net acsbapp.com *.acsbapp.com *.crazyegg.com *.rolex.com *.intercomcdn.com *.intercom.io *.intercomassets.com wss://nexus-websocket-a.intercom.io *.mouseflow.com *.gembuilder.com *.googlesyndication.com alpixtrack.com *.alpixtrack.com *.breitling.com *.mapbox.com *.myregistry.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.wp.com;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	media-src blob: https:;	frame-src https:;	object-src 'none';	connect-src https:; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com cdn.userway.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://static.addtoany.com/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://js.stripe.com/ https://js.stripe.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.fr *.google.ie www.google.com.ua lh.trafficguard.ai px.ads.linkedin.com *.hsforms.com bat.bing.com *.adroll.com *.reddit.com www.redditstatic.com *.hotjar.com *.hotjar.io api.trafficguard.ai *.hubspot.com pixel.tapad.com x.bidswitch.net pixel.rubiconproject.com dsum-sec.casalemedia.com *.cloudfront.net sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com sync.taboola.com eb2.3lift.com ib.adnxs.com match.adsrvr.org s3.amazonaws.com cdn.convertcart.com cdn.userway.org idsync.rlcdn.com us-u.openx.net segments.company-target.com tags.rd.linksynergy.com sync.ipredictive.com epiv.cardlytics.com secure.insightexpressai.com action.media6degrees.com jadserve.postrelease.com pt.ispot.tv https://www.totaljobs.com ardrone.swoop.com www.swpsvc.com tag.crsspxl.com fr.shopping.rakuten.com dsp.adfarm1.adition.com cm.mgid.com match.prod.bidr.io ds.reson8.com cdn.asphaltkingdom.com *.hubspotusercontent00.net ml314.com bcp.crwdcntrl.net loadm.exelator.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://static.addtoany.com/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://checkout.stripe.com/checkout.js https://js.stripe.com/v3/ seal.godaddy.com bat.bing.com www.redditstatic.com tgtag.io js.hs-scripts.com *.hotjar.com snap.licdn.com *.tctm.co *.asphaltkingdom.com js.usemessages.com js.hs-analytics.net js.hsleadflows.net js.hubspot.com js.hs-banner.com js.hsadspixel.net *.adroll.com www.clarity.ms js.hsforms.net cdn.jsdelivr.net cdn.userway.org cdn.debugbear.com *.optimonk.com ag.innovid.com x.skimresources.com pippio.com track2.securedvisit.com sync.smartadserver.com js.hscta.net fast.wistia.com googleadservices.com cibcfcib.transactiongateway.com *.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com cdn.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://stats.addtoany.com/menu www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.amazon.com *.google-analytics.com *.doubleclick.net *.cloudflare.com maps.googleapis.com api.userway.org px.ads.linkedin.com *.reddit.com api.trafficguard.ai *.hotjar.io *.hubspot.com *.hsforms.com *.optimonk.com www.redditstatic.com wss://ws.hotjar.com d.adroll.com api.hubapi.com a.clarity.ms data.debugbear.com wss://cdn-webstats.com cibcfcib.transactiongateway.com f.clarity.ms app.clicklease.com googleads.g.doubleclick.net googleadservices.com *.matomo.cloud cdn.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-CWp4fB+3qB/DYxJpuzVvUw==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=Avyj0s3p2xLmT5-RgQyIZUpiMPPIj-yXZLCxxnrr3OyTIo4PSsnS5jU9g3thAQWKptWJ&policy_id=28711&user_id=&request_id=98f000ab-e4b9-4036-b29a-bdec73701ac9; report-to csp-endpoint-avyjspxlmtrgqyizupimppijyxzlcxxnrroytiopssnsjugthaqwkptwj; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'self' https://*.mercadolibre.cl:* https://*.mercadolibre.com:* https://*.mercadolibre.com.ve:* https://*.mercadolibre.com.ar:* https://*.mercadolivre.com.br:* https://*.mercadolibre.com.co:* https://*.mercadolibre.com.ec:* https://*.mercadolibre.com.mx:* https://*.mercadolibre.com.pe:* https://*.mercadolibre.com.uy:* https://*.mercadopago.cl:* https://*.mercadopago.com.ar:* https://*.mercadopago.com.br:* https://*.mercadopago.com.co:* https://*.mercadopago.com.mx:* https://*.mercadopago.com.pe:* https://*.mercadopago.com.uy:* https://*.mercadopago.com.ve:* https://*.mercadopago.com:* https://*.adminml.com:* https://*.mercadolibre.co.cr:* https://*.mercadolibre.com.pa:* https://*.mercadolibre.com.do:* https://*.mercadolibre.com.bo:* https://*.mercadolibre.com.py:* https://*.mercadolibre.com.gt:* https://*.mercadolibre.com.hn:* https://*.mercadolibre.com.ni:* https://*.mercadolibre.com.sv:* https://*.mercadopago.com.ec:* https://*.portalinmobiliario.com:* https://*.mercadolivre.com:* 1
object-src 'none';base-uri 'self';script-src 'nonce-5baz5Eb4k9eNt8PY4jD7WQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com https://fonts.bunny.net nitropack.io *.nitrocdn.com blob: 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://static.addtoany.com/ *.twitter.com *.google.com *.addthis.com nitropack.io blob: 'self' cdn.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.vimeocdn.com https://firebasestorage.googleapis.com nitropack.io *.nitrocdn.com blob: 'self' www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.facebook.net *.avada.io cdn.tailwindcss.com nitropack.io *.intercom.io *.nitrocdn.com nitroscripts.com *.intercomcdn.com blob: 'self' cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com https://fonts.bunny.net cdn.tailwindcss.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com blob: 'self' cdn.jsdelivr.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.cloudflare.com *.twitter.com *.paypal.com https://get.geojs.io *.avada.io *.getnitropack.com nitropack.io *.intercom.io *.zdassets.com *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io blob: 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mGPq0-9Ga9etbVX8gXcUIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'sha256-8kz5ARm+EueWjOyEtm0gwtTgXhoWcOwXEU0kYGGTVBg=' 'sha256-YOQrIGBQSsAtWodJ1qDZiCtwWVbvXj85Yme1BHNT/z8=' 'sha256-hqgU2e05QSX69TZ3nribEu1fEOT9I09bO9Aa81dAteg=' 'self' 'sha256-3Pejfkj6T0q3nIFwdhJVA0ST+KnF2yIhYlZO1qmTNPU=' statistiek.rijksoverheid.nl 'report-sample' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE=' 'sha256-/JNc+BuklzUXPWbtNKf7geALzzw4NbuLvyFYGJIRnXc=' 'sha256-CaN42Zi+a+oATitdYvGRVlyS6mCZIxrLFXhTbgp6HCI=' 'nonce-b+pvOI4Jy+zfYIJsS0DNhA=='; object-src 'self'; style-src 'self' 'sha256-2haq8oHxQM6XYJ1EnNAO37NNVFrJGhmY1jn8sa3S0AU=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-mCFjSEfVbMV655L708fbXky77erDrJ8sYVyx+V9Igjg=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='  'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' 'sha256-p6HyQ9qqQIVvilUDUG0LZmJsmqaueCFxNRdnqp+CQu0=' 'sha256-p3iFO5bVyUOAUUESOH4bv8z4dxbPZZXWh/MQHoshxww='; img-src 'self' statistiek.rijksoverheid.nl *.rovid.nl data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/44/security/?sentry_key=7a6c58c960be4975936f128606931c16&sentry_environment=production 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.cloudflare.com *.twitter.com *.certcapture.com *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/en-US.woff2 https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.certcapture.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.certcapture.com *.amazonaws.com *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.certcapture.com *.amazonaws.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net blob: *.cylindo.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.certcapture.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com http://www.w3.org/2000/svg https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.sharethis.com https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.cylindo.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.certcapture.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com https://use.fontawesome.com/ https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.certcapture.com *.amazonaws.com *.zopim.com *.zopim.io https://static.zdassets.com/ https://bam.nr-data.net/ *.sharethis.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.cloudflare.com *.twitter.com *.certcapture.com *.amazonaws.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com http://www.w3.org/2000/svg https://bam.nr-data.net/ *.sharethis.com *.applepay.cdn-apple.com https://maps.google.com *.livechatinc.com *.crwdcntrl.net *.cylindo.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' tps.trovaprezzi.it sibautomation.com upstream.heidipay.com www.paypal.com maps.googleapis.com ajax.googleapis.com dme0ih8comzn4.cloudfront.net googleads.g.doubleclick.net connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' p.typekit.net stackpath.bootstrapcdn.com use.typekit.net ka-p.fontawesome.com kit.fontawesome.com fonts.googleapis.com ; object-src 'self'; base-uri 'self'; connect-src 'self' www.paypal.com maps.googleapis.com googleads.g.doubleclick.net consentcdn.cookiebot.com www.google.com; font-src 'self' upstream.heidipay.com stackpath.bootstrapcdn.com use.typekit.net ka-p.fontawesome.com kit.fontawesome.com fonts.gstatic.com data: ; frame-src 'self' www.paypal.com api.prestashop.com consentcdn.cookiebot.com www.google.com; img-src 'self' imgsct.cookiebot.com www.paypalobjects.com t.paypal.com statici.scaramuzzamodo.it profile.prestashop.com data: blob: ; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' report-uri https://o244114.ingest.sentry.io/api/1420725/security/?sentry_key=d59dabdf03794a039923edd4ac216d88&sentry_environment=production 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://js.hubspot.com https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hsadspixel.net https://snap.licdn.com https://tags.clickagy.com https://js.adsrvr.org https://web-sdk.smartlook.com https://js.zi-scripts.com https://app.usercentrics.eu https://web.cmp.usercentrics.eu https://static.hsappstatic.net https://b-code.liadm.com; script-src-elem 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hubspot.com https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.hsforms.net https://js.hscollectedforms.net https://js.adsrvr.org https://web-sdk.smartlook.com https://snap.licdn.com https://web.cmp.usercentrics.eu https://ws-assets.zoominfo.com https://js.zi-scripts.com https://tags.clickagy.com https://js.hsadspixel.net https://s3-us-west-2.amazonaws.com https://player.vimeo.com https://www.gartner.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' data: blob: https://www.googletagmanager.com https://snap.licdn.com https://px.ads.linkedin.com https://track.hubspot.com https://perf-na1.hsforms.com https://forms-na1.hsforms.com https://forms.hsforms.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://aorta.clickagy.com https://secure.gravatar.com https://i.vimeocdn.com https://www.google.com https://www.google.co.uk https://www.google.ca https://www.google.de https://www.google.fr https://www.google.dk https://www.google.it https://www.google.in https://www.google.jp https://www.google.ge https://www.google.com.pk https://www.google.com.kh https://www.google.com.tr; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://forms.hsforms.com https://forms.hscollectedforms.net https://api.hubapi.com https://cta-service-cms2.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://analytics.google.com https://region1.analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.ca https://www.google.de https://www.google.fr https://www.google.dk https://www.google.it https://www.google.in https://www.google.jp https://www.google.ge https://www.google.com.pk https://www.google.com.kh https://www.google.com.tr https://www.googleadservices.com https://pagead2.googlesyndication.com https://pro.ip-api.com https://alocdn.com https://rp.liadm.com https://idx.liadm.com https://insight.adsrvr.org https://px.ads.linkedin.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://manager.eu.smartlook.cloud https://assets-proxy.smartlook.cloud https://web-writer.eu.smartlook.cloud https://aorta.clickagy.com https://hemsync.clickagy.com https://a.usbrowserspeed.com https://v1.api.service.cmp.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://www.googletagmanager.com https://js.zi-scripts.com; frame-src 'self' https://js.hsforms.net https://open.spotify.com https://match.adsrvr.org https://insight.adsrvr.org https://player.vimeo.com; media-src https://vimeo.com; worker-src blob:; frame-ancestors 'none'; form-action 'self' https://forms.hsforms.com; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://tenovos.report-uri.com/r/d/csp/wizard; report-to default; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.my *.google.com.vn *.twitter.com *.sharethis.com *.facebook.net invol.co *.focus-point.com d6lo152ds99l0.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com/recaptcha/ *.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io *.paypal.com *.sandbox.paypal.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com analytics.tiktok.com dpm.demdex.net et.geojs.io avn.innity.com apptrian.com *.useinsider.com *.doubleclick.net *.hotjar.com *.sharethis.com *.facebook.com invol.co wchat.freshchat.com artrial.kiksar.com web-rte-static-files.s3.ap-south-1.amazonaws.com https://stovsprodwe01.azureedge.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.sharethis.com *.facebook.net *.facebook.com wchat.freshchat.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com et.geojs.io *.avada.io *.sandbox.paypal.com *.paypalobjects.com *.paypal.com *.google.com *.gstatic.com analytics.tiktok.com avn.innity.com apptrian.com *.hotjar.com *.hotjar.io *.doubleclick.net *.sharethis.com *.facebook.net *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://ecomm.sella.it/ https://sandbox.gestpay.net/ chimpstatic.com downloads.mailchimp.com *.list-manage.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.google-analytics.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-DxCM33SxjTzC36Rz-qI1Pw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
mf_youtube_widget_img_src https://img.youtube.com; font-src www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net *.paypal.com *.paypalobjects.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sandbox.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net blob: https://firebasestorage.googleapis.com https://meetanshi.com/media/logo.png www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sandbox.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com apis.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.shopify.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sandbox.paypal.com *.paypalobjects.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sandbox.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-elLM857DjqWGZxf7qsc6Wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-74IqqgjbOYuOyMiT3LKptg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.amazon.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca *.youtube.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://*.google.com/ *.maps.gstatic.com maps.gstatic.com maps.googleapis.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com https://*.cloudfront.net/ https://*.google.com.vn/ https://web1.acsbapp.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazon.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io https://acsbapp.com/ https://chimpstatic.com/ https://*.doubleclick.net/ https://*.googletagmanager.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://uscarcover.zendesk.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.amazon.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.googletagmanager.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.amazon.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io https://*.acsbapp.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://uscarcover.zendesk.com/ wss://widget-mediator.zopim.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://uscarcover.com; report-to report-endpoint; 1
default-src 'self'; img-src 'self' https://secure.gravatar.com data: blob: https://images.dev.nualang.com https://images.nualang.com https://d3p1kwdytke5db.cloudfront.net https://api.imagecreator.fathominnovation.com https://t.co https://*.facebook.com https://*.hubspot.com https://www.google-analytics.com https://*.twitter.com https://pbs.twimg.com https://images.dev-1.nualang.com https://images.prod-1.nualang.com https://forms.hsforms.com https://i.ytimg.com https://lh3.googleusercontent.com;frame-src https://www.google.com https://*.twitter.com https://*.hubspot.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com https://api.hubapi.com https://*.facebook.net https://*.ads-twitter.com https://stats.g.doubleclick.net https://*.usemessages.com https://*.hsadspixel.net https://region1.google-analytics.com https://youtube.com https://www.youtube.com https://cognito-idp.eu-west-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://api.prod-1.nualang.com https://api.dev-1.nualang.com https://i.ytimg.com blob: https://gitlab.com https://nualang-packages.s3-eu-west-1.amazonaws.com/rivescript.min.js https://www.google-analytics.com https://api.nualang.com https://api.dev.nualang.com; script-src 'self' https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.usemessages.com https://*.hsadspixel.net https://*.facebook.net https://*.ads-twitter.com https://www.youtube.com https://cdnjs.cloudflare.com/ajax/libs/ https://nualang-packages.s3-eu-west-1.amazonaws.com/rivescript.min.js https://identity.netlify.com/v1/netlify-identity-widget.js https://unpkg.com/netlify-cms@%5E2.10.11/dist/netlify-cms.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://*.twitter.com https://cdn.syndication.twimg.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://platform.twitter.com/css/ 'unsafe-inline'; object-src 'none' 1
connect-src 'self' noembed.com cdn.plyr.io cdn.linkedin.oribi.io www.facebook.com ad.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com www.google-analytics.com maps.googleapis.com translate.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.ch tpc.googlesyndication.com www.google-analytics.com www.google.com data: *.adform.net www.youtube-nocookie.com cdn.plyr.io embed.eventfrog.ch *.ffhs.ch *.3vrooms.app i.ytimg.com www.youtube.com 12720745.fls.doubleclick.net adservice.google.com analytics.google.com maps.googleapis.com www.gstatic.com connect.facebook.net googleads.g.doubleclick.net region1.analytics.google.com snap.licdn.com stats.g.doubleclick.net www.facebook.com www.googleadservices.com www.googletagmanager.com www.linkedin.com cdn.linkedin.oribi.io px.ads.linkedin.com; font-src 'self' fonts.gstatic.com ; form-action 'self'; img-src 'self' data: px.ads.linkedin.com www.facebook.com www.google.com www.google.ch maps.googleapis.com region1.analytics.google.com region1.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com maps.gstatic.com i.ytimg.com blob: ad.doubleclick.net region1.google-analytics.com www.google-analytics.com translate.google.com fonts.gstatic.com px4.ads.linkedin.com; media-src cfvod.kaltura.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-src 12720745.fls.doubleclick.net tube.switch.ch embed.eventfrog.ch www.terminland.de bid.g.doubleclick.net tpc.googlesyndication.com www.google.com www.youtube.com *.ffhs.ch; worker-src blob:; report-uri https://ffhs.report-uri.com/r/d/csp/reportOnly; report-to default 1
font-src * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com s3.eu-central-1.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com widget.freshworks.com m2epro.freshdesk.com *.google.com/ *.modehaus.de *.pay1.de *.ratepay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com brandpages.modehaus.de *.ratepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypal.com *.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cloudflare.com *.twitter.com *.twimg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ps8vC7k9nxkDGkN2Z6dcRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fp-629gy5GFWwAvdOjuqyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src                      'self'                      'unsafe-inline'                      https://www.google-analytics.com                      https://www.googletagmanager.com                      https://connect.facebook.net;                    connect-src            https://analytics.google.com            https://api.helloproteger.com            https://bat.bing.com            https://googleads.g.doubleclick.net            https://payments.amazon.co.jp            https://payments-fe.amazon.com            https://stats.g.doubleclick.net            https://www.google.com            https://www.google-analytics.com            https://www.visumo.jp            https://z.clarity.ms;           oubleclick.net            https://payments.amazon.co.jp            https://payments-fe.amazon.com            https://stats.g.doubleclick.net            https://www.google.com            https://www.google-analytics.com            https://www.visumo.jp            https://z.clarity.ms;                    img-src                      'self'                      data:                     https://ajax.googleapis.com                     https://b98.yahoo.co.jp                     https://b99.yahoo.co.jp                     https://bat.bing.com                     https://c.clarity.ms                     https://d.rcmd.jp                     https://googleads.g.doubleclick.net                     https://m.media-amazon.com                     https://video.visumo.jp                     https://www.google.co.jp                     https://www.google.com                     https://www.googletagmanager.com                     https://www.visumo.jp;                    font-src                      'self'                      https://fonts.gstatic.com            https://maxcdn.bootstrapcdn.com                     data:;                    frame-src                     'self'                     https://www.google.com;                    script-src-elem                     'self'                     https://ajax.googleapis.com                     https://b98.yahoo.co.jp                     https://b99.yahoo.co.jp                     https://bat.bing.com            https://cdn.jsdelivr.net            https://d.rcmd.jp            https://googleads.g.doubleclick.net            https://s.yimg.jp            https://scripts.clarity.ms            https://sdk.helloproteger.com            https://static.mul-pay.jp            https://static-fe.payments-amazon.com            https://www.clarity.ms             https://www.google.com             https://www.google-analytics.com             https://www.googletagmanager.com             https://www.gstatic.com             https://www.visumo.jp;            style-src-elem             'self'             https://ajax.googleapis.com             https://fonts.googleapis.com             https://maxcdn.bootstrapcdn.com             https://www.visumo.jp;                    report-to                     csp-endpoint;                    report-uri                     https://www.ginichi.com/csp/reporting 1
object-src 'none';base-uri 'self';script-src 'nonce-pRNwsFj8Lbk2gZYJdzwN6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'nonce-counters' 'report-sample'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report.php 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-ffb90af3983e580d07eb69b969a65b31e085bc16' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://app.whoisvisiting.com/who.js https://connect.facebook.net/en_US/fbevents.js https://lc.iadvize.com/iadvize.js https://script.hotjar.com/modules.1e98293c16a88afdf1b7.js https://sibautomation.com/sa.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-900238.js https://unpkg.com/swiper/swiper-bundle.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__fr.js; style-src 'report-sample' 'self' https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://content.hotjar.io https://in-automate.sendinblue.com https://in.hotjar.com https://lc.iadvize.com wss://wsp21.hotjar.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sibautomation.com https://widget.trustpilot.com https://www.google.com; img-src 'self' https://dashboard.whoisvisiting.com https://px.ads.linkedin.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://642c042d622ceaeaddd42e78.endpoint.csper.io/?v=0; worker-src 'none'; 1
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/6b8ce7c01e3dacd3d2c7a8cd322ff979/mr 1
object-src 'none';base-uri 'self';script-src 'nonce-m04jGlWCgKW2Y4zARpWUGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://cdn.velovita.com https://images.ctfassets.net https://secure.gravatar.com; connect-src 'self'; report-uri https://YOUR_ENDPOINT/csp-report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ https://cash-f.squarecdn.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.facebook.net https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.affirm.com *.affirm.ca *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.affirm.com *.affirm.ca magefan.com cm.magefan.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://franklin-assets.s3.amazonaws.com/ https://static.sandbox.afterpay.com/ https://static.afterpay.com/ https://static.sandbox.afterpay.com/logo/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ https://api.lab.amplitude.com/sdk/vardata https://sandbox.plaid.com/ https://production.plaid.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com https://*.sameday.ro https://plumrocket.com *.facebook.com *.facebook.net *.google.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.gstatic.com *.googleapis.com www.facebook.com analytics.tiktok.com *.tiktok.com static.avasting.ro https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.selfawb.ro *.openstreetmap.org t.themarketer.com cdn1.themarketer.com avasting.ro avasting.local *.google.ro *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.clarity.ms *.claritystatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com connect.facebook.net analytics.tiktok.com map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org https://*.sameday.ro t.themarketer.com cdn1.themarketer.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ro *.clarity.ms *.claritystatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://*.sameday.ro *.fontawesome.com maxcdn.bootstrapcdn.com t.themarketer.com cdn1.themarketer.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io https://www.google-analytics.com *.googleapis.com graph.facebook.com www.facebook.com *.facebook.com analytics.tiktok.com *.tiktok.com *.tiktokapis.com *.tiktokw.us https://ecommerce.fancourier.ro https://nominatim.openstreetmap.org https://api.fancourier.ro map.gls-croatia.com map.gls-czech.com map.gls-hungary.com map.gls-romania.com map.gls-slovenia.com map.gls-slovakia.com map.gls-serbia.com *.openstreetmap.org t.themarketer.com cdn1.themarketer.com c1api.themarketer.com c2api.themarketer.com c3api.themarketer.com c4api.themarketer.com c5api.themarketer.com *.facebook.net *.google.ro *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.claritystatic.com avasting.ro avasting.local 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com public.montonio.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com public.montonio.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/IM/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IM/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/IM/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IM/ https://higherlogicdownload.s3.amazonaws.com/IM/ https://higherlogiclongterm.s3.amazonaws.com/IM/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/IM/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IM/ 'self' https://higherlogiclongterm.s3.amazonaws.com/IM/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com; media-src https://higherlogiclongterm.s3.amazonaws.com/IM/ https://higherlogicdownload.s3.amazonaws.com/IM/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IM/ https://higherlogicstream.s3.amazonaws.com/IM/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/IM/ https://higherlogicdownload.s3.amazonaws.com/IM/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IM/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob: *.googleapis.com *.google-analytics.com *.googletagmanager.com; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ https://region1.google-analytics.com/g/ region1.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://beta.tbibank.support https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.tbibank.support *.gstatic.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.googlesyndication.com *.tiktok.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com apis.google.com https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ZYYNM4Jy79SrkaYPC0CnCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'self'; style-src https: 'self' 'sha256-uxelkF613AGxref1/rP3ZHZE+P7Ug0CyXVLR1rLSakU=' 'sha256-P+2NeKq71oAxK8zY6cOiSwpf3Aa/xXHbkXu4DioxsRQ=' 'sha256-vv9IoKo7BSLbWcUHr3tNmfNVmm5L/9Cfn2H6LMk7/ow=' 'sha256-QiN3HnNUibKmvNsuNF2t2ZEEAvhvIG0Po8FCMXDUuvo=' 'sha256-PDv7PK7p4vec7tI/1XbvDMwahytuLYN1Ul7CMcw1gHY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-E9oHpuvJ6jOR3P7K7KizBmPB/3U+maUP840PXFjEq+A=' 'sha256-u6jtHZ4a6N0kmQve7cxZ0+3oAelZx+CiMr0HwTbRoxA=' 'sha256-2EA12+9d+s6rrc0rkdIjfmjbh6p2o0ZSXs4wbZuk/tA=' 'sha256-Lpt5CFCrGLrsjxO/wBhoSm4Lc1o5pxDZuW5/UU9ANhE='; script-src https: 'self' 'sha256-WN0hqek1jEauhlhWVVXeQPa5BD3f0rsMdmwSZtw1Cys=' 'sha256-eIXWvAmxkr251LJZkjniEK5LcPF3NkapbJepohwYRIc=' 'sha256-Jz4XDAN4f076pEj8cOt8mEdISulquB3CBdxFvEpSSyc=' https://www.googletagmanager.com https://www.clarity.m 'sha256-xJVBbz8FBogVbgagro0nHcjfwOz3sqjCtGSjihUh2m0=' 'sha256-SsAnEE7qERD9tzeNelDfWgW7Ej6bXCyaaggwM/cg0+M=' 'sha256-1ileVmLABVmb2IIWyUuP5uxf3JiJDAJhDAzM8BwWvO4=' 'sha256-gPjlli1HEdLlR0AZTY971/wQVOdSkl9mEinLnxrPpJw='; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io quickchart.io img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com cloudflare.com *.cloudflare.com rolex.com *.rolex.com *.finance-calculator.co.uk *.s3.eu-west-2.amazonaws.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk *.google.com/ https://player.vimeo.com https://www.youtube-nocookie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com cloudflare.com *.cloudflare.com rolex.com *.rolex.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com s3.eu-west-1.amazonaws.com 'self' data: *.blackhorseflexpay.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src adobedtm.com adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com/ *.sagepay.com *.opayo.eu.elavon.com cloudflare.com *.cloudflare.com rolex.com *.rolex.com *.adobedtm.com *.adobe.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.blackhorseflexpay.co.uk/ x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://player.vimeo.com https://www.youtube.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cloudflare.com *.cloudflare.com rolex.com *.rolex.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk x.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com stripe.com *.stripe.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://analytics.google.com; frame-src 'self' https://scheduler.zoom.us https://www.youtube.com https://www.google.com; media-src 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
object-src 'none';base-uri 'self';script-src 'nonce-DkbYqIBXfo_hMLugleMeuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.affirm.com *.affirm.ca *.sharethis.com *.skynettechnologies.com *.skynettechnologies.us https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://acessos.vlibras.gov.br *.meetanshi.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.mczbf.com pipedream.wistia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de us-autocomplete-pro.api.smarty.com lootly.io https://get.geojs.io *.avada.io adservice.google.com *.aeroflowapi.org doctor-lookup.aeroflow.ninja warranties-prod-warrantyuploads3bucket-pwksm63i2jcr.s3.amazonaws.com analytics.tiktok.com api.motifmedical.com/api/fullmotiflookuptool app.launchdarkly.com *.bing.com sdk.iad-02.braze.com bt.signifyd.com:11103 cdn.acsbapp.com *.osano.com www.cloudflare.com/cdn-cgi/trace data.stbuttons.click *.elfsight.com *.elfsightcdn.com www.facebook.com *.five9.net *.five9.com www.google.com *.doubleclick.net maps.googleapis.com *.googlesyndication.com graph.instagram.com *.klaviyo.com l.sharethis.com/pview *.lactationlink.com *.motifmedical.com motifmedical.zendesk.com *.noibu.com wss://*.noibu.com ct.pinterest.com prompts.maze.co req.easywebinar.com s.yimg.com *.snapchat.com dev.visualwebsiteoptimizer.com wss://widget-mediator.zopim.com *.zdassets.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com www.pinterest.com trail.grin.co *.adtrafficquality.google *.gstatic.com sentry.io *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.pumpingessentials.com *.aeroflowdiabetes.com shop.aeroflowinc.com gtm.aeroflowbreastpumps.com gtm.aeroflowdiabetes.com www.babylist.com cdnapisec.kaltura.com cfvod.kaltura.com browser-intake-datadoghq.com *.authorize.net *.google-analytics.com https://imgs.signifyd.com portal.aeroflow.online https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.affirm.com *.aeroflow.io *.aeroflow.org *.doubleclick.net *.googlesyndication.com aeroflowdirect.com aeroflowbreastpumps.com aeroflowurology.com aeroflowsleep.com cpapsupplies.com *.cheapcpapsupplies.com motifmedical.com pumpingessentials.com lactationlink.com aeroflowdiabetes.com *.aeroflowdirect.com *.aeroflowbreastpumps.com *.aeroflowurology.com *.aeroflowsleep.com *.cpapsupplies.com *.motifmedical.com *.pumpingessentials.com *.lactationlink.com *.aeroflowdiabetes.com shop.aeroflowinc.com portal.aeroflow.online https: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src 'report-sample'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; frame-src 'self'; worker-src 'none'; base-uri 'self'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com connect.facebook.net static.ctctcdn.com www.google.com www.gstatic.com tag.simpli.fi i.simpli.fi static.hotjar.com script.hotjar.com cdnjs.cloudflare.com app.ecardwidget.com doublethedonation.com tgbwidget.com cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' static.ctctcdn.com fonts.googleapis.com cdn.jsdelivr.net doublethedonation.com; img-src 'self' data: image www.facebook.com um.simpli.fi fei.pro-market.net www.googleadservices.com cm.g.doubleclick.net googleads.g.doubleclick.net s.ad.smaato.net sync.1rx.io eb2.3lift.com simplifi.partners.tremorhub.com pixel.tapad.com www.tumblr.com aa.agkn.com match.sharethrough.com sync.intentiq.com d.agkn.com www.google.com loadm.exelator.com sync.bfmio.com stags.bluekai.com rtb-csync.smartadserver.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net www.google.co.in pippio.com sync.outbrain.com cs.lkqd.net static.ctctcdn.com app.ecardwidget.com doublethedonation.com tgbwidget.com; media-src 'self'; frame-src 'self' player.flipsnack.com www.google.com cdn.flipsnack.com player.vimeo.com app.ecardwidget.com tgbwidget.com www.einpresswire.com; frame-ancestors 'self' www.einpresswire.com; child-src 'self' www.einpresswire.com; font-src 'self' fonts.gstatic.com; connect-src 'self' www.google-analytics.com listgrowth.ctctcdn.com vc.hotjar.io visitor2.constantcontact.com app.ecardwidget.com doublethedonation.com tgbwidget.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.gstatic.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.youtube.com https://form.typeform.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://ipdev-kj11847-1841.fast-mage.com/ https://instantprecieux.fr/ https://www.google.fr/ https://www.facebook.com/ https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://static.cloudflareinsights.com/ https://connect.facebook.net/ https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.freshworks.com m2epro.freshdesk.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://static.cloudflareinsights.com/ https://region1.google-analytics.com https://mpc2-prod-1-is5qnl632q-uc.a.run.app https://ws.colissimo.fr https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; report-to asperion.nl; report-uri asperion.nl; 1
default-src 'self';  script-src 'self' 'unsafe-inline' analytics.ahrefs.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net www.clarity.ms scripts.clarity.ms s.pinimg.com ct.pinterest.com connect.facebook.net analytics.tiktok.com vercel.live;  style-src 'self' 'unsafe-inline' fonts.googleapis.com;  img-src 'self' data: blob: storage.googleapis.com img.youtube.com picsum.photos maps.googleapis.com maps.google.com www.google.com www.facebook.com analytics.tiktok.com ct.pinterest.com googleads.g.doubleclick.net homebuyer.odfil.es;  media-src 'self';  connect-src 'self' places.googleapis.com api.fanniemae.com auth.pingone.com api.gateway.attomdata.com api.bridgedataoutput.com api.iterable.com cdn.jsdelivr.net redfin-public-data.s3.us-west-2.amazonaws.com fred.stlouisfed.org www.congress.gov eligibility.sc.egov.usda.gov api.vercel.com brain-virid.vercel.app trackcmp.net analytics.ahrefs.com www.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net www.clarity.ms j.clarity.ms ct.pinterest.com prism.app-us1.com analytics.tiktok.com analytics-ipv6.tiktokw.us www.facebook.com vercel.live;  font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;  frame-src 'self' www.youtube.com maps.google.com td.doubleclick.net www.googletagmanager.com ct.pinterest.com vercel.live;  worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-Qj8OI-P-H_bDRS4lGZoXPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jIpVnBtGQmjvQObIQb26tQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'unsafe-inline' data: maxcdn.bootstrapcdn.com *.cloudflare.com *.google.com *.google.co.in *.podium.com *.analyticspodium.com media.rugs.shop static.rugs.shop https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://static.addtoany.com/ https://www.googletagmanager.com/ secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com *.cloudinary.com *.google.com *.facebook.com *.magentocommerce.com *.braintreegateway.com *.googleapis.com *.podium.com *.analyticspodium.com *.google.co.in media.rugs.shop static.rugs.shop http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com https://static.addtoany.com/ *.facebook.com *.mm-api.agency *.roomvo.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.adobedtm.com *.googletagmanager.com *.paypal.com *.gstatic.com *.googleapis.com *.paypalobjects.com *.facebook.net *.podium.com *.analyticspodium.com *.google.co.in *.doubleclick.net *.force.com *.salesforceliveagent.com *.authorize.net media.rugs.shop static.rugs.shop player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.shopify.com *.alothemes.com *.magepow.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com *.mm-api.agency *.roomvo.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.google.com assets.adobedtm.com *.adobedtm.com *.googletagmanager.com *.paypal.com *.gstatic.com *.paypalobjects.com *.vimeo.com *.facebook.com *.google.co.in *.podium.com *.analyticspodium.com *.typekit.net *.force.com media.rugs.shop static.rugs.shop https://fonts.bunny.net *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com https://stats.addtoany.com/menu *.mm-api.agency *.roomvo.com *.googleadservices.com *.cloudflare.com *.adobe.com assets.adobedtm.com *.adobedtm.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.paypalobjects.com *.facebook.com *.podium.com *.analyticspodium.com *.google.co.in *.doubleclick.net *.authorize.net media.rugs.shop static.rugs.shop http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com apitest.authorize.net jstest.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.superpayments.com *.stripe.com *.googleapis.com https://fonts.gstatic.com https://static.olark.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.superpayments.com *.stripe.com https://0eaf.cardinalcommerce.com https://secure4.arcot.com/content-server/api/tds2/txn/browser/v1/creq https://secure5.arcot.com/content-server/api/tds2/txn/browser/v1/creq https://secure6.arcot.com/content-server/api/tds2/txn/browser/v1/creq https://secure7.arcot.com/content-server/api/tds2/txn/browser/v1/creq https://authentication-acs.marqeta.com/ https://0merchantacsstag.cardinalcommerce.com/MerchantACSWeb/creq.jsp https://www.rsa3dsauth.co.uk/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net 'self' 'unsafe-inline'; frame-ancestors *.superpayments.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.superpayments.com *.stripe.com https://assets.braintreegateway.com/ https://maps.google.co.uk/ https://static.olark.com/ https://www.google.com/ https://0eaf.cardinalcommerce.com/ https://ssl.kaptcha.com/ https://secure4.arcot.com/ https://secure5.arcot.com/ https://secure6.arcot.com/ https://secure7.arcot.com/ https://googleads.g.doubleclick.net/ https://authentication-acs.marqeta.com/ https://www.google.co.uk/ https://c.paypal.com/ https://pay.google.com/ https://c.sandbox.paypal.com/ https://tst.kaptcha.com/ https://0merchantacsstag.cardinalcommerce.com/ https://channel-cards-html.lloydsbankinggroup.com/ https://www.rsa3dsauth.co.uk/ https://td.doubleclick.net/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.superpayments.com *.stripe.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.google.co.uk https://log.olark.com https://1069349706.privacysandbox.googleadservices.com/pagead/ https://www.gstatic.com/instantbuy/svg/light/en.svg https://www.gstatic.com/instantbuy/svg/dark/en.svg https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg https://www.workplace-products.co.uk/pub/media/ https://bat.bing.com/action/ https://cdn-cookieyes.com/assets/images/revisit.svg https://cdn-cookieyes.com/assets/images/close.svg https://cdn-cookieyes.com/assets/images/ https://bat.bing.net/action/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net https://c.clarity.ms/c.gif https://c.bing.com/c.gif https://c.clarity.ms/ https://c.bing.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.superpayments.com *.stripe.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.trustpilot.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://pcls1.craftyclicks.co.uk https://static.olark.com https://api.olark.com https://assets.olark.com https://knrpc.olark.com/ https://includes.ccdc02.com/ https://songbirdstag.cardinalcommerce.com/cardinalcruise/v1/songbird.js https://js.braintreegateway.com/web/3.79.1/js/client.min.js https://js.braintreegateway.com/web/3.79.1/js/data-collector.min.js https://js.braintreegateway.com/web/3.79.1/js/hosted-fields.min.js https://js.braintreegateway.com/web/3.79.1/js/paypal-checkout.min.js https://js.braintreegateway.com/web/3.79.1/js/three-d-secure.min.js https://js.braintreegateway.com/web/3.79.1/js/google-payment.min.js https://c.paypal.com/da/r/fb.js https://pay.google.com/gp/p/js/pay.js https://songbirdstag.cardinalcommerce.com/edge/v1/songbird.js https://songbirdstag.cardinalcommerce.com/edge/v1/ https://secure.visionary-business-ingenuity.com/js/270451.js https://script.infinity-tracking.com/infinitytrack.js https://payment.direct.worldline-solutions.com/hostedtokenization/js/client/tokenizer.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/187158971.js clarity.ms/tag/uet/187158971 https://script.infinity-tracking.com/inf_278.js https://www.clarity.ms/ https://scripts.clarity.ms/0.8.30/clarity.js https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/script.js https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/banner.js https://cdn-cookieyes.com/client_data/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net https://scripts.clarity.ms/0.8.33/clarity.js https://scripts.clarity.ms/0.8.45/clarity.js https://acrobatservices.adobe.com/dcpreviewdropin/4.2.0_2.1400.0/private/printHelper_main.bfbc2060.js.map https://acrobatservices.adobe.com/dcpreviewdropin/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com https://cdn.superpayments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com *.superpayments.com *.stripe.com *.googleapis.com *.gstatic.com https://static.olark.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.olark.com https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.superpayments.com *.stripe.com stripe.com cognito-idp.eu-west-2.amazonaws.com segment.com *.segment.com *.segmentapis.com q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws cdn.seondf.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.trustpilot.com https://www.google-analytics.com https://www.google-analytics.com/j/ https://stats.g.doubleclick.net https://api.braintreegateway.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://knrpc.olark.com https://writer.cardinalcommerce.com/prod/log https://payments.sandbox.braintree-api.com/graphql https://origin-analytics-sand.sandbox.braintree-api.com/krytt6yfdmtn3g7k https://api.sandbox.braintreegateway.com/merchants/ https://writer.cardinalcommerce.com/stag/log https://region1.google-analytics.com/ https://google.com/pagead/form-data/ https://api-js.mixpanel.com/ https://google.com/ccm/form-data/ https://region1.analytics.google.com/g/collect https://google.com/pay https://pay.google.com/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://www.google.co.uk/pagead/attribution/ https://web.lon.infinity-tracking.com/v3/info https://nas.lon.infinity-tracking.com/allocate https://ict.infinity-tracking.net/track https://web.lon.infinity-tracking.com/v1/web-event https://featureassets.org/v1/ https://prodregistryv2.org/v1/ https://b.clarity.ms/collect https://bat.bing.com/actionp/ https://log.cookieyes.com/api/v1/log https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/vmFu1hl2.json https://directory.cookieyes.com/api/v1/ip https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/config/1Xc88fxV.json https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/translations/hq9a5WDa.json https://cdn-cookieyes.com/client_data/64df6958d91aaeb86278791d/audit-table/XM9q2EJr.json https://cdn-cookieyes.com/client_data/ https://9779453152e5fddf5efb93452731f03c.seondnsresolve.com/ https://eb6a7d55b667d9b6e52e2ebe363274d7b395eb78.seondnsresolve.com/ https://0140cd4e556a3062053c9099dc5f6c0f.seondnsresolve.com/ seondnsresolve.com/ https://o1250394.ingest.us.sentry.io/ https://api.storyblok.com/v2/cdn/ https://pagead2.googlesyndication.com/ https://bat.bing.net/ https://z.clarity.ms/collect https://khcdnccf9db4b71.b-cdn.net/pub/static/ https://khcdnccf9db4b71.b-cdn.net/pub/media/ https://khcdnccf9db4b71.b-cdn.net https://www.merchant-center-analytics.goog/mc/ https://log.cookieyes.com/api/v1/consent https://q4g4k4pw47biltffyqrfab7q7m0jaagm.lambda-url.ap-south-1.on.aws/v1/ https://acrobatservices.adobe.com/dcpreviewdropin/3.72.0_2.1162.0/private/printHelper_main.178c0c58.js.map https://googleads.g.doubleclick.net/pagead/ https://viewlicense.adobe.io/viewsdklicense/jwt https://acrobatservices.adobe.com/view-sdk/ https://log.cookieyes.com/api/v1/gcm https://acrobatservices.adobe.com/dcpreviewdropin/4.2.0_2.1400.0/private/printHelper_main.bfbc2060.js.map https://acrobatservices.adobe.com/dcpreviewdropin/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.workplace-products.co.uk/ 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.google.* 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://www.google.* 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.*; img-src 'self' data: https: https://www.google.*; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https: https://www.google.*; frame-src https://www.googletagmanager.com https://www.google.*; media-src 'self' https://www.google.*; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://csp-report-collector.mtitoperations.workers.dev/; 1
object-src 'none';base-uri 'self';script-src 'nonce-RkusgPuBmlERtcL3DGMlYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com *.fontawesome.com https://unpkg.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.certcapture.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://secure.livechatinc.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.certcapture.com https://track.hubspot.com https://www.facebook.com *.files-text.com *.livechatinc.com *.livechat-files.com *.livechat-static.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.certcapture.com https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech https://api.livechatinc.com http://cdn.livechatinc.com https://www.googletagmanager.com https://maps.googleapis.com https://unpkg.com https://cdn.livechatinc.com https://connect.facebook.net https://js-na1.hs-scripts.com http://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://cdnjs.cloudflare.com *.livechatinc.com *.livechat-static.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com https://unpkg.com https://*.typekit.net https://cdnjs.cloudflare.com *.livechatinc.com *.fontawesome.com 'self' 'unsafe-inline'; object-src *.livechatinc.com 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com *.livechat-static.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.certcapture.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://api.hubapi.com https://www.facebook.com *.livechatinc.com *.text.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src *.certcapture.com *.livechatinc.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://chimpstatic.com https://googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com;        style-src 'self' 'unsafe-inline' https://tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;        style-src-elem 'self' 'unsafe-inline' https://*.google.com *.googleapis.com *.freshdesk.com  *.amazonaws.com https://fast.wistia.com;         script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com https://hit.uptrendsdata.com *.cloudfront.net *.uptrendsdata.com https://chimpstatic.com https://www.google.com *.gstatic.com https://www.google-analytics.com *.cookiepro.com *.ubembed.com *.facebook.net *.convertflow.co *.doubleclick.net *.freshdesk.com *.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;         connect-src 'self' https://notify.bugsnag.com https://sessions.bugsnag.com *.uptrendsdata.com https://google-analytics.com *.google-analytics.com *.doubleclick.net *.cookiepro.com https://my.yoast.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.visualwebsiteoptimizer.com app.vwo.com;         frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com *.freshdesk.com app.vwo.com *.visualwebsiteoptimizer.com;        font-src 'self' 'unsafe-inline' *.gstatic.com;        img-src 'self' 'unsafe-inline' *.gravatar.com *.gezondverzekerd.nl https://www.google.com https://www.google.nl https://www.google-analytics.com *.cookiepro.com https://www.facebook.com https://www.googletagmanager.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;  	report-uri https://v2.boa.gezondverzekerd.nl/report-uri 1
default-src 	'self' https://social-wall.websenso.com;     script-src 		'self' 'unsafe-inline' *.vercel.app *.websenso.dev *.websenso.com *.elfsight.com https://*.bot2com.net;     style-src 		'self' 'unsafe-inline' *.vercel.app *.websenso.dev *.websenso.com;     img-src 		'self' data: *.vercel.app *.websenso.dev *.websenso.com *.openstreetmap.org *.elfsight.com https://images.weserv.nl https://phosphor.utils.elfsightcdn.com https://lh3.googleusercontent.com;     frame-src 		https://www.openstreetmap.org;     font-src      'self' data: *.elfsight.com;     connect-src 	*.elfsight.com *.websenso.com https://*.bot2com.net;     report-uri 	    https://csp-report.appsenso.eu/report.php 1
object-src 'none';base-uri 'self';script-src 'nonce-e15usa9gLCfoKchgAUcQ_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src data: *.youtube.com *.youtu.be *.vimeo.com *.google.com *.google-analytics.com *.googletagmanager.com *.matomo.cloud cdn.matomo.cloud *.luckyorange.com tools.luckyorange.com *.rakutenadvertising.io ecom-app.rakutenadvertising.io tag.rmp.rakuten.com *.rmp.rakuten.com cdn.alireviews.io cdn.jsdelivr.net *.alicdn.com *.klaviyo.com static.klaviyo.com *.paypal.com *.paypalobjects.com *.weaverse.io *.shopify.com *.myshopify.com 'self' https://cdn.shopify.com https://shopify.com 'nonce-39afc09b8f786c54885bd1dccb1b5587'; frame-ancestors 'none'; style-src *.weaverse.io *.shopify.com *.myshopify.com *.klaviyo.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src vimeo.com *.google-analytics.com *.matomo.cloud *.luckyorange.com *.rakutenadvertising.io *.rmp.rakuten.com *.klaviyo.com *.paypal.com *.paypalobjects.com localhost:4003 *.ondigitalocean.app *.weaverse.io *.shopify.com *.myshopify.com 'self' https://cdn.shopify.com/ https://monorail-edge.shopifysvc.com https://checkout.coutr.com https://0w6e1v-7d.myshopify.com 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.crisp.chat https://www.gstatic.com https://fonts.gstatic.com *.stape.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.paypal.com *.googletagmanager.com *.cookiebot.eu https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://images.unsplash.com *.facebook.com magefan.com cm.magefan.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.googleapis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://maps.googleapis.com *.facebook.net *.cookiebot.eu *.crisp.chat https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.crisp.chat https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.stape.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com https://maps.googleapis.com https://player.vimeo.com *.crisp.chat https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maps.googleapis.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.stape.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com *.multisafepay.com https://pay.google.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.google.com www.gstatic.com apis.google.com *.multisafepay.com https://pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.multisafepay.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.multisafepay.com https://pay.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.multisafepay.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.multisafepay.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.ibeautyreport.com;script-src 'unsafe-inline' *.ibeautyreport.com;img-src 'self' *.ibeautyreport.com ibr-image.imgix.net ibeauty-report.imgix.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob: https://big-reward-5b88d17b18.strapiapp.com; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.amplitude.com https://big-reward-5b88d17b18.strapiapp.com; frame-src 'self' https://www.googletagmanager.com; media-src 'self' https://big-reward-5b88d17b18.strapiapp.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.facebook.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.audioeye.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.hotjar.com bat.bing.com cdn.adasitecompliance.com adasitecompliancetools.com *.audioeye.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.gstatic.com *.hotjar.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com *.audioeye.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com downloads.mailchimp.com assets.braintreegateway.com *.amazonaws.com *.materialdesignicons.com *.jsdelivr.net *.audioeye.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.brilliantcollector.com *.doubleclick.net *.hotjar.com *.hotjar.io *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com *.audioeye.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com blob: * https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.disqus.com https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com self https://fonts.gstatic.com/ https://v2.zopim.com/ data: data: 'self' 'unsafe-inline'; form-action *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cookiebot.com *.multisafepay.com https://pay.google.com https://www.google.com https://us4.campaign-archive.com/ *.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.placeholder.com *.linkedin.com *.cookiebot.com magefan.com cm.magefan.com *.disqus.com *.multisafepay.com *.magentocommerce.com https://www.facebook.com/ https://www.google.nl/ https://www.google.com/ https://www.google-analytics.com/ https://s.ytimg.com https://v2.zopim.com/ *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.newrelic.com bam-cell.nr-data.net bam.nr-data.net *.cookiebot.com *.disqus.com *.multisafepay.com https://pay.google.com https://www.googletagmanager.com *.googleapis.com https://www.gstatic.com/ https://www.google.com/ https://www.google-analytics.com/ *.sendcloud.sc https://connect.facebook.net/ https://kit.fontawesome.com/ https://kit-pro.fontawesome.com/ https://grovet.us4.list-manage.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://pro.fontawesome.com/releases/v5.14.0/js/solid.js https://pro.fontawesome.com/releases/v5.14.0/js/regular.js https://pro.fontawesome.com/releases/v5.14.0/js/brands.js https://pro.fontawesome.com/releases/v5.14.0/js/fontawesome.js *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cookiebot.com maxcdn.bootstrapcdn.com *.multisafepay.com https://fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src https://us4.campaign-archive.com/ 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com bam-cell.nr-data.net *.cookiebot.com *.zendesk.com *.multisafepay.com https://www.google-analytics.com https://www.facebook.com https://kit.fontawesome.com/ https://kit-pro.fontawesome.com/ wss://widget-mediator.zopim.com/ https://ekr.zdassets.com/ *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri www.grovet.com/csp; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-2s_TkLwKK58tqe8Gx-96IQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'nonce-55859a7da1caf4de9516c2b7d2b1dbd8' 'self' https://*.cathaycargo.com; script-src 'nonce-55859a7da1caf4de9516c2b7d2b1dbd8' 'self' blob: 'nonce-c592ee4862931ac6b0c3fb4ecc47ec63' 'unsafe-eval' https://analytics.cathaypacific.com https://tags.cathaycargo.com https://tags.tiqcdn.com https://*.qualtrics.com https://www.googletagmanager.com https://js.adsrvr.org https://ad.doubleclick.net https://connect.facebook.net https://api.mapbox.com https://cgocms.cathaypacific.com https://*.jsdelivr.net https://assets.cathaypacific.com https://snap.licdn.com https://www.youtube.com; style-src 'self' api.mapbox.com 'unsafe-inline'; img-src 'self' data: https://metrics.cathaycargo.com https://cm.everesttech.net https://*.googlesyndication.com https://www.facebook.com https://*.qualtrics.com https://px.ads.linkedin.com https://ad.doubleclick.net https://www.googletagmanager.com https://www.google.com https://i.ytimg.com https://connect.facebook.net https://www.googleadservices.com https://*.linkedin.com; connect-src 'self' https://assets.cathaypacific.com https://*.qualtrics.com https://insight.adsrvr.org https://www.google.com https://ad.doubleclick.net https://dpm.demdex.net https://*.cathaycargo.com https://www.facebook.com https://*.px-cloud.net https://*.px-cdn.net https://*.mapbox.com https://*.akamaihd.net https://api.cathaypacific.com https://px.ads.linkedin.com https://*.akstat.io https://pagead2.googlesyndication.com https://www.googleadservices.com https://collector-pxstetiejf.pxchk.net https://www.googletagmanager.com; font-src 'self' data:; worker-src 'self' chrome blob:; frame-src 'self' https://13315781.fls.doubleclick.net https://asiamiles.demdex.net https://*.adsrvr.org https://cgocms.cathaypacific.com https://cathaypacific.eu.qualtrics.com https://www.youtube.com https://login.microsoftonline.com; frame-ancestors 'self'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-rhbtgnIohIxuFSI0G8k9bw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.youtube.com magefan.com cm.magefan.com *.cloudflare.com *.doofinder.com *.doofinder *.ytimg.com *.doubleclick.net *.casmarglobal.com *.google-analytics.com *.connectif.cloud akeneo.casmarglobal.com:8000 *.eu1-layer.doofinder.com www.vimeo.com imgsct.cookiebot.com cdn.doofinder.com storage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.clarity.ms *.bing.com *.google.es *.google.com.ar www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.fontawesome.com *.cloudflare.com *.google-analytics.com *.connectif.cloud *.doofinder.com *.analytics.google.com *.casmarglobal.com pro.casmarglobal.com consent.cookiebot.com consentcdn.cookiebot.com cdn.doofinder.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cookiebot.com *.consent.cookiebot.com *.region1.analytics.google.com *.www.google.es *.clarity.ms *.licdn.com *.google.com consentcdn.cookiebot.com/sdk/bc-v4.min.html *.usercentrics.com *.usercentrics.eu *.consent.cookiebot.eu *.cdn.connectif.cloud *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.doofinder.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.casmarglobal.com *.cookiebot.com *.connectif.cloud *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.clarity.ms *.doubleclick.net *.usercentrics.com *.usercentrics.eu *.consent.cookiebot.eu cdn.connectif.cloud eu4-api.connectif.cloud *.consent.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.mollie.com *.multisafepay.com https://pay.google.com https://www.googletagmanager.com https://td.doubleclick.net 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com *.vimeocdn.com i.ytimg.com *.youtube.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://images.unsplash.com magefan.com cm.magefan.com https://www.mollie.com *.multisafepay.com *.hsforms.net *.hsforms.com 'self' data: ts.tradetracker.net www.magmodules.eu https://imgproxy.vendic.dev data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com https://maps.googleapis.com js.mollie.com *.multisafepay.com https://pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com downloads.mailchimp.com *.fontawesome.com *.multisafepay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net https://core.helloretail.com https://helloretailcdn.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://maps.googleapis.com https://player.vimeo.com *.multisafepay.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com https://t.pepperjamnetwork.com *.trustpilot.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.stripe.com *.stripe.network ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://shareasale.com/sale.cfm https://track.linksynergy.com https://www.bizrate.com https://www.awin1.com https://*.zenaps.com https://track.webgains.com https://prf.hn https://track.flexlinks.com https://scripts.affiliatefuture.com https://t.powerreviews.com https://match.sharethrough.com https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://jadserve.postrelease.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://ps.eyeota.net https://public-prod-dspcookiematching.dmxleo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com stackpath.bootstrapcdn.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.dwin1.com https://intljs.rmtag.com https://cdn.avmws.com https://images.bizrate.com https://www.awin1.com https://*.zenaps.com https://swrap.tradedoubler.com https://analytics.optimalpeople.fr https://www.linkconnector.com https://d3v27wwd40f0xu.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://*.affiliatefuture.com https://static.powerreviews.com https://analytics.webgains.io *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com stackpath.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://shareasale.com/sale.cfm https://analytics.optimalpeople.fr https://measurement-api.criteo.com https://api.webgains.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.maxcdn.bootstrapcdn.com/ *.fontawesome.com data: *.cloudfront.net *.reviews.io *.reviews.co.uk *.fonts.googleapis.com *.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.instagram.com www.google.com *.stripe.com *.braintreepayments.com https://www.facebook.com/ *.google-analytics.com *.braintree-api.com *.googleadservices.com *.googleapis.com *.sandbox.paypal.com *.stripecdn.com *.reviews.co.uk *.klarna.com *.amazon.com *.luckyorange.net *.flashtalking.com *.google.com.ua *.google.co.uk *.reviews.io *.addthis.com *.pinterest.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cdninstagram.com *.twitter.com *.imagekit.io *.meetanshi.com https://www.google.co.in/ads/ga-audiences https://bat.bing.com/action/0 www.sandbox.paypal.com https://c.clarity.ms/c.gif *.pushalert.co *.facebook.com *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net moogento.com *.moogento.com https://redchamps.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com widget.freshworks.com m2epro.freshdesk.com *.googleadservices.com *.googletagmanager.com *.clarity.ms *.facebook.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.stripecdn.com *.reviews.co.uk *.klarna.com *.amazon.com *.luckyorange.net *.bing.com *.pushalert.co *.cloudfront.net *.adsrvr.org *.flashtalking.com *.conversitor.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net l2.moogento.com *.reviews.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.stripe.network klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com widget.freshworks.com m2epro.freshdesk.com https://r.clarity.ms/collect *.google-analytics.com *.googleadservices.com *.googleapis.com *.sandbox.paypal.com *.stripecdn.com *.reviews.co.uk *.stripe.com *.klarna.com *.amazon.com *.luckyorange.net *.cloudfront.net *.reviews.io *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.facebook.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';   img-src 'self' https://i.vimeocdn.com https://cartodb-basemaps-c.global.ssl.fastly.net https://cartodb-basemaps-b.global.ssl.fastly.net https://cartodb-basemaps-a.global.ssl.fastly.net https://server.arcgisonline.com https://imgsct.cookiebot.com https://secure.gravatar.com maps.gstatic.com maps.googleapis.com *.stripe.com *.linkedin.com *.cookiepro.com www.googletagmanager.com https://*.hotjar.com data:;   script-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://yoast.com https://cdn.jsdelivr.net https://oxerambd.activehosted.com https://js.stripe.com https://connect-js.stripe.com https://*.mimecastprotect.com https://diffuser-cdn.app-us1.com https://*.googleapis.com https://*.cookiepro.com https://snap.licdn.com Https://prism.app-us1.com https://trackcmp.net https://www.googletagmanager.com https://*.hotjar.com 'unsafe-inline' 'unsafe-eval';   connect-src 'self' https://consentcdn.cookiebot.com *.googleapis.com *.linkedin.com *.cookiepro.com *.google-analytics.com www.googletagmanager.com www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;   font-src 'self' https://s0.wp.com/ https://fonts.gstatic.com https://*.hotjar.com data:;   style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.hotjar.com 'unsafe-inline';   frame-src 'self' https://oxera.com/ https://player.vimeo.com https://consentcdn.cookiebot.com https://www.youtube.com/ https://connect-js.stripe.com https://js.stripe.com; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.cloudflare.com *.bootstrapcdn.com *.woxo.tech *.fontawesome.com https://fonts.bunny.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sandbox.paypal.com *.twitter.com *.woxo.tech 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.coralvue.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.cloudflare.com *.google.com *.google.com.vn *.woxo.tech *.sc.omtrdc.net *.demdex.net *.cloudfront.net *.facebook.net *.facebook.com *.magentocommerce.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://firebasestorage.googleapis.com https://www.magezon.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com apis.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.fontawesome.com *.mailchimp.com *.list-manage.com *.crazyegg.com *.googletagmanager.com chimpstatic.com *.woxo.tech downloads.mailchimp.com *.avada.io *.google.com/ *.authorize.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.woxo.tech downloads.mailchimp.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.twitter.com *.doubleclick.net *.cloudfunctions.net *.crazyegg.com *.woxo.tech https://get.geojs.io *.avada.io *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src  'none'; connect-src 'self' *.joymii.com *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.joymii.com *.adulttime.com join.gammasecure.com; script-src 'self' *.joymii.com *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.joymii.com *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
img-src 'self' data: https://j8c5a7h4.rocketcdn.me  blob:  https://mifinityaffiliates.ck-cdn.com  https://i3.wp.com  https://images.unsplash.com  https://playtoropartners.ck-cdn.com  https://lh7-us.googleusercontent.com  https://www.google.com  https://embed-ssl.wistia.com  https://whonhow.com  https://images.pexels.com  https://farm4.static.flickr.com  https://www.googletagmanager.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://j8c5a7h4.rocketcdn.me  data:  https://fast.wistia.com  http://casinostars.se  https://www.googletagmanager.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://j8c5a7h4.rocketcdn.me  data:  https://fast.wistia.com  http://casinostars.se  https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  http://casinostars.se  https://j8c5a7h4.rocketcdn.me ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  http://casinostars.se  https://j8c5a7h4.rocketcdn.me ; font-src 'self' https://j8c5a7h4.rocketcdn.me  https://s0.wp.com  https://fonts.gstatic.com  https://fast.wistia.com  data:; frame-src 'self' https://api.wp-rocket.me  https://mozbar.moz.com  https://www.facebook.com  blob:; connect-src 'self' https://api.rankmath.com  https://j8c5a7h4.rocketcdn.me  https://fg8vvsvnieiv3ej16jby.litix.io  https://fast.wistia.com  https://images.unsplash.com  https://region1.google-analytics.com  https://www.google-analytics.com;  worker-src 'self' blob:;  report-uri https://casinostars.se/wp-json/rsssl/v1/csp?rsssl_apitoken=17593010; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://mozbar.moz.com https://www.google.com https://stats.g.doubleclick.net https://yoast.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://www.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://yoast.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://cdslegal.com https://mozbar.moz.com https://www.google.com https://pi.pardot.com/pd.js *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; block-all-mixed-content; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com https://fonts.bunny.net 'self' data: www.rhinoproducts.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk https://*.svea.com https://*.vipps.no https://*.trustly.com www.rhinoproducts.co.uk 'self' 'unsafe-inline'; frame-ancestors www.rhinoproducts.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.reviews.io *.reviews.co.uk js.mollie.com https://*.svea.com *.googletagmanager.com www.rhinoproducts.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.gstatic.com maps.googleapis.com *.rhinoproducts.co.uk *.cloudfront.net *.reviews.io *.reviews.co.uk https://firebasestorage.googleapis.com https://www.mollie.com https://omnisnippet1.com https://wt.soundestlink.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.rhinoproducts.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com maps.googleapis.com maps.gstatic.com *.reviews.io *.reviews.co.uk *.avada.io *.shopify.com js.mollie.com https://omnisnippet1.com https://forms.soundestlink.com https://wt.omnisendlink.com *.gstatic.com https://*.svea.com *.googletagmanager.com tagmanager.google.com www.rhinoproducts.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com www.rhinoproducts.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.rhinoproducts.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.cloudfront.net *.reviews.io *.reviews.co.uk https://get.geojs.io *.avada.io https://wt.omnisendlink.com https://forms.soundestlink.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.rhinoproducts.co.uk 'self' 'unsafe-inline'; child-src www.rhinoproducts.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.rhinoproducts.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.facebook.com/tr/ cdn.cookielaw.org static.zdassets.com ekr.zdassets.com *.zendesk.com assets.zendesk.com www.google-analytics.com widget-mediator.zopim.com js-agent.newrelic.com bam.nr-data.net maps.gstatic.com maps.googleapis.com www.google.com www.google.es *.hotjar.com *.criteo.com *.criteo.net *.onetrust.com stats.g.doubleclick.net www.googleoptimize.com www.youtube.com www.youtube-nocookie.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.cookielaw.org static.zdassets.com ekr.zdassets.com *.zendesk.com assets.zendesk.com wss://widget-mediator.zopim.com js-agent.newrelic.com bam.nr-data.net maps.gstatic.com maps.googleapis.com www.facebook.com/tr/ www.google.es *.hotjar.com *.criteo.com *.criteo.net *.onetrust.com stats.g.doubleclick.net privacyportal-de.onetrust.com https://www.googletagmanager.com ad.doubleclick.net insight.adsrvr.org 20836339p.rfihub.com www.googleoptimize.com img.youtube.com ade.googlesyndication.com p1.zemanta.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.facebook.com/tr/ cdn.cookielaw.org static.zdassets.com ekr.zdassets.com *.zendesk.com assets.zendesk.com widget-mediator.zopim.com js-agent.newrelic.com bam.nr-data.net maps.gstatic.com maps.googleapis.com s.retargeted.co www.google.com www.google.es *.hotjar.com *.criteo.com *.criteo.net stats.g.doubleclick.net www.gstatic.com *.onetrust.com www.clarity.ms bucket.cdnwebcloud.com cdn.taboola.com e.clarity.ms www.dwin1.com/ www.googleoptimize.com js-tag.zemanta.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de https://maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.facebook.com/tr/ cdn.cookielaw.org static.zdassets.com ekr.zdassets.com *.zendesk.com assets.zendesk.com www.google-analytics.com widget-mediator.zopim.com js-agent.newrelic.com bam.nr-data.net maps.gstatic.com maps.googleapis.com connect.facebook.net www.google.com www.google.es *.hotjar.com *.criteo.com *.criteo.net *.onetrust.com stats.g.doubleclick.net www.googleoptimize.com www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.facebook.com/tr/ cdn.cookielaw.org static.zdassets.com ekr.zdassets.com *.zendesk.com assets.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com js-agent.newrelic.com bam.nr-data.net maps.gstatic.com maps.googleapis.com www.google.com www.google.es *.hotjar.com wss://*.hotjar.com *.criteo.com *.criteo.net stats.g.doubleclick.net *.onetrust.com pagead2.googlesyndication.com trc.taboola.com e.clarity.ms trc-events.taboola.com www.googleoptimize.com region1.google-analytics.com smart-widget-assets.ekomiapps.de https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qxwPqtrWk3OQUe9qxCKnQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com *.cloudflare.com *.twitter.com https://www.gstatic.com *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.userway.org maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://test.transafe.com https://post.live.transafe.com *.twitter.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com https://test.transafe.com https://post.live.transafe.com *.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.authorize.net *.userway.org *.disqus.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com https://test.transafe.com https://post.live.transafe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.maps.googleapis.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.bootstrapcdn.com *.fontawesome.com *.authorize.net *.weltpixel.com *.support.weltpixel.com *.mirasvit.com *.userway.org *.disqus.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.maps.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bootstrapcdn.com *.authorize.net *.userway.org maxcdn.bootstrapcdn.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com *.cloudflare.com *.twitter.com *.twimg.com maps.google.com maps.googleapis.com *.authorize.net *.ss-gtm.com *.userway.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.insivia.com/; report-to report-endpoint; 1
default-src 'self'; img-src *; connect-src: plausible.io; report-uri https://o57577.ingest.us.sentry.io/api/4509797941116928/security/?sentry_key=47cecc27bf90c0b8827e8dd08a448a16; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-QcuJXAcxIQw3sZzJGcZAvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *;script-src * *.criteo.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.vimeo.com *.visualwebsiteoptimizer.com *.youtube.com app.vwo.com blob: consent.cookiebot.com consentcdn.cookiebot.com 'unsafe-eval' 'unsafe-inline';img-src *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.ads.linkedin.com *.bidswitch.net *.casalemedia.com *.cookiebot.com *.criteo.com *.criteo.com *.demdex.net *.doubleclick.net *.emxdgt.com *.ivitrack.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.squeezely.tech *.taboola.com *.teads.tv *.thebrighttag.com *.tremorhub.com *.visualwebsiteoptimizer.com *.yahoo.com *.yieldlab.net *.yieldmo.com app.vwo.com bat.bing.com chart.googleapis.com data: googletagmanager.com hb.yahoo.net id5-sync.com 'self' squeezely.tech static.civas.be static.civas.nl wingify-assets.s3.amazonaws.com www.facebook.com www.google.com www.google.nl www.linkedin.com;connect-src *.ads.linkedin.com *.bugsnag.com *.criteo.com *.criteo.net *.google-analytics.com *.googlesyndication.com *.hotjar.io *.visualwebsiteoptimizer.com api.civas.nl api.datatrics.com app.vwo.com bat.bing.com cdn.linkedin.oribi.io connect.facebook.net consentcdn.cookiebot.com criteo-partners.tremorhub.com googleads.g.doubleclick.net in.hotjar.com in.hotjar.io r.clarity.ms region1.analytics.google.com squeezely.tech stats.g.doubleclick.net vc.hotjar.io ws1.hotjar.com ws1.hotjar.io ws3.hotjar.com ws3.hotjar.io wss://ws.hotjar.com wss://ws1.hotjar.com wss://ws1.hotjar.io wss://ws3.hotjar.com wss://ws3.hotjar.io wss://www.civas.be wss://www.civas.nl www.civas.be www.civas.nl www.facebook.com www.feedbackcompany.com www.google.com www.google-analytics.com;script-src-elem *.cookiebot.com *.criteo.com *.googletagmanager.com *.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com bat.bing.com clarity.ms clarity.ms connect.facebook.net consent.cookiebot.com googleads.g.doubleclick.net 'self' snap.licdn.com squeezely.tech tm.tradetracker.net 'unsafe-eval' 'unsafe-inline' www.clarity.ms www.feedbackcompany.com www.google.com/recaptcha/api.js www.gstatic.com;frame-src *.cookiebot.com *.criteo.com *.doubleclick.net *.vimeo.com *.visualwebsiteoptimizer.com *.youtube.com *.youtube-nocookie.com app.vwo.com consentcdn.cookiebot.com googletagmanager.com noembed.com optimize.google.com 'self' 'unsafe-inline' usersync.datatrics.com vars.hotjar.com vars.hotjar.io www.bladerpdf.nl www.civas.be www.civas.nl www.google.com youtu.be;style-src *.visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com s3.amazonaws.com 'self' 'unsafe-inline';default-src 'self' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'report-sample' 'self' 'unsafe-inline' https://*.googletagmanager.com https://bat.bing.com/bat.js https://bat.bing.com/p/action/148002326.js https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com/consentconfig/90d6901d-19f9-456b-a6a9-ca36df443162/state.js https://googleads.g.doubleclick.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com/v2/24983590/banner.js https://js-eu1.hs-scripts.com/24983590.js https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hubspot.com/web-interactives-embed.js https://moneypennychat.appspot.com https://pagead2.googlesyndication.com https://player.vimeo.com/api/player.js https://script.hotjar.com https://scripts.clarity.ms https://snap.licdn.com https://static.hotjar.com https://static.srcspot.com/libs/jena.js https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://vercel.live; style-src 'report-sample' 'self' 'unsafe-inline' https://script.hotjar.co https://static.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://api-eu1.hubapi.com https://api.mapbox.com https://bat.bing.com https://bat.bing.net https://cms.brabners.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cta-eu1.hubspot.com https://events.mapbox.com https://forms-eu1.hscollectedforms.net https://forms-eu1.hsforms.com https://google.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.googleadservices.com wss://*.hotjar.com; font-src 'self' data: https://script.hotjar.com https://storage.googleapis.com/moneypennychat/studio/fonts/Lato-Light.woff; frame-src 'self' https://cdn.yoshki.com https://consentcdn.cookiebot.com https://forms-eu1.hsforms.com https://player.vimeo.com https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://vercel.live; img-src 'self' data: https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://bat.bing.com https://bat.bing.net https://c.bing.com https://brabners-cms.files.svdcdn.com https://brabners-cms.transforms.svdcdn.com https://forms-eu1.hsforms.com https://google.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://pagead2.googlesyndication.com https://perf-eu1.hsforms.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://moneypennychat.appspot.com https://script.hotjar.com https://static.hotjar.com https://survey-images.hotjar.com https://track-eu1.hubspot.com https://track.hubspot.com https://www.facebook.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src blob:; frame-ancestors 'self' https://cms.brabners.com; report-uri /api/csp-report; report-to csp-report; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://img.youtube.com images.cloudflareapps.com io.dropinblog.com www.mckaynursery.com www.google.com.ua www.facebook.com i3.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://cdn.jsdelivr.net static.cloudflareinsights.com io.dropinblog.com api.dropinblog.com connect.facebook.net 'self' js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com https://cdn.jsdelivr.net io.dropinblog.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net www.google.com.ua api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://d3tw2v68rmxuj7.cloudfront.net; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://platform.twitter.com https://x.adroll.com https://15347100.fls.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com; img-src https:; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://d3tw2v68rmxuj7.cloudfront.net; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ionicons/4.5.6/css/ionicons.min.css https://use.typekit.net https://p.typekit.net; report-uri /csp 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.netsuite.com netsuite.com *.remote.com remote.com *.niceremote.com niceremote.com toasttab.com *.toasttab.com patriotsoftware.com *.patriotsoftware.com *.7shifts.com 7shifts.com *.aioapp.com aioapp.com *.belfrysoftware.com belfrysoftware.com *.blinkpayroll.com blinkpayroll.com *.bolto.com bolto.com *.buddypunch.com buddypunch.com *.central.inc central.inc *.checkhq.com checkhq.com *.concordmaterials.com concordmaterials.com *.dripos.com dripos.com *.eddy.com eddy.com *.encompassfi.com encompassfi.com *.finally.com finally.com *.getthera.com getthera.com *.gogateway.ai gogateway.ai *.gosteelhead.com gosteelhead.com *.housecallpro.com housecallpro.com *.joinhomebase.com joinhomebase.com *.joinmoxie.com joinmoxie.com *.joinwarp.com joinwarp.com *.keka.com *.kekad.com *.kekauat.com *.kekastage.com *.kekademo.com *.lumberfi.com lumberfi.com *.masonworkforce.com masonworkforce.com *.miter.com miter.com *.monograph.com monograph.com *.mymaterial.co mymaterial.co *.plane.com plane.com *.runtrayd.com runtrayd.com *.tryplayground.com tryplayground.com *.zenoti.com zenoti.com *.zoho.com zoho.com *.collective.com collective.com *.myhrfh.com myhrfh.com *.studiodesigner.com studiodesigner.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-dLKnjNkoemb2enrdrCH5Lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
* 1
script-src 'nonce-Ks0D7chlT4DtD_NvaJGeaw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none'; script-src-attr 'self'; script-src-elem 'self' cdn.jsdelivr.net cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://*.holidaysplease.co.uk:3000 wss://*.holidaysplease.co.uk:3000; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://*.holidaysplease.co.uk:3000 https://connect.facebook.net https://bat.bing.com https://*.elegantescapes.com 'nonce-qVEOsA'; img-src * data:; frame-src 'self' https://www.facebook.com/ data: 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com fonts.soundestlink.com assets.mxapis.com *.cloudfront.net www.gstatic.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.soundestlink.com www.gstatic.com assets.mxapis.com *.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.hotjar.com *.cloudflare.com *.doubleclick.net static.cloudflareinsights.com *.clarity.ms *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net *.googleapis.com;script-src-elem 'self' 'unsafe-inline' cdn.datatables.net static.cloudflareinsights.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.googleapis.com *.google.com *.google.lt *.google.lv *.googleadservices.com *.googlesyndication.com *.facebook.net *.bing.com *.cloudflare.com *.cloudflare.com *.doubleclick.net www.youtube.com pagead2.googlesyndication.com *.nosto.com omnisnippet1.com *.rackcdn.com *.equalweb.com *.mxapis.com *.ladesk.com cdn.dot.vu tags.creativecdn.com analytics.tiktok.com chimpstatic.com *.mailchimp.com *.list-manage.com *.cloudfront.net static.cloudflareinsights.com *.adform.net;connect-src 'self' https://api.moonmart.lv *.nordcode.io *.google-analytics.com *.doubleclick.net *.google.com *.cookiebot.com *.bing.com *.googlesyndication.com *.clarity.ms *.facebook.com adservice.google.com graph.facebook.com www.googleadservices.com www.google.com www.google.lt www.google.lv googleadservices.com google.com google.lt google.lv pagead2.googlesyndication.com *.nosto.com *.sentry.io *.googleapis.com *.equalweb.com *.soundestlink.com *.dot.vu ams.creativecdn.com analytics.tiktok.com *.e-menessaptieka.lv *.moonmart.lt *.mxapis.com *.tiktokw.us;frame-src 'self' *.cookiebot.com *.doubleclick.net *.youtube.com accounts.google.com *.ladesk.com live.dot.vu ams.creativecdn.com cdn.mxapis.com;img-src 'self' data: https://api.moonmart.lv https://images.moonmart.lv *.klix.app *.cookiebot.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.google.com *.google.lt *.google.lv *.cloudflare.com *.tawk.to tawk.link *.hotjar.com *.soundestlink.com *.googleapis.com *.gstatic.com *.facebook.com *.youtube.com *.doubleclick.net *.dmxleo.com *.hotjar.com *.bing.com *.adform.net *.criteo.com *.clarity.ms *.demdex.net x.bidswitch.net ib.adnxs.com rtb-csync.smartadserver.com sync-t1.taboola.com visitor.omnitagjs.com r.casalemedia.com ad.360yield.com matching.ivitrack.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com googleads.g.doubleclick.net omnisnippet1.com csm.fr3.eu.criteo.net id5-sync.com ade.googlesyndication.com *.nosto.com *.appspot.com serve.mxapis.com *.e-menessaptieka.lv *.moonmart.lt www.googleadservices.com *.creativecdn.com static.salidzini.lv ema.ladesk.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.moonmart.lv https://images.moonmart.lv;report-uri https://api.moonmart.lv/csp/report 1
default-src *.retelit.it *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com *.googleapis.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.kolst.com code.jquery.com netdna.bootstrapcdn.com *.matomo.cloud; report-to csp~www.kolst.com 1
object-src 'none';base-uri 'self';script-src 'nonce-q0y9KPBbMWQDKTWpaxvSwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv5%3F.ojl7r-19cf9ec3663-0x2806#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-TmS1gkHJLzyVxXBXM5I2DQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com cdn.mundipagg.com api.pagar.me *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.avada.io 3ds2.pagar.me 3ds2-sdx.pagar.me *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com *.google.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io api.mundipagg.com api.pagar.me brasilapi.com.br viacep.com.br servicodados.ibge.gov.br pay.sandbox.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-gPBsSZGP0qtfaPfXjAUtNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com cash-f.squarecdn.com https://*.gstatic.com *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.adyen.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * *.adyen.com *.instagram.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net * https://*.gstatic.com *.adyen.com *.googleapis.com *.cdninstagram.com www.apptrian.com www.facebook.com *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com applepay.cdn-apple.com https://rum.hlx.page *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk cdn.jsdelivr.net js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.cash.app https://fonts.googleapis.com/ webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com * *.adyen.com *.googleapis.com www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.it www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cookiebot.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cookiebot.com *.g.doubleclick.net *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wNL8IElHmK2hqm40ql3IPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dyPFXXJcBtyb4KbjssjLPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: fonts.gstatic.com *.kxcdn.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.feedbackcompany.com *.cookiefirst.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.twitter.com js.mollie.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.twitter.com *.hotjar.com *.cookiefirst.com js.mollie.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.feedbackcompany.com *.google.nl *.doubleclick.net https://www.mollie.com *.cookiefirst.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.feedbackcompany.com *.google.nl *.sendcloud.sc *.hotjar.com *.doubleclick.net js.mollie.com *.cookiefirst.com s7.addthis.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.jsdelivr.net maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.feedbackcompany.com *.cookiefirst.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.slijpschijvenwinkel.nl *.slijpschijvenwinkel.de *.schleifscheibenladen.de *.slijpschijvenwinkel-dev.nl *.slijpschijvenwinkel-dev.de *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.feedbackcompany.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.cookiefirst.com ekr.zdassets.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.slijpschijvenwinkel.nl/; report-to report-endpoint; 1
font-src *.environmentallights.com *.typekit.net *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.environmentallights.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.environmentallights.com *.google.com *.googleapis.com *.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.environmentallights.com *.google.com *.googleapis.com *.gstatic.com *.linkedin.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.environmentallights.com bam.nr-data.net *.cookielaw.org *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com player.vimeo.com *.facebook.net api.wistia.com fast.wistia.com *.callrail.com *.crazyegg.com *.cookiepro.com *.pardot.com *.licdn.com *.d41.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.environmentallights.com *.typekit.net *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.environmentallights.com embed.wistia.com embed-ssl.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.environmentallights.com bam.nr-data.net *.doubleclick.net *.facebook.com *.google.com *.googleapis.com api.wistia.com fast.wistia.com *.callrail.com *.cookiepro.com cookiepro.blob.core.windows.net *.d41.co *.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.environmentallights.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com 'sha256-F+QMJISS2IIkRUd2a+c+u1owMqMSoidCaHFDAmzUgOo=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-yZHeusBmoqYSsqdm5ylf993dfqVyosFaYa5gueKZDsA=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-CdgYRovLhvWsxIa5hfw5UUB/BlQcmmCfwFAr5JJSYKI=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-acxtalv+w668tbnSP3ZV1VEyaZ0h+IVpp+PeOumzhck=' 'sha256-fPXetwWx4258jL256OrNtQQyvFVR4/BotkeZKtfk54Q=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-Bboy7Ox5VyOOm+bkbKKlzCxDFW+yu5soJBqx8Bx362s=' 'sha256-qcT/R0HkWUs2DMxvtvcMobUms6Z5/fPtfgUe2hN67gE='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com https://sourcemap.devowl.io https://sourcemap.devowl.io/real-media-library/4.22.47/adb9a2f4ef22d5d85978840bd322bf76/index.js.map www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://my.mediahub.bnpparibas/AssetLink/1cwfu8n4ki414p6d240ff18r41ver00j.mp4 https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com blob: https://fxplus.bnpparibas.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ohepBRZPmpECRNNjUV9Mpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
frame-ancestors 'self' *.ift.edu.mo *.iftm.edu.mo *.utm.edu.mo 1
script-src cdn.cookielaw.org 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-mD9LHFxDJGd1iRA3cOm9igfxNiRbok4O/dKtgaLtBYE=' 'unsafe-eval' 'unsafe-inline';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com 'self' data: www.cesholdings.co.uk data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.cesholdings.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.cesholdings.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com amc.demdex.net www.cesholdings.co.uk s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net 'self' data: cdn.shopify.com www.chamberlainmusic-education.co.uk www.addthis.com uk.yamaha.com blob mcprod.cesholdings.co.uk www.cesholdings.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.cesholdings.co.uk s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com wchat.freshchat.com www.cesholdings.co.uk 'self' 'unsafe-inline'; object-src www.cesholdings.co.uk 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.cesholdings.co.uk 'self' 'unsafe-inline'; manifest-src www.cesholdings.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com t.elasticsuite.io api-public.addthis.com maps.googleapis.com www.cesholdings.co.uk m.addthis.com 'self' 'unsafe-inline'; child-src www.cesholdings.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.cesholdings.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.cesholdings.co.uk 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com use.typekit.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudinary.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.slant.co *.flaticon.com unpkg.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com cloudinary.com *.cloudinary.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.xtento.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.addthis.com http://*.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com https://static.afterpay.com https://site-assets.afterpay.com/ cloudinary.com *.cloudinary.com blob: *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mn www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.tn https://eb2.3lift.com https://ib.adnxs.com https://*.adroll.com http://*.adroll.com https://*.bidswitch.net https://dsum-sec.casalemedia.com https://www.google.com https://www.google.com.au https://www.google.com.vn https://idsync.rlcdn.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.outbrain.com https://image2.pubmatic.com https://sync.taboola.com https://ups.analytics.yahoo.com https://prf.hn *.tiktok.com *.windsorsmithoutlet.com.au www.google.bj www.google.cd www.google.cg www.google.co.ug www.google.com.bn www.google.com.py www.google.com.sb www.google.la www.google.ps www.google.to *.cdninstagram.com foursixty.com *.foursixty.com www.google.bf www.google.bs www.google.ci www.google.cm www.google.co.ao www.google.co.ck www.google.co.ls www.google.co.zw www.google.com.af www.google.com.bh www.google.com.kw www.google.com.na www.google.com.pa www.google.dj www.google.gy www.google.hn www.google.ht www.google.kg www.google.mg www.google.mu www.google.rw www.google.sr www.google.tl www.google.tt www.google.vu www.google.ws *.afterpay.com *.googleapis.com *.trackedweb.net google.com www.google.co.vi www.google.com.ly www.google.cv www.google.gg www.google.im www.google.sh www.google.so www.google.tg *.googleadservices.com *.kxcdn.com www.google.dm www.google.gm www.google.nr www.google.sc *.tumblr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page *.afterpay.com https://static.afterpay.com *.squarecdn.com *.cash.app polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://hbiq.net cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com unpkg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.addthis.com http://*.addthis.com https://v1.addthisedge.com https://*.adroll.com http://*.adroll.com https://t.cfjump.com https://*.newrelic.com https://z.moatads.com https://widgets.pinterest.com http://widgets.pinterest.com https://analytics.tiktok.com https://cfjump.windsorsmith.com.au https://static.zdassets.com https://v2.zopim.com *.hotjar.com *.tiktok.com *.personyze.com foursixty.com *.foursixty.com *.adobe.net *.ahrefs.com *.cfjump.com *.googleapis.com *.zopim.com *.adobedtm.com *.googleadservices.com googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ static.afterpay.com/ *.squarecdn.com *.cash.app *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cloudinary.com *.cloudinary.com unpkg.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://s.adroll.com foursixty.com *.foursixty.com *.bootstrapcdn.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.afterpay.com *.afterpay-beta.com static.afterpay.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com static.sandbox.afterpay.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk cloudinary.com *.cloudinary.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://*.addthis.com http://*.addthis.com https://*.adroll.com http://*.adroll.com *.hotjar.com *.hotjar.io localhost https://analytics.tiktok.com https://*.zdassets.com https://windsorsmith.zendesk.com https://bam.nr-data.net https://*.afterpay.com www.google.ae www.google.al www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.et www.google.com.fj www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.mx www.google.com.my www.google.com.np www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.de www.google.dk www.google.es www.google.fr www.google.ge www.google.gr www.google.it www.google.lt www.google.lv www.google.md www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.si www.google.sk www.google.sm www.google.at www.google.az www.google.bt www.google.co.bw www.google.co.cr www.google.co.kr www.google.co.ma www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.jm www.google.com.mt www.google.com.ng www.google.com.pr www.google.com.qa www.google.com.sa www.google.cz www.google.ee www.google.fi www.google.hr www.google.hu www.google.ie www.google.kz www.google.lk www.google.lu www.google.mk www.google.rs www.google.se www.google.tn foursixty.com *.foursixty.com *.cdninstagram.com *.tiktok.com www.google.am www.google.ba www.google.bs www.google.ci www.google.co.ao www.google.co.ls www.google.co.tz www.google.co.uz www.google.co.zm www.google.co.zw www.google.com.bo www.google.com.gi www.google.com.kw www.google.com.ni www.google.com.pa www.google.com.sb www.google.com.sv www.google.com.uy www.google.dz www.google.gy www.google.hn www.google.iq www.google.is www.google.jo www.google.kg www.google.li www.google.mg www.google.mn www.google.mu www.google.mw www.google.ps www.google.ru www.google.sr www.google.tt www.google.vu *.ahrefs.com *.contentsquare.net *.googleapis.com *.zdassets-backup.com www.google.co.mz www.google.com.ly www.google.com.mm www.google.com.na www.google.com.om www.google.ga www.google.gg www.google.me www.google.mv www.google.sh www.google.so www.google.tl *.googleadservices.com www.google.ad www.google.cm www.google.co.ck www.google.co.ug www.google.com.bz www.google.gm www.google.nr www.google.rw www.google.ws *.bootstrapcdn.com www.google.bf 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://988f5f2a-8122-4a5c-b667-a92f322522d6.sansec.watch/; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.googlesyndication.com *.twitter.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.clearpay.co.uk *.youtube.com/ connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.afterpay.com *.clearpay.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://meetanshi.com/media/logo.png connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.afterpay.com/ *.squarecdn.com https://static.klaviyo.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.fontawesome.com *.gstatic.com *.typekit.net fonts.gstatic.com *.kxcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com facebook.com youtube.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com www.facebook.com *.kxcdn.com www.youtube.com platform.twitter.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.fbcdn.net *.disqus.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.adobedtm.com *.googleapis.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com facebook.net adobedtm.com adobe.com googleapis.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com *.disqus.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.fontawesome.com *.gstatic.com *.optimonk.com *.pinterest.com *.googleapis.com *.google.com *.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com *.google-analytics.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src   'self' 'unsafe-inline';  img-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.revico.jp *.visumo.io *.visumo.jp ajax.googleapis.com analytics.twitter.com b98.yahoo.co.jp b99.yahoo.co.jp bs.nakanohito.jp connect.facebook.net d1098su12yvtnm.cloudfront.net googleads.g.doubleclick.net i.smartnews-ads.com i6.smartnews-ads.com images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com img.fspark-ap.com m.media-amazon.com maihada.co.jp maison.kose.co.jp players.brightcove.net px.a8.net s3-ap-northeast-1.amazonaws.com sdk.hellouniweb.com sekkisei.jp static-fe.payments-amazon.com static-na.payments-amazon.com storage.userlocal.jp support-widget.userlocal.jp t.co tr.line.me user.fspark-ap.com www.addiction-beauty.com www.decorte.com www.facebook.com www.google.at www.google.ca www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.com www.google.com.au www.google.com.bd www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.de www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.googleadservices.com www.googletagmanager.com www.gstatic.com www.jillstuart-floranotisjillstuart.com data:;  font-src   'self' *.revico.jp assets.payments-amazon.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net r2cdn.perplexity.ai use.typekit.net data:;  connect-src   'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.karte.io *.line.me *.revico.jp *.visumo.io *.visumo.jp analytics.google.com analytics.tiktok.com analytics.twitter.com analytics-ipv6.tiktokw.us api.amazon.co.jp api.amazon.com apac.account.amazon.com apm.yahoo.co.jp ara.paa-reporting-advertising.amazon bs.nakanohito.jp c.amazon-adsystem.com dc.services.visualstudio.com dm.slim02.jp dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com edge.api.brightcove.com exceptcollect.ptengine.com fspark-ap.com googleads.g.doubleclick.net liffsdk.line-scdn.net lightning-recommend.io mws.amazonservices.com mws.amazonservices.jp o4506773005533184.ingest.sentry.io overbridgenet.com p.typekit.net payments-fe.amazon.com payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net region1.analytics.google.com s.amazon-adsystem.com sdk.hellouniweb.com stats.g.doubleclick.net stats.ptengine.jp support-beacon.userlocal.jp t.co use.typekit.net www.facebook.com www.google.at www.google.ca www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.com www.google.com.au www.google.com.bd www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tw www.google.com.vn www.google.de www.google.es www.google.fr www.google.ie www.google.it www.google.nl www.google-analytics.com www.googleadservices.com www.googletagmanager.com blob:;  frame-src   'self' *.revico.jp payments-jp.amazon.com payments.amazon.co.jp players.brightcove.net pwm-image.trendmicro.jp recaptcha.google.com static-fe.payments-amazon.com static-na.payments-amazon.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com;  media-src   'self' *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.media.brightcove.com *.visumo.io *.visumo.jp blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.ebis.ne.jp *.karte.io *.mul-pay.jp *.revico.jp *.visumo.io *.visumo.jp adebisns.sekkisei.jp admin.revive-chat.io ajax.googleapis.com analytics.tiktok.com as.uncn.jp assets.payments-amazon.com b98.yahoo.co.jp b99.yahoo.co.jp c.amazon-adsystem.com cdn.credit.gmo-ab.com cdn.jsdelivr.net cdn.smartnews-ads.com connect.facebook.net cs.nakanohito.jp d.line-scdn.net fraud-buster.appspot.com fspark-ap.com googleads.g.doubleclick.net infird.com js.ptengine.jp lightning-recommend.io players.brightcove.net s.yimg.jp sdk.hellouniweb.com static.ads-twitter.com static.line-scdn.net statics.a8.net static-fe.payments-amazon.com static-na.payments-amazon.com support-widget.userlocal.jp taj1.ebis.ne.jp unpkg.com use.typekit.net vjs.zencdn.net www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com blob:;  style-src   'self' 'unsafe-inline' *.revico.jp *.visumo.jp ajax.googleapis.com assets.payments-amazon.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com players.brightcove.net unpkg.com;  worker-src   'self' blob:;  report-to   csp-endpoint; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://flex.cybersource.com https://testflex.cybersource.com https://unpkg.com https://vjs.zencdn.net; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://vjs.zencdn.net; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com www.bugherd.com *.cloudfront.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.bootstrapcdn.com *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk *.klaviyo.com *.zohopublic.com *.zohocdn.com fonts.gstatic.com data: *.hotjar.com *.zopim.com *.salesfire.co.uk https://fonts.bunny.net *.reviews.io *.reviews.co.uk *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com accounts.google.com *.cloudflare.com *.doubleclick.net cleardesign.co.uk *.cleardesign.co.uk *.avada.io *.hotjar.com live.sagepay.com *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu bugherd-attachments.s3.amazonaws.com *.cloudfront.net *.cloudflare.com *.lfeeder.com *.google-analytics.com *.google.co.uk *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk *.klaviyo.com *.zohopublic.com *.mouseflow.com bat.bing.com www.google.co.uk stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.cdninstagram.com services.postcodeanywhere.co.uk *.zopim.com *.salesfire.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://firebasestorage.googleapis.com *.reviews.io *.reviews.co.uk *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com accounts.google.com www.bugherd.com *.cloudfront.net data: developer.adobe.com *.magento.com *.calendly.com *.cookie-script.com *.inspectlet.com *.tidio.co *.tidiochat.com *.jotform.com *.doubleclick.net *.trackedlink.net *.lfeeder.com *.leadforensics.com *.clarity.ms *.google-analytics.com *.googletagmanager.com URL null cleardesign.co.uk *.cleardesign.co.uk 'unsafe-inline' *.klaviyo.com *.zohopublic.com *.zohocdn.com *.mouseflow.com *.clearwebserver.co.uk bat.bing.com www.google.com www.gstatic.com maps.googleapis.com *.hotjar.com chimpstatic.com pi-test.sagepay.com services.postcodeanywhere.co.uk *.pcapredict.com *.zopim.com *.zdassets.com *.salesfire.co.uk widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.trustpilot.com *.cloudflare.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com accounts.google.com *.cloudfront.net *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.typekit.net cleardesign.co.uk *.cleardesign.co.uk URL *.zohocdn.com fast.fonts.net services.postcodeanywhere.co.uk widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.network *.stripecdn.com *.amazon.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tidiochat.com cleardesign.co.uk *.cleardesign.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com accounts.google.com www.bugherd.com sessions.bugsnag.com wss://ws.pusherapp.com *.pusher.com https://developer.adobe.com *.analytics.google.com *.google-analytics.com www.google.co.uk *.clarity.ms *.tidio.co *.doubleclick.net *.inspectlet.com wss://socket.tidio.co *.cookie-script.com cleardesign.co.uk *.cleardesign.co.uk *.klaviyo.com *.zohopublic.com *.zohocdn.com null *.clearwebserver.co.uk stats.g.doubleclick.net *.hotjar.com *.hotjar.io graph.instagram.com services.postcodeanywhere.co.uk *.zopim.com *.smartmetrics.co.uk *.zendesk.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.salesfire.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.googlesyndication.com *.tiktok.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com s7.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.clarity.ms *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://static.klaviyo.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com ekr.zdassets.com/ connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.clarity.ms *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ player.vimeo.com *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.meetanshi.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com https://static.photoslurp.com *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.google.ch https://m.photoslurp.com https://static.photoslurp.com cdn.flbx.io *.cloudfront.net https://www.magezon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://connect.facebook.net https://static.photoslurp.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.getflowbox.com *.google.com/ cdn.jsdelivr.net *.gstatic.com maps.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.photoslurp.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.addtoany.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://stats.g.doubleclick.net https://api.photoslurp.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.getflowbox.com http://dpm.demdex.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' www.googleadservices.com ct.pinterest.com bat.bing.net px.ads.linkedin.com settings.luckyorange.net bat.bing.com live.opayo.eu.elavon.com/api/v1/ pagead2.googlesyndication.com services.postcodeanywhere.co.uk api.vimeo.com fresnel.vimeocdn.com *.facebook.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.fr *.google-analytics.com *.analytics.google.com *.googletagmanager.com; font-src 'self' www.westdean.ac.uk assets.westdean.ac.uk/ data:; frame-ancestors 'self'; frame-src 'self' ct.pinterest.com discoveruni.gov.uk widget.discoveruni.gov.uk live.opayo.eu.elavon.com/api/v1/ my.matterport.com player.vimeo.com vimeo.com www.youtube.com *.luckyorange.com *.facebook.com *.googletagmanager.com; img-src 'self' * data:; media-src d10lpsik1i8c69.cloudfront.net player.vimeo.com download-video-ak.vimeocdn.com/v3-1/playback/ vod-adaptive-ak.vimeocdn.com skyfire.vimeocdn.com; script-src 'self' static.cloudflareinsights.com www.westdean.ac.uk assets.westdean.ac.uk/ chimpstatic.com s.pinimg.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com snap.licdn.com assets.opayo.cloud/assets/js/opayo-1.2.40.js cdn.tickettailor.com www.googleadservices.com www.google.com pagead2.googlesyndication.com services.postcodeanywhere.co.uk player.vimeo.com www.youtube.com *.doubleclick.net *.bing.com *.facebook.net *.googletagmanager.com *.vimeocdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.westdean.ac.uk assets.westdean.ac.uk/ d10lpsik1i8c69.cloudfront.net services.postcodeanywhere.co.uk 'unsafe-inline'; report-uri https://o74830.ingest.us.sentry.io/api/215515/security/?sentry_key=610a8846728c479cb10b52482e41c8cc; report-to csp-endpoint 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-NmY3ZDMyM2ItODNlOC00ZWJhLWI5MDQtMjg2NmE5N2Y2ZDlm' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.google-analytics.com *.google.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; img-src 'self' *.cenero.com; style-src 'self' *.cenero.com; script-src 'self' *.cenero.com *.constantconnect.net *.constantconnect.net *.us.az.constantconnect.net; report-to csp-endpoint; report-uri https://cspreport-api-prd-live.us.az.constantconnect.net/api/csp-report 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com *.packlink.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net *.typeform.com https://osm.klarnaservices.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net https://*.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://*.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packlink.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.amazonaws.com self blob: https://*.clarity.ms https://*.bing.com https://www.google.it https://widgets.magentocommerce.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://analytics.google.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://t.paypal.com https://*.vimeocdn.com https://*.cloudfront.net https://stats.g.doubleclick.net https://www.marchelab.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com https://*.clarity.ms https://js.klarna.com/web-sdk/v1/klarna.js https://js.stripe.com/v3/ https://www.marchelab.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.packlink.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com tagmanager.google.com https://www.marchelab.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com https://www.googleadservices.com https://analytics.google.com https://region1.analytics.google.com https://www.googletagmanager.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://www.paypal.com https://pilot-payflowlink.paypal.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.jp https://*.amazon.it https://*.amazon.fr https://*.amazon.es https://*.amazon.de https://*.amazonpay.com https://*.amazonpay.co.uk https://*.amazonpay.co.jp https://*.amazonpay.jp https://*.amazonpay.it https://*.amazonpay.fr https://*.amazonpay.es https://*.amazonpay.de https://mws.amazonservices.com https://mws.amazonservices.co.uk https://mws.amazonservices.co.jp https://mws.amazonservices.jp https://mws.amazonservices.it https://mws.amazonservices.fr https://mws.amazonservices.es https://mws.amazonservices.de https://www.apptrian.com https://facebook.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com https://widget.freshworks.com https://m2epro.freshdesk.com https://*.klarnaevt.com https://*.klarnacdn.net https://klarna.com https://*.klarnaservices.com https://*.stripe.com https://*.facebook.net https://*.instagram.com https://*.googleusercontent.com https://*.clarity.ms https://stats.g.doubleclick.net https://www.google.com/ccm/collect 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-5LeQ8x_LJoINmtovdMTzQg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-eY03qmNbSMUT8okLKAJwSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aL1MTrA2nFhE44VPcs9q7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/maps-tactile 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com *.trustpilot.com https://*.trengo.eu https://embed.pakketdienstqls.nl *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.storyblok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://tr.kickbite.io *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.instagram.com *.storyblok.com *.trustpilot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://static.widget.trengo.eu https://*.trengo.eu https://static.cloudflareinsights.com https://tr.kickbite.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.storyblok.com *.trustpilot.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com https://static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.trengo.eu https://tr.kickbite.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.nznature.co.nz fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com cdn.nznature.co.nz www.facebook.com www.google.com www.google.co.nz google-analytics.com privymktg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.nznature.co.nz connect.facebook.net www.gstatic.com www.google.com widget.privy.com downloads.mailchimp.com chimpstatic.com mc.us16.list-manage.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com cdn.nznature.co.nz fonts.googleapis.com assets.privy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.nznature.co.nz stats.g.doubleclick.net api.privy.com www.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XTRXsDzx9EyxnvlmXobzcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7YQqj5qC36IeSJJRu20bjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-F6drixkqjhEGCaqeuZZX5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; style-src 'nonce-CIVAMmabr4rADdQv1Zui9g7m3hyvg479' 'self'; style-src-attr 'unsafe-inline'; img-src https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/ https://www.googletagmanager.com/td https://www.googletagmanager.com/a https://shop.graysofwestminster.co.uk/wp-content/uploads/ data: 'self'; font-src 'self'; script-src 'nonce-CIVAMmabr4rADdQv1Zui9g7m3hyvg479' 'strict-dynamic'; manifest-src 'self'; frame-src https://widget.trustpilot.com/trustboxes/ https://www.recaptcha.net https://www.google.com/maps/embed https://tfl.gov.uk https://www.youtube.com/embed/; base-uri 'self'; connect-src https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/topics/ https://region1.google-analytics.com/g/collect https://www.google-analytics.com/g/collect https://www.recaptcha.net/recaptcha/; report-uri https://ainet-ltd.uriports.com/reports/report; report-to uriports 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com cdn.doofinder.com https://www.magezon.com *.facebook.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.usercentrics.eu www.google.de www.facebook.com bat.bing.com integrations.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.google.com/ *.googletagmanager.com *.facebook.net *.gstatic.com maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com connect.facebook.net *.usercentrics.eu *.doofinder.com bat.bing.com *.adobedtm.com *.cloudflareinsights.com *.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com assets.braintreegateway.com integrations.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com wss://eu1-layer.doofinder.com googleads.g.doubleclick.net *.adobedtm.com www.facebook.com bat.bing.com *.usercentrics.eu *.cloudflareinsights.com *.cloudflare.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com self data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://*.amazonaws.com/static.khipu.com/ *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.cl prod-cencosudchile.omni.pro stats.g.doubleclick.net self data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net region1-google-analytics.com stats.g.doubleclick.net self unsafe-inline 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.tagmanager.google.com *.googletagmanager.com self unsafe-inline 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com self 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app region1-google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net self 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com; frame-src 'self' www.google.com www.youtube.com testeqiom-career.talent-soft.com; img-src 'self' data: mt0.google.com mt1.google.com mt2.google.com mt3.google.com cdnjs.cloudflare.com; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' connect.facebook.net eqiom.matomo.cloud www.youtube.com https://cdn.jsdelivr.net; style-src 'self' connect.facebook.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://568733dcae17c84679a7ccd784becd95.report-uri.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com staticw2.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.googleapis.com *.perplexity.ai *.slant.co *.ivaws.com *.googleusercontent.com unpkg.com *.rakuten.com *.cloudflare.com *.tql.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com gum.criteo.com td.doubleclick.net fledge.criteo.com www.google.com fledge.us.criteo.com insight.adsrvr.org match.adsrvr.org tags.rd.linksynergy.com static.criteo.net imgs.signifyd.com h.online-metrix.net *.weltpixel.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com *.authorize.net *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com *.certcapture.com https://www.magezon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net idsync.rlcdn.com bat.bing.com www.google.com.br criteo-partners.tremorhub.com sync.outbrain.com c.bing.com sync-t1.taboola.com criteo-sync.teads.tv pixel.rubiconproject.com simage2.pubmatic.com eb2.3lift.com ad.360yield.com tapestry.tapad.com exchange.mediavine.com x.bidswitch.net jadserve.postrelease.com contextual.media.net r.casalemedia.com dis.criteo.com ade.clmbtech.com rtb-csync.smartadserver.com ad.tpmn.io aa.agkn.com ib.adnxs.com thrtle.com sync.targeting.unrulymedia.com ads.stickyadstv.com ut.rd.linksynergy.com tags.rd.linksynergy.com insight.adsrvr.cn www.google-analytics.com p.yotpo.com login.dotomi.com ce.lijit.com pippio.com imgs.signifyd.com h.online-metrix.net viewer.new.sayduck.com viewer.legacy.sayduck.com maps.googleapis.com maps.gstatic.com gstatic.com cdn.sayduck.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net www.google.co.id www.google.com.qa *.online-metrix.net www.google.com.co www.google.com.bh www.google.com.tw www.google.tn www.google.com.sg www.google.co.in www.google.gg www.google.by www.google.lk www.google.gl *.imrworldwide.com www.google.at www.google.ad www.google.al www.google.vu *.revcontent.com *.stackadapt.com www.google.rs www.google.ie www.google.co.ke www.google.hr www.google.cm www.google.mw www.google.com.pa www.google.ae www.google.com.pg *.linksynergy.com google.com www.google.pl www.google.com.fj www.google.com.kw www.google.com.np www.google.pt www.google.com.pe www.google.be www.google.co.il *.tpmn.co.kr www.google.com.mx www.google.mu *.yahoo.com www.google.jo www.google.co.cr *.rakuten.com www.google.it www.google.co.zm www.google.ch www.google.com.et id5-sync.com www.google.ee www.google.com.py www.google.hu *.rfihub.com www.google.com.pr www.google.iq www.google.ca www.google.li www.google.gy www.google.md www.google.co.jp www.google.sr www.google.am *.adform.net www.google.de www.google.im *.mathtag.com www.google.es www.google.lt www.google.is www.google.com.bo www.google.lu www.google.as www.google.com.do www.google.co.zw www.google.co.ma *.criteo.com *.signifyd.com www.google.fi www.google.sk www.google.co.ls www.google.co.ug *.liadm.com www.google.com.ph www.google.co.tz www.google.ga *.kaltura.com www.google.si www.google.tg www.google.mn www.google.lv *.adsrvr.org www.google.com.ec *.rlcdn.com www.google.ba *.criteo.net www.google.me www.google.com.kh www.google.com.sa www.google.bj *.mediawallahscript.com www.google.co.th www.google.dz *.turn.com www.google.ci www.google.com.vn www.google.ps www.google.com.hk www.google.co.vi www.google.com.ua www.google.com.ar www.google.com.gh www.google.rw www.google.co.uz www.google.com.my *.lijit.com www.google.fr www.google.com.ng www.google.com.cy www.google.com.om www.google.cv *.pubmatic.com www.google.tt www.google.nl www.google.ge www.google.com.lb www.google.ro *.googleusercontent.com *.breadfinancial.com www.google.no www.google.com.sv www.google.cd www.google.co.ve www.google.com.tr www.google.dk www.google.com.uy www.google.se www.google.mg www.google.hn www.google.com.bn www.google.ru www.google.tl www.google.ml www.google.co.ao www.google.sm *.fwmrm.net *.ivaws.com *.rezync.com www.google.com.cu www.google.com.na www.google.sn www.google.com.mm www.google.cl www.google.com.vc www.google.com.ni www.google.co.za *.cookiepro.com www.google.com.ag d1z0mfyqx7ypd2.cloudfront.net *.adnxs.com www.google.sc www.google.co.nz www.google.com.bz www.google.co.uk www.google.com.eg www.google.com.gt www.google.la www.google.com.jm www.google.cg www.google.com.bd www.google.tm *.googleadservices.com www.google.ht whonhow.com www.google.kz www.google.je www.google.com.au www.google.bs *.crwdcntrl.net *.nxcli.io www.google.com.mt *.1rx.io www.google.mk *.bidr.io www.google.kg *.cloudflare.com www.google.so cartera-cdn.freetls.fastly.net www.google.cz *.dmxleo.com www.google.bf www.google.co.kr www.google.mv www.google.co.bw www.google.com.af www.google.co.mz www.google.com.tj www.google.az www.google.com.ly www.google.bg www.google.com.pk www.google.gr www.google.com.gi data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com cookie-cdn.cookiepro.com tag.rmp.rakuten.com connect.breadpayments.com dynamic.criteo.com js.adsrvr.org cdn-widgetsrepository.yotpo.com bat.bing.com fledge.criteo.com ut.rd.linksynergy.com cdn.mouseflow.com unpkg.com d18eg7dreypte5.cloudfront.net r2-t.trackedlink.net magento-recs-sdk.adobe.net fledge.us.criteo.com www.google.com www.gstatic.com sslwidget.criteo.com js-agent.newrelic.com tags.rd.linksynergy.com staticw2.yotpo.com viewer.sayduck.com viewer.new.sayduck.com viewer.legacy.sayduck.com cdn.sayduck.io cdn-scripts.signifyd.com imgs.signifyd.com h64.online-metrix.net static-na.payments-amazon.com gstatic.com ipinfo.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com *.authorize.net maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://cdn-scripts.signifyd.com/api/script-tag.js https://imgs.signifyd.com https://h64.online-metrix.net *.criteo.com *.linksynergy.com *.rmtag.com *.adobe.net *.sayduck.com *.online-metrix.net *.id5-sync.com *.cloudflare.com *.signifyd.com *.adsrvr.org *.kaltura.com *.mouseflow.com *.google-analytics.com *.cookiepro.com *.rakuten.com *.payments-amazon.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com staticw2.yotpo.com cdn-widgetsrepository.yotpo.com assets.braintreegateway.com *.yotpo.com *.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.bwe.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.bing.com *.kaltura.com *.rakuten.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com analytics.google.com cookie-cdn.cookiepro.com geolocation.onetrust.com mug.criteo.com www.google-analytics.com measurement-api.criteo.com bam.nr-data.net privacyportal.cookiepro.com connect.breadpayments.com staticw2.yotpo.com api.pp-prod-ads.ue2.breadgateway.net api-cdn.yotpo.com imgs.signifyd.com api.sayduck.io maps.googleapis.com api.sp-pv-ads.ue2.breadgateway.net viewer.sayduck.com www.gstatic.com cdn.sayduck.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.yotpo.com *.authorize.net *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com https://imgs.signifyd.com www.google.com.bd www.google.ee www.google.com.gt www.google.co.zw *.criteo.com www.google.ae www.google.com.py www.google.mn www.google.com.ni www.google.co.tz www.google.es *.shopimgs.com www.google.ge www.google.sr www.google.se www.google.pl www.google.so www.google.ie www.google.com.vn www.google.de www.google.co.ve www.google.co.za www.google.co.kr www.google.com.ly www.google.cl www.google.be www.google.com.bn www.google.com.ec www.google.dz id5-sync.com www.google.co.cr www.google.co.ke www.google.tn www.google.co.nz www.google.tg d2rol5dpdbtxxu.cloudfront.net www.google.com.vc www.google.nl www.google.ch www.google.com.bz *.googleadservices.com www.google.bg www.google.hn www.google.com.gi www.google.rs www.google.com.mx www.google.com.ua d1r22q6sxlmkhx.cloudfront.net www.google.co.il www.google.fr www.google.co.in www.google.gy www.google.am www.google.co.bw www.google.no www.google.com.tw www.google.com.pe www.google.lt www.google.dk www.google.com.tr www.google.hr www.google.la www.google.ru www.google.com.et www.google.co.zm www.google.sk www.google.by www.google.ca www.google.com.qa www.google.com.sg www.google.com.eg www.google.me www.google.co.ls www.google.it www.google.al www.google.sm www.google.com.bh www.google.co.vi www.google.com.do www.google.co.th www.google.rw www.google.ad www.google.com.ph www.google.com.bo www.google.com.na www.google.co.ma www.google.ht www.google.com.my www.google.mk www.google.cz www.google.com.pr www.google.co.ao www.google.lv www.google.tt www.google.com.gh www.google.com.ar www.google.co.uz www.google.mw www.google.gr www.google.ro www.google.ci www.google.com.np www.google.lu www.google.com.lb www.google.at www.google.com.jm www.google.com.pk www.google.bs *.mouseflow.com www.google.cm www.google.com.ag www.google.md www.google.com.hk *.facebook.com www.google.mu www.google.lk www.google.sn www.google.kz www.google.fi www.google.tl www.google.com.sv www.google.im www.google.com.pa www.google.ba www.google.jo www.google.com.pg www.google.az www.google.bj *.breadgateway.net www.google.pt www.google.hu www.google.com.kh www.google.co.uk www.google.cd www.google.mv www.google.iq www.google.co.jp www.google.com.br www.google.kg www.google.com.om www.google.je www.google.com.kw *.signifyd.com www.google.co.ug www.google.com.au *.adsrvr.org *.rakuten.com www.google.li www.google.com.sa *.gstatic.com www.google.co.id www.google.com.af www.google.mg www.google.is www.google.com.mm www.google.com.ng www.google.com.cy www.google.com.co www.google.com.mt www.google.si 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com imgs.signifyd.com bam.nr-data.net bat.bing.com www.google.com commerce.adobedc.net csm.us5.us.criteo.net connect.breadpayments.com p.yotpo.com shopjura.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://01b7bbb5-d792-48c7-a108-0d87ef3a3ea7.sansec.watch/; report-to report-endpoint; 1
default-src 'self' *.neovialogistics.com 1
default-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' ; script-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.doofinder.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://static.dvinci-easy.com/files/job-widget-v1/dvinci-job-widget-full-1.0.0.min.js https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://trackcmp.net/ https://prism.app-us1.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://cdn.cs.1worldsync.com/ https://www.google.com/pagead/ https://pushcrew.com/ https://*.pushcrew.com/ https://*.usercentrics.eu/ https://snap.licdn.com/ https://bat.bing.com/ https://c.leadlab.click/ https://ws.cnetcontent.com/ https://cdn.cnetcontent.com/ https://code.jquery.com/jquery-1.11.0.min.js https://mclgmbh.activehosted.com https://w.promofeatures.com/ https://*.googletagmanager.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://static.hotjar.com https://script.hotjar.com https://ws.cs.1worldsync.com blob: ; style-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://cdn.pushcrew.com/css/ https://static.dvinci-easy.com/ https://cdn.cnetcontent.com/ https://cdn.cs.1worldsync.com/ https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'unsafe-hashes' ; img-src 'self' *.mcl.de mcl.de enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.de https://www.google.rs https://www.google.au https://www.google.hr https://*.doofinder.com https://pushcrew.com/ https://cdn.pushcrew.com/ https://*.usercentrics.eu *.linkedin.com *.ads.linkedin.com https://bat.bing.com/ https://p.adsymptotic.com/ https://www.kununu.com/ https://api.edudip-next.com/ https://cdn.cnetcontent.com/ https://googleads.g.doubleclick.net/ https://*.usercentrics.eu/ https://m.promofeatures.com https://cdn.cs.1worldsync.com/ https://www.gstatic.com/ https://i.ytimg.com/ https://connect.facebook.net https://*.amazonaws.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.rs userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com https://static.hotjar.com https://script.hotjar.com ; connect-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pubsub.googleapis.com https://*.doofinder.com https://www.facebook.com/tr/ https://api.usercentrics.eu/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://t.leadlab.click/ https://static.dvinci-easy.com/ https://mcl.dvinci-hr.com/ *.linkedin.com *.ads.linkedin.com https://*.usercentrics.eu https://bat.bing.com https://adservice.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.rs https://cdn.linkedin.oribi.io wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.userlike.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com blob: wss: ; font-src 'self' data: enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://*.googletagmanager.com https://userlike-cdn-umm.b-cdn.net https://fonts.gstatic.com https://script.hotjar.com ; media-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://storage.de.cloud.ovh.net/ https://userlike-cdn-umm.b-cdn.net https://userlike-store-media-files.s3.amazonaws.com https://www.userlike.com blob: data: ; frame-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.youtube-nocookie.com/ https://www.google.com/ https://www.youtube.com/ https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net www.youtube.com https://player.vimeo.com ; object-src 'none' ; child-src 'self' enthus.de *.enthus.de 'unsafe-inline' 'unsafe-eval' https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net blob: ; form-action https://www.facebook.com ; report-uri /csp/report.php 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-KVgXcn8fuhI_n-NT1k3OBw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-MjUzYTBjZjItMTBhNS00YTZlLWEyNGEtN2Y5NmNlZWVjOTAx' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
object-src  'none'; connect-src 'self' *.eroticax.com *.xempire.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.eroticax.com *.xempire.com join.gammasecure.com; script-src 'self' *.eroticax.com *.xempire.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.eroticax.com *.xempire.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
default-src 'none';                              form-action 'none';                              child-src 'Self' data: https://www.google-analytics.com https://www.youtube.com https://player.vimeo.com https://ohchr-standup.prezenz.com https://my.walls.io https://walls.io https://www.instagram.com http://ohchr-standup.prezenz.com https://www.youtube-nocookie.com https://w.soundcloud.com https://platform.twitter.com;        frame-src https://*.securly.com data: https://www.google-analytics.com https://www.youtube.com https://player.vimeo.com https://ohchr-standup.prezenz.com https://my.walls.io https://walls.io https://www.instagram.com http://ohchr-standup.prezenz.com https://www.youtube-nocookie.com https://w.soundcloud.com https://platform.twitter.com;                             frame-ancestors 'none' ;                              img-src 'Self' data: https://www.googletagmanager.com https://translate.google.com https://fonts.gstatic.com https://cdn.honey.io https://www.google-analytics.com https://i.vimeocdn.com https://i.ytimg.com blob: https://www.standup4humanrights.org;                             style-src 'Self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://adblockers.opera-mini.net https://cdn.honey.io https://www.gstatic.com;                             style-src-attr 'Self' 'report-sample' 'unsafe-inline';                             style-src-elem 'Self' 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.gstatic.com https://platform.instagram.com https://cdn.honey.io https://boxclone.com https://fonts.googleapis.com https://fonts.googleapis.com:443;                             script-src 'Self' 'unsafe-inline' 'report-sample' 'unsafe-eval' https://plugins.flockler.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://platform.twitter.com;                             script-src-attr 'Self' 'unsafe-inline';                             script-src-elem 'Self' 'report-sample' 'unsafe-inline' https://plugins.flockler.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://sc-static.net https://platform.instagram.com https://platform.twitter.com https://fonts.googleapis.com:443;                             connect-src 'Self' https://ohchr-standup.prezenz.com https://*.google-analytics.com;                             font-src 'Self' data: https://use.typekit.net https://fonts.gstatic.com;                             media-src 'Self' data:;                             worker-src 'none';                             object-src 'Self';                             manifest-src 'Self' https://www.standup4humanrights.org https://standup4humanrights.org;                             report-uri https://fawedsitereporting.azurewebsites.net/api/csp-report?;                             report-to default                              1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' data: 'unsafe-inline' data: *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.paypal.com *.paypalobjects.com applepay.cdn-apple.com https://static.unzer.com https://applepay.cdn-apple.com *.klaviyo.com *.trustami.com *.unzer.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.woodstore24.de *.woodstore24.test *.usercentrics.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sandbox.paypal.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://static-cc.test.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://sandbox.clicktopay.auth.visa.com https://clicktopay.visa.com https://sandbox.secure.checkout.visa.com https://secure.checkout.visa.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com 'self' data: validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.woodstore24.de *.woodstore24.test 'unsafe-inline' data: *.usercentrics.eu magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sandbox.paypal.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com *.ad4m.at *.adition.com *.adscale.de *.awin1.com *.bing.com *.bing.net *.casalemedia.com d3k81ch9hvuctc.cloudfront.net *.facebook.net *.googleadservices.com www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.ci www.google.cm www.google.co.id www.google.co.il www.google.co.in www.google.co.kr www.google.co.ma www.google.com.br www.google.com.eg www.google.com.hk www.google.com.mt www.google.com.mx www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fr www.google.hr www.google.hu www.google.ie www.google.it www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk *.googlesyndication.com *.paypalobjects.com *.pubmatic.com *.roeye.com *.shoop.de *.smartadserver.com *.trustami.com *.twiago.com woodstore24.at woodstore24.de *.ytimg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.woodstore24.de *.woodstore24.test *.goo.gle *.googlecommerce.com *.googletagmanager.com *.usercentrics.eu static.client.cardinaltrusted.com *.avada.io *.shopify.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sandbox.paypal.com *.paypalobjects.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net https://static-v2.unzer.com/v2/ui-components/ *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com www.xtento.com cdn.xtento.com ad4m.at *.ad-srv.net *.attrxs.de *.awin1.com *.bing.com *.dwin1.com *.etrusted.com *.googlesyndication.com *.gr-cdn.com *.gr-wcon.com *.gsitrix.com *.hotjar.com *.klaviyo.com *.mastercard.com *.roeyecdn.com smct.co *.timify.com *.trustami.com *.trustedshops.com *.unzer.com woodstore24.de 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes';, style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.woodstore24.de *.woodstore24.test *.googleapis.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com assets.braintreegateway.com https://sandbox.src.mastercard.com https://static-v2.unzer.com/v2/ui-components/ *.tagmanager.google.com *.googletagmanager.com *.typeform.com *.klaviyo.com *.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.woodstore24.de *.woodstore24.test *.usercentrics.eu *.cardinaltrusted.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sandbox.paypal.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ https://static-cc.test.unzer.com https://static-v2.unzer.com/v2/ui-components/ *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com *.awinblackfriday.com *.bing.com *.bing.net *.datadome.co *.facebook.com *.getresponse.com *.googleadservices.com www.google.at www.google.be www.google.bg www.google.ch www.google.co.id www.google.co.in www.google.com.br www.google.com.eg www.google.com.mt www.google.com.mx www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sg www.google.co.uk www.google.co.za www.google.cz www.google.de www.google.dk www.google.es www.google.fr www.google.hr www.google.hu www.google.it www.google.lt www.google.lu www.google.nl www.google.pl www.google.pt www.google.ro www.google.se www.google.si www.google.sk *.googlesyndication.com *.gr-wcon.com *.gsitrix.com *.hotjar.com *.hotjar.io *.wepowerconnections.com woodstore24.de 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src ad4m.at *.ad4m.at *.adition.com *.adscale.de *.ad-srv.net *.attrxs.de *.bing.com *.bing.net *.braintreegateway.com *.casalemedia.com d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.googleapis.com www.google.at www.google.ch www.google.de www.google.fr *.google.com *.googlesyndication.com *.googletagmanager.com *.gr-cdn.com *.gr-wcon.com *.gsitrix.com *.gstatic.com *.hotjar.com *.klaviyo.com *.paypal.com *.pubmatic.com *.roeyecdn.com *.roeye.com *.smartadserver.com smct.co *.timify.com *.trustami.com *.twiago.com *.usercentrics.eu woodstore24.at woodstore24.de *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; base-uri 'self' 'unsafe-inline'; report-uri https://f94791c8-55fa-4368-a75e-1fafd25902d2.sansec.watch/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: fonts.gstatic.com data: *.raab-verlag.de *.raab-verlag.at *.raabverlag.ch https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com https://www.googletagmanager.com/ *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com consentcdn.cookiebot.com/ ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com ssl.gstatic.com www.gstatic.com pci.usd.de/compliance/ *.raab-verlag.de data: *.raab-verlag.at data: *.raabverlag.ch data: www.google.com/pagead/ www.google.de/pagead/ *.pinterest.com bat.bing.com c.bing.com c.clarity.ms/ www.google.de/ads/ imgsct.cookiebot.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io tagmanager.google.com widgets.trustedshops.com/ *.raab-verlag.de *.raab-verlag.at *.raabverlag.ch googleads.g.doubleclick.net/ www.google.com/pagead/ www.google.de/pagead/ s.pinimg.com bat.bing.com consent.cookiebot.com/ consentcdn.cookiebot.com/ www.clarity.ms/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com *.raab-verlag.de *.raab-verlag.at *.raabverlag.ch https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.raab-verlag.de *.raab-verlag.at *.raabverlag.ch stats.g.doubleclick.net/j/collect *.pinterest.com consentcdn.cookiebot.com/ i.clarity.ms/ region1.google-analytics.com www.facebook.com/tr/ googleads.g.doubleclick.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xUUn/Y2JLvmVQ2jfZnLA' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ science.cem.com www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' *.amazonaws.com *.svc.dynamics.com *.clarity.ms *.bing.com cem.com *.cem.com 'unsafe-inline' https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com 'self' *.clarity.ms www.clarity.ms *.marketo.net bid.g.doubleclick.net www.google.com *.avada.io *.shopify.com mktdplp102cdn.azureedge.net 'unsafe-eval' 'unsafe-hashes' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.googleapis.com 'self' *.mktoresp.com *.google.com googleads.g.doubleclick.net *.googlesyndication.com *.avada.io *.shopify.com mktdplp102cdn.azureedge.net https://get.geojs.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.cem.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.multisafepay.com https://pay.google.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com *.google.com *.google.rs bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com tm.tradetracker.net *.trustpilot.com www.xtento.com cdn.xtento.com cdn.cookie-script.com bat.bing.com ct.beslist.nl https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com downloads.mailchimp.com *.fontawesome.com *.multisafepay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.multisafepay.com *.doubleclick.net widget.trustpilot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
default-src 'self' go.globallogic.com dev.method.com cms.method.com *.doubleclick.net *.linkedin.com analytics.google.com www.google-analytics.com td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net snap.licdn.com www.google-analytics.com www.clickcease.com go.globallogic.com www.googletagmanager.com; style-src 'unsafe-inline' go.globallogic.com; img-src * data:; report-uri https://18d817936646be941c2394dca4a651ce.report-uri.com/r/d/csp/reportOnly; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://script.hotjar.com *.fonts.googleapis.com data: https://b2c-static.staging.popolini.com https://static.popolini.com https://static.popolini.ch https://static.popolini.hu https://static-b2c.popolini.dev 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ landofcoder.com *.youtube.com/ www.facebook.com platform.twitter.com https://challenges.cloudflare.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com https://www.youtube-nocookie.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://maps.gstatic.com https://maps.googleapis.com https://*.etracker.com https://*.etracker.de *.cloudflare.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu www.facebook.com *.pinterest.com assets.pinterest.com syndication.twitter.com https://www.facebook.com https://c.clarity.ms https://c.bing.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.sharethis.com *.cdninstagram.com https://b2c-media.staging.popolini.com https://media.popolini.com https://media.popolini.ch https://media.popolini.hu https://media-b2c.popolini.dev https://b2c-static.staging.popolini.com https://static.popolini.com https://static.popolini.ch https://static.popolini.hu https://static-b2c.popolini.dev test.saferpay.com www.saferpay.com saferpay.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://*.etracker.com https://*.etracker.de landofcoder.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.facebook.com twitter.com platform.twitter.com static.addtoany.com https://challenges.cloudflare.com https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com https://www.clarity.ms *.googleapis.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://devdocs.magento.com https://magento.com https://b2c-static.staging.popolini.com https://static.popolini.com https://static.popolini.ch https://static.popolini.hu https://static-b2c.popolini.dev test.saferpay.com www.saferpay.com saferpay.com *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com https://b2c-media.staging.popolini.com https://media.popolini.com https://media.popolini.ch https://media.popolini.hu https://media-b2c.popolini.dev https://b2c-static.staging.popolini.com https://static.popolini.com https://static.popolini.ch https://static.popolini.hu https://static-b2c.popolini.dev 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://*.etracker.de landofcoder.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org stats.addtoany.com https://challenges.cloudflare.com wss://ws.hotjar.com https://content.hotjar.io https://h.clarity.ms https://in.hotjar.com *.googleapis.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com https://stats.g.doubleclick.net https://b2c-static.staging.popolini.com https://static.popolini.com https://static.popolini.ch https://static.popolini.hu https://static-b2c.popolini.dev test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self' blob:; base-uri 'self'; script-src 'report-sample' 'nonce-62cd08743aca49838fe24fcd875912e9' 'strict-dynamic' 'unsafe-inline' https:; frame-ancestors 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend 1
object-src 'none';base-uri 'self';script-src 'nonce-avwWPNd15XTG20DeUxkUSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JMWw7AnVr2xOvn-up89b0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: wss://nexus-websocket-a.intercom.io; font-src 'self' https: data: https://fonts.googleapis.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'strict-dynamic' https://ga.jspm.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://esm.sh https://www.gstatic.com https://cdn.segment.com https://cdn.mxpnl.com https://*.google-analytics.com https://www.googletagmanager.com https://*.nr-data.net https://maps.googleapis.com https://service.force.com https://static.cloudflareinsights.com https://cdn.veriff.me https://www.clarity.ms https://scripts.clarity.ms https://analytics.tiktok.com https://cdn.rollbar.com https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net 'nonce-'; style-src 'self' https: 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://esm.sh https://cdn.veriff.me; connect-src 'self' https://ga.jspm.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://esm.sh wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://cdn.segment.com https://api.segment.io https://api.mixpanel.com https://api-js.mixpanel.com https://analytics.tiktok.com https://*.tiktokw.us https://www.google.com https://*.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.nr-data.net https://maps.googleapis.com https://service.force.com https://static.cloudflareinsights.com https://cdn.veriff.me https://*.clarity.ms https://api.rollbar.com https://www.facebook.com; frame-ancestors 'self'; form-action 'self' 1
default-src https:; script-src https: 'unsafe-inline'; report-uri https://rko-router.rubykaigi.org/_csp 1
default-src 'none'; base-uri 'self'; child-src 'self' platform.twitter.com syndication.twitter.com *.youtube.com; connect-src 'self' https://webpush.ii.nl/; font-src 'self'; form-action 'self' syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com *.youtube.com; img-src 'self' data: *.ii.nl blob: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; manifest-src 'self'; media-src 'none'; object-src 'none'; report-uri /csp-report; script-src 'self' platform.twitter.com; style-src 'unsafe-inline' 'self' platform.twitter.com ton.twimg.com 1
default-src 'report-sample' 'self' 'unsafe-inline' data: blob: *.poly.jp poly.9d3259bfa8e0e56ab72a9adff99435b3.r2.cloudflarestorage.com *.imgix.net challenges.cloudflare.com *.pay.jp *.twimg.com cdn.discordapp.com www.googletagmanager.com www.youtube.com *.ytimg.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;report-to csp-violation-report 1
object-src 'none';base-uri 'self';script-src 'nonce-lrzD8mKpQ3-r8muZZqsijQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; font-src 'self' assets.cardly.net cdn1.cardly.net fonts.gstatic.com v2.zopim.com; form-action 'self' www.facebook.com; frame-ancestors 'none'; frame-src www.facebook.com www.googletagmanager.com *.js.stripe.com js.stripe.com hooks.stripe.com www.youtube.com zapier.com; img-src 'self' data: https: cdn1.cardly.net assets.cardly.net i.ytimg.com www.facebook.com px.ads.linkedin.com v2.zopim.com www.google.com googleads.g.doubleclick.net *.google-analytics.com googletagmanager.com *.googletagmanager.com pagead2.googlesyndication.com ssl.gstatic.com www.googleadservices.com www.gstatic.com google.com; object-src 'none'; report-uri https://report.centralcsp.com/68fd9dbd3bf8b7a78b68636b; report-to csp-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.paypalobjects.com https://static-tracking.klaviyo.com *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com maps.googleapis.com maps.gstatic.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://go.pardot.com https://go.econoco.com https://go.fixturesanddisplays.com https://go.displaydispensary.com https://go.sellutionsbyeconoco.com https://go.mondomannequins.com https://td.doubleclick.net https://activeweb.wufoo.com https://www.facebook.com https://www.paypalobjects.com https://*.doubleclick.net *.weltpixel.com maps.googleapis.com maps.gstatic.com https://www.googletagmanager.com/ https://player.vimeo.com https://www.youtube-nocookie.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://bat.bing.com https://googleads.g.doubleclick.net https://verify.authorize.net https://www.facebook.com https://ad.doubleclick.net https://twin-iq.kickfire.com https://www.econoco.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://js-agent.newrelic.com https://www.google-analytics.com https://bat.bing.com https://bat.bing-int.com https://googleads.g.doubleclick.net https://acsbapp.com https://static.wufoo.com https://secure.wufoo.com https://www.googleadservices.com https://connect.facebook.net https://pi.pardot.com https://go.econoco.com https://go.fixturesanddisplays.com https://go.displaydispensary.com https://go.sellutionsbyeconoco.com https://go.mondomannequins.com https://*.cloudfront.net https://tag.simpli.fi https://*.callrail.com https://twin-iq.kickfire.com https://acds-events.adobe.io https://c.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com maps.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://player.vimeo.com https://www.youtube.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ maps.gstatic.com http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ blob: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.magento.com *.magento-datasolutions.com *.magento-ds.com https://bam.nr-data.net https://analytics.google.com https://bat.bing.com https://cdn.acsbapp.com https://maps.googleapis.com https://accesswidget-log-receiver.acsbapp.com https://acsbapp.com https://settings.luckyorange.net https://www.googletaqmanager.com https://*.callrail.com https://www.google.com https://google.com https://bat.bing-int.com https://ad.doubleclick.net/ https://www.googleadservices.com/ https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com maps.gstatic.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com github.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.hotjar.com static3.avast.com use.fontawesome.com widget.superchat.de *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com pay.realexpayments.com *.tawk.to *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com www.google.com www.googletagmanager.com tpc.googlesyndication.com t.sharethis.com tourmkr.com *.hotjar.com widget.trustpilot.com c.sharethis.mgr.consensu.org gateway.zscaler.net gateway.zscloud.net puckator.us16.list-manage.com account.fetchify.com secure.payu.com merch-prod.snd.payu.com *.tawk.to *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com www.google.com.ec www.google.co.id www.google.lv www.google.com.gi www.google.co.il www.google.md www.google.com.mt www.google.co.in www.google.nl www.google.com.mx www.google.co.jp www.google.no www.google.com.ng www.google.co.kr www.google.pl www.google.com.ni www.google.co.ma www.google.pt www.google.com.pe www.google.co.th www.google.ro www.google.com.ph www.google.co.uk www.google.ru www.google.se www.google.com.pk www.google.co.ve admin.puckator.info www.google.sh www.google.com.sg www.google.co.za cdn-images.mailchimp.com www.google.si www.google.com.tr www.google.co.zm www.google.sk www.google.com.ua www.google.sm www.google.com.uy www.google.com.ar www.google.sn www.google.com.vn www.google.com.au image.providesupport.com www.google.tn www.google.cz blob: www.google.com.bd l.sharethis.com www.google.tt www.google.de www.google.com.bo mcusercontent.com www.google.dk www.google.com.co platform-cdn.sharethis.com www.gstatic.com www.google.ee www.apptrian.com www.google.com.cy s3.amazonaws.com www.puckator-ipad.net www.google.es www.google.com.do shinesoftware.it www.puckator.co.uk www.google.fi translate.google.com www.puckator.cz www.google.fr translate.googleapis.com www.tailwindapp.com www.google.ga www.google.gg www.google.ad www.google.gr www.google.ae www.google.hr www.google.at www.google.hu www.google.az www.google.ie www.google.be www.google.im www.google.ca www.google.is www.google.ch www.google.it www.google.ci www.google.lt www.google.cl www.google.lu integrations.etrusted.com files.superchat.de magefan.com cm.magefan.com *.disqus.com https://meetanshi.com/media/logo.png static.payu.com *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ guarantee-cdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com mc.us16.list-manage.com platform-api.sharethis.com *.hotjar.com t.sharethis.com vezowi.rakiwoxori.com www.google.com bam.eu01.nr-data.net buttons-config.sharethis.com chs03.cookie-script.com goal.us16.list-manage.com js-agent.newrelic.com zakuto.rijedegevu.com data1.pletar.com zamaca.didemofedo.com data1.poolif.com zuvofu.towaxubudo.com data1.raplof.com data1.rectez.com fevoki.wejekihota.com a.apiywc.net image.providesupport.com ajax.googleapis.com jigepu.macudivida.com kafiro.kuwinesume.com cehute.ramitetuha.com lizere.nepefeseju.com najiwu.xeyutezepo.com peboki.wukedowoki.com data1.eneude.com poruce.neyelanane.com data1.good-recettes.com data1.hyjouco.com rdc.apicit.net tpc.googlesyndication.com translate.google.com translate.googleapis.com widget.bugreporting.co widget.trustpilot.com www.gstatic.com www.webrtc-experiment.com player.vimeo.com cdn.cookie-script.com cdn.leadchampion.com mastertag.leadchampion.com widget.superchat.de integrations.etrusted.com cdn.connectif.cloud cc-cdn.com *.disqus.com secure.payu.com secure.snd.payu.com *.tawk.to cdn.jsdelivr.net *.cloudflare.com guarantee-cdn.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com downloads.mailchimp.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com puckator.fr translate.googleapis.com widget.bugreporting.co www.puckator.fr *.typekit.net integrations.etrusted.com cc-cdn.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com bam.eu01.nr-data.net gjtrack.ucweb.com *.hotjar.com *.hotjar.io l.sharethis.com l.sharethis.mgr.consensu.org plugin.ucads.ucweb.com server.bugreporting.co stats.g.doubleclick.net translate.google.com translate.googleapis.com www.google-analytics.com www.google.com region1.analytics.google.com integrations.etrusted.com *.superchat.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com secure.payu.com merch-prod.snd.payu.com *.tawk.to wss://*.tawk.to *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.teabloom.local *.teabloom.net *.teabloom.com *.yotpo.com use.typekit.net fonts.gstatic.com www.teabloom.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com www.teabloom.com 'self' 'unsafe-inline'; frame-ancestors www.teabloom.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.iubenda.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.yotpo.com *.googletagmanager.com www.teabloom.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static-na.payments-amazon.com *.teabloom.local *.teabloom.net *.teabloom.com *.google.com *.google.com.ua *.google.es *.cloudfront.net *.affirm.com www.xtento.com cdn.xtento.com *.yotpo.com shareasale.com yotpo-editor-production.s3.amazonaws.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.teabloom.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.teabloom.local *.teabloom.net *.teabloom.com acsbapp.com *.cloudflare.com www.xtento.com cdn.xtento.com *.yotpo.com www.dwin1.com/19038.js chimpstatic.com *.googletagmanager.com tagmanager.google.com www.teabloom.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.teabloom.local *.teabloom.net *.teabloom.com *.klaviyo.com *.yotpo.com *.googleapis.com *.typekit.net tagmanager.google.com fonts.google.com www.teabloom.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.teabloom.local *.teabloom.net *.teabloom.com www.teabloom.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.iubenda.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.teabloom.local *.teabloom.net *.teabloom.com *.doubleclick.net *.google.com.ua *.google.es *.acsbapp.com *.klaviyo.com *.cloudfront.net *.yotpo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.teabloom.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.teabloom.com http: https: blob: 'self' 'unsafe-inline'; default-src www.teabloom.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7GCm5bCGovKTBMK5NlvUGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Wr_8GZgg_Ruws6mhDZxuvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src * 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self'; report-uri https://louisvillemsd.org/system/reporting/default; report-to default 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://cdn.cardknox.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net min-js.co t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.clarity.ms *.bing.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net min-js.co geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://cdn.cardknox.com/ifields/2.15.2405.1601/ifields.min.js *.googleapis.com *.gstatic.com https://clarity.ms https://www.clarity.ms https://player.vimeo.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.clarity.ms https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.nigunmusic.com/; report-to report-endpoint; 1
default-src 'self'; report-to /csp-violation-report-endpoint/object-src 'none';script-src 'self' *.facebook.net *.googleapis.com *.typekit.net *.cloudflare.com *.highcharts.com *.googletagmanager.com 'sha256-ZlZvIAjsazAfdhGyj/cvCxEy5G8b7y6ropK3gb/bLQ8=' 'sha256-IZ0r0IzqiUD6n6keAedhOHWfeMf8H8qeaguANUSscAQ=' 'sha256-hXIeFSpOA0sT6uL7zvE6J/Kj8pJ/AayrZHXRO+s5wZE=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-Uh5yrkJc6gP6YWR+PeztLk8J3lrYvXz8EMgGSV5DWpo=' 'sha256-691KPzSBHzEMP+qiRW/Y6O4PLzh7u3wtEBXZnLhtkOs=' 'sha256-dwiCdyE6xxsxfBGSljQdvrDRM7/CCrcVEnBAxFDqexI=' 'sha256-h36j4r3Whn4juFK+uDKK1GK7tPs9F7xrVAAELZwxd7k=' 'sha256-6e2qj4jLpWYH+DC5ySmLGaRNhkNOry9BuC6T+WXCrD0=' 'sha256-XGlL7i+tpzCBFXJJF0Fr1w1csRVYU4+mEuTML+lLbe8=' 'sha256-HUBMVLH7QD6AdM4xijnUZEQo7kJEVp5NA+vyf4jSYYI=' 'sha256-Q4ZRcjyVeSNMi5LrHOnbvBUyxIk0yqDxVidSqbgMunE=' 'sha256-mSWm0jO0e6zn9XZBj33UBP35jJ+Le415/7K2KzHksmA=' 'sha256-TbcHBF5mxAQfAYkhMdZpO50T2V9Jcca0HYyGbQlXk9c=' 'sha256-S5vR5l5Pf3tJEQs1DlkC2+1egrEh+U19+NFveg78Y7s=' 'sha256-P+RZMQrK8Hjf90vKeq2wE0iLEqZyXhaAhdvTD7ZefxY=' 'sha256-T5hFFmlC8wgDnh0Ap2Na/pBBtgb2XYYdmncB0VN4Ebo=' 'sha256-l/H0BTgMf7aJDtH8FSP55OhiuDmtar5jvoWLE2WDWT0=' 'sha256-Q1KvItv4oN+AftWeDqg0nynxKCTPLVXpD75vPW1zKzA=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-9unxmaknM62s182/Nzu+U3FlkD8y3MwwLXccOtbInHw=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-sIuXPQ0yKGtnLAVT2AJgwfqlnLt8NVud4l+peJAddiw=' 'sha256-tEY61d35JEfuAeokC5RJf5qCBWCrh4xh0bvOxLDH8kM=' 'sha256-n+CQu6LdZlLFXgDmGCYiQ8c00TAigOTPuCbo3C2kaSw=' 'sha256-cmBnwuTGr26tpg2tZ/MM3qFAdEp4DOVv0wyjO/l1mkg=' 'sha256-6M957K0NqygABtMfHMKyzTUvxq7Sn2bO4CR38UIFfSw=' 'sha256-bDX1Seggeq3vLfKf+I8iaZtyO30sbvhEp2B6W8uo/cE=' 'sha256-5BAufLB1Hmb4uA2hqN4bGWa8ZtxGd4lBrhLX6AM09kU=' 'sha256-Br71BfdTh20C1ZgGeawD9unVgA1oorVNyzkbBWx6wk4=' 'sha256-ZI6qFkXx8gWRk6/4A00bbEzd0mGZUT1EF2GIm/3+gE8=' 'sha256-8/S54Zo5U7GsPwxScfNXvlvQsiKIWynLZ7+JZJ3rpto=' 'sha256-NCEgHtXxBVV6p5zHEPHuXYzcrLstr4ts8VIPBEl/Nvs=' 'sha256-PPnsEResZXa/raIdG/Z7sd5u14QF6PbZVDVBVK1yR1g=' 'sha256-0bt1yFn/YAP0WB043JsGxo0l7bOKafGnPEbbwuaQUL8=' 'sha256-n13pvv1YSh9SbBlMYQA4JHDy+i/gJ8m4ueChWxNpoo8=' 'sha256-9ePGi+SBcN2892sqcjv9bgZO8AHAH0LJWECeSfIMdYo=' 'sha256-9ePGi+SBcN2892sqcjv9bgZO8AHAH0LJWECeSfIMdYo=' 'sha256-Nbv+y6ZCb2v4obxUZxjw1I106NQ5OVfgyLq9+rr6SGs=' 'sha256-+qvX1xVmWB+ep25TrNPH0NYAyk6W83qd7U7iqkA1X5w=' 'sha256-cMn47Hap8hP/A00OHA7rDzZSwcQVBODbK2F1ohxOzdc=' 'sha256-DHKDX6fyE+A4Wq52UcqAbvGBkOOtHiumaMD6Z4dzpew=' 'sha256-n3hIboeOP4cM7mIVXMXtTxBDYUjcZ9Bdsxi6CJ6vou0=' 'sha256-Oo5ngiCr2myJj+UL4SVSSOS0H+Bs78gKjdqrCH8Vomg=' 'sha256-qTygbO3Kt0YxJXWEyGXvuRY4VyoMYuwm+ILo3Zr88Ko=' 'sha256-28/jWVKrS+f6McTMn4CwoLpr3g+Oj82FL700b2yK+uE=' 'sha256-4AzdxZxhikyLqTBrO2GtdxRLderGYNxEYg6oQVWPxqk=' 'sha256-PQR/m7JAorSZA99aM9VvMS598FcrewdLIHZq7Qj3QDc=' 'sha256-QDeSlLm7i8OjHaPDqMYZzWAobgj9pPXRr7XKjbC3Rrk=' 'sha256-FhECG8AcqEe0G5edgWu5l0rjbnPb9RvkEtvlhDvDjqU=' 'sha256-slmET9JyKMfwrm0NqcapGOPkL5+LAccXWIiaXa9FsnQ=' 'sha256-tpEQDlTV3HLhBYTgYON29CH2tur9n11eHtdL8Z9tqvU=' 'sha256-+RNWzts4r5sKLuODb/sFAB6e2ObhVpQV1dHLZb/PaXg=' 'sha256-69PGIcqmD/RCL+cFsE5XQIOXMTf0fOrFIySlpg2dWxU=' 'sha256-Kd5cnJrOA2KX1wp70DEFbeMfiu4C75Lez70q92xc9VI=' 'sha256-6wJ8XfWRd4gt6VH3MIUpIaM7R5CYorO9yMsZPHFTb4I=' 'sha256-tfJyj7mo5EQWnz5Zix6CiJnNQXvja8dFsgOAGusd33s=' 'sha256-8lQi7wSFGdVQcxsd6rQrx3jK4pNwHt/dOGV6ANrsO/0=' 'sha256-luON95t0OPZf6eYC4CXChQf4PY/1syYn0eHMZkfA2xE=' 'sha256-YEme5007W632YauKG4CJE8FDdvtiLOHrAf2IBkS61cM=' 'sha256-iBir34Ih7eockObPQe6bgJHyBCOdqsgru7yh7be7arQ=' 'sha256-ChCXrvHVOXUkMNNcy/qWz+wkxgEFBL6xTMGXpTWIzFE=' 'sha256-OcLJlnaFwFSWRNdMTaEhwD0KthTQQTENFkTlbKNUwCw=' 'sha256-HyTEmpadsJJkx15IbQj8eB81BGgrGos1kHz9GVJhd20=' 'sha256-BH0hHy2Yxp6mGBdcGGKZ7qmrJHthkYHUxYkFY0EMLQY=' 'sha256-UUeJ6N8kfLrOJf2p2gjbrBovs+VnTvdQ4yynFGJonwY=' 'sha256-6tQeoaoV+hxfWrwPzOarMyfIiszV7bV42dLJs4c0OsI=' 'sha256-BdUXoRWr767ARIMzjCXpNedtgds9KcjXM+x35M/ulc4=' 'sha256-KCMZMsuYjA24EX9E7ZbtEOIheYXoVm3/E8Nw3qVY08c=' 'sha256-kX3G5UusNYJTK3424ryPxqcxiPFtl5GWTWDKPzIg4o4=' 'sha256-C6GsUd2qo0t5csPMY7YgoVYdaCi4Jj+GKFT+zDXl3kc=' 'sha256-E9lYLg45Y3xPkTv871TgSWfaGWwqRO9Mdzek2IvrwE8=' 'sha256-PF2Of73U13IRMIcIWXYevBsCiCAb5vGFCGaq80NsvZY=' 'sha256-x7SrhMmKan0ZvfZbCSokdXIqKXpJBsyMluKlGrfspZo=' 'sha256-a/Y0qLI3suo/zdSspLPM3XYZyHQ/HyzkU+2SACIXFIU=' 'sha256-LUgKox452rXraBpWKQanM9IJkB9yVDVPjA9NOMZDwX0=' 'sha256-v9D1AL4ZeEWPtLnz6cSCjU4RCoVABUmnlA1jMs80Vwo=' 'sha256-t1q2eI02TCtyUHnLeAEtIamiBV2kPrtg3lcOmi4T9Bo=' 'sha256-KPqZpJxIOK/hn0ncibH0KsQhpgJfr1XE4KuZn1O40bw=' 'sha256-vzMiyBD+X0XaumfxPMGQ1lRZVT43gOYHcKoW8H6hsFc=' 'sha256-rAt3ixSeC2PosyfAT6YiEg7z4q7ZmuhxJAnGj7zaRZc=' 'sha256-mmyFJTJ7eSc4jJT8YlV+TNIz5efGKmZVmI/ShLjEVME=' 'sha256-q49ipZMfzDvTks6DnvM/Gvujpdv/U7UAbTTfX+M/PzA=' 'sha256-U06Mq1Fecc0ckHcazylRDH5bob/34AGsK1O8YV85zBg=' 'sha256-uMvEP7CR4zJ563H8yVg6JaQUt/PwcybGwUoJbSlz0Xs=' 'sha256-iPvA4ji4P4vC+EngOZ8wDsb6sVKtBccHUols+S5MWdA=' 'sha256-fjHMFxWeQeBgHukSMMZI4O80MhYMDLUgzjoBp2nIx4M=' 'sha256-mG8o+sY7KYDQMCNk2EmLIIgBmtth/uKPCf0nNC25pWU=' 'sha256-7juqMFq3S9fNQDEy9TXQtiHe9lpzvTF2OmfzwbqBvkA=' 'sha256-TNh8x6C6AU8ZKYPWFlDO1bzm4CCQC3VhsIxNkcm5B2U=' 'sha256-lPAJtgkMkEsEqQA2sVVb9P2LPpGTaZxAITDXwg0KHkg=' 'sha256-pvDgMEuqYH1GoJNRXVAn5uaHfIf8ETJuEz2alG7geG8=' 'sha256-14GVpvEEqQeNdT9K9NKCoRcV7snKMWAhXjDuMRh4hw8=' 'sha256-rFCm4WEWndA9p/scjIaMl5sE4yUZVadbUlCaTyeh4Gw=' 'sha256-uvGQyXOSeU64kmrKp2ZJQyAC7CPbtNtOrgS5KGFaCh0=' 'sha256-S6Oz6QPnj+mZk3RR5KMbipDyZuvdQ/GndoFfS3jux5c=' 'sha256-uvGQyXOSeU64kmrKp2ZJQyAC7CPbtNtOrgS5KGFaCh0=' 'sha256-szjCnikSjcdSXge9aWFeQGAQxklq+70lwQpY+NEsqm0=' 'sha256-sNJ1xcBTs/lQFN83f66GJjuqw/nN9N2jCgtU3OWcU1w=' 'sha256-HrAkF4T2c6VGhYWUa3nFkBB3rQg+qSGjr3PoVQqlLIA=' 'sha256-PPy43SEryDU5QTrFfqtJQ7QMlMgMyix1D8FS30CujLg=' 'sha256-V0iGisgiiH5t21Y4MnIlQrpHW37qdhkKuf/f9XOYRJw=' 'sha256-yaOKDwyYU1eAmOHDgEUFgKYUUJbkyu7zZItYmIt/2qM=' 'sha256-wuXCn6rpCZXfbhnBuLnkMW7L3nK3+dqDDDzsXaKvAGI=' 'sha256-VUbVq3OzgKXnH9ODCdovATrTg4O0RmWo12/CL5oJXrU=' 'sha256-4AwkCy/HCow3oDhVZsc3qxDhG2oCzPnot/YLebRETng=' 'sha256-URDWQeS7Gm3p1UPflhs9d522jFJ8ADkW6dR6MLoffpw=' 'sha256-14GVpvEEqQeNdT9K9NKCoRcV7snKMWAhXjDuMRh4hw8=' 'sha256-rFCm4WEWndA9p/scjIaMl5sE4yUZVadbUlCaTyeh4Gw=' 'sha256-uvGQyXOSeU64kmrKp2ZJQyAC7CPbtNtOrgS5KGFaCh0=' 'sha256-OmpEufOZ7zOzcXG7KnIKUeHdJnJiGWwOIW2rA9ru1pg=' 'sha256-PWk0icY3jdbudBIyRQz1gh8dS7K85roK8xW37QEGmkk=' 'sha256-ap9y8vtGO7ojTVB3bzAzZNiPE+EAV6O+u51qh6Ggs7g=' 'sha256-PLbRv1VAW0ehPsAExtqCQE7CNp2Ska+PoKwDTBIqNbM=' 'sha256-LEidDM6Hs+9Vp2VQsRKf6nQC+KxPZQtBHd7fK6Z3DnI=' 'sha256-ayuKn/futD70OwqyazsSl+29kw3B7MNwAUh8zoXx4I4=' 'sha256-14GVpvEEqQeNdT9K9NKCoRcV7snKMWAhXjDuMRh4hw8=' 'sha256-rFCm4WEWndA9p/scjIaMl5sE4yUZVadbUlCaTyeh4Gw=' 'sha256-uvGQyXOSeU64kmrKp2ZJQyAC7CPbtNtOrgS5KGFaCh0=' 'sha256-VfFisQBIgv8pIWQU+r57b19+vCbeIJrIxlSMOZbw4to=' 'sha256-hxw3Ze2/tZSkkst5D6E5mxe5iI5BUhJkCMlBteNGioY=' 'sha256-rouN+NRdG+997UTAP6gH34NDEADlX9UR7kwzT4H/AfA=' 'sha256-6UupI9WmQpnipX37Xln5jUH+mWgCsx/lNTbwGxfaELs=' 'sha256-JXZEUihNjtQJRQDYBoO9L3+SFjoIZ++9ByZkYI8gqcQ=' 'sha256-neX6ScCiPnRKDyvx4uleBZpsZTSeVsPENx71oWxOro4=' 'sha256-6ZLxxbUaDHgBWEDWgvvjydQwSVU6+ypP5hdUz1tFW/g=' 'sha256-IkoHa+DspkCwiNR0DZyL2KNnVw+x1CouRaKDmkKTx80=';style-src 'self' *.facebook.net *.googleapis.com *.typekit.net *.cloudflare.com *.highcharts.com 'unsafe-inline';base-uri 'self';connect-src 'self' *.google-analytics.com;font-src 'self' data: *.typekit.net;frame-src 'self' *.brighterir.com recruitingbypaycor.com *.facebook.com;img-src 'self' data: *.newtarget.net;manifest-src 'self';media-src 'self';worker-src 'self'; 1
default-src 'self' data:; script-src 'self'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com googleads.g.doubleclick.net ajax.googleapis.com *.mouseflow.com platform.illow.io unpkg.com cdn.jsdelivr.net *.google.co.in ; style-src 'self'; style-src-elem 'self' fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com platform.illow.io; style-src-attr 'unsafe-inline'; img-src 'self' www.google.com www.googleadservices.com *.google-analytics.com pagead2.googlesyndication.com; font-src * 'self'; connect-src betaclientapi.nextbee.io firestore.googleapis.com www.google-analytics.com www.googleapis.com ipgeolocation.abstractapi.com platform.illow.io *.mouseflow.com; media-src 'self'; object-src 'self'; frame-src 'self' *.googletagmanager.com player.vimeo.com *.doubleclick.net *.olark.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; report-uri https://nbsetupcsp.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-Q2EYApXZYb6yYJ-QmKbOug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com *.stape.io *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.stape.io *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * apm.przelewy24.pl *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.facebook.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com fonts.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.ampproject.org www.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wB4YOkyvGFvfPrWSukxrnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.apptrian.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.force.com https://player.vimeo.com https://www.linkedin.com 'self' *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://cdn.cookielaw.org https://*.forethought.ai *.cybersource.com *.youtube.es https://acquia--full--c.sandbox.vf.force.com https://*.springcm.com http://adn.acquia.com *.adis.ws https://status.widen.com https://feeds.feedburner.com *.youtube.ie https://www.youtube.com *.cloudinary.com https://dev-adn.acquia.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video https://d3mvpbun2t0ap6.cloudfront.net https://calendar.google.com *.youtube.fr https://*.a.forceusercontent.com https://player.cloudinary.com https://sentry.io https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com *.widencollective.com *.youtube.nl https://agent.acquia.net https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com https://usa326.sfdc-yfeipo.salesforce.com *.arkoselabs.com https://api.mixpanel.com *.youtube-nocookie.com https://www.paypal.com https://gateway.gainsightcloud.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://acquia.gainsightcloud.com *.youtube.com.br https://dev-agent.acquia.net *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://acquia.file.force.com https://fonts.gstatic.com https://checkoutshopper-live.adyen.com/ *.sfdcfc.net *.youtube.ca https://acquia.my.site.com https://location.force.com https://aq112111s.searchunify.com https://aq142201p.searchunify.com *.vidyard.com https://www.gstatic.com/recaptcha/ https://acquia.my.salesforce.com https://geolocation.onetrust.com https://players.brightcove.net https://sfapi-sandbox.formstack.io https://status.acquia.com https://cdn.embedly.com https://embed.widencdn.net https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com https://www.acquia.com https://api.forethought.ai https://acquia.widen.net https://*.a.forceusercontent.com/lightningmaps/ https://www.googletagmanager.com https://www.equusoft.com *.wistia.net https://www.widen.com https://d1z9ryalr1cz6s.cloudfront.net https://www.google-analytics.com *.salesforce.com https://widen.widen.net *.youtube.pl https://sfapi.formstack.io; report-to sfdc-csp-ep; report-uri https://acquia.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D6g000003vCaM&networkId=0DM6g000000eGOT&type=communities 1
default-src 'none'; form-action 'self' *.johndeerevls.com *.johndeerevls.com:*; connect-src 'self' https://*.johndeerevls.com https://*.johndeerevls.com:*; manifest-src 'self' https://*.johndeerevls.com https://*.johndeerevls.com:*; img-src 'self' data: https://akomi.s3.amazonaws.com https://*.johndeerevls.com https://*.johndeerevls.com:*; object-src 'self' https://*.johndeerevls.com https://*.johndeerevls.com:*; child-src 'self' *.johndeerevls.com *.johndeerevls.com:*; font-src 'self' data: https://*.johndeerevls.com https://*.johndeerevls.com:*; media-src 'self' *.johndeerevls.com; frame-ancestors 'self' *.johndeerevls.com; base-uri 'none'; script-src 'self' 'sha256-+NKyqsaQNMoW3QHWb1vbG+nDnSfur02xkVhatiaXaQo=' *.johndeerevls.com *.johndeerevls.com:*; style-src 'self' *.johndeerevls.com *.johndeerevls.com:* 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://www.googletagmanager.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-0w9msYs9Jh2_uB-u075RFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src                                             'self'                                             'unsafe-inline' http://gb-i3z2.iss.netstar-inc.com http://prd-zs-static.nomura.com https://ajax.googleapis.com https://analytics.google.com https://apac.account.amazon.com https://api.helloproteger.com https://b92.yahoo.co.jp https://bam.nr-data.net https://benlyexpress.com https://cameranonaniwa-f-s.snva.jp https://cdn.paidy.com https://cdn.wazzup.me https://cdnjs.cloudflare.com https://checkout-v2.paidy.com https://connect.facebook.net https://d.rcmd.jp https://developers.line.biz https://dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com https://f.msgs.jp https://fonts.googleapis.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://gw-azs7.iss.netstar-inc.com https://im.np-payment-gateway.com https://js-agent.newrelic.com https://m.facebook.com https://m.media-amazon.com https://mail.revico.jp https://media.line.me https://overbridgenet.com https://payments.amazon.co.jp https://payments-fe.amazon.com https://payments-jp.amazon.com https://ping.paidy.com https://platform.twitter.com https://proteger-origin.s3-ap-northeast-1.amazonaws.com https://r6.snva.jp https://region1.analytics.google.com https://sdk.helloproteger.com https://seal.globalsign.com https://show.revico.jp https://social-plugins.line.me https://ssif1.globalsign.com https://static.mul-pay.jp https://static.xx.fbcdn.net https://static-fe.payments-amazon.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tm.msgs.jp https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://video.visumo.jp https://web.facebook.com https://www.facebook.com https://gateway.zscaler.net https://www.google.ca https://www.google.co.jp https://www.google.co.id https://www.google.co.in https://www.google.co.kr https://www.google.co.th https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.hk https://www.google.com.ph https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.ru https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.visumo.jp https://www.youtube.com https://zen.one;                                         img-src                                             'self' https://benlyexpress.com https://cdn.paidy.com https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://m.media-amazon.com https://r6.snva.jp https://s3-ap-northeast-1.amazonaws.com https://seal.globalsign.com https://show.revico.jp https://ssif1.globalsign.com https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://video.visumo.jp https://www.facebook.com https://www.google.ca https://www.google.co.id https://www.google.co.il https://www.google.co.jp https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.hk https://www.google.com.my https://www.google.com.mx https://www.google.com.ph https://www.google.com.sg https://www.google.com.tw https://www.google.com.vn https://www.google.de https://www.google.es https://www.google.ie https://www.google.it https://www.google.pl https://www.google.pt https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.visumo.jp https://zen.one                                             data:;                                         script-src-elem                                             'self'                                             'unsafe-inline' https://ajax.googleapis.com https://apps.paidy.com https://b92.yahoo.co.jp https://cameranonaniwa-f-s.snva.jp https://cdn.paidy.com https://cdn.wazzup.me https://cdnjs.cloudflare.com https://connect.facebook.net https://d.rcmd.jp https://googleads.g.doubleclick.net https://infird.com https://me.kis.v2.scr.kaspersky-labs.com https://media.line.me https://origin-na.ssl-images-amazon.com https://platform.twitter.com https://r6.snva.jp https://sdk.helloproteger.com https://seal.globalsign.com https://show.revico.jp https://ssif1.globalsign.com https://static.mul-pay.jp https://static-fe.payments-amazon.com https://tm.msgs.jp https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.line-website.com https://www.visumo.jp https://zen.one                                             blob:;                                         font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com                                             'self'                                             data:;                                         report-to                                             csp-endpoint; 1
font-src cash-f.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ * *.sharethis.com www.xtento.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.sharethis.com https://cdn.clerk.io *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net *.facebook.com www.google.it *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io cdnjs.cloudflare.com *.clerk.io *.clarity.ms connect.facebook.net *.cloudfront.net *.bing.com www.xtento.com cdn.xtento.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com network.oliunid.jp https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.sharethis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.openstreetmap.org https://maps.googleapis.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com network.oliunid.jp https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3cseWd-GTAbPz5M4_gBc1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com diamondtreats.co.uk 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de diamondtreats.co.uk 'self' 'unsafe-inline'; frame-ancestors diamondtreats.co.uk 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.boldcommerce.com api.staging.boldcommerce.com *.paypal.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.stripe.com *.klarna.com *.weltpixel.com diamondtreats.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com static.boldcommerce.com *.paypal.com www.gstatic.com www.feedoptimise.com cdn.feedoptimise.com validate.fishpig.co.uk *.klarna.com *.klarnaevt.com https://omnisnippet1.com https://wt.soundestlink.com *.gstatic.com diamondtreats.co.uk 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.paypal.com *.paypalobjects.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com *.stripe.com cdn.safecharge.com www.google.com www.gstatic.com jquery.sellxed.com www.feedoptimise.com cdn.feedoptimise.com *.klarna.com *.googleapis.com *.google.com *.gstatic.com *.avada.io https://omnisnippet1.com https://forms.soundestlink.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com diamondtreats.co.uk 'self' 'unsafe-inline' 'unsafe-eval' 'sha256-7nnKyr+RUZ9a44Hg3lYwjgkUx5VyFQwv2ZUhVw6N7J4='; style-src getfirebug.com *.bold.ninja static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.googleapis.com *.google.com *.gstatic.com tagmanager.google.com diamondtreats.co.uk 'self' 'unsafe-inline'; object-src api.boldcommerce.com api.staging.boldcommerce.com 'self' 'unsafe-inline'; media-src diamondtreats.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.boldcommerce.com api.staging.boldcommerce.com eps.secure.staging.boldcommerce.com cashier.boldcommerce.com *.sandbox.braintree-api.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.paypalobjects.com eps.secure.boldcommerce.com static-eps.secure.boldcommerce.com static-eps.secure.staging.boldcommerce.com *.bold.ninja *.cdn-apple.com ppp-test.safecharge.com secure.safecharge.com *.klarnaevt.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.google-analytics.com analytics.google.com diamondtreats.co.uk 'self' 'unsafe-inline'; child-src api.boldcommerce.com api.staging.boldcommerce.com diamondtreats.co.uk 'self' 'unsafe-inline'; default-src diamondtreats.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-r2h6k7VltdlQ4Ak5ubUE1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com/ *.authorize.net *.googleapis.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://redchamps.com maps.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com sce.toogoerp.net sce.toogo.io sce-test.toogoerp.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.google.com/ *.authorize.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.authorize.net *.googleapis.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-CRsWP4LSbPxrNqVJC2p9Xg=='; report-uri https://send.hsbrowserreports.com/csp/report 1
font-src *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.atlassian.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.atlassian.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.atlassian.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.atlassian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; report-uri https://loans2gowebsites.report-uri.com/r/t/csp/wizard 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://accounts.google.com https://connect.facebook.net https://static.cloudflareinsights.com https://cdn.by.wonderpush.com https://sibautomation.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://cloudflareinsights.com https://by.wonderpush.com https://sibautomation.com; frame-src https://www.facebook.com https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self' https://hulmevapes.co.uk; 1
default-src 'self';base-uri 'self';object-src 'none';script-src 'self' 'nonce-NTcyOTY1ODkyOUYxN0E0NDFBQThDQkQzRTU5N0IzRDE' https://cdn.jsdelivr.net https://www.google-analytics.com https://siteimproveanalytics.com;style-src 'self' 'nonce-NTcyOTY1ODkyOUYxN0E0NDFBQThDQkQzRTU5N0IzRDE';img-src 'self' data: https://cdn.jsdelivr.net;font-src 'self' https://cdn.jsdelivr.net;connect-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl;worker-src 'self' blob:;media-src 'self' data:;frame-src https://www.youtube.com https://informatiemodel.istandaarden.nl;frame-ancestors 'self' https://informatiemodel.istandaarden.nl https://cms-o.kiesbeter.nl https://cms-ts.kiesbeter.nl https://cms-ac.kiesbeter.nl https://cms.kiesbeter.nl;form-action 'self';upgrade-insecure-requests; report-uri /services/cspreport; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: fonts.googleapis.com maxcdn.bootstrapcdn.com https://use.typekit.net *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.gstatic.com data: youtube.com www.youtube.com vimeo.com s7.addthis.com googleads.g.doubleclick.net tpc.googlesyndication.com https://www.facebook.com https://*.doubleclick.net https://*.hotjar.com https://*.addthis.com https://*.moneris.com https://*.smartadserver.com https://*.rubiconproject.com https://*.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com maps.gstatic.com www.maps.gstatic.com ssl.gstatic.com maps.googleapis.com developers.google.com www.google-analytics.com www.google.ca www.facebook.com px.ads.linkedin.com stats.g.doubleclick.net www.davinci.tools www15.smartadserver.com creatives.sascdn.com pre.glotgrx.com pagead2.googlesyndication.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.id5-sync.com *.axept.io *.linkedin.com *.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://maps.gstatic.com https://*.bing.com https://c.clarity.ms https://googleads.g.doubleclick.net https://ct.pinterest.com https://*.adsymptotic.com https://*.smartadserver.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com https://*.cookielaw.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com data: maps.googleapis.com www.google.com tagmanager.google.com www.googletagservices.com adservice.google.ca adservice.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net chimpstatic.com snap.licdn.com securepubads.g.doubleclick.net ced.sascdn.com www15.smartadserver.com pixel.yabidos.com ced-ns.sascdn.com pixel.adsafeprotected.com static.adsafeprotected.com pagead2.googlesyndication.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com api-public.addthis.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com id5-sync.com cdn.id5-sync.com *.axept.io *.linkedin.com *.trackedlink.net *.doubleclick.net *.addthis.com *.addthisedge.com *.google.com  *.gstatic.com *.facebook.net *.googleadservices.com *.bing.com *.clarity.ms *.hotjar.com *.google-analytics.com *.googletagmanager.com  *.googletagservices.com *.chimpstatic.com *.gstatic.com  *.googleapis.com  *.paypal.com  *.paypalobjects.com  *.googlesyndication.com *.g.doubleclick.net *.adnxs.com *.pinimg.com *.discus.com *.cookielaw.org *.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://*.cookielaw.org js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com maxcdn.bootstrapcdn.com downloads.mailchimp.com https://*.typekit.net https://static.klaviyo.com *.fontawesome.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com bam.nr-data.net s7.addthis.com m.addthis.com www.facebook.com www.google.ca www.google-analytics.com pagead2.googlesyndication.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.axept.io *.linkedin.com *.smartadserver.com https://*.signifyd.com:* https://analytics.google.com https://www.google-analytics.com https://www.google.ca https://maps.googleapis.com https://*.doubleclick.net https://*.clarity.ms https://*.bing.com https://*.hotjar.com https://*.hotjar.io https://*.addthis.com https://*.facebook.com/ https://*.gstatic.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.cookielaw.org https://*.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.curopayments.net magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com assets.myparcel.nl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.disqus.com *.avada.io *.shopify.com cdnjs.cloudflare.com cdn.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://get.geojs.io *.avada.io api.myparcel.nl cdn.jsdelivr.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/recaptcha/api.js https://translate.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net oxomi.com https://secure.pay1.de https://cdn.logwork.com https://embed.typeform.com https://www.kicktipp.de https://bat.bing.com https://salesviewer.com https://510003359.collect.igodigital.com onsite.optimonk.com gs-cdn.optimonk.com cdn-asset.optimonk.com *.criteo.com app.cookiefirst.com consent.cookiefirst.com *.cookiefirst.com dynamic.criteo.com sslwidget.criteo.com *.criteo.com c.searchhub.io cdn.jsdelivr.net https://sparepart.vaillant-group.com https://code.jquery.com https://img.colons.de/ https://tuerchen.app https://cdn2.tuerchen.app *.drimify.com; report-uri https://glue.colons.de/csp-report; 1
font-src data: cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com https://player.vimeo.com/ *.google.com https://googleads.g.doubleclick.net/ https://www.google.nl/ https://ct.pinterest.com/ consentcdn.cookiebot.com consentcdn.cookiebot.eu www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.multisafepay.com *.doubleclick.net 'self' data: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tawk.to tawk.link *.facebook.com *.gravatar.com https://www.google.nl/ https://imgsct.cookiebot.com/1.gif https://ct.pinterest.com/v3/* https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.google.com *.google.bg *.facebook.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com imgsct.cookiebot.com imgsct.cookiebot.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.tawk.to player.vimeo.com http://player.vimeo.com/api/player.js chimpstatic.com https://connect.facebook.net/ https://webchat.saysimple.io/ *.smooch.io https://s.pinimg.com/ https://ct.pinterest.com/ consent.cookiebot.com consent.cookiebot.eu https://s.pinimg.com/ct/lib/main.742e9fad.js https://s.pinimg.com/ct/core.js https://ct.pinterest.com/static/ct/token_create.js https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com *.list-manage.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.multisafepay.com *.googleapis.com cdn.jsdelivr.net *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com downloads.mailchimp.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com/api/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.multisafepay.com 'self' data: *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com/ *.paypal.com *.tawk.to 'self' ws: *.doubleclick.net https://webchat.saysimple.io/ *.smooch.io *.gravatar.com https://ct.pinterest.com/ consent.cookiebot.com consent.cookiebot.eu https://ct.pinterest.com/* https://ct.pinterest.com/v3/* https://ct.pinterest.com/user/* https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.tiktok.com consentcdn.cookiebot.com consentcdn.cookiebot.eu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-Y3VFh416Cxo-9JATUb3z9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src https://cdn.checkout.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com fonts.gstatic.com cdn.livechat.connexease.com api.connexease.com *.g.doubleclick.net *.tamara.co *.smooch.io cdnjs.cloudflare.com *.personaclick.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.com google.ae *.googletagmanager.com google.com *.uplo.io *.tabby.ai data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com *.youtube.com/ www.google.com www.gstatic.com apis.google.com checkout.tabby.ai 'self' *.paypal.com *.tamara.co *.vimeo.com *.braintreegateway.com td.doubleclick.net *.googletagmanager.com livechat.connexease.com cdn.allinone.connexease.com cdnjs.cloudflare.com tr.snapchat.com *.personaclick.com *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net www.googletagservices.com *.google.com google.com *.uplo.io server-side-tagging-kbxfdsts4q-uc.a.run.app *.tabby.ai *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.tamara.co 'self' 'unsafe-inline' *.g.doubleclick.net *.facebook.com *.snapchat.com preprod.calvinklein.ae preprod.calvinklein.sa preprod.calvinklein.com.kw preprod.calvinklein.om preprod.calvinklein.bh preprod.calvinklein.qa calvinklein.ae calvinklein.sa calvinklein.com.kw calvinklein.om calvinklein.bh calvinklein.qa cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.smooch.io cdnjs.cloudflare.com tr.snapchat.com *.personaclick.com cdn.connexease.com *.googlesyndication.com *.googletagservices.com *.google.com *.google.ae *.google.com.af *.google.com.bh *.google.com.eg *.google.iq *.google.com.jo *.google.com.kw *.google.com.lb *.google.com.om *.google.ps *.google.com.qa *.google.com.sa *.google.com.tr *.google.com.ye *.googletagmanager.com google.com *.uplo.io *.tabby.ai *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.checkout.com *.klarnacdn.net *.cdn-apple.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.googleapis.com *.google.com *.avada.io checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.tamara.co 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.facebook.net *.braintreegateway.com *.adobedtm.com *.g.doubleclick.net tr.snapchat.com *.tiktok.com preprod.calvinklein.ae api.segment.io sc-static.net *.tiktokw.us livechat.connexease.com cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.smooch.io td.doubleclick.net *.googletagmanager.com cdnjs.cloudflare.com *.personaclick.com cdn.connexease.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.ae *.google.com.af *.google.com.bh *.google.com.eg *.google.iq *.google.com.jo *.google.com.kw *.google.com.lb *.google.com.om *.google.ps *.google.com.qa *.google.com.sa *.google.com.tr *.google.com.ye google.com *.uplo.io *.hotjar.com *.contentsquare.net wss://*.hotjar.com *.hotjar.io *.tabby.ai https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com *.tamara.co fonts.googleapis.com 'self' 'unsafe-inline' livechat.connexease.com preprod.calvinklein.ae cdn.allinone.connexease.com cdn.livechat.connexease.com api.connexease.com *.g.doubleclick.net *.smooch.io cdnjs.cloudflare.com tr.snapchat.com *.personaclick.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.google.ae *.google.com.eg *.google.com.lb *.googletagmanager.com google.com *.uplo.io *.tabby.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tamara.co 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://js.checkout.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.tamara.co 'self' *.braintreegateway.com *.facebook.net tr.snapchat.com get.geojs.io tr6.snapchat.com *.tiktok.com *.tiktokw.us cdn.sift.com api.braintreegateway.com livechat.connexease.com api.connexease.com cdn.livechat.connexease.com *.g.doubleclick.net *.smooch.io cdnjs.cloudflare.com *.personaclick.com *.googlesyndication.com *.googletagservices.com *.google.com *.google.ae *.google.com.eg *.google.com.lb google.com/pay *.googletagmanager.com server-side-tagging-kbxfdsts4q-uc.a.run.app *.uplo.io google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.contentsquare.net *.tabby.ai 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp-reporting-service.com/my-project/endpoint; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com 'self' data: *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.chicagoautobodyparts.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://secure.networkmerchants.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.chicagoautobodyparts.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.iubenda.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.chicagoautobodyparts.com guarantee-cdn.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://www.facebook.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://secure.networkmerchants.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.cloudflare.com guarantee-cdn.com *.googletagmanager.com *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.klaviyo.com unpkg.com *.doubleclick.net https://connect.facebook.net *.googleapis.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://secure.networkmerchants.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com assets.braintreegateway.com *.googleapis.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.chicagoautobodyparts.com *.cloudflare.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com *.chicagoautobodyparts.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://secure.networkmerchants.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.doubleclick.net *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co wss://socket.tidio.co *.tidiochat.com *.onesignal.com onesignal.com *.cookie-script.com *.chicagoautobodyparts.com *.wesupply.xyz *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.run.app https://www.facebook.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-Eyw5hxhTkSMGpKRH4ITRsb91' *.cookiebot.com; style-src 'self' *.typography.com *.fiafoundation.org data: 'unsafe-inline' *.craftedbeta.co.uk; img-src 'self' data: *.google.co.uk *.google.com *.google-analytics.com *.gstatic.com *.youtube.com *.umbraco.com *.vimeocdn.com; frame-ancestors 'self'; connect-src 'self' *.googleapis.com *.google.com *.google.co.uk *.google-analytics.com *.cookiebot.com *.umbraco.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com *.cookiebot.com *.youtube-nocookie.com; font-src 'self' data:; manifest-src 'self'; object-src 'self'; media-src 'self'; report-uri https://fiaf.report-uri.com/r/d/csp/wizard; report-to wizard; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.googleapis.com *.salesfire.co.uk *.klarnacdn.net www.anchorpumps.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com * www.anchorpumps.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io www.anchorpumps.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.rabobank.nl *.s-id-check-sparkassen.de *.sparkassen-kreditkarten.de *.mbank.pl *.secure2gw.ro *.btrl.ro *.cafis-paynet.jp *.borica.bg *.fibank.bg *.cic.fr *.zaba.hr *.citibank.co.in *.centrum24.pl *.bankmillennium.pl *.icps.mu *.egolomt.mn *.lcl.fr *.ctbcbank.com *.qiwi.com *.postfinance.ch *.citadele.lv *.kib.com.kw *.cathaybk.com.tw *.pkobp.pl *.acdcproc.com *.abanca.com *.n26.com *.klikbca.com *.psa.at *.sumup.com *.eglobal.com.mx *.pl.ing.com *.qnb.com *.rpc-raiffeisen.com *.sebkort.com *.ocbc.com *.tapngo.com.hk *.stcpay.com.sa *.creditmutuel.fr *.luottokunta.fi *.swedbank.se *.unibank.am *.estcard.ee *.hyundaicard.com *.privatbank.ua *.fssnet.co.in *.kbcard.com *.luminorgroup.com *.mashreq.com *.mercurypaymentservices.it *.moneta.cz *.sensebank.com.ua *.sibs.pt *.stripeauthentications.com *.dskbank.bg *.otpbank.hu *.techcombank.com.vn *.touch.tech *.asseco-see.hr *.3dsecure-csas.cz *.cyris.com *.secureacs.com *.acb.com.vn https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.salesfire.co.uk *.trustpilot.com www.xtento.com www.anchorpumps.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://cdn.clerk.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.salesfire.co.uk www.xtento.com cdn.xtento.com www.anchorpumps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://api.clerk.io https://cdn.clerk.io https://custom.clerk.io *.stripe.com *.sagepay.com *.opayo.eu.elavon.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.salesfire.co.uk *.trustpilot.com www.xtento.com cdn.xtento.com www.anchorpumps.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://api.clerk.io https://cdn.clerk.io *.stripe.com *.google.com *.sagepay.com *.opayo.eu.elavon.com assets.braintreegateway.com *.salesfire.co.uk *.typekit.net *.trustpilot.com www.anchorpumps.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.anchorpumps.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.sagepay.com *.opayo.eu.elavon.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.salesfire.co.uk *.smartmetrics.co.uk www.anchorpumps.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.anchorpumps.com http: https: blob: 'self' 'unsafe-inline'; default-src www.anchorpumps.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com/ *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.ditonlinebetalingssystem.dk *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.ditonlinebetalingssystem.dk *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.google.com/ *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.wood-online.dk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com https://firebasestorage.googleapis.com maps.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.wood-online.dk *.ditonlinebetalingssystem.dk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdnjs.cloudflare.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com *.trustpilot.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.wood-online.dk https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://core.helloretail.com https://helloretailcdn.com *.google-analytics.com *.facebook.com *.facebook.net *.wood-online.dk *.aws.dk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-tAdhdNjYiSI9dOsPPrC8sA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com.au ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com *.zdassets.com sanalytics.spreadshirt.com.au *.spreadshirt.com.au ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com wss://*.zendesk.com *.spreadshirt.com.au ; font-src 'self' https: data: *.spreadshirt.com.au ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com.au ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com.au ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
object-src 'none';base-uri 'self';script-src 'nonce-AkycoSsy8EEjTeCn4ItiHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com 'self' data: https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://cc.aiads.pl https://www.icbm.pl *.hsforms.net *.hsforms.com 'self' data: https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net https://cc.aiads.pl *.hsforms.net *.hsforms.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://cc.aiads.pl *.gstatic.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://cc.aiads.pl t.elasticsuite.io *.hsforms.net *.hsforms.com https://secure.tpay.com https://secure.sandbox.tpay.com https://tpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-d4HBN5398dF7Ubr43dcPBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'   ;   media-src 'self' http: https:   ;   connect-src 'self' http: https:   ;   frame-src 'self' http: https:   ;   font-src 'self' http: https: data:  ;   img-src 'self' http: https: data:  ;   script-src 'self' 'unsafe-inline' 'unsafe-eval'     http://tagmanager.google.com     http://api.b.st-hatena.com     http://bookmark.hatenaapis.com     http://b.st-hatena.com     http://www.google.com     http://*.google-analytics.com     http://*.g.doubleclick.net     http://www.googleadservices.com     http://www.googletagmanager.com     http://graph.facebook.com     http://ajax.googleapis.com     http://api.docodoco.jp     http://svss.tv     http://s.yjtag.jp     http://yjtag.yahoo.co.jp     http://bake.surfpoint.jp     http://connect.facebook.net     http://*.eir-parts.net     http://cdnjs.cloudflare.com     http://s.ytimg.com     http://www.pagespeed-mod.com     http://www.clarity.ms     http://d.line-scdn.net     https://tagmanager.google.com     https://api.b.st-hatena.com     https://bookmark.hatenaapis.com     https://b.st-hatena.com     https://www.google.com     https://*.google-analytics.com     https://*.g.doubleclick.net     https://www.googleadservices.com     https://www.googletagmanager.com     https://graph.facebook.com     https://ajax.googleapis.com     https://api.docodoco.jp     https://svss.tv     https://s.yjtag.jp     https://yjtag.yahoo.co.jp     https://bake.surfpoint.jp     https://connect.facebook.net     https://*.eir-parts.net     https://cdnjs.cloudflare.com     https://s.ytimg.com     https://www.pagespeed-mod.com     https://www.clarity.ms     https://d.line-scdn.net   ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     http://tagmanager.google.com     http://api.b.st-hatena.com     http://bookmark.hatenaapis.com     http://b.st-hatena.com     http://www.google.com     http://*.google-analytics.com     http://*.g.doubleclick.net     http://www.googleadservices.com     http://www.googletagmanager.com     http://graph.facebook.com     http://ajax.googleapis.com     http://api.docodoco.jp     http://svss.tv     http://s.yjtag.jp     http://yjtag.yahoo.co.jp     http://bake.surfpoint.jp     http://connect.facebook.net     http://*.eir-parts.net     http://cdnjs.cloudflare.com     http://s.ytimg.com     http://www.pagespeed-mod.com     http://www.clarity.ms     http://d.line-scdn.net     https://tagmanager.google.com     https://api.b.st-hatena.com     https://bookmark.hatenaapis.com     https://b.st-hatena.com     https://www.google.com     https://*.google-analytics.com     https://*.g.doubleclick.net     https://www.googleadservices.com     https://www.googletagmanager.com     https://graph.facebook.com     https://ajax.googleapis.com     https://api.docodoco.jp     https://svss.tv     https://s.yjtag.jp     https://yjtag.yahoo.co.jp     https://bake.surfpoint.jp     https://connect.facebook.net     https://*.eir-parts.net     https://cdnjs.cloudflare.com     https://s.ytimg.com     https://www.pagespeed-mod.com     https://www.clarity.ms     https://d.line-scdn.net   ;   style-src 'self' 'unsafe-inline'     http://tagmanager.google.com     http://fonts.googleapis.com     http://svss.tv     http://*.eir-parts.net     https://tagmanager.google.com     https://fonts.googleapis.com     https://svss.tv     https://*.eir-parts.net     https://cdn.jsdelivr.net   ;   report-uri     https://strike.report-uri.com/r/d/csp/reportOnly   ; 1
font-src https://www.google.com *.force.com https://fonts.gstatic.com/ 'self' https://use.typekit.net https://stats.g.doubleclick.net https://p.typekit.net https://td.doubleclick.net https://isc22.my.site.com https://www.google.co.in blob: https://iamcybersafe.org https://www.iamcybersafe.org https://www.googletagmanager.com https://publuu.com https://www.google-analytics.com https://isc22--c.vf.force.com *.salesforce.com data:; report-to sfdc-csp-ep; report-uri https://isc22.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00DHu000002h3KR&networkId=0DMHu0000009NbC&type=communities 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com data: blob: *.klevu.com *.klarnacdn.net *.klarnaevt.com *.acsbapp.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de data: blob: *.cybersource.com www.facebook.com *.cookielaw.org *.klarnacdn.net *.klarnaevt.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de data: blob: *.paypalobjects.com *.cybersource.com www.facebook.com *.cookielaw.org *.hotjar.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.pinterest.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googleapis.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com blob: *.magentocommerce.com *.googleadservices.com *.googletagmanager.com *.google.ae *.google.as *.google.at *.google.ca *.google.co.id *.google.co.ke *.google.co.uk *.google.co.zm *.google.com *.google.de *.google.fr *.google.hu *.google.iq *.google.it *.google.jo *.google.kz *.google.se *.google.tt *.google.com.au *.google.com.br *.google.com.co *.google.com.mx *.google.com.my *.google.com.pa *.google.com.ph *.google.com.pr *.google.com.sg *.google.com.tr *.cookielaw.org *.addthis.com *.doubleclick.net *.hellobar.com *.rubiconproject.com *.paypalobjects.com *.klevu.com *.hestage.com *.cybersource.com www.facebook.com *.bing.com *.linkedin.com *.twitter.com *.instagram.com *.prfct.co *.adsymptotic.com *.adnxs.com *.openx.net *.yahoo.com *.nr-data.net *.bigcommerce.com *.stovercompany.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kaltura.com *.pinterest.com *.acsbapp.com *.googleapis.com paradoxlabs.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.io geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com data: blob: *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.adobedc.net *.adobedtm.net *.adobedtm.com *.authorize.net *.paypal.com *.paypalobjects.com *.signifyd.com *.gstatic.com *.doubleclick.net *.hellobar.com *.klevu.com *.cybersource.com *.windows.net *.jquery.com www.facebook.com *.onetrust.com *.cookielaw.org *.licdn.com *.hotjar.com *.bing.com *.marinsm.com *.optimizely.com *.bronto.com *.prfct.co *.hotjar.io *.klaviyo.com *.acsbapp.com acsbapp.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.kaltura.com *.pinimg.com *.pinterest.com *.klarna.com x.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com downloads.mailchimp.com data: blob: *.googleapis.com *.klevu.com *.windows.net *.facebook.net *.cookielaw.org *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de form-assets.mailchimp.com *.intuit.com *.amazonaws.com data: blob: *.magento.com *.adobedtm.com *.adobedc.net *.doubleclick.net *.ksearchnet.com *.cybersource.com *.onetrust.com *.cookielaw.org *.optimizely.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.bing.com www.facebook.com *.instagram.com *.acsbapp.com acsbapp.com https://acsbapp.com *.klarnaservices.com *.googleapis.com *.klarnacdn.net *.klarnaevt.com *.pinterest.com x.klarnacdn.net *.klarna.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://46ed9a00c1000e800e17046bbda2a424.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-a72FuxAweySsq1M_obh_KQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-CZslnzbFulLm_utrrfjjQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x8_GJpkK1X_8cwIZxmbhfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src  'none'; connect-src 'self' *.dfxtra.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.dfxtra.com join.gammasecure.com; script-src 'self' *.dfxtra.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.dfxtra.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net www.facebook.com https://cdn.consentmanager.net https://delivery.consentmanager.net connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net unsafe-inline 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com maxcdn.bootstrapcdn.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * www.google.com *.weltpixel.com https://plumrocket.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * https://images.unsplash.com *.analytics.google.com *.equiline.it *.google-analytics.com *.google.it ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.googleapis.com *.iubenda.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.hotjar.com unsafe-inline chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.iubenda.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cash.app unsafe-inline downloads.mailchimp.com maxcdn.bootstrapcdn.com *.googleapis.com https://fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com * https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.googlesyndication.com *.equiline.it form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.googleapis.com *.iubenda.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com maps.googleapis.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-nGLw6AoBNj68xDKxe1mkAw==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
default-src 'self'; report-uri https://csp-reports.security.fastly-edge.com/r?id=wwvCVZD6aUBHQbAAjW8pVn&inv=0 1
default-src 'none'; report-uri /api/csp-report; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://a-us.storyblok.com ; script-src 'self' ; script-src-elem 'self' https://www.googletagmanager.com https://www.gstatic.com; style-src 'self'; style-src-elem 'self' https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-00FcStnnV12Q00rfnI9B1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src c.imedia.cz c.seznam.cz s2.adform.net connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com widget.packeta.com ssl.heureka.cz 1gr.cz c.seznam.cz www.zbozi.cz cdn.cpex.cz sdk.privacy-center.org sgtm.signals.cz rec.smartlook.com cnc.daktela.com widget-v2.smartsuppcdn.com www.smartsuppchat.com *.smartsupp.com *.smartsuppcdn.com *.smartlook.com *.smartsuppchat.com spir.hit.gemius.pl a.opmnstr.com track.adform.net widget.packeta.com ssl.heureka.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com www.google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com *.im9.cz im9.cz 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem *.im9.cz im9.cz www.zbozi.cz *.smartlook.com rec.smartlook.com widget-v2.smartsuppcdn.com *.smartsuppcdn.com script.hotjar.com www.obchod.crew.cz api.mapy.cz c.imedia.cz c.seznam.cz s2.adform.net connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com widget.packeta.com ssl.heureka.cz api.mapy.cz www.googleadservices.com www.googleadservices.com 2.adform.net www.googletagmanager.com track.adform.net 1gr.cz 'self' 'unsafe-inline'; style-src translate.googleapis.com *.smartsuppcdn.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; style-src-elem fonts.googleapis.com *.smartsuppcdn.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; report-uri /csp 1
script-src 'self' blob: https://prod-bk-web.mx.rbi.tools/en/static/js/vendor.c6d094f0.js https://prod-bk-web.mx.rbi.tools/en/static/js/main.359aa79c.js https://prod-bk-web.mx.rbi.tools/en/static/js/runtime.0a4771a3.js https://*.mparticle.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onetrust.com https://static.ads-twitter.com https://platform.twitter.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://dynamic.criteo.com https://rules.quantcount.com https://cdn.branch.io https://app.link https://*.cdn4.forter.com https://dlthst9q2beh8.cloudfront.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://pagead2.googlesyndication.com https://cdn.amplitude.com https://accounts.google.com https://appleid.cdn-apple.com https://analytics.tiktok.com https://c.amazon-adsystem.com https://js.adsrvr.org https://maps.googleapis.com https://googleads.g.doubleclick.net https://static.zdassets.com https://bat.bing.com https://cdn-st.adsmurai.com https://www.youtube.com https://player.vimeo.com https://prod-bk-web.mx.rbi.tools/en/static/js/vendor.bfe29952.js https://prod-bk-web.mx.rbi.tools/en/static/js/main.6e85da00.js https://prod-bk-web.mx.rbi.tools/en/static/js/runtime.9dc77205.js; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; report-uri https://intl-csp-service.rbictg.com/report 1
object-src 'none';base-uri 'self';script-src 'nonce-8ga5sHUoTlyNSrSJ3FJFQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; child-src blob: https://*; connect-src blob: 'self' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://apiv2.webdamdb.com/oauth2/token  https://dam.bynder.com https://sentry10.bynder.cloud https://api2.amplitude.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com https://fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com/ https://*.courier.com/ wss://*.courier.com https://api.eu1.honeycomb.io; font-src https://* data:; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud  https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net https://fast.appcues.com https://browser.sentry-cdn.com https://bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com https://*.heap-api.com/; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://static.bynder.cloud https://fonts.googleapis.com https://bynder-static.s3.amazonaws.com https://fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://heapanalytics.com https://*.heapanalytics.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e&sentry_environment= 1
object-src 'none';base-uri 'self';script-src 'nonce-Vf-RQAy4eM4vDxdM1vUpnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.paqato.com *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.hsforms.com *.v-psp.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://www.googletagmanager.com/ js.mollie.com ad4m.at widget.trustpilot.com *.ad-srv.net *.doubleclick.net *.walls.io *.hsforms.com consentcdn.cookiebot.com accounts.google.com *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com cdn.dogslove.com cdn.catslove.com cdn.wow.pet cdn.purenature.pet track-eu1.hubspot.com forms-eu1.hsforms.com as.ad4m.at ad.doubleclick.net track.adform.net *.adscale.de *.bing.com *.casalemedia.com *.clarity.ms *.contentsquare.net *.doubleclick.net *.facebook.com *.google.com *.googleapis.com *.linkedin.com *.paqato.com *.posthog.com *.pubmatic.com *.smartadserver.com *.twiago.com www.google.at www.google.be www.google.cl www.google.co.in www.google.co.kr www.google.co.uk www.google.co.za www.google.de www.google.es www.google.fr www.google.it www.google.nl www.google.rs www.google.tn www.google.al www.google.bg www.google.ca www.google.ch www.google.com.ar www.google.com.au www.google.com.bd www.google.com.cy www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.py www.google.com.ua www.google.dk www.google.hu www.google.lu www.google.pl www.google.pt www.google.ru www.google.se www.google.si www.google.sk imgsct.cookiebot.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com jquery.sellxed.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdn.ablyft.com https://tr.mediards.com http://tr.mediards.com js.mollie.com widget.trustpilot.com js-eu1.hsforms.net js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net dogslove.com *.dogslove.com ad4m.at cdn.ablyft.com www.amcharts.com *.clarity.ms *.contentsquare.net *.googleapis.com *.licdn.com *.paqato.com *.posthog.com *.pinterest.com *.tiktok.com unpkg.com *.doubleclick.net consent.cookiebot.com consentcdn.cookiebot.com player.vimeo.com *.bing.com scripts.luigisbox.tech cdn.luigisbox.tech live.luigisbox.tech api.luigisbox.tech https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.avada.io *.shopify.com accounts.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.trustpilot.com www.xtento.com cdn.xtento.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.paqato.com scripts.luigisbox.tech cdn.luigisbox.tech live.luigisbox.tech api.luigisbox.tech https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.fontawesome.com https://fonts.bunny.net accounts.google.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ spc.dogslove.com spc.catslove.com spc.wow.pet http://localhost:9090 js-eu1.hsforms.net forms-eu1.hsforms.com forms-eu1.hubspot.com widget.trustpilot.com forms-eu1.hscollectedforms.net *.dogslove.com dogslove.com *.ablyft.com *.clarity.ms *.contentsquare.net *.doubleclick.net *.google.com *.googleapis.com *.linkedin.com *.paqato.com *.posthog.com *.tiktok.com consentcdn.cookiebot.com consent.cookiebot.com scripts.luigisbox.tech cdn.luigisbox.tech live.luigisbox.tech api.luigisbox.tech bat.bing.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com https://get.geojs.io *.avada.io accounts.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.dogslove.com www.catslove.com www.wow.pet www.purenature.pet b2b.dogslove.com dogslove.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.alothemes.com *.magepow.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca www.facebook.com platform.twitter.com *.tawk.to *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com www.apptrian.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.alothemes.com *.magepow.com *.tawk.to *.clarity.ms blob: store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com *.alothemes.com *.magepow.com cdn.jsdelivr.net www.clarity.ms *.tawk.to wss://*.tawk.to player.vimeo.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.paypal.com *.ytimg.com vimeocdn.com *.aptrinsic.com *.braintreegateway.com *.gstatic.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.alothemes.com *.magepow.com *.tawk.to cdn.jsdelivr.net *.aptrinsic.com assets.braintreegateway.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com *.tawk.to wss://*.tawk.to *.clarity.ms *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; child-src 'none'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-src 'none'; frame-ancestors 'none'; img-src 'self'; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self'; report-to csp-endpoint; report-uri https://csp.urown.net/report 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.synaxon.com https://stackpath.bootstrapcdn.com https://*.gstatic.com https://*.adform.net https://*.google.com https://www.youtube.com https://*.googlesyndication.com https://*.twitter.com https://widget.tabnav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com https://stackpath.bootstrapcdn.com; img-src 'self' data: 'self' data: https: https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://*.gstatic.com https://px.ads.linkedin.com https://www.facebook.com https://*.google.com https://www.google.de https://www.googletagmanager.com; font-src 'self' data: https://*.gstatic.com https://static2.sharepointonline.com https://*.wp.com; connect-src 'self' https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://px.ads.linkedin.com https://region1.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.clarity.ms https://analytics.synaxon.com https://web-api.synaxon.de https://www.facebook.com https://www.google-analytics.com https://region1.analytics.google.com https://*.adform.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.hotjar.io wss://*.hotjar.com https://analytics.google.com https://*.googlesyndication.com https://widget-config.tabnav.com; media-src 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; report-uri /csp-report-endpoint; 1
object-src  'none'; connect-src 'self' *.lethalhardcore.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.lethalhardcore.com join.gammasecure.com; script-src 'self' *.lethalhardcore.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.lethalhardcore.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
img-src https://higherlogicdownload.s3.amazonaws.com/IPWEA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IPWEA/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/IPWEA/ blob: https://d132x6oi8ychic.cloudfront.net 'self' https://yipwea.org; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IPWEA/ https://higherlogicdownload.s3.amazonaws.com/IPWEA/ https://higherlogiclongterm.s3.amazonaws.com/IPWEA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/IPWEA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IPWEA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/IPWEA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/IPWEA/ https://higherlogicdownload.s3.amazonaws.com/IPWEA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IPWEA/ https://higherlogicstream.s3.amazonaws.com/IPWEA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/IPWEA/ https://higherlogicdownload.s3.amazonaws.com/IPWEA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/IPWEA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src  'none'; connect-src 'self' *.adulttime.com cognito-identity.us-east-1.amazonaws.com backend.getbeamer.com *.comm100.io *.algolia.net insights.algolia.io *.algolianet.com *.gammaapis.com *.gammacdn.com analytics.google.com *.google-analytics.com adservice.google.com *.analytics.google.com *.doubleclick.net *.pubnub.com *.lovense.com *.handyfeeling.com www.gammaentertainment.com *.tiypa.com *.recombee.us dasasoveekepl.cloudfront.net capture.trackjs.com ws: jlduihq7lrcdxgw4vrndhdfcsq.appsync-api.us-east-1.amazonaws.com tcs4u525zrg5hnnoe5kzndxuaq.appsync-api.us-east-1.amazonaws.com xtnzefcqrb.execute-api.us-east-1.amazonaws.com 2aed6ghjsb4436qtebuqk3gfzq0xeauy.lambda-url.us-east-1.on.aws lzzos7clo5.execute-api.us-east-1.amazonaws.com *.izooto.com www.idealgasm.com 3tt0xhv5u7.execute-api.us-east-1.amazonaws.com; form-action 'self' *.adulttime.com join.gammasecure.com; script-src 'self' *.adulttime.com app.getbeamer.com static.getbeamer.com blob: vue.comm100.com standby.comm100vue.com *.gammacdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com code.jquery.com d3a3ewgd1iewwz.cloudfront.net cdn.izooto.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' *.adulttime.com push.getbeamer.com app.getbeamer.com www.google.com *.doubleclick.net cdn.izooto.com *.banhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub787d5a6164b329b26f2e4f7956bbed10&dd-evp-origin=content-security-policy&ddsource=csp-prod&ddtags=CSP-Prod; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com *.cdnfonts.com *.slant.co data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.adnxs.com *.cookiebot.com d2rfa446ja7yzb.cloudfront.net *.fbcdn.net www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.ba www.google.be www.google.bj www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.za www.google.co.zm www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tn google.com *.google.com nijhofbaarn.nl *.nijhofbaarn.nl *.pinterest.com *.shopify.com *.ytimg.com data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.sharethis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com https://chimpstatic.com *.calendly.com *.cookiebot.com *.getflowbox.com *.pinimg.com *.pinterest.com *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com assets.braintreegateway.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com *.cookiebot.com *.getflowbox.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9a4c0d88-eba9-461e-ba4e-f9cd9c0c2419.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-report.php 1
default-src 'self' *.creditvidya.com *.prefr.com getpostings-tpma6xih7q-uc.a.run.app getpostingswithid-tpma6xih7q-uc.a.run.app *.google-analytics.com google-analytics.com google-analytics.com/collect google-analytics.com/analytics.js;  frame-src 'self' *.creditvidya.com *.prefr.com google-analytics.com google-analytics.com/collect google-analytics.com/analytics.js;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.creditvidya.com *.prefr.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com/collect google-analytics.com/analytics.js ajax.googleapis.com;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.creditvidya.com *.prefr.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com/collect google-analytics.com/analytics.js ajax.googleapis.com;  img-src 'self' *.creditvidya.com *.prefr.com *.google-analytics.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.creditvidya.com *.prefr.com;  style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.creditvidya.com *.prefr.com;  font-src 'self' fonts.gstatic.com *.creditvidya.com *.prefr.com data:; report-to /_/csp-report 1
font-src *.fontawesome.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com *.fontawesome.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; base-uri 'none'; font-src 'self' https://fonts.gstatic.com/s/googlesans/; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; script-src 'self' 'sha256-aE1VoIKM7NzE/nq3TesJCHKlwbhd0dYbp50DQARApR8=' 'sha256-ey1uc96C+H8psALGkw8UrspEXsI6Xp077fi/puyfKAs=' 'sha256-i0Tr6hD+qNX/tLJ1UmabRdBp+kV5Xu6bbmQjPNqZR6E=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://www.google.com/pagead/conversion_async.js https://bitcoin-store.ladesk.com/scripts/ https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://pay.google.com/gp/p/js/pay.js https://delivery.consent.hr/delivery/cmp.php https://delivery.consent.hr/delivery/js/ https://cdn.consent.hr/delivery/js/ https://cdn.consent.hr/delivery/customdata/ https://hosted.paysafe.com/js/v1/latest/paysafe.min.js *.doubleclick.net/ 'unsafe-inline' ; img-src 'self' data: http: https:; frame-src *.youtube.com *.ladesk.com *.google.com https://cdn.consent.hr *.paysafe.com *.bitstore.net *.googletagmanager.com/ *.doubleclick.net/; connect-src 'self' https://sapi.bitstore.net wss://sapi.bitstore.net https://google.com/pay https://apple.com/apple-pay *.google.com/pay *.googletagmanager.com/ *.google-analytics.com/ *.doubleclick.net/ *.google.com/ *.google.ad/ *.google.ae/ *.google.com.af/ *.google.com.ag/ *.google.com.ai/ *.google.al/ *.google.am/ *.google.co.ao/ *.google.com.ar/ *.google.as/ *.google.at/ *.google.com.au/ *.google.az/ *.google.ba/ *.google.com.bd/ *.google.be/ *.google.bf/ *.google.bg/ *.google.com.bh/ *.google.bi/ *.google.bj/ *.google.com.bn/ *.google.com.bo/ *.google.com.br/ *.google.bs/ *.google.bt/ *.google.co.bw/ *.google.by/ *.google.com.bz/ *.google.ca/ *.google.cd/ *.google.cf/ *.google.cg/ *.google.ch/ *.google.ci/ *.google.co.ck/ *.google.cl/ *.google.cm/ *.google.cn/ *.google.com.co/ *.google.co.cr/ *.google.com.cu/ *.google.cv/ *.google.com.cy/ *.google.cz/ *.google.de/ *.google.dj/ *.google.dk/ *.google.dm/ *.google.com.do/ *.google.dz/ *.google.com.ec/ *.google.ee/ *.google.com.eg/ *.google.es/ *.google.com.et/ *.google.fi/ *.google.com.fj/ *.google.fm/ *.google.fr/ *.google.ga/ *.google.ge/ *.google.gg/ *.google.com.gh/ *.google.com.gi/ *.google.gl/ *.google.gm/ *.google.gr/ *.google.com.gt/ *.google.gy/ *.google.com.hk/ *.google.hn/ *.google.hr/ *.google.ht/ *.google.hu/ *.google.co.id/ *.google.ie/ *.google.co.il/ *.google.im/ *.google.co.in/ *.google.iq/ *.google.is/ *.google.it/ *.google.je/ *.google.com.jm/ *.google.jo/ *.google.co.jp/ *.google.co.ke/ *.google.com.kh/ *.google.ki/ *.google.kg/ *.google.co.kr/ *.google.com.kw/ *.google.kz/ *.google.la/ *.google.com.lb/ *.google.li/ *.google.lk/ *.google.co.ls/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.com.ly/ *.google.co.ma/ *.google.md/ *.google.me/ *.google.mg/ *.google.mk/ *.google.ml/ *.google.com.mm/ *.google.mn/ *.google.ms/ *.google.com.mt/ *.google.mu/ *.google.mv/ *.google.mw/ *.google.com.mx/ *.google.com.my/ *.google.co.mz/ *.google.com.na/ *.google.com.ng/ *.google.com.ni/ *.google.ne/ *.google.nl/ *.google.no/ *.google.com.np/ *.google.nr/ *.google.nu/ *.google.co.nz/ *.google.com.om/ *.google.com.pa/ *.google.com.pe/ *.google.com.pg/ *.google.com.ph/ *.google.com.pk/ *.google.pl/ *.google.pn/ *.google.com.pr/ *.google.ps/ *.google.pt/ *.google.com.py/ *.google.com.qa/ *.google.ro/ *.google.ru/ *.google.rw/ *.google.com.sa/ *.google.com.sb/ *.google.sc/ *.google.se/ *.google.com.sg/ *.google.sh/ *.google.si/ *.google.sk/ *.google.com.sl/ *.google.sn/ *.google.so/ *.google.sm/ *.google.sr/ *.google.st/ *.google.com.sv/ *.google.td/ *.google.tg/ *.google.co.th/ *.google.com.tj/ *.google.tl/ *.google.tm/ *.google.tn/ *.google.to/ *.google.com.tr/ *.google.tt/ *.google.com.tw/ *.google.co.tz/ *.google.com.ua/ *.google.co.ug/ *.google.co.uk/ *.google.com.uy/ *.google.co.uz/ *.google.com.vc/ *.google.co.ve/ *.google.vg/ *.google.co.vi/ *.google.com.vn/ *.google.vu/ *.google.ws/ *.google.rs/ *.google.co.za/ *.google.co.zm/ *.google.co.zw/ *.google.cat/; report-uri https://sapi.bitstore.net/api/v2/csp-report; 1
default-src 'self' data: *.analytics.google.com *.cms-eqs.com *.google-analytics.com *.google.ae *.google.at *.google.be *.google.bg *.google.bs *.google.ca *.google.ch *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.uz *.google.co.za *.google.com *.google.com.au *.google.com.eg *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.mx *.google.com.ng *.google.com.ni *.google.com.nl *.google.com.om *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.vn *.google.cz *.google.de *.google.ee *.google.fi *.google.fr *.google.gr *.google.hr *.google.ht *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.lu *.google.lv *.google.nl *.google.no *.google.pl *.google.pt *.google.rs *.google.ru *.google.se *.google.si *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-collectedforms.net *.hs-forms.com *.hs-leadflows.net *.hs-sites-eu1.com *.hs-sites.com *.hscta.net *.hsforms.com *.hsforms.net *.hubapi.com *.hubspot.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspotvideo.com *.linkedin.com *.northerndata.de *.northerndata.ai *.teamlewis.dev *.twitter.com *.ucweb.com *.usercentrics.com *.usercentrics.eu 139603300.fs1.hubspotusercontent-eu1.net 143488230.fs1.hubspotusercontent-eu1.net 145170326.fs1.hubspotusercontent-eu1.net 24977394.fs1.hubspotusercontent-eu1.net 26683789.fs1.hubspotusercontent-eu1.net 7528302.fs1.hubspotusercontent-na1.net 7528315.fs1.hubspotusercontent-na1.net android-webview-video-poster: eqs-cockpit.com fonts.gstatic.com googleads.g.doubleclick.net hubspot-forms-static-embed-eu1.s3.amazonaws.com hubspot-forms-static-embed.s3.amazonaws.com i.vimeocdn.com link.cockpit.eqs.com runway-static-assets.s3.amazonaws.com static.hsappstatic.net t.co uct.service.usercentrics.eu; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com challenges.cloudflare.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com *.hubspot.net *.hubspotfeedback.com *.recaptcha.net *.twitter.com *.usemessages.com *.usercentrics.eu cdn.ampproject.org cdn.jsdelivr.net/npm/@splidejs/ cdn.jsdelivr.net/npm/basiclightbox@5.0.4/ cdnjs.cloudflare.com charts3.equitystory.com connect.facebook.net feedback-eu1.hubapi.com feedback.hubapi.com googleads.g.doubleclick.net ir-api.eqs.com js-eu1.hs-banner.com/24977394.js js-eu1.hs-scripts.com/24977394.js js-eu1.hscta.net js.hscta.net northern-data-assets.teamlewis.dev northerndata.de platform.linkedin.com player.vimeo.com px.ads.linkedin.com snap.licdn.com static.ads-twitter.com static.hsappstatic.net; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@splidejs/ cdn.jsdelivr.net/npm/basiclightbox@5.0.4/ https://cdn2.hubspot.net *.northerndata.de 24977394.fs1.hubspotusercontent-eu1.net ir-api.eqs.com static.hsappstatic.net *.gstatic.com northerndata.de; object-src 'none'; font-src 'self' data: https://24977394.fs1.hubspotusercontent-eu1.net fonts.gstatic.com unpkg.com; frame-src 'self' *.doubleclick.net challenges.cloudflare.com *.google.com *.googletagmanager.com *.recaptcha.net *.twitter.com forms-eu1.hsforms.com app.hubspot.com charts3.equitystory.com www.edisongroup.com play-eu1.hubspotvideo.com player.vimeo.com; worker-src 'none'; 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.supabase.co https://api.amapof.us https://ipapi.co https://api.maptiler.com https://fonts.amapof.us; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VMPoUxWVdk2l7VN3PII-SQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.googleapis.com *.hotjar.com *.fontawesome.com data: https://fonts.bunny.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com https://dpd.com.pl http://pudofinder.dpd.com.pl cdn.dnky.co *.hotjar.com *.trustpilot.com https://amc.demex.net landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com https://secure.przelewy24.pl https://tpay.com https://secure.tpay.com https://dpd.com.pl https://pudofinder.dpd.com.pl *.google.nl *.google.pl *.googleapis.com *.linkedin.com *.trustedshops.com https://static.paynow.pl https://static.sandbox.paynow.pl *.credit-agricole.pl *.leaselink.pl https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com maps.gstatic.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://rep.leaselink.pl https://secure.przelewy24.pl https://tpay.com https://secure.tpay.com https://dpd.com.pl https://pudofinder.dpd.com.pl *.googleapis.com *.googleadservices.com *.hotjar.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com https://region1.analytics.google.com *.trustpilot.com *.googleoptimize.com landofcoder.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://secure.przelewy24.pl https://secure.przelewy24.pl/skrypty/ecommerce_plugin.css.php https://tpay.com https://secure.tpay.com https://dpd.com.pl https://pudofinder.dpd.com.pl *.fontawesome.com *.mailchimp.com *.cloudflare.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com https://secure.przelewy24.pl https://tpay.com https://secure.tpay.com https://dpd.com.pl https://pudofinder.dpd.com.pl https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.pl *.leaselink.pl landofcoder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.tidio.co upstream.heidipay.com sbx-upstream.heidipay.io https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com ls.smct.io d2d7do8qaecbru.cloudfront.net ad4m.at ban.2trk.info td.doubleclick.net my.lcmark.net *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.arredodacasa.com recensioni-io-static-folder.s3.eu-central-1.amazonaws.com *.tidiochat.com *.cloudflare.com widget.feedaty.com www.facebook.com d3k81ch9hvuctc.cloudfront.net lantern.roeye.com as.ad4m.at track.adform.net cdn.iubenda.com www.google.it storage.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.development.scalapay.com *.staging.scalapay.com *.scalapay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudfront.net *.clarity.ms *.tidio.co *.adobedtm.com omnisnippet1.com *.trovaprezzi.it cdn.doofinder.com static.addtoany.com cdn.jsdelivr.net static.klaviyo.com widget.feedaty.com static-tracking.klaviyo.com www.dwin1.com cdn.iubenda.com connect.facebook.net lantern.roeyecdn.com cdn.preciso.net api.bounce-commerce.de assets.brandswap.com cdn.iintf.co widget.envolvetech.com smct.co www.upsellit.com assets.soreto.com awinscripts.tyviso.com js.smct.io cs.iubenda.com ad4m.at api.contester.net d16fk4ms6rqz1v.cloudfront.net api.recova.ai awin.etagdigital.com cdn.scalapay.com upstream.heidipay.com sbx-upstream.heidipay.io *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.jsdelivr.net widget.feedaty.com cdn.doofinder.com static.klaviyo.com cdn.iubenda.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidio.co fonts.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.google-analytics.com *.onlinereviews.tech *.google-analytics.com *.clarity.ms wss://socket.tidio.co *.tidio.co o511301.ingest.us.sentry.io *.soundestlink.com *.omnisendlink.com pagead2.googlesyndication.com region1.analytics.google.com widget.feedaty.com fast.a.klaviyo.com static-forms.klaviyo.com routes.soreto.com wss://eu1-layer.doofinder.com eu1-layer.doofinder.com api.bounce-commerce.de tagapi.brandswap.com analytics.helpmechoose.services api.recova.ai cognito-identity.eu-west-1.amazonaws.com *.iubenda.com envolve-chatbot-api-dot-envolvetech-001.nw.r.appspot.com firehose.eu-west-1.amazonaws.com bot-dot-envolvetech-001.appspot.com upstream.heidipay.com sbx-upstream.heidipay.io *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src googleads.g.doubleclick.net ban.2trk.info www.wepowerconnections.com my.lcmark.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ehJmS3KcX1pkirCmo2zdOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-jcCQen8KVszoCs0EkTWiKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.cloudflare.com *.twitter.com *.google-analytics.com *.google.it *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.iubenda.com *.klarnaservices.com *.klarna.com *.hotjar.com *.requeirejs.org *.googletagmanager.com *.facebook.com localhost:* *.motive.co *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google.it *.google.com *.cloudfront.net *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.motive.co *.multisafepay.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.trovaprezzi.it *.webgains.io *.doofinder.com *.jsdelivr.net *.assets.adobedtm.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.it *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.iubenda.com *.klarnaservices.com *.klarna.com *.hotjar.com *.requeirejs.org *.googletagmanager.com *.facebook.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.motive.co *.multisafepay.com https://pay.google.com *.sendcloud.sc tm.tradetracker.net tracking.trovaprezzi.it www.trovaprezzi.it *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com static-tracking.klaviyo.com *.trovaprezzi.it *.webgains.io *.doofinder.com *.jsdelivr.net *.assets.adobedtm.com *.iubenda.com *.feedaty.com https://fonts.googleapis.com https://static.klaviyo.com *.multisafepay.com *.sendcloud.sc *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.doofinder.com https://developer.adobe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.it *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.iubenda.com *.klarnaservices.com *.klarna.com *.hotjar.com *.requeirejs.org *.googletagmanager.com *.facebook.com *.feedaty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.motive.co *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://test.rebecca.it/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adobe.io s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com tagmanager.google.com https://www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.kaptcha.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.cloudflare.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.magento-datasolutions.com *.magento-ds.com https://www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com www.xtento.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; style-src www.vitadrogerie.ch *.adobe.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; connect-src translate.googleapis.com translate-pa.googleapis.com www.google.co.th www.google.fi www.google.com.ph www.google.com.mt www.google.co.il www.google.no www.google.co.uz www.google.tn www.google.com.cy www.google.co.nz www.google.co.id www.google.com.eg www.google.lk www.google.sk www.google.kz www.google.com.vn www.google.mg www.google.com.bh www.google.dk gb-api.web-vision.de www.google.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; font-src assets.tailwindapp.com cdn.scite.ai fonts.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googletagmanager.com infird.com connect.facebook.net translate.google.com sc-static.net payment.preprod.direct.worldline-solutions.com www.google.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com analytics.google.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com payment.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src encrypted-tbn2.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com google.com lh3.google.com www.google.com.om www.google.com.do www.vitadrogerie.ch www.google.com.mt www.google.com.eg www.google.com.tw www.google.co.id www.google.lt www.google.com.cy www.google.co.uz www.google.bi www.google.com.co www.google.com.ar lh3.googleusercontent.com www.google.com.et www.google.mn www.google.kz www.google.dz www.google.je www.google.com.gt h2tcbox.baidu.com www.google.mv www.google.me www.google.co.ls www.google.com.au www.google.az www.google.so www.google.co.cr www.google.com.pk www.google.cm www.google.com.gh www.google.com.bh www.google.ad www.google.com.ec www.google.ee www.google.li www.google.com www.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline';report-uri https://www.vitadrogerie.ch/de/fl32csp/report/; 1
font-src *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.google.rs googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.adobe.com *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json *.alothemes.com *.magepow.com *.trustedshops.com *.stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.adobe.com *.app.hubspot.com *.forms.hubspot.com/lead-flows-config/v1/config/json *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webpay3g.transbank.cl webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * app.hubspot.com/ vars.hotjar.com/ td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com https://cdn.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com https://s.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json *.disqus.com https://img.youtube.com *.alothemes.com *.magepow.com https://meetanshi.com/media/logo.png https://www.google.cl/ads/ga-audiences www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.taggrs.io cdn.optipic.io/site-100590/media/favicon/default/Favicon_PRECISION.png cdn.optipic.io/site-100590/media/logo/default/logo_nuevo_1.png cdn.optipic.io/site-100590/media/wysiwyg/home_banner_edit_1.png cdn.optipic.io/site-100590/media/wysiwyg/Motores_IEC_-_Stock_-_Banner_home_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/1BANNER_SERVICIOS_VACIA-min_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/2BANNER_E-HOUSESV4_VACIA-min_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/3BANNER_REDESV1_VACIA-min_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/1Angloamerican_web_escritorio-tablet.jpg cdn.optipic.io/site-100590/media/wysiwyg/Southern_1500x700.png cdn.optipic.io/site-100590/media/wysiwyg/Casos_de_xito_Southern_Banner_Mobile_3.jpg cdn.optipic.io/site-100590/media/wysiwyg/10petroamazonas_escritorio-tablet_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/ENAPNueva-Home.jpg cdn.optipic.io/site-100590/media/wysiwyg/PluspetrolNueva-Home_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/PerrosYGatos-SeAbrazan-home.jpg cdn.optipic.io/site-100590/media/wysiwyg/11qimpac_escritorio-tablet_2.jpg https://forms.hsforms.com/embed/v3/counters.gif https://px.ads.linkedin.com/collect p.adsymptotic.com/d/px/ track.hubspot.com/__ptq.gif forms.hsforms.com/embed/v3/counters.gif cdn.optipic.io/site-100590/media/wysiwyg/13buenaventura_web_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/Casos_de_xito_Tottus_Banner_home_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/9nestle_escritorio-tablet_1.jpg cdn.optipic.io/site-100590/media/wysiwyg/Usach_1500x700_1_min.jpg cdn.optipic.io/site-100590/media/wysiwyg/PuertoVentanas-Desktop_1-min.jpg cdn.optipic.io/site-100590/media/wysiwyg/Marsa-Desktop_2-min.jpg cdn.optipic.io mc-staging.precision.cl/media/wysiwyg/Modales-06.png mc-staging.precision.cl px.ads.linkedin.com px4.ads.linkedin.com www.google.cl perf-na1.hsforms.com gc.kes.v2.scr.kaspersky-labs.com p.adsymptotic.com track.hubspot.com forms.hsforms.com www.linkedin.com web.facebook.com https://web.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json *.disqus.com *.alothemes.com *.magepow.com https://connect.facebook.net/en_US/fbevents.js *.trustedshops.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.taggrs.io googleoptimize.com/optimize.js js.hs-scripts.com/8751744.js js.usemessages.com/conversations-embed.js js.hscollectedforms.net/collectedforms.js js.hs-analytics.net/analytics/1656967500000/8751744.js js.hs-banner.com/8751744.js js.hsleadflows.net/leadflows.js js.hsadspixel.net/fb.js static.hotjar.com/c/hotjar-2681784.js snap.licdn.com/li.lms-analytics/insight.min.js script.hotjar.com/modules.eaa59710f7e60ac1d235.js js-agent.newrelic.com/nr-1216.min.js bam.nr-data.net/1/7e4eef5471 js.hs-analytics.net/analytics/1656969000000/8751744.js googleoptimize.com js.hs-analytics.net/analytics/1656969600000/8751744.js js.hs-analytics.net/analytics/1656969900000/8751744.js https://www.googleoptimize.com/optimize.js js.hs-analytics.net/analytics/1656970200000/8751744.js https://js.hs-analytics.net/analytics/1656970500000/8751744.js https://js.hs-analytics.net  https://connect.facebook.net/signals/config/149163860367504 js.hubspotfeedback.com js.hs-banner.com snap.licdn.com js-agent.newrelic.com script.hotjar.com connect.facebook.net 'unsafe-inline' cta-service-cms2.hubspot.com api.hubapi.com forms.hscollectedforms.net px.ads.linkedin.com stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com bam.nr-data.net cdn.linkedin.oribi.io vc.hotjar.io js.hubspot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json *.alothemes.com *.magepow.com *.typekit.net *.trustedshops.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/json https://bam.nr-data.net/events/1/7e4eef5471 *.adobe.com *.app.hubspot.com *.track.hubspot.com/__ptq.gif *.f.hubspotusercontent10.net *.forms.hubspot.com/lead-flows-config/v1/config/json *.alothemes.com *.magepow.com https://stats.g.doubleclick.net/j/collect api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com in.hotjar.com/api/v2/client/sites/2681784/visit-data api.hubapi.com/hs-script-loader-public/v1/config/pixel/json forms.hubspot.com/lead-flows-config/v1/config/json ws40.hotjar.com/api/v2/client/ws ws40.hotjar.com/api/v2/sites/2681784/recordings/content ws40.hotjar.com wss://ws40.hotjar.com/api/v2/client/ws cdn.linkedin.oribi.io vc.hotjar.io bam.nr-data.net api.hubapi.com forms.hscollectedforms.net px.ads.linkedin.com cta-service-cms2.hubspot.com ws.hotjar.com content.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.precision.tech/cl; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: https://www.googletagmanager.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://firebasestorage.googleapis.com https://meetanshi.com/media/logo.png *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.avada.io *.shopify.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net/ checkout.airwallex.com imgs.signifyd.com checkout-demo.airwallex.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.airwallex.com h.online-metrix.net/ static-demo.airwallex.com static.airwallex.com cdn-scripts.signifyd.com bws-demo.airwallex.com bws.airwallex.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com checkout.airwallex.com h.online-metrix.net/ bws-demo.airwallex.com bws.airwallex.com api-demo.airwallex.com api.airwallex.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; child-src 'self' youtube.com; connect-src 'self' https://webpush.ii.nl/ region1.google-analytics.com www.caniemail.com; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' youtube.com; img-src 'self' data: *.ii.nl blob: www.google-analytics.com ssl.google-analytics.com googletagmanager.com www.afvalonline.nl afvalonline.nl www.afval-online.nl afval-online.nl; manifest-src 'self'; media-src 'none'; object-src 'none'; report-uri /csp-report; script-src 'self' www.google-analytics.com ssl.google-analytics.com  'sha256-cz6Kd1SDikvh4s18AxjQbsXiPyTdb4GaR1GvyEtd8qY='; style-src 'unsafe-inline' 'self' 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.hotjar.com *.typekit.net cdn.curator.io static.klaviyo.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com * scontent.fzty3-2.fna.fbcdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.multisafepay.com *.amazonaws.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chimpstatic.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.list-manage.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com *.googleadservices.com *.cookiefirst.com www.datadoghq-browser-agent.com bat.bing.com *.tidio.co *.tidiochat.com *.iubenda.com js-agent.newrelic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.multisafepay.com https://pay.google.com *.sendcloud.sc *.googletagmanager.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.typeform.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net *.googleapis.com *.curator.io *.cookiefirst.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.multisafepay.com *.sendcloud.sc *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com curatorio.s3.amazonaws.com curator-assets.b-cdn.net video-lga3-2.cdninstagram.com video-iad3-1.xx.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com gtm-mm85h6s-nzi2m.uc.r.appspot.com www.google-analytics.com www.google.com maps.googleapis.com *.livechatinc.com www.paypalobjects.com dev.visualwebsiteoptimizer.com www.googletagmanager.com pagead2.googlesyndication.com googleadservices.com rum.ewings.cloud https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.multisafepay.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com www.apptrian.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com cdn.mouseflow.com o2.mouseflow.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com *.klarna.com *.klarnacdn.net *.klarnaservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com www.apptrian.com cdn.mouseflow.com o2.mouseflow.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SvkDUlDD9YTFMbDhtg1Vgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src sdk.privacy-center.org spir.hit.gemius.pl cnc.daktela.com widget.packeta.com *.google.com *.smartlook.com *.smartsuppcdn.com *.smartsupp.com static.hotjar.com script.hotjar.com *.googletagmanager.com a.opmnstr.com *.google-analytics.com *.googleadservices.com *.smartsuppchat.com googleads.g.doubleclick.net connect.facebook.net 2.adform.net s2.adform.net track.adform.net im9.cz *.im9.cz c.imedia.cz ssl.heureka.cz www.heureka.cz cdn.heureka.group www.zbozi.cz c.seznam.cz 1gr.cz sgtm.signals.cz cdn.cpex.cz *.mapy.cz www.ppl.cz 'self' 'unsafe-inline' 'unsafe-eval';script-src-elem sdk.privacy-center.org spir.hit.gemius.pl cnc.daktela.com widget.packeta.com *.google.com *.smartlook.com *.smartsuppcdn.com *.smartsupp.com static.hotjar.com script.hotjar.com *.googletagmanager.com a.opmnstr.com *.google-analytics.com *.googleadservices.com *.smartsuppchat.com googleads.g.doubleclick.net connect.facebook.net 2.adform.net s2.adform.net track.adform.net im9.cz *.im9.cz c.imedia.cz ssl.heureka.cz www.heureka.cz cdn.heureka.group www.zbozi.cz c.seznam.cz 1gr.cz sgtm.signals.cz cdn.cpex.cz *.mapy.cz www.ppl.cz 'self' 'unsafe-inline' 'unsafe-eval';style-src tagmanager.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.smartsuppcdn.com translate.googleapis.com fonts.googleapis.com www.ppl.cz api.mapy.cz 'self' 'unsafe-inline';style-src-elem tagmanager.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.smartsuppcdn.com translate.googleapis.com fonts.googleapis.com www.ppl.cz api.mapy.cz 'self' 'unsafe-inline';report-uri /csp 1
object-src 'none';base-uri 'self';script-src 'nonce-MSWrL8l7rxTxOORtU-aMow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src   * 'self' data: blob: 'unsafe-inline' 'unsafe-eval';         script-src      'self'       blob: 'unsafe-inline' 'unsafe-eval'                         https://*.deutschepost.de/ https://*.dhl.de/                         https://*.braintreegateway.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://pay.google.com/                         https://*.cardinalcommerce.com/                         https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://deutschepost.peerius.episerver.net/ https://uat.peerius.com/                         https://assets.adobedtm.com/ https://dpm.demdex.net/  https://deutschepostag1.d3.sc.omtrdc.net/                         https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://fonts.googleapis.com/;         script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'                         https://*.deutschepost.de/ https://*.dhl.de/                         https://*.braintreegateway.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://pay.google.com/                         https://*.cardinalcommerce.com/                         https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://deutschepost.peerius.episerver.net/ https://uat.peerius.com/                         https://assets.adobedtm.com/ https://dpm.demdex.net/ https://deutschepostag1.d3.sc.omtrdc.net/                         https://google.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://fonts.googleapis.com/;         script-src-attr 'self' 'unsafe-inline' https://assets.adobedtm.com/ https://dpm.demdex.net/;         img-src         'self' data: blob: https:;         style-src       'self' 'unsafe-inline' data:                         https://*.deutschepost.de/ https://*.dhl.de/                         https://fonts.googleapis.com/                         https://*.deutschepost.de/ https://*.dhl.de/;         style-src-elem  'self' 'unsafe-inline' data:                         https://*.deutschepost.de/ https://*.dhl.de/                         https://assets.adobedtm.com/ https://dpm.demdex.net/ https://fonts.googleapis.com/;         style-src-attr  'self' 'unsafe-inline' data:                         https://*.deutschepost.de/ https://*.dhl.de/                         https://assets.adobedtm.com/ https://dpm.demdex.net/;         connect-src     'self' data:                         https://*.deutschepost.de/ https://*.dhl.de/                         https://*.braintreegateway.com/ https://*.braintree-api.com/ https://www.paypal.com/                         https://cdn.cookielaw.org https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-de.onetrust.com/                         https://assets.adobedtm.com/ https://deutschepost.peerius.episerver.net/ https://uat.peerius.com/                         https://dpm.demdex.net/ https://deutschepostag1.d3.sc.omtrdc.net/ https://dpcomepost.tt.omtrdc.net/;         object-src      'none';         form-action     'self' 'unsafe-inline' 'report-sample' https://*.deutschepost.de/                         https://*.evopayments.eu/ https://*.ebay.de/ https://*.cardinalcommerce.com/ https://3d-secure.pluscard.de/;         report-uri /ContentSecurityReporting?r=default 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sagepay.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.yotpo.com *.googleapis.com *.fontawesome.com 'self' data: *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: *.clarity.ms static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.yotpo.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.mdoq.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.yotpo.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com www.facebook.com *.clarity.ms 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk www.worldofpower.co.uk media.worldofpower.co.uk media.worldofbbqs.co.uk media.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk bat.bing.com *.clarity.ms c.bing.com media2.giphy.com www.facebook.com image.providesupport.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.trustpilot.com *.lpsnmedia.net bat.bing.com world11215.pcapredict.com www.googlecommerce.com connect.facebook.net image.providesupport.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.yotpo.com *.googleapis.com *.fontawesome.com assets.braintreegateway.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com *.ideal-postcodes.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.cloudflare.com stats.g.doubleclick.net *.clarity.ms www.facebook.com static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static-forms.klaviyo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * tst.kaptcha.com ssl.kaptcha.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com guarantee-cdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tst.kaptcha.com ssl.kaptcha.com *.cloudflare.com guarantee-cdn.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.ebaystatic.com *.ebaystatic.cn *.gstatic.com *.fontawesome.com blob: *.googleapis.com; connect-src 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn data: *.google-analytics.com *.doubleclick.net *.avalon.perfdrive.com *.ebayimg.com *.ucweb.com *.akamaihd.net *.ucads.ucweb.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.pinterest.com *.snapchat.com *.criteo.com *.facebook.com *.googleapis.com *.googleadservices.com blob: analytics.google.com *.us.shoplive.cloud www.facebook.com *.bing.com www.googletagmanager.com google.com *.google.com *.graphitevault.com *.amplitude.com wss://127.0.0.1:* www.redditstatic.com *.reddit.com *.quantummetric.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* blob: data:; frame-ancestors 'self' *.ebay.com *.ebaystatic.com *.ebaystatic.cn; img-src 'self' data: blob: https://*; default-src 'self' blob: data: wss: mediastream: https://*;  report-uri https://monitor.ebay.com/csp-report/discoveryplatformweb/HomePage?id=2939504940913871808&rid=t6gludlscuzujfwciunrce00%3C%3Dgludlscuzujfwciunrce00%2B04a%3F17c11%60(rbpv50.u4mkk-19cf95256b3-0x2606#pd 1
object-src 'none';base-uri 'self';script-src 'nonce-m4KOH2RCrDIMUFNda7uGuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net https://payment-stage.ecpay.com.tw/ https://payment.ecpay.com.tw/ 'self' 'unsafe-inline'; frame-ancestors *.tappaysdk.com google.com *.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.tappaysdk.com google.com *.google.com *.facebook.com *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://live-chat-console.no8.io https://*.useinsider.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.tappaysdk.com google.com *.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.zdassets.com *.facebook.net *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://live-chat-console.no8.io https://js-agent.newrelic.com https://bam.nr-data.net https://*.useinsider.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tappaysdk.com google.com *.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com https://live-chat-console.no8.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.tappaysdk.com google.com *.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.tappaysdk.com google.com *.google.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com *.google.com.tw *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://api-next.no8.io https://js-agent.newrelic.com https://bam.nr-data.net https://*.useinsider.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.no/api/csp-report; report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com 'self' data: https://widgets.trustedshops.com *.hsappstatic.net *.jsdelivr.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net js.mollie.com www.xtento.com caclk.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.maconline.de oponas.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.awinblackfriday.com *.doubleclick.net *.etrusted.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bf www.google.bg www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.kz www.google.li www.google.lt www.google.lu www.google.lv www.google.md www.google.mg www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.tn *.google.com *.googlesyndication.com *.maconline.de *.roeye.com *.trustedshops.com yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com cdn.kiprotect.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com *.doubleclick.net *.etrusted.com *.googlesyndication.com *.jsdelivr.net *.kiprotect.com *.maconline.de *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com *.etrusted.com *.googletagmanager.com *.hsappstatic.net *.jsdelivr.net *.kiprotect.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src 'self' 'unsafe-inline'; media-src *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.wepowerconnections.com https://the.sciencebehindecommerce.com widget.freshworks.com m2epro.freshdesk.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com *.awinblackfriday.com *.doubleclick.net www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.in www.google.co.jp www.google.co.ma www.google.com.ar www.google.com.br www.google.com.cy www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.mt www.google.com.mx www.google.com.ng www.google.com.pe www.google.com.pk www.google.com.sa www.google.com.tr www.google.com.ua www.google.com.vn www.google.co.uk www.google.co.uz www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.it www.google.kz www.google.lu www.google.lv www.google.md www.google.mu www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn *.googlesyndication.com *.maconline.de 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://6789b68f-1d66-4713-b07a-512bc59f2728.sansec.watch/; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com *.tiktok.com https://www.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.facebook.com/ *.youtube-nocookie.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://*.hotjar.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net https://*.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.tiktok.com https://*.google.be https://*.facebook.com/ https://www.facebook.com/tr/ *.google.com *.google-analytics.com *.analytics.google.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://devdocs.magento.com https://magento.com https://*.google.be https://*.g.doubleclick.net/ http://*.googletagmanager.com/ https://www.facebook.com/ https://connect.facebook.net/ https://tawk.to *.google.com *.analytics.google.com https://maps.googleapis.com https://player.vimeo.com *.avada.io maps.googleapis.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://*.tawk.to *.cookiehub.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.tiktok.com https://devdocs.magento.com https://tawk.to https://*.g.doubleclick.net/ https://*.hotjar.com/ *.google.com *.analytics.google.com *.g.doubleclick.net https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk *.reviews.io pingdom.com widget.reviews.co.uk http://*.pingdom.com https://*.pingdom.com https://widget.reviews.co.uk/ https://gbwatchshop.com https://*.gbwatchshop.com http://gbwatchshop.com http://*.gbwatchshop.com localhost:* 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com https://vars.hotjar.com/ https://widget.reviews.co.uk/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com http://gbwatch.weboven.online/* https://gbwatchshop.com https://gbwatchshop.com/* *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://plumrocket.com https://cache.addthiscdn.com/ *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com widget.freshworks.com m2epro.freshdesk.com https://widget.reviews.co.uk/rich-snippet-reviews-widgets/dist.js https://static.hotjar.com/c/hotjar-1268630.js https://script.hotjar.com/modules.ea0a6d6a741d5de8308e.js https://script.hotjar.com/* js.braintreegateway.com assets.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.paypal.com *.tawk.to cdn.jsdelivr.net client-analytics.sandbox.braintreegateway.com api.braintreegateway.com c.paypal.com pay.google.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.klarnacdn.net https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com https://fonts.googleapis.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com widget.freshworks.com m2epro.freshdesk.com https://api.reviews.co.uk/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://api.reviews.co.uk/* *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-6hB_Tg5IRR97G9K328CyJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.facebook.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es magefan.com cm.magefan.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self'; script-src 'report-sample' 'nonce-2488ad2d366d493ea21edf9186a43b0f' 'unsafe-inline' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; img-src 'self' *.public.atl-paas.net; font-src 'self' *.public.atl-paas.net; frame-ancestors 'none'; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/confluence-frontend; report-to csp-default-endpoint; object-src 'self' blob:; frame-src 'self' https: 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.google-analytics.com *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com data: fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.googletagmanager.com data: https://td.doubleclick.net https://fs25.formsite.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.simpli.fi *.ytimg.com data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.twimg.com *.simpli.fi *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://test.merchante-solutions.com https://api.sandbox.paytrace.com https://api.paytrace.com *.superiortire.com *.pardot.com https://googleads.g.doubleclick.net data: ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.simpli.fi *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com data: fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.google-analytics.com *.g.doubleclick.net *.facebook.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://test.merchante-solutions.com https://api.sandbox.paytrace.com https://api.paytrace.com data: https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-yxT5yxDtMgN3qeAMcGljgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oPOG_9DVh5YAQ1OT_NAFAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-48_0H2Thi_VTEcyU6kopuw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
object-src 'none';base-uri 'self';script-src 'nonce-wGOi2bJIQAYnHs__wtF0mQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-90Y9RH1Oc1zd5kalUZyY4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.youtube.com/ 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu axeptio.imgix.net https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com www.gstatic.com www.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.instagram.com *.static.axept.io *.axept.io *.googleapis.com *.avada.io *.shopify.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.instagram.com https://static.axept.io *.api.axept.io *.client.axept.io api.axept.io client.axept.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src activepager.com *.activepager.com *.mapbox.com 'unsafe-inline' 'unsafe-eval' data: blob: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com *.googleapis.com https://www.gstatic.com applepay.cdn-apple.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.payplug.com *.dalenys.com api-qa.payplug.com secure-qa.payplug.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.disqus.com https://images.unsplash.com https://*.afflelou.com https://p.sharinpix.com *.googlesyndication.com https://editor-assets.abtasty.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://flagcdn.com https://mafranchise.afflelou.com https://cms-mafranchise.afflelou.com https://mcstaging.afflelou.com https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.disqus.com https://maps.googleapis.com https://eu1-config.doofinder.com https://*.googlesyndication.com https://halc.iadvize.com https://static.iadvize.com https://iadvize.com https://static.livechat.iadvize.com https://api.iadvize.com https://try.abtasty.com https://msr.afflelou.com cdn.doofinder.com *.googleapis.com https://*.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com afflelou.containers.piwik.pro https://vto-advanced-integration-api.fittingbox.com/ https://dev.visualwebsiteoptimizer.com https://secure-magenta.dalenys.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com cdn.payplug.com https://cdn.payplug.com https://cdn-qa.payplug.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://try.abtasty.com https://cdn.fonts.net *.doofinder.com assets.braintreegateway.com https://secure-magenta.dalenys.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://cdn.plyr.io https://*.googlesyndication.com https://halc.iadvize.com https://api.iadvize.com https://collector.iadvize.com wss://*.iadvize.com https://*.abtasty.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.fonts.net *.doofinder.com wss://*.doofinder.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com afflelou.piwik.pro afflelou.containers.piwik.pro https://dev.visualwebsiteoptimizer.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://bohds.afflelou.be https://bohds.afflelou.com https://bohds.afflelou.es https://bohds.afflelou.ch https://bohds.afflelou.pt https://bohds.afflelou.ma 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.oct8ne.com https://static.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.oct8ne.com https://static.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.decidir.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.oct8ne.com https://static.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.oct8ne.com https://static.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com https://developers.decidir.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.oct8ne.com https://static.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://live.decidir.com https://developers.decidir.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'none'; frame-ancestors 'self' https://experience.adobe.com https://infopoint.audi.it; connect-src 'self' https: wss://e0k754.acquire.io; base-uri 'self'; font-src 'self' https: data:; worker-src 'self' blob:; report-uri https://www.audi.ma/api/csp-report; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-MsoU836-x2Fmv75hyfoMvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io www.google.com www.gstatic.com apis.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-ZZq6UpLq62WPNHgohFeTkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https://apj.org.pe https://*.apj.org.pe https://clinicapj.org.pe https://*.clinicapj.org.pe https://policlinicoperuanojapones.org https://*.policlinicoperuanojapones.org https://*.gstatic.com https://cdn.jsdelivr.net https://www.google.com https://recaptcha.google.com https://www.googletagmanager.com https://www.google-analytics.com https://app.notifai.pe https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://api.apj.org.pe https://connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://apj.org.pe https://*.apj.org.pe https://clinicapj.org.pe https://*.clinicapj.org.pe https://policlinicoperuanojapones.org https://*.policlinicoperuanojapones.org https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; img-src 'self' https://apj.org.pe http://www.apj.org.pe https://*.apj.org.pe https://clinicapj.org.pe https://*.clinicapj.org.pe https://policlinicoperuanojapones.org https://*.policlinicoperuanojapones.org https://*.googleapis.com https://images-na.ssl-images-amazon.com https://i1.ytimg.com https://www.googletagmanager.com; connect-src 'self' https://api.apj.org.pe https://*.apj.org.pe https://www.youtube.com https://player.vimeo.com https://maps.googleapis.com https://www.google.com https://*.googleapis.com https://www.google-analytics.com https://cdn.datatables.net https://app.notifai.pe https://api.ipify.org https://m.vnforapps.com https://h.online-metrix.net; frame-src 'self' https://www.google.com https://recaptcha.google.com https://www.youtube.com https://player.vimeo.com https://api.apj.org.pe https://maps.googleapis.com https://www.youtube-nocookie.com https://app.notifai.pe https://creators.spotify.com https://podcasters.spotify.com https://anchor.fm 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://www.facebook.com/tr/ *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://www.facebook.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cochin.com https://cdn.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.zdassets.com https://bam.nr-data.net https://js-agent.newrelic.com *.gstatic.com *.facebook.com https://maps.googleapis.com https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/util.js https://www.google.com/recaptcha/api2/webworker.js *.cochin.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com https://zendesk-eu.my.sentry.io *.zendesk.com wss://widget-mediator.zopim.com *.googleapis.com https://www.facebook.com https://bam.nr-data.net *.zdassets.com *.cochin.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://ccapi-stg.paymentez.com https://ccapi.paymentez.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://* *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://cdn.paymentez.com/ *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.paymentez.com/ccapi/sdk/payment_checkout_stable.min.css *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://ccapi-stg.paymentez.com https://ccapi.paymentez.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.bluz.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.leanpay.si https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.bluz.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.facebook.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.facebook.net https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bluz.com https://cdn.jsdelivr.net https://static.klaviyo.com cdn.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.bluz.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' *; 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cetelem.es www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cetelem.es js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cetelem.es api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-_0mOpAuOglzuh-kQ2he1cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com/ https://use.typekit.net cdn.sandro.com.vn cdn.maje.com.vn *.cloudfront.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://maps.google.com/ *.doubleclick.net *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.wesupply.xyz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://www.facebook.com http://openasia.izysync.com https://uk.maje.com *.maje.com.vn *.sandro.com.vn *.google.com *.google.com.vn maps.gstatic.com maps.googleapis.com *.cloudfront.net https://tamson-media.s3.ap-southeast-1.amazonaws.com https://forms.hsforms.com https://track.hubspot.com https://firebasestorage.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://cdnjs.cloudflare.com/ s7.addthis.com https://connect.facebook.net maps.googleapis.com cdn.sandro.com.vn cdn.maje.com.vn *.cardinalcommerce.com *.cloudfront.net *.tamsonfashion.com *.clarity.ms analytics.tiktok.com *.hotjar.com static.hotjar.com https://js.hs-scripts.com https://js.hscollectedforms.net https://forms.hsforms.com https://forms.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://track.hubspot.com https://ipinfo.io/json *.avada.io *.shopify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ cdn.sandro.com.vn cdn.maje.com.vn *.cloudfront.net fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://player.vimeo.com https://vod-progressive.akamaized.net https://tamson-static-media.s3.ap-southeast-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com ekr.zdassets.com/ maps.googleapis.com cdn.sandro.com.vn cdn.maje.com.vn *.cloudfront.net *.clarity.ms www.facebook.com https://forms.hscollectedforms.net https://ipinfo.io/json https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cdn.sandro.com.vn cdn.maje.com.vn 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; connect-src 'self' https://analytics.grtc.today https://api.grtc.today https://photon.komoot.io https://*.google-analytics.com https://www.googletagmanager.com https://translate.googleapis.com https://translate-pa.googleapis.com; default-src 'none'; font-src 'self'; form-action https://www.google.com; frame-ancestors 'none'; img-src 'self' data: https://*.basemaps.cartocdn.com https://*.google-analytics.com https://www.googletagmanager.com https://translate.google.com; object-src 'none'; script-src 'report-sample' 'self' https://analytics.grtc.today https://*.google-analytics.com https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline'; report-uri https://api.grtc.today/cspro; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es connect.xpayments.com *.xpayments.com *.twitter.com *.google.com *.addthis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com data: sealserver.trustwave.com widget.tochat.be yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.authorize.net *.cardinalcommerce.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' widget.tochat.be www.trustlogo.com chimpstatic.com sealserver.trustwave.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com services.tochat.be www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ny2xQDrQJlmWXQFzPEezCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https: *.ilhacompridabrasil.com *.google.com *.cloudflare.com *.mapbox.com *.googleapis.com *.cloudflare.com *.jqueryscript.net *.iporto.com.br *.brokercrm.com.br *.googlesyndication.com *.googletagmanager.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src 'self' https: *.googlesyndication.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data:; worker-src data: 'unsafe-eval' 'unsafe-inline' blob: 1
img-src https://swe70.sfdc-cehfhs.salesforce.com/icons/ slack-imgs-mil-dev.com https://stats.g.doubleclick.net https://www.ina.hr https://img.youtube.com https://*.doubleclick.net https://payments.salesforce.com/icons/ https://login.salesforce.com/icons/ https://*.googleapis.com http://sutaz.slovnaftmove.sk https://www.molmove.hu *.slack-edge-gov.com https://moluat-mol.cs173.force.com https://jatek.molmove.hu https://www.youtube.com *.cloudinary.com https://www.google.com https://cloud.mail.loyaltyteam.com https://bid.g.doubleclick.net https://mol.si https://core.iprom.net http://fra-col.eum-appdynamics.com https://vyhody.molmove.cz https://iprom.net https://*.google-analytics.com https://*.analytics.google.com molgogen2dev.b2clogin.com https://promofresh.molmove.ro https://www.paypal.com https://mol--c.documentforce.com slack-imgs-gov.com https://pwgapp.molmove.pl *.salesforce-experience.com https://sutaz.slovnaft.sk https://nagradnaigra.molmove.si https://image.mail.molmove.com slack-imgs-gov-dev.com *.slack-edge.com https://pwgapp.molmove.hu https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://*.loyaltyteam.com slack-mil-dev.com https://www.gstatic.com/recaptcha/ https://nagradnaigra.molmove.rs https://www.google.hu appdynamics.com https://*.googlesyndication.com https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://www.google-analytics.com https://inaloyaltynagradna.com *.salesforce.com https://www.google.co.uk https://*.adyen.com data: *.force.com 'self' https://www.facebook.com https://mol--c.visualforce.com https://www.juicy.hr https://www.gstatic.com https://mol.my.salesforce.com *.my-salesforce.com https://www.google.sk https://pwgapp.freshcorner.hr https://www.loteria.molmove.pl blob: https://soutez.molmove.cz https://*.googletagmanager.com cdn.appdynamics.com https://ade.googlesyndication.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com https://www.google.at *.twimg.com www.molserbia.rs https://www.googleadservices.com *.slack.com https://pwgapp.molmove.cz *.slack-imgs.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://*.gstatic.com https://googleads.g.doubleclick.net https://*.google.com https://*.adnxs.com https://connect.facebook.net molmove.pl https://slovnaft-nasa.esx.sk https://image.s50.sfmc-content.com https://molserbia.rs https://nagradna.freshcorner.hr https://i.vimeocdn.com https://*.mail.loyaltyteam.com https://mol.file.force.com slack-imgs.mil https://www.google.cz https://c.seznam.cz; report-to sfdc-csp-ep; report-uri https://mol.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D3X000002NQ3S&networkId=0DM3X000000kmFl&type=communities 1
default-src 'self'; font-src 'self' https: data: fonts.googleapis.com; img-src 'self' https: data: images.ctfassets.net; media-src 'self' https: data: videos.ctfassets.net; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'strict-dynamic' 'nonce-pAvfLilxURm6gwAhiyLqOw=='; script-src-elem 'self' https: 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.newrelic.com *.intercom.io *.googletagmanager.com *.cookiebot.com *.vimeo.com/* *.youtube.com; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: *.vimeo.com *.youtube.com *.kaltura.com *.googletagmanager.com; connect-src 'self' wss: *.intercom.io wss://nexus-websocket-a.intercom.io/* https://www.google-analytics.com https://www.google.com https://consentcdn.cookiebot.com https://www.consentcdn.cookiebot.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://membersuat.b2clogin.com https://iobmembers.b2clogin.com https://region1.analytics.google.com https://region1.google-analytics.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.facebook.com https://adservice.google.com https://connect.facebook.net https://www.google.ie *.pingdom.net *.clarity.ms *.nr-data.net *.newrelic.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=0c395212&env= 1
object-src 'none';base-uri 'self';script-src 'nonce-j1wNoOPrtymSPvTb8fK36Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' lojastemperare.com.br *.lojastemperare.com.br wake-components.fbitsstatic.net lojastemperare.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.enviou.com.br *.smarthint.co *.clearsale.com.br *.mlstatic.com *.mercadopago.com api.mercadopago.com *.paypalobjects.com paypalobjects.com *.paypal.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com gstatic.com *.koin.com.br *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.pagaleve.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io *.3dsecure.io *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.lojastemperare.com.br lojastemperare.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 1
font-src maxcdn.bootstrapcdn.com https://pro.fontawesome.com cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.googleapis.com *.gstatic.com fonts.googleapis.com https://fonts.bunny.net *.alothemes.com *.magepow.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com flagpedia.net https://www.facebook.com https://www.google.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.alothemes.com *.magepow.com https://www.google.com https://magento.com *.googlejs.com https://connect.facebook.net https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.adobe.com *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com https://static.klaviyo.com https://fonts.bunny.net *.alothemes.com *.magepow.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-JIabkpvVWRa0DmvvPtUpBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=24383&v=v1.0&payload=A0ffs9Bss2Vb-17Pvvs1ad3u69hwd0RO9J4K6Bh_6HFmuwRU0Q6IwByZyP_PLqGRxeIl9inltJ0dURPGlBoYm1XaBH5xeO-b6aMzy-VGE6NVALe5qRtwtsoiGY_gVMJ4LufWvpHg1yOV40J2zkf8forVnhSUhj33LEcr1vOk11I=; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.googleadservices.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://www.cognitoforms.com maps.google.com js.mollie.com *.net *.facebook.com 'self' 'unsafe-inline'; img-src data: widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.apptrian.com *.onetrust.com *.brightcove.com *.net *.elfsight.com *.elfsightcdn.com *.googleapis.com *.ggpht.com https://images.unsplash.com https://www.mollie.com www.google.com.vn *.facebook.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com *.onetrust.com *.brightcove.com *.net *.elfsight.com *.elfsightcdn.com script.crazyegg.com *.googleapis.com *.googleadservices.com unpkg.com unsafe-inline unsafe-eval wasm-eval https://maps.googleapis.com js.mollie.com ajax.cloudflare.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.gstatic.com *.googleapis.com *.googleadservices.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.apptrian.com *.onetrust.com *.brightcove.com *.net *.elfsight.com *.elfsightcdn.com script.crazyegg.com *.googleapis.com *.googleadservices.com data: blob: https://maps.googleapis.com https://player.vimeo.com *.crazyegg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: https: https://pbs.twimg.com;font-src 'self' https:;connect-src 'self' https: wss: https://mindoshare.ai https://mindoshare.up.railway.app https://verify.walletconnect.org https://relay.walletconnect.com https://walletconnect.com wss://relay.walletconnect.com;frame-src 'self' https://verify.walletconnect.org https://relay.walletconnect.com https://walletconnect.com;frame-ancestors 'none';object-src 'none';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' mycdsglobal.okta.com login.prod.cloud.mycdsglobal.com *.oktacdn.com; connect-src 'self' mycdsglobal.okta.com mycdsglobal-admin.okta.com login.prod.cloud.mycdsglobal.com *.oktacdn.com *.mixpanel.com *.mapbox.com mycdsglobal.kerberos.okta.com mycdsglobal.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' mycdsglobal.okta.com login.prod.cloud.mycdsglobal.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' mycdsglobal.okta.com login.prod.cloud.mycdsglobal.com *.oktacdn.com; frame-src 'self' mycdsglobal.okta.com mycdsglobal-admin.okta.com login.prod.cloud.mycdsglobal.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' mycdsglobal.okta.com login.prod.cloud.mycdsglobal.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' mycdsglobal.okta.com login.prod.cloud.mycdsglobal.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.myheritage.si https://www.myheritage.si  'unsafe-eval' 'nonce-f8386b629bcecb25ca14fe7132045469' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com https://www.google.com/ccm/collect https://cdn.builder.io https://www.google.com/recaptcha/enterprise/* https://www.google.com/recaptcha/enterprise/ https://www.google.com/recaptcha/enterprise/clr https://www.google.com/recaptcha/ *.myheritage.si;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self' https://builder.io;img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp: https://pay.instamed.com;script-src 'nonce-db20d8bd03cd452c948ef63af6aa9c4a' https://mychart.bilh.org 'self';img-src https://* 'self' blob: data:;connect-src 'self' epichttp:;style-src https://mychart.bilh.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action https://central.mychart.org/MyChart/ 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-fdA5Pcp-RcUTJUOcAgizLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce--0YPmKPPnPYTtRT5umYjFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-4gsw52R6R9CmndR9d3oOYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HMsUbfBQkTIISfVgFGy57A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-kksbo-ebDlnp-DY5jvjTgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=20531&v=v1.0&payload=k-WT4gQxz0zNXsTJWjuX4G0EN5fN9ikmkczjx3egmL56tMOusvEuFJ8O5Hxvkx_fTiQwDN0Z3nDmaYj53VKcpW8I-i_kbVDuCVJeEd2V42IIpV_-nXtQBWOmF9z5SFULaYCdYENMLPuRAbc2BAFj25NAMpnxobEwMKXRJ5dWcTSla7xoBUCoS-XlCxj_V7LijKISwT_Gm1K3U_1oDdqwmQ==; 1
default-src self https://imcruz-bolivia.s3.amazonaws.com/; img-src self https: *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://imcruz-bolivia.s3.amazonaws.com/; worker-src self blob: https://middleware.imcruzcenter.com.bo/api/v4; style-src self 'unsafe-inline' https://middleware.imcruzcenter.com.bo/api/v4 https://use.fontawesome.com/releases/v5.8.1/css/all.css https://imcruz-bolivia.s3.amazonaws.com/; font-src self https://use.fontawesome.com; script-src 'self' self 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.facebook.net http://tpc.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.renault.com.bo/custom/sesion.js https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js http://api.retargetly.com https://api.retargetly.com https://resources-rt.idx.lat/T2.min.js http://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://imcruz-bolivia.s3.amazonaws.com/; connect-src self https://middleware.imcruzcenter.com.bo/api/v4 https://middleware.imcruzcenter.com.bo/ *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net https://rt.idx.lat https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js *.sentry.io https://imcruz-bolivia.s3.amazonaws.com/; frame-src https://www.facebook.com/ http://www.facebook.com/ https://api.retargetly.com/ http://api.retargetly.com https://td.doubleclick.net/; form-action self; frame-ancestors self https://www.facebook.com/ http://www.facebook.com/; object-src 'none'; base-uri https://middleware.imcruzcenter.com.bo/api/v4 1
object-src 'none';base-uri 'self';script-src 'nonce-fOBvAyZch4UkndD2A_16Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://www.mollie.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com www.googletagmanager.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com js.mollie.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com maxcdn.bootstrapcdn.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co www.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com js.mollie.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com www.googletagmanager.com 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' SingularMedicamentos.com.br *.SingularMedicamentos.com.br wake-components.fbitsstatic.net singularmedicamentos.fbitsstatic.net *.wake.tech fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.singularmedicamentos.com.br *.ecommercegateway.com.br *.itau.com.br *.itau.com *.itaushopline.com.br *.itaushopline.com *.clearsale.com.br *.ebit.com.br imgs.ebit.com.br *.heatmap.it k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br h.online-metrix.net *.g.doubleclick.net googletagmanager.com *.rdstation.com.br rdstation.com.br *.google.com *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com teste.com.br checkout.singularmedicamentos.com.br pagar.me *.koin.com.br *.soclminer.com.br mundipagg.conector.gateway.fbits.net *.conector.gateway.fbits.net *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net googleadservices.com google-analytics.com *.uc.r.appspot.com ajax.googleapis.com *.googleapis.com *.jquery.com *.cloudflare.com *.cloudfront.net *.metaffiliation.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com rd.afftrack.pro rtgpix.com tags.fulllab.com.br ca.enviou.com.br js.cookieless-data.com event.getblue.io *.enviou.com.br *.cookieless-data.com cookieless-data.com *.sddan.com *.getblue.io *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com *.voxus.com.br targeting.voxus.com.br *.voxus.tv api.voxus.tv cdn.targeting.voxus.com.br targeting.voxus.tv *.fbits.store *.adyen.com *.pagar.me *.mundipagg.com *.getnet.com.br *.braintree-api.com *.braintreegateway.com *.pagseguro.com.br *.pagbank.com gstatic.com *.vindi.com.br *.cieloecommerce.cielo.com.br *.braspag.com.br *.pagador.com.br *.online-metrix.net bt-wake-connector.com.br *.brasilapi.com.br brasilapi.com.br *.pagaleve.com.br *.pagaleve.io wake-api.pagaleve.com.br securegtm.despegar.com api.ipify.org browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.datadoghq.com wake.koin.com.br paypal-wake.s3.us-east-1.amazonaws.com *.cardinalcommerce.com *.secureacs.com api.globalgetnet.com *.globalgetnet.com *.sandbox.3dsecure.io reviews-api.konfidency.com.br *.3dsecure.io *.clarity.ms *.konfidency.com.br *.fontawesome.com *.rd.services n8n.omni360agencia.com.br *.visa.com *.wake.tech *.appmax.com.br *.tunagateway.com analytics.tiktok.com adscool.net *.googletagmanager.com *.tiktokw.us cloudfront.net *.pagoexpress.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.SingularMedicamentos.com.br SingularMedicamentos.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho; worker-src 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-XjFtW6JyjWvxABRm-3nP6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://www.googletagmanager.com/gtm.js https://psafinance-es--devdigital.sandbox.my.salesforce.com 'unsafe-inline' 'self' https://payments.salesforce.com/ https://stats.g.doubleclick.net https://psafinance-es--devdigital.sandbox.my.site.com/ESWEstelaCorporativa1767025924987 https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://psafinance-es--devdigital.sandbox.preview.salesforce-experience.com https://d.la12s-core1.sfdc-urlt2q.salesforceliveagent.com https://halc.iadvize.com https://fonts.gstatic.com https://www.gstatic.com https://checkoutshopper-live.adyen.com/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://ressource.gdpr-banner.awsmpsa.com https://psafinance-es--devdigital.sandbox.my.salesforce-scrt.com https://halc.iadvize.com/iadvize.js wss://*.iadvize.com https://europe-west1-cookiebannergdpr.cloudfunctions.net https://psafinance-es--devdigital.sandbox.my.site.com https://psafinance-es--devdigital--c.sandbox.vf.force.com https://fonts.googleapis.com https://www.google.com https://pay.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://uip.canary.lwc.dev https://cobrowsing-ha.iadvize.com/projector/projector.min.js https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://api.gdpr-banner.awsmpsa.com blob: https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.googletagmanager.com import: https://www.google-analytics.com *.salesforce.com https://www.paypal.com/sdk/js 'report-sample' https://service.force.com/embeddedservice/ 'unsafe-eval' https://api2.gdpr-banner.awsmpsa.com; report-to sfdc-csp-ep; report-uri https://psafinance-es.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1t000000qE9T&networkId=0DMTn0000000nFG&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-qUVccXSDA6W0yfrJTLM2AQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.klarnacdn.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.klarna.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com js.mollie.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.disqus.com https://cdn.jsdelivr.net *.klarnaservices.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.shopify.com js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.klarnacdn.net *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-9bV2zB63l9Ay/8SIph8JFg==' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.jsdelivr.net https://cdn.chekin.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://retrack-kupona.kuponacdn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.holidu.com https://*.bookiply.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.sentry.io https://widget.trustpilot.com https://api.trustpilot.com https://cdn.chekin.com; frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.chekin.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; worker-src 'self' blob:; media-src 'self' https: 1
script-src 'self'; report-uri /csp-report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-uu39m4klSsxa_Wb1PXxeXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gpo8s3cC5ARGW16RgCik4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src cdn.usersnap.com api.usersnap.com cdn.procademy.nl cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.9.0/fullcalendar.min.js ws-eu.pusher.com/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://cdn.procademy.nl www.procademy-support.nl js.chatlio.com w.chatlio.com eu-assets.i.posthog.com https://www.youtube.com embed.released.so;font-src cdn.procademy.nl cdnjs.cloudflare.com 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com/bootstrap/3.0.0/fonts/ fonts.googleapis.com https://cdn.procademy.nl embed.released.so;style-src cdn.procademy.nl cdn.jsdelivr.net 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.procademy.nl w.chatlio.com embed.released.so https://cdn.jsdelivr.net;media-src vmbo-bwinet.nl www.vmbo-bwinet.nl editor.procademy.nl mediastream: 'self' blob: w.chatlio.com;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: editor.procademy.nl vimeo.com gcs-vimeo.akamaized.net;img-src https: data: blob:;child-src 'self' www.youtube.com;frame-src 'self' h5p.org/ drive.google.com docs.google.com www.youtube-nocookie.com www.youtube.com youtu.be www.youtube.be/ w.soundcloud.com www.slideshare.net/ player.vimeo.com https://www.procademy-support.nl;connect-src https: 'self' wss://ws-eu.pusher.com/ wss://ws.pusherapp.com/app/ bam.nr-data.net https://ecs.us1.twilio.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com;worker-src 'self' blob:;report-uri /api/v1/csp/report 1
font-src https://fonts.gstatic.com *.gstatic.com *.stape.io *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com https://ipgtest.monri.com/ https://ipg.monri.com/ https://formtest.wspay.biz/ https://form.wspay.biz/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://plumrocket.com *.google.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.stape.io js.mollie.com https://ipgtest.monri.com/ https://ipg.monri.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.doubleclick.net *.googletagmanager.com *.stape.io https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sslwidget.criteo.com https://dis.eu.criteo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net *.google.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.shopify.com js.mollie.com https://ipgtest.monri.com/ https://ipg.monri.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.criteo.net https://sslwidget.criteo.com https://dynamic.criteo.com https://measurement-api.criteo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://cdn.jsdelivr.net https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog *.stape.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://dis.eu.criteo.com https://widget.criteo.com https://sslwidget.criteo.com https://dynamic.criteo.com https://measurement-api.criteo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' data: https://cdn.woodwardmeats.com https://*.stripe.com https://google.ca https://*.google.ca https://google.com https://*.google.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://static.klaviyo.com; style-src-elem 'self' 'nonce-TMd2vdcNvLlsBkUrTgBzRg==' https://*.googleapis.com; frame-src https://checkout.stripe.com https://js.stripe.com https://*.js.stripe.com https://hooks.stripe.com https://google.com https://*.google.com https://www.googletagmanager.com https://td.doubleclick.net; upgrade-insecure-requests; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; style-src 'self' 'nonce-TMd2vdcNvLlsBkUrTgBzRg==' https://*.googleapis.com; script-src 'self' 'nonce-TMd2vdcNvLlsBkUrTgBzRg==' https://checkout.stripe.com https://js.stripe.com https://*.js.stripe.com https://www.google.com https://maps.googleapis.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://*.klaviyo.com; report-to csp-report; connect-src 'self' data: https://api.stripe.com https://checkout.stripe.com https://google.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.klaviyo.com; default-src 'none'; form-action 'self'; report-uri /csp-report/ 1
object-src 'none';base-uri 'self';script-src 'nonce-5jRft2uKouAwS-UBqaiwBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src * data:; img-src * data: blob:; connect-src * wss:; frame-src *; object-src 'none'; frame-ancestors *; report-uri /csp-report-endpoint.php 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com www.google.com.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net https://dashboard.webwinkelkeur.nl/sidebar.js https://dashboard.webwinkelkeur.nl https://cdn.jsdelivr.net https://embed.typeform.com assets.mollie.com load.keep.superfoodsonline.nl https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://embed.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com load.keep.superfoodsonline.nl https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-sBsHvfAEoWq9M7QKpOBpXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.klarna.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-G_t8eBGpaCMkyZm6ZIyheA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cdn.jsdelivr.net cdn.linearicons.com *.fontawesome.com https://fonts.bunny.net payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://www.societe-des-avis-garantis.fr https://www.googletagmanager.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.google.co.id www.facebook.com bat.bing.com https://firebasestorage.googleapis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.tailwindcss.com v2.zopim.com static.zdassets.com connect.facebook.net cdn.jsdelivr.net bat.bing.com bat.bing.net www.clarity.ms www.google.com pagead2.googlesyndication.com cdn.cookie-script.com *.avada.io *.shopify.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com www.gstatic.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net cdn.linearicons.com *.fontawesome.com https://fonts.bunny.net payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com ekr.zdassets.com bainsimport.zendesk.com wss://widget-mediator.zopim.com *.doubleclick.net bat.bing.com bat.bing.net h.clarity.ms e.clarity.ms cdn.cookie-script.com https://get.geojs.io *.avada.io payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com maps.googleapis.com https://validator.cookie-script.com https://pagead2.googlesyndication.com https://v.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=T2Z7v5qduS0kiIyYANHNAQzPiu7dfZMZJTKJJDxxjt8-1773710717.7232544-1.0.1.1-MywR9bpUE9ODKxR.dgXxBhNqa5xbEgRNBr277THcj9STxvY2c85Q0y1Cj1kaBUcnDMlzimRUZCbdA1OO9.WUjj7hAuA5NUbKFDgtFeDQ4PfiTH0RCxAROBWwggo0OICH0BfFv62GH7TjiaSE_aVHXr6TCz1WDmkGrv8z9wE8.GP3FxFy3XNp9htnzBR.P37WVLS7tLS9R35PJKJEyxGyLg; report-to cf-qeqrecxofzkvcrmd 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.googletagmanager.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://player.vimeo.com https://www.youtube.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com api.razorpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.cdninstagram.com *.fbcdn.net magefan.com cm.magefan.com https://firebasestorage.googleapis.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com 'unsafe-inline' *.addthis.com *.addthisedge.com *.moatads.com static.cloudflareinsights.com s7.addthis.com *.avada.io *.shopify.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: cdnjs.cloudflare.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com app.storyblok.com *.aqualisa.co.uk *.mldemo.co.uk *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.sharethis.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.digitalbridgehq.com *.fixtuur.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com *.trackedlink.net tools.luckyorange.com placehold.co cdn.storepoint.co icons.storepoint-icons.com storage.googleapis.com *.flippingbook.com *.storyblok.com *.cookiefirst.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com tools.luckyorange.com cdn.storepoint.co unpkg.com *.flippingbook.com d33i2vgywgme2s.cloudfront.net edge.marker.io consent.cookiefirst.com *.digitalbridgehq.com *.fixtuur.io *.storyblok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com tools.luckyorange.com api.mapbox.com cdn.storepoint.co cdnjs.cloudflare.com *.flippingbook.com *.cookiefirst.com *.storyblok.com assets.braintreegateway.com *.trustpilot.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.storyblok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk settings.luckyorange.com tools.luckyorange.com api-preview.luckyorange.com wss://realtime.luckyorange.com wss://in.visitors.live in.visitors.live stats-1.storepoint.co api.storepoint.co api.mapbox.com events.mapbox.com pubsub.googleapis.com *.flippingbook.com api.marker.io amazonaws.com *.cookiefirst.com *.digitalbridgehq.com *.fixtuur.io *.fixtuur.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.digitalbridgehq.com *.fixtuur.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'nonce--a13fad59385d9596102e24d5125179ce'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https: 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com maxcdn.bootstrapcdn.com *.finance-calculator.co.uk *.s3.eu-west-2.amazonaws.com *.dekopay.org *.deko-uat.com *.klevu.com *.ksearchnet.com *.fontawesome.com applepay.cdn-apple.com *.salesfire.co.uk *.klarnacdn.net https://media.flixcar.com https://media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.securetrading.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.deko-uat.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com *.rvvuptech.com *.rvvup.com *.afterpay.com *.clearpay.co.uk *.sandbox.paypal.com cdn.eu.trustpayments.com *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com thm.visa.com *.mastercard.com *.salesfire.co.uk *.trustpilot.com *.hotjar.com *.doubleclick.net *.facebook.com https://plausible.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://images.unsplash.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com s3.eu-west-1.amazonaws.com 'self' data: *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.afterpay.com assets.dev.rvvuptech.com assets.rvvup.com *.sandbox.paypal.com *.stats.paypal.com *.vims.visa.com *.secure.checkout.visa.com *.mastercard.com *.salesfire.co.uk *.facebook.com *.google.co.uk *.flix360.com *.bing.com https://media.flixcar.com https://register.feefo.com https://logo.flix360.io https://lantern.roeye.com *.feefo.com *.visualwebsiteoptimizer.com *.google.co.in *.reliant.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.reviews.io *.reviews.co.uk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com cc-cdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.blackhorseflexpay.co.uk/ js.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.afterpay.com *.sandbox.paypal.com checkout.dev.rvvuptech.com checkout.rvvup.com cdn.eu.trustpayments.com *.securetrading.net *.secure.checkout.visa.com *.cardinalcommerce.com *.mastercard.com applepay.cdn-apple.com *.salesfire.co.uk *.trustpilot.com *.jsdelivr.net *.facebook.net *.bing.com *.clickcease.com *.hotjar.com https://static.zdassets.com https://plausible.io https://media.flixfacts.com https://cdn.loadbee.com *.feefo.com  https://lantern.roeyecdn.com https://media.flixcar.com *.pinimg.com *.upsellit.com *.visualwebsiteoptimizer.com *.zdassets.com *.clarity.ms *.pinterest.com *.azureedge.net https://www.googleadservices.com/ *.brandswap.com *.flockr.co unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk assets.braintreegateway.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.klevu.com *.ksearchnet.com *.fontawesome.com checkout.dev.rvvuptech.com checkout.rvvup.com *.salesfire.co.uk *.typekit.net *.trustpilot.com *.jsdelivr.net *.googleapis.com *.feefo.com https://media.flixcar.com *.visualwebsiteoptimizer.com https://www.googletagmanager.com/ *.flockr.co https://statsjs.klevu.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.cloudfront.net *.reviews.io *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk cc-cdn.com *.finance-calculator.co.uk *.dekopay.com *.dekopay.org *.deko-uat.com *.blackhorseflexpay.co.uk *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.afterpay.com *.sandbox.paypal.com *.dev.rvvuptech.com *.rvvup.com www.apple.com apple.com browser-intake-datadoghq.com browser-intake-datadoghq.eu *.salesfire.co.uk *.smartmetrics.co.uk *.doubleclick.net *.facebook.com *.google-analytics.com *.hotjar.io 8.hotjar.com *.hotjar.com wss://wsp19.hotjar.com/api/v2/client/ws https://ekr.zdassets.com/ https://reliantdirect.zendesk.com/ wss://ws.hotjar.com/api/v2/client/ws *.googlesyndication.com https://plausible.io *.feefo.com https://media.flixcar.com https://collect.feefo.com  https://availability.loadbee.com *.pinterest.com *.visualwebsiteoptimizer.com *.zdassets.com *.facebook.net *.clarity.ms *.brandswap.com *.zendesk.com *.azureedge.net https://connect.facebook.net/ *.flockr.co lottie.host *.bing.com *.bing.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.irclass.org; font-src 'self' https://fonts.gstatic.com https://www.irclass.org; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com; frame-src 'self' https://www.youtube.com https://www.google.com; connect-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://staging-new.irclass.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-x3p9a3iikxQgHfFhvRrt3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UAfQk__kS7jyXL0C8iLTjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oIDG1Z3WrDD52TQ6aP4Xeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; connect-src https: wss://mc.yandex.ru; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'self'; block-all-mixed-content; connect-src mini-serve.prd.heyflow.com www.googletagmanager.com www.paypal.com region1.google-analytics.com; default-src 'self'; frame-ancestors 'self' https://viewer.rooom.com; frame-src www.youtube-nocookie.com www.paypal.com; img-src 'self' data: www.coffee-perfect.at www.coffee-perfect.de www.coffee-perfect.dk www.googletagmanager.com www.kununu.com; object-src 'none'; report-to csp-report; script-src 'self' https: www.coffee-perfect.at www.coffee-perfect.de www.coffee-perfect.dk hr.coffee-perfect.de assets.prd.heyflow.com static.dvinci-easy.com cdn.iridion.de t1.iridion.de www.googletagmanager.com www.paypal.com; style-src 'self' 'unsafe-inline'; style-src-elem static.dvinci-easy.com; upgrade-insecure-requests; report-uri https://www.coffee-perfect.de/_/csp-report 1
base-uri https://www.hop.fr; default-src 'self' https://www.hop.fr; script-src 'self' https://www.hop.fr/* 'unsafe-inline'; style-src 'self' https://www.hop.fr/* 'unsafe-inline'; font-src 'self' data: ; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.affirm.com *.affirm.ca *.authorize.net https://www.youtube.com https://s7.addthis.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com *.affirm.com *.affirm.ca store.paradoxlabs.com https://secure.trust-provider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com *.authorize.net https://seal.digicert.com https://www.googletagmanager.com https://www.google-analytics.com https://server2.countercentral.com https://s7.addthis.com *.addthis.com *.addthisedge.com https://z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com *.authorize.net https://www.google-analytics.com https://server2.countercentral.com *.addthis.com https://s7.addthis.com https://www.youtube.com *.addthisedge.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-MFLTJVT3jtKAVswIGMWGpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fkF8AzObrahviljKc9LclA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.steeple.com *.steeple.fr www.googletagmanager.com/gtag/js cdn.jsdelivr.net js-na1.hs-scripts.com js.hs-banner.com js.hs-scripts.com js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net js.usemessages.com js.hubspot.com px.ads.linkedin.com snap.licdn.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.steeple.com *.steeple.fr fonts.googleapis.com; img-src 'self' *.steeple.com *.steeple.fr steeple.com *.cloudfront.net px.ads.linkedin.com i.giphy.com perf-na1.hsforms.com/embed/v3/counters.gif track.hubspot.com *.google.fr *.google.com data:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' ws: *.steeple.com *.steeple.fr *.s3.eu-west-3.amazonaws.com api.honeybadger.io *.facebook.com region1.analytics.google.com *.google-analytics.com google.fr stats.g.doubleclick.net google.com api.hubapi.com cta-service-cms2.hubspot.com api.hubspot.com forms.hubspot.com px.ads.linkedin.com api.giphy.com https://browser-intake-datadoghq.eu; frame-src 'self' *.steeple.com *.steeple.fr pdfjs.steeple.fr; object-src 'none'; form-action 'self' internal.steeple.com; manifest-src 'self' *.steeple.com *.steeple.fr; media-src 'self' *.cloudfront.net files.steeple.fr; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub8c68f388104ea42a032532e46c91bf1d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=policy-type%3Areport-only%2Capplication%3Asteeple-core%2Cenv%3Aprd 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.google.com *.googletagmanager.com *.facebook.com *.tealium.com *.qualtrics.com *.quantcast.com *.bing.com *.braze.com *.impact.com *.skyscanner.com *.sizmek.com *.travelsupermarket.com *.tripadvisor.com *.snapchat.com *.amazon-adsystem.com *.raptor.com *.missionlabs.com *.ceros.com *.yahoo.com *.amobee.com *.trustpilot.com *.appsflyer.com *.pageworkers.com *.sky.com *.pinterest.com *.adform.net *.datadoghq.com *.tiktok.com *.rtbhouse.com *.coframe.io *.quantummetric.com *.ozone.com *.bils.com *.icelolly.com *.tui.com *.tui.co.uk; connect-src 'self' *.adobe.com *.google.com *.google-analytics.com *.facebook.com *.tealium.com *.qualtrics.com *.quantcast.com *.bing.com *.braze.com *.datadoghq.com *.amazon-adsystem.com *.snapchat.com *.tripadvisor.com *.pinterest.com *.tiktok.com *.coframe.io *.quantummetric.com *.tui.com *.tui.co.uk; img-src 'self' data: *.adobe.com *.google.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.fbcdn.net *.tealium.com *.qualtrics.com *.quantcast.com *.bing.com *.braze.com *.impact.com *.skyscanner.com *.sizmek.com *.travelsupermarket.com *.tripadvisor.com *.snapchat.com *.amazon-adsystem.com *.yahoo.com *.amobee.com *.trustpilot.com *.appsflyer.com *.sky.com *.pinterest.com *.adform.net *.tiktok.com *.rtbhouse.com *.ozone.com *.bils.com *.icelolly.com *.tui.com *.tui.co.uk; frame-src 'self' *.qualtrics.com *.missionlabs.com *.ceros.com *.trustpilot.com *.coframe.io *.tui.com *.tui.co.uk; font-src 'self' data: *.adobe.com *.google.com *.gstatic.com *.tui.com *.tui.co.uk; report-uri https://csp-reports.securitypractice.network/csp-report 1
report-uri csp-reporting-service.com; worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.certcapture.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com csp-reporting-service.com bam.eu01.nr-data.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.certcapture.com scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com csp-reporting-service.com js-agent.newrelic.com bam.eu01.nr-data.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sentry-cdn.com *.cloudflare.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.certcapture.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.certcapture.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net csp-reporting-service.com bam.eu01.nr-data.net thm.visa.com *.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.facebook.com https://firebasestorage.googleapis.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com s7.addthis.com *.googletagmanager.com *.facebook.net *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vsZCBWocnDSxBSReopE49Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' *.hotjar.com/api/v2/client/ws *.hotjar.io *.trengo.eu https://*.analytics.google.com https://*.chatservice.co/ https://*.cookiepro.com https://*.cookieyes.com https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googletagmanager.com https://*.livechatinc.com https://*.mapbox.com https://*.onetrust.com https://*.reddit.com https://*.redditstatic.com https://*.snapchat.com https://*.tiktok.com https://stats.g.doubleclick.net https://tcs-analytics-tracker.now.sh https://tcs-analytics-tracker.vercel.app https://vitastudent-develop.go-vip.net https://www.facebook.com/tr https://www.google.co.uk wss://ws.hotjar.com/api/v2/client/ws; default-src data: 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.cookiepro.com *.doubleclick.net *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.livechatinc.com *.snapchat.com *.tiktok.com *.vitastudent.com *.wp.com https://cht-srvc.net https://r1-t.trackedlink.net/_dmpt.js https://sc-static.net/scevent.min.js https://vita.students; frame-ancestors 'self' https://*.mapbox.com https://www.google.com https://www.youtube.com; img-src data: 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'wasm-unsafe-eval' *.cookiepro.com *.gravatar.com *.snapchat.com *.wp.com https://*.bing.com https://*.brandfolder.io https://*.facebook.com https://*.reddit.com https://cdn-cookieyes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.trengo.eu *.vitastudent.com https://*.chatservice.co https://*.hotjar.com https://*.livechatinc.com https://*.snapchat.com https://*.wp.com https://analytics.tiktok.com https://api.mapbox.com/* https://cdn-ukwest.onetrust.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://dist.chatservice.co/latest/customerService.js https://googleads.g.doubleclick.net https://js.chatservice.co/v0/switch.js https://r1-t.trackedlink.net https://s0.wp.com https://sc-static.net https://ssl.google-analytics.com https://static.ads-twitter.com https://static.srcspot.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vitastudent.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' *.cookiepro.com *.doubleclick.net *.facebook.net *.google.com *.googletagmanager.com *.livechatinc.com *.snapchat.com *.tiktok.com *.trackedlink.net *.wp.com https://*.bing.com https://*.redditstatic.com https://cdn-cookieyes.com https://cht-srvc.net https://sc-static.net https://vita.students; worker-src blob: 'self' 'unsafe-inline' https://vitastudent.com https://www.vitastudent.com 1
script-src 'nonce-4mY+SlALSiRGKu+1PHmkAg==' 'self' cdn.orsted.com *.googletagmanager.com *.app.cookieinformation.com cdn.appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net;       style-src 'nonce-4mY+SlALSiRGKu+1PHmkAg==' 'self' cdn.orsted.com fonts.googleapis.com;       style-src-attr 'unsafe-inline' cdn.orsted.com;       img-src 'self' data: cdn.orsted.com *.azureedge.net *.youtube.com *.23video.com delivery.twentythree.com www.googletagmanager.com *.lfeeder.com *.linkedin.com *.doubleclick.net *.pardot.com;       media-src 'self' blob: cdn.orsted.com *.youtube.com *.23video.com delivery.twentythree.com;       font-src 'self' data: fonts.gstatic.com cdn.orsted.com;       frame-src *.app.cookieinformation.com *.youtube.com *.23video.com delivery.twentythree.com *.google.com *.google.nl *.googletagmanager.com *.doubleclick.net *.pardot.com;       connect-src *.app.cookieinformation.com *.euroland.com *.eum-appdynamics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleadservices.com *.crazyegg.com *.linkedin.com orsted.piwik.pro *.pardot.com;       worker-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-HXUTjJAm_OikEuKQ7gRkCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Wk5IPPG6HxPYUo9_L2qbFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://api-maps.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com https://cdn.callibri.ru https://cdn.idalite.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://storage.yandexcloud.net https://*.yandex.ru https://mc.yandex.ru https://www.googletagmanager.com data: blob:; connect-src 'self' https://sentry.idacloud.ru https://mc.yandex.ru https://storage.yandexcloud.net https://www.google-analytics.com; frame-src https://www.googletagmanager.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-Ey9I-g4n2tsteronJaLRwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://platform.twitter.com https://code.jquery.com https://stackpath.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: https://cdn.jsdelivr.net https://*.googleadservices.com https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.eurocris.org; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.twitter.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-FN32QEDdGHIxDKL6h-rhsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-0gx0_klZI10U65u_6emlZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data: https:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
object-src 'none';base-uri 'self';script-src 'nonce-cM3k4tb-L_5SEZM7e3mFwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-E_nYdYlKwWfas3oA0RJ2Ig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.awin1.com *.zenaps.com *.wepowerconnections.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.addthis.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; object-src 'none'; frame-src 'self' https://player.vimeo.com https://vimeo.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net www.raganandmassey.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.raganandmassey.com 'self' 'unsafe-inline'; frame-ancestors www.raganandmassey.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com www.raganandmassey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.googlesyndication.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com validate.fishpig.co.uk *.tapad.com *.paradoxlabs.com *.raganandmassey.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.raganandmassey.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google.com *.google.com.bd *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.pricespider.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.raganandmassey.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com downloads.mailchimp.com *.pricespider.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com www.raganandmassey.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.raganandmassey.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com www.raganandmassey.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.raganandmassey.com http: https: blob: 'self' 'unsafe-inline'; default-src www.raganandmassey.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://example.com/; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.justsellingapp.com *.justsellingapp.de *.justselling.de fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.ad-srv.net consentcdn.cookiebot.com *.cookiebot.eu td.doubleclick.net www.google.com www.googletagmanager.com *.smarketer.de *.bing.com *.awin1.com *.justsellingapp.com *.justsellingapp.de *.justselling.de js.mollie.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com validate.fishpig.co.uk *.clarity.ms www.google.com google.com www.google.de imgsct.cookiebot.com *.justsellingapp.com www.bettwaesche-mit-stil.de *.smarketer.de d3k81ch9hvuctc.cloudfront.net www.googletagmanager.com googleads.g.doubleclick.net *.googlesyndication.com *.google.com www.google.at www.google.ch www.google.co.in www.google.fr *.googleusercontent.com *.roeye.com *.linkbux.com *.justsellingapp.de *.justselling.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.googleapis.com *.gstatic.com *.ad-srv.net *.doubleclick.net *.googletagmanager.com *.cookiebot.com *.cookiebot.eu googleads.g.doubleclick.net consentcdn.cookiebot.com cloud.justsellingapp.com www.google.com www.gstatic.com googleadservices.com *.googlesyndication.com *.klaviyo.com *.smarketer.de *.clarity.ms *.dwin1.com *.roeyecdn.com nextleveldefend.com *.sciencebehindecommerce.com *.moebel.de *.linkbux.com *.justsellingapp.com *.justsellingapp.de *.justselling.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.mollie.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cloud.justsellingapp.com *.smarketer.de *.klaviyo.com *.gstatic.com *.linkbux.com *.justsellingapp.com *.justsellingapp.de *.justselling.de https://static.klaviyo.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.moebel.de nextleveldefend.com region1.google-analytics.com *.googlesyndication.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cloud.justsellingapp.com *.smarketer.de www.google.com google.com www.googleadservices.com *.google.com www.google.at www.google.co.in www.google.de www.google.fr *.doubleclick.net *.wepowerconnections.com *.sciencebehindecommerce.com *.linkbux.com *.justsellingapp.com *.justsellingapp.de *.justselling.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src googleads.g.doubleclick.net www.google.com *.smarketer.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eadb8e23-bf44-4e49-9db5-120caef8ef4d.sansec.watch/; report-to report-endpoint; 1
frame-ancestors 'self' www.accademiaitaliana.com; default-src 'self'; script-src 'self' style-src 'self' object-src 'none'; base-uri 'self'; connect-src 'self' frame-src 'self' img-src 'self' manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-2S2FadHpG3SwD1bYbN1ATA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7EPJgjRu_x4LXdRG-zmIRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.googlesyndication.com *.tiktok.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com https://images.unsplash.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://www.mollie.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.avada.io *.shopify.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com js.mollie.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.multisafepay.com assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://core.helloretail.com https://helloretailcdn.com https://maps.googleapis.com https://player.vimeo.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com *.twitter.com email.watchcollector.ch www.youtube.com t.sharethis.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com magefan.com cm.magefan.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net platform-cdn.sharethis.com l.sharethis.com bam.nr-data.net ct.pinterest.com www.facebook.com t.co www.google.de connect.facebook.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com maps.googleapis.com chart.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com email.watchcollector.ch r1.dotdigital-pages.com platform-api.sharethis.com buttons-config.sharethis.com js-agent.newrelic.com bam.nr-data.net t.sharethis.com maps.google.com s.pinimg.com static.ads-twitter.com connect.facebook.net analytics.tiktok.com ipinfo.io ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com maps.googleapis.com chart.googleapis.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com *.cloudflare.com *.twitter.com *.twimg.com l.sharethis.com bam.nr-data.net stats.g.doubleclick.net analytics.tiktok.com ct.pinterest.com region1.analytics.google.com region1.google-analytics.com gtm-p9fxwg8-mtjmm.uc.r.appspot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://emdev1.greenboardnow.com/csp-report/CspLog/; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.cloudfront.net data: *.typekit.net userlike-cdn-umm.b-cdn.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.net *.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.jsctool.com *.timify.com *.cookiebot.com *.pay1.de *.facebook.net *.facebook.com https://static.fittingbox.com vto-advanced.fittingbox.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net *.amazonaws.com widgets.trustedshops.com *.klarnacdn.net *.pay1.de *.facebook.com *.cookiebot.com www.google.de becker-floege.de mcstaging.becker-floege.de brilledirekt.de mcstaging.brilledirekt.de stream.brilledirekt.de cdn.pay1.de x.klarnacdn.net m.media-amazon.com https://cdn.doofinder.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.newrelic.com *.pay1.de *.ratepay.com *.cloudfront.net *.amazonaws.com userlike-cdn-umm.b-cdn.net *.nr-data.net *.timify.com chimpstatic.com widgets.trustedshops.com *.cookiebot.com connect.facebook.net static.hotjar.com script.hotjar.com pagead2.googlesyndication.com stream.brilledirekt.de www.clarity.ms extern.conversion.consulting *.fittingbox.com/api/v1/fitmix.js https://msrt-integration-api.fittingbox.com/index.js https://api.segment.io/v1/batch vto-advanced-integration-api.fittingbox.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.avada.io https://cdn.doofinder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.typekit.net *.fonts.net *.cookiebot.com *.googletagmanager.com d.ratepay.com d.payla.io dr.payla.io *.fontawesome.com maxcdn.bootstrapcdn.com https://cdn.doofinder.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.doubleclick.net *.ratepay.com *.nr-data.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com www.xtento.com *.etrusted.com *.trustbadge.com *.trustedshops.com *.cookiebot.com *.facebook.net *.facebook.com maps.googleapis.com pagead2.googlesyndication.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io metrics.hotjar.io u.clarity.ms product-api.fittingbox.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://get.geojs.io *.avada.io https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://us1-layer.doofinder.com wss://us1-layer.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com autocomplete2.postdirekt.de *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.facebook.net *.facebook.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.bootstrapcdn.com *.hotjar.com *.typekit.net cdn.curator.io static.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.google.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com *.sendcloud.sc *.jsdelivr.net *.addthis.com *.multisafepay.com https://pay.google.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com * scontent.fzty3-2.fna.fbcdn.net *.amazonaws.com flagpedia.net *.multisafepay.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com *.googleadservices.com *.cookiefirst.com www.datadoghq-browser-agent.com bat.bing.com *.tidio.co *.tidiochat.com *.iubenda.com js-agent.newrelic.com *.sendcloud.sc s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.multisafepay.com https://pay.google.com *.googletagmanager.com *.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.klaviyo.com unpkg.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.mailchimp.com https://cdn.jsdelivr.net *.googleapis.com *.curator.io *.cookiefirst.com *.sendcloud.sc *.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com *.multisafepay.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src curatorio.s3.amazonaws.com curator-assets.b-cdn.net video-lga3-2.cdninstagram.com video-iad3-1.xx.fbcdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com gtm-mm85h6s-nzi2m.uc.r.appspot.com www.google-analytics.com www.google.com *.livechatinc.com www.paypalobjects.com dev.visualwebsiteoptimizer.com www.googletagmanager.com pagead2.googlesyndication.com googleadservices.com rum.ewings.cloud *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com ekr.zdassets.com/ www.gstatic.com *.multisafepay.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://186ed954-a0d6-40d0-8ef3-48b115240562.sansec.watch/; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.youtube-nocookie.com js.mollie.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.disqus.com https://www.mollie.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.disqus.com js.mollie.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-cduJjZEHQolbT0_TtjijbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: *.magebig.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.disqus.com *.avada.io *.shopify.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com https://ipinfo.io *.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: maxcdn.bootstrapcdn.com fonts.gstatic.com widget.dixa.io a.omappapi.com static.klaviyo.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com ssl.ditonlinebetalingssystem.dk 'self' 'unsafe-inline'; frame-ancestors viewer.ipaper.io https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: online.adservicemedia.dk consentcdn.cookiebot.com consentcdn.cookiebot.eu adtr.io event-client.viabill.com vars.hotjar.com www.youtube.com www.google.com www.youtube-nocookie.com gum.criteo.com pricetag.viabill.com www.addwish.com display.ipaper.io simplicity.trustpilot.com googleads.g.doubleclick.net cdn.lightwidget.com http://event.getblue.io *.googletagmanager.com *.doubleclick.net/ magento-cloudflare.jetrails.com utt.impactcdn.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com self blob: online.adservicemedia.dk pushcrew.com cdn.pushcrew.com stats.g.doubleclick.net a.klaviyo.com dapi.videoly.co i.ytimg.com dis.criteo.com optin-monster.s3.amazonaws.com maps.googleapis.com maps.gstatic.com a.omappapi.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com fonts.gstatic.com *.google.com *.google.pl *.google.no *.google.se *.google.de *.google.co.uk *.google.com.ua d3k81ch9hvuctc.cloudfront.net d1pna5l3xsntoj.cloudfront.net *.ipaper.io *.taboola.com imgsct.cookiebot.com *.bing.com *.bing.net *.pricerunner.dk *.beautycos.dk *.orbitvu.co *.klarna.com img.sct.eu1.usercentrics.eu https://s.kelkoogroup.net https://cdn.clerk.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com flagpedia.net https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com unsafe-inline ipinfo.io invitejs.trustpilot.com secure.viabill.com a.opmnstr.com display.ipaper.io widget.dixa.io static.hotjar.com consent.cookiebot.com api.videoly.co cdn.pushcrew.com online.adservicemedia.dk script.hotjar.com pricetag.viabill.com adtr.io cdn.polyfill.io www.google.com www.google.pl www.gstatic.com static.criteo.net *.klaviyo.com cdn.ipaper.io sslwidget.criteo.com d1pna5l3xsntoj.cloudfront.net www.addwish.com ajax.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu cdnjs.cloudflare.com dapi.videoly.co ssl.ditonlinebetalingssystem.dk maps.googleapis.com cdn.adt376.net cdn.adt311.net tagmanager.google.com do.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no a.omappapi.com *.taboola.com s.kk-resources.com *.bing.com *.getblue.io cdn.lightwidget.com cdn.clerk.io ai.trk42.net *.videoly.co *.reepay.com *.cytelligence.io *.youtube.com *.orbitvu.co *.pingdom.net tag.heylink.com api.reaktion.com stapecdn.com files.userlink.ai cdn.mouseflow.com pagead2.googlesyndication.com *.clarity.ms static.cloudflareinsights.com https://s.kk-resources.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.googletagmanager.com *.facebook.net *.avada.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com unpkg.com https://www.beautycos.es https://consent.cookiebot.com https://cdn.mida.so 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.pushcrew.com static.klaviyo.com d1pna5l3xsntoj.cloudfront.net tagmanager.google.com cdn.ipaper.io *.omappapi.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com widget.dixa.io *.beautycos.dk api.packship.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com api.omappapi.com z.omappapi.com api.dixa.io wss://sockets.dixa.io stats.g.doubleclick.net fast.a.klaviyo.com sslwidget.criteo.com a.klaviyo.com display.ipaper.io in.hotjar.com vc.hotjar.io telemetrics.klaviyo.com *.beautycos.dk to.beautycos.de do.beautycos.co.uk id.beautycos.se pin.beautycos.no api.packship.eu invitejs.trustpilot.com www.addwish.com core.helloretail.com a.omappapi.com *.taboola.com *.klaviyo.com pagead2.googlesyndication.com *.algolia.io *.bing.com *.google.com *.doubleclick.net ai.trk42.net *.cookiebot.com *.pingdom.net heylinkapi.com bat.bing.net files.userlink.ai backend.userlink.ai files.blueai.dk beautycosaps.sjv.io *.clarity.ms consentcdn.cookiebot.eu api-us.mida.so https://s.kelkoogroup.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ utt.impactcdn.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com https://static.dhlecommerce.nl https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com https://seo.mageplaza.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.xtento.com *.twitter.com *.addthis.com *.klarna.com js.mollie.com js.stripe.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.google.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com www.xtento.com cdn.xtento.com *.cloudflare.com *.klarna.com *.googleadservices.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu magefan.com cm.magefan.com *.disqus.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.mollie.com public.montonio.com self: https://maps.omnivasiunta.lt *.facebook.com *.reddit.com *.ads-twitter.com t.co *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com maps.google.com maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.dhlecommerce.nl cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com www.xtento.com cdn.xtento.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io js.mollie.com public.montonio.com js.stripe.com https://unpkg.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.dhlecommerce.nl https://maps.googleapis.com https://fonts.googleapis.com *.doofinder.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://cdn.jsdelivr.net *.klarnacdn.net https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com maps.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com https://api-gw.dhlparcel.nl https://static.dhlecommerce.nl *.doofinder.com wss://*.doofinder.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.cloudflare.com *.twitter.com *.twimg.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io api.sandbox-card-payments.montonio.com api.card-payments.montonio.com https://geocode.arcgis.com *.stripe.com klarna.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' * data: img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com https://cdnjs.cloudflare.com; img-src https: * data:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' data: https: www.google-analytics.com connect.facebook.net https://cdnjs.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' wss://ws.beechat.hive-engine.com https://beechat.hive-engine.com https://history.hive-engine.com https://history.steem-engine.net https://api.hive-engine.com https://api.steem-engine.net https://scot-api.hive-engine.com https://scot-api.steem-engine.net https://steemitimages.com https://images.hive.blog securepubads.g.doubleclick.net https://api.steemit.com https://api.hive.blog api.blocktrades.us https://hivesigner.com https://pagead2.googlesyndication.com http://adservice.google.com https://www.google-analytics.com https://api.openhive.network https://ha.herpc.dtools.dev https://ha.smt-api.dtools.dev https://marketplace.tribaldex.com https://cdn.plyr.io https://api.coingecko.com https://hetestnet.dtools.dev https://smtscot.cryptoempirebot.com https://api.marketplace.tribaldex.com https://hcaptcha.com https://*.hcaptcha.com localhost:8080 https://onboard-api.tribaldex.com https://api.hive.blog https://api.deathwing.me https://rpc.ausbit.dev https://api.ha.deathwing.me; frame-src https://hcaptcha.com https://*.hcaptcha.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; report-uri /api/v1/csp-violation 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ma.edycja.pl *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://mapa.ecommerce.poczta-polska.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com secure.payu.com secure.snd.payu.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com ma.edycja.pl *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.easypack24.net *.inpost.pl *.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://ajax.googleapis.com/ajax/libs/webfont/1.5.10/webfont.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com *.wesupply.xyz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bird.eu *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://images.unsplash.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com *.googletagmanager.com *.avada.io *.nosto.com *.nos.to www.gstatic.com www.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com *.cloudflare.com *.google.com *.google.fr *.google.ie *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com v2.zopim.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com identity.bluebirdday.io accounts.google.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com www.youtube.com www.facebook.com v2.zopim.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com www.google.nl www.facebook.com widgets.trustedshops.com v2assets.zopim.com v2assets.zopim.io v2.zopim.com v2.zopim.io *.fs1.hubspotusercontent-na1.net maps.googleapis.com maps.gstatic.com perf-na1.hsforms.com ct.pinterest.com perf.hsforms.com track.hubspot.com no-cache.hubspot.com f.hubspotusercontent10.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com maps.googleapis.com widgets.trustedshops.com www.dwin1.com v2.zopim.com connect.facebook.net static.zdassets.com ekr.zdassets.com www.facebook.com checkout.buckaroo.nl js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspot.com s.pinimg.com js.hscta.net cta-service-cms2.hubspot.com ct.pinterest.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com checkout.buckaroo.nl maps.googleapis.com fonts.googleapis.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com v2.zopim.com stats.g.doubleclick.net region1.google-analytics.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com v2assets.zopim.io api.hubapi.com *.hubspot.com maps.googleapis.com *.googletagmanager.com js.hs-banner.com ct.pinterest.com ipinfo.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net www.eqwep.com *.fontawesome.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.klevu.com *.ksearchnet.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com js.stripe.com secure.livechatinc.com b.stripecdn.com newassets.hcaptcha.com m.stripe.network checkout.tabby.ai https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io https://images.unsplash.com www.eqwep.com www.facebook.com cdn-cookieyes.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.disqus.com *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://maps.googleapis.com www.eqwep.com js.klevu.com static.klaviyo.com static-tracking.klaviyo.com static.cloudflareinsights.com static.hotjar.com connect.facebook.net cdn.livechatinc.com script.hotjar.com cdn-cookieyes.com api.livechatinc.com js.stripe.com b.stripecdn.com applepay.cdn-apple.com hcaptcha.com m.stripe.network checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.disqus.com *.ksearchnet.com https://z.moatads.com https://cdn.jsdelivr.net *.avada.io *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com www.eqwep.com b.stripecdn.com *.fontawesome.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com https://cdn.jsdelivr.net *.stripe.network *.stripecdn.com *.amazon.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://maps.googleapis.com https://player.vimeo.com statsjs.klevu.com www.eqwep.com pagead2.googlesyndication.com cdn-cookieyes.com content.hotjar.io js.stripe.com a.klaviyo.com merchant-ui-api.stripe.com api.stripe.com api.hcaptcha.com m.stripe.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.eqwep.com pagead2.googlesyndication.com log.cookieyes.com ws.hotjar.com api.livechatinc.com *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br data: *.akamaized.net https://vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.tiktok.com *.pinterest.com *.pinimg.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.doubleclick.net *.googletagmanager.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.tiktok.com *.pinterest.com *.pinimg.com https://accounts.google.com https://www.facebook.com https://login.live.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://h.online-metrix.net *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.ytimg.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br data: *.akamaized.net https://vimeo.com *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.googleadservices.com *.google-analytics.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.googletagmanager.com *.facebook.net *.facebook.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com www.google.com.ua www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://unpkg.com *.disqus.com *.avada.io *.cristaisaquarius.com.br *.magento.local https://cristaisaquarius.com.br https://cristais.magento.local *.google.com.br *.google-analytics.com *.gstatic.com *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com *.pagseguro.com.br *.pagseguro.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com server.cristaisaquarius.com.br https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.googleapis.com *.doubleclick.net *.google.com *.google.com.br *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.google.com.br *.googleapis.com *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.mercadopago.com *.mercadolibre.com *.akamaized.net *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com *.pagseguro.com.br *.pagseguro.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com server.cristaisaquarius.com.br https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cristaisaquarius.com.br *.cristaisaquarius.local https://cristaisaquarius.com.br https://cristais.magento.local *.google.com *.google.com.br *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com *.criteo.com *.criteo.net https://d335luupugsy2.cloudfront.net *.rdstation.com.br *.akamaized.net https://vimeo.com *.vimeocdn.com *.adobetm.com *.tiktok.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uPguAvfH4dEL0lOtfQT3oA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://translate.googleapis.com; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub0f04d11e18a35974032f2067338a5e7d&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport-webauto%2Cenv%3Aprod; 1
default-src 'self'; script-src 'self' *.im-c.com *.scheer-imc.com *.scheer-group.com; style-src 'self' *.im-c.com *.scheer-imc.com *.scheer-group.com 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.hubspotusercontent30.net *.hsforms.com *.hubspot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net *.hs-banner.com https://js.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.hubspot.com *.hubapi.com *.hscollectedforms.net/ *.hs-banner.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: blob:  'self' http://www.itkruze.com http://*.www.itkruze.com:* https://www.itkruze.com https://*.www.itkruze.com:* https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.youtube.com http://*.youtube.com  https://*.doubleclick.net https://*.googletagmanager.com 'unsafe-inline'  'self' http://www.itkruze.com http://*.www.itkruze.com:* https://www.itkruze.com https://*.www.itkruze.com:* https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.youtube.com http://*.youtube.com  https://*.doubleclick.net https://*.googletagmanager.com 'unsafe-eval'  'self' http://www.itkruze.com http://*.www.itkruze.com:* https://www.itkruze.com https://*.www.itkruze.com:* https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.youtube.com http://*.youtube.com  https://*.doubleclick.net https://*.googletagmanager.com;report-uri https://www.itkruze.com/index-reporting.html?minimize=0; 1
default-src 'self'    prod.degreedcdn.com  lxp.usprod.degreedcdn.com fast.chmln-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:  prod.degreedcdn.com   lxp.usprod.degreedcdn.com   fast.trychameleon.com   cmp.osano.com   snap.licdn.com   bat.bing.com   googletagmanager.com   google-analytics.com   googleads.g.doubleclick.net   google.com   translate.google.com   tag.demandbase.com   js-na1.hs-scripts.com   js.hs-analytics.net   gstatic.com   d2c7xlmseob604.cloudfront.net  datadoghq-browser-agent.com   zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com   explore.degreed.com     blog.degreed.com   assets.adobedtm.com; style-src 'self' 'unsafe-inline' data:  prod.degreedcdn.com   lxp.usprod.degreedcdn.com   explore.degreed.com   blog.degreed.com   gstatic.com   cdn.jsdelivr.net; img-src * data: blob: about: https:; frame-src * blob: https:; font-src * data:; connect-src 'self'  https:  prod.degreedcdn.com   lxp.usprod.degreedcdn.com   api.company-target.com   stats.g.doubleclick.net   graphql.contentful.com   api.hubapi.com   forms.hubspot.com   analytics.degreed.com   fast.trychameleon.com   ld.degreed.com   rum.browser-intake-datadoghq.com   zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com   explore.degreed.com; base-uri 'self' about:   ld.degreed.com   zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com; manifest-src 'self'; media-src * data: blob:; worker-src 'self' blob:; object-src 'none'; report-uri https://csp.degreed.com/api/ReportCollector?type=mvc&env=production; 1
object-src 'none';base-uri 'self';script-src 'nonce-4xCDrV1MFZHm48jLo2LF7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cuIEnwo-NceIyOX1CVswhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6wfwehzLT7Xjg0lsSyM-GQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://progress.my.salesforce.com *.force.com https://vars.hotjar.com https://www.linkedin.com https://licensing.whatsupgold.com 'self' https://stats.g.doubleclick.net https://forms.chef.io https://brandfolder.com https://cdn.cookielaw.org https://www.gstatic.com https://progress.com https://testflex.cybersource.com https://www.google.com https://analytics.google.com https://fonts.gstatic.com/ https://flex.cybersource.com blob: https://www.google.bg https://chefdownload-commerical.chef.io https://usageanalytics.coveo.com https://ssl.gstatic.com https://packages.chef.io https://*.6sc.co https://progress--coveov2.vf.force.com https://dntcl.qualaroo.com https://pro.fontawesome.com https://a.omappapi.com https://fonts.gstatic.com https://api.insight.sitefinity.com https://cloudplatform.coveo.com https://img.en25.com https://turbo.qualaroo.com https://platform.cloud.coveo.com https://fonts.googleapis.com https://tagmanager.google.com https://geolocation.onetrust.com https://forms-acceptance.chef.co https://td.doubleclick.net https://www.google.co.in https://services.chef.io https://*.crazyegg.com https://in.hotjar.com https://assets.lusha.co https://progress--coveov2.na133.visual.force.com https://privacyportal.onetrust.com https://www.googletagmanager.com https://progress--test--livepreview.cs27.force.com https://www.google-analytics.com *.salesforce.com https://api.omappapi.com data:; report-to sfdc-csp-ep; report-uri https://progress.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D3000000007FS&networkId=0DM4Q0000004OdG&type=communities 1
default-src 'self';      base-uri 'self';      object-src 'none';      frame-ancestors 'self' https://www.forumretraite.ganpatrimoine.fr https://portail.eventvr.fr https://preprod-ashblue.eventvr.fr;      img-src 'self' data: https:;      font-src 'self' data: fonts.gstatic.com ka-p.fontawesome.com;      style-src 'self' 'unsafe-inline' https:;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;      frame-src 'self' ;      connect-src 'self' https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-IuOleBN88mVHxZ9ESR4ijQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.opayo.eu.elavon.com *.sagepay.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com google.co.uk/pagead https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://region1.google-analytics.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sagepay.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com *.zen.com *.zen-test.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com *.zen.com *.zen-test.com *.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.tawk.to tawk.link cdn.jsdelivr.net s3.amazonaws.com/ *.gstatic.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com zen.com *.zen.com zen-test.com *.zen-test.com *.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.bing.com https://static.addtoany.com https://widgets.pinterest.com https://api.tumblr.com https://graph.facebook.com *.cards.autopay.eu https://t.contentsquare.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.tawk.to cdn.jsdelivr.net *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com *.zen.com *.zen-test.com *.online-metrix.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com downloads.mailchimp.com *.fontawesome.com *.google.com *.gstatic.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.bing.com *.stripe.network *.stripecdn.com *.amazon.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.bing.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.tawk.to wss://*.tawk.to *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com *.zen.com *.zen-test.com *.online-metrix.net *.seondnsresolve.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.canadapost.ca https://sso.epost.ca *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com platform.twitter.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com webservices.purolator.com devwebservices.purolator.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io mageside.com *.canadapost.ca *.canadapost-postescanada.ca *.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.avada.io *.googleapis.com *.gstatic.com connect.facebook.net twitter.com platform.twitter.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io *.googleapis.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com webservices.purolator.com devwebservices.purolator.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: *.googleapis.com *.facebook.net *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.google.com maps.googleapis.com maps.gstatic.com https://firebasestorage.googleapis.com *.hsforms.net *.hsforms.com 'self' data: *.googleapis.com *.facebook.net *.facebook.com *.cloudflare.com *.twitter.com *.google.com *.google.lv *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sebgroup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.google.com maps.googleapis.com *.avada.io *.shopify.com *.hsforms.net *.hsforms.com *.gstatic.com *.googleapis.com *.facebook.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.facebook.net *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.google.lv *.twimg.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.clarity.ms *.plerdy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-6LPLLqzW1ncUvOjVEfGpsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' https://paradigmadigital.com 'unsafe-hashes' 'sha256-oJxkt7o/w9X831NFxSHSbT9PKaX1H0GIhJWdEPJS9SU=' 'sha256-1be+KixSTkDlpkDOyyq79p+VMHFtVSrMpxR77Rp80D4=' 'sha256-k+5SFHCxprwEHWmWpiLGo0mE5ZkE+pbO9rdlzuPEqc0=' 'sha256-mwGGf2rYBygnH+/Q3fdinqWDr1mhdXzR7h2plYX2uCY=' 'sha256-u4qjQXTTcyzwBz/t55f+4/UBDCJpdhZDRsd9zMH6iwE=' 'sha256-NBkj0yvZIk+WaYiboFZ+CLRwbWdYrijbVpbkFWOMG0s=' 'sha256-06BJssDXv2EvAkJKIBNubOAWV9Dr4ZOI9mrHoSI2qOo=' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'sha256-StsRWLRdDvXA6AkJTKI2xIbUhaNZI6BRH80PCvszO8M=' 'sha256-A2s6kzGjQuJ+xGga6s1fVSjVanDmj/gaw2uOLvQnE5E=' 'sha256-tc0je630fQAgSEqyqMRHvyCYuvJMAdHvpxTKY5ceZhQ=' 'sha256-WR5ny5t2eNqfvOTu7odwzJ4RjdGHeyPM9Y1sTHSOPaw=' 'sha256-+AujT7ID+eATMDSfcfSyAFl8N7gwzXigOQtXHttuPmU=' 'sha256-7acXYSp+PB3/jtlZQsxpRuwvwnHMcFn+Mf2Ia9/mROc=' 'sha256-NDSPD2FZwz28PO/lpSDg6oGkmPj8of2LhYq5B1Z8Sdo=' 'sha256-07xbJTJedM5FjeZKzV+Kc7Dj24sLIgqcP2HAc6kUqcw=' 'sha256-UObwXf6j6ExdTAjMvYdbJSU+zDjlJKmP9e3wugwFAvI=' 'sha256-7PMl21MQRqqhYRg30P76WZurLz8FSqW3BJhA0r/KRVs=' 'sha256-K5lIG8DcwuZ1B0oKl0S8oRhM2xqIPVUyC/KgkB9O+Wc=' 'sha256-XQn6eqKbve69i6cNpdiGKnYXSG/9kEBoYIFrZw2T+lA=' 'sha256-WQSd+paq7eNm1NK/jM//4OE5ay3loW5BfZMQfRR1gk8=' 'sha256-j9I1APcRdfj+N7NgDTlyTqZNGn6IaSpJAQmqhslgC1c=' 'sha256-fm1ZB3U31UUebGWi/IDv0iJDXqR/Vu5eDj91TFIr+kE=' 'sha256-KKIrF1NzMLkEr9OGPlVz1P+P0fhoHYL+s9HBS9x5JtQ=' 'sha256-2e29YYltZBRcX4BbKgSNUzlbAsUiuNrOQ7HWYEyD+sE=' 'sha256-nPL1Jl4FMlMwfNjHCsa3kzb5kt49B6z1ivcPW7FbnUI=' 'sha256-T7MGMVs5UnDNhtPT+QHIqlJx5uTlfXw1TQnNOkGzjg4=' 'sha256-GBu39V8J+MAqneDV3t3K/b7TwGBmm/zJYo/J1OkC1eM=' 'sha256-tWFkURe8447OMptIbLY9mLTDQIIwF5xUkSP1iK/WOAY=' 'sha256-PAu8NSf7tNMSZPuUZL98AJRjAEUfobOGj0pUMCbdmMY=' 'sha256-fS/BbjvTC3R2SV+wlH7XgDVeqcLAm5DofomlbvBiuaY=' 'sha256-O0u3PR5s5HfI/L2rwFAnpoUGJ3Ex+U+a5O46nrc5Jw8=' 'sha256-bE0ldVDOB5xOuPw8pPbQJLJMyelfAS6iC7dLUrTBS3A=' 'sha256-mtGflKYTwWvXdR6It45XSbJhaKFd4Ai5kdS5eV4+azw='; style 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce--Z4qMTOZYZSTNoiUA8YXDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-o3LPa55poiEmyujWgeOiqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://mas.astralweb.com.tw ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.omappapi.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.omappapi.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.omappapi.com/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.omappapi.com/ https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mcuSnqqDiVroEkEXF11aYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' http: https: https://headless.atlasusa.net  'nonce-22XLXLzOpnwgquNjLkk5sebuS2X1TogO1FtkpsQO7PJBI' *.nr-data.net *.googletagmanager.com *.esnbranding.com *.hotjar.com *.maze.co *.cdn-apple.com; style-src 'self' blob: https: 'unsafe-inline' https://headless.atlasusa.net *.cdn-apple.com *.facebook.net; connect-src 'self' wss: *.paypal.com *.googleapis.com *.adobedc.net *.ipstack.com *.zendesk.com *.zdassets.com *.demdex.net *.adobe.io *.bazaarvoice.com *.nr-data.net *.google-analytics.com api.smooch.io *.google.com google.com *.doubleclick.net *.cdn-apple.com *.esnbranding.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.omtrdc.net *.bing.com *.bing-int.com *.pinterest.com *.facebook.com www.facebook.com www.googleadservices.com metrics.arielbath.com; img-src data: http: https: *.esnbranding.com facebook.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com *.hotjar.com *.cdn-apple.com; frame-src sketchfab.com sketchfab-prod-media.s3.amazonaws.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.youtube-nocookie.com *.vimeo.com *.paypal.com *.googletagmanager.com *.doubleclick.net *.pinterest.com *.facebook.com *.cdn-apple.com metrics.arielbath.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; frame-src *; object-src 'none'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' ; connect-src * data: blob: 'unsafe-inline' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval' ; style-src-elem * 'unsafe-inline' ; base-uri https://www.monsieurpeinture.com/ ; frame-ancestors https://www.monsieurpeinture.com/ * 'self' data: blob: ; block-all-mixed-content ; report-uri https://hooks.zapier.com/hooks/catch/2178937/baa1zsb/ 1
object-src 'none';base-uri 'self';script-src 'nonce-AVviuThfVMHXPIgJeM2j2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bu8NPTjHYvhpuEQM96GQ5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com consentcdn.cookiebot.com consentcdn.cookiebot.eu www.facebook.com *.googletagmanager.com www.googletagmanager.com td.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com imgsct.cookiebot.com imgsct.cookiebot.eu *.hsforms.net *.hsforms.com 'self' data: www.facebook.com connect.facebook.net www.google.be *.googletagmanager.com ssl.gstatic.com www.gstatic.com cdn-cookieyes.com www.google.es cdn.connectif.cloud data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com consent.cookiebot.com consent.cookiebot.eu *.hsforms.net *.hsforms.com connect.facebook.net *.googletagmanager.com tagmanager.google.com cdn.connectif.cloud cdn-cookieyes.com static.cloudflareinsights.com pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu t.elasticsuite.io *.hsforms.net *.hsforms.com stats.g.doubleclick.net *.googletagmanager.com pagead2.googlesyndication.com eu5-api.connectif.cloud log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://facebook.com https://www.facebook.com https://business.facebook.com https://*.facebook.com; object-src 'none'; form-action 'self'; img-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; connect-src 'self' https: wss:; frame-src 'self' https: 1
default-src 'self' https://cdn.cookielaw.org; base-uri 'self'; script-src 'self' 'nonce-l7ilgrY42keeMns4nI1tMQ==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://stats.wp.com https://cdn.cookielaw.org https://rs.fullstory.com ; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'nonce-l7ilgrY42keeMns4nI1tMQ==' fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; frame-src https://*.googletagmanager.com 1
script-src cdn.cookielaw.org 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-ry3nhi9BY40fjp4Ejw4LLINF1bYD52lJiIoChadHTLI=' 'unsafe-eval' 'unsafe-inline';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=j3EkXw.RxZYeagEX_uXv2C9IIDraS31ku5W4nHRP0FU-1773709784-1.0.1.1-HkCXTcJPp9Ox8Mip6OP.BMVhbeJTJGA554YUNX7ez8uZ.H4rYvuwY0dKAmRhI971dMa.tPdaVbw5JWiTXXZ2DAGOb.8F3TTpJjpjTVNEY_WTbwJ6pgI4EOqFAV9lPnxNuQ_QmYulFMYvvWqjUgRQaeE16DqPoYrXQqsmjEdh1r8y2Hn8bN3wu59bHTGOu0d3; report-to cf-csp-endpoint 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.fls.doubleclick.net *.facebook.com *.googlesyndication.com *.awin1.com *.zenaps.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://images.unsplash.com flagpedia.net ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io maps.googleapis.com tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.wepowerconnections.com https://the.sciencebehindecommerce.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io https://www.paypal.com www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.iconify.design *.googleapis.com *.fontawesome.com cdnjs.cloudflare.com *.facebook.com *.twitter.com *.twimg.com *.trustedshops.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com *.cloudflare.com *.iconify.design *.googleapis.com *.gstatic.com *.fontawesome.com *.twitter.com www.googletagmanager.com www.paypalobjects.com *.facebook.com *.facebook.net connect.facebook.net www.facebook.com firebasestorage.googleapis.com www.sandbox.paypal.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.iconify.design *.googleapis.com *.gstatic.com *.fontawesome.com *.facebook.com *.youtube.com/ *.sharethis.com https://scontent-ams4-1.cdninstagram.com *.blob.core.windows.net/* *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com 'self' 'unsafe-inline'; img-src 'self' data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io healthy-america.com.co *.healthy-america.com.co *.cloudflare.com *.iconify.design *.googleapis.com *.fontawesome.com *.amazonaws.com seeklogo.com *.seeklogo.com www.facebook.com *.usercentrics.eu maps.googleapis.com maps.gstatic.com *.facebook.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com checkout.paypal.com c.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.twimg.com *.twitter.com www.google.com.co *.sharethis.com *.klarna.com *.googleadservices.com *.ytimg.com *.lightemporium.com *.google.com *.maps.gstatic.com https://clauem2.arrowtheme.com https://scontent.cdninstagram.com/ https://scontent-ams4-1.cdninstagram.com https://firebasestorage.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.cloudflare.com *.iconify.design *.googleapis.com *.gstatic.com *.fontawesome.com *.jsdelivr.net *.credinet.co player.vimeo.com *.facebook.com *.facebook.net connect.facebook.net www.facebook.com d335luupugsy2.cloudfront.net *.google-analytics.com www.paypal.com www.paypalobjects.com firebasestorage.googleapis.com www.sandbox.paypal.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.maps.googleapis.com *.trackedlink.net *.maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googleadservices.com https://connect.facebook.net *.sharethis.com https://scontent-ams4-1.cdninstagram.com *.blob.core.windows.net/* *.avada.io *.shopify.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.iconify.design *.googleapis.com *.gstatic.com *.fontawesome.com *.jsdelivr.net *.facebook.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.maps.gstatic.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.sharethis.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.iconify.design *.googleapis.com *.gstatic.com *.fontawesome.com *.credinet.co *.paypalobjects.com *.facebook.com *.facebook.net connect.facebook.net www.facebook.com firebasestorage.googleapis.com *.sandbox.paypal.com *.seeklogo.com *.twitter.com *.twimg.com *.googleadservices.com *.trackedlink.net *.ampproject.org *.google.co.in *.maps.gstatic.com *.maps.googleapis.com maps.googleapis.com *.sharethis.com https://scontent-ams4-1.cdninstagram.com *.sistecredito.com/* *.blob.core.windows.net/* https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' ; connect-src 'self' s3dynamodblambdacheckurl.labkey.org distributionmodules.labkey.org tclambdacheckurl.labkey.org tctos3lambdauploadurl.labkey.org lk-binaries.s3-us-west-2.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com localhost ; object-src 'none' ; style-src 'self' 'unsafe-inline'  ; img-src 'self' data: www.googletagmanager.com https://www.googletagmanager.com ; font-src 'self' data:  ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-b722dc0ae164ac3a'  ; base-uri 'self' ; frame-src 'self' www.youtube.com ; report-uri /admin-contentSecurityPolicyReport.api?cspVersion=r14 ; report-to csp-report ; 1
object-src 'none';base-uri 'self';script-src 'nonce-m6SLmn8HJpJLRNN4MFVtfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-hJmFHzkDNMJk9X18HXaweoPq9BTrb+n+x6orJ26+hYg=' 'strict-dynamic' 'wasm-unsafe-eval' www.youtube.com  az416426.vo.msecnd.net cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://connect.facebook.net/ https://munchkin.marketo.net/ static.hotjar.com script.hotjar.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';report-uri https://o4507537122852864.ingest.de.sentry.io/api/4507764299726928/security/?sentry_key=2e67b3fa9c193f38db8ea33933d09ffa&sentry_environment=production&sentry_release=sprint24; 1
font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.klevu.com *.fontawesome.com *.crisp.chat *.typekit.net https://client.crisp.chat *.ksearchnet.com maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.klevu.com *.fontawesome.com *.imagekit.io *.bing.com *.crisp.chat *.clarity.ms *.cloudfront.net store.paradoxlabs.com https://image.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klevu.com *.fontawesome.com *.rtrk.chukar.com *.bing.com *.crisp.chat *.clarity.ms *.recipal.com *.newrelic.com https://client.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com *.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.gstatic.com *.googleapis.com *.fontawesome.com *.crisp.chat *.typekit.net *.klaviyo.com https://client.crisp.chat https://static.klaviyo.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.klevu.com *.gstatic.com *.fontawesome.com *.crisp.chat wss://client.relay.crisp.chat *.clarity.ms *.nr-data.net *.stats.g.doubleclick.net *.doubleclick.net https://client.crisp.chat https://plugins.crisp.chat https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://68f5c4fa-6c17-48d5-a3ed-41390ac63269.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://accounts.google.com https://appleid.cdn-apple.com https://app-cdn.clickup.com https://www.googletagmanager.com https://connect.facebook.net https://analytics.tiktok.com https://snap.licdn.com https://px.ads.linkedin.com https://s.pinimg.com https://ct.pinterest.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.googleusercontent.com https://*.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://analytics.tiktok.com https://px.ads.linkedin.com https://ct.pinterest.com; font-src 'self'; connect-src 'self' https://api.stripe.com https://*.upstash.io https://accounts.google.com https://appleid.apple.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://analytics.tiktok.com https://px.ads.linkedin.com https://ct.pinterest.com; frame-src https://js.stripe.com https://hooks.stripe.com https://accounts.google.com https://appleid.apple.com https://forms.clickup.com https://www.googletagmanager.com https://www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https://accounts.google.com https://appleid.apple.com; frame-ancestors 'none' 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://pagesense-collect.zoho.com https://stats.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://connect.facebook.net https://m.facebook.com https://maps.google.com https://maps.googleapis.com https://mobile.facebook.com https://platform.twitter.com https://static.addtoany.com https://web.facebook.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://fonts.gstatic.com https://pagesense-collect.zoho.com https://*.fbcdn.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.gcis.gov.za https://www.google.com https://www.google.co.za https://www.googletagmanager.com https://www.gov.za https://www.gstatic.com https://www.publicsectormanager.gov.za https://www.sanews.gov.za https://www.vukuzenzele.gov.za https://*.openstreetmap.org https://*.ytimg.com https://www.google-analytics.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://cdn.pagesense.io https://connect.facebook.net https://maps.googleapis.com https://platform.twitter.com https://static.addtoany.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://platform.twitter.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.vukuzenzele.gov.za/system/reporting/default; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-fiUAu4cSgXc5JdN9sqPqJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--dVBPjbWtQ6ivXiCea7XSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; default-src 'self' https://www.nowilaymedowntosleep.org; script-src 'self'; style-src 'self'; img-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QTevflK0gsOaqfGykXpQ-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.eye-able.com https://unpkg.com https://www.googletagmanager.com https://elements.green-connector.com https://cdn.mercury.ai https://gc-migration-de.s3.eu-central-1.amazonaws.com https://app.usercentrics.eu https://maps.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.eye-able.com https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net/ https://cdn.mercury.ai; img-src 'self' data: https://cdn.eye-able.com https://maps.gstatic.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://www.googletagmanager.com https://maps.googleapis.com; font-src 'self' https://cdn.eye-able.com https://fast.fonts.net https://cdn.mercury.ai https://fonts.gstatic.com data:; connect-src 'self' https://cdn.eye-able.com https://api.usercentrics.eu https://maps.googleapis.com https://aggregator.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://cdn.mercury.ai https://rtc.mercury.ai https://region1.google-analytics.com; frame-src 'self' https://www.youtube-nocookie.com https://xn--strungsauskunft-9sb.de https://elements.green-connector.com https://oecher.stawag.de https://app.usercentrics.eu https://td.doubleclick.net https://www.googletagmanager.com https://stawag-stage.gjuce-eshops.com; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; form-action 'self'; report-uri https://www.stawag.de/_csp; report-to csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-oDzBxIaUDt-6vEtGS6PVDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6cQoa0PkJauxmu7KdpqKwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TNqpJHUbAuy3kKUWoDu7-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mNzmEgbjoOIqvBnbpSaiNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.googleapis.com https://*.tolkie.nl; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl https://*.tolkie.nl; script-src 'nonce-NWQ2NDhkZTgtZTQ4Yi00ZTM1LTk1MjAtNGZmM2YwYmVkMjM2' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com data: *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://www.mollie.com *.trustedshops.com *.instagram.com *.fbcdn.net https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.avada.io js.mollie.com *.trustedshops.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://*.ingest.sentry.io https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com https://get.geojs.io *.avada.io *.instagram.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-WFf19pjE2x6kx8hNwxECew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Ph9-51zM02kjJlQkFLt4Vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://client.crisp.chat *.stape.io maxcdn.bootstrapcdn.com https://b21edm10.cdn.imgeng.in/ https://eadn-wc02-14626356.nxedge.io/ https://maxcdn.bootstrapcdn.com/ https://guarantee-cdn.com/ https://www.buysafe.com/ https://staticw2.yotpo.com/ https://synerg.adp.com/ https://mrp.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.facebook.net 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.authorize.net https://*.authorize.net https://eadn-wc02-14626356.nxedge.io/ https://www.gstatic.com https://www.airehealth.com/ https://inspiration-inspiration-4440.my.site.com/ https://inspiration-inspiration-4440--c.vf.force.com/ https://*.inspiration-inspiration-4440.my.site.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.certcapture.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.authorize.net https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com guarantee-cdn.com https://mrp.io/ https://bid.g.doubleclick.net/ https://guarantee-cdn.com/ https://command.verkada.com/ https://synerg.adp.com/ https://dev.airehealth.com/ https://www.airehealth.com/ https://inspiration-inspiration-4440.my.site.com/ https://inspiration-inspiration-4440--c.vf.force.com https://*.inspiration-inspiration-4440.my.site.com *.weltpixel.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.certcapture.com https://image.crisp.chat *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com guarantee-cdn.com https://b21edm10.cdn.imgeng.in/ https://eadn-wc02-14626356.nxedge.io/ https://mrp.io/ https://www.google.com/ https://www.google.co.in/ https://seal-utah.bbb.org/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://analytics.tiktok.com/ https://track.hubspot.com/ https://c.clarity.ms/ https://c.bing.com/ https://creditkey-assets.s3-us-west-2.amazonaws.com/ https://client.crisp.chat/ *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com unpkg.com https://client.crisp.chat widget.freshworks.com m2epro.freshdesk.com https://includes.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/0a125400b09de2105a63/5.0a125400b09de2105a63.songbird.js https://includes.ccdc02.com/cardinalcruise/v1/b109e0c6fd2a5b6b93b2/1.b109e0c6fd2a5b6b93b2.songbird.js https://jstest.authorize.net/v1/Accept.js https://jstest.authorize.net/v1/AcceptCore.js https://js.authorize.net/v1/Accept.js https://js.authorize.net/v1/AcceptCore.js *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net *.cloudflare.com guarantee-cdn.com https://mrp.io/ https://guarantee-cdn.com/ https://www.buysafe.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://b21edm10.cdn.imgeng.in/ https://eadn-wc02-14626356.nxedge.io/ https://unpkg.com/ http://js-na1.hs-scripts.com/ http://bat.bing.com/ https://snap.licdn.com/ https://cdn.callrail.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.usemessages.com/ https://js.hsadspixel.net/ https://www.clarity.ms/ https://analytics.tiktok.com/ https://js.callrail.com/ https://maps.googleapis.com/ https://*.intercom.io/ https://js.intercomcdn.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://appsforoffice.microsoft.com/ https://ajax.aspnetcdn.com/ https://challenges.cloudflare.com/ https://vault.demo.pactsafe.io/ https://vault.pactsafe.io/ https://demo.pactsafe.io/ https://pactsafe.io/ https://workforcenow.adp.com/ https://command.verkada.com/ https://*.command.verkada.com/ https://vstream.command.verkada.com/ https://synerg.adp.com/ https://dev.airehealth.com/ https://www.airehealth.com/ https://info.mrp.io/ https://*.clarity.ms/ https://inspiration-inspiration-4440.my.site.com/ https://pi.pardot.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ https://client.crisp.chat/ ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.certcapture.com https://client.crisp.chat widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.stape.io maxcdn.bootstrapcdn.com https://b21edm10.cdn.imgeng.in/ https://eadn-wc02-14626356.nxedge.io/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://synerg.adp.com/ https://dev.airehealth.com/ https://www.airehealth.com/ https://inspiration-inspiration-4440.my.site.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.certcapture.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat widget.freshworks.com m2epro.freshdesk.com https://apitest.authorize.net/xml/v1/request.api https://api.authorize.net/xml/v1/request.api https://includes.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/songbird.js https://includestest.ccdc02.com/cardinalcruise/v1/0a125400b09de2105a63/5.0a125400b09de2105a63.songbird.js https://includes.ccdc02.com/cardinalcruise/v1/b109e0c6fd2a5b6b93b2/1.b109e0c6fd2a5b6b93b2.songbird.js https://jstest.authorize.net/v1/Accept.js https://jstest.authorize.net/v1/AcceptCore.js https://js.authorize.net/v1/Accept.js https://js.authorize.net/v1/AcceptCore.js *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net https://mrp.io/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://bam.nr-data.net/ https://cdn.callrail.com/ https://analytics.tiktok.com/ https://api.hubspot.com/ https://api.hubapi.com/ https://v.clarity.ms/ https://px.ads.linkedin.com/ https://js.callrail.com/ https://workforcenow.adp.com/ https://command.verkada.com/ https://*.command.verkada.com/ https://vstream.command.verkada.com/ https://synerg.adp.com/ https://dev.airehealth.com/ https://www.airehealth.com/ https://info.mrp.io/ https://*.clarity.ms/ https://inspiration-inspiration-4440.my.site.com/ https://inspiration-inspiration-4440.my.salesforce-scrt.com/ https://eadn-wc02-14626356.nxedge.io/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ https://client.crisp.chat/ https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-pDw3507GhqmbqlEPs2p40A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri /platform/csp_reports?app_name=blue-haven;default-src 'self'; script-src 'self' https://analytics.google.com http://cdn.segment.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.browsealoud.com https://plus.browsealoud.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://api.mapbox.com https://assets.zendesk.com https://cdn.mxpnl.com https://cdn.ravenjs.com https://f1-oc.readspeaker.com https://cdn1.readspeaker.com https://epsg.io https://analytics.engagementhq.com https://platform.twitter.com https://cdn.syndication.twimg.com https://log.pinterest.com https://assets.pinterest.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api/ https://apis.google.com https://translate.googleapis.com https://cdn.auth0.com 'nonce-hXjWJ+dm57QXJE/61km27cZpz0Clb7Ly94+8T5ynk9bgkBkcaufthUaP0KoNI9fzW3et0cjA8Sn95EbkdVroKiDpmQMGiHqEgDo9vYfdUEEHJrv77laoj1wRPXIznnVuWjYjDrskbFGoiNsGndSwaSZIxm/77Sxsdd39UmupOw=='; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'nonce-hXjWJ+dm57QXJE/61km27cZpz0Clb7Ly94+8T5ynk9bgkBkcaufthUaP0KoNI9fzW3et0cjA8Sn95EbkdVroKiDpmQMGiHqEgDo9vYfdUEEHJrv77laoj1wRPXIznnVuWjYjDrskbFGoiNsGndSwaSZIxm/77Sxsdd39UmupOw=='; img-src 'self' blob: data: https: ehq-production-us-california.imgix.net https://s3-us-west-1.amazonaws.com/ehq-production-us-california/; font-src 'self' data: https://fonts.gstatic.com https://unpkg.com/boxicons@2.0.7/fonts/ https://cdnjs.cloudflare.com/ajax/libs/ https://use.typekit.net https://ehq-static-assets.s3-ap-southeast-2.amazonaws.com/fonts/ https://use.fontawesome.com/releases/v5.4.1/webfonts/ https://s3-ap-southeast-2.amazonaws.com/ehq-static-assets/; object-src data:; base-uri 'self'; form-action 'self'; connect-src 'self' https://cdn.segment.com https://www.google-analytics.com https://region1.google-analytics.com https://basemapstyles-api.arcgis.com https://basemaps-api.arcgis.com https://ibasemaps-api.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://geocode-api.arcgis.com https://www.google.co.in https://analytics.google.com https://o62215.ingest.sentry.io https://sentry.io https://bam.nr-data.net https://plus.browsealoud.com https://syndication.twitter.com/settings https://z-m-graph.facebook.com https://www.facebook.com https://graph.facebook.com https://www.google.com https://stats.engagementhq.com https://views.unsplash.com https://translate.googleapis.com https://www.googletagmanager.com https://unpkg.com/boxicons@latest/ https://cdn.jsdelivr.net/npm/metismenujs@1.2.0/ https://consentcdn.cookiebot.com; frame-src 'self' https://www.google.com https://recaptcha.google.com https://www.youtube.com https://player.vimeo.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://www.google.com.au https://platform.twitter.com https://syndication.twitter.com https://accounts.google.com https://abalancingact.com https://konveio.com https://arcgis.com https://consentcdn.cookiebot.com; media-src 'self' https: https://s3-us-west-1.amazonaws.com/ehq-production-us-california/; child-src 'none'; style-src-attr 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://fonts.gstatic.com https://unpkg.com/boxicons@2.0.7/css/boxicons.min.css https://www.gstatic.com/ https://use.fontawesome.com/releases/v5.4.1/css/ https://maxcdn.bootstrapcdn.com/font-awesome/ 'unsafe-inline'; script-src-elem 'self' https://cdnjs.cloudflare.com/ajax/libs/ https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ https://translate-pa.googleapis.com https://translate.google.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://js.intercomcdn.com https://platform.twitter.com https://unpkg.com https://widget.intercom.io https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'nonce-hXjWJ+dm57QXJE/61km27cZpz0Clb7Ly94+8T5ynk9bgkBkcaufthUaP0KoNI9fzW3et0cjA8Sn95EbkdVroKiDpmQMGiHqEgDo9vYfdUEEHJrv77laoj1wRPXIznnVuWjYjDrskbFGoiNsGndSwaSZIxm/77Sxsdd39UmupOw==' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com www.google.co.uk *.google.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com app.replyco.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com api.replyco.com *.replyco.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com fonts.googleapis.com *.googleapis.com data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test processing.psmock.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.buildingmaterials.co.uk *.weltpixel.com paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test *.trustpilot.com processing.psmock.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.everesttech.net *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bing.com *.bing.net *.google.co.uk *.roeye.com cdn-cookieyes.com *.dynamicyield.com *.dynamicyield.eu www.feedoptimise.com cdn.feedoptimise.com www.google.com.ua paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test services.postcodeanywhere.co.uk processing.psmock.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com https://gtm.buildingmaterials.co.uk data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.adobedtm.com *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://maps.googleapis.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.bing.com *.bing.net *.mediahawk.co.uk *.noibu.com *.roeyecdn.com *.hotjar.com cdn-cookieyes.com *.dynamicyield.com *.dynamicyield.eu https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* cdnjs.cloudflare.co m/ajax/libs/clipboard.js/* www.feedoptimise.com cdn.feedoptimise.com paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test api.addressy.com *.trustpilot.com processing.psmock.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net https://gtm.buildingmaterials.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.dynamicyield.com *.dynamicyield.eu https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test api.addressy.com processing.psmock.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io amcglobal.sc.omtrdc.net p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.bing.com *.bing.net *.mediahawk.co.uk *.buildingmaterials.co.uk *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookieyes.com cdn-cookieyes.com *.dynamicyield.com *.dynamicyield.eu *.dy-api.com *.dy-api.eu paymentpage.ecommpay.com paymentpage.westresscode.net pp.terminal.test api.addressy.com processing.psmock.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app https://gtm.buildingmaterials.co.uk 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.two.inc *.sandbox.two.inc *.demo.two.inc *.staging.two.inc *.release.two.inc *.experimental.two.inc *.perf.two.inc *.cyber.two.inc 'self' 'unsafe-inline'; report-uri https://5d00f164-d437-484e-9565-3361ea4d16a4.sansec.watch/; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com https://webcache.googleusercontent.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.cloudflare.com *.facebook.com https://s.ytimg.com *.funstra.com *.doubleclick.net https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.facebook.net https://webcache.googleusercontent.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com https://webcache.googleusercontent.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.funstra.com.au; report-to report-endpoint; 1
base-uri 'self'; frame-ancestors 'self'; default-src 'self' https: data: blob; img-src 'self' https: data: blob cdn.gtranslate.net gtranslate.io ani.tdn.gtranslate.net; font-src 'self' https: data: fonts.gstatic.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com cdn.gtranslate.net; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: cdn.gtranslate.net gtranslate.io ani.tdn.gtranslate.net translate.googleapis.com translate.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.gstatic.com www.google.com www.recaptcha.net *.cloudflare.com cdn.livechatinc.com secure.livechatinc.com; connect-src 'self' https: wss: gtranslate.io ani.tdn.gtranslate.net cdn.gtranslate.net translate.googleapis.com translate.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.livechatinc.com; frame-src 'self' www.google.com www.recaptcha.net *.livechatinc.com; worker-src 'self' blob: https:; media-src 'self' https: data: blob 1
font-src *.fontawesome.com *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com www.facebook.com *.hotjar.com *.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sirv.com www.xtento.com cdn.xtento.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.laybuy.com www.facebook.com www.google.com.ua www.google.pl *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://rum.hlx.page polyfill.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com www.xtento.com cdn.xtento.com secure.authorize.net test.authorize.net www.gstatic.com/recaptcha www.google.com/recaptcha api.addressfinder.io s7.addthis.com *.googleapis.com *.tawk.to cdn.jsdelivr.net www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.laybuy.com *.hotjar.com bam.eu01.nr-data.net *.moatads.com *.addthisedge.com *.addthis.com *.osano.com cdn.pricespider.com locate.pricespider.com *.pricespider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src display.ugc.bazaarvoice.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.sirv.com cdn.pricespider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.sirv.com stergita.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sirv.com *.youtube.com blob: *.facebook.net *.algolianet.com ekr.zdassets.com *.googleapis.com *.tawk.to bam.nr-data.net *.laybuy.com *.cloudfront.net stats.g.doubleclick.net t.labs.au.edge.zip.co in.hotjar.com bam.eu01.nr-data.net *.osano.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src use.typekit.net v2.zopim.com d1azc1qln24ryf.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com vars.hotjar.com www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.tinyme.com.au www.tinyme.sg bat.bing.com ct.pinterest.com www.facebook.com a.klaviyo.com assets.reviews.io www.google.com.au embed-fastly.wistia.com fast.wistia.com www.sandbox.paypal.com https://a.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com static.zipmoney.com.au js-agent.newrelic.com bam.nr-data.net s.pinimg.com bat.bing.com connect.facebook.net v2.zopim.com widget.reviews.io static.zdassets.com fast.wistia.com static.hotjar.com script.hotjar.com widget.parcelpoint.com.au https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.typekit.net p.typekit.net widget.reviews.io d1azc1qln24ryf.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.tinyme.com.au www.tinyme.sg api.zipmoney.com.au t.zip.co ct.pinterest.com ekr.zdassets.com fast.a.klaviyo.com telemetrics.klaviyo.com api.reviews.io *.zopim.com bam.nr-data.net bat.bing.com stats.g.doubleclick.net distillery.wistia.com embed-fastly.wistia.com pipedream.wistia.com in.hotjar.com embedwistia-a.akamaihd.net api-cache.reviews.co.uk api-m.paypal.com api-m.sandbox.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.tinyme.com.au www.tinyme.sg 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' https://app-ev-prod.azurewebsites.net https://maps.googleapis.com https://maps.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://redaktion.infrest-verein.de https://app-nbb-calculator.azurewebsites.net https://client-nbb-zse.azurewebsites.net https://storagegennbbviu.z6.web.core.windows.net https://client-nbb-ev.azurewebsites.net https://*.cookiefirst.com https://www.leitungs-check-online.de https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://qa-api-nbb-zse.azurewebsites.net https://api-nbb-zse.azurewebsites.net https://sm0o4.mjt.lu https://app.mailjet.com; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://redaktion.infrest-verein.de https://www.kki-verein.de https://www.kki-gesellschaft.de https://www.infrest.de https://www.leitungs-check-online.de https://client-nbb-zse.azurewebsites.net https://app.mailjet.com https://sm0o4.mjt.lu; script-src-elem 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://qa-api-nbb-zse.azurewebsites.net https://api-nbb-zse.azurewebsites.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://redaktion.infrest-verein.de https://www.kki-verein.de https://www.kki-gesellschaft.de https://www.infrest.de https://client-nbb-zse.azurewebsites.net https://www.leitungs-check-online.de https://consent.cookiefirst.com https://sm0o4.mjt.lu https://app.mailjet.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://redaktion.infrest-verein.de https://www.leitungs-check-online.de https://consent.cookiefirst.com https://sm0o4.mjt.lu https://app.mailjet.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://qa-api-nbb-zse.azurewebsites.net https://api-nbb-zse.azurewebsites.net https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://redaktion.infrest-verein.de https://www.leitungs-check-online.de https://consent.cookiefirst.com https://sm0o4.mjt.lu https://app.mailjet.com; img-src * 'self' data: https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://qa-api-nbb-zse.azurewebsites.net https://api-nbb-zse.azurewebsites.net https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://redaktion.infrest-verein.de https://fonts.googleapis.com https://www.leitungs-check-online.de https://redaktion.infrest-verein.de; font-src * 'self'; frame-ancestors * 'self' https://client-nbb-zse.azurewebsites.net https://app-nbb-calculator.azurewebsites.net https://storagegennbbviu.z6.web.core.windows.net https://www.leitungs-check-online.de https://www.nbb-netzgesellschaft.de https://app-zse-prod.azurewebsites.net https://qa-api-nbb-zse.azurewebsites.net https://api-nbb-zse.azurewebsites.net https://sm0o4.mjt.lu https://app.mailjet.com 1
object-src 'none';base-uri 'self';script-src 'nonce-qQJYuH4wuHVoBLjdBDM0vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://clients.bertina.us https://api.indexnow.org; worker-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://clients.bertina.us 1
font-src https://consentcdn.cookiebot.com *.force.com https://fonts.gstatic.com/ 'self' https://downloads.my.senator.com https://senator.onapply.de blob: https://public.senator.com https://portal.zakeke.com https://api.zakeke.com https://zakeke.blob.core.windows.net *.salesforce.com https://www.youtube-nocookie.com https://cdn.onapply.de data:; report-to sfdc-csp-ep; report-uri https://senator.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D1t000000DG0F&networkId=0DM68000000fxTP&type=communities 1
object-src 'none';base-uri 'self';script-src 'nonce-8L80UwBy49nlhtQCf9NNmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tFhTxV2DQNZLfeJus1U8lg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.goaffpro.com https://static.goaffpro.com *.googletagmanager.com *.facebook.net *.avada.io *.shopify.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.goaffpro.com https://static.goaffpro.com *.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com  use.typekit.net static.zip.co *.choosewine.com.au *.winedirect.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.omappapi.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.com bat.bing.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com  pos.baidu.com  *.baidu.com *.instant.one *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com  use.typekit.net  *.typekit.net *.winedirect.com.au *.choosewine.com.au cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com *.instant.one c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com  use.typekit.net *.choosewine.com.au *.adobedtm.com *.winedirect.com.au *.z.clarity.ms *.clarity.ms  rec.smartlook.com *.smartlook.com  t.cfjump.com *.cfjump.com *.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.com www.google.co.in *.google.co.in *.sc.omtrdc.net cm.everesttech.net *.magentocommerce.com *.googleadservices.com www.google-analytics.com  *.analytics.yahoo.com *.paypalobjects.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ytimg.com static.afterpay.com site-assets.afterpay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io *.sandbox.paypal.com *.swagger.io *.facebook.com *.glopal.com *.glopalservice.com *.braintreegateway.com *.stamped.io d.adroll.com *.adroll.com c.bing.com *.bing.com *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com js-agent.newrelic.com *.newrelic.com *.sandbox.my.site.com hello.zonos.com *.zonos.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.app bat.bing.com *.adobe.net *.site.com dev-54ta5gq-6zoeclprllyye.ap-3.magentosite.cloud  'self' *.google.bg *.facebook.net *.doubleclick.net *.googlesyndication.com *.instant.one rec.smartlook.com t.cfjump.com img.youtube.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net t.zip.co cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com https://img.youtube.com static.zip.co data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com commerce-payments-sdk.adobe.io *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.ytimg.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com  use.typekit.net typekit.net choosewine.com.au winedirect.com.au *.winedirect.com.au adobedtm.com adobe.com z.clarity.ms clarity.ms rec.smartlook.com smartlook.com  t.cfjump.com cfjump.com zip.co static.zipmoney.com.au zipmoney.com.au tagmanager.google.com www.google.co.in adroll.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com bidswitch.net doubleclick.net casalemedia.com openx.net taboola.com outbrain.com pubmatic.com google-analytics.com 3lift.com rubiconproject.com google.co.in sc.omtrdc.net demdex.net dpm.demdex.net cm.everesttech.net everesttech.net magentocommerce.com widgets.magentocommerce.com googleadservices.com paypalobjects.com t.paypal.com paypal.com ftcdn.net behance.net p.typekit.net fpdbs.paypal.com fpdbs.sandbox.paypal.com ytimg.com validator.swagger.io static.afterpay.com site-assets.afterpay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io gstatic.com sandbox.paypal.com swagger.io afterpay.com facebook.com glopal.com glopalservice.com braintreegateway.com d.adroll.com c.bing.com bing.com googletagmanager.com ib.adnxs.com adnxs.com s3-us-west-2.amazonaws.com amazonaws.com js-agent.newrelic.com newrelic.com sandbox.my.site.com hello.zonos.com zonos.com front.optimonk.co optimonk.co qa.clevertar.app *.clevertar.com bat.bing.com cardinalcommerce.com optimonk.com a.omappapi.com googleapis.com unpkg.com magento-datasolutions.com omtrdc.net vimeocdn.com youtube.com magento-ds.com google.bg facebook.net googlesyndication.com trackedlink.net trackedweb.net ddlnk.net dotdigital-pages.com dhv2ziothpgrr.cloudfront.net yotpo.com yahoo.com instant.one addthis.com dnky.co dotdigital.internal pages.com adobe.net ccdc02.com downloads.mailchimp.com commerce.adobe.net www.gstatic.com/recaptcha/ www.google.com/recaptcha/ portal.sandbox.clearpay.co.uk portal.clearpay.co.uk portal.sandbox.afterpay.com portal.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com cdn.dnky.co s7.addthis.com *.instant.one *.choosewine.com.au *.z.clarity.ms *.clarity.ms *.smartlook.com t.cfjump.com *.cfjump.com *.zip.co *.zipmoney.com.au *.adroll.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.google.co.in *.sc.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.ftcdn.net *.behance.net *.sandbox.paypal.com *.swagger.io *.afterpay.com *.facebook.com *.glopal.com *.glopalservice.com *.stamped.io *.bing.com *.adnxs.com *.amazonaws.com *.sandbox.my.site.com *.zonos.com *.optimonk.co *.clevertar.app *.cardinalcommerce.com *.optimonk.com *.googleapis.com *.unpkg.com *.omtrdc.net *.dhv2ziothpgrr.cloudfront.net *.yotpo.com *.yahoo.com *.addthis.com *.dnky.co *.dotdigital.internal *.pages.com *.vimeo.com *.adobe.net *.ccdc02.com js.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com  pos.baidu.com  *.baidu.com static.zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com webchat.dotdigital.com webchat.staging.dotdigital.com static.zip.co *.winedirect.com.au *.a.omappapi.com *.clevertar.app *.choosewine.com.au *.cardinalcommerce.com *.googleapis.com *.googlesyndication.com *.dnky.co *.instant.one a.omappapi.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co *.yotpo.com unsafe-inline assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com  pos.baidu.com  *.baidu.com  use.typekit.net *.typekit.net *.choosewine.com.au *.winedirect.com.au *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com dpe0djwch8671.cloudfront.net a.omappapi.com js.monitor.azure.com *.js.monitor.azure.com jfapiprod.optimonk.com cdn-limit.optimonk.com use.typekit.net  *.typekit.net bam.nr-data.net mcstaging.winedirect.com.au because it violates the following Content Security Policy directive: "connect-src static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com www.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com ekr.zdassets.com/ *.instant.one *.choosewine.com.au *.winedirect.com.au *.z.clarity.ms *.clarity.ms  stats.g.doubleclick.net *.g.doubleclick.net manager.eu.smartlook.cloud *.smartlook.com www.google.co.in *.adobedtm.com *.adobe.com rec.smartlook.com t.cfjump.com *.cfjump.com *.zip.co static.zipmoney.com.au *.zipmoney.com.au tagmanager.google.com *.google.co.in *.sc.omtrdc.net *.demdex.net cm.everesttech.net *.everesttech.net *.magentocommerce.com widgets.magentocommerce.com *.googleadservices.com *.analytics.yahoo.com *.paypalobjects.com t.paypal.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com us-u.openx.net sync.taboola.com sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com eb2.3lift.com pixel.rubiconproject.com *.bidswitch.net *.casalemedia.com *.openx.net *.taboola.com *.outbrain.com *.pubmatic.com *.3lift.com *.rubiconproject.com *.ftcdn.net *.behance.net p.typekit.net *.typekit.net fpdbs.paypal.com fpdbs.sandbox.paypal.com *.ytimg.com validator.swagger.io site-assets.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com cdn-redirector.glopal.com plugin-magento-ui.glopalservice.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com cdn1.stamped.io checkout.paypal.com stamped.io *.gstatic.com *.sandbox.paypal.com *.swagger.io *.glopal.com *.glopalservice.com *.stamped.io d.adroll.com *.adroll.com c.bing.com *.bing.com *.googletagmanager.com ib.adnxs.com *.adnxs.com s3-us-west-2.amazonaws.com *.amazonaws.com js-agent.newrelic.com *.sandbox.my.site.com hello.zonos.com *.zonos.com front.optimonk.co *.optimonk.co qa.clevertar.app *.clevertar.app bat.bing.com api.omappapi.com front.optimonk.com australiaeast-1.in.applicationinsights.azure.com cdn-account.optimonk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.aptrinsic.com cdn.livechatinc.com *.livechatinc.com api.livechatinc.com clevertar.azureedge.net *.azureedge.net dc.services.visualstudio.com *.visualstudio.com my.clevertar.com *.clevertar.com  pos.baidu.com  *.baidu.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.instant.one 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.fontawesome.com *.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com maxcdn.bootstrapcdn.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.mollie.com https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ https://h.online-metrix.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookiefirst.com *.klarna.com *.spirit-of-om.de *.trustedshops.com https://www.mollie.com https://static.unzer.com *.online-metrix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookiefirst.com js.mollie.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com https://h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com *.cookiefirst.com hello.myfonts.net *.trustedshops.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookiefirst.com *.trustedshops.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com jda.de *.jda.de data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cleverreach.com jda.de *.jda.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com jda.de *.jda.de www.googletagmanager.com app.usercentrics.eu secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.cloudfront.net https://images.unsplash.com https://api.mapbox.com jda.de *.jda.de magefan.com cm.magefan.com cdn.pay1.de x.klarnacdn.net m.media-amazon.com static-eu.payments-amazon.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com https://maps.googleapis.com jda.de *.jda.de secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io maps.googleapis.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com jda.de *.jda.de d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://maps.googleapis.com https://player.vimeo.com jda.de *.jda.de payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de maps.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com * *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.addressy.com *.google-analytics.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.facebook.com 'self' *.fullstory.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.loyaltylion.net *.loyaltylion.com *.elfsight.com forms-eu1.hscollectedforms.net *.livechatinc.com *.sjv.io *.ojrq.net *.loggly.com s.yimg.com *.paypal.cn *.paypalobjects.com browser-intake-us5-datadoghq.com *.qualtrics.com *.acsbapp.com *.storepoint.co localhost www.google.ca www.google.co.in www.google.de www.google.ie www.google.pt *.8x8.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' *.paypalobjects.com *.paypal.com *.googletagmanager.com *.trustpilot.com *.google-analytics.com *.nosto.com *.livechatinc.com cdn.cookie-script.com googleads.g.doubleclick.net sdk-static.loyaltylion.net sdk.loyaltylion.net unpkg.com commerce.adobedtm.com r1-t.trackedlink.net cdn.jsdelivr.net www.google.com livesearch-metrics.magento-ds.com connect.facebook.net edge.fullstory.com js-eu1.hs-scripts.com email-motocaddy.com *.newrelic.com magento-recs-sdk.adobe.net utt.impactcdn.com fonts.googleapis.com fonts.gstatic.com *.google.co.uk *.gstatic.com www.gstatic.com *.adyen.com *.8x8.com static.trackedweb.net pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://9e50c508-95d2-4a1a-ad83-23f368938734.sansec.watch/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.googletagmanager.com/ *.google.com https://www.youtube.com *.addthis.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ player.vimeo.com *.youtube.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YVwNqi6e8FB0f1RHIrtI6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com https://firebasestorage.googleapis.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com https://player.vimeo.com *.avada.io *.shopify.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net *.alothemes.com *.magepow.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https://*.amazonaws.com https://*.mixpanel.com https://beekeeper.zendesk.com https://ekr.zdassets.com https://*.pubnub.com https://*.beekeeper.io https://www.google-analytics.com https://whatfix.com https://app.getsentry.com https://beekeeper-admins.zendesk.com https://dmq3e1ycjfyv0.cloudfront.net https://dohg09tgfgiar.cloudfront.net https://d3le1ht3gk5ng5.cloudfront.net https://d3vb2p6fp7o3q7.cloudfront.net https://d1zyzbapvzedyp.cloudfront.net https://d364zg7nlsantl.cloudfront.net https://d28hucnnny9kn3.cloudfront.net https://d2162mnpixjurq.cloudfront.net https://ddmptyeddd1ae.cloudfront.net wss://widget-mediator.zopim.com https://cdn.ravenjs.com; prefetch-src 'self' *.beekeeper.rocks *.dev.beekeeper.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://dmq3e1ycjfyv0.cloudfront.net https://dohg09tgfgiar.cloudfront.net https://d3le1ht3gk5ng5.cloudfront.net https://d3vb2p6fp7o3q7.cloudfront.net https://d1zyzbapvzedyp.cloudfront.net https://d364zg7nlsantl.cloudfront.net https://d28hucnnny9kn3.cloudfront.net https://d2162mnpixjurq.cloudfront.net https://ddmptyeddd1ae.cloudfront.net https://whatfix.com https://cdn.whatfix.com/prod/ https://*.beekeeper.io https://cdn.mxpnl.com https://cdn.ravenjs.com https://static.zdassets.com https://www.google-analytics.com/analytics.js https://www.recaptcha.net/recaptcha/ https://code.jquery.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/ https://widget-mediator.zopim.com; frame-src 'self' blob: *.beekeeper.rocks *.dev.beekeeper.io https://whatfix.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://mozbar.moz.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.beekeeper.io https://fonts.googleapis.com; font-src 'self' data: https://common.cdn.beekeeper.io https://*.cloudfront.net https://fonts.gstatic.com; img-src 'self' data: blob: https:; media-src 'self' blob: data: https://*.beekeeper.io https://*.cloudfront.net https://*.amazonaws.com; report-uri https://o4508014903361536.ingest.de.sentry.io/api/4508295318995024/security/?sentry_key=224567066b58c4389aa8f8fed87b30c5; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net www.paypalobjects.com *.typekit.net *.gstatic.com *.google.com *.newrelic.com *.nr-data.net *.lrkt-in.com *.kele.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.google.com *.newrelic.com https://analytics.clickdimensions.com *.google-analytics.com *.nr-data.net *.lrkt-in.com *.kele.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com https://www.google.com/maps https://www.google.com/ https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com https://includestest.ccdc02.com/cardinalcruise/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.clickdimensions.com *.google-analytics.com *.nr-data.net *.lrkt-in.com *.kele.com js.stripe.com https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://*.cardinalcommerce.com https://*.centinelapi.cardinalcommerce.com https://insight.adsrvr.org/ https://analytics.google.com https://vimeo.com https://includestest.ccdc02.com/cardinalcruise/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.google.com *.newrelic.com https://analytics.clickdimensions.com *.nr-data.net *.cookieyes.com cdn-cookieyes.com *.bing.com *.lesman.com *.lrkt-in.com *.kele.com imgsct.cookiebot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com https://vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.google-analytics.com *.clickdimensions.com *.cookieyes.com cdn-cookieyes.com *.bing.com gstatic.com *.lrkt-in.com *.kele.com js.stripe.com consent.cookiebot.com https://cdn1.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/ https://analytics.google.com/ https://includestest.ccdc02.com/cardinalcruise/ *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.google.com *.newrelic.com https://analytics.clickdimensions.com *.google-analytics.com *.nr-data.net *.lrkt-in.com *.kele.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net https://vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.clickdimensions.com *.cookieyes.com cdn-cookieyes.com *.bing.com gstatic.com *.lrkt-in.com *.kele.com 3dsapi.ebizcharge.net kg668dbov0.execute-api.us-east-1.amazonaws.com ebizcharge3ds-staging1.azurewebsites.net https://includestest.ccdc02.com *.ebizcharge.net https://songbird.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://cdnjs.cloudflare.com https://insight.adsrvr.org/ https://dpm.demdex.net https://amcglobal.sc.omtrdc.net https://geostag.cardinalcommerce.com https://geo.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://analytics.google.com https://includestest.ccdc02.com/cardinalcruise/ *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr *.fontawesome.com https://fonts.bunny.net 'self' data: maxcdn.bootstrapcdn.com *.ttwstatic.com *.tiktok.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr *.boxnow.gr *.boxnow.cy widget-v5.boxnow.gr widget-v5.boxnow.cy *.ttwstatic.com *.tiktok.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr https://firebasestorage.googleapis.com https://www.magezon.com *.hsforms.net *.hsforms.com 'self' data: maps.gstatic.com widget-cdn.boxnow.gr widget-cdn.boxnow.cy widget-v5.boxnow.gr widget-v5.boxnow.cy *.ttwstatic.com *.tiktok.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr *.avada.io *.shopify.com *.hsforms.net *.hsforms.com maps.googleapis.com www.gstatic.com widget-cdn.boxnow.gr widget-cdn.boxnow.cy widget-v5.boxnow.gr widget-v5.boxnow.cy *.ttwstatic.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr *.fontawesome.com https://fonts.bunny.net www.gstatic.com maxcdn.bootstrapcdn.com *.ttwstatic.com *.tiktok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.zeparts.gr https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com widget-cdn.boxnow.gr widget-cdn.boxnow.cy widget-v5.boxnow.gr widget-v5.boxnow.cy *.ttwstatic.com *.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.zeparts.gr/; report-to report-endpoint; 1
font-src fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.certcapture.com googleads.g.doubleclick.net data: *.google.co.in www.facebook.com platform.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.certcapture.com blob: *.google.com *.google.co.in *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.paypal.com *.ytimg.com *.swagger.io *.authorize.net *.cloudfront.net *.pinterest.com *.twitter.com *.paradoxlabs.com *.braintreegateway.com *.bing.com https://maps.gstatic.com https://maps.googleapis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.certcapture.com *.gstatic.com *.google.com *.authorize.net *.bing.com js-agent.newrelic.com *.facebook.net bam.nr-data.net *.googleadservices.com *.searchspring.net *.cardinalcommerce.com *.braintreegateway.com *.paypal.com *.ytimg.com *.vimeo.com *.twitter.com googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.certcapture.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.searchspring.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com bam.nr-data.net stats.g.doubleclick.net *.searchspring.io https://maps.googleapis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon https://www.google-analytics.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src fonts.gstatic.com fonts.googleapis.com www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.trustedshops.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com youtu.be *.vimeo.com *.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://meetanshi.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://widgets.reevoo.com *.cloudflare.com *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.shopify.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com tm.tradetracker.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://widgets.reevoo.com https://widgets.reevoo.com/register-feefo/feefo-widgets-app/css/feefo_loader.css *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com self *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com cdn.bioz.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://netzdirektion.de *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com self app.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * app.usercentrics.eu *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.googletagmanager.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com cdn.bioz.com cloud.ccm19.de track.hubspot.com www.facebook.com forms.hsforms.com perf-na1.hsforms.com www.google.de magefan.com cm.magefan.com *.disqus.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.usercentrics.eu *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.pinterest.com *.pinimg.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com self cloud.ccm19.de connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com cdn.bioz.com *.disqus.com https://cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com sc-static.net *.snapchat.com *.pinterest.com *.pinimg.com unpkg.com *.doubleclick.net *.typeform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com self cdn.bioz.com cloud.ccm19.de https://cdn.jsdelivr.net assets.braintreegateway.com web.cmp.usercentrics.eu *.stripe.network *.stripecdn.com *.amazon.com *.tagmanager.google.com *.googletagmanager.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com self www.bioz.com cloud.ccm19.de api.hubsport.com api.hubapi.com api.hubspot.com forms.hscollectedforms.net cta-service-cms2.hubspot.com forms.hubspot.com region1.analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com api.usercentrics.eu aggregator.service.usercentrics.eu privacy-proxy.usercentrics.eu *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.pinterest.com *.pinimg.com sc-static.net *.snapchat.com *.doubleclick.net *.run.app *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://16272177-114c-465f-a784-93be210f14ff.sansec.watch/; report-to report-endpoint; 1
base-uri 'self'; child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; navigate-to 'self'; object-src 'none'; script-src 'self'; script-src-attr 'self'; script-src-elem 'self'; style-src 'self'; style-src-attr 'self'; style-src-elem 'self'; worker-src 'self'; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-hDWXFl5CLsTtR7Jb_yHt0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com https://js.stripe.com https://m.stripe.network 'sha256-e357n1PxCJ8d03/QCSKaHFmHF1JADyvSHdSfshxM494=' 'sha256-5DA+a07wxWmEka9IdoWjSPVHb17Cp5284/lJzfbl8KA=' 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls=' 'nonce-'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.stripe.com https://checkout.stripe.com https://m.stripe.network; frame-src https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://m.stripe.network; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /csp-violation-report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-p_txttcx2ApJsCCCpCDZHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';   base-uri 'self';   child-src  'self' https://ecommerce.nexi.it https://www.googletagmanager.com google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://www.paypal.com https://www.paypal.com/tagmanager/pptm.js https://www.paypalobjects.com/api/checkout.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://o1026956.ingest.sentry.io;   connect-src 'self' https://keycloak.plasticfreeonlus.it https://cms.plasticfreeonlus.it https://ecommerce.plasticfreeonlus.it s3.eu-central-1.amazonaws.com plasticfree-documents.s3.eu-central-1.amazonaws.com plasticfree-profiles-pictures.s3.eu-central-1.amazonaws.com https://ecommerce.nexi.it https://o1026956.ingest.sentry.io https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.paypal.com https://t.paypal.com;   script-src 'self'  https://ecommerce.nexi.it https://www.googletagmanager.com google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://www.paypal.com https://www.paypal.com/tagmanager/pptm.js https://www.paypalobjects.com/api/checkout.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://o1026956.ingest.sentry.io;   frame-src 'self' https://ecommerce.nexi.it youtube.com youtu.be www.youtube.com www.youtube-nocookie.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://www.t.paypal.com https://www.paypal.com;   img-src 'self' data: https://keycloak.plasticfreeonlus.it https://cms.plasticfreeonlus.it https://ecommerce.plasticfreeonlus.it s3.eu-central-1.amazonaws.com plasticfree-documents.s3.eu-central-1.amazonaws.com plasticfree-profiles-pictures.s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://ecommerce.nexi.it www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net https://www.facebook.com https://www.paypal.com https://t.paypal.com;   style-src 'self' 'unsafe-inline' fonts.googleapis.com;   font-src 'self' data: https://fonts.gstatic.com;   media-src 'self';   object-src 'none';   manifest-src 'self';   report-uri https://www.plasticfreeonlus.it/api/csp-report;   worker-src 'none'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com *.googleapis.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com https://js.stripe.com https://tags.affiliatefuture.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://fonts.bunny.net maxcdn.bootstrapcdn.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de form-assets.mailchimp.com *.intuit.com *.amazonaws.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://d1yjxx0wdvhvfv.cloudfront.net https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.api.here.com https://js.arcgis.com https://*.facebook.net https://maps.googleapis.com 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://js.arcgis.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://maps.googleapis.com https://*.facebook.com https://*.simplycast.com; img-src * data:; style-src 'self' 'unsafe-inline' https://d1yjxx0wdvhvfv.cloudfront.net https://fonts.googleapis.com https://js.api.here.com https://js.arcgis.com data:; base-uri 'self'; form-action 'self'; frame-src 'self' https://www.google.com; report-to cspreport; report-uri https://app.simplycast.com/?q=cspreport; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net https://headrushtech.com https://headrushtech.eu https://headrushtech.co.uk https://www.storemapper.com https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.bluesnap.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.kaptcha.com *.sentry.io *.google.com/ *.gstatic.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.weltpixel.com *.iubenda.com *.authorize.net challenges.cloudflare.com *.googletagmanager.com *.doubleclick.net https://www.googletagmanager.com https://www.storemapper.com https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://www.facebook.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.certcapture.com *.google.com google.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.iubenda.com https://firebasestorage.googleapis.com https://www.magezon.com *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com https://forms-na1.hsforms.com https://*.hsforms.com https://*.headrushtech.com https://headrushtech.com https://*.headrushtech.co.uk https://www.google.de https://*.google.de https://*.hubspot.com https://hubspot.com https://*.fedex.com https://*.stripe.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://headrushtech.eu https://www.storemapper.com https://www.storemapper.co https://*.storemapper.co https://www.google.co.in https://px.ads.linkedin.com https://pagead2.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.certcapture.com 'self' 'unsafe-inline' sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.kaptcha.com *.sentry.io *.google.com/ *.gstatic.com static.cloudflareinsights.com cdnjs.cloudflare.com *.iubenda.com *.avada.io *.authorize.net challenges.cloudflare.com ajax.googleapis.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms *.klaviyo.com unpkg.com *.doubleclick.net *.instagram.com maps.googleapis.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hscollectedforms.net https://js.hsleadflows.net  https://js.hs-banner.com https://js.hs-scripts.com https://us.i.posthog.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspot.com https://us-assets.i.posthog.com https://*.i.posthog.com https://*.fedex.com https://*.stripe.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://connect.facebook.net https://*.cloudflareinsights.com https://www.storemapper.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co https://*.google.com https://www.googleadservices.com www.google-analytics.com  https://www.google-analytics.com  googleads.g.doubleclick.net  https://googleads.g.doubleclick.net  analytics.google.com  https://analytics.google.com  https://www.googletagmanager.com https://www.gstatic.com https://js-eu1.hsforms.net https://www.youtube.com https://js-eu1.hs-scripts.com https://snap.licdn.com https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com https://js-eu1.hubspot.com https://s.ytimg.com https://i.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.kaptcha.com *.sentry.io *.google.com *.gstatic.com google.com *.fontawesome.com https://fonts.bunny.net *.tagmanager.google.com *.googletagmanager.com https://js.hsforms.net https://*.com https://*.fedex.com https://*.stripe.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://www.storemapper.com https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co 'self' 'unsafe-inline'; object-src https://*.hubspot.com https://js.hubspot.com https://us-assets.i.posthog.com https://*.i.posthog.com https://*.fedex.com https://*.stripe.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://www.storemapper.com https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.certcapture.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.kaptcha.com *.gstatic.com *.amazonaws.com *.iubenda.com https://get.geojs.io *.avada.io *.authorize.net *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.bing.net *.klaviyo.com *.clarity.ms *.doubleclick.net *.run.app *.instagram.com *.googleusercontent.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://forms-na1.hsforms.com https://*.hsforms.com https://*.hubspot.com https://hubspot.com https://*.hscollectedforms.net https://forms.hscollectedforms.net https://api.hubapi.com https://*.hubapi.co https://us.i.posthog.com https://googleads.g.doubleclick.net https://*.stripe.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://*.fedex.com https://maps.googleapis.com https://www.storemapper.com https://www.storemapper.co https://*.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://stats.g.doubleclick.net https://firestore.googleapis.com https://firebasestorage.googleapis.com https://storage.googleapis.com https://www.googleapis.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://api-eu1.hubapi.com https://www.google.co.in https://forms-eu1.hsforms.com https://www.facebook.com 'self' 'unsafe-inline'; child-src *.certcapture.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://headrushtech.com https://*.headrushtech https://headrushtech.co.uk https://*.headrushtech.com https://*.g.doubleclick.net https://us.i.posthog.com https://*.cloudflare.com  https://us.i.posthog.com https://ws.fedex.com https://*.fedex.com https://headrushtech.eu https://www.storemapper.com https://maps.googleapis.com https://www.storemapper.co https://*.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net 'self' 'unsafe-inline'; 1
style-src-elem https://www.googletagmanager.com https://fonts.googleapis.com https://translate.googleapis.com https://*.gstatic.com https://*.feefo.com 'unsafe-inline' 'self'; script-src-elem *.salesfire.co.uk https://tpc.googlesyndication.com https://www.googletagmanager.com https://bat.bing.com https://*.algolianet.com https://*.algolia.net https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.paypal.com https://*.feefo.com https://*.google.com https://*.google.co.uk https://connect.facebook.net https://*.facebook.com https://*.pinterest.com https://*.gstatic.com https://maps.googleapis.com https://polyfill.io https://*.zdassets.com https://*.trackjs.com https://*.sweetanalytics.com https://*.hotjar.com https://*.klaviyo.com https://*.zopim.com https://*.clarity.ms 'unsafe-inline' 'self' *.operation-inspirationastute.com; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.salesfire.co.uk *.klarnacdn.net https://fonts.gstatic.com https://*.paypalobjects.com https://static.klaviyo.com https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com data: 'self' *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk *.arcot.com *.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.pinterest.com https://*.modirum.com https://mycardsecure.com https://acs.touch.tech 'self' *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com *.salesfire.co.uk https://acs.touch.tech https://mycardsecure.com https://*.doubleclick.net https://www.facebook.com https://tst.kaptcha.com https://www.google.com https://www.gstatic.com/ https://*.pinterest.com https://*.youtube.com https://acs.revolut.com https://tpc.googlesyndication.com https://www.rsa3dsauth.co.uk https://*.arcot.com https://*.lloydsbankinggroup.com https://*.securesuite.co.uk https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://register.feefo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com.ua *.google.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com *.salesfire.co.uk * blob: 'self' magefan.com cm.magefan.com *.operation-inspirationastute.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com *.salesfire.co.uk https://connect.facebook.net https://*.facebook.com https://bat.bing.com https://www.googletagmanager.com https://maps.googleapis.com https://*.doubleclick.net https://*.feefo.com https://*.google.com https://www.gstatic.com https://*.pinterest.com https://*.pinimg.com https://*.algolia.net https://*.algolianet.com https://tpc.googlesyndication.com https://*.google-analytics.com https://polyfill.io https://*.zdassets.com https://*.trackjs.com https://*.sweetanalytics.com https://*.hotjar.com https://*.klaviyo.com 'unsafe-inline' 'self' *.operation-inspirationastute.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.salesfire.co.uk *.typekit.net https://fonts.googleapis.com https://translate.googleapis.com https://register.feefo.com https://*.gstatic.com 'unsafe-inline' 'self' https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.salesfire.co.uk *.smartmetrics.co.uk https://*.feefo.com https://bat.bing.com https://www.facebook.com https://*.google-analytics.com  https://*.googlesyndication.com https://*.doubleclick.net https://*.pinterest.com https://*.googleapis.com https://*.google.co.uk https://www.googletagmanager.com https://*.zdassets.com https://*.zendesk.com wss://*.zopim.com https://*.sweetanalytics.com https://*.hotjar.io wss://*.hotjar.com https://*.trackjs.com https://*.algolia.io https://*.sentry.io https://*.clarity.ms 'self' *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /ateam_csp/CSP/Index; report-to report-endpoint; 1
font-src fonts.gstatic.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com checkout.instant.one staging.checkout.instant.one c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.instant.one *.fontawesome.com *.googleapis.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com fonts.googleapis.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.instant.one api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src custom.intucdn.com api.instant.one *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com form-assets.mailchimp.com *.authorize.net assets.secure.checkout.visa.com sandbox.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com form-assets.mailchimp.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com form-assets.mailchimp.com *.intuit.com *.amazonaws.com *.authorize.net assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com pay.google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net *.weltpixel.com *.wesupply.xyz 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com www.facebook.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.apptrian.com connect.facebook.net graph.facebook.com *.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.im-apps.net https://*.ad-stir.com https://*.shinobi.jp https://cnobi.jp 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com flagpedia.net https://api.mapbox.com maps.googleapis.com *.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.avada.io *.shopify.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com ajax.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com autocomplete2.postdirekt.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://www.gravatar.com/avatar/ https://*.google-analytics.com https://*.googletagmanager.com blob:; script-src 'self' https://*.googletagmanager.com 'nonce-9f1db7dae316ea99f6115641b02e40c3' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; style-src 'self' 'nonce-9f1db7dae316ea99f6115641b02e40c3' https://fonts.googleapis.com; worker-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io; frame-src 'self' https://www.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.authorize.net www.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://firebasestorage.googleapis.com https://omnisnippet1.com https://wt.soundestlink.com blob: *.facebook.com *.authorize.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.avada.io *.shopify.com https://omnisnippet1.com https://forms.soundestlink.com *.authorize.net www.doubleclick.net cdn.ampproject.org www.gstatic.com connect.facebook.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net www.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io *.authorize.net stats.g.doubleclick.net cdn.ampproject.org www.googleapis.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';            script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.gstatic.com https://*.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com;            script-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://*.twitter.com https://cdn.syndication.twimg.com;            style-src 'self' 'unsafe-inline' https://*.myfonts.net https://*.bootstrapcdn.com;            style-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.googleapis.com https://*.myfonts.net https://*.bootstrapcdn.com https://*.twitter.com https://*.twimg.com https://*.typekit.net;            img-src * data:;            font-src * data:;            connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.browsealoud.com https://stats.g.doubleclick.net https://*.speechstream.net https://api.pdok.nl;            media-src * blob: data:;            frame-src 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.youtube.com https://*.google.com https://waterschap-limburg.vergunningen.info https://*.maps.arcgis.com https://*.arcgis.com https://*.twitter.com https://*.vimeo.com https://www.waterstandlimburg.nl https://*.doubleclick.net https://*.googletagmanager.com;            frame-ancestors 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.geleenbeekdal.nl https://www.waterleeftinbeek.nl https://www.wbl.nl https://www.zuidelijkmaasdal.nl https://wblnl.sharepoint.com 1
img-src https://higherlogicdownload.s3.amazonaws.com/AEJMC/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEJMC/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AEJMC/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEJMC/ https://higherlogicdownload.s3.amazonaws.com/AEJMC/ https://higherlogiclongterm.s3.amazonaws.com/AEJMC/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/AEJMC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEJMC/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AEJMC/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/AEJMC/ https://higherlogicdownload.s3.amazonaws.com/AEJMC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEJMC/ https://higherlogicstream.s3.amazonaws.com/AEJMC/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AEJMC/ https://higherlogicdownload.s3.amazonaws.com/AEJMC/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AEJMC/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com standard.paystack.co 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io magefan.com cm.magefan.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.paystack.co api.paystack.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://www.sandbox.paypal.com https://www.paypal.com api.paystack.co js.paystack.co plugin-tracker.paystackintegrations.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src https: 'self' 'strict-dynamic' 'nonce-f96128fd56a292a6c836caae006e4df1ce6eb9f8f12d2604dec5f4e2aa355a27' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://cuatro.sim-cdn.nl https://fonts.googleapis.com; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-N2I2OTViNWUtM2UyNi00ODAxLTk0MWMtYmE1ZmVjYjA3NGMw' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; object-src 'none'; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://s3-ap-southeast-2.amazonaws.com; frame-src 'self' https://www.google.com https://www.gstatic.com *.hydro.com.au https://blob.enturadigital.com.au; connect-src 'self' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com *.hydro.com.au; report-uri /report-csp-violation; upgrade-insecure-requests 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/learning_google 1
connect-src 'self' https://player.vimeo.com https://www.google-analytics.com https://region1.google-analytics.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://log.cookieyes.com https://www.googletagmanager.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com/ data:; frame-src 'self' https://player.vimeo.com https://www.googletagmanager.com; img-src 'self' https://i.vimeocdn.com https://f.vimeocdn.com https://www.google-analytics.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://www.facebook.com https://vumbnail.com https://www.googletagmanager.com; media-src 'self'; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://player.vimeo.com https://www.googletagmanager.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://unpkg.com https://www.recaptcha.net; script-src-elem 'self' 'unsafe-inline' https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://cdn-cookieyes.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://unpkg.com https://www.recaptcha.net; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.feedbackcompany.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.webwinkelkeur.nl *.tawk.to *.crisp.chat data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.feedbackcompany.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.facebook.com platform.twitter.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.sendcloud.sc *.jsdelivr.net *.webwinkelkeur.nl youtube.com *.doubleclick.net 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.feedbackcompany.com 'self' data: https://images.unsplash.com magefan.com cm.magefan.com *.disqus.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com *.facebook.com *.facebook.net *.google.lv *.tawk.to snowboards.eu *.crisp.chat *.bing.com *.shopify.com cdn.webshopapp.com tailwindui.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.feedbackcompany.com https://maps.googleapis.com *.disqus.com https://cdn.jsdelivr.net connect.facebook.net twitter.com platform.twitter.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net cdn.jsdelivr.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.webwinkelkeur.nl *.facebook.com *.facebook.net *.tawk.to *.clarity.ms clarity.ms *.crisp.chat *.bing.com *.profitmetrics.io *.klaviyo.com *.pingdom.net *.strut.fit 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://static.klaviyo.com *.googletagmanager.com *.fontawesome.com cdn.jsdelivr.net assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.tawk.to *.crisp.chat 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.feedbackcompany.com https://maps.googleapis.com https://player.vimeo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.clarity.ms *.tawk.to *.facebook.com *.google.lv wss://*.tawk.to/ wss://client.relay.crisp.chat/ *.crisp.chat *.bing.com *.profitmetrics.io *.klaviyo.com *.pingdom.net *.strut.fit 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com https://g.gpaymant.shop *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.googletagmanager.com https://g.gpaymant.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net/ *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.openstreetmap.org https://maps.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com/recaptcha/ *.googletagmanager.com *.paypal.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://g.gpaymant.shop js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net/ https://g.gpaymant.shop api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.openstreetmap.org https://maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dev.stolina.de/; report-to report-endpoint; 1
default-src 'self' app.wopi.cygnvs.net hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.com *.hsforms.com *.hs-scripts.com *.stonly.com stonly.com 'unsafe-inline' 'unsafe-eval' blob: data: *.launchdarkly.com *.storage.googleapis.com cdnjs.cloudflare.com cygnvsdata.cloud.looker.com cygnvsdev.cloud.looker.com browser-intake-datadoghq.com;connect-src *;report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76e7b6a2f97c11902c14b1034c6cdc5b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=version%3A2026-w10%2Cenv%3AProduction;worker-src blob: 1
object-src 'none';base-uri 'self';script-src 'nonce--gAId_nvb2QMkZtgh4AqWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.feedbackcompany.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.feedbackcompany.com https://*.tawk.to https://www.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ https://*.tawk.to https://*.doubleclick.net https://www.facebook.com https://assets.pinterest.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://stellar.eurogifts.be 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.feedbackcompany.com 'self' data: https://*.sirv.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.tawk.to https://bat.bing.com https://c.bing.com https://cdn.jsdelivr.net https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://googleads.g.doubleclick.net https://tawk.link https://www.google.nl https://www.facebook.com https://i.pinimg.com https://log.pinterest.com https://imgsct.cookiebot.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://ade.googlesyndication.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d2a6mddvzruxpc.cloudfront.net https://stellar.eurogifts.be data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page https://maps.googleapis.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com https://*.sirv.com https://portal.zakeke.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.convertexperiments.com https://*.googletagmanager.com https://*.hotjar.com https://*.tawk.to https://bat.bing.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://snap.licdn.com https://script.adcalls.nl https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://assets.pinterest.com https://widgets.pinterest.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://s.pinimg.com https://ct.beslist.nl https://cdn.optimizely.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://stellar.eurogifts.be https://components.eurogifts.be 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.sirv.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.tawk.to https://v.pinimg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net https://*.sirv.com https://api.zakeke.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://api.adcalls.nl https://bat.bing.com https://cdn.linkedin.oribi.io https://fonts.gstatic.com https://www.facebook.com wss://*.hotjar.com wss://*.tawk.to https://consentcdn.cookiebot.com https://exch.vanheijster.nl https://exch.vanhelden.nl https://exch.vanhelden.be https://exch.eurogifts.be https://exch.eurogifts.fr https://ct.pinterest.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.metrics.convertexperiments.com https://logs.convertexperiments.com https://*.convertexperiments.com https://ct.beslist.nl https://ad.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://stellar.eurogifts.be https://components.eurogifts.be 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://internationalepolitik.de https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net https://fonts.gstatic.com; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org https://audio.podigee-cdn.net https://sign.dgap.dev https://www.helpmundo.de https://www.helpdirect.org https://tube.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net https://audio.podigee-cdn.net https://www.helpmundo.de https://www.helpdirect.org https://static.elfsight.com https://core.service.elfsight.com https://universe-static.elfsightcdn.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' https://www.google.com https://dgap.org https://player.podigee-cdn.net https://audio.podigee-cdn.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com unpkg.com; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://sign.dgap.dev; report-uri https://ip-quarterly.com/en/system/reporting/default; report-to default 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com www.vinhosevinhos.com *.bootstrapcdn.com *.smarthint.co *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com www.vinhosevinhos.com *.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.yapay.com.br/ *.cloudfront.net/; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cademeupedido.com.br https://vinhosevinhos.cademeupedido.com.br *.twitter.com *.addthis.com *.doubleclick.net *.google.com https://www.google.com/* *.yapay.com.br/ *.cloudfront.net/ *.pagaleve.io *.pagaleve.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magesolution.com *.vinhosevinhos.com *.google.com *.google.com.br *.magesolution.com/* www.vinhosevinhos.com *.facebook.com *.ebit.com.br *.googletagmanager.com *.dnzdns.com *.ebitempresa.com.br *.doubleclick.net *.akamaihd.net *.siteblindado.com *.dinamize.com *.cloudfront.net/ *.yapay.com.br/ *.vindi.com.br/ https://firebasestorage.googleapis.com *.pagaleve.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.vimeo.com *.youtube.com *.addthis.com *.paypal.com *.paypalobjects.com *.addthisedge.com *.moatads.com *.facebook.com *.googletagmanager.com *.doubleclick.net *.dinamize.com *.facebook.net *.google.com *.ebit.com.br *.siteblindado.com *.google.com.br www.vinhosevinhos.com https://static.cloudflareinsights.com *.smarthint.co *.yapay.com.br/ *.vindi.com.br/ *.avada.io *.shopify.com http://viacep.com.br *.pagaleve.com.br assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.vinhosevinhos.com *.bootstrapcdn.com *.ebit.com.br *.googletagmanager.com *.smarthint.co https://fonts.bunny.net unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src *.cloudfront.net/ *.yapay.com.br/ *.vindi.com.br/ 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.addthis.com *.google-analytics.com *.doubleclick.net www.vinhosevinhos.com *.facebook.com *.ebit.com.br *.googletagmanager.com *.azurewebsites.net *.siteblindado.com *.dinamize.com *.analytics.google.com https://analytics.google.com *.smarthint.co *.cloudfront.net/ *.yapay.com.br/ *.vindi.com.br/ https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ *.dinamize.com *.siteblindado.com *.ebit.com.br https://oauth.bb.com.br/oauth/token https://cobranca.bb.com.br:7101/registrarBoleto https://oauth.hm.bb.com.br/oauth/token https://cobranca.homologa.bb.com.br:7101/registrarBoleto 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.vinhosevinhos.com/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' https://www.jotform.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js https://cdn.syndication.twimg.com/timeline/profile https://platform.twitter.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://form.jotform.com/82825417101147; style-src 'unsafe-inline' https://www.aaea.org https://ajax.googleapis.com https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com; img-src 'self' https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' https://www.aaea.org; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://interprojekt.pl https://use.typekit.net https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://seo.mageplaza.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors pay.google.com 'self'; frame-src bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.googletagmanager.com *.google.com/ apm.przelewy24.pl https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://pos.baidu.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com https://i.vimeocdn.com https://www.paypal.com https://p.typekit.net https://*.gstatic.com https://*.openstreetmap.org https://*.inpost.pl https://*.easypack24.net https://static.przelewy24.pl https://*.behance.net https://*.ftcdn.net https://validator.swagger.io https://*.google.pl magefan.com cm.magefan.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.doubleclick.net *.googletagmanager.com https://www.magezon.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.hotjar.com https://script.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.paypal.com https://static.przelewy24.pl *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.it *.google.fr *.gstatic.com *.googletagmanager.com *.doubleclick.net *.google.com/ sandbox.przelewy24.pl secure.przelewy24.pl apm.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com assets.braintreegateway.com https://interprojekt.pl https://use.typekit.net *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://region1.google-analytics.com https://api.example.com https://vc.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net https://www.paypal.com https://secure.przelewy24.pl *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://www.merchant-center-analytics.goog sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl www.google.com pay.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org cdn.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://api.systempay.fr/static/ maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ *.typeform.com api.systempay.fr sso.sbx.edenred.io/ sso.eu.edenred.io/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ https://www.lf.fr api.systempay.fr www.google.fr *.googleapis.com maps.gstatic.com *.ggpht.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.typeform.com api.systempay.fr *.googleapis.com *.ggpht.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://api.systempay.fr/static/ maxcdn.bootstrapcdn.com api.systempay.fr *.googleapis.com *.ggpht.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ maps.googleapis.com stats.g.doubleclick.net *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src portal.bulkgate.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com portal.bulkgate.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com portal.bulkgate.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com portal.bulkgate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com portal.bulkgate.com *.gstatic.com s7.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline portal.bulkgate.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com portal.bulkgate.com *.gstatic.com ekr.zdassets.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors fatmoose.cz fatmoose.nl www.gstatic.com 'self'; form-action www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; font-src fatmoose.co.uk fatmoose.nl www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; style-src widgets.xsellco.com static.spotlersearch.com fatmoose.co.uk fatmoose.nl fatmoose.de js.neoday.com *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com maxcdn.bootstrapcdn.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; frame-src tw.fatmoose.be tw.fatmoose.de tw.fatmoose.se www.googletagmanager.com tw.fatmoose.nl tw.fatmoose.fr tw.fatmoose.co.uk tw.fatmoose.at tw.fatmoose.it tw.fatmoose.pl tw.fatmoose.dk tw.fatmoose.es tw.fatmoose.ie tw.fatmoose.ch tw.fatmoose.cz ct.pinterest.com www.edesk.com www.paypalobjects.com twr.fatmoose.fr twr.fatmoose.be twr.fatmoose.ch twr.fatmoose.co.uk twr.fatmoose.cz twr.fatmoose.dk twr.fatmoose.es twr.fatmoose.ie twr.fatmoose.it twr.fatmoose.de twr.fatmoose.at twr.fatmoose.se twr.fatmoose.nl twr.fatmoose.pl fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com js.mollie.com 'self' 'unsafe-inline'; img-src dashboard.edesk.com www.google.be px.ads.linkedin.com t.squeezely.tech googleads.g.doubleclick.net bat.bing.com xsellco-blobstore.s3.amazonaws.com c.delivery.consentmanager.net tw.fatmoose.de static.spotlersearch.com tw.fatmoose.fr www.google.de tw.fatmoose.be static.sooqr.com cdn.consentmanager.net www.google.cz tw.fatmoose.cz tw.fatmoose.co.uk www.google.co.uk cdn.flbx.io tw.fatmoose.it www.google.it www.google.se tw.fatmoose.se www.google.nl tw.fatmoose.nl www.google.fr fatmoose.es fatmoose.it www.google.at fatmoose.at fatmoose.be fatmoose.co.uk tw.fatmoose.at fatmoose.pl fatmoose.ch fatmoose.se www.google.pl tw.fatmoose.pl fatmoose.cz fatmoose.de tw.fatmoose.dk www.google.dk prod-m2.fatmoose.pt www.google.es tw.fatmoose.es prod-m2.fatmoose.sk tw.fatmoose.ie www.google.ie cdn.honey.io www.google.com.ph tw.fatmoose.ch www.google.ch fatmoose.dk fatmoose.fr fatmoose.ie stats.g.doubleclick.net dy639ytn88nua.cloudfront.net widgets.xsellco.com joko-mobile-app-media.s3.eu-west-1.amazonaws.com scontent-lhr6-1.xx.fbcdn.net www.google.gr www.google.lu region1.google-analytics.com scontent-fra5-2.xx.fbcdn.net www.google.no www.google.com.tr www.google.sk www.google.com.do www.google.com.cy www.facebook.com widgets.trustedshops.com www.googletagmanager.com www.google.sr www.google.pt www.google.cl www.google.tn www.google.com.co ade.googlesyndication.com www.google.com.qa www.google.ro www.google.co.in bat.bing.net www.google.com.mt www.google.fi www.google.com.lb www.google.co.ma www.google.hr www.google.ae lh3.googleusercontent.com www.google.com.ua www.google.com.sa www.google.is www.google.com.ar www.google.ba www.google.co.za www.google.al www.google.co.nz www.google.co.ke lh3.google.com www.google.com.pk www.coupert.com www.google.ad www.google.im cdn.weward.app www.google.com.tw www.google.hu www.google.lt www.google.si www.google.dz www.google.cg www.google.gg www.google.tg www.google.sn www.google.cd www.google.az www.google.je www.google.mu www.google.rs www.google.com www.google.com.vn www.google.com.mx www.google.sc fatmoose.nl www.google.co.th www.google.com.bh www.google.com.np www.google.sm www.google.com.gi www.google.com.br www.google.com.eg twr.fatmoose.fr twr.fatmoose.be twr.fatmoose.ch twr.fatmoose.co.uk twr.fatmoose.cz twr.fatmoose.dk twr.fatmoose.es twr.fatmoose.ie twr.fatmoose.it twr.fatmoose.de twr.fatmoose.at twr.fatmoose.se twr.fatmoose.nl twr.fatmoose.pl data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com bid.g.doubleclick.net *.analytics.google.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.googleapis.com https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com magefan.com cm.magefan.com https://www.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com data: 'self' 'unsafe-inline'; connect-src tw.fatmoose.de tw.fatmoose.be bat.bing.com widgets.xsellco.com tr.kickbite.io px.ads.linkedin.com tw.fatmoose.fr tw.fatmoose.nl tw.fatmoose.it tw.fatmoose.cz tw.fatmoose.co.uk gateway.getflowbox.com a.getflowbox.com tw.fatmoose.se tw.fatmoose.at tw.fatmoose.pl ad.doubleclick.net tracking.s24.com tw.fatmoose.ch tw.fatmoose.dk tw.fatmoose.es tw.fatmoose.ie experience.getflowbox.com socketio.xsellco.com stats.g.doubleclick.net fatmoose.at fatmoose.ch fatmoose.co.uk googleads.g.doubleclick.net connect.getflowbox.com static.spotlersearch.com log.ablyft.com www.google.de fatmoose.de fatmoose.se www.google.com fatmoose.be fatmoose.cz fatmoose.ie fatmoose.pl fatmoose.fr fatmoose.dk fatmoose.es fatmoose.it fatmoose.nl twr.fatmoose.be twr.fatmoose.fr twr.fatmoose.ch twr.fatmoose.co.uk twr.fatmoose.cz twr.fatmoose.dk twr.fatmoose.es twr.fatmoose.ie twr.fatmoose.it twr.fatmoose.de twr.fatmoose.at twr.fatmoose.se twr.fatmoose.nl twr.fatmoose.pl cdn.consentmanager.net dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com analytics.google.com 'self' 'unsafe-inline'; script-src c.delivery.consentmanager.net cdn.consentmanager.net static.spotlersearch.com widgets.xsellco.com tw.fatmoose.nl bat.bing.com connect.getflowbox.com cdn.ablyft.com spotlersearchanalytics.com static.cloudflareinsights.com squeezely.tech tr.kickbite.io dynamic.spotlersearch.com snap.licdn.com tracking.s24.com widgets.trustedshops.com fatmoose.co.uk connect.facebook.net js.mollie.com fatmoose.fr fatmoose.nl tw.fatmoose.be fatmoose.de www.paypal.com twr.fatmoose.dk tw.fatmoose.dk twr.fatmoose.be twr.fatmoose.ch twr.fatmoose.fr twr.fatmoose.co.uk twr.fatmoose.it tw.fatmoose.fr twr.fatmoose.ie twr.fatmoose.es twr.fatmoose.cz twr.fatmoose.de twr.fatmoose.at twr.fatmoose.nl twr.fatmoose.pl twr.fatmoose.se assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://maps.googleapis.com https://player.vimeo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 1
default-src 'self' ;          base-uri 'self' ;          object-src 'none' ;          script-src 'self' 'unsafe-eval' 'nonce-CWlEVC3YxBw/hlnCU/KzFg==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.cdn.pagesense.io *.youtube.com *.seatsio.net;          connect-src 'self' *.googleapis.com *.google-analytics.com *.nimbuspop.com ws: data: ;          font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data:  ;          style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com;          frame-src 'self' * ;          img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: blob: *.nimbuspop.com *.zohopublic.com 1
object-src 'none';base-uri 'self';script-src 'nonce-HeZEl-WLWhSRj3P4pQcjCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.bunny.net *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com https://dashboard.webwinkelkeur.nlfonts/webandbrand.woff data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.addthis.com js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com www.facebook.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: ts.tradetracker.net www.magmodules.eu https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://browser.sentry-cdn.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io *.shopify.com connect.facebook.net js.mollie.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com tm.tradetracker.net https://widgets.trustedshops.com https://integrations.etrusted.com https://dashboard.webwinkelkeur.nl/sidebar.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp.withgoogle.com/csp/youtube_main/strict;base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-UKhfMnDjz-1af1kNVb_smA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
img-src 'self' data: https://www.googletagmanager.com  https://teamease.app  https://assets.elementor.com  https://lh3.googleusercontent.com  https://storage.googleapis.com  https://teamease.eu  https://really-simple-ssl.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.iubenda.com  https://www.googletagmanager.com  https://cs.iubenda.com  https://cdnjs.cloudflare.com  https://www.iubenda.com  data:  https://www.gstatic.com  blob:  https://www.google.com  https://beacon-v2.helpscout.net  https://teamease.eu  https://cdn.jsdelivr.net  https://connect.facebook.net  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://cdn.iubenda.com  https://www.googletagmanager.com  https://cs.iubenda.com  https://cdnjs.cloudflare.com  https://www.iubenda.com  data:  https://www.gstatic.com  blob:  https://www.google.com  https://beacon-v2.helpscout.net  https://teamease.eu  https://cdn.jsdelivr.net  https://connect.facebook.net ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://www.iubenda.com  https://www.gstatic.com  https://teamease.eu ; style-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://fonts.googleapis.com  https://www.iubenda.com  https://www.gstatic.com  https://teamease.eu ; font-src 'self' https://use.fontawesome.com  https://teamease.app  https://fonts.gstatic.com  https://teamease.eu  data:; frame-src 'self' https://cdn.iubenda.com  https://www.iubenda.com  https://www.google.com  https://www.youtube.com  https://kanerika.com  https://www.sugarandsoul.co  blob:; connect-src 'self' https://yoast.com  https://idb.iubenda.com  https://region1.google-analytics.com  https://cpl.iubenda.com  https://www.google-analytics.com  https://d3hb14vkzrxvla.cloudfront.net  https://www.google.com  https://teamease.eu;  media-src 'self' https://teamease.app  https://teamease.eu;  worker-src 'self' blob:;  report-uri https://teamease.eu/wp-json/really-simple-security/v1/csp?rsssl_apitoken=295984221; 1
object-src 'none';base-uri 'self';script-src 'nonce-dIeLGdGhNKVdyErG7Z701Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_BPOYBFZq4jX2DPjkPSxTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aOOn85q9Ua8reBQ11iYmKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipalstaging.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipalstaging.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ https://pay.google.com/ https://*.paysafe.com https://api.test.paysafe.com https://applepay.cdn-apple.com/ https://www.datadoghq-browser-agent.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com https://fonts.googleapis.com/css; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipalstaging.cloud wss://*.pcipalstaging.cloud https://*.pcipalstaging.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/ https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://www.google.com/recaptcha/ https://*.paysafe.com https://api.test.paysafe.com https://browser-intake-datadoghq.eu/; font-src * data:; object-src 'none'; 1
default-src 'self'; script-src 'self' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.openstreetmap.org https://www.loewen.de https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.youtube.com https://medien.loewen.de https://medien.loewen-kundenportal.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://vimeo.com; connect-src 'self' data: https://*.openstreetmap.org https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'sha256-kmB83Qlmak1+ekHFk+S5GfHhbvJrD6n2YITJgFDEWWQ=' https://maps.google.com https://maps.googleapis.com 'report-sample'; media-src 'self' https://medien.loewen.de https://medien.loewen-kundenportal.de; report-uri https://www.loewen.de/@http-reporting?csp=report&requestTime=1773713826053464&requestHash=b94951cab5ae20fc4772edc490493a739117670d 1
object-src 'none';base-uri 'self';script-src 'nonce-gwYnvDMu8bJY1QM5E9xfcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src *;connect-src *;form-action *;frame-ancestors *;worker-src *;style-src-elem * https://optimistontour.nl 'unsafe-inline' https://www.watersportverbond.nl https://watersportverbond.nl https://www.teamallianz.nl https://teamallianz.nl https://maritbouwmeesteracademy.nl https://www.allianzkanosprint.nl https://allianzkanosprint.nl https://www.zeilervanhetjaar.nl https://zeilervanhetjaar.nl https://cleanupontour.nl https://www.cleanupontour.nl  https://www.optimistontour.nl https://fonts.googleapis.com https://cdn.jsdelivr.net;media-src *;manifest-src *;frame-src *;font-src * data: https://fonts.gstatic.com;img-src * data:;;style-src-attr https://optimistontour.nl 'unsafe-inline' https://www.watersportverbond.nl https://watersportverbond.nl https://www.teamallianz.nl https://teamallianz.nl https://maritbouwmeesteracademy.nl https://www.allianzkanosprint.nl https://allianzkanosprint.nl https://www.zeilervanhetjaar.nl https://zeilervanhetjaar.nl https://cleanupontour.nl https://www.cleanupontour.nl  https://www.optimistontour.nl https://fonts.googleapis.com https://cdn.jsdelivr.net;style-src https://optimistontour.nl 'unsafe-inline' https://www.watersportverbond.nl https://watersportverbond.nl https://www.teamallianz.nl https://teamallianz.nl https://maritbouwmeesteracademy.nl https://www.allianzkanosprint.nl https://allianzkanosprint.nl https://www.zeilervanhetjaar.nl https://zeilervanhetjaar.nl https://cleanupontour.nl https://www.cleanupontour.nl  https://www.optimistontour.nl https://fonts.googleapis.com https://cdn.jsdelivr.net;default-src https://optimistontour.nl 'unsafe-inline' https://www.watersportverbond.nl https://watersportverbond.nl https://www.teamallianz.nl https://teamallianz.nl https://maritbouwmeesteracademy.nl https://www.allianzkanosprint.nl https://allianzkanosprint.nl https://www.zeilervanhetjaar.nl https://zeilervanhetjaar.nl https://cleanupontour.nl https://www.cleanupontour.nl  https://www.optimistontour.nl https://fonts.googleapis.com https://cdn.jsdelivr.net;base-uri 'none';script-src 'self' https://code.jquery.com https://ajax.aspnetcdn.com https://www.googletagmanager.com https://localhost:5173 https://static.hotjar.com https://connect.facebook.net https://cdn.jsdelivr.net https://script.hotjar.com 'nonce-evsn4LkFRJhXI/e8RuvDpv79' 1
object-src 'none';base-uri 'self';script-src 'nonce-lfoT1EwMysylQGVuoSNV_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.gstatic.com *.opayo.eu.elavon.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com account.fetchify.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com *.opayo.eu.elavon.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.opayo.eu.elavon.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vqvEJkyylGbrqF_aCJRtbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://*.googleapis.com     https://*.googletagmanager.com     https://*.google-analytics.com     https://*.broadstreetads.com     https://*.licdn.com     https://*.quantserve.com     https://*.facebook.net     https://*.fullstory.com     https://*.google.com     https://*.wp.com     https://*.onesignal.com     https://*.cloudflare.com     https://*.s3.amazonaws.com     https://kit.fontawesome.com     https://js-agent.newrelic.com;  style-src 'self' 'unsafe-inline'     https://*.googleapis.com     https://*.typekit.net     https://*.broadstreetads.com     https://*.s3.amazonaws.com     https://*.wp.com     https://*.google.com     https://onesignal.com     https://*.cloudflare.com;  img-src 'self' data:     https://*.gravatar.com     https://*.wp.com     https://*.ads.linkedin.com     https://*.facebook.com     https://*.google.com     https://*.quantserve.com     https://*.broadstreetads.com     https://*.google-analytics.com     http://myrye.com;  font-src 'self' data:     https://*.gstatic.com     https://*.typekit.net     https://*.s3.amazonaws.com     https://*.cloudflare.com     https://*.wp.com     https://*.fontawesome.com     https://cdn.broadstreetads.com;  frame-src 'self'     https://*.google.com     https://*.cloudflare.com     https://*.doubleclick.net     https://widgets.wp.com     https://wordpress.com;  media-src 'self'     https://*.googleapis.com;  connect-src 'self'     https://*.google-analytics.com     https://*.fullstory.com     https://*.ads.linkedin.com     https://ka-p.fontawesome.com     https://ad.broadstreetads.com;  worker-src 'self' blob:     https://*.googleapis.com     https://*.googletagmanager.com     https://*.google-analytics.com     https://*.broadstreetads.com     https://*.licdn.com     https://*.quantserve.com     https://*.facebook.net     https://*.fullstory.com     https://*.google.com     https://*.wp.com     https://*.onesignal.com     https://*.cloudflare.com     https://*.s3.amazonaws.com;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     https://*.googleapis.com     https://*.googletagmanager.com     https://*.google-analytics.com     https://*.broadstreetads.com     https://*.licdn.com     https://*.quantserve.com     https://*.facebook.net     https://*.fullstory.com     https://*.google.com     https://*.wp.com     https://*.onesignal.com     https://*.cloudflare.com     https://*.s3.amazonaws.com     https://*.doubleclick.net     https://*.quantcount.com     https://*.cloudflareinsights.com     https://kit.fontawesome.com     https://js-agent.newrelic.com     https://onesignal.com/api     https://onesignal.com; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.authorize.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com store.paradoxlabs.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com *.authorize.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ *.google-analytics.com *.google.com https://maps.googleapis.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com self unsafe-inline data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com self *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com ecomm.sella.it *.doubleclick.net *.google-analytics.com *.googletagmanager.com www.paypalobjects.com bid.g.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://banners.helloretailcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com * ecomm.sella.it *.google.it *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.trustpilot.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.fontawesome.com *.googleapis.com *.gstatic.com * *.trustpilot.com ecomm.sella.it *.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.trustpilot.com cdnjs.cloudflare.com self unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://core.helloretail.com https://helloretailcdn.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ecomm.sella.it *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.trustpilot.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-ps823K-vvfiUZBAMYqYAng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src * data: blob:; style-src * 'unsafe-inline' blob: https://fonts.bunny.net; font-src 'self' data: https://fonts.bunny.net https://fonts.gstatic.com https://cuatro.sim-cdn.nl https://cuatro.sim-cdn-acceptatie.nl https://cuatro.sim-cdn-test.nl; script-src 'nonce-NGU3MzhkNzQtYzE3ZC00YTA4LWJkNmMtNWI4OTljZjZlZDRi' 'strict-dynamic' 'report-sample'; connect-src *; form-action 'self'; media-src https://*.readspeaker.com https://*.streamlock.net https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com https://scribit-pro.storage.googleapis.com https://app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self' https://*.polly.help; worker-src * 'unsafe-inline' blob:; report-uri /api/csp-report 1
img-src https://higherlogicdownload.s3.amazonaws.com/SRAINTERNATIONAL/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SRAINTERNATIONAL/ https://img.youtube.com/vi/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/SRAINTERNATIONAL/ blob: https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://static.filestackapi.com/picker/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogicdownload.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogiclongterm.s3.amazonaws.com/SRAINTERNATIONAL/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SRAINTERNATIONAL/ 'self' https://higherlogiclongterm.s3.amazonaws.com/SRAINTERNATIONAL/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; script-src-elem https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com/picker/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://www.gstatic.com/recaptcha/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; media-src https://higherlogiclongterm.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogicdownload.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogicstream.s3.amazonaws.com/SRAINTERNATIONAL/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/SRAINTERNATIONAL/ https://higherlogicdownload.s3.amazonaws.com/SRAINTERNATIONAL/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SRAINTERNATIONAL/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; connect-src https://upload.filestackapi.com https://static.filestackapi.com https://cloud.filestackapi.com/folder/list/ 'self' https://hl-managedservices.informz.net https://d3uf7shreuzboy.cloudfront.net/ blob:; worker-src 'self'; default-src 'self'; base-uri 'self'; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9e-vOOlH0NFE3W7M5FRlYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' wss:;connect-src 'self' wss: https://api.whizeo.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://chat.whizeo.com/ https://apikeys.civiccomputing.com/ https://analytics.google.com/ https://www.google.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://l.sharethis.com/ ;font-src 'self' https: data: https://fonts.gstatic.com/;frame-src 'self' https: data:;img-src 'self' https: data: blob:;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://services.whizeo.com/ https://cdn.whizeo.com/ https://data.whizeo.com/ https://bat.bing.com/ https://cc.cdn.civiccomputing.com/ https://cdnjs.cloudflare.com/ https://googleads.g.doubleclick.net/ https://rawcdn.githack.com/ https://www.googletagmanager.com/ https://secure.leadforensics.com/ https://snap.licdn.com/ https://buttons-config.sharethis.com/ https://platform-api.sharethis.com/ https://embed-cdn.spotifycdn.com/ https://open.spotify.com/ https://www.youtube.com/;style-src 'self' 'unsafe-inline' https: data: https://fonts.googleapis.com/; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cookiebot.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.cookiebot.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cc-cdn.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.cookiebot.com *.typekit.net *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com www.googleapis.com *.cookiebot.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data.utp-kabel.nl *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action data.utp-kabel.nl *.facebook.com 'self' 'unsafe-inline'; frame-ancestors data.utp-kabel.nl *.multisafepay.com https://pay.google.com 'self'; frame-src data.utp-kabel.nl bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com *.apps.ladesk.com *.hubspot.com *.pinterest.com speelplezier.ladesk.com *.bing.net *.bing.com 'self' 'unsafe-inline'; img-src data.utp-kabel.nl widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.multisafepay.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.bing.com *.bing.net *.cloudimg.io *.contentsquare.net *.etrusted.com *.google-analytics.com *.googlesyndication.com *.googleusercontent.com *.hsforms.com *.hubspot.com *.imgix.net *.linkedin.com *.premiere.page *.trustedshops.com www.google.be www.google.de www.google.nl flagpedia.net data: 'self' 'unsafe-inline'; script-src data.utp-kabel.nl googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.multisafepay.com https://pay.google.com *.hs-analytics.net *.usemessages.com *.hs-scripts.com *.bing.net *.beslist.nl *.bing.com *.cloudflare.com *.contentsquare.net *.etrusted.com *.getqonfi.com *.google-analytics.com *.googlesyndication.com *.hotjar.com *.hs-banner.com *.hscollectedforms.net *.licdn.com *.pinimg.com *.pinterest.com *.premiere.page *.tiktok.com *.trustedshops.com *.webwinkelkeur.nl *.ladesk.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.gstatic.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src data.utp-kabel.nl *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.multisafepay.com *.etrusted.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src data.utp-kabel.nl 'self' 'unsafe-inline'; media-src data.utp-kabel.nl 'self' 'unsafe-inline'; manifest-src data.utp-kabel.nl 'self' 'unsafe-inline'; connect-src data.utp-kabel.nl www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com *.beslist.nl *.bing.com *.bing.net *.contentsquare.net *.doubleclick.net *.etrusted.com *.getqonfi.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hubspot.com *.linkedin.com *.pinterest.com *.premiere.page *.tiktok.com *.trustedshops.com www.google.be www.google.nl https://*.ingest.sentry.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src data.utp-kabel.nl http: https: blob: 'self' 'unsafe-inline'; default-src data.utp-kabel.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri data.utp-kabel.nl 'self' 'unsafe-inline'; report-uri https://394bd828-e8ee-4169-91b3-7b587c6eb99c.sansec.watch/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https: filesystem: https://*.googletagmanager.com https://unpkg.com https://static.addtoany.com 'sha256-gFcdOHegy0YKPS19uWoGjqElLi63Yof987gOXWZ8zLo=' 'sha256-6OvoMuEehl5lMoLt1M423sjF8jkUJVVmnYiI/GkDEsA=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-n+tHfMxuRGvnG0BQrRbz9yKiayUtNJ1c0tDdceZlE2Y=' 'sha256-5vPIU5OJBuEuneT8BrS3QFFal4pPLRovoGBfDoIos3U=' 'sha256-8vcv/HA/ZUKSmu6Em8ckWEMQGT43DEfRFWxN+2LFBpA=' 'sha256-iBm7Y5wnqtZkLHD5mqIAIKXxEswOdMeSLFWO1lM+Xcw=' 'sha256-M1WfpjZDDmpD3ULz+6R0TEjEFA9RNObU5+wVXCW27mQ=' 'sha256-yUXrkvbo8KKgAjKQsgseJ6Fchh4UlWKfAZn/rSjxB4k=' 'sha256-Gk0CLQ8tARQRz15yPFsP8Ut2x2hsFxU5uejr8AYuSFs=' 'sha256-UdSO5qm7FySihyfS7eXuZQDsTJNZtI/Wum51uvuzP0A=' 'sha256-/sv7hNQR0RpoTLX45JQoO05bVYXbdfPEIt24KFJhoPM=' 'nonce-f3a7f25185'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: filesystem:; font-src 'self' data:; frame-ancestors 'self' filesystem: *.jacksonphysiciansearch.com; frame-src 'self' filesystem: *.jacksonphysiciansearch.com player.vimeo.com www.googletagmanager.com static.addtoany.com 1
img-src 'self' data: https://www.facebook.com  https://www.googletagmanager.com  https://cleverhub.co.uk  https://connect.facebook.net  https://i.ytimg.com  https://maps.gstatic.com  https://maps.googleapis.com  blob:  https://translate.google.com  https://fonts.gstatic.com  https://cdn.honey.io  https://www.solihull.ac.uk  https://lm.facebook.com  https://d15k2d11r6t6rl.cloudfront.net  https://yt3.ggpht.com  https://my.productfruits.com  https://api.phia.com  https://l.facebook.com  https://rp.liadm.com  https://m.youtube.com  https://cdn-public.borlabs.io  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com  https://www.google.com  https://maps.googleapis.com  https://www.gstatic.com  https://static.hotjar.com  https://connect.facebook.net  https://secure.companyperceptive-365.com  https://script.hotjar.com  https://www.tiktok.com  https://a.usbrowserspeed.com  https://www.youtube.com  http://connect.facebook.net  https://pcls1.craftyclicks.co.uk  https://www.solihull.ac.uk  https://infird.com  https://secured-pixel.com  https://lf16-tiktok-web.tiktokcdn-us.com  https://js-cdn.dynatrace.com  blob:  https://sf16-website-login.neutral.ttwstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ajax.googleapis.com  https://code.jquery.com  https://me.kis.v2.scr.kaspersky-labs.com  https://dhfs.heytapimage.com  https://api.wire.threatspike.com  https://beacon-v2.helpscout.net  https://cdn.segment.com  https://apis.google.com  http://www.gstatic.com  https://tag.demandbase.com  https://ipf-pub-callback.azurewebsites.net  https://lottingem.com  https://bat.bing.com  https://me.kes.v2.scr.kaspersky-labs.com  https://tochka.com  https://msclairty.com  https://sc-static.net  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com  https://www.google.com  https://maps.googleapis.com  https://www.gstatic.com  https://static.hotjar.com  https://connect.facebook.net  https://secure.companyperceptive-365.com  https://script.hotjar.com  https://www.tiktok.com  https://a.usbrowserspeed.com  https://www.youtube.com  http://connect.facebook.net  https://pcls1.craftyclicks.co.uk  https://www.solihull.ac.uk  https://infird.com  https://secured-pixel.com  https://lf16-tiktok-web.tiktokcdn-us.com  https://js-cdn.dynatrace.com  blob:  https://sf16-website-login.neutral.ttwstatic.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ajax.googleapis.com  https://code.jquery.com  https://me.kis.v2.scr.kaspersky-labs.com  https://dhfs.heytapimage.com  https://api.wire.threatspike.com  https://beacon-v2.helpscout.net  https://cdn.segment.com  https://apis.google.com  http://www.gstatic.com  https://tag.demandbase.com  https://ipf-pub-callback.azurewebsites.net  https://lottingem.com  https://bat.bing.com  https://me.kes.v2.scr.kaspersky-labs.com  https://tochka.com  https://msclairty.com  https://sc-static.net ; style-src 'self' 'unsafe-inline' https://use.typekit.net  https://fonts.googleapis.com  https://p.typekit.net  https://www.gstatic.com  https://cdn.jsdelivr.net  https://cdn.honey.io  https://www.solihull.ac.uk  https://sf16-website-login.neutral.ttwstatic.com  https://adblockers.opera-mini.net  https://lf16-tiktok-web.tiktokcdn-us.com  https://www.googletagmanager.com  https://me.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net  https://fonts.googleapis.com  https://p.typekit.net  https://www.gstatic.com  https://cdn.jsdelivr.net  https://cdn.honey.io  https://www.solihull.ac.uk  https://sf16-website-login.neutral.ttwstatic.com  https://adblockers.opera-mini.net  https://lf16-tiktok-web.tiktokcdn-us.com  https://www.googletagmanager.com  https://me.kis.v2.scr.kaspersky-labs.com ; font-src 'self' https://use.typekit.net  https://fonts.gstatic.com  https://cdn.jsdelivr.net  https://script.hotjar.com  https://www.solihull.ac.uk  https://r2cdn.perplexity.ai  https://cdn.scite.ai  moz-extension  ms-browser-extension  https://static.shopback.com  https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com  chrome-extension://04C79156-91C9-483C-A89A-A64B5791ADEC/fonts/Inter-Variable.ttf  chrome-extension://04C79156-91C9-483C-A89A-A64B5791ADEC/fonts/Recoleta-Variable.otf  chrome-extension://04C79156-91C9-483C-A89A-A64B5791ADEC/fonts/SFProText-Variable.otf  chrome-extension://06EC60B3-AE39-4B82-9131-067EC7DE9688/fonts/Inter-Variable.ttf  chrome-extension://06EC60B3-AE39-4B82-9131-067EC7DE9688/fonts/SFProText-Variable.otf  chrome-extension://06EC60B3-AE39-4B82-9131-067EC7DE9688/fonts/Recoleta-Variable.otf  chrome-extension://A7A69E33-9B87-4873-9A92-BE106D909C7E/fonts/Recoleta-Variable.otf  chrome-extension://A7A69E33-9B87-4873-9A92-BE106D909C7E/fonts/Inter-Variable.ttf  chrome-extension://0EA4AE25-4184-4939-928B-115E2A68919A/fonts/Inter-Variable.ttf  chrome-extension://0EA4AE25-4184-4939-928B-115E2A68919A/fonts/SFProText-Variable.otf  chrome-extension://0EA4AE25-4184-4939-928B-115E2A68919A/fonts/Recoleta-Variable.otf  chrome-extension://781F0B9B-717B-4986-8DA4-1C8DE1AB7ED9/fonts/Inter-Variable.ttf  chrome-extension://8E0E7433-A185-4553-B7DA-42344E5E6EEE/fonts/Inter-Variable.ttf  https://www.slant.co  https://s3.amazonaws.com  https://assets.alicdn.com  https://migaku-public-data.migaku.com  data:; frame-src 'self' https://www.google.com  https://www.youtube.com  https://www.googletagmanager.com  https://discoveruni.gov.uk  https://widget.discoveruni.gov.uk  https://www.facebook.com  https://live.tourdash.com  https://www.artsteps.com  https://player.vimeo.com  https://www.tiktok.com  https://myaccount.google.com  https://m.stripe.network  https://accounts.google.com  https://localhost  null  http://fp.sn.ifl.net  http://denied.schoolsbroadband.net  https://8rm60044.ibosscloud.com  https://access.workspace.google.com  https://gateway.zscalertwo.net  https://cn428784-7rm60049.ibosscloud.com  https://uk-www.securly.com  https://858312e5cf7a2fa268a2236f24ef6882sync.pacrpc.uk.v1api.securly.com  https://gateway.zscloud.net  https://dp1wavenetcloud.netsweeper.com  https://dpukcloud8.netsweeper.com  https://webauth.broadband4.co.uk  https://nc3-nsmgmt-0.coconnect.co.uk  https://support.google.com  blob:; connect-src 'self' https://region1.google-analytics.com  https://www.facebook.com  https://metrics.hotjar.io  https://maps.googleapis.com  https://idx.liadm.com  https://api.lmiforall.org.uk  https://www.google-analytics.com  https://www.google.com  https://vc.hotjar.io  https://content.hotjar.io  wss://ws.hotjar.com  https://www.googletagmanager.com  https://yoast.com  https://defaultb32e91775ce14546be875dd009ddf1.05.environment.api.powerplatform.com  https://surveystats.hotjar.io  https://pcls1.craftyclicks.co.uk  https://in.hotjar.com  properties  wss://127.0.0.1  https://translate.googleapis.com  https://api.brs.intl.miui.com  https://www.tiktok.com  https://nip.sinaydove.com  https://tip.sinaydove.com  https://overbridgenet.com  https://gjtrack.ucweb.com  https://ask.hotjar.io  data:  https://api.video-adblock.com  https://localhost  https://www.solihull.ac.uk  https://polyfilljs.org  https://get663.com  https://api.onsleek.ai  wss://localhost  http://localhost  https://d3hb14vkzrxvla.cloudfront.net  https://translate-pa.googleapis.com  https://local.adblock360.com  https://use.typekit.net  https://p.typekit.net  https://api.company-target.com  https://segments.company-target.com  https://sevendata.fun  https://singleview.site  https://secdomcheck.online  https://my.productfruits.com  https://api.blocksly.org  https://beaconapi.helpscout.net  https://plugin.ucads.ucweb.com  https://safesearchinc.com  https://secure.companyperceptive-365.com  https://msclairty.com  https://a.usbrowserspeed.com;  media-src 'self' https://ssl.gstatic.com  data:  https://fonts.ninja;  report-uri https://www.solihull.ac.uk/wp-json/rsssl/v1/csp?rsssl_apitoken=58363683; 1
object-src 'none';base-uri 'self';script-src 'nonce-Cx4J35j4jMoBI7rYcC-npw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-H4pJGveF2ODB6l2j-c_xTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-FbPW_gfaGCjCszZqbwWdkw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com www.paypalobjects.com fontawesome.com *.fontawesome.com klaviyo.com *.klaviyo.com *.cloudflare.com *.nieucabinetdoors.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.splitit.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com calendly.com *.calendly.com bluesnap.com *.bluesnap.com kaptcha.com *.kaptcha.com klaviyo.com *.klaviyo.com *.nieucabinetdoors.com flex-form.sandbox.splitit.com flex-form.splitit.com *.splitit.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.sentry.io *.gstatic.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net magefan.com cm.magefan.com *.zdassets.com blob: *.zendesk.com klaviyo.com *.klaviyo.com magecomp.com *.magecomp.com *.cloudfront.net bing.com *.bing.com *.bat.bing.com *.google.co.in *.nieucabinetdoors.com *.stats.g.doubleclick.net *.google.com google.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.splitit.com *.amazonaws.com www.google.com.ua https://moonshine.nieucabinetdoors.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page 'self' *.googleapis.com *.gstatic.com *.google.co.in *.googletagmanager.com *.google-analytics.com *.paypal.com *.facebook.com connect.facebook.net *.cloudfront.net *.stripe.com *.klarna.com *.klarnacdn.net unpkg.com cdn.jsdelivr.net calendly.com *.calendly.com newrelic.com nr-data.net bluesnap.com *.bluesnap.com sandpay.bluesnap.com kaptcha.com *.kaptcha.com *.zdassets.com *.zendesk.com wss://*.zendesk.com klaviyo.com *.klaviyo.com *.hotjar.com *.zuko.io *.cardinalcommerce.com *.sentry.io https://*.embedsocial.com https://*.zdassets.com bing.com *.bing.com *.bat.bing.com https://*.orthomed.ca https://*.hotjar.com https://*.crazyegg.com https://*.zendesk.com https://*.zopim.com *.hotjar.io *.grammarly.com *.nieucabinetdoors.com trustpilot.com *.trustpilot.com pinimg.com *.pinimg.com pinterest.com *.pinterest.com splitit.com *.splitit.com flex-form.sandbox.splitit.com flex-form.splitit.com *.cloudflare.com 'unsafe-inline' sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com cas.client.cardinaltrusted.com client.cardinaltrusted.com static.cloudflareinsights.com cdnjs.cloudflare.com www.apptrian.com facebook.com www.facebook.com graph.facebook.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.disqus.com *.fontawesome.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://moonshine.nieucabinetdoors.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.google.com *.klaviyo.com *.cloudfront.net *.typekit.net *.google.co.in *.nieucabinetdoors.com *.fontawesome.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com *.cardinalcommerce.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.kaptcha.com *.sentry.io google.com *.certcapture.com https://static.klaviyo.com assets.braintreegateway.com *.splitit.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com klaviyo.com *.klaviyo.com wss://*.hotjar.com *.google.co.in *.nieucabinetdoors.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com nr-data.net kaptcha.com *.kaptcha.com *.browser-intake-datadoghq.com klaviyo.com *.klaviyo.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com *.zuko.io *.google-analytics.com *.stripe.com *.klarna.com *.klarnacdn.net *.facebook.com connect.facebook.net *.hotjar.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.zdassets.com *.google.co.in *.stats.g.doubleclick.net bing.com *.bing.com *.bat.bing.com *.dpm.demdex.net *.amcglobal.sc.omtrdc.net *.googleadservices.com *.googletagmanager.com newrelic.com *.paypalobjects.com *.cardinalcommerce.com splitit.com *.splitit.com flex-form.sandbox.splitit.com flex-form.splitit.com *.amazonaws.com *.nieucabinetdoors.com pinterest.com *.pinterest.com sandbox.bluesnap.com sandbox1.bluesnap.com sandbox2.bluesnap.com sandpay.bluesnap.com ws.bluesnap.com ws1.bluesnap.com ws2.bluesnap.com pay.bluesnap.com cas.client.cardinaltrusted.com client.cardinaltrusted.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com graph.facebook.com *.certcapture.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com logs.browser-intake-datadoghq.com https://moonshine.nieucabinetdoors.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com magefan.com cm.magefan.com *.disqus.com https://firebasestorage.googleapis.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.disqus.com *.avada.io *.shopify.com player.vimeo.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app assets.braintreegateway.com *.fontawesome.com https://fonts.bunny.net *.googleapis.com *.addtoany.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.intercomcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.savacable.com *.force.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.linkedin.com *.facebook.com *.google.com *.googletagmanager.com *.google.co.in *.intercomcdn.com *.intercomassets.com *.hsforms.com *.webtraxs.com *.hubspot.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.callrail.com *.googletagmanager.com *.licdn.com *.doubleclick.net *.pardot.com *.intercom.io *.intercomcdn.com *.savacable.com *.facebook.net *.force.com *.salesforceliveagent.com *.hsforms.net *.ahrefs.com *.webtraxs.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.force.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.callrail.com *.intercom.io *.google.com *.linkedin.com wss://*.intercom.io *.doubleclick.net *.hsforms.com *.ahrefs.com *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.bunny.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.lichtnelke.de 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors self www.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ *.klarna.com www.google.com www.gstatic.com apis.google.com *.doubleclick.net *.paypalobjects.com *.sandbox.paypal.com *.facebook.com https://tgsub.lichtnelke.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net magefan.com cm.magefan.com *.wdgtest.com *.lichtnelke.de *.doubleclick.net *.bing.com *.google.com.ua *.google.com *.usercentrics.eu *.trustedshops.com *.w3.org *.trustedshops.de 'self' data: *.cloudfront.net *.facebook.com *.clarity.ms *.pay1.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com commerce-payments-sdk.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com polyfill.io https://maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bing.com *.doubleclick.net *.cloudflare.com *.usercentrics.eu *.trustedshops.com *.cloudflareinsights.com *.chimpstatic.com https://chimpstatic.com *.facebook.net *.facebook.com *.clarity.ms *.pay1.de https://tgsub.lichtnelke.de *.lichtnelke.de *.varify.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://maps.googleapis.com https://player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com http://dpm.demdex.net *.google-analytics.com https://www.gstatic.com *.wdgtest.com *.lichtnelke.de *.doubleclick.net *.bing.com *.usercentrics.eu *.cloudfront.net *.etrusted.com *.trustedshops.com *.facebook.com *.googlesyndication.com *.clarity.ms *.bing.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.multisafepay.com *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.multisafepay.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.multisafepay.com maps.googleapis.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.multisafepay.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.multisafepay.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1